Unread postby SwiiftYz » June 13th, 2011, 11:40 am

I've got no idea how I got this "SearchQU" Malware what so ever but basically it's hijacked my browser. I've used Hijackthis to get my browser back and managed to post here. My only real problem is now is the removal of the damn thing. From reading other posts I've seen that people have mentioned "Bandoo" emotions or something for msn? I didn't download this but it's on my System and also refuses to be removed.

Hopefully what I've posted is right, I did read the topic explaining what to do so if it's not then sorry.


DDS (Ver_2011-06-12.02) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_24
Run by Matt at 16:37:08 on 2011-06-13
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4094.2199 [GMT 1:00]
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
C:\Program Files (x86)\GameTracker\GSInGameService.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
============== Pseudo HJT Report ===============
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: CescrtHlpr Object: {2eecd738-5844-4a99-b4b6-146bf802613b} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\\bh\BabylonToolbar.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\\BabylonToolbarTlbr.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/Me ... b56907.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
TCP: DhcpNameServer =
TCP: Interfaces\{5011C3FC-0CA3-4044-9F50-6D0708B62023} : DhcpNameServer =
TCP: Interfaces\{5011C3FC-0CA3-4044-9F50-6D0708B62023}\44D2C496E6B6 : DhcpNameServer =
TCP: Interfaces\{5011C3FC-0CA3-4044-9F50-6D0708B62023}\6796277696E62627F616462616E646 : DhcpNameServer =
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
AppInit_DLLs: c:\progra~2\wi3c8a~1\datamngr\datamngr.dll c:\progra~2\wi3c8a~1\datamngr\iebho.dll c:\progra~2\bandoo\bndhook.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: CescrtHlpr Object: {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\\bh\BabylonToolbar.dll
BHO-X64: Babylon toolbar helper - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\\BabylonToolbarTlbr.dll
mRun-x64: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun-x64: [DATAMNGR] C:\PROGRA~2\WI3C8A~1\Datamngr\DATAMN~1.EXE
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
AppInit_DLLs-X64: c:\progra~2\wi3c8a~1\datamngr\datamngr.dll c:\progra~2\wi3c8a~1\datamngr\iebho.dll c:\progra~2\bandoo\bndhook.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
================= FIREFOX ===================
FF - ProfilePath - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\9rjyzs6x.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/406
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ff ... mid=406&q=
FF - prefs.js: browser.search.selectedEngine - Search Results
FF - prefs.js: network.proxy.type - 0
============= SERVICES / DRIVERS ===============
R1 AppleCharger;AppleCharger;C:\Windows\system32\DRIVERS\AppleCharger.sys --> C:\Windows\system32\DRIVERS\AppleCharger.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464]
R2 ES lite Service;ES lite Service for program management.;C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe [2010-11-9 68136]
R2 GS In-Game Service;GS In-Game Service;C:\Program Files (x86)\GameTracker\GSInGameService.exe [2011-4-29 1677096]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-5-25 2275720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-6-9 366640]
R3 Abyssus;Razer Abyssus;C:\Windows\system32\drivers\Abyssus.sys --> C:\Windows\system32\drivers\Abyssus.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 Arctosa;Arctosa Keyboard;C:\Windows\system32\drivers\Arctosa.sys --> C:\Windows\system32\drivers\Arctosa.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SRS_ViewSonic;SRS Labs WOW HD ViewSonic;C:\Windows\system32\drivers\srs_ViewSonic_amd64.sys --> C:\Windows\system32\drivers\srs_ViewSonic_amd64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-6-13 1153368]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 jrdusbser;Mobile Connector Device for Legacy Serial Communication;C:\Windows\system32\DRIVERS\jrdusbser.sys --> C:\Windows\system32\DRIVERS\jrdusbser.sys [?]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\system32\drivers\ScreamingBAudio64.sys --> C:\Windows\system32\drivers\ScreamingBAudio64.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-1-21 1038088]
S4 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-3-24 2271608]
=============== Created Last 30 ================
2011-06-13 15:34:21 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-06-13 15:34:21 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-06-13 15:32:33 8718160 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{27880A79-5615-4FA2-A420-C6B4212F20E2}\mpengine.dll
2011-06-13 15:29:14 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-11 18:27:33 -------- d-sh--w- C:\$RECYCLE.BIN
2011-06-11 13:09:20 98816 ----a-w- C:\Windows\sed.exe
2011-06-11 13:09:20 518144 ----a-w- C:\Windows\SWREG.exe
2011-06-11 13:09:20 256512 ----a-w- C:\Windows\PEV.exe
2011-06-11 13:09:20 208896 ----a-w- C:\Windows\MBR.exe
2011-06-09 16:23:12 -------- d-----w- C:\Users\Matt\AppData\Roaming\Malwarebytes
2011-06-09 16:23:01 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-06-09 16:23:00 -------- d-----w- C:\ProgramData\Malwarebytes
2011-06-09 16:22:57 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-06-09 16:22:57 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-06-09 16:22:35 388096 ----a-r- C:\Users\Matt\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-09 16:22:35 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-06-09 12:43:48 -------- d-----w- C:\Users\Matt\AppData\Roaming\Bandoo
2011-06-08 22:27:01 -------- d-----w- C:\Users\Matt\AppData\Roaming\.minecraft
2011-06-08 21:53:54 -------- d-----w- C:\ProgramData\Bandoo
2011-06-08 21:53:46 -------- d-----w- C:\Users\Matt\AppData\Local\Ilivid Player
2011-06-08 21:53:46 -------- d-----w- C:\Program Files (x86)\Bandoo
2011-06-08 21:53:45 1524112 ----a-w- C:\Windows\SysWow64\bandoolmx.dll
2011-06-08 21:52:52 -------- d-----w- C:\ProgramData\boost_interprocess
2011-06-08 21:52:51 -------- d-----w- C:\Program Files (x86)\Windows iLivid Toolbar
2011-06-08 21:51:30 -------- d-----w- C:\Users\Matt\AppData\Local\PackageAware
2011-06-07 14:47:28 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
2011-06-04 13:33:30 -------- d-----w- C:\Users\Matt\AppData\Local\Origin
2011-06-04 13:33:19 -------- d-----w- C:\ProgramData\Origin
2011-06-04 13:33:19 -------- d-----w- C:\Program Files (x86)\Origin Games
2011-06-04 13:33:01 -------- d-----w- C:\Program Files (x86)\Origin
2011-05-26 15:28:58 -------- d-----w- C:\Minecraft
2011-05-25 21:28:50 -------- d-----w- C:\Users\Matt\AppData\Roaming\GameTracker
2011-05-25 21:28:25 -------- d-----w- C:\Program Files (x86)\GameTracker
2011-05-25 11:59:14 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-05-24 17:39:19 -------- d-sh--w- C:\Windows\ftpcache
2011-05-24 13:12:22 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{571E24F0-2164-484C-972B-999D5389C5CD}\gapaengine.dll
2011-05-24 13:05:54 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-05-24 13:05:54 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
==================== Find3M ====================
2011-06-13 15:22:01 25640 ----a-w- C:\Windows\gdrv.sys
2011-05-30 19:54:23 214520 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-05-30 19:54:23 214520 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-05-30 19:54:22 214520 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-05-09 14:44:38 521448 ----a-w- C:\Windows\System32\deployJava1.dll
2011-05-05 01:00:47 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2011-04-27 21:43:56 332288 ----a-w- C:\Windows\System32\uxtheme.dll
2011-04-27 21:43:54 2851840 ----a-w- C:\Windows\System32\themeui.dll
2011-04-27 21:43:52 44544 ----a-w- C:\Windows\System32\themeservice.dll
2011-04-20 01:44:50 9319936 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-04-20 01:30:18 22900736 ----a-w- C:\Windows\System32\atio6axx.dll
2011-04-20 01:09:20 151552 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-04-20 01:09:06 676864 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-04-20 01:07:48 795648 ----a-w- C:\Windows\System32\aticfx64.dll
2011-04-20 01:07:04 17693184 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-04-20 01:05:08 462848 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-04-20 01:04:56 480256 ----a-w- C:\Windows\System32\atieclxx.exe
2011-04-20 01:04:20 203776 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-04-20 01:03:06 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-04-20 01:02:50 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-04-20 01:02:44 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-04-20 01:02:32 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-04-20 01:02:26 16384 ----a-w- C:\Windows\System32\atimuixx.dll
2011-04-20 01:02:22 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-04-20 01:02:18 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-04-20 00:59:22 4161536 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-04-20 00:49:32 4951552 ----a-w- C:\Windows\System32\atidxx64.dll
2011-04-20 00:46:18 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-04-20 00:46:16 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-04-20 00:46:06 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-04-20 00:46:04 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-04-20 00:45:54 7768064 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-04-20 00:42:06 6389760 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-04-20 00:40:50 1222656 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-04-20 00:40:16 1923584 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-04-20 00:40:04 3868672 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-04-20 00:38:06 4286464 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-04-20 00:31:14 5440000 ----a-w- C:\Windows\System32\atiumd64.dll
2011-04-20 00:30:38 4056576 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-04-20 00:27:00 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-04-20 00:23:14 366080 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-04-20 00:23:08 262144 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-04-20 00:22:56 14848 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-04-20 00:22:54 12800 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-04-20 00:22:54 12800 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-04-20 00:22:50 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2011-04-20 00:22:42 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-04-20 00:22:34 306176 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-04-20 00:21:46 40960 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-04-20 00:21:40 31232 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-04-20 00:21:34 38912 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-04-20 00:21:26 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-04-20 00:20:52 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-04-20 00:13:38 53760 ----a-w- C:\Windows\System32\atimpc64.dll
2011-04-20 00:13:38 53760 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-04-20 00:13:30 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-04-20 00:13:30 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2011-04-19 11:27:28 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-04-19 11:27:28 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-04-09 17:55:44 15453336 ----a-w- C:\Windows\SysWow64\xlive.dll
2011-04-09 17:55:42 13642904 ----a-w- C:\Windows\SysWow64\xlivefnt.dll
2011-04-09 07:02:55 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-04-09 06:02:25 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:02:25 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-04-08 11:28:58 41872 ----a-w- C:\Windows\SysWow64\xfcodec.dll
2011-04-08 11:28:58 27536 ----a-w- C:\Windows\System32\xfcodec64.dll
2011-04-06 15:26:58 96544 ----a-w- C:\Windows\System32\dnssd.dll
2011-04-06 15:26:58 69408 ----a-w- C:\Windows\System32\jdns_sd.dll
2011-04-06 15:26:58 237856 ----a-w- C:\Windows\System32\dnssdX.dll
2011-04-06 15:26:58 119584 ----a-w- C:\Windows\System32\dns-sd.exe
2011-04-06 15:20:16 91424 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-04-06 15:20:16 75040 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
2011-04-06 15:20:16 197920 ----a-w- C:\Windows\SysWow64\dnssdX.dll
2011-04-06 15:20:16 107808 ----a-w- C:\Windows\SysWow64\dns-sd.exe
============= FINISH: 16:38:24.11 ===============


DDS (Ver_2011-06-12.02)
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 09/11/2010 20:04:39
System Uptime: 13/06/2011 16:21:27 (0 hours ago)
Motherboard: Gigabyte Technology Co., Ltd. | | GA-880GM-UD2H
Processor: AMD Athlon(tm) II X4 640 Processor | Socket M2 | 1800/200mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 931 GiB total, 532.761 GiB free.
E: is CDROM ()
G: is FIXED (NTFS) - 857 GiB total, 130.981 GiB free.
I: is FIXED (NTFS) - 75 GiB total, 63.394 GiB free.
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP252: 24/05/2011 14:11:29 - Windows Backup
RP253: 24/05/2011 14:11:40 - Windows Update
RP254: 24/05/2011 14:38:50 - Windows Update
RP255: 24/05/2011 18:29:58 - Installed Call of Duty(R) 2
RP256: 25/05/2011 18:09:43 - Windows Update
RP257: 25/05/2011 22:35:15 - Installed Call of Duty(R) 2 Patch 1.3
RP258: 29/05/2011 15:05:50 - Windows Update
RP259: 29/05/2011 19:00:09 - Windows Backup
RP260: 01/06/2011 03:00:23 - Windows Update
RP261: 06/06/2011 14:06:37 - Windows Backup
RP262: 06/06/2011 14:07:11 - Windows Update
RP263: 09/06/2011 17:22:05 - Installed HiJackThis
RP264: 11/06/2011 14:09:32 - ComboFix created restore point
RP265: 11/06/2011 19:33:30 - Windows Update
RP266: 13/06/2011 16:32:23 - Windows Backup
==== Installed Programs ======================
Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.20
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Recommended Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Extra Settings CS4
Adobe Community Help
Adobe Creative Suite 4 Master Collection
Adobe CSI CS4
Adobe Default Language CS4
Adobe Dreamweaver CS4
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Dolby
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4 Functional Content
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
APB Reloaded
Apple Application Support
Apple Software Update
ArtMoney SE v7.34
ATI Catalyst Registration
Babylon toolbar
Battlefield 2(TM)
Battlefield 2: Special Forces
Battlefield 2142
Battlefield Play4Free
Battlefield: Bad Company 2
BlackBerry Desktop Software 6.0.1
Browser Configuration Utility
Cabal Online Europe - Episode V Patcher
Cabal Online Europe - Porta Inferno 502 Patch
Cabal Online Europe - Radiant Hall
Call of Duty(R) 2
Call of Duty(R) 2 Patch 1.3
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
Call of Duty: Black Ops - Multiplayer
Call of Duty: Modern Warfare 2
Call of Duty: Modern Warfare 2 - Multiplayer
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
CCC Help English
CD Art Display 2.0.1
Command & Conquer The First Decade
Counter-Strike: Source
DAEMON Tools Lite
DFX for Windows Media Player
EasySaver B9.1214.1
Empire: Total War
FileZilla Client 3.4.0
Football Manager 2011
GamersFirst LIVE!
GameTracker Lite
Google Chrome
Grand Theft Auto IV
Java Auto Updater
Java(TM) 6 Update 24
Launchy 2.5
LogMeIn Hamachi
Malwarebytes' Anti-Malware version
Messenger Plus! 5
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft Choice Guard
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft WSE 3.0 Runtime
Mozilla Firefox (3.6.13)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
Napoleon: Total War
Need For Speed™ World
No Hope
ON_OFF Charge B10.0427.1
OpenTTD 1.0.5
oZone3D.Net FurMark v1.8.2
Pando Media Booster
PDF Settings CS4
Photoshop Camera Raw
Pixel Bender Toolkit
Portal 2
PunkBuster Services
Rapture3D 2.4.4 Game
Razer Abyssus
Razer Arctosa
Realtek Ethernet Controller Driver For Windows 7
Realtek HDMI Audio Driver for ATI
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype™ 5.3
SopCast 3.3.2
Spybot - Search & Destroy
StarCraft II
Suite Shared Configuration CS4
System Requirements Lab CYRI
TeamSpeak 3 Client
TeamViewer 6
The Lord of the Rings FREE Trial
The Lord of the Rings Online™ v03.02.04.8010
The Settlers 7 - Paths to a Kingdom
Total War: SHOGUN 2 Demo
TP-LINK Client Installation Program
TrackMania Nations Forever
Ubisoft Game Launcher
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2536413)
Ventrilo Client
ViewSonic Monitor Drivers
VLC media player 1.1.7
WeGame Client 2.3.5
Windows iLivid Toolbar
Windows Live Call
Windows Live Communications Platform
Windows Live Device Manager
Windows Live Essentials
Windows Live Messenger
Windows Live Upload Tool
World in Conflict
World of Warcraft
x264vfw - H.264/MPEG-4 AVC codec (remove only)
Xfire (remove only)
==== End Of File ===========================
Re: SearchQU Removal

Unread postby Alander » June 15th, 2011, 4:04 am

Hello, I Am Alander :)

Welcome to the Malware Removal forums.

I would be glad to take a look at your log and help you with solving any malware problems.

DDS logs can take a while to research so please be patient while I work on your log and I will post back here with any recommendations.

As I am still training, everything that I post to you, must be checked by an Admin or Moderator.

Thus, there may be a tiny bit of a delay between posts. While it shouldn't be too long, you can be assured you will get the best possible advice.

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
Re: SearchQU Removal

Unread postby Alander » June 17th, 2011, 10:04 am

Remove P2P Programs

  • I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.
  • Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
  • Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

    As long as you have the P2P program(s) installed, I can offer you no further assistance.
    If you choose NOT to remove the program(s)...indicate that in your next reply and this topic will be closed.

    PunkBuster warning

    I noticed you have PunkBuster installed... read the "Published features" section.
    PunkBuster can take control over various aspects of your computer and some gaming tools not unlike PunkBuster, also hinder their removals.
    By the definition we use, PunkBuster is actual spyware. Therefore, I'm asking you to choose one of the following options:
    1. We "try" to leave PunkBuster alone... however, there is no guarantee a spyware component doesn't "inadvertently" get taken out... so PunkBuster might fail. This will also prevent you from playing games using PunkBuster enabled servers.
    2. We can just remove PunkBuster. You can reinstall it afterwards if you wish, but please keep in mind that it is spyware.
    3. We can not clean this computer at all. This ensures PunkBuster will continue to function.
    If you choose to remove PunkBuster, please perform the uninstall steps below. Otherwise, let me know what other option you chose.

    Uninstall PunkBuster
    Please download PBSVC Setup Program. Save it to your desktop.
    1. Double click on pbsvc.exe to start it... then click Uninstall.
      Once that's finished...
    2. Click Start > Run and copy and paste the following into the open text box:
      Code: Select all
      cmd /c for %i in (A B K) do sc delete PnkBstr%i
    3. Click OK. A black box will flash very briefly, this is normal.
    4. Double click My Computer on your desktop and browse to C:\windows\system32\drivers
    5. Locate the file: PnkBstrK.sys... if found delete it.
    Let me know if you performed these steps successfully.

    Uninstall programs
    • Click on Start.
    • All programs.
    • Accessories.
    • Run.
    • In the open text box copy/paste appwiz.cpl Then click Ok.
    • Uninstall the following if present
    Babylon toolbar
    Pando Media Booster
    PunkBuster Services
    Windows iLivid Toolbar

    Disable TeaTimer
    The Resident TeaTimer tool of Spybot-S&D, may interfere with the fix, so we need to temporarily disable it.
    This is a two step process.
    First step:
    1. Right-click the Spybot Icon in the System Tray (resembles a blue/white calendar with a padlock symbol)
      New Version:
      • Click once on Resident Protection
      • Right-click the Spybot icon again and make sure Resident Protection is now Unchecked.
        The Spybot icon in the System tray should now be colorless.
      Old Version:
      • Click on Exit Spybot S&D Resident

    Second step: (use for both new and older versions)
    1. Open Spybot S&D
    2. Click Mode, choose Advanced Mode
    3. Go to the bottom of the vertical panel on the left, click Tools
    4. Then, also in left panel, click Resident shows a red/white shield.
    5. If your firewall raises a question, say OK
    6. In the Resident protection status frame, Uncheck the box labelled Resident "Tea-Timer"(Protection of over-all system settings) active
    7. OK any prompts.
    8. Use File, then choose Exit to terminate Spybot
    9. Reboot your machine for the changes to take effect.

    Run CKScanner

    • Please download CKScanner from Here
    • Important: - Save it to your desktop.
    • Right-click CKScanner.exe > select " Run as administrator " then click Search For Files.
    • After a very short time, when the cursor hourglass disappears, click Save List To File.
    • A message box will verify the file saved.
    • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Please disable any anti-malware program that will block scripts from running before running DDS.

  • Double-Click on dds.scr and a command window will appear. This is normal.
  • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

Please include in your next reply:
  1. Any problem executing the instructions?
  2. DDS.txt
  3. Attach.txt
  4. CKFiles.txt
  5. Is this machine used for business purposes?
Re: SearchQU Removal

Unread postby Alander » June 19th, 2011, 4:06 pm

3 Day Response
It has been 2 days since my last post to you.
  • Do you still need help with this problem?
  • Do you need more time?
  • Are you having problems understanding or following my instructions?
Just let me know what's going on otherwise...
After 24 hrs., if you have not replied to this thread... it will be closed!
Re: SearchQU Removal

Unread postby Wingman » June 21st, 2011, 6:42 am

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
