Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

http://www.searchqu.com/406 showing up as homepage

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

http://www.searchqu.com/406 showing up as homepage

Unread postby aoibhe bree » June 5th, 2011, 9:52 am

Hi there,

The above address is showing up as my homepage every time I start Firefox or Internet Explorer.

I'd really appreciate if you could help me to remove this malware or whatever it is.

I should mention that I really amn't very good with computers :oops: So apologies in advance if I ask any stupid questions!!!

Thanks so much,

Aoibhe.


This is the dds file:

.
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 7.0.6001.18000
Run by user at 14:45:49 on 2011-06-05
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3034.1585 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\RUNDLL32.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Dell DataSafe Local Backup\Components\scheduler\STService.exe
C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
C:\Garmin\gStart.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\System32\vds.exe
C:\Program Files\O2\O2 Broadband USB Modem\O2 Broadband\O2 Broadband.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.searchqu.com/406
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\toolbar\searchqudtx.dll
BHO: UrlHelper Class: {a40dc6c5-79d0-4ca8-a185-8ff989af1115} - c:\progra~1\wi371a~1\datamngr\IEBHO.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\toolbar\searchqudtx.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [gStart] c:\garmin\gStart.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [QuickSet] c:\program files\dell\quickset\QuickSet.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [DATAMNGR] c:\progra~1\wi371a~1\datamngr\DATAMN~1.EXE
mRunOnce: [Launcher] c:\program files\dell datasafe local backup\components\scheduler\Launcher.exe
mRunOnce: [DSUpdateLauncher] "c:\program files\dell datasafe local backup\components\dsupdate\hstart.exe" /noconsole /d="c:\program files\dell datasafe local backup\components\dsupdate" /runas "c:\program files\dell datasafe local backup\components\dsupdate\DSUpd.exe"
mRunOnce: [STToasterLauncher] c:\program files\dell datasafe local backup\toasterLauncher.exe
StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.1.4.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 62.40.32.33 8.8.8.8
TCP: Interfaces\{02DE2605-8CBD-4432-99C2-1BF803ACADB7} : DhcpNameServer = 62.40.32.33 8.8.8.8
TCP: Interfaces\{0340A0C8-8CCF-4E5D-A334-D82B74CD968A} : DhcpNameServer = 62.40.32.33 8.8.8.8
TCP: Interfaces\{8B8E7919-AD56-4E00-9388-FED47EB0D48E} : DhcpNameServer = 62.40.32.33 8.8.8.8
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\wi371a~1\datamngr\datamngr.dll c:\progra~1\wi371a~1\datamngr\IEBHO.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\toudoapk.default\
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/406
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&systemid=406&q=
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
R1 MpKsl713dca1b;MpKsl713dca1b;c:\programdata\microsoft\microsoft antimalware\definition updates\{9b1140fd-1d12-4158-8ed3-e4ed182308f0}\MpKsl713dca1b.sys [2011-6-5 28752]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_f6ef8056\AEstSrv.exe [2009-8-7 81920]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
R2 SftService;SoftThinks Agent Service;c:\program files\dell datasafe local backup\SftService.exe [2009-8-7 656624]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-8-7 144128]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2010-5-7 113664]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2010-5-7 101120]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 42368]
R3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\system32\drivers\OA009Ufd.sys [2009-3-6 133632]
R3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\system32\drivers\OA009Vid.sys [2009-3-19 271552]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\drivers\s1039bus.sys [2010-3-1 98672]
S3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\drivers\s1039mdfl.sys [2010-3-1 14960]
S3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\drivers\s1039mdm.sys [2010-3-1 124016]
S3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1039mgmt.sys [2010-3-1 117872]
S3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1039nd5.sys [2010-3-1 25456]
S3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\drivers\s1039obex.sys [2010-3-1 113904]
S3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1039unic.sys [2010-3-1 123504]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-06-05 09:03:16 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{9b1140fd-1d12-4158-8ed3-e4ed182308f0}\MpKsl713dca1b.sys
2011-06-05 09:02:53 6962000 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{9b1140fd-1d12-4158-8ed3-e4ed182308f0}\mpengine.dll
2011-06-02 20:39:50 -------- d-----w- c:\users\user\appdata\local\Ilivid Player
2011-06-02 20:38:24 -------- dc-h--w- c:\programdata\~0
2011-06-02 20:37:24 -------- d-----w- c:\program files\Windows iLivid Toolbar
2011-06-02 20:36:59 -------- d-----w- c:\users\user\appdata\local\PackageAware
2011-05-29 14:53:26 -------- d-----w- c:\users\user\appdata\roaming\go
2011-05-29 14:53:19 -------- d-----w- c:\programdata\Easybits GO
2011-05-15 20:15:12 -------- d-----w- c:\programdata\Skype Extras
2011-05-11 08:37:00 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-05-09 16:04:56 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-05-09 16:04:56 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-05-09 16:04:55 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-05-09 16:04:55 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-05-09 16:04:55 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-05-09 16:04:55 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-05-09 16:04:55 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-05-09 16:04:55 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
==================== Find3M ====================
.
2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2011-03-10 16:12:54 1161728 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 16:12:54 1136640 ----a-w- c:\windows\system32\mfc42.dll
.
============= FINISH: 14:47:03.86 ===============




And this is the attach file:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-03.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 06/08/2009 22:11:44
System Uptime: 05/06/2011 09:51:05 (5 hours ago)
.
Motherboard: Dell Inc. | | 0G848F
Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz | Microprocessor | 2000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 134 GiB total, 83.982 GiB free.
D: is CDROM (CDFS)
E: is FIXED (NTFS) - 15 GiB total, 7.212 GiB free.
F: is CDROM ()
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0007
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #7
PNP Device ID: ROOT\*6TO4MP\0007
Service: tunnel
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3
Advanced Audio FX Engine
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Dock
Dell Edoc Viewer
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell Touchpad
Dell Webcam Central
Dell Wireless WLAN Card Utility
EasyBits GO
Garmin Training Center
Garmin USB Drivers
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Integrated Webcam Driver (1.02.01.0320)
Intel(R) TV Wizard
Intel® Matrix Storage Manager
Java(TM) 6 Update 13
Live! Cam Avatar Creator
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Mozilla Firefox 4.0.1 (x86 en-GB)
O2 Broadband
Picasa 3
QuickSet
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype Toolbars
Skype™ 5.3
Spelling Dictionaries Support For Adobe Reader 9
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows iLivid Toolbar
WordBiz version 1.8
.
==== Event Viewer Messages From Past Week ========
.
30/05/2011 19:03:29, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 89.204.193.160 for the Network Card with network address 001E101F74D9 has been denied by the DHCP server 89.204.202.21 (The DHCP Server sent a DHCPNACK message).
30/05/2011 15:46:29, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 95.83.198.53 for the Network Card with network address 001E101F74D9 has been denied by the DHCP server 89.204.193.129 (The DHCP Server sent a DHCPNACK message).
30/05/2011 10:22:54, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 89.204.194.102 for the Network Card with network address 001E101F2C0E has been denied by the DHCP server 95.83.198.54 (The DHCP Server sent a DHCPNACK message).
30/05/2011 10:14:04, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 89.204.177.31 for the Network Card with network address 001E101FB45E has been denied by the DHCP server 89.204.194.101 (The DHCP Server sent a DHCPNACK message).
30/05/2011 09:15:44, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
29/05/2011 11:48:55, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 95.83.206.51 for the Network Card with network address 001E101FABDD has been denied by the DHCP server 95.83.205.217 (The DHCP Server sent a DHCPNACK message).
29/05/2011 11:02:31, Error: Service Control Manager [7000] - The Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS) service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
29/05/2011 11:02:31, Error: Service Control Manager [7000] - The Intel(R) PRO/1000 PCI Express Network Connection Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
29/05/2011 11:02:31, Error: Service Control Manager [7000] - The Intel(R) PRO/1000 NDIS 6 Adapter Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
29/05/2011 11:02:31, Error: Service Control Manager [7000] - The HUAWEI USB-NDIS miniport service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
29/05/2011 11:01:14, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
29/05/2011 11:00:51, Error: EventLog [6008] - The previous system shutdown at 00:02:33 on 29/05/2011 was unexpected.
05/06/2011 09:51:31, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
05/06/2011 09:51:19, Error: EventLog [6008] - The previous system shutdown at 09:49:34 on 05/06/2011 was unexpected.
04/06/2011 18:39:58, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 89.204.194.197 for the Network Card with network address 001E101F24F1 has been denied by the DHCP server 89.204.205.129 (The DHCP Server sent a DHCPNACK message).
04/06/2011 09:36:38, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 89.204.201.186 for the Network Card with network address 001E101FE70E has been denied by the DHCP server 62.40.52.113 (The DHCP Server sent a DHCPNACK message).
03/06/2011 21:20:22, Error: Tcpip [4199] - The system detected an address conflict for IP address 95.83.201.122 with the system having network hardware address 02-50-F3-00-00-00. Network operations on this system may be disrupted as a result.
03/06/2011 21:20:22, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 95.83.201.122 for the Network Card with network address 001E101FE70E has been denied by the DHCP server 89.204.201.185 (The DHCP Server sent a DHCPNACK message).
02/06/2011 09:28:23, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
01/06/2011 16:12:20, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
.
==== End Of File ===========================
aoibhe bree
Regular Member
 
Posts: 15
Joined: June 5th, 2011, 9:38 am
Advertisement
Register to Remove

Re: http://www.searchqu.com/406 showing up as homepage

Unread postby Cypher » June 6th, 2011, 1:15 pm

Hi.
Checking your logs now be right back.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: http://www.searchqu.com/406 showing up as homepage

Unread postby Cypher » June 6th, 2011, 1:25 pm

Hi and welcome to Malware Removal Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • The instructions being given are for YOUR computer and system only!.
    Using these instructions on a different computer, can damage that computer and possibly make it inoperable!
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Absence of symptoms does not mean that everything is clear.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
Backup your data - XP
Backup your data - Vista
Backup your data - windows 7


Vista Advice:
  • All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator.
  • Your Operating System in use comes with a inbuilt utility called User Access Control(UAC).
  • When prompted by this with anything I ask you to do carry out please select the option Allow.


  • Please download this tool from Microsoft.
  • Right click on MGADiag.exe and select Run As Administrator to run it.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in the window.
  • Save this file and copy/paste it in your next reply.

Next.

Download and run OTL
Please download OTL by Old Timer and save it to your Desktop.
  • Right click on OTL.exe and select " Run as administrator " to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Under Custom Scans/Fixes copy/paste the contents of the code box below.
    Code: Select all
    c:|Fun4IM;true;true;true; /FP
    c:|Bandoo;true;true;true; /FP
    c:|Searchqu;true;true;true; /FP
    c:|iLivid;true;true;true; /FP
    c:|whitesmoke;true;true;true; /FP
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.



Logs/Information to Post in your Next Reply

  • MGADiag log.
  • OTListIt.txt and Extra.txt contents
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: http://www.searchqu.com/406 showing up as homepage

Unread postby aoibhe bree » June 6th, 2011, 1:46 pm

Hi Cypher,

Thanks so much for your help. :)

MGADiag log

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-F4GJK-KG77H-B9HD2
Windows Product Key Hash: iJAth4TbScMi8HdcPurlASXdEkw=
Windows Product ID: 89578-OEM-7332157-00204
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.0.6001.2.00010300.1.0.003
ID: {CF1EA079-2FE8-4D32-8DEC-E436FE92E05E}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows Vista (TM) Home Premium
Architecture: 0x00000000
Build lab: 6001.vistasp1_ldr.101014-0432
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Home and Student 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{CF1EA079-2FE8-4D32-8DEC-E436FE92E05E}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6001.2.00010300.1.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-B9HD2</PKey><PID>89578-OEM-7332157-00204</PID><PIDType>2</PIDType><SID>S-1-5-21-1365571228-1884427199-4179648014</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Inspiron 1545 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A07</Version><SMBIOSVersion major="2" minor="4"/><Date>20090513000000.000000+000</Date></BIOS><HWID>6D333507018400F8</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>WN09 </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120000-002F-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Home and Student 2007</Name><Ver>12</Ver><Val>9E536A13CD8E72E</Val><Hash>6yZYJ5igE3gJHGQfAVOJDM5UoLM=</Hash><Pid>81602-919-1583972-68679</Pid><PidType>1</PidType></Product></Products><Applications><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.0.6001.18000
Name: Windows(TM) Vista, HomePremium edition
Description: Windows Operating System - Vista, OEM_SLP channel
Activation ID: bffdc375-bbd5-499d-8ef1-4f37b61c895f
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 89578-00146-321-500204-02-2057-6001.0000-2372009
Installation ID: 000252280303880266471764010206799765549472549446434996
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43473
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43474
Use License URL: http://go.microsoft.com/fwlink/?LinkID=43476
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43475
Partial Product Key: B9HD2
License Status: Licensed

Windows Activation Technologies-->
N/A

HWID Data-->
HWID Hash Current: NgAAAAIAAQABAAIAAQABAAAABAABAAEAeqgatsISzVDaM8Ibdg4oH/L0VG3yAYLKrFa/+EbK

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20000
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC DELL WN09
FACP DELL WN09
HPET DELL WN09
MCFG DELL WN09
SLIC DELL WN09
SSDT PmRef CpuPm



OTL.txt

OTL logfile created on: 06/06/2011 18:36:55 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\user\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.96 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 41.21% Memory free
6.14 Gb Paging File | 4.26 Gb Available in Paging File | 69.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134.36 Gb Total Space | 84.60 Gb Free Space | 62.96% Space Free | Partition Type: NTFS
Drive D: | 15.48 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 14.65 Gb Total Space | 7.21 Gb Free Space | 49.23% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\user\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\user\Downloads\MGADiag.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Discordia, LTD)
PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\O2\O2 Broadband USB Modem\O2 Broadband\O2 Broadband.exe ()
PRC - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell)
PRC - C:\Program Files\Dell DataSafe Local Backup\Components\scheduler\STService.exe ()
PRC - C:\Program Files\Dell DataSafe Local Backup\SftService.exe (SoftThinks)
PRC - C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe ()
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
PRC - C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Garmin\gStart.exe (GARMIN Corp.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\user\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (SftService) -- C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks)
SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (MpKslaf530bf6) -- File not found
DRV - (MpKsl7be496e1) -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FD361404-4964-4828-8FDD-A3C2326259D4}\MpKsl7be496e1.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (s1039bus) Sony Ericsson Device 1039 driver (WDM) -- C:\Windows\System32\drivers\s1039bus.sys (MCCI Corporation)
DRV - (s1039mdm) -- C:\Windows\System32\drivers\s1039mdm.sys (MCCI Corporation)
DRV - (s1039mgmt) Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s1039mgmt.sys (MCCI Corporation)
DRV - (s1039obex) -- C:\Windows\System32\drivers\s1039obex.sys (MCCI Corporation)
DRV - (s1039mdfl) -- C:\Windows\System32\drivers\s1039mdfl.sys (MCCI Corporation)
DRV - (s1039unic) Sony Ericsson Device 1039 USB Ethernet Emulation (WDM) -- C:\Windows\System32\drivers\s1039unic.sys (MCCI Corporation)
DRV - (s1039nd5) Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS) -- C:\Windows\System32\drivers\s1039nd5.sys (MCCI Corporation)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (hwusbdev) -- C:\Windows\System32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (OA009Vid) -- C:\Windows\System32\drivers\OA009Vid.sys (Creative Technology Ltd.)
DRV - (OA009Ufd) -- C:\Windows\System32\drivers\OA009Ufd.sys (Creative Technology Ltd.)
DRV - (CtClsFlt) -- C:\Windows\System32\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV - (BCM42RLY) -- C:\Windows\System32\drivers\bcm42rly.sys (Broadcom Corporation)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1365571228-1884427199-4179648014-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2
IE - HKU\S-1-5-21-1365571228-1884427199-4179648014-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1365571228-1884427199-4179648014-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1365571228-1884427199-4179648014-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/406
IE - HKU\S-1-5-21-1365571228-1884427199-4179648014-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1365571228-1884427199-4179648014-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1365571228-1884427199-4179648014-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1365571228-1884427199-4179648014-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1365571228-1884427199-4179648014-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-21-1365571228-1884427199-4179648014-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2
IE - HKU\S-1-5-21-1365571228-1884427199-4179648014-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/USCON/2
IE - HKU\S-1-5-21-1365571228-1884427199-4179648014-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1365571228-1884427199-4179648014-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.startup.homepage: "http://www.searchqu.com/406"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 41
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2
FF - prefs.js..keyword.URL: "http://www.searchqu.com/web?src=ffb&systemid=406&q="

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/09 17:05:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/09 17:05:00 | 000,000,000 | ---D | M]

[2011/06/02 21:37:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2011/06/03 17:21:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\toudoapk.default\extensions
[2010/09/16 20:35:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\toudoapk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/02 21:37:30 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\toudoapk.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2009/08/31 13:23:43 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\toudoapk.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/03/23 13:24:21 | 000,005,529 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\toudoapk.default\searchplugins\SearchquWebSearch.xml
[2011/06/02 21:37:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
() (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TOUDOAPK.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
[2011/05/09 17:04:55 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/05/09 17:04:57 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2011/05/09 17:04:57 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2011/05/09 17:04:57 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2011/05/09 17:04:57 | 000,001,180 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2011/03/23 13:24:21 | 000,005,529 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml
[2011/05/09 17:04:57 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\ToolBar\searchqudtx.dll ()
O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Discordia, LTD)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-1365571228-1884427199-4179648014-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1365571228-1884427199-4179648014-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1365571228-1884427199-4179648014-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Discordia, LTD)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1365571228-1884427199-4179648014-1000..\Run: [gStart] C:\Garmin\gStart.exe (GARMIN Corp.)
O4 - HKU\S-1-5-21-1365571228-1884427199-4179648014-1001..\Run: [msnmsgr] File not found
O4 - HKLM..\RunOnce: [DSUpdateLauncher] c:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
O4 - HKLM..\RunOnce: [STToasterLauncher] C:\Program Files\Dell DataSafe Local Backup\ToasterLauncher.exe ()
O4 - Startup: C:\Users\Christine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} http://www.bebo.com/files/BeboUploader.5.1.4.cab (Bebo Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.40.32.33 8.8.8.8
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll) - C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll (Discordia, LTD)
O20 - AppInit_DLLs: (C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll) - C:\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Discordia, LTD)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/08/27 19:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - D:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/11/23 00:46:10 | 000,000,045 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2004/04/30 23:01:00 | 000,000,053 | -HS- | M] () - E:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{158872d1-7561-11e0-b442-001e101f8924}\Shell - "" = AutoRun
O33 - MountPoints2\{158872d1-7561-11e0-b442-001e101f8924}\Shell\AutoRun\command - "" = G:\KODAK_Software_Downloader.exe
O33 - MountPoints2\{39fb5cfa-d971-11de-89cc-0025644abccb}\Shell - "" = AutoRun
O33 - MountPoints2\{39fb5cfa-d971-11de-89cc-0025644abccb}\Shell\AutoRun\command - "" = G:\Enterprise_Launcher.exe
O33 - MountPoints2\{505cbb19-335d-11e0-9327-001e101fe5e1}\Shell - "" = AutoRun
O33 - MountPoints2\{505cbb19-335d-11e0-9327-001e101fe5e1}\Shell\AutoRun\command - "" = G:\Startme.exe
O33 - MountPoints2\{50cf7aff-569e-11df-97bb-0025644abccb}\Shell - "" = AutoRun
O33 - MountPoints2\{50cf7aff-569e-11df-97bb-0025644abccb}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/08/27 19:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{6fb77292-9954-11df-a2dc-001e101fb45e}\Shell - "" = AutoRun
O33 - MountPoints2\{6fb77292-9954-11df-a2dc-001e101fb45e}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/08/27 19:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{74ea6593-7f51-11df-bbd1-001e101f8ffe}\Shell - "" = AutoRun
O33 - MountPoints2\{74ea6593-7f51-11df-bbd1-001e101f8ffe}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/08/27 19:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/08/27 19:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/06 18:35:37 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2011/06/06 18:33:10 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2011/06/06 18:31:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2011/06/02 21:39:50 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Ilivid Player
[2011/06/02 21:38:24 | 000,000,000 | -H-D | C] -- C:\ProgramData\~0
[2011/06/02 21:37:24 | 000,000,000 | ---D | C] -- C:\Program Files\Windows iLivid Toolbar
[2011/06/02 21:36:59 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\PackageAware
[2011/05/29 15:53:26 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\go
[2011/05/29 15:53:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Easybits GO
[2011/05/28 22:56:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2011/05/27 09:00:44 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\caretaker updated
[2011/05/26 20:19:17 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\caretaker
[2011/05/26 17:56:09 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Bebo photos downloaded May 2011
[2011/05/15 21:15:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype Extras
[2011/05/15 21:14:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/05/15 21:14:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/05/13 10:18:19 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\uae
[2011/05/12 22:00:55 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\c mcn

========== Files - Modified Within 30 Days ==========

[2011/06/06 18:39:59 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{096765AE-D322-4B51-BDBE-AD974BA6ABC7}.job
[2011/06/06 18:35:24 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2011/06/06 18:31:35 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/06 18:31:35 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/06 11:55:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/05 09:58:00 | 000,613,890 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/05 09:58:00 | 000,113,174 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/05 09:51:15 | 3181,760,512 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/01 16:56:08 | 000,034,885 | ---- | M] () -- C:\Users\user\Desktop\This is my family.jpg
[2011/05/28 22:56:25 | 000,000,925 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2011/05/28 22:56:25 | 000,000,901 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2011/05/21 15:46:39 | 000,173,298 | ---- | M] () -- C:\Users\user\Desktop\barry!.JPG
[2011/05/19 10:57:14 | 000,011,776 | ---- | M] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2011/06/01 16:56:07 | 000,034,885 | ---- | C] () -- C:\Users\user\Desktop\This is my family.jpg
[2011/05/29 15:53:26 | 000,001,587 | ---- | C] () -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play games (EasyBits GO).lnk
[2011/05/28 22:56:25 | 000,000,925 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2011/05/28 22:56:25 | 000,000,901 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2011/05/21 15:46:38 | 000,173,298 | ---- | C] () -- C:\Users\user\Desktop\barry!.JPG
[2011/05/09 17:05:00 | 000,000,860 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2010/06/24 06:33:44 | 000,000,680 | ---- | C] () -- C:\Users\user\AppData\Local\d3d9caps.dat
[2009/11/11 07:12:03 | 000,132,336 | ---- | C] () -- C:\Windows\System32\STWmiM.dll
[2009/11/11 07:12:03 | 000,103,664 | ---- | C] () -- C:\Windows\System32\STXMLSystem.dll
[2009/11/11 07:12:03 | 000,095,472 | ---- | C] () -- C:\Windows\System32\wnaspi32.dll
[2009/11/11 07:12:03 | 000,079,088 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2009/11/11 07:12:03 | 000,071,408 | ---- | C] () -- C:\Windows\System32\STWiz.dll
[2009/11/11 07:12:03 | 000,000,060 | ---- | C] () -- C:\Windows\System32\winpeshl.ini
[2009/11/11 07:12:03 | 000,000,020 | ---- | C] () -- C:\Windows\System32\ST_LOG.INI
[2009/11/11 07:12:02 | 000,390,384 | ---- | C] () -- C:\Windows\System32\STODD.dll
[2009/11/11 07:12:02 | 000,386,288 | ---- | C] () -- C:\Windows\System32\STODDRD.dll
[2009/11/11 07:12:02 | 000,271,600 | ---- | C] () -- C:\Windows\System32\STODDIM.dll
[2009/11/11 07:12:02 | 000,259,312 | ---- | C] () -- C:\Windows\System32\STODDSC.dll
[2009/11/11 07:12:02 | 000,234,736 | ---- | C] () -- C:\Windows\System32\STFiles.dll
[2009/11/11 07:12:02 | 000,132,336 | ---- | C] () -- C:\Windows\System32\STLog.dll
[2009/11/11 07:12:02 | 000,121,584 | ---- | C] () -- C:\Windows\System32\STNLS.dll
[2009/11/11 07:12:02 | 000,115,952 | ---- | C] () -- C:\Windows\System32\STPE.dll
[2009/11/11 07:12:02 | 000,107,760 | ---- | C] () -- C:\Windows\System32\STShellVC6.dll
[2009/11/11 07:12:02 | 000,099,568 | ---- | C] () -- C:\Windows\System32\STMsXml.dll
[2009/11/11 07:12:02 | 000,083,184 | ---- | C] () -- C:\Windows\System32\STProcess.dll
[2009/11/11 07:12:02 | 000,074,992 | ---- | C] () -- C:\Windows\System32\STRegistry.dll
[2009/11/11 07:12:01 | 001,191,936 | ---- | C] () -- C:\Windows\System32\Restore7.exe
[2009/11/11 07:12:01 | 001,123,568 | ---- | C] () -- C:\Windows\System32\libxml2.dll
[2009/11/11 07:12:01 | 000,476,400 | ---- | C] () -- C:\Windows\System32\PSTImage.dll
[2009/11/11 07:12:01 | 000,447,728 | ---- | C] () -- C:\Windows\System32\STBackupEngine.dll
[2009/11/11 07:12:01 | 000,242,928 | ---- | C] () -- C:\Windows\System32\RestoreLauncher.exe
[2009/11/11 07:12:01 | 000,124,144 | ---- | C] () -- C:\Windows\System32\STCrypto.dll
[2009/11/11 07:12:01 | 000,115,952 | ---- | C] () -- C:\Windows\System32\PSTVdsDisk.dll
[2009/11/11 07:12:01 | 000,058,608 | ---- | C] () -- C:\Windows\System32\STCoreXml.dll
[2009/11/11 07:12:00 | 000,410,864 | ---- | C] () -- C:\Windows\System32\BackupApi.dll
[2009/11/11 07:12:00 | 000,267,504 | ---- | C] () -- C:\Windows\FixBCD.exe
[2009/11/11 07:12:00 | 000,000,004 | ---- | C] () -- C:\Windows\System32\abort.dat
[2009/09/06 12:52:13 | 000,001,064 | ---- | C] () -- C:\Users\user\AppData\Roaming\wklnhst.dat
[2009/08/26 12:46:26 | 000,011,776 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/25 14:35:51 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/08/07 06:03:16 | 000,982,196 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2009/08/07 06:03:16 | 000,417,344 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2009/08/07 06:03:16 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009/08/07 06:03:16 | 000,097,448 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2009/08/07 03:53:22 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009/08/07 03:29:23 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2009/08/07 03:29:22 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2009/08/07 03:29:21 | 000,026,112 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2009/08/07 03:18:32 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009/04/11 19:02:01 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/04/11 19:02:01 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/04/11 17:07:30 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,300,160 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,613,890 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,113,174 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== Custom Scans ==========


< c:|Fun4IM;true;true;true; /FP >

< c:|Bandoo;true;true;true; /FP >

< c:|Searchqu;true;true;true; /FP >
[2011/06/05 14:21:24 | 000,000,000 | ---D | M] -- c:\Users\user\AppData\LocalLow\searchquband
[2011/06/05 14:21:31 | 000,000,000 | ---D | M] -- c:\Users\user\AppData\LocalLow\searchqutoolbar
[2011/06/05 14:21:31 | 000,000,000 | ---D | M] -- c:\Users\user\AppData\LocalLow\searchqutoolbar\coupons
[2011/06/04 00:18:22 | 000,000,000 | ---D | M] -- c:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\toudoapk.default\searchqutoolbar
[2011/06/03 18:05:49 | 000,000,000 | ---D | M] -- c:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\toudoapk.default\searchqutoolbar\coupons
[2011/06/04 17:34:02 | 000,000,000 | ---D | M] -- c:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\toudoapk.default\searchqutoolbar\weather

< c:|iLivid;true;true;true; /FP >
[2011/06/02 21:37:41 | 000,000,000 | ---D | M] -- c:\Program Files\Windows iLivid Toolbar
[2011/06/02 21:37:38 | 000,000,000 | ---D | M] -- c:\Program Files\Windows iLivid Toolbar\Datamngr
[2011/06/02 21:37:37 | 000,000,000 | ---D | M] -- c:\Program Files\Windows iLivid Toolbar\ToolBar
[2011/06/02 21:39:51 | 000,000,000 | ---D | M] -- c:\Users\user\AppData\Local\Ilivid Player

< c:|whitesmoke;true;true;true; /FP >

< End of report >



Extras.txt

OTL Extras logfile created on: 06/06/2011 18:36:55 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\user\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.96 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 41.21% Memory free
6.14 Gb Paging File | 4.26 Gb Available in Paging File | 69.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134.36 Gb Total Space | 84.60 Gb Free Space | 62.96% Space Free | Partition Type: NTFS
Drive D: | 15.48 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 14.65 Gb Total Space | 7.21 Gb Free Space | 49.23% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1365571228-1884427199-4179648014-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0438C85C-0AF9-4A0E-A732-785ABBC156F3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2763C7B7-A182-442B-83E6-1EA1EB183F44}" = lport=138 | protocol=17 | dir=in | app=system |
"{2C9C3311-EE82-474A-A990-732A7759A609}" = lport=139 | protocol=6 | dir=in | app=system |
"{3232A886-D2D0-48A0-B2E1-728A2FEBB7D0}" = rport=445 | protocol=6 | dir=out | app=system |
"{37D483BB-6D4B-4B48-97B7-C5D3DDF914B9}" = rport=138 | protocol=17 | dir=out | app=system |
"{67D26AD1-9FFE-4A11-A3D9-7C6F74A35EB3}" = lport=445 | protocol=6 | dir=in | app=system |
"{DD71CBA1-76F9-41D1-89C3-BDF83DF2C25D}" = rport=139 | protocol=6 | dir=out | app=system |
"{EB613493-4FA5-42F1-9076-08F573157CB1}" = lport=137 | protocol=17 | dir=in | app=system |
"{ED1F956B-39EC-4558-AFB9-D319F5B41735}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F7D6195B-99E8-4F77-B819-CDC009031A0E}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0448E9AD-8EE6-4B86-84D6-D95A29A9E2F2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1615CFE8-E740-4B82-BDFD-FCACDCAF5C1A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{45CCE179-7141-4AAB-8663-0CD093238150}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5E5A4B2F-3D06-4E3E-8D07-D42D4AB0B958}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B58AA0E5-5E9F-4ADB-803A-C5E94D56D38B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B681EE09-B4AF-4E90-8065-771CBF4ABDF9}" = protocol=6 | dir=in | app=c:\program files\windows ilivid toolbar\toolbar\dtuser.exe |
"{D310577D-8881-4A82-AA68-3B1117B5882F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F9F9FAE2-F022-42B2-B070-1E908EB43F9A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FA57299B-B565-47A0-828A-4F99FED231A2}" = protocol=17 | dir=in | app=c:\program files\windows ilivid toolbar\toolbar\dtuser.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{095B1DCF-5E8B-47EC-9B18-481918A731DB}" = Microsoft Default Manager
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{2A03B9F8-BE6D-43C6-A16A-B9998A194AF0}" = Garmin Training Center
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative OA009" = Integrated Webcam Driver (1.02.01.0320)
"Dell Webcam Central" = Dell Webcam Central
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Internet Scrabble Club_is1" = WordBiz version 1.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox 4.0.1 (x86 en-GB)" = Mozilla Firefox 4.0.1 (x86 en-GB)
"O2 Broadband" = O2 Broadband
"Picasa 3" = Picasa 3
"Searchqu 406 MediaBar" = Windows iLivid Toolbar
"TVWiz" = Intel(R) TV Wizard

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1365571228-1884427199-4179648014-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Game Organizer" = EasyBits GO

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/05/2011 04:35:00 | Computer Name = user-PC | Source = EventSystem | ID = 4621
Description =

Error - 10/05/2011 04:36:56 | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/05/2011 04:31:13 | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/05/2011 03:47:42 | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/05/2011 03:52:16 | Computer Name = user-PC | Source = MsiInstaller | ID = 11704
Description =

Error - 13/05/2011 05:19:54 | Computer Name = user-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 13/05/2011 05:19:54 | Computer Name = user-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 15/05/2011 11:26:06 | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Faulting application STService.exe, version 1.0.0.64, time stamp 0x4ae02c43,
faulting module STString.dll, version 1.1.0.5, time stamp 0x498c2b9e, exception
code 0xc0000005, fault offset 0x0000ae22, process id 0xccc, application start time
0x01cc1078db0a5b58.

Error - 15/05/2011 12:03:57 | Computer Name = user-PC | Source = EventSystem | ID = 4621
Description =

Error - 15/05/2011 16:12:37 | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =

[ Broadcom Wireless LAN Events ]
Error - 01/05/2011 16:19:53 | Computer Name = user-PC | Source = WLAN-Tray | ID = 0
Description = 21:19:53, Sun, May 01, 11 Error - Unable to gain access to user store


[ Media Center Events ]
Error - 28/02/2010 16:49:02 | Computer Name = user-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

[ System Events ]
Error - 03/06/2011 16:20:22 | Computer Name = user-PC | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 95.83.201.122
with the system having network hardware address 02-50-F3-00-00-00. Network operations
on this system may be disrupted as a result.

Error - 04/06/2011 04:36:38 | Computer Name = user-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 89.204.201.186 for the Network Card with network
address 001E101FE70E has been denied by the DHCP server 62.40.52.113 (The DHCP
Server sent a DHCPNACK message).

Error - 04/06/2011 13:39:58 | Computer Name = user-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 89.204.194.197 for the Network Card with network
address 001E101F24F1 has been denied by the DHCP server 89.204.205.129 (The DHCP
Server sent a DHCPNACK message).

Error - 05/06/2011 04:51:19 | Computer Name = user-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 09:49:34 on 05/06/2011 was unexpected.

Error - 05/06/2011 04:51:26 | Computer Name = user-PC | Source = HTTP | ID = 15016
Description =

Error - 05/06/2011 04:51:31 | Computer Name = user-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%861 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 05/06/2011 04:52:27 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 05/06/2011 04:52:27 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 05/06/2011 04:52:27 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 05/06/2011 16:53:35 | Computer Name = user-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 89.204.177.210 for the Network Card with network
address 001E101F82A7 has been denied by the DHCP server 89.204.186.41 (The DHCP
Server sent a DHCPNACK message).


< End of report >
aoibhe bree
Regular Member
 
Posts: 15
Joined: June 5th, 2011, 9:38 am

Re: http://www.searchqu.com/406 showing up as homepage

Unread postby Cypher » June 6th, 2011, 2:37 pm

Hi aoibhe bree.
Thanks so much for your help.

You're most welcome.
Do the following then give me an update on how your computer is performing.

Uninstall programs
  • Click on Start.
  • All programs.
  • Accessories.
  • Run.
  • In the open text box copy/paste appwiz.cpl Then click Ok.
  • Uninstall the following
Windows iLivid Toolbar

Next.

Run OTL Script

We need to run an OTL Fix

  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :otl
    IE - HKU\S-1-5-21-1365571228-1884427199-4179648014-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/406
    FF - prefs.js..browser.search.defaultenginename: "Web Search"
    FF - prefs.js..browser.search.order.1: "Web Search"
    FF - prefs.js..browser.search.selectedEngine: "Web Search"
    FF - prefs.js..browser.startup.homepage: "http://www.searchqu.com/406"
    FF - prefs.js..keyword.URL: "http://www.searchqu.com/web?src=ffb&systemid=406&q="
    [2011/03/23 13:24:21 | 000,005,529 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\toudoapk.default\searchplugins\SearchquWebSearch.xml
    [2011/03/23 13:24:21 | 000,005,529 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml
    O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\ToolBar\searchqudtx.dll ()
    O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Discordia, LTD)
    O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\ToolBar\searchqudtx.dll ()
    O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Discordia, LTD)
    O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\ToolBar\searchqudtx.dll ()
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKU\S-1-5-21-1365571228-1884427199-4179648014-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\S-1-5-21-1365571228-1884427199-4179648014-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\S-1-5-21-1365571228-1884427199-4179648014-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Discordia, LTD)
    O4 - HKU\S-1-5-21-1365571228-1884427199-4179648014-1001..\Run: [msnmsgr] File not found
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
    O20 - AppInit_DLLs: (C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll) - C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll (Discordia, LTD)
    O20 - AppInit_DLLs: (C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll) - C:\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Discordia, LTD)
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    [2011/06/02 21:39:50 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Ilivid Player
    [2011/06/02 21:37:24 | 000,000,000 | ---D | C] -- C:\Program Files\Windows iLivid Toolbar
    [2011/06/05 14:21:24 | 000,000,000 | ---D | M] -- c:\Users\user\AppData\LocalLow\searchquband
    [2011/06/05 14:21:31 | 000,000,000 | ---D | M] -- c:\Users\user\AppData\LocalLow\searchqutoolbar
    [2011/06/05 14:21:31 | 000,000,000 | ---D | M] -- c:\Users\user\AppData\LocalLow\searchqutoolbar\coupons
    [2011/06/04 00:18:22 | 000,000,000 | ---D | M] -- c:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\toudoapk.default\searchqutoolbar
    [2011/06/03 18:05:49 | 000,000,000 | ---D | M] -- c:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\toudoapk.default\searchqutoolbar\coupons
    [2011/06/04 17:34:02 | 000,000,000 | ---D | M] -- c:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\toudoapk.default\searchqutoolbar\weather
    [2011/06/02 21:37:41 | 000,000,000 | ---D | M] -- c:\Program Files\Windows iLivid Toolbar
    [2011/06/02 21:37:38 | 000,000,000 | ---D | M] -- c:\Program Files\Windows iLivid Toolbar\Datamngr
    [2011/06/02 21:37:37 | 000,000,000 | ---D | M] -- c:\Program Files\Windows iLivid Toolbar\ToolBar
    [2011/06/02 21:39:51 | 000,000,000 | ---D | M] -- c:\Users\user\AppData\Local\Ilivid Player
    
    :commands]
    [EMPTYTEMP]
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.


Logs/Information to Post in your Next Reply

  • OTL log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: http://www.searchqu.com/406 showing up as homepage

Unread postby aoibhe bree » June 6th, 2011, 2:48 pm

OTL log

All processes killed
========== OTL ==========
HKU\S-1-5-21-1365571228-1884427199-4179648014-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: "Web Search" removed from browser.search.defaultenginename
Prefs.js: "Web Search" removed from browser.search.order.1
Prefs.js: "Web Search" removed from browser.search.selectedEngine
Prefs.js: "http://www.searchqu.com/406" removed from browser.startup.homepage
Prefs.js: "http://www.searchqu.com/web?src=ffb&systemid=406&q=" removed from keyword.URL
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\toudoapk.default\searchplugins\SearchquWebSearch.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
File C:\Program Files\Windows iLivid Toolbar\ToolBar\searchqudtx.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ not found.
File C:\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
File C:\Program Files\Windows iLivid Toolbar\ToolBar\searchqudtx.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ not found.
File C:\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
File C:\Program Files\Windows iLivid Toolbar\ToolBar\searchqudtx.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1365571228-1884427199-4179648014-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-1365571228-1884427199-4179648014-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-1365571228-1884427199-4179648014-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR not found.
File C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe not found.
Registry value HKEY_USERS\S-1-5-21-1365571228-1884427199-4179648014-1001\Software\Microsoft\Windows\CurrentVersion\Run\\msnmsgr deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll deleted successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll deleted successfully.
File C:\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
C:\Users\user\AppData\Local\Ilivid Player folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\ToolBar\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\ToolBar\chrome\skin\lib\radio folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\ToolBar\chrome\skin\lib\panels\default folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\ToolBar\chrome\skin\lib\panels folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\ToolBar\chrome\skin\lib folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\ToolBar\chrome\skin folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2 folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2 folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\ToolBar\chrome\content\widgets folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\ToolBar\chrome\content\data folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\ToolBar\chrome\content folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\ToolBar\chrome folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\ToolBar folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\FirefoxExtension folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr folder moved successfully.
C:\Program Files\Windows iLivid Toolbar folder moved successfully.
c:\Users\user\AppData\LocalLow\searchquband folder moved successfully.
c:\Users\user\AppData\LocalLow\searchqutoolbar folder moved successfully.
Folder c:\Users\user\AppData\LocalLow\searchqutoolbar\coupons\ not found.
c:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\toudoapk.default\searchqutoolbar folder moved successfully.
Folder c:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\toudoapk.default\searchqutoolbar\coupons\ not found.
Folder c:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\toudoapk.default\searchqutoolbar\weather\ not found.
Folder c:\Program Files\Windows iLivid Toolbar\ not found.
Folder c:\Program Files\Windows iLivid Toolbar\Datamngr\ not found.
Folder c:\Program Files\Windows iLivid Toolbar\ToolBar\ not found.
Folder c:\Users\user\AppData\Local\Ilivid Player\ not found.
Error: Unable to interpret <:commands]> in the current context!
Error: Unable to interpret <[EMPTYTEMP]> in the current context!
Error: Unable to interpret <[REBOOT]> in the current context!

OTL by OldTimer - Version 3.2.23.0 log created on 06062011_194110

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...




Update - that website is no longer coming up as my homepage - awesome! :D
Everything else seems normal ...
aoibhe bree
Regular Member
 
Posts: 15
Joined: June 5th, 2011, 9:38 am

Re: http://www.searchqu.com/406 showing up as homepage

Unread postby Cypher » June 6th, 2011, 2:56 pm

Hi aoibhe bree.
Update - that website is no longer coming up as my homepage

Excellent, please stay with me we still have work to do.
Please run OTL again using the same instructions i posted Here

post the resulting log in your next reply.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: http://www.searchqu.com/406 showing up as homepage

Unread postby aoibhe bree » June 6th, 2011, 3:05 pm

OTL logfile created on: 06/06/2011 19:59:28 - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\user\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.96 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 50.54% Memory free
6.12 Gb Paging File | 4.57 Gb Available in Paging File | 74.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134.36 Gb Total Space | 84.56 Gb Free Space | 62.94% Space Free | Partition Type: NTFS
Drive D: | 15.48 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 14.65 Gb Total Space | 7.21 Gb Free Space | 49.23% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\user\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\O2\O2 Broadband USB Modem\O2 Broadband\O2 Broadband.exe ()
PRC - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell)
PRC - C:\Program Files\Dell DataSafe Local Backup\Components\scheduler\STService.exe ()
PRC - C:\Program Files\Dell DataSafe Local Backup\SftService.exe (SoftThinks)
PRC - C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe ()
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
PRC - C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Garmin\gStart.exe (GARMIN Corp.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\user\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (SftService) -- C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks)
SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (MpKsl53b23800) -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FD361404-4964-4828-8FDD-A3C2326259D4}\MpKsl53b23800.sys (Microsoft Corporation)
DRV - (MpKsl7be496e1) -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FD361404-4964-4828-8FDD-A3C2326259D4}\MpKsl7be496e1.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (s1039bus) Sony Ericsson Device 1039 driver (WDM) -- C:\Windows\System32\drivers\s1039bus.sys (MCCI Corporation)
DRV - (s1039mdm) -- C:\Windows\System32\drivers\s1039mdm.sys (MCCI Corporation)
DRV - (s1039mgmt) Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s1039mgmt.sys (MCCI Corporation)
DRV - (s1039obex) -- C:\Windows\System32\drivers\s1039obex.sys (MCCI Corporation)
DRV - (s1039mdfl) -- C:\Windows\System32\drivers\s1039mdfl.sys (MCCI Corporation)
DRV - (s1039unic) Sony Ericsson Device 1039 USB Ethernet Emulation (WDM) -- C:\Windows\System32\drivers\s1039unic.sys (MCCI Corporation)
DRV - (s1039nd5) Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS) -- C:\Windows\System32\drivers\s1039nd5.sys (MCCI Corporation)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (hwusbdev) -- C:\Windows\System32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (OA009Vid) -- C:\Windows\System32\drivers\OA009Vid.sys (Creative Technology Ltd.)
DRV - (OA009Ufd) -- C:\Windows\System32\drivers\OA009Ufd.sys (Creative Technology Ltd.)
DRV - (CtClsFlt) -- C:\Windows\System32\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV - (BCM42RLY) -- C:\Windows\System32\drivers\bcm42rly.sys (Broadcom Corporation)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1365571228-1884427199-4179648014-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2
IE - HKU\S-1-5-21-1365571228-1884427199-4179648014-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1365571228-1884427199-4179648014-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1365571228-1884427199-4179648014-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-1365571228-1884427199-4179648014-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1365571228-1884427199-4179648014-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1365571228-1884427199-4179648014-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1365571228-1884427199-4179648014-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1365571228-1884427199-4179648014-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "www.google.ie"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 41
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/09 17:05:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/09 17:05:00 | 000,000,000 | ---D | M]

[2011/06/06 19:40:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2011/06/06 19:44:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\toudoapk.default\extensions
[2010/09/16 20:35:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\toudoapk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/08/31 13:23:43 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\toudoapk.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/06/06 19:40:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
() (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TOUDOAPK.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
[2011/05/09 17:04:55 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/05/09 17:04:57 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2011/05/09 17:04:57 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2011/05/09 17:04:57 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2011/05/09 17:04:57 | 000,001,180 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2011/05/09 17:04:57 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1365571228-1884427199-4179648014-1000..\Run: [gStart] C:\Garmin\gStart.exe (GARMIN Corp.)
O4 - HKLM..\RunOnce: [DSUpdateLauncher] c:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
O4 - HKLM..\RunOnce: [STToasterLauncher] C:\Program Files\Dell DataSafe Local Backup\ToasterLauncher.exe ()
O4 - Startup: C:\Users\Christine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} http://www.bebo.com/files/BeboUploader.5.1.4.cab (Bebo Uploader Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.40.32.33 8.8.8.8
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/08/27 19:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - D:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/11/23 00:46:10 | 000,000,045 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2004/04/30 23:01:00 | 000,000,053 | -HS- | M] () - E:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{158872d1-7561-11e0-b442-001e101f8924}\Shell - "" = AutoRun
O33 - MountPoints2\{158872d1-7561-11e0-b442-001e101f8924}\Shell\AutoRun\command - "" = G:\KODAK_Software_Downloader.exe
O33 - MountPoints2\{39fb5cfa-d971-11de-89cc-0025644abccb}\Shell - "" = AutoRun
O33 - MountPoints2\{39fb5cfa-d971-11de-89cc-0025644abccb}\Shell\AutoRun\command - "" = G:\Enterprise_Launcher.exe
O33 - MountPoints2\{505cbb19-335d-11e0-9327-001e101fe5e1}\Shell - "" = AutoRun
O33 - MountPoints2\{505cbb19-335d-11e0-9327-001e101fe5e1}\Shell\AutoRun\command - "" = G:\Startme.exe
O33 - MountPoints2\{50cf7aff-569e-11df-97bb-0025644abccb}\Shell - "" = AutoRun
O33 - MountPoints2\{50cf7aff-569e-11df-97bb-0025644abccb}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/08/27 19:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{6fb77292-9954-11df-a2dc-001e101fb45e}\Shell - "" = AutoRun
O33 - MountPoints2\{6fb77292-9954-11df-a2dc-001e101fb45e}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/08/27 19:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{74ea6593-7f51-11df-bbd1-001e101f8ffe}\Shell - "" = AutoRun
O33 - MountPoints2\{74ea6593-7f51-11df-bbd1-001e101f8ffe}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/08/27 19:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/08/27 19:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/06 19:41:10 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/06 18:35:37 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2011/06/06 18:33:10 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2011/06/06 18:31:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2011/06/02 21:36:59 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\PackageAware
[2011/05/29 15:53:26 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\go
[2011/05/29 15:53:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Easybits GO
[2011/05/28 22:56:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2011/05/27 09:00:44 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\caretaker updated
[2011/05/26 20:19:17 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\caretaker
[2011/05/26 17:56:09 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Bebo photos downloaded May 2011
[2011/05/15 21:15:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype Extras
[2011/05/15 21:14:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/05/15 21:14:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/05/13 10:18:19 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\uae
[2011/05/12 22:00:55 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\c mcn

========== Files - Modified Within 30 Days ==========

[2011/06/06 20:00:00 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{096765AE-D322-4B51-BDBE-AD974BA6ABC7}.job
[2011/06/06 19:48:45 | 000,613,890 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/06 19:48:45 | 000,113,174 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/06 19:42:19 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/06 19:42:19 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/06 19:42:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/06 19:42:09 | 3181,760,512 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/06 18:35:24 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2011/06/01 16:56:08 | 000,034,885 | ---- | M] () -- C:\Users\user\Desktop\This is my family.jpg
[2011/05/28 22:56:25 | 000,000,925 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2011/05/28 22:56:25 | 000,000,901 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2011/05/21 15:46:39 | 000,173,298 | ---- | M] () -- C:\Users\user\Desktop\barry!.JPG
[2011/05/19 10:57:14 | 000,011,776 | ---- | M] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2011/06/01 16:56:07 | 000,034,885 | ---- | C] () -- C:\Users\user\Desktop\This is my family.jpg
[2011/05/29 15:53:26 | 000,001,587 | ---- | C] () -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play games (EasyBits GO).lnk
[2011/05/28 22:56:25 | 000,000,925 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2011/05/28 22:56:25 | 000,000,901 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2011/05/21 15:46:38 | 000,173,298 | ---- | C] () -- C:\Users\user\Desktop\barry!.JPG
[2011/05/09 17:05:00 | 000,000,860 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2010/06/24 06:33:44 | 000,000,680 | ---- | C] () -- C:\Users\user\AppData\Local\d3d9caps.dat
[2009/11/11 07:12:03 | 000,132,336 | ---- | C] () -- C:\Windows\System32\STWmiM.dll
[2009/11/11 07:12:03 | 000,103,664 | ---- | C] () -- C:\Windows\System32\STXMLSystem.dll
[2009/11/11 07:12:03 | 000,095,472 | ---- | C] () -- C:\Windows\System32\wnaspi32.dll
[2009/11/11 07:12:03 | 000,079,088 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2009/11/11 07:12:03 | 000,071,408 | ---- | C] () -- C:\Windows\System32\STWiz.dll
[2009/11/11 07:12:03 | 000,000,060 | ---- | C] () -- C:\Windows\System32\winpeshl.ini
[2009/11/11 07:12:03 | 000,000,020 | ---- | C] () -- C:\Windows\System32\ST_LOG.INI
[2009/11/11 07:12:02 | 000,390,384 | ---- | C] () -- C:\Windows\System32\STODD.dll
[2009/11/11 07:12:02 | 000,386,288 | ---- | C] () -- C:\Windows\System32\STODDRD.dll
[2009/11/11 07:12:02 | 000,271,600 | ---- | C] () -- C:\Windows\System32\STODDIM.dll
[2009/11/11 07:12:02 | 000,259,312 | ---- | C] () -- C:\Windows\System32\STODDSC.dll
[2009/11/11 07:12:02 | 000,234,736 | ---- | C] () -- C:\Windows\System32\STFiles.dll
[2009/11/11 07:12:02 | 000,132,336 | ---- | C] () -- C:\Windows\System32\STLog.dll
[2009/11/11 07:12:02 | 000,121,584 | ---- | C] () -- C:\Windows\System32\STNLS.dll
[2009/11/11 07:12:02 | 000,115,952 | ---- | C] () -- C:\Windows\System32\STPE.dll
[2009/11/11 07:12:02 | 000,107,760 | ---- | C] () -- C:\Windows\System32\STShellVC6.dll
[2009/11/11 07:12:02 | 000,099,568 | ---- | C] () -- C:\Windows\System32\STMsXml.dll
[2009/11/11 07:12:02 | 000,083,184 | ---- | C] () -- C:\Windows\System32\STProcess.dll
[2009/11/11 07:12:02 | 000,074,992 | ---- | C] () -- C:\Windows\System32\STRegistry.dll
[2009/11/11 07:12:01 | 001,191,936 | ---- | C] () -- C:\Windows\System32\Restore7.exe
[2009/11/11 07:12:01 | 001,123,568 | ---- | C] () -- C:\Windows\System32\libxml2.dll
[2009/11/11 07:12:01 | 000,476,400 | ---- | C] () -- C:\Windows\System32\PSTImage.dll
[2009/11/11 07:12:01 | 000,447,728 | ---- | C] () -- C:\Windows\System32\STBackupEngine.dll
[2009/11/11 07:12:01 | 000,242,928 | ---- | C] () -- C:\Windows\System32\RestoreLauncher.exe
[2009/11/11 07:12:01 | 000,124,144 | ---- | C] () -- C:\Windows\System32\STCrypto.dll
[2009/11/11 07:12:01 | 000,115,952 | ---- | C] () -- C:\Windows\System32\PSTVdsDisk.dll
[2009/11/11 07:12:01 | 000,058,608 | ---- | C] () -- C:\Windows\System32\STCoreXml.dll
[2009/11/11 07:12:00 | 000,410,864 | ---- | C] () -- C:\Windows\System32\BackupApi.dll
[2009/11/11 07:12:00 | 000,267,504 | ---- | C] () -- C:\Windows\FixBCD.exe
[2009/11/11 07:12:00 | 000,000,004 | ---- | C] () -- C:\Windows\System32\abort.dat
[2009/09/06 12:52:13 | 000,001,064 | ---- | C] () -- C:\Users\user\AppData\Roaming\wklnhst.dat
[2009/08/26 12:46:26 | 000,011,776 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/25 14:35:51 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/08/07 06:03:16 | 000,982,196 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2009/08/07 06:03:16 | 000,417,344 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2009/08/07 06:03:16 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009/08/07 06:03:16 | 000,097,448 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2009/08/07 03:53:22 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009/08/07 03:29:23 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2009/08/07 03:29:22 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2009/08/07 03:29:21 | 000,026,112 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2009/08/07 03:18:32 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009/04/11 19:02:01 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/04/11 19:02:01 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/04/11 17:07:30 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,300,160 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,613,890 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,113,174 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== Custom Scans ==========


< c:|Fun4IM;true;true;true; /FP >

< c:|Bandoo;true;true;true; /FP >

< c:|Searchqu;true;true;true; /FP >
[2011/06/05 14:21:24 | 000,000,000 | ---D | M] -- c:\_OTL\MovedFiles\06062011_194110\C_Users\user\AppData\LocalLow\searchquband
[2011/06/06 19:40:34 | 000,000,000 | ---D | M] -- c:\_OTL\MovedFiles\06062011_194110\C_Users\user\AppData\LocalLow\searchqutoolbar
[2011/06/06 19:40:34 | 000,000,000 | ---D | M] -- c:\_OTL\MovedFiles\06062011_194110\C_Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\toudoapk.default\searchqutoolbar

< c:|iLivid;true;true;true; /FP >
[2011/06/06 19:41:29 | 000,000,000 | ---D | M] -- c:\_OTL\MovedFiles\06062011_194110\C_Program Files\Windows iLivid Toolbar
[2011/06/06 19:41:29 | 000,000,000 | ---D | M] -- c:\_OTL\MovedFiles\06062011_194110\C_Program Files\Windows iLivid Toolbar\Datamngr
[2011/06/06 19:41:29 | 000,000,000 | ---D | M] -- c:\_OTL\MovedFiles\06062011_194110\C_Program Files\Windows iLivid Toolbar\ToolBar
[2011/06/02 21:39:51 | 000,000,000 | ---D | M] -- c:\_OTL\MovedFiles\06062011_194110\C_Users\user\AppData\Local\Ilivid Player

< c:|whitesmoke;true;true;true; /FP >

< End of report >







OTL Extras logfile created on: 06/06/2011 19:59:28 - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\user\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.96 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 50.54% Memory free
6.12 Gb Paging File | 4.57 Gb Available in Paging File | 74.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134.36 Gb Total Space | 84.56 Gb Free Space | 62.94% Space Free | Partition Type: NTFS
Drive D: | 15.48 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 14.65 Gb Total Space | 7.21 Gb Free Space | 49.23% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1365571228-1884427199-4179648014-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0438C85C-0AF9-4A0E-A732-785ABBC156F3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2763C7B7-A182-442B-83E6-1EA1EB183F44}" = lport=138 | protocol=17 | dir=in | app=system |
"{2C9C3311-EE82-474A-A990-732A7759A609}" = lport=139 | protocol=6 | dir=in | app=system |
"{3232A886-D2D0-48A0-B2E1-728A2FEBB7D0}" = rport=445 | protocol=6 | dir=out | app=system |
"{37D483BB-6D4B-4B48-97B7-C5D3DDF914B9}" = rport=138 | protocol=17 | dir=out | app=system |
"{67D26AD1-9FFE-4A11-A3D9-7C6F74A35EB3}" = lport=445 | protocol=6 | dir=in | app=system |
"{DD71CBA1-76F9-41D1-89C3-BDF83DF2C25D}" = rport=139 | protocol=6 | dir=out | app=system |
"{EB613493-4FA5-42F1-9076-08F573157CB1}" = lport=137 | protocol=17 | dir=in | app=system |
"{ED1F956B-39EC-4558-AFB9-D319F5B41735}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F7D6195B-99E8-4F77-B819-CDC009031A0E}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0448E9AD-8EE6-4B86-84D6-D95A29A9E2F2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1615CFE8-E740-4B82-BDFD-FCACDCAF5C1A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{45CCE179-7141-4AAB-8663-0CD093238150}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5E5A4B2F-3D06-4E3E-8D07-D42D4AB0B958}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B58AA0E5-5E9F-4ADB-803A-C5E94D56D38B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D310577D-8881-4A82-AA68-3B1117B5882F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F9F9FAE2-F022-42B2-B070-1E908EB43F9A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{095B1DCF-5E8B-47EC-9B18-481918A731DB}" = Microsoft Default Manager
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{2A03B9F8-BE6D-43C6-A16A-B9998A194AF0}" = Garmin Training Center
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative OA009" = Integrated Webcam Driver (1.02.01.0320)
"Dell Webcam Central" = Dell Webcam Central
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Internet Scrabble Club_is1" = WordBiz version 1.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox 4.0.1 (x86 en-GB)" = Mozilla Firefox 4.0.1 (x86 en-GB)
"O2 Broadband" = O2 Broadband
"Picasa 3" = Picasa 3
"TVWiz" = Intel(R) TV Wizard

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1365571228-1884427199-4179648014-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Game Organizer" = EasyBits GO

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/05/2011 04:31:13 | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/05/2011 03:47:42 | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/05/2011 03:52:16 | Computer Name = user-PC | Source = MsiInstaller | ID = 11704
Description =

Error - 13/05/2011 05:19:54 | Computer Name = user-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 13/05/2011 05:19:54 | Computer Name = user-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 15/05/2011 11:26:06 | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Faulting application STService.exe, version 1.0.0.64, time stamp 0x4ae02c43,
faulting module STString.dll, version 1.1.0.5, time stamp 0x498c2b9e, exception
code 0xc0000005, fault offset 0x0000ae22, process id 0xccc, application start time
0x01cc1078db0a5b58.

Error - 15/05/2011 12:03:57 | Computer Name = user-PC | Source = EventSystem | ID = 4621
Description =

Error - 15/05/2011 16:12:37 | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =

Error - 16/05/2011 06:18:42 | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =

Error - 16/05/2011 09:16:00 | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =

[ Broadcom Wireless LAN Events ]
Error - 01/05/2011 16:19:53 | Computer Name = user-PC | Source = WLAN-Tray | ID = 0
Description = 21:19:53, Sun, May 01, 11 Error - Unable to gain access to user store


[ Media Center Events ]
Error - 28/02/2010 16:49:02 | Computer Name = user-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

[ System Events ]
Error - 05/06/2011 04:52:27 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 05/06/2011 04:52:27 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 05/06/2011 16:53:35 | Computer Name = user-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 89.204.177.210 for the Network Card with network
address 001E101F82A7 has been denied by the DHCP server 89.204.186.41 (The DHCP
Server sent a DHCPNACK message).

Error - 06/06/2011 14:41:10 | Computer Name = user-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 06/06/2011 14:42:18 | Computer Name = user-PC | Source = HTTP | ID = 15016
Description =

Error - 06/06/2011 14:42:22 | Computer Name = user-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%861 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 06/06/2011 14:42:43 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 06/06/2011 14:42:43 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 06/06/2011 14:42:43 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 06/06/2011 14:43:56 | Computer Name = user-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 95.83.195.58 for the Network Card with network
address 001E101F7FB6 has been denied by the DHCP server 95.83.222.189 (The DHCP
Server sent a DHCPNACK message).


< End of report >
aoibhe bree
Regular Member
 
Posts: 15
Joined: June 5th, 2011, 9:38 am

Re: http://www.searchqu.com/406 showing up as homepage

Unread postby Cypher » June 6th, 2011, 3:14 pm

Hi aoibhe bree.
Good work that looks a lot better :)
We need to do a couple of updates then run another scan to check for leftovers.

Java SE Runtime Environment (JRE).

Please download from HERE
  • Find Java SE Runtime Environment (JRE) 6 Update 25.
  • Click the Download JRE button to the right.
  • Choose the correct Platform and Multi-language. Next, check the box that says I agree to the Java SE Runtime Environment 6 License Agreement.
  • Click the Continue button.
  • Click on the filename under Windows Offline Installation and save it to your desktop.
  • Close all active windows.
  • Install the program.
  • Note: remember to Uncheck Free McAfee® Security Scan Plus (optional)

Next.

Update Adobe Reader

  • You should Download and Install the newest version of Adobe Reader for reading pdf files.
  • Older versions may have vulnerabilities that malware can use to infect your system.
  • Go Here to download and install Adobe Reader X (10.0.1).
  • Note: remember to Uncheck Free McAfee® Security Scan Plus (optional)

Next.

Please download ATF Cleaner to your desktop.

  • Right-click ATF-Cleaner.exe And select " Run as administrator " to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Next.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
  • Then click on Run ESET Online Scanner
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on Start.
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


Logs/Information to Post in your Next Reply

  • ESET log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: http://www.searchqu.com/406 showing up as homepage

Unread postby aoibhe bree » June 6th, 2011, 6:02 pm

OK that's all done now. Here's the log:



ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=7087b4800bf45d4291d884602e9e6dac
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-06-06 09:50:44
# local_time=2011-06-06 10:50:44 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 223 223 0 0
# scanned=137758
# found=0
# cleaned=0
# scan_time=4125


Cypher wrote:Please give me an update on your computers performance.


It seems to be going fine!
aoibhe bree
Regular Member
 
Posts: 15
Joined: June 5th, 2011, 9:38 am

Re: http://www.searchqu.com/406 showing up as homepage

Unread postby Cypher » June 7th, 2011, 5:01 am

Hi aoibhe bree.
If you are having no further problems you should be good to go.
your latest set of logs appear to be clean!
This is my general post for when your logs show no more signs of malware.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Clean up with OTL

  • Right-click OTL.exe and select " Run as administrator " to run it.
  • This will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.

You can now delete any tools we used if they remain on your Desktop.

Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.

Here are some free programs I recommend that could help you improve your computer's security.

Install SpywareBlaster
Download and install Javacools SpywareBlaster from Here
SpywareBlaster adds a list of ActiveX controls, tracking cookies and sites which will be blocked in either Internet Explorer or Firefox browsers. You need to manually check for updates regularly.

Install SiteAdvisor
SiteAdvisor is a toolbar for Microsoft Internet Explorer and Mozilla Firefox which alerts you if you're about to enter a potentially dangerous website.
You can find more information and download it from Here

Install WinPatrol
As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
For more information, please visit HERE

MVPS Hosts

Install MVPS Hosts File From Here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
You can Find the Tutorial HERE

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Microsoft Windows Update
Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Install the updates immediately if they are found.
To update Windows
Go to Start > All Programs > Windows Update > Check for updates.
To update Office
Open up any Office program.
Go to Help > Check for Updates

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing!
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: http://www.searchqu.com/406 showing up as homepage

Unread postby aoibhe bree » June 7th, 2011, 5:19 am

Great, thank you so much for all your help Cypher! Really appreciate it! :)
aoibhe bree
Regular Member
 
Posts: 15
Joined: June 5th, 2011, 9:38 am

Re: http://www.searchqu.com/406 showing up as homepage

Unread postby Cypher » June 7th, 2011, 5:29 am

Hi aoibhe bree.
thank you so much for all your help Cypher! Really appreciate it!

You're most welcome glad we could help :)
Good luck and stay safe.
As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 54 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware