Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Searchqu.com/406 homepage

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Searchqu.com/406 homepage

Unread postby snailed » June 3rd, 2011, 7:45 pm

Despite removing Bandoo, iLiVid, and removing associated browser extensions, my home page is still set to searchqu.com/406 and I get redirects to search-results.com. I can change my homepage in Firefox, but not in Internet Explorer. Thanks.

DDS log:

.
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 8.0.7600.16385
Run by Dell at 16:35:20 on 2011-06-03
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3061.1867 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe
C:\Windows\system32\DRIVERS\o2flash.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Windows\system32\conhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\T-Mobile\webConnect Manager\TMobileCM.exe
C:\Program Files\T-Mobile\webConnect Manager\RcAppSvc.exe
C:\Program Files\T-Mobile\webConnect Manager\conappssvc.exe
C:\Program Files\TeamViewer\Version6\TeamViewer.exe
c:\program files\teamviewer\version6\TeamViewer_Desktop.exe
C:\Program Files\TeamViewer\Version6\tv_w32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\vssvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.searchqu.com/406
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi3c8a~1\toolbar\searchqudtx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi3c8a~1\toolbar\searchqudtx.dll
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [FreeFallProtection] c:\program files\stmicroelectronics\accelerometer\FF_Protection.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [T-Mobile webConnect Manager] "c:\program files\t-mobile\webconnect manager\TMobileCM.exe" -a
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
TCP: Interfaces\{4CC871CA-DE7D-4D0A-B714-460C90892445} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{AD6AB575-7F39-4F40-AE38-F28CF54B66BB} : NameServer = 10.177.0.34 10.180.12.172
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
AppInit_DLLs:
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\dell\appdata\roaming\mozilla\firefox\profiles\dix7ak1w.default\
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&systemid=406&q=
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\drivers\stdflt.sys [2010-12-28 15336]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-12-28 172032]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 InstallFilterService;FF Install Filter Service;c:\program files\stmicroelectronics\accelerometer\InstallFilterService.exe [2010-12-28 60928]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-5-25 2280312]
R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\drivers\TurboB.sys [2009-11-2 14808]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Acceler.sys [2010-12-28 28136]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atipmdag.sys [2010-12-28 5342208]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-12-28 152064]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 21968]
R3 CATmobile;T-Mobile Con App Svc;c:\program files\t-mobile\webconnect manager\conappssvc.exe [2011-4-6 118784]
R3 O2MDGRDR;O2MDGRDR;c:\windows\system32\drivers\o2mdg.sys [2009-5-22 58528]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
R3 tmobile_mf691_dc_enum;tmobile_mf691_dc_enum;c:\windows\system32\drivers\tmobile_mf691_dc_enum.sys [2010-4-9 61952]
R3 TMobileRcAppSvc;T-Mobile RcApp Svc;c:\program files\t-mobile\webconnect manager\RcAppSvc.exe [2011-4-6 114688]
R3 ZTEusbgps;ZTE GPS Port;c:\windows\system32\drivers\ZTEusbgps.sys [2011-6-3 107776]
R3 ZTEusbMB;ZTE NMEAExt2 Port;c:\windows\system32\drivers\ZTEusbnmeaext2.sys [2011-6-3 107776]
R3 ZTEusbwwan;ZTE MBN Miniport;c:\windows\system32\drivers\ZTEusbwwan.sys [2011-6-3 193536]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 massfilter;MBB Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2011-6-3 9216]
S3 TurboBoost;TurboBoost;c:\program files\intel\turboboost\TurboBoost.exe [2009-11-2 99728]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-28 1343400]
.
=============== Created Last 30 ================
.
2011-06-03 19:17:32 9216 ----a-w- c:\windows\system32\drivers\massfilter.sys
2011-06-03 19:17:32 107776 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys
2011-06-03 19:17:32 107776 ----a-w- c:\windows\system32\drivers\ZTEusbnmeaext2.sys
2011-06-03 19:17:32 107776 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys
2011-06-03 19:17:32 107776 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2011-06-03 19:17:04 -------- d-----w- C:\HWDrivers
2011-06-03 18:50:40 193536 ----a-w- c:\windows\system32\drivers\ZTEusbwwan.sys
2011-06-03 18:50:40 107776 ----a-w- c:\windows\system32\drivers\ZTEusbgps.sys
2011-06-03 07:22:58 -------- d--h--w- C:\$AVG
2011-06-03 07:09:38 -------- d-----w- c:\users\dell\appdata\roaming\AVG10
2011-06-03 07:07:21 -------- d-----w- c:\windows\system32\drivers\AVG
2011-06-03 07:07:21 -------- d-----w- c:\programdata\AVG10
2011-06-03 07:06:52 -------- d-----w- c:\program files\AVG
2011-06-03 06:57:54 -------- d--h--w- c:\programdata\Common Files
2011-06-03 06:57:19 -------- d-----w- c:\programdata\MFAData
2011-05-31 12:05:04 6962000 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{40297fff-de25-4061-a9e8-faa49e0b92e2}\mpengine.dll
2011-05-29 02:14:23 -------- d-----w- c:\users\dell\appdata\local\Ilivid Player
2011-05-29 02:12:44 -------- d-----w- c:\users\dell\appdata\local\PackageAware
2011-05-26 01:23:37 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-05-26 01:23:37 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-05-26 01:23:37 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll
2011-05-26 01:23:37 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-05-26 01:23:37 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-05-26 01:23:37 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-05-26 01:23:37 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-05-26 01:23:37 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe
2011-05-26 01:23:37 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-05-26 01:23:37 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-05-26 01:22:10 -------- d-----w- c:\users\dell\appdata\roaming\Malwarebytes
2011-05-26 01:22:06 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-26 01:22:05 -------- d-----w- c:\programdata\Malwarebytes
2011-05-26 01:22:03 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-26 01:22:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-26 01:12:45 -------- d-----w- c:\program files\TeamViewer
2011-05-25 21:41:42 -------- d-----w- c:\program files\Windows Service
2011-05-25 13:01:04 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-24 14:51:54 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-05-22 06:48:31 1461992 ----a-r- c:\windows\system32\drivers\WdfCoInstaller01009.dll
2011-05-22 06:47:11 -------- d-----w- c:\program files\T-Mobile
2011-05-22 06:46:42 -------- d-----w- c:\programdata\T-Mobile
2011-05-11 19:53:09 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-05-11 19:53:09 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-05-11 19:53:09 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-05-11 19:53:09 284160 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-05-11 19:53:09 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-05-11 19:53:09 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-05-11 19:53:09 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-05-11 19:53:08 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-05-11 19:53:07 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
.
==================== Find3M ====================
.
2011-04-15 04:28:30 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2011-04-07 00:00:40 137752 ----a-w- c:\windows\system32\PCTIN50.dll
2011-04-07 00:00:38 32408 ----a-w- c:\windows\system32\PCTINDIS5.sys
2011-04-05 07:59:56 297168 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2011-03-16 23:03:20 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-03-12 11:31:58 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-11 05:44:09 146304 ----a-w- c:\windows\system32\drivers\storport.sys
2011-03-11 05:44:01 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-03-11 05:44:01 1210240 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-03-11 05:44:01 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-03-11 05:43:55 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-03-11 05:43:46 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-03-11 05:43:46 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-03-11 05:40:24 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 05:40:24 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-03-11 05:39:35 1686016 ----a-w- c:\windows\system32\esent.dll
2011-03-11 05:37:34 74240 ----a-w- c:\windows\system32\fsutil.exe
2011-03-08 05:38:13 740864 ----a-w- c:\windows\system32\inetcomm.dll
.
============= FINISH: 16:35:36.16 ===============

Attach log:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-03.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/28/2010 10:13:17 AM
System Uptime: 6/3/2011 2:00:55 PM (2 hours ago)
.
Motherboard: Dell Inc. | |
Processor: Intel(R) Core(TM) i7 CPU Q 720 @ 1.60GHz | U2E1 | 1600/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 432.868 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP47: 4/27/2011 3:00:15 AM - Windows Update
RP48: 5/5/2011 1:23:26 AM - Scheduled Checkpoint
RP49: 5/6/2011 11:01:18 PM - Windows Update
RP50: 5/6/2011 11:36:44 PM - Windows Update
RP51: 5/11/2011 3:02:58 PM - Windows Update
RP52: 5/19/2011 12:00:04 AM - Scheduled Checkpoint
RP53: 5/21/2011 11:46:47 PM - Installed T-Mobile webConnect Manager
RP54: 5/24/2011 3:53:11 PM - Windows Update
RP55: 5/25/2011 11:31:26 AM - Windows Update
RP56: 5/26/2011 12:53:30 AM - Windows Update
RP57: 5/27/2011 2:27:34 AM - Windows Update
RP58: 5/31/2011 5:04:49 AM - Windows Update
RP59: 6/3/2011 12:06:36 AM - Installed AVG 2011
RP60: 6/3/2011 12:07:01 AM - Installed AVG 2011
RP61: 6/3/2011 11:49:40 AM - Installed T-Mobile webConnect Manager
RP62: 6/3/2011 12:14:08 PM - Removed T-Mobile webConnect Manager
RP63: 6/3/2011 12:16:41 PM - Installed T-Mobile webConnect Manager
RP64: 6/3/2011 3:56:40 PM - Removed Java(TM) 6 Update 11
.
==== Installed Programs ======================
.
Accelerometer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9
Adobe Shockwave Player 11
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI AVIVO Codecs
ATI Catalyst Install Manager
AVG 2011
Bonjour
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
Debut Video Capture Software
Intel(R) Turbo Boost Technology Monitor
iTunes
K-Lite Mega Codec Pack 5.6.1
Malwarebytes' Anti-Malware version 1.51.0.1200
Microsoft .NET Framework 4 Client Profile
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 4.0.1 (x86 en-US)
O2Micro Flash Memory Card Windows Driver
QuickTime
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Synaptics Pointing Device Driver
T-Mobile webConnect Manager
TeamViewer 6
VLC media player 1.0.3
.
==== Event Viewer Messages From Past Week ========
.
6/3/2011 3:14:33 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x00000003, 0x871b4c68, 0x82b7cae0, 0x85487908). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 060311-31200-01.
6/1/2011 8:57:51 AM, Error: NetBT [4307] - Initialization failed because the transport refused to open initial addresses.
5/31/2011 10:13:40 AM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
5/28/2011 7:14:25 PM, Error: Service Control Manager [7030] - The Bandoo Coordinator service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
.
==== End Of File ===========================
snailed
Active Member
 
Posts: 11
Joined: June 3rd, 2011, 7:18 pm
Advertisement
Register to Remove

Re: Searchqu.com/406 homepage

Unread postby Alander » June 3rd, 2011, 11:45 pm

Hello, I Am Alander :)

Welcome to the Malware Removal forums.

I would be glad to take a look at your log and help you with solving any malware problems.

DDS logs can take a while to research so please be patient while I work on your log and I will post back here with any recommendations.

As I am still training, everything that I post to you, must be checked by an Admin or Moderator.

Thus, there may be a tiny bit of a delay between posts. While it shouldn't be too long, you can be assured you will get the best possible advice.


  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
User avatar
Alander
Regular Member
 
Posts: 1603
Joined: September 15th, 2007, 2:04 pm
Location: Singapore

Re: Searchqu.com/406 homepage

Unread postby snailed » June 4th, 2011, 12:07 am

thanks alander! let me know what to do next. greatly appreciated.
snailed
Active Member
 
Posts: 11
Joined: June 3rd, 2011, 7:18 pm

Re: Searchqu.com/406 homepage

Unread postby Alander » June 5th, 2011, 12:22 am

Download and run OTL

Please download OTL by Old Timer and save it to your Desktop.
  • Right click on OTL.exe and select " Run as administrator " to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Under Custom Scans/Fixes copy/paste the contents of the code box below.
    Code: Select all
    c:|Fun4IM;true;true;true; /FP
    c:|Bandoo;true;true;true; /FP
    c:|Searchqu;true;true;true; /FP
    c:|iLivid;true;true;true; /FP
    c:|whitesmoke;true;true;true; /FP
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.
User avatar
Alander
Regular Member
 
Posts: 1603
Joined: September 15th, 2007, 2:04 pm
Location: Singapore

Re: Searchqu.com/406 homepage

Unread postby snailed » June 5th, 2011, 9:47 pm

OTL.txt

OTL logfile created on: 6/5/2011 6:42:35 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Dell\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.87 Gb Available Physical Memory | 62.53% Memory free
5.98 Gb Paging File | 4.81 Gb Available in Paging File | 80.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.66 Gb Total Space | 433.00 Gb Free Space | 92.99% Space Free | Partition Type: NTFS
Drive E: | 50.37 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DELL-PC | User Name: Dell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Dell\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\T-Mobile\webConnect Manager\TMobileCM.exe (T-Mobile)
PRC - c:\Program Files\TeamViewer\Version6\TeamViewer_Desktop.exe (TeamViewer GmbH)
PRC - C:\Program Files\TeamViewer\Version6\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\TeamViewer\Version6\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\T-Mobile\webConnect Manager\RcAppSvc.exe (SmithMicro Inc.)
PRC - C:\Program Files\T-Mobile\webConnect Manager\conappssvc.exe (SmithMicro Inc.)
PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe ()
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe ()
PRC - C:\Windows\System32\drivers\o2flash.exe (O2Micro International)


========== Modules (SafeList) ==========

MOD - C:\Users\Dell\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\TeamViewer\Version6\tv_w32.dll (TeamViewer GmbH)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\crtdll.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (TeamViewer6) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (TMobileRcAppSvc) -- C:\Program Files\T-Mobile\webConnect Manager\RcAppSvc.exe (SmithMicro Inc.)
SRV - (CATmobile) -- C:\Program Files\T-Mobile\webConnect Manager\conappssvc.exe (SmithMicro Inc.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (InstallFilterService) -- C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe ()
SRV - (O2FLASH) -- C:\Windows\System32\drivers\o2flash.exe (O2Micro International)


========== Driver Services (SafeList) ==========

DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (ZTEusbwwan) -- C:\Windows\System32\drivers\ZTEusbwwan.sys (ZTE Incorporated)
DRV - (PCTINDIS5) -- C:\Windows\System32\PCTINDIS5.sys (Smith Micro Inc.)
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\Windows\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (ZTEusbMB) -- C:\Windows\System32\drivers\ZTEusbnmeaext2.sys (ZTE Incorporated)
DRV - (ZTEusbgps) -- C:\Windows\System32\drivers\ZTEusbgps.sys (ZTE Incorporated)
DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (MBB Incorporated)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (tmobile_mf691_dc_enum) -- C:\Windows\System32\drivers\tmobile_mf691_dc_enum.sys (T-Mobile)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (TurboB) -- C:\Windows\System32\drivers\TurboB.sys ()
DRV - (O2MDGRDR) -- C:\Windows\System32\drivers\o2mdg.sys (O2Micro )


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-442193787-3099879954-3940592146-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/406
IE - HKU\S-1-5-21-442193787-3099879954-3940592146-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-442193787-3099879954-3940592146-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-442193787-3099879954-3940592146-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4D 1B F6 52 66 1A CC 01 [binary data]
IE - HKU\S-1-5-21-442193787-3099879954-3940592146-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-442193787-3099879954-3940592146-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..keyword.URL: "http://www.searchqu.com/web?src=ffb&systemid=406&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/06/03 00:07:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/25 18:23:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/25 18:23:37 | 000,000,000 | ---D | M]

[2011/06/03 00:49:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dell\AppData\Roaming\Mozilla\Extensions
[2011/06/03 00:38:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\dix7ak1w.default\extensions
[2011/03/23 05:24:21 | 000,005,529 | ---- | M] () -- C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\dix7ak1w.default\searchplugins\SearchquWebSearch.xml
[2011/06/03 15:57:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/06/03 00:07:52 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2011/04/14 09:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2011/03/23 05:24:21 | 000,005,529 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml

O1 HOSTS File: ([2009/06/10 14:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [FreeFallProtection] C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [T-Mobile webConnect Manager] C:\Program Files\T-Mobile\webConnect Manager\TMobileCM.exe (T-Mobile)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/04/15 23:10:18 | 000,000,139 | R--- | M] () - E:\AutoLaunch.dat -- [ CDFS ]
O32 - AutoRun File - [2011/03/10 02:50:20 | 000,069,632 | R--- | M] (Smith Micro Software Inc.) - E:\AutoLaunch.exe -- [ CDFS ]
O32 - AutoRun File - [2011/03/11 02:06:13 | 000,000,051 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{50e81746-8e0f-11e0-9dc1-0026b9ab4097}\Shell - "" = AutoRun
O33 - MountPoints2\{50e81746-8e0f-11e0-9dc1-0026b9ab4097}\Shell\AutoRun\command - "" = E:\AutoLaunch.exe -- [2011/03/10 02:50:20 | 000,069,632 | R--- | M] (Smith Micro Software Inc.)
O33 - MountPoints2\{757997b3-83ef-11e0-94e6-0026b9ab4097}\Shell - "" = AutoRun
O33 - MountPoints2\{757997b3-83ef-11e0-94e6-0026b9ab4097}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\{8f30a4b5-8e12-11e0-b8b1-00a0c6000000}\Shell - "" = AutoRun
O33 - MountPoints2\{8f30a4b5-8e12-11e0-b8b1-00a0c6000000}\Shell\AutoRun\command - "" = E:\AutoLaunch.exe -- [2011/03/10 02:50:20 | 000,069,632 | R--- | M] (Smith Micro Software Inc.)
O33 - MountPoints2\{a2d49ca4-5254-11e0-8ae9-0026b9ab4097}\Shell - "" = AutoRun
O33 - MountPoints2\{a2d49ca4-5254-11e0-8ae9-0026b9ab4097}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\{a2d49d02-5254-11e0-8ae9-0026b9ab4097}\Shell - "" = AutoRun
O33 - MountPoints2\{a2d49d02-5254-11e0-8ae9-0026b9ab4097}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\{e935ca4f-8e16-11e0-b86c-00a0c6000000}\Shell - "" = AutoRun
O33 - MountPoints2\{e935ca4f-8e16-11e0-b86c-00a0c6000000}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoLaunch.exe -- [2011/03/10 02:50:20 | 000,069,632 | R--- | M] (Smith Micro Software Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/05 18:39:20 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Dell\Desktop\OTL.exe
[2011/06/03 16:27:33 | 000,607,222 | R--- | C] (Swearware) -- C:\Users\Dell\Desktop\dds.scr
[2011/06/03 12:17:32 | 000,107,776 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbser6k.sys
[2011/06/03 12:17:32 | 000,107,776 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbnmeaext2.sys
[2011/06/03 12:17:32 | 000,107,776 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbnmea.sys
[2011/06/03 12:17:32 | 000,107,776 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys
[2011/06/03 12:17:32 | 000,009,216 | ---- | C] (MBB Incorporated) -- C:\Windows\System32\drivers\massfilter.sys
[2011/06/03 12:17:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\T-Mobile
[2011/06/03 12:17:04 | 000,000,000 | ---D | C] -- C:\HWDrivers
[2011/06/03 11:50:40 | 000,193,536 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbwwan.sys
[2011/06/03 11:50:40 | 000,107,776 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbgps.sys
[2011/06/03 03:14:27 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/06/03 00:22:58 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/06/03 00:09:38 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Roaming\AVG10
[2011/06/03 00:07:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011
[2011/06/03 00:07:21 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/06/03 00:07:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2011/06/03 00:06:52 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/06/02 23:57:54 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/06/02 23:57:19 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/05/28 19:14:23 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Local\Ilivid Player
[2011/05/28 19:12:44 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Local\PackageAware
[2011/05/25 18:22:10 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Roaming\Malwarebytes
[2011/05/25 18:22:06 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/25 18:22:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/25 18:22:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/05/25 18:22:03 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/25 18:22:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/25 18:12:45 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2011/05/25 14:41:42 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Service
[2011/05/25 06:01:04 | 000,026,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2011/05/24 07:51:54 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe
[2011/05/21 23:48:31 | 001,461,992 | R--- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfCoInstaller01009.dll
[2011/05/21 23:47:11 | 000,000,000 | ---D | C] -- C:\Program Files\T-Mobile
[2011/05/21 23:46:42 | 000,000,000 | ---D | C] -- C:\ProgramData\T-Mobile
[2011/05/11 12:53:09 | 000,284,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2011/05/11 12:53:09 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2011/05/11 12:53:08 | 003,957,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/05/11 12:53:07 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

========== Files - Modified Within 30 Days ==========

[2011/06/05 18:39:20 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Dell\Desktop\OTL.exe
[2011/06/05 18:01:04 | 117,308,668 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/06/05 13:15:55 | 000,015,024 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/05 13:15:55 | 000,015,024 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/05 10:37:23 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/05 10:37:23 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/05 10:32:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/05 10:32:35 | 2406,883,328 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/03 16:27:36 | 000,607,222 | R--- | M] (Swearware) -- C:\Users\Dell\Desktop\dds.scr
[2011/06/03 12:23:59 | 000,267,496 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/06/03 12:17:05 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\T-Mobile webConnect Manager.lnk
[2011/06/03 03:14:20 | 331,120,549 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/06/03 00:07:54 | 000,000,923 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/25 18:24:10 | 000,001,998 | ---- | M] () -- C:\Users\Dell\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/25 18:23:46 | 000,001,096 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/05/25 18:22:07 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/25 18:12:49 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk
[2011/05/21 23:48:46 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ew_jubusenum_01009.Wdf

========== Files Created - No Company Name ==========

[2011/06/05 18:01:04 | 117,308,668 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/06/03 12:17:05 | 000,002,025 | ---- | C] () -- C:\Users\Public\Desktop\T-Mobile webConnect Manager.lnk
[2011/06/03 03:14:20 | 331,120,549 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/06/03 00:07:54 | 000,000,923 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/05/25 18:23:43 | 000,001,108 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/25 18:22:06 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/25 18:12:49 | 000,001,132 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk
[2011/05/25 18:12:48 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk
[2011/05/21 23:48:46 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ew_jubusenum_01009.Wdf
[2010/12/28 13:02:34 | 000,201,875 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010/12/28 13:02:34 | 000,002,093 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010/12/28 11:58:07 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/12/28 11:58:07 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/12/28 11:58:06 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/12/28 11:58:06 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/12/28 11:58:05 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2010/12/28 11:58:04 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/12/28 09:05:29 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/11/02 13:45:44 | 000,014,808 | ---- | C] () -- C:\Windows\System32\drivers\TurboB.sys
[2009/07/13 21:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:33:53 | 000,267,496 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 19:05:48 | 000,624,178 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 19:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 19:05:48 | 000,106,522 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 19:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 19:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 19:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 16:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/02/18 18:55:22 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009/02/03 21:52:04 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe

========== Custom Scans ==========


< c:|Fun4IM;true;true;true; /FP >

< c:|Bandoo;true;true;true; /FP >
[2011/05/28 19:14:25 | 000,000,000 | ---D | M] -- c:\Users\Dell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Dell\AppData\Roaming\Bandoo
[2011/05/28 19:14:21 | 000,000,000 | ---D | M] -- c:\Users\Dell\AppData\Local\Temp\BandooFiles
[2011/05/25 07:55:43 | 000,000,000 | ---D | M] -- c:\Users\Dell\AppData\Local\Temp\BandooFiles\Bin
[2011/05/25 07:55:40 | 000,000,000 | ---D | M] -- c:\Users\Dell\AppData\Local\Temp\BandooFiles\Static
[2011/05/25 07:55:41 | 000,000,000 | ---D | M] -- c:\Users\Dell\AppData\Local\Temp\BandooFiles\Bin\resources\tutorial\images\Bandoo

< c:|Searchqu;true;true;true; /FP >
[2011/05/28 19:14:24 | 000,000,000 | ---D | M] -- c:\Users\Dell\AppData\LocalLow\searchquband

< c:|iLivid;true;true;true; /FP >
[2011/05/28 19:14:26 | 000,000,000 | ---D | M] -- c:\Users\Dell\AppData\Local\Ilivid Player

< c:|whitesmoke;true;true;true; /FP >

< End of report >
snailed
Active Member
 
Posts: 11
Joined: June 3rd, 2011, 7:18 pm

Re: Searchqu.com/406 homepage

Unread postby snailed » June 5th, 2011, 9:52 pm

Extras.txt
OTL Extras logfile created on: 6/5/2011 6:42:35 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Dell\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.87 Gb Available Physical Memory | 62.53% Memory free
5.98 Gb Paging File | 4.81 Gb Available in Paging File | 80.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.66 Gb Total Space | 433.00 Gb Free Space | 92.99% Space Free | Partition Type: NTFS
Drive E: | 50.37 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DELL-PC | User Name: Dell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-442193787-3099879954-3940592146-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03451FEE-6E0A-A4C4-533C-789034CD9361}" = ATI AVIVO Codecs
"{0A37050F-A3E6-F83C-E2EC-B7F3A2C81C13}" = Catalyst Control Center Core Implementation
"{16CE751D-53BE-4B8F-55E7-07A665D66787}" = ccc-utility
"{187914BC-89DA-EBFA-B6C2-306DFBD15036}" = Catalyst Control Center Localization All
"{1B79F21E-63AB-4A93-8DDA-5A214956CFFF}" = CCC Help English
"{1C85169B-FCB7-9038-0449-E49809A9E011}" = ATI Catalyst Install Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23DA4222-E517-42B3-8F97-9CFD49E2A732}" = AVG 2011
"{2A683A6C-3363-C08E-570B-5A304E496BC5}" = Catalyst Control Center Graphics Previews Vista
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{3741CC24-787C-F191-7B7A-3886A089252A}" = CCC Help Chinese Standard
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EEFDA25-AED5-1116-CCB4-394B0C68D6D7}" = Catalyst Control Center Graphics Light
"{41218F6B-9198-E007-B1B5-C3398A5D6A9E}" = CCC Help Dutch
"{4358C118-AE5A-CE1E-4521-66A1B7C8AB5C}" = CCC Help Italian
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{687105CD-5151-0E0A-3C43-E53B3CF10BA2}" = CCC Help Chinese Traditional
"{6C021189-3BD1-EB7E-74A6-72A2C5E1F346}" = Catalyst Control Center Graphics Full Existing
"{6DE65446-8CD5-2118-6B8B-CF30EE30DFC3}" = CCC Help Spanish
"{71E015CC-52DA-4536-AF0C-C643BA1E45FB}" = Catalyst Control Center - Branding
"{731C9181-C8CC-77B4-78EA-8E9B858BC941}" = Catalyst Control Center InstallProxy
"{790D741E-335D-1843-BA7B-3BC640E13FE6}" = CCC Help Danish
"{7EA4BBFA-5430-EC01-269F-6809F03852D0}" = CCC Help Finnish
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = Accelerometer
"{936AF7D4-B995-F8FA-7D92-9ADE174C09A8}" = CCC Help French
"{A1B9FF1D-DDBA-C5C0-9404-ADDA1650EA53}" = ccc-core-static
"{A3A328BB-658E-695E-85EC-A45782209220}" = CCC Help Japanese
"{A40387CE-B6CC-47A8-99EE-3E4C1C3C8DA3}" = T-Mobile webConnect Manager
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B03A4EA6-3F96-0C4E-2BEC-4C1FDBCE5ED9}" = CCC Help Swedish
"{BAEBFB9B-43D0-7CC3-357F-C68311691F5D}" = CCC Help Norwegian
"{C0904F0F-8A5C-1966-F87B-DA89B5F68FD7}" = CCC Help Russian
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CC40FA96-9445-4EF4-8DDB-5DADF5F01BA8}" = AVG 2011
"{CE1DEBFE-66A2-DEAF-6854-7DDE7BE34E50}" = Catalyst Control Center Graphics Previews Common
"{D8A39D68-A269-45C2-8730-23AA08F75D64}" = O2Micro Flash Memory Card Windows Driver
"{EDB84216-164C-1EC4-8C94-A98B5932C2F6}" = CCC Help German
"{F38E39CE-3EAC-F845-C09B-0539F8539DDA}" = CCC Help Korean
"{F660A9AE-520F-827D-2E6D-74ED799AA4EA}" = Catalyst Control Center Graphics Full New
"{F8BDFBC2-BBE4-5291-B5C5-24D17ED5FD86}" = CCC Help Portuguese
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AVG" = AVG 2011
"Debut" = Debut Video Capture Software
"InstallShield_{D8A39D68-A269-45C2-8730-23AA08F75D64}" = O2Micro Flash Memory Card Windows Driver
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.6.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 6" = TeamViewer 6
"VLC media player" = VLC media player 1.0.3

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/5/2011 6:45:22 PM | Computer Name = Dell-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL".
Dependent
Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 6/5/2011 6:45:22 PM | Computer Name = Dell-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL".
Dependent
Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 6/5/2011 6:45:22 PM | Computer Name = Dell-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL".
Dependent
Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 6/5/2011 6:45:22 PM | Computer Name = Dell-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL".
Dependent
Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 6/5/2011 6:45:22 PM | Computer Name = Dell-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL".
Dependent
Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 6/5/2011 6:45:22 PM | Computer Name = Dell-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL".
Dependent
Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 6/5/2011 6:45:22 PM | Computer Name = Dell-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL".
Dependent
Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 6/5/2011 6:45:22 PM | Computer Name = Dell-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL".
Dependent
Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 6/5/2011 6:45:22 PM | Computer Name = Dell-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL".
Dependent
Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 6/5/2011 6:45:22 PM | Computer Name = Dell-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL".
Dependent
Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ System Events ]
Error - 4/14/2011 2:25:27 AM | Computer Name = Dell-PC | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.

Error - 4/25/2011 8:59:56 PM | Computer Name = Dell-PC | Source = NetBT | ID = 4307
Description = Initialization failed because the transport refused to open initial
addresses.

Error - 5/1/2011 7:53:00 PM | Computer Name = Dell-PC | Source = NetBT | ID = 4307
Description = Initialization failed because the transport refused to open initial
addresses.

Error - 5/7/2011 2:36:30 AM | Computer Name = Dell-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Windows Internet Explorer 9 for Windows 7.

Error - 5/7/2011 2:37:46 AM | Computer Name = Dell-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Windows Internet Explorer 9 for Windows 7.

Error - 5/24/2011 6:54:01 PM | Computer Name = Dell-PC | Source = DCOM | ID = 10010
Description =

Error - 5/28/2011 10:14:25 PM | Computer Name = Dell-PC | Source = Service Control Manager | ID = 7030
Description = The Bandoo Coordinator service is marked as an interactive service.
However, the system is configured to not allow interactive services. This service
may not function properly.

Error - 5/31/2011 1:13:40 PM | Computer Name = Dell-PC | Source = Service Control Manager | ID = 7043
Description = The Windows Update service did not shut down properly after receiving
a preshutdown control.

Error - 6/1/2011 11:57:51 AM | Computer Name = Dell-PC | Source = NetBT | ID = 4307
Description = Initialization failed because the transport refused to open initial
addresses.

Error - 6/3/2011 6:14:33 AM | Computer Name = Dell-PC | Source = BugCheck | ID = 1001
Description =


< End of report >
snailed
Active Member
 
Posts: 11
Joined: June 3rd, 2011, 7:18 pm

Re: Searchqu.com/406 homepage

Unread postby Alander » June 6th, 2011, 1:12 pm

Hi :)

Run OTL Script

We need to run an OTL Fix

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox.

    :processes
    killallprocesses

    :OTL
    IE - HKU\S-1-5-21-442193787-3099879954-3940592146-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/406
    FF - prefs.js..browser.search.defaultenginename: "Web Search"
    FF - prefs.js..browser.search.order.1: "Web Search"
    FF - prefs.js..browser.search.selectedEngine: "Web Search"
    FF - prefs.js..keyword.URL: "http://www.searchqu.com/web?src=ffb&systemid=406&q="
    [2011/03/23 05:24:21 | 000,005,529 | ---- | M] () -- C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\dix7ak1w.default\searchplugins\SearchquWebSearch.xml
    [2011/03/23 05:24:21 | 000,005,529 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml
    O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - File not found
    O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - File not found
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    [2011/05/28 19:14:25 | 000,000,000 | ---D | M] -- c:\Users\Dell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Dell\AppData\Roaming\Bandoo
    [2011/05/28 19:14:21 | 000,000,000 | ---D | M] -- c:\Users\Dell\AppData\Local\Temp\BandooFiles
    [2011/05/25 07:55:43 | 000,000,000 | ---D | M] -- c:\Users\Dell\AppData\Local\Temp\BandooFiles\Bin
    [2011/05/25 07:55:40 | 000,000,000 | ---D | M] -- c:\Users\Dell\AppData\Local\Temp\BandooFiles\Static
    [2011/05/25 07:55:41 | 000,000,000 | ---D | M] -- c:\Users\Dell\AppData\Local\Temp\BandooFiles\Bin\resources\tutorial\images\Bandoo
    [2011/05/28 19:14:24 | 000,000,000 | ---D | M] -- c:\Users\Dell\AppData\LocalLow\searchquband
    [2011/05/28 19:14:26 | 000,000,000 | ---D | M] -- c:\Users\Dell\AppData\Local\Ilivid Player

    :Commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply, include whether you are still experiencing anymore redirects
User avatar
Alander
Regular Member
 
Posts: 1603
Joined: September 15th, 2007, 2:04 pm
Location: Singapore

Re: Searchqu.com/406 homepage

Unread postby snailed » June 6th, 2011, 8:55 pm

All processes killed
========== PROCESSES ==========
========== OTL ==========
HKU\S-1-5-21-442193787-3099879954-3940592146-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: "Web Search" removed from browser.search.defaultenginename
Prefs.js: "Web Search" removed from browser.search.order.1
Prefs.js: "Web Search" removed from browser.search.selectedEngine
Prefs.js: "http://www.searchqu.com/web?src=ffb&systemid=406&q=" removed from keyword.URL
C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\dix7ak1w.default\searchplugins\SearchquWebSearch.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
c:\Users\Dell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Dell\AppData\Roaming\Bandoo folder moved successfully.
c:\Users\Dell\AppData\Local\Temp\BandooFiles\Static folder moved successfully.
c:\Users\Dell\AppData\Local\Temp\BandooFiles\Bin\resources\tutorial\images\Bandoo folder moved successfully.
c:\Users\Dell\AppData\Local\Temp\BandooFiles\Bin\resources\tutorial\images folder moved successfully.
c:\Users\Dell\AppData\Local\Temp\BandooFiles\Bin\resources\tutorial folder moved successfully.
c:\Users\Dell\AppData\Local\Temp\BandooFiles\Bin\resources\searchplugins folder moved successfully.
c:\Users\Dell\AppData\Local\Temp\BandooFiles\Bin\resources\plugins\Yahoo\Toolbar\Images folder moved successfully.
c:\Users\Dell\AppData\Local\Temp\BandooFiles\Bin\resources\plugins\Yahoo\Toolbar folder moved successfully.
c:\Users\Dell\AppData\Local\Temp\BandooFiles\Bin\resources\plugins\Yahoo\HTML folder moved successfully.
c:\Users\Dell\AppData\Local\Temp\BandooFiles\Bin\resources\plugins\Yahoo folder moved successfully.
c:\Users\Dell\AppData\Local\Temp\BandooFiles\Bin\resources\plugins\OE\Toolbar\Images folder moved successfully.
c:\Users\Dell\AppData\Local\Temp\BandooFiles\Bin\resources\plugins\OE\Toolbar folder moved successfully.
c:\Users\Dell\AppData\Local\Temp\BandooFiles\Bin\resources\plugins\OE\images folder moved successfully.
c:\Users\Dell\AppData\Local\Temp\BandooFiles\Bin\resources\plugins\OE\HTML folder moved successfully.
c:\Users\Dell\AppData\Local\Temp\BandooFiles\Bin\resources\plugins\OE folder moved successfully.
c:\Users\Dell\AppData\Local\Temp\BandooFiles\Bin\resources\plugins\MSN\Toolbar\Images folder moved successfully.
c:\Users\Dell\AppData\Local\Temp\BandooFiles\Bin\resources\plugins\MSN\Toolbar folder moved successfully.
c:\Users\Dell\AppData\Local\Temp\BandooFiles\Bin\resources\plugins\MSN\HTML folder moved successfully.
c:\Users\Dell\AppData\Local\Temp\BandooFiles\Bin\resources\plugins\MSN folder moved successfully.
c:\Users\Dell\AppData\Local\Temp\BandooFiles\Bin\resources\plugins\IE\HTML folder moved successfully.
c:\Users\Dell\AppData\Local\Temp\BandooFiles\Bin\resources\plugins\IE folder moved successfully.
c:\Users\Dell\AppData\Local\Temp\BandooFiles\Bin\resources\plugins folder moved successfully.
c:\Users\Dell\AppData\Local\Temp\BandooFiles\Bin\resources folder moved successfully.
c:\Users\Dell\AppData\Local\Temp\BandooFiles\Bin folder moved successfully.
c:\Users\Dell\AppData\Local\Temp\BandooFiles folder moved successfully.
Folder c:\Users\Dell\AppData\Local\Temp\BandooFiles\Bin\ not found.
Folder c:\Users\Dell\AppData\Local\Temp\BandooFiles\Static\ not found.
Folder c:\Users\Dell\AppData\Local\Temp\BandooFiles\Bin\resources\tutorial\images\Bandoo\ not found.
c:\Users\Dell\AppData\LocalLow\searchquband folder moved successfully.
c:\Users\Dell\AppData\Local\Ilivid Player folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Dell
->Temp folder emptied: 52581343 bytes
->Temporary Internet Files folder emptied: 75485468 bytes
->Java cache emptied: 7000 bytes
->FireFox cache emptied: 171796351 bytes
->Flash cache emptied: 35262 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 14513136 bytes
RecycleBin emptied: 92864 bytes

Total Files Cleaned = 300.00 mb



OTL by OldTimer - Version 3.2.23.0 log created on 06062011_174555

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
snailed
Active Member
 
Posts: 11
Joined: June 3rd, 2011, 7:18 pm

Re: Searchqu.com/406 homepage

Unread postby Alander » June 7th, 2011, 12:47 pm

Hi,

Step 1
Are you still experiencing anymore re-directs?

Step 2
Java SE Runtime Environment (JRE).

Please download from HERE
  • Find Java SE Runtime Environment (JRE) 6 Update 25.
  • Click the Download JRE button to the right.
  • Choose the correct Platform and Multi-language. Next, check the box that says I agree to the Java SE Runtime Environment 6 License Agreement.
  • Click the Continue button.
  • Click on the filename under Windows Offline Installation and save it to your desktop.
  • Close all active windows.
  • Install the program.
  • Note: remember to Uncheck Free McAfee® Security Scan Plus (optional)

Step 3
Update Adobe Reader

  • You should Download and Install the newest version of Adobe Reader for reading pdf files.
  • Older versions may have vulnerabilities that malware can use to infect your system.
  • Go Here to download and install Adobe Reader X (10.0.1).
  • Note: remember to Uncheck Free McAfee® Security Scan Plus (optional)

Step 4
Please download ATF Cleaner by Atribune.

  • Save it to your desktop
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

    If you use Firefox browser
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.

    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    If you use Opera browser
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.

    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.

Step 5
ESET NOD32 Online Scan
Vista - W7 users: You will need to to right-click on the IE or FF icons on the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.
Note: If using Mozilla Firefox you will need to download "esetsmartinstaller_enu.exe" when prompted... then double click on it to install.
Please temporarily disable your Anti-virus real-time protection. If active, it could impact the online scan.
Please go to ESET Online Scanner - © ESET All Rights Reserved... to run an online scan.
** Make sure you are using an account that has Administrative privileges **
    Press the "ESET Online Scanner" button.
  1. Check the box next to "YES, I accept the Terms of Use."
  2. Click "Start"... a window will open... it may appear nothing is happening... please be patient.
  3. Click Yes... at the run ActiveX prompt. Click Install... at the install ActiveX prompt.
    Once installed, the scanner will be initialized.
  4. Click "Start". Make sure that the options:
    • Remove found threats is UNCHECKED
    • Leave the "default" settings under Advanced as they are, if not set , please check:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
  5. Click "Start"... ESET scanner will begin to download the virus signatures database.
    When the signatures have been downloaded, the scan will start automatically.
  6. Wait for the scan to finish... it may take a while... please be patient. When the scan is finished...
  7. Use Notepad to open the log file located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  8. Copy and paste the contents of log.txt in your next reply.
Remember to enable your Anti-virus protection... before continuing!
User avatar
Alander
Regular Member
 
Posts: 1603
Joined: September 15th, 2007, 2:04 pm
Location: Singapore

Re: Searchqu.com/406 homepage

Unread postby Alander » June 10th, 2011, 6:28 am

3 Day Response
Hello...
It has been almost 3 days since my last post to you.
  • Do you still need help with this problem?
  • Do you need more time?
  • Are you having problems understanding or following my instructions?
Just let me know what's going on otherwise...
After 24 hrs., if you have not replied to this thread... it will be closed!
User avatar
Alander
Regular Member
 
Posts: 1603
Joined: September 15th, 2007, 2:04 pm
Location: Singapore

Re: Searchqu.com/406 homepage

Unread postby snailed » June 10th, 2011, 3:09 pm

Hi, yes I have been away for a few days. Working on it! Will respond later today.
snailed
Active Member
 
Posts: 11
Joined: June 3rd, 2011, 7:18 pm

Re: Searchqu.com/406 homepage

Unread postby snailed » June 11th, 2011, 1:17 am

IE and Firefox no longer redirect. Still experiencing problems maintaining a wireless connection through t-mobile web connect but I suspect it to be an unrelated problem. If you have any insight on this, it'd be appreciated too. Thanks for all your help.

Log from ESET:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=c384f268cc08514c940a9ce88c657fba
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-06-11 04:59:53
# local_time=2011-06-10 09:59:53 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1032 16777213 100 94 0 50103670 0 0
# compatibility_mode=5893 16776574 100 94 2174 59312069 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=73771
# found=1
# cleaned=0
# scan_time=1116
C:\_OTL\MovedFiles\06062011_174555\C_Users\Dell\AppData\Local\Temp\BandooFiles\Bin\InstallerHelper.dll probably a variant of Win32/Adware.Bandoo.AA application (unable to clean) 00000000000000000000000000000000 I
snailed
Active Member
 
Posts: 11
Joined: June 3rd, 2011, 7:18 pm

Re: Searchqu.com/406 homepage

Unread postby Alander » June 11th, 2011, 5:52 am

The problems you are still experiencing with your wireless connection are not coming from malware as all of your latest logs have come back clean.
As this is a dedicated Malware Removal site I think those issues are best left to experts elsewhere..
Here are some excellent Tech sites (in no particular order) that may be able to help with these problems:


So as I said above your logs are clean, I hope you can resolve your other problem with the links that I provided.


Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

OTL-Cleanup
  1. Double click on OTL.exe to run it.
    Vista-W7 users: Right click on OTL.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  2. Press the CleanUp button.
  3. When done, you will be prompted to reboot your system to finish file removal... please select OK to reboot your computer.
If you did not reboot your computer normally, please do so now, before continuing.

You can now delete any tools we used if they remain on your Desktop.

Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.

You are using Internet Explorer 8, This is outdated and a security risk, you need to install internet explorer 9

You can find information and install IE 9 from Here


Here are some free programs I recommend that could help you improve your computer's security.

Install Malwarebytes Anti-malware
These are anti-malware applications that can thoroughly remove even the most advanced malware. They include a number of features, including a built in protection monitor that blocks malicious processes before they even start.
You can find information and Download it from HERE

Install SpywareBlaster
Download and install Javacools SpywareBlaster from Here
SpywareBlaster adds a list of ActiveX controls, tracking cookies and sites which will be blocked in either Internet Explorer or Firefox browsers. You need to manually check for updates regularly.

Install SiteAdvisor
SiteAdvisor is a toolbar for Microsoft Internet Explorer and Mozilla Firefox which alerts you if you're about to enter a potentially dangerous website.
You can find more information and download it from Here

Install WinPatrol
As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
For more information, please visit HERE

MVPS Hosts

Install MVPS Hosts File From Here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
You can Find the Tutorial HERE

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Visit Microsoft often to get the latest updates for your computer
You can do that HERE

Read some information HERE On how to prevent Malware

Please read the article below which will give you a few suggestions for how to minimize your chances of getting another infection.
Computer Security - a short guide to staying safer online
Also please read this great article How to prevent Malware by miekiemoes.
I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing!
User avatar
Alander
Regular Member
 
Posts: 1603
Joined: September 15th, 2007, 2:04 pm
Location: Singapore

Re: Searchqu.com/406 homepage

Unread postby Cypher » June 12th, 2011, 6:00 am

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 283 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware