Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

INFESTED WITH BANDOO/SEARCHQU

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: INFESTED WITH BANDOO/SEARCHQU

Unread postby Gary R » June 27th, 2011, 11:45 am

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
File:
c:\users\y450\documents\plants vs zombies\plants vs zombies.7z

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

How is your computer behaving now ?
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Re: INFESTED WITH BANDOO/SEARCHQU

Unread postby ladyross » June 27th, 2011, 9:10 pm

The I.E. doesnt display searchqu anymore its currently displaying lenovo's homepage now but the other day it was msn. I am still having a hard time opening my p.c. had to force shutdown 5 times this time for the windows to open. It's also slower now and it hangs up.

HERE IS THE LATEST OTL LOG SIR

Error: Unable to interpret <File:> in the current context!
Error: Unable to interpret <C:\USERS\Y450\DOCUMENTS\Plants vs Zombies\Plants vs Zombies.7z> in the current context!

OTL by OldTimer - Version 3.2.24.1 log created on 06282011_090303
ladyross
Regular Member
 
Posts: 35
Joined: June 17th, 2011, 10:11 pm

Re: INFESTED WITH BANDOO/SEARCHQU

Unread postby ladyross » June 27th, 2011, 9:12 pm

addendum : mozilla displays site when its opened - http://search.yahoo.com/firefox/?fr=yff40-sfp
ladyross
Regular Member
 
Posts: 35
Joined: June 17th, 2011, 10:11 pm

Re: INFESTED WITH BANDOO/SEARCHQU

Unread postby Gary R » June 28th, 2011, 1:30 am

Image ..... sorry, I mis-scripted the last set of instructions by missing out a S.

:file should have been :files

Please do the following ....

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
Files:
c:\users\y450\documents\plants vs zombies\plants vs zombies.7z

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Once you've done that, can you please run a new scan for me with OTL using the instructions below ....

  • Double click OTL.exe to launch the programme.
  • Check the following.
    • Scan all users.
    • Standard Output.
    • Lop check.
    • Purity check.
  • Under Extra Registry section, select Use SafeList
  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce two logs.
    • OTL.txt (open on your desktop).
    • Extras.txt (minimised in your taskbar)
  • Please post me both logs.

Next

Download GMER to your Desktop. (It will have a randomly generated name, for example .... wjkl3ecz.exe)

  • Disconnect from the Internet, and close all running programmes.
  • There is a small chance this programme may crash your computer, so save any work you have open.
  • Double click on the randomly named GMER file (eg .... wjkl3ecz.exe) to launch GMER.
  • Let the gmer.sys driver load if asked.
  • If it gives you a warning at programme start about rootkit activity and asks if you want to run a scan ..... click OK.
  • If no warning:
    • Click Rootkit tab.
    • Ensure that All the boxes to the right of the program are checked except Show All.
    • Click Scan.
  • Do not use your computer while the scan is running.
  • Once scan is finished click Copy.
    • Click Start > Run then type Notepad.exe then click OK.
    • This will open a Notepad file.
    • Hit Ctrl+V to paste log into it.
    • Save the log to your Desktop.
  • Reconnect to internet and post the log please.

Summary of the logs I need from you in your next post:
  • OTL fix log
  • New OTL.txt (scan log)
  • GMER log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.

Question ....

Did you have your problems having to shut down your computer before we tried removing Bandoo, or has this happened only after something we did ?
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: INFESTED WITH BANDOO/SEARCHQU

Unread postby ladyross » June 28th, 2011, 5:45 am

:D here's the first OTL LOG :

Error: Unable to interpret <Files:> in the current context!
Error: Unable to interpret <c:\users\y450\documents\plants vs zombies\plants vs zombies.7z> in the current context!

OTL by OldTimer - Version 3.2.24.1 log created on 06282011_174502
ladyross
Regular Member
 
Posts: 35
Joined: June 17th, 2011, 10:11 pm

Re: INFESTED WITH BANDOO/SEARCHQU

Unread postby ladyross » June 28th, 2011, 5:55 am

REGARDING YOUR QUESTION SIR. THIS IS THE FIRST TIME I'M HAVING PROBLEMS TURNING ON MY COMPUTER.. WINDOWS IS NOT LOADING AS IT USED TO BE.. I'M GETTING THAT I WONT BE ABLE TO OPEN IT NEXT TIME I NEED TO USE IT.

NEW OTL.TXT :

OTL logfile created on: 6/28/2011 5:47:36 PM - Run 2
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Y450\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 45.46% Memory free
3.97 Gb Paging File | 2.47 Gb Available in Paging File | 62.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 252.81 Gb Total Space | 166.15 Gb Free Space | 65.72% Space Free | Partition Type: NTFS
Drive D: | 30.52 Gb Total Space | 14.84 Gb Free Space | 48.62% Space Free | Partition Type: NTFS

Computer Name: ROSS | User Name: Y450 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/23 10:04:36 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Y450\Desktop\OTL.exe
PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/12/15 13:31:20 | 000,460,144 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2010/12/15 13:22:42 | 001,085,440 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
PRC - [2009/11/19 06:57:39 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/11/19 06:57:39 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/11/02 09:30:00 | 002,508,104 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009/09/22 13:30:28 | 000,246,272 | ---- | M] () -- C:\Program Files\Globe Tattoo\AssistantServices.exe
PRC - [2009/09/22 13:29:00 | 000,132,096 | ---- | M] () -- C:\Program Files\Globe Tattoo\UIExec.exe
PRC - [2009/09/09 05:12:51 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2009/09/04 21:18:48 | 003,112,960 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\VeriFace\PManage.exe
PRC - [2009/07/17 07:33:46 | 005,330,760 | ---- | M] (Lenovo(beijing) Limited) -- C:\Program Files\Lenovo\Energy Management\utility.exe
PRC - [2009/04/28 03:32:28 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/04/28 03:32:28 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/04/11 14:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/03 07:27:34 | 000,326,144 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Lenovo Desktop Navigator\DesktopNavigator.exe
PRC - [2009/03/03 04:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/01/10 19:45:24 | 000,860,160 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Lenovo OneKey Theater\OneKeyTheater.exe
PRC - [2008/12/20 01:35:50 | 008,828,744 | ---- | M] (Lenovo (Beijing) Limited) -- C:\Program Files\Lenovo\Energy Management\Energy Management.exe
PRC - [2008/12/18 06:52:40 | 000,036,480 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
PRC - [2008/12/18 04:56:34 | 000,429,696 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ReadyComm\ReadyComm.exe
PRC - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/11/04 23:10:20 | 000,780,840 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
PRC - [2008/11/04 23:10:20 | 000,555,560 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
PRC - [2008/09/28 02:00:24 | 000,430,080 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe
PRC - [2008/07/24 07:48:34 | 000,169,256 | ---- | M] () -- C:\Program Files\Lenovo\OneKey App\OneKey Recovery\FHPService.exe
PRC - [2008/01/21 10:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IgrsSvcs.exe
PRC - [2008/01/21 10:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/12 08:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2006/11/02 20:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe


========== Modules (SafeList) ==========

MOD - [2011/06/23 10:04:36 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Y450\Desktop\OTL.exe
MOD - [2010/08/31 23:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/12/15 13:31:20 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2010/12/15 13:22:42 | 001,085,440 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer)
SRV - [2009/11/19 06:57:39 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/11/19 06:57:39 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/09/22 13:30:28 | 000,246,272 | ---- | M] () [Auto | Running] -- C:\Program Files\Globe Tattoo\AssistantServices.exe -- (UI Assistant Service)
SRV - [2009/09/09 05:12:51 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2009/04/28 03:32:28 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/12/18 06:52:40 | 000,036,480 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe -- (IGRS)
SRV - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/11/04 23:10:20 | 000,555,560 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2008/09/28 02:00:24 | 000,430,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe -- (System_Repair_UpdateMonitor)
SRV - [2008/07/24 07:48:34 | 000,169,256 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\OneKey App\OneKey Recovery\FHPService.exe -- (FHPService)
SRV - [2008/01/21 10:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\IgrsSvcs.exe -- (ReadyComm.DirectRouter)
SRV - [2008/01/21 10:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IgrsSvcs.exe -- (PS_MDP)
SRV - [2008/01/21 10:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\IgrsSvcs.exe -- (IncSvc)
SRV - [2008/01/21 10:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/12 08:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)


========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/12/09 02:41:20 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/11/19 06:57:40 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/11/19 06:57:40 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/09/04 21:19:45 | 000,048,192 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\funfrm.sys -- (funfrm)
DRV - [2009/09/01 09:55:54 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009/09/01 09:55:54 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009/09/01 09:55:54 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009/09/01 09:55:54 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009/07/14 09:03:32 | 000,021,008 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2009/07/10 07:25:00 | 000,048,144 | ---- | M] (Lenovo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tvtumon.sys -- (tvtumon)
DRV - [2009/07/10 06:11:24 | 000,082,928 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSVD.sys -- (WSVD)
DRV - [2009/04/11 12:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)
DRV - [2009/02/14 03:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/01/09 18:34:14 | 001,185,960 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2008/12/18 06:50:56 | 000,008,832 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\Wdkbdmou.sys -- (Wdkbdmou)
DRV - [2008/12/18 04:58:38 | 000,008,832 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WDMirror.sys -- (wdmirror)
DRV - [2008/10/20 17:32:00 | 000,107,360 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/09/22 05:49:36 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008/08/28 23:48:46 | 003,664,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008/06/20 09:47:02 | 000,212,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
DRV - [2008/01/25 01:08:34 | 000,010,880 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ITEhidCIR.sys -- (vhidmini)
DRV - [2007/05/23 16:33:58 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/11/02 15:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1827207934-2233158183-2734905608-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-1827207934-2233158183-2734905608-1005\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1827207934-2233158183-2734905608-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1827207934-2233158183-2734905608-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://search.yahoo.com/firefox/?fr=yff40-sfp"


FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/05 08:05:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/11 17:10:57 | 000,000,000 | ---D | M]

[2009/11/12 10:53:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Y450\AppData\Roaming\Mozilla\Extensions
[2011/06/28 09:10:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Y450\AppData\Roaming\Mozilla\Firefox\Profiles\x45w10gd.default\extensions
[2011/06/28 09:10:24 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Y450\AppData\Roaming\Mozilla\Firefox\Profiles\x45w10gd.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/04/05 08:05:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/05 06:59:52 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/04/05 08:05:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2011/04/05 08:05:13 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
File not found (No name found) --
[2009/11/24 23:54:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2010/01/01 16:00:00 | 000,135,168 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 16:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/06/26 20:43:41 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1827207934-2233158183-2734905608-1005\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Desktop Navigator] C:\Program Files\Lenovo\Lenovo Desktop Navigator\DesktopNavigator.exe (Lenovo)
O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MDS_Menu] c:\Program Files\Lenovo\MediaShow\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [OneKey Theater] C:\Program Files\Lenovo\Lenovo OneKey Theater\OneKeyTheater.exe (Lenovo)
O4 - HKLM..\Run: [UIExec] C:\Program Files\Globe Tattoo\UIExec.exe ()
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1827207934-2233158183-2734905608-1005..\Run: [cdloader] C:\Users\Y450\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKU\S-1-5-21-1827207934-2233158183-2734905608-1005..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-1827207934-2233158183-2734905608-1005..\Run: [ReadyComm] C:\Program Files\Lenovo\ReadyComm\ReadyComm.exe (Lenovo Group Limited)
O7 - HKU\S-1-5-21-1827207934-2233158183-2734905608-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1827207934-2233158183-2734905608-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1827207934-2233158183-2734905608-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: &Windows Live Search - c:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1827207934-2233158183-2734905608-1005\..Trusted Domains: magicjack.com ([my] https in Trusted sites)
O15 - HKU\S-1-5-21-1827207934-2233158183-2734905608-1005\..Trusted Domains: talk4free.com ([reg] https in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Y450\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Y450\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/28 12:08:31 | 000,000,000 | ---D | C] -- C:\Users\Y450\Desktop\Dinapigue
[2011/06/26 23:08:49 | 000,000,000 | ---D | C] -- C:\Users\Y450\AppData\Roaming\Malwarebytes
[2011/06/26 23:08:35 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/06/26 23:08:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/26 23:08:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/06/26 23:08:30 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/06/26 23:08:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/26 23:05:30 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Y450\Desktop\mbam-setup.exe
[2011/06/26 20:41:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/23 10:34:15 | 001,441,584 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Y450\Desktop\TDSSKiller.exe
[2011/06/23 10:04:34 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\Y450\Desktop\OTL.exe
[2011/06/23 10:01:32 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/06/23 10:00:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/06/23 10:00:51 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/06/23 09:56:50 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Y450\Desktop\erunt-setup.exe
[2011/06/17 21:16:50 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2011/06/16 20:26:30 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/06/16 20:26:27 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/06/16 20:26:27 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/06/16 20:26:27 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/06/16 20:26:27 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/06/16 20:26:27 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/06/16 20:26:27 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/06/16 20:26:27 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/06/16 20:26:26 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/06/16 20:26:26 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/06/16 20:26:26 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/06/16 20:26:26 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/06/16 20:26:26 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/06/16 20:26:26 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/06/16 20:26:26 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/06/16 20:26:26 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/06/16 20:26:26 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/08/25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2 C:\Users\Y450\AppData\Local\*.tmp files -> C:\Users\Y450\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/28 17:51:02 | 000,000,270 | ---- | M] () -- C:\Windows\tasks\Check Updates for Windows Live Toolbar.job
[2011/06/28 17:44:31 | 000,698,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/28 17:44:31 | 000,139,732 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/28 17:37:34 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/28 17:37:25 | 000,000,431 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2011/06/28 17:37:07 | 000,000,056 | -HS- | M] () -- C:\_PartitionInfo
[2011/06/28 17:36:57 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/28 17:36:57 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/28 17:36:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/28 13:03:26 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/06/28 12:15:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/26 23:08:35 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/26 23:05:36 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Y450\Desktop\mbam-setup.exe
[2011/06/26 20:43:41 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/06/26 19:02:53 | 000,007,728 | ---- | M] () -- C:\Users\Y450\AppData\Local\d3d9caps.dat
[2011/06/23 10:29:34 | 001,309,375 | ---- | M] () -- C:\Users\Y450\Desktop\tdsskiller.zip
[2011/06/23 10:04:36 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Y450\Desktop\OTL.exe
[2011/06/23 10:00:52 | 000,000,674 | ---- | M] () -- C:\Users\Y450\Desktop\ERUNT.lnk
[2011/06/23 09:56:55 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Y450\Desktop\erunt-setup.exe
[2011/06/17 23:36:34 | 000,002,070 | ---- | M] () -- C:\Users\Y450\Desktop\OneKey Recovery.lnk
[2011/06/16 15:28:52 | 001,441,584 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Y450\Desktop\TDSSKiller.exe
[2011/06/15 10:59:34 | 000,180,224 | ---- | M] () -- C:\Users\Y450\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/05 11:06:55 | 000,296,034 | ---- | M] () -- C:\Users\Y450\Desktop\acnescarsguide.pdf
[2011/06/04 20:16:05 | 000,045,984 | ---- | M] () -- C:\Users\Y450\Desktop\walk-in-closet-design.jpg
[2 C:\Users\Y450\AppData\Local\*.tmp files -> C:\Users\Y450\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/26 23:08:35 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/23 10:29:16 | 001,309,375 | ---- | C] () -- C:\Users\Y450\Desktop\tdsskiller.zip
[2011/06/23 10:00:52 | 000,000,674 | ---- | C] () -- C:\Users\Y450\Desktop\ERUNT.lnk
[2011/06/05 11:06:55 | 000,296,034 | ---- | C] () -- C:\Users\Y450\Desktop\acnescarsguide.pdf
[2011/06/04 20:15:57 | 000,045,984 | ---- | C] () -- C:\Users\Y450\Desktop\walk-in-closet-design.jpg
[2010/08/25 19:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 19:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 19:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 18:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010/05/05 07:03:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/04/07 02:13:31 | 000,007,728 | ---- | C] () -- C:\Users\Y450\AppData\Local\d3d9caps.dat
[2009/11/24 12:22:27 | 000,024,206 | ---- | C] () -- C:\Users\Y450\AppData\Roaming\UserTile.png
[2009/11/20 09:10:21 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/11/19 09:43:58 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/11/19 09:43:57 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/11/17 00:32:43 | 000,180,224 | ---- | C] () -- C:\Users\Y450\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/12 05:53:19 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/11/12 05:53:13 | 000,795,648 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/11/12 05:53:13 | 000,130,048 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/11/12 05:53:11 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2009/11/12 05:53:06 | 000,067,584 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/09/04 21:19:46 | 000,057,344 | ---- | C] () -- C:\Windows\AsfHelper.dll
[2009/09/04 21:19:46 | 000,048,192 | ---- | C] () -- C:\Windows\System32\drivers\funfrm.sys
[2009/09/04 21:19:42 | 000,241,664 | ---- | C] () -- C:\Windows\System32\3DImageRenderer.dll
[2009/09/04 21:19:05 | 002,101,248 | ---- | C] () -- C:\Windows\System32\Apblend.dll
[2009/09/04 21:19:05 | 001,404,928 | ---- | C] () -- C:\Windows\System32\IcnOvrly.dll
[2009/09/04 21:19:05 | 000,655,360 | ---- | C] () -- C:\Windows\System32\EncIcons.dll
[2009/09/04 21:19:05 | 000,507,904 | ---- | C] () -- C:\Windows\System32\SimpleExt.dll
[2009/09/04 21:02:11 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
[2009/09/04 20:20:46 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/12/30 11:24:48 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/12/30 11:24:47 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1591.dll
[2008/12/30 11:24:46 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008/12/18 06:50:56 | 000,008,832 | ---- | C] () -- C:\Windows\System32\drivers\Wdkbdmou.sys
[2008/09/20 03:14:16 | 000,024,056 | ---- | C] () -- C:\Windows\System32\providers.bin
[2006/11/02 20:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 20:47:37 | 000,401,160 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 20:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 18:33:01 | 000,698,196 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 18:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 18:33:01 | 000,139,732 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 18:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 18:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 16:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 16:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 15:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 15:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001/11/15 03:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2011/04/03 16:59:11 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\LenovoDesktopNavigator
[2011/04/03 10:47:00 | 000,000,000 | ---D | M] -- C:\Users\ROSS\AppData\Roaming\LenovoDesktopNavigator
[2009/11/12 14:28:46 | 000,000,000 | ---D | M] -- C:\Users\Y450\AppData\Roaming\EasyCapture
[2011/04/15 11:15:41 | 000,000,000 | ---D | M] -- C:\Users\Y450\AppData\Roaming\Flip Video
[2009/10/24 08:49:07 | 000,000,000 | ---D | M] -- C:\Users\Y450\AppData\Roaming\Lenovo
[2009/10/24 08:50:14 | 000,000,000 | ---D | M] -- C:\Users\Y450\AppData\Roaming\LenovoDesktopNavigator
[2011/04/18 13:52:39 | 000,000,000 | ---D | M] -- C:\Users\Y450\AppData\Roaming\mjusbsp
[2009/11/24 12:22:27 | 000,000,000 | ---D | M] -- C:\Users\Y450\AppData\Roaming\PeerNetworking
[2009/11/20 14:00:57 | 000,000,000 | ---D | M] -- C:\Users\Y450\AppData\Roaming\PlayFirst
[2011/06/28 17:51:02 | 000,000,270 | ---- | M] () -- C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job
[2011/06/28 13:03:32 | 000,032,552 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
ladyross
Regular Member
 
Posts: 35
Joined: June 17th, 2011, 10:11 pm

Re: INFESTED WITH BANDOO/SEARCHQU

Unread postby ladyross » June 28th, 2011, 5:57 am

EXTRAS.TXT :

OTL Extras logfile created on: 6/28/2011 5:47:36 PM - Run 2
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Y450\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 45.46% Memory free
3.97 Gb Paging File | 2.47 Gb Available in Paging File | 62.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 252.81 Gb Total Space | 166.15 Gb Free Space | 65.72% Space Free | Partition Type: NTFS
Drive D: | 30.52 Gb Total Space | 14.84 Gb Free Space | 48.62% Space Free | Partition Type: NTFS

Computer Name: ROSS | User Name: Y450 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1827207934-2233158183-2734905608-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0877D4E6-3605-41B8-B38E-25146E42FA06}" = lport=2869 | protocol=6 | dir=in | app=system |
"{12A61B77-87AD-4A4F-A032-065731BB3DCC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{20CA3F5A-703A-4807-ADD9-141542721A7E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{32EC8E71-608A-433A-AA88-930D6E19A43A}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{651B2EEF-173B-422D-BBEB-C08E343817D7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{70D7E3E7-DAA2-4F97-AF86-DA40A70E9B4E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{757ABBBE-C51E-4F74-B267-65CB97092C01}" = lport=24726 | protocol=6 | dir=in | name=flipshareserver |
"{7C786387-6D4D-4855-8C99-6339005A9807}" = rport=2869 | protocol=6 | dir=out | app=system |
"{82A0C6A9-DA8A-467E-A1C2-869FD8FABA4B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{8F2E7AFA-8D08-41DB-A6CD-70C4466F24E0}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C2ECBE37-A382-47C9-9191-24CC9916880F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{C3BB420B-65B0-4499-B1A2-69390D829E77}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{EFD36925-EA0D-4F63-AD6F-8FD02854A06D}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F1478037-2E3B-4887-AFE9-CCE8250E9547}" = lport=24727 | protocol=6 | dir=in | name=flipshareserver |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{085AF022-35BB-4A92-97E7-698AC08DC64C}" = dir=in | app=c:\program files\lenovo\readycomm\common\igrs.exe |
"{0C03E5E1-9A84-42F2-8C0A-A3F1FAAEB636}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{186F1A0E-3232-43D4-A2FE-9E3ECD090992}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1C94B02E-71BB-4C8D-B165-583D74AA14BA}" = dir=in | app=c:\program files\lenovo\readycomm\readycomm.exe |
"{1ED3E72D-7A70-4181-B7F8-7A76F0244959}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{219C2F8F-8D9D-4088-87AC-E6247A531643}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{31A4D61B-3E56-4178-A589-5A544206307E}" = dir=out | app=c:\program files\lenovo\readycomm\common\igrs.exe |
"{394D96CE-B80C-4977-99F3-66153EDE8A43}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{5BBB4C25-3C36-4FB6-A1B7-343F999719AC}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{68DEC50F-CF71-427E-BB0D-FCD20CB09598}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{78796390-7A7D-4015-8AA3-AD7BD4B6FD0E}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{814E628F-6BDE-4223-B39D-A54EED8AB06E}" = protocol=6 | dir=out | app=system |
"{818F124C-FB4D-413C-BA83-A64F003C2C16}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{A273D708-C211-411E-B1C1-D6A92D39D89F}" = dir=in | app=c:\program files\lenovo\readycomm\projectionist.exe |
"{A2F4D7D7-FB13-4D97-B3C3-A7E18284DA1F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{AA621A1F-90A6-4D36-969A-3EB0E85F64FD}" = dir=out | app=c:\program files\lenovo\readycomm\filereceiver.exe |
"{B0695372-6DC4-4255-BC4A-B492F45BFD0E}" = dir=in | app=c:\program files\lenovo\readycomm\filereceiver.exe |
"{B9B0A214-4AB6-48A1-9E05-E4676B94EBB4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{BB707E4D-B4C0-42EA-B843-0615DAC8A899}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C50FBC08-3F20-494B-A3C7-9C6EB8C4A64A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CA320736-6CC8-4E7D-8C20-4783602C991C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CC0F0810-BA24-4CFB-84C7-1683C7B668B1}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{CEB75605-FF3F-4DAE-A35C-86B446DEE053}" = dir=out | app=c:\program files\lenovo\readycomm\readycomm.exe |
"{CF1084E8-940D-4584-9211-573B7D6A109B}" = dir=out | app=c:\program files\lenovo\readycomm\projectionist.exe |
"{D0B41E7C-C062-4FE1-894D-84CE9D75ECBB}" = dir=in | app=c:\windows\system32\igrssvcs.exe |
"{D91D8B27-E896-481E-A4F1-84DC29BCF3C8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E0983229-2BF6-44FE-A90A-FEC01FEE34C6}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{E2F2466A-86BE-43EB-8E9C-5DC913F68908}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{EF1CA0E5-3575-455A-B388-F68EC90EBEEE}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{EFF8593B-7E39-4898-8837-A749E5F75A3E}" = dir=out | app=c:\windows\system32\igrssvcs.exe |
"{FADBD277-48A8-44FE-9A34-861F6C7190EB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{13BE05E8-F176-4245-BD14-C408D0DEEA41}C:\users\y450\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\y450\appdata\roaming\mjusbsp\magicjack.exe |
"TCP Query User{194AAFDB-0D37-4F36-836B-BB78F620BBC0}C:\users\y450\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\y450\appdata\roaming\mjusbsp\magicjack.exe |
"TCP Query User{44E3F089-814B-40D5-8AED-C653C403B6D9}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{2F697BE9-F2AD-4DEC-8952-18C82BF1A37A}C:\users\y450\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\y450\appdata\roaming\mjusbsp\magicjack.exe |
"UDP Query User{4E412378-27CB-4B41-93A6-180F26639750}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{72C9CBB2-EA6F-4D2E-8C48-25CE70092A06}C:\users\y450\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\y450\appdata\roaming\mjusbsp\magicjack.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{08D1EEC8-D5D2-41FD-9A15-6499231ADF5F}" = Lenovo Desktop Navigator
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1900_series" = Canon iP1900 series Printer Driver
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series" = Canon iP2700 series Printer Driver
"{146E206D-7D2C-493A-B431-1F1D16E822AF}" = MobileMe Control Panel
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller Driver
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{420DFB63-8AE7-F7D6-E4B4-AB6D140221F4}" = FlipShare
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Lenovo EasyCamera
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6DEF11C0-35FF-4160-A543-FDD336C4DAE5}" = Microsoft SQL Server 2005 Express Edition (INSTANCENAME)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{717E0AD5-91EB-459F-AB8B-1B5219BAF7CE}" = Lenovo System Repair - Windows Update Monitor
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{76C66170-C538-4E77-B54D-48E136B5B533}" = Lenovo ReadyComm 4.0
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = MediaShow
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87725CEF-1BC6-47C5-B2CD-96DD6D392EE3}" = Dolby Control Center
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}" = SMART BRO
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Globe Tattoo
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.3
"{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}" = Energy Management
"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}" = Windows Live Toolbar
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{E464702F-5433-46EC-8F65-159276C0A54F}" = Lenovo Bluetooth with Enhanced Data Rate Software 6.2.0.6300
"{EE0FE4A7-317D-4B65-B443-B022ACFCA0CA}" = Lenovo OneKey Theater
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA20BCA6-229E-4BED-ABE7-D0D664415255}" = Lenovo Desktop Navigator Library Tool
"{FCED9B62-34FF-4C15-8A23-F65221F7874D}" = ITECIR Driver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Carbonite Setup Lite" = Carbonite Online Backup Setup
"CCleaner" = CCleaner (remove only)
"EasyCapture3.5" = EasyCapture
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{08D1EEC8-D5D2-41FD-9A15-6499231ADF5F}" = Lenovo Desktop Navigator
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = MediaShow
"InstallShield_{EE0FE4A7-317D-4B65-B443-B022ACFCA0CA}" = Lenovo OneKey Theater
"InstallShield_{FA20BCA6-229E-4BED-ABE7-D0D664415255}" = Lenovo Desktop Navigator Library Tool
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.7.5 (Full)
"Lippincott's Review for NCLEX-RN 8th Edition" = Lippincott's Review for NCLEX-RN 8th Edition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mosby's Comp Review of Nursing for NCLEX-RN, 17e" = Mosby's Comp Review of Nursing for NCLEX-RN, 17e
"Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)
"Pediatric Nursing Skills and Student Tutorial" = Pediatric Nursing Skills and Student Tutorial
"PROHYBRIDR" = 2007 Microsoft Office system
"Saunders NCLEX-RN4e" = Saunders NCLEX-RN4e
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VeriFace" = VeriFace
"VLC media player" = VLC media player 1.0.3
"Windows Live Toolbar" = Windows Live Toolbar
"WinRAR archiver" = WinRAR archiver
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1827207934-2233158183-2734905608-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"magicJack" = magicJack
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/3/2010 5:30:23 AM | Computer Name = Y450-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10093

Error - 10/3/2010 5:30:24 AM | Computer Name = Y450-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/3/2010 5:30:24 AM | Computer Name = Y450-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11138

Error - 10/3/2010 5:30:24 AM | Computer Name = Y450-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11138

Error - 10/3/2010 5:30:25 AM | Computer Name = Y450-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/3/2010 5:30:25 AM | Computer Name = Y450-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 12230

Error - 10/3/2010 5:30:25 AM | Computer Name = Y450-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12230

Error - 10/3/2010 5:30:27 AM | Computer Name = Y450-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/3/2010 5:30:27 AM | Computer Name = Y450-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 13260

Error - 10/3/2010 5:30:27 AM | Computer Name = Y450-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13260

[ Media Center Events ]
Error - 2/6/2010 8:53:55 PM | Computer Name = Y450-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 4/20/2010 8:16:44 PM | Computer Name = Y450-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2310
seconds with 720 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 6/28/2011 5:35:19 AM | Computer Name = ROSS | Source = Service Control Manager | ID = 7001
Description =

Error - 6/28/2011 5:35:19 AM | Computer Name = ROSS | Source = Service Control Manager | ID = 7001
Description =

Error - 6/28/2011 5:35:19 AM | Computer Name = ROSS | Source = Service Control Manager | ID = 7001
Description =

Error - 6/28/2011 5:35:19 AM | Computer Name = ROSS | Source = Service Control Manager | ID = 7026
Description =

Error - 6/28/2011 5:37:17 AM | Computer Name = ROSS | Source = Service Control Manager | ID = 7000
Description =

Error - 6/28/2011 5:37:18 AM | Computer Name = ROSS | Source = Service Control Manager | ID = 7024
Description =

Error - 6/28/2011 5:37:19 AM | Computer Name = ROSS | Source = ipnathlp | ID = 34001
Description = The ICS_IPV6 failed to configure IPv6 stack.

Error - 6/28/2011 5:37:19 AM | Computer Name = ROSS | Source = ipnathlp | ID = 30013
Description = The DHCP allocator has disabled itself on IP address 169.254.14.44,
since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which
addresses are being allocated to DHCP clients. To enable the DHCP allocator on this
IP address, change the scope to include the IP address, or change the IP address
to fall within the scope.

Error - 6/28/2011 5:39:47 AM | Computer Name = ROSS | Source = ipnathlp | ID = 30005
Description = The DHCP allocator has detected a DHCP server with IP address 192.168.0.1
on the same network as the interface with IP address 192.168.0.100. The allocator
has disabled itself on the interface to avoid confusing DHCP clients.

Error - 6/28/2011 5:39:47 AM | Computer Name = ROSS | Source = Service Control Manager | ID = 7009
Description =


< End of report >
ladyross
Regular Member
 
Posts: 35
Joined: June 17th, 2011, 10:11 pm

Re: INFESTED WITH BANDOO/SEARCHQU

Unread postby Gary R » June 28th, 2011, 7:17 am

It's official, I'm an idiot, and I can't write instructions. :banghead:

My most humble apologies, once more I'm going to have to ask you to run a script to remove that file. This time it should be right.

My only excuse for the last time is it was done at 6.30am and I hadn't woken up properly.

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:Files
c:\users\y450\documents\plants vs zombies\plants vs zombies.7z

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Looking over your new OTL logs now and through this entire topic to see if we've removed anything that might explain the problems you're having on bootup. Get back to you ASAP.

In the meantime can you post the GMER log I asked for please.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: INFESTED WITH BANDOO/SEARCHQU

Unread postby ladyross » June 28th, 2011, 7:22 am

SIR GARY, I AM TRYING TO RUN GMER ON MY LAPTOP AND AFTER 10 MINUTES OF SCANNING IT SHOWS THE BLUE SCREEN AND STARTS CRASH DUMPING. I ALREADY RUNNED IT 3 TIMES

FIRST TIME I RUNNED IT AFTER IT CRASH DUMPED. IT RESTARTED AND LOADED WINDOWS AUTOMATICALLY.
SECOND TIME IT CRASH DUMPED. I HAD TO FORCE SHUTDOWN IT 5 TIMES SINCE ITS NOT LOADING WINDOWS IT SEEMS LIKE IT HANGED.
THIRD TIME IT CRASHED IT RESTARTED AND RELOADED WINDOWS NORMALLY.

I'LL STILL TRY TO RUN GMER TO GET THE GMER LOG. I HOPE YOU COULD ADVISE ME IF THERE'S ANY OTHER WAY TO DO IT SINCE IT KEEPS DUMPING EVERYTIME I RUN GMER. THANK YOU ONCE AGAIN!
ladyross
Regular Member
 
Posts: 35
Joined: June 17th, 2011, 10:11 pm

Re: INFESTED WITH BANDOO/SEARCHQU

Unread postby ladyross » June 28th, 2011, 7:24 am

HERE'S THE OTL LOG :D

========== FILES ==========
c:\users\y450\documents\plants vs zombies\Plants vs Zombies.7z moved successfully.

OTL by OldTimer - Version 3.2.24.1 log created on 06282011_192323
ladyross
Regular Member
 
Posts: 35
Joined: June 17th, 2011, 10:11 pm

Re: INFESTED WITH BANDOO/SEARCHQU

Unread postby ladyross » June 28th, 2011, 8:01 am

Sir Gary, I just run GMER and it still shows the blue screen after 10 minutes of scanning. when it reaches the c:\user\default.... file it starts crash dumping. I think its best to wait for your advise on what to do next...
ladyross
Regular Member
 
Posts: 35
Joined: June 17th, 2011, 10:11 pm

Re: INFESTED WITH BANDOO/SEARCHQU

Unread postby Gary R » June 28th, 2011, 8:20 am

OK, leave GMER for now.

I need to have a closer look at some information from your computer's Event Logs.

To launch Event Viewer ....

  • Click Start > Run
  • Type eventvwr.msc into the Open: box
  • Click OK.

.... and you should see something similar to this ....

Image

Expand the Windows logs folder in the left pane and you'll see several sub-folders, the one we're interested in is System

Click to open the System folder and you should get something similar to this.

Image

Scan down the list of System Events in the top centre pane till you find one dated ..... 6/28/2011 5:35:19 AM ..... it should have an error code of 7026

Click on that Event to highlight it.

In the right hand pane, scroll down to find ... Save Selected Events .... and save it as Eventlog.txt to your Desktop.

By default Event Viewer saves files as type .evtx so you have to click on the drop down arrow in Save as type and select Text (tab delimited) (*.txt)

Post me the contents of Eventlog.txt in your next post please.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: INFESTED WITH BANDOO/SEARCHQU

Unread postby ladyross » June 28th, 2011, 8:51 am

Sir, I just run the event viewer and here is what it says:

MMC could not create the snap-in. The snap-in might not have been installed properly.

Name : Event Viewer

CLSID:
FX:{b05566ad-fe9c-4363-be05-7a4cbb7cb510}
ladyross
Regular Member
 
Posts: 35
Joined: June 17th, 2011, 10:11 pm

Re: INFESTED WITH BANDOO/SEARCHQU

Unread postby Gary R » June 28th, 2011, 11:32 am

The Event I wanted to look at was related to a non-loading boot driver, which is probably the source of your boot problems.

Seems your Event Viewer also has a fault and is not running properly, which is why it did not identify the faulting driver.

Neither of these seem related to anything we did in removing Bandoo.

My speciality is Malware removal, and to resolve this I may need to direct you to someone who specialises in these kind of problems, but first I'd like to see if we can spot why your Event Viewer isn't loading properly.

Please download SystemLook from one of the links below and save it to your Desktop.

For 32 bit Systems
Download Mirror #1
Download Mirror #2


  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
Code: Select all
:Reg
HKLM\software\Microsoft\MMC\SnapIns\FX:{b05566ad-fe9c-4363-be05-7a4cbb7cb510} /s

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: INFESTED WITH BANDOO/SEARCHQU

Unread postby ladyross » June 28th, 2011, 11:33 pm

Okay sir, I understand that it just a coincidence that I am having problems booting my pc just now. The only thing that is not working before was my windows media player. It just stopped functioning saying there's an error. Thanks so much sir I really hope everything will turn out fine. Anyway, here's the log you requested :

SystemLook 04.09.10 by jpshortstuff
Log created at 11:24 on 29/06/2011 by Y450
Administrator - Elevation successful

========== Reg ==========

[HKEY_LOCAL_MACHINE\software\Microsoft\MMC\SnapIns\FX:{b05566ad-fe9c-4363-be05-7a4cbb7cb510}]
"Type"="Microsoft.EventViewer.SnapIn.EventViewerSnapIn, EventViewer, Version=6.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
"ApplicationBase"="C:\Windows\system32\"
"NameString"="Event Viewer"
"Description"="Displays monitoring and troubleshooting messages from windows and other programs."
"ModuleName"="EventViewer.dll"
"AssemblyName"="EventViewer"
"RuntimeVersion"="v2.0.40607"
"FxVersion"="2.0.0.2"
"HelpTopic"="C:\Windows\Help\eventviewer.chm"
"LinkedHelpTopics"="C:\Windows\Help\eventviewer.chm"
"About"="{00000000-0000-0000-0000-000000000000}"
"NameStringIndirect"="@C:\Windows\system32\miguiresource.dll,-101"
"DescriptionStringIndirect"="@C:\Windows\system32\miguiresource.dll,-102"
"ProviderStringIndirect"="@C:\Windows\system32\miguiresource.dll,-103"
"VersionStringIndirect"="@C:\Windows\system32\miguiresource.dll,-104"
"IconIndirect"="@C:\Windows\system32\miguiresource.dll,-500"
"FolderBitmapsColorMask"= 0x0000ff00ff (16711935)
"LargeFolderBitmapIndirect"="@C:\Windows\system32\miguiresource.dll,-501"
"SmallFolderBitmapIndirect"="@C:\Windows\system32\miguiresource.dll,-502"
"SmallSelectedFolderBitmapIndirect"="@C:\Windows\system32\miguiresource.dll,-503"

[HKEY_LOCAL_MACHINE\software\Microsoft\MMC\SnapIns\FX:{b05566ad-fe9c-4363-be05-7a4cbb7cb510}\NodeTypes]
(No values found)

[HKEY_LOCAL_MACHINE\software\Microsoft\MMC\SnapIns\FX:{b05566ad-fe9c-4363-be05-7a4cbb7cb510}\NodeTypes\{33F2C345-BF11-41b6-90DA-4FB4963EA4E2}]
@="Classic Viewer Root Node"

[HKEY_LOCAL_MACHINE\software\Microsoft\MMC\SnapIns\FX:{b05566ad-fe9c-4363-be05-7a4cbb7cb510}\Standalone]
(No values found)


-= EOF =-
ladyross
Regular Member
 
Posts: 35
Joined: June 17th, 2011, 10:11 pm
Advertisement
Register to Remove

PreviousNext

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 335 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware