Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Livid/Searchqu

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Livid/Searchqu

Unread postby daprell » June 29th, 2011, 8:06 am

HI there,
I downloaded iLivid yesterday which somehow also downloaded searchqu as well. I was able to change my homepage on Mozilla and remove the change in search engine. But i just want to be sure that my computer is clean again. Internet Explorer is still showing searchqu as homepage. My laptop also got slower since downloading iLivid yesterday.
Any help is greatly appreciated.
Thanks
Mel

Log 1:
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24
Run by Mel Prell at 23:49:49 on 2011-06-29
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.64.1033.18.1910.837 [GMT 12:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\servicing\TrustedInstaller.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
C:\Program Files\Toshiba\TECO\Teco.exe
C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\Toshiba\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe
C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
F:\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\StikyNot.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\windows\system32\DllHost.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\windows\system32\sppsvc.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\explorer.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.searchqu.com/406
uDefault_Page_URL = hxxp://toshiba.msn.com
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - c:\program files\toshiba\toshiba media controller plug-in\TOSHIBAMediaControllerIE.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
mRun: [<NO NAME>]
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [cAudioFilterAgent] c:\program files\conexant\caudiofilteragent\cAudioFilterAgent.exe
mRun: [SmartAudio] c:\program files\conexant\saii\SAIICpl.exe /t
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
mRun: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [ToshibaServiceStation] c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe /hide:60
mRun: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
mRun: [TWebCamera] "c:\program files\toshiba\toshiba web camera application\TWebCamera.exe" autorun
mRun: [TosVolRegulator] c:\program files\toshiba\tosvolregulator\TosVolRegulator.exe
mRun: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
mRun: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "F:\iTunesHelper.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{5B08A5CB-BB02-4B20-9FC7-68A607F70BB5} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{5B08A5CB-BB02-4B20-9FC7-68A607F70BB5}\24F4242495 : DhcpNameServer = 192.168.1.254 192.168.2.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs:
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mel prell\appdata\roaming\mozilla\firefox\profiles\yd5jdmkr.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&systemid=406&q=
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\3.0.40818.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: f:\mozilla plugins\npitunes.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-2-28 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-1-3 307928]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-1-3 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-1-3 53592]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-6-1 42184]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2010-1-29 185712]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-11 46448]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-14 20992]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-6-20 12920]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\intel\intel(r) management engine components\uns\UNS.exe [2010-7-9 2320920]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-2-11 132352]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2010-2-23 66600]
R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2010-7-9 24064]
R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [2009-6-16 9216]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2010-7-9 862208]
R3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2010-7-9 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2010-2-6 111960]
R3 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2010-2-24 685424]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2010-2-26 184320]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-7-9 186912]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-1-3 1343400]
.
=============== Created Last 30 ================
.
2011-06-29 08:45:36 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-29 08:45:30 1401856 ----a-w- c:\windows\system32\mssrch.dll
2011-06-29 08:45:29 1553920 ----a-w- c:\windows\system32\tquery.dll
2011-06-29 08:45:28 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-06-29 08:45:28 428032 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-06-29 08:45:28 337408 ----a-w- c:\windows\system32\mssph.dll
2011-06-29 08:45:27 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-06-29 08:45:27 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-06-29 08:45:26 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-06-29 08:45:26 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-06-28 07:24:45 -------- d-----w- c:\users\mel prell\appdata\local\Ilivid Player
2011-06-28 07:22:48 -------- d-----w- c:\users\mel prell\appdata\local\PackageAware
2011-06-28 06:21:23 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-28 06:20:06 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{85b678cd-1464-42b9-9e41-5b2c64744495}\mpengine.dll
2011-06-27 06:04:34 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-06-27 06:04:34 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-06-18 00:46:06 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-18 00:46:06 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-18 00:46:06 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-18 00:46:01 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-18 00:46:00 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-12 05:42:05 -------- d-----w- c:\program files\iPod
2011-06-07 00:35:34 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-06-07 00:35:34 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2011-06-06 10:12:24 -------- d-----w- c:\program files\ImTOO
2011-06-01 09:42:58 -------- d-----w- c:\users\mel prell\Banks
.
==================== Find3M ====================
.
2011-05-28 21:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-28 21:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-28 03:00:02 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-24 07:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-10 12:10:59 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 12:03:54 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-10 11:59:44 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-05-09 20:06:08 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-05-09 20:06:08 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-05-04 02:43:59 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-05-04 02:43:48 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-05-04 02:43:41 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-05-03 04:50:29 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-27 02:33:46 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-04-22 19:36:05 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-04-22 19:31:50 981504 ----a-w- c:\windows\system32\wininet.dll
2011-04-22 19:31:26 44544 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-22 18:23:59 386048 ----a-w- c:\windows\system32\html.iec
2011-04-09 06:13:06 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:13:06 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 05:56:38 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-04-06 04:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 04:20:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 04:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 04:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
.
============= FINISH: 23:52:04.18 ===============

Log 2:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 26/12/2010 21:10:31
System Uptime: 29/06/2011 23:45:03 (0 hours ago)
.
Motherboard: Intel Corp. | | Base Board Product Name
Processor: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz | CPU | 1178/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 147 GiB total, 112.04 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 98 GiB total, 78.763 GiB free.
F: is FIXED (NTFS) - 40 GiB total, 38.907 GiB free.
G: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP62: 26/05/2011 19:45:59 - Windows Update
RP63: 29/05/2011 10:32:14 - Windows Update
RP64: 31/05/2011 19:38:59 - Windows Update
RP65: 6/06/2011 21:02:19 - Windows Update
RP66: 9/06/2011 20:52:44 - Windows Update
RP67: 11/06/2011 13:00:28 - Windows Update
RP68: 14/06/2011 17:53:12 - Windows Update
RP69: 18/06/2011 12:45:11 - Windows Update
RP70: 19/06/2011 10:43:50 - Windows Update
RP71: 22/06/2011 17:45:44 - Windows Update
RP72: 25/06/2011 12:49:00 - Windows Update
RP73: 28/06/2011 18:19:47 - Windows Update
RP74: 28/06/2011 20:50:45 - Removed Norton Online Backup
RP75: 29/06/2011 23:43:46 - Windows Update
.
==== Installed Programs ======================
.
2007 Microsoft Office system
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.5
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
avast! Free Antivirus
Bejeweled 2 Deluxe
Bonjour
Business Contact Manager for Outlook 2007 SP2
CCleaner
Chuzzle Deluxe
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Conexant HD Audio
DivX Setup
Escape Rosecliff Island
FATE - The Traitor Soul
Final Drive Nitro
HDAUDIO Soft Data Fax Modem with SmartCP
ImTOO iPod Computer Transfer
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
iTunes
Java Auto Updater
Java(TM) 6 Update 24
Jewel Quest 3
Junk Mail filter update
Malwarebytes' Anti-Malware version 1.51.0.1200
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 5.0 (x86 en-US)
MSVCRT
OpenOffice.org 3.2
Penguins!
PlayReady PC Runtime x86
Polar Bowler
QuickTime
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Skype Toolbars
Skype™ 5.0
Synaptics Pointing Device Driver
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA eco Utility
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
TOSHIBA PC Health Monitor
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
VC80CRTRedist - 8.0.50727.4053
Virtual Villagers - The Secret City
WildTangent Games
WildTangent ORB Game Console
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
29/06/2011 20:49:11, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000be (0x8940f89b, 0x03afe121, 0x80e18b00, 0x0000000a). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 062911-22058-01.
28/06/2011 20:48:03, Error: bowser [8003] - The master browser has received a server announcement from the computer ROSEMARY-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{5B08A5CB-BB02-4B20-9FC7-68A607. The master browser is stopping or an election is being forced.
.
==== End Of File ===========================
daprell
Active Member
 
Posts: 10
Joined: June 29th, 2011, 7:55 am
Advertisement
Register to Remove

Re: Livid/Searchqu

Unread postby MWR 3 day Mod » July 2nd, 2011, 4:01 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Livid/Searchqu

Unread postby Wingman » July 3rd, 2011, 11:48 am

Hello... Welcome to the forum.
I apologize for the delay getting to your logs.

My name is Wingman, and I'll be helping you with any malware problems.
The logs I request can take a while to research, so please be patient.

Before we begin...please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so or install any other software (or hardware) during the cleaning process.
  4. Only- post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  5. Print each set of instructions...if possible...your Internet connection will not be available during some fix processes.
  6. Only- reply to this thread, do not start another ... Please, continue responding, until I give you the "All Clean"
  7. Failure to respond for 3 days, will result in your topic being closed.
Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.

WARNING!
The steps presented in these posts are for this person and machine ONLY. Do not apply these steps to your own system, without the guidance of a trained malware removal helper. Doing so, may possibly damage your system, preventing it from starting.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf, you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Step 1.
Create a System Restore Point - W7

  1. Go to Start > Control Panel... click the System icon in the Control Panel.
  2. In the left pane click on System Protection.
  3. When the Dialog comes up, click on theSystem protection tab.
  4. Check that the drive letter where Windows is located (usually C:) indicates System protection ON.
    (This indicates System restore is turned ON for the Windows drive).
  5. Click the Create button to create a new restore point. In the Name dialog, type a descriptive name... then click Create.
  6. You will get a message that the Restore Point was created successfully. Click Close.
  7. Click OK and close the System window in the Control Panel.
    < STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!

I am currently reviewing your logs and will return as soon as possible, with additional instructions.

Please tell me, is this computer used for business or does it connect to a business network? I need to know so I can provide the proper set of instructions.

Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: Livid/Searchqu

Unread postby daprell » July 5th, 2011, 3:44 am

Hi Wingman,
Thanks for getting back to me. I have now created the restore point.
My laptop is a personal laptop and does not connect to any business network.
Thanks,
Da Prell
daprell
Active Member
 
Posts: 10
Joined: June 29th, 2011, 7:55 am

Re: Livid/Searchqu

Unread postby Wingman » July 5th, 2011, 9:52 am

Hello daprell,

Thank you for letting me now about the business use or network connectivity. Some of the tools we use, can cause business software to become damaged, losing it's functionality and the potential for loss of business data.

Please do not make any changes to your system: do not add or remove any software, run any scans or "fix" programs and/or remove any files unless instructed to do so, by me. Please read these instructions carefully before executing and then perform the steps, in the order given. If you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

The steps presented in these posts are for this person and machine ONLY. Do not apply these steps to your own system, without the guidance of a trained malware removal helper. Doing so, may possibly damage your system, preventing it from starting.

Vista - Windows 7 Users - Please Note:
The programs I ask you to run need to be installed and run in Administrator Mode by... Right clicking the installation file and the executable program file & selecting: Run as Administrator. Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program. When prompted, please select: Allow. Reference: User Account Control (UAC) and Running as Administrator


I will ask in each of my instructions sets, for you to create a System Restore Point (SRP) so we have a good registry to restore if needed.


Step 1.
Create a System Restore Point - W7

  1. Go to Start > Control Panel... click the System icon in the Control Panel.
  2. In the left pane click on System Protection.
  3. When the Dialog comes up, click on theSystem protection tab.
  4. Check that the drive letter where Windows is located (usually C:) indicates System protection ON.
    (This indicates System restore is turned ON for the Windows drive).
  5. Click the Create button to create a new restore point. In the Name dialog, type a descriptive name... then click Create.
  6. You will get a message that the Restore Point was created successfully. Click Close.
  7. Click OK and close the System window in the Control Panel.
    < STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!


You have some out dated programs that are a security threat when not kept up-to-date... we'll uninstall them and get current versions when we finish cleaning the machine.

Step 2.
Uninstall Programs
  1. Click on Start...then... Click the Start Search box on the Start Menu.
  2. Copy and paste the one of the values below, into the open text entry box:
    control appwiz.cpl
    or
    shell:ChangeRemoveProgramsFolder
      Depending on your current view setting ...
    • Double click on Programs and Features.
    • Under Programs, click on Uninstall a program.
  3. Locate the following program(s):
    Adobe Reader 9.4.5
    Java Auto Updater
  4. Select the program and click on Uninstall to uninstall it.
  5. Repeat steps 3 - 4 for each program in the list. When finished... Close the Control Panel window.

Step 3.
OTL
Please download OTL ... by Old Timer . Save it to your Desktop.
  1. Right click on OTL.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  2. Under Output, ensure that Minimal Output is selected.
  3. Click the Scan All Users checkbox.
    Leave the remaining selections to the default settings.
  4. Click on Run Scan at the top left hand corner.
  5. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  6. Please post the contents of both OTL.txt and Extras.txt files in your next reply.

Step 4.
SystemLook
Please download SystemLook.exe... by jpshortstuff and save it to your Desktop.
Alternate download site.
  1. Double-click SystemLook.exe to run it.
    If you receive an "Open file - security warning"... asking "Do you want to run this file?"... press the Run button.
  2. Highlight and copy the following entries: ... into SystemLook's main text entry window.
    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *sweetIM*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *sweetIM*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchqu
    iLivid
    whitesmoke
    sweetIM
    
  3. Press the Look button to start the scan.
    When finished, a Notepad window will open with the results of the scan.
    A file will be created (on your Desktop) with the results of the scan, named "SystemLook.txt"
  4. Please post the contents of the SystemLook.txt file in your next reply.

Step 5.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. OTL.txt and Extras.txt file contents.
  3. SystemLook.txt file contents.
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: Livid/Searchqu

Unread postby daprell » July 6th, 2011, 6:07 am

Thanks Wingman. Here are my logs:
OTL logfile created on: 7/6/2011 9:50:56 PM - Run 1
OTL by OldTimer - Version 3.2.26.0 Folder = C:\Users\Mel Prell\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

1.87 Gb Total Physical Memory | 0.88 Gb Available Physical Memory | 47.17% Memory free
3.73 Gb Paging File | 2.43 Gb Available in Paging File | 65.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 147.48 Gb Total Space | 112.07 Gb Free Space | 75.99% Space Free | Partition Type: NTFS
Drive E: | 97.66 Gb Total Space | 78.76 Gb Free Space | 80.65% Space Free | Partition Type: NTFS
Drive F: | 39.72 Gb Total Space | 38.91 Gb Free Space | 97.95% Space Free | Partition Type: NTFS
Drive G: | 3.74 Gb Total Space | 0.91 Gb Free Space | 24.28% Space Free | Partition Type: FAT32

Computer Name: MELPRELL-PC | User Name: Mel Prell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Mel Prell\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - F:\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\TECO\Teco.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation)
PRC - C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe (Conexant Systems, Inc.)
PRC - C:\Program Files\Toshiba\ConfigFree\CFIWmxSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
PRC - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\Mel Prell\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Alwil Software\Avast5\snxhk.dll (AVAST Software)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
SRV - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV - (cfWiMAXService) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe (TOSHIBA CORPORATION)
SRV - (UNS) Intel(R) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (GameConsoleService) -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (TosCoSrv) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (TMachInfo) -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HsfXAudioService) -- C:\Windows\System32\XAudio32.dll (Conexant Systems, Inc.)
SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (aswSnx) -- C:\windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRdr) -- C:\windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
DRV - (Impcd) -- C:\Windows\System32\drivers\Impcd.sys (Intel Corporation)
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (rtl8192se) -- C:\Windows\System32\drivers\rtl8192se.sys (Realtek Semiconductor Corporation )
DRV - (HECI) Intel(R) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (TVALZ) -- C:\windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (PGEffect) -- C:\Windows\System32\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV - (TVALZFL) -- C:\Windows\System32\drivers\TVALZFL.sys (TOSHIBA Corporation)
DRV - (QIOMem) -- C:\Windows\System32\drivers\QIOMem.sys (TOSHIBA)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio32.sys (Conexant Systems, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-789506316-4129952747-355184729-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba.msn.com
IE - HKU\S-1-5-21-789506316-4129952747-355184729-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/406
IE - HKU\S-1-5-21-789506316-4129952747-355184729-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-789506316-4129952747-355184729-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..keyword.URL: "http://www.searchqu.com/web?src=ffb&systemid=406&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: F:\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/03/14 20:41:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/03/14 20:41:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/27 18:04:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/06 21:46:07 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/03/14 20:41:23 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/03/14 20:41:23 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/27 18:04:34 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/06 21:46:07 | 000,000,000 | ---D | M]

[2011/06/29 22:51:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mel Prell\AppData\Roaming\Mozilla\Extensions
[2011/06/29 21:18:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mel Prell\AppData\Roaming\Mozilla\Firefox\Profiles\yd5jdmkr.default\extensions
[2011/07/06 21:47:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/05 19:03:21 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/01/13 19:16:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/01/15 10:14:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) --
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/27 18:04:34 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/02/02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 20:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/03/24 00:24:21 | 000,005,529 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchquWebSearch.xml

O1 HOSTS File: ([2009/06/11 09:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe (Conexant Systems, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [iTunesHelper] F:\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosVolRegulator] C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosWaitSrv] C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKU\S-1-5-21-789506316-4129952747-355184729-1004..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 09:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/06 21:48:40 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Mel Prell\Desktop\OTL.exe
[2011/07/06 21:46:03 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/07/02 19:18:24 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/06/29 23:48:37 | 000,607,017 | R--- | C] (Swearware) -- C:\Users\Mel Prell\Desktop\dds.scr
[2011/06/29 20:49:06 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2011/06/29 20:45:30 | 001,401,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mssrch.dll
[2011/06/29 20:45:29 | 001,553,920 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tquery.dll
[2011/06/29 20:45:28 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mssvp.dll
[2011/06/29 20:45:28 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mssph.dll
[2011/06/29 20:45:27 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mssphtb.dll
[2011/06/29 20:45:26 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msscntrs.dll
[2011/06/28 19:24:45 | 000,000,000 | ---D | C] -- C:\Users\Mel Prell\AppData\Local\Ilivid Player
[2011/06/28 19:22:48 | 000,000,000 | ---D | C] -- C:\Users\Mel Prell\AppData\Local\PackageAware
[2011/06/28 18:21:23 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2011/06/18 12:45:25 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2011/06/18 12:45:24 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mstime.dll
[2011/06/18 12:45:24 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2011/06/18 12:45:24 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
[2011/06/18 12:45:23 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2011/06/18 12:45:23 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2011/06/18 12:45:22 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2011/06/18 12:45:22 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\html.iec
[2011/06/18 12:45:22 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2011/06/18 12:45:22 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll
[2011/06/18 12:45:22 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe
[2011/06/12 17:42:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/06/12 17:42:05 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/06/06 22:12:27 | 000,000,000 | ---D | C] -- C:\Users\Mel Prell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ImTOO
[2011/06/06 22:12:24 | 000,000,000 | ---D | C] -- C:\Program Files\ImTOO
[2010/02/21 02:35:04 | 000,004,096 | ---- | C] ( ) -- C:\windows\System32\IGFXDEVLib.dll

========== Files - Modified Within 30 Days ==========

[2011/07/06 21:48:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Mel Prell\Desktop\OTL.exe
[2011/07/06 21:47:18 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/06 21:47:18 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/06 21:41:12 | 000,721,876 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/07/06 21:41:12 | 000,145,776 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/07/06 21:36:30 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/07/06 21:36:27 | 1501,974,528 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/29 23:48:44 | 000,607,017 | R--- | M] (Swearware) -- C:\Users\Mel Prell\Desktop\dds.scr
[2011/06/29 23:45:52 | 000,431,432 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2011/06/29 22:50:15 | 000,003,626 | ---- | M] () -- C:\Users\Mel Prell\Documents\cc_20110629_224954.reg
[2011/06/29 20:47:15 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/06/28 18:21:23 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2011/06/27 18:04:46 | 000,001,965 | ---- | M] () -- C:\Users\Mel Prell\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/19 14:02:31 | 000,011,564 | ---- | M] () -- C:\Users\Mel Prell\Desktop\Trip.ods
[2011/06/12 17:42:50 | 000,001,366 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

========== Files Created - No Company Name ==========

[2011/06/29 22:49:57 | 000,003,626 | ---- | C] () -- C:\Users\Mel Prell\Documents\cc_20110629_224954.reg
[2011/06/19 13:45:00 | 000,011,564 | ---- | C] () -- C:\Users\Mel Prell\Desktop\Trip.ods
[2011/06/12 17:42:49 | 000,001,366 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/01/05 19:08:19 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/09 06:25:48 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2010/02/21 03:16:08 | 000,127,868 | ---- | C] () -- C:\windows\System32\igcompkrng575.bin
[2010/02/21 03:16:06 | 000,870,560 | ---- | C] () -- C:\windows\System32\igkrng575.bin
[2010/02/21 03:16:06 | 000,104,636 | ---- | C] () -- C:\windows\System32\igfcg575m.bin
[2010/02/21 02:32:46 | 000,000,151 | ---- | C] () -- C:\windows\System32\GfxUI.exe.config
[2010/02/21 02:27:36 | 000,208,896 | ---- | C] () -- C:\windows\System32\iglhsip32.dll
[2010/02/21 02:27:36 | 000,143,360 | ---- | C] () -- C:\windows\System32\iglhcp32.dll
[2009/07/14 16:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 16:33:53 | 000,431,432 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/14 14:05:48 | 000,721,876 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/14 14:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/14 14:05:48 | 000,145,776 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/14 14:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/14 14:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/14 14:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/14 11:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 11:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 11:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/06/11 09:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat

< End of report >

OTL Extras logfile created on: 7/6/2011 9:50:56 PM - Run 1
OTL by OldTimer - Version 3.2.26.0 Folder = C:\Users\Mel Prell\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

1.87 Gb Total Physical Memory | 0.88 Gb Available Physical Memory | 47.17% Memory free
3.73 Gb Paging File | 2.43 Gb Available in Paging File | 65.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 147.48 Gb Total Space | 112.07 Gb Free Space | 75.99% Space Free | Partition Type: NTFS
Drive E: | 97.66 Gb Total Space | 78.76 Gb Free Space | 80.65% Space Free | Partition Type: NTFS
Drive F: | 39.72 Gb Total Space | 38.91 Gb Free Space | 97.95% Space Free | Partition Type: NTFS
Drive G: | 3.74 Gb Total Space | 0.91 Gb Free Space | 24.28% Space Free | Partition Type: FAT32

Computer Name: MELPRELL-PC | User Name: Mel Prell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-789506316-4129952747-355184729-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{33ABEB66-85BB-43B2-9448-85CB626C5A5F}" = TOSHIBA Hardware Setup
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{53536479-DFB0-47ED-9D10-43F3708C222D}" = TOSHIBA eco Utility
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{607BE7BF-7C28-4ADB-A4A0-385962B901C3}" = TOSHIBA ConfigFree
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6DEF11C0-35FF-4160-A543-FDD336C4DAE5}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{B2FB7DBA-CEEC-41F1-BC23-3323D96290F6}" = TOSHIBA Bulletin Board
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B894522E-C079-4DC8-A305-30BA6E2F4459}" = TOSHIBA ReelTime
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{D2D8CB05-A9E1-4691-995C-2B78F4A58B8B}" = TOSHIBA Supervisor Password
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"avast" = avast! Free Antivirus
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"DivX Setup.divx.com" = DivX Setup
"ESET Online Scanner" = ESET Online Scanner v3
"ImTOO iPod Manager" = ImTOO iPod Computer Transfer
"InstallShield_{33ABEB66-85BB-43B2-9448-85CB626C5A5F}" = TOSHIBA Hardware Setup
"InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}" = TOSHIBA eco Utility
"InstallShield_{B2FB7DBA-CEEC-41F1-BC23-3323D96290F6}" = TOSHIBA Bulletin Board
"InstallShield_{B894522E-C079-4DC8-A305-30BA6E2F4459}" = TOSHIBA ReelTime
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{D2D8CB05-A9E1-4691-995C-2B78F4A58B8B}" = TOSHIBA Supervisor Password
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"PROHYBRIDR" = 2007 Microsoft Office system
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Game Console" = WildTangent ORB Game Console
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WT083877" = Chuzzle Deluxe
"WT083885" = Zuma's Revenge
"WT083898" = Virtual Villagers - The Secret City
"WT083903" = Escape Rosecliff Island
"WT083929" = Bejeweled 2 Deluxe
"WT083947" = Final Drive Nitro
"WT083957" = Jewel Quest 3
"WT083958" = Penguins!
"WT083959" = Polar Bowler
"WT084018" = FATE - The Traitor Soul

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/14/2011 7:14:01 AM | Computer Name = MelPrell-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Skype.exe, version: 5.0.0.156, time stamp:
0x4cf901f4 Faulting module name: Skype.exe, version: 5.0.0.156, time stamp: 0x4cf901f4
Exception
code: 0xc0000005 Fault offset: 0x0057d84e Faulting process id: 0x13f8 Faulting application
start time: 0x01cc2a8408be1c62 Faulting application path: C:\Program Files\Skype\Phone\Skype.exe
Faulting
module path: C:\Program Files\Skype\Phone\Skype.exe Report Id: 67c8ebb0-9677-11e0-b20f-c80aa9e7c623

Error - 6/14/2011 7:56:34 AM | Computer Name = MelPrell-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 6/16/2011 2:40:19 AM | Computer Name = MelPrell-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 6/17/2011 9:08:53 PM | Computer Name = MelPrell-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 6/18/2011 6:41:08 AM | Computer Name = MelPrell-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 6/18/2011 9:46:24 PM | Computer Name = MelPrell-PC | Source = Application Error | ID = 1000
Description = Faulting application name: soffice.bin, version: 3.2.9498.500, time
stamp: 0x4bf4c207 Faulting module name: QuickTime.qts_unloaded, version: 0.0.0.0,
time stamp: 0x4cf4536a Exception code: 0xc0000005 Fault offset: 0x626cbb89 Faulting
process id: 0x1bb4 Faulting application start time: 0x01cc2e21bf811558 Faulting application
path: F:\Oopen Office\OpenOffice.org 3\program\soffice.bin Faulting module path:
QuickTime.qts Report Id: f01ee169-9a15-11e0-b9a8-c80aa9e7c623

Error - 6/19/2011 1:54:29 AM | Computer Name = MelPrell-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 6/20/2011 2:23:46 AM | Computer Name = MelPrell-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 6/22/2011 2:21:50 AM | Computer Name = MelPrell-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 6/22/2011 5:05:04 AM | Computer Name = MelPrell-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

[ System Events ]
Error - 6/12/2011 1:37:23 AM | Computer Name = MelPrell-PC | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 2 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 6/12/2011 1:38:23 AM | Computer Name = MelPrell-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Apple Mobile Device service,
but this action failed with the following error: %%1056

Error - 6/13/2011 3:08:52 AM | Computer Name = MelPrell-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 6/14/2011 6:50:08 AM | Computer Name = MelPrell-PC | Source = NetBT | ID = 4319
Description = A duplicate name has been detected on the TCP network. The IP address
of the computer that sent the message is in the data. Use nbtstat -n in a command
window to see which name is in the Conflict state.

Error - 6/14/2011 6:50:09 AM | Computer Name = MelPrell-PC | Source = NetBT | ID = 4319
Description = A duplicate name has been detected on the TCP network. The IP address
of the computer that sent the message is in the data. Use nbtstat -n in a command
window to see which name is in the Conflict state.

Error - 6/14/2011 6:50:09 AM | Computer Name = MelPrell-PC | Source = NetBT | ID = 4319
Description = A duplicate name has been detected on the TCP network. The IP address
of the computer that sent the message is in the data. Use nbtstat -n in a command
window to see which name is in the Conflict state.

Error - 6/14/2011 6:50:09 AM | Computer Name = MelPrell-PC | Source = NetBT | ID = 4319
Description = A duplicate name has been detected on the TCP network. The IP address
of the computer that sent the message is in the data. Use nbtstat -n in a command
window to see which name is in the Conflict state.

Error - 6/20/2011 4:40:48 AM | Computer Name = MelPrell-PC | Source = BROWSER | ID = 8032
Description =

Error - 6/25/2011 6:53:37 PM | Computer Name = MelPrell-PC | Source = BROWSER | ID = 8032
Description =

Error - 6/26/2011 3:43:32 PM | Computer Name = MelPrell-PC | Source = DCOM | ID = 10010
Description =


< End of report >

SystemLook 04.09.10 by jpshortstuff
Log created at 22:00 on 06/07/2011 by Mel Prell
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchqu*"
C:\Program Files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml --a---- 5529 bytes [07:23 28/06/2011] [12:24 23/03/2011] F69CD0E8BF2F78CFD7D5FBA59D4B8B89
C:\Users\Mel Prell\AppData\Roaming\Microsoft\Windows\Cookies\Low\mel_prell@searchqu[2].txt --a---- 433 bytes [09:07 02/07/2011] [09:07 02/07/2011] A3C0D04111650B7D7155DFAC3693746A

Searching for "*iLivid*"
C:\Users\Mel Prell\Downloads\iLividSetupV1.exe --a---- 1956352 bytes [07:22 28/06/2011] [07:22 28/06/2011] E05383204AA05A5E6018F5A64F7D9F6B
C:\Users\Mel Prell\Videos\iLividSetupV1.exe --a---- 2038544 bytes [07:29 28/06/2011] [07:29 28/06/2011] 4CFA1CB3B29B16B0148997F38A382BE6

Searching for "*whitesmoke*"
No files found.

Searching for "*sweetIM*"
No files found.

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*iLivid*"
C:\Users\Mel Prell\AppData\Local\Ilivid Player d------ [07:24 28/06/2011]

Searching for "*whitesmoke*"
No folders found.

Searching for "*sweetIM*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchqu"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.searchqu.com/406"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]
"URL"="http://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&systemid=406&qu={searchTerms}&ft=json"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]
"URL"="http://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&systemid=406&qu={searchTerms}&ft=json"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASMANCS]
[HKEY_USERS\S-1-5-21-789506316-4129952747-355184729-1004\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.searchqu.com/406"
[HKEY_USERS\S-1-5-21-789506316-4129952747-355184729-1004\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]
"URL"="http://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}"
[HKEY_USERS\S-1-5-21-789506316-4129952747-355184729-1004\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&systemid=406&qu={searchTerms}&ft=json"

Searching for "iLivid"
[HKEY_CURRENT_USER\Software\ilivid]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files\iLivid]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\C:\Program Files\iLivid]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS]
[HKEY_USERS\S-1-5-21-789506316-4129952747-355184729-1004\Software\ilivid]
[HKEY_USERS\S-1-5-21-789506316-4129952747-355184729-1004\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files\iLivid]
[HKEY_USERS\S-1-5-21-789506316-4129952747-355184729-1004\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\C:\Program Files\iLivid]

Searching for "whitesmoke"
No data found.

Searching for "sweetIM"
No data found.

-= EOF =-

Thanks again,
Da prell
daprell
Active Member
 
Posts: 10
Joined: June 29th, 2011, 7:55 am

Re: Livid/Searchqu

Unread postby Wingman » July 6th, 2011, 9:39 am

Hello daprell,

Please do not make any changes to your system: do not add or remove any software, run any scans or "fix" programs and/or remove any files unless instructed to do so, by me. Please read these instructions carefully before executing and then perform the steps, in the order given. If you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

The steps presented in these posts are for this person and machine ONLY. Do not apply these steps to your own system, without the guidance of a trained malware removal helper. Doing so, may possibly damage your system, preventing it from starting.

Vista - Windows 7 Users - Please Note:
The programs I ask you to run need to be installed and run in Administrator Mode by... Right clicking the installation file and the executable program file & selecting: Run as Administrator. Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program. When prompted, please select: Allow. Reference: User Account Control (UAC) and Running as Administrator


Step 1.
Create a System Restore Point - W7

  1. Go to Start > Control Panel... click the System icon in the Control Panel.
  2. In the left pane click on System Protection.
  3. When the Dialog comes up, click on theSystem protection tab.
  4. Check that the drive letter where Windows is located (usually C:) indicates System protection ON.
    (This indicates System restore is turned ON for the Windows drive).
  5. Click the Create button to create a new restore point. In the Name dialog, type a descriptive name... then click Create.
  6. You will get a message that the Restore Point was created successfully. Click Close.
  7. Click OK and close the System window in the Control Panel.
    < STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!


Step 2.
Online Multi Antivirus file scan
I want to check a file... to see if it's OK
Please go to either: Jotti or Virus Total and upload -only one file per scan- the following file(s) for scanning:

C:\windows\System32\IGFXDEVLib.dll

Using Jotti
  1. Choose the appropriate language... once a language is selected, you'll see a message "Ready to receive files"
  2. Copy -one- file name from the list and press the Browse button.
  3. Paste the copied file name into the "file name" area of the "Choose file to upload" window... then press Open.
    The file name should now appear in the online scanner's "File to scan:" box.
  4. Click on Submit..button.
      If you receive the message: This file has been scanned before. The results for this previous scan are listed below.
      Please press the Scan again button, so your file will be scanned.
  5. The file will be uploaded and scanned by various antivirus scanners..this may take a few minutes.
  6. When all scans have completed... Highlight the results text from the Jotti's malware scan box.
  7. Copy the selected text... Open Notepad... Paste the contents into Notepad... Save the file to a convenient place.
  8. Please repeat this procedure for each file listed above.
  9. Paste the contents of all the Jotti scan results in your next reply.

Using Virus Total
  1. Copy -one- file name from the list and press the Browse button.
  2. Paste the copied file name into the "file name" area of the "Choose file to upload" window... then press Open.
    The file name should now appear in the online scanner's text entry box.
  3. Click on Send File...button.
  4. The file will be queued, uploaded and scanned by various antivirus scanners..this may take a few minutes.
      If you receive the message: File has already been analysed:
      Please press the Reanalyse file now button, so your file will be scanned.
  5. When the scan is completed...press the "Compact" icon
  6. The results will be shown in a grid like window... right-click on the text, choose Select All, then Copy the entire contents.
  7. Open Notepad...Paste the result contents into the Notepad window...Save this file to a convenient place.
  8. Please repeat this procedure for each file listed above.
  9. Paste the contents of all the Virus Total results in your next reply.

Step 3.
OTL - System Scan
You should still have this on your desktop, if so, please ignore the download instructions.
Please download OTL.exe ... by Old Timer . Save it to your Desktop
Important! Close all applications and windows so that you have nothing open and are at your Desktop
  1. Right click on OTL.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Minimal Output is selected.
  3. Under the Standard Registry box change it to All.
  4. Check/tick the boxes beside LOP Check and Purity Check.
  5. Copy the following text... do not include the quote box title "Quote'
    :OTL
    IE - HKU\S-1-5-21-789506316-4129952747-355184729-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/406
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..keyword.URL: "http://www.searchqu.com/web?src=ffb&systemid=406&q="
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    [2011/01/13 19:16:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2011/01/15 10:14:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    File not found (No name found) --
    File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    [2011/03/24 00:24:21 | 000,005,529 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchquWebSearch.xml
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    [2011/06/28 19:24:45 | 000,000,000 | ---D | C] -- C:\Users\Mel Prell\AppData\Local\Ilivid Player

    :Reg
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Start Page"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]
    "URL"=-
    "SuggestionsURL_JSON"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]
    "URL"=-
    "SuggestionsURL_JSON"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASMANCS]
    [HKEY_USERS\S-1-5-21-789506316-4129952747-355184729-1004\Software\Microsoft\Internet Explorer\Main]
    "Start Page"=-
    [HKEY_USERS\S-1-5-21-789506316-4129952747-355184729-1004\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]
    "URL"=-
    "SuggestionsURL_JSON"=-
    [-HKEY_CURRENT_USER\Software\ilivid]
    [-HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files\iLivid]
    [-HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\C:\Program Files\iLivid]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1.exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS]
    [-HKEY_USERS\S-1-5-21-789506316-4129952747-355184729-1004\Software\ilivid]
    [-HKEY_USERS\S-1-5-21-789506316-4129952747-355184729-1004\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files\iLivid]
    [-HKEY_USERS\S-1-5-21-789506316-4129952747-355184729-1004\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\C:\Program Files\iLivid]

    :Files
    C:\Program Files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml
    C:\Users\Mel Prell\AppData\Roaming\Microsoft\Windows\Cookies\Low\mel_prell@searchqu[2].txt
    C:\Users\Mel Prell\Downloads\iLividSetupV1.exe
    C:\Users\Mel Prell\Videos\iLividSetupV1.exe
    C:\Users\Mel Prell\AppData\Local\Ilivid Player

    :Commands
    [EMPTYTEMP]
    [EMPTYFLASH]
  6. Click under the Custom Scan/Fixes box and paste the copied text.
  7. Click the Run Fix button. If prompted... click OK.
  8. When the scan completes, Notepad will open with the scan results (OTL.txt). The report is saved in the same location as OTL.
  9. Please post the contents of report in your next reply.

If your computer did not reboot... please reboot your computer normally, now.

Step 4.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. Jotti or VirusTotal scan results.
  3. OTL.txt - fix scan output
  4. How is the computer behaving?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: Livid/Searchqu

Unread postby daprell » July 8th, 2011, 7:07 pm

Hi Wingman,
Thanks again for your help.
I have run the processes above, but did not click the Run Fix button upon re-boot. ;-(
Virus total scan results: not found
I also could not find the text file from OTL. Do you want me to re-run these steps?
Thanks,
Mel
daprell
Active Member
 
Posts: 10
Joined: June 29th, 2011, 7:55 am

Re: Livid/Searchqu

Unread postby Wingman » July 9th, 2011, 9:18 am

Hello daprell,

Please do not make any changes to your system: do not add or remove any software, run any scans or "fix" programs and/or remove any files unless instructed to do so, by me. Please read these instructions carefully before executing and then perform the steps, in the order given. If you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

The steps presented in these posts are for this person and machine ONLY. Do not apply these steps to your own system, without the guidance of a trained malware removal helper. Doing so, may possibly damage your system, preventing it from starting.

Vista - Windows 7 Users - Please Note:
The programs I ask you to run need to be installed and run in Administrator Mode by... Right clicking the installation file and the executable program file & selecting: Run as Administrator. Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program. When prompted, please select: Allow. Reference: User Account Control (UAC) and Running as Administrator


Step 1.
Create a System Restore Point - W7

  1. Go to Start > Control Panel... click the System icon in the Control Panel.
  2. In the left pane click on System Protection.
  3. When the Dialog comes up, click on theSystem protection tab.
  4. Check that the drive letter where Windows is located (usually C:) indicates System protection ON.
    (This indicates System restore is turned ON for the Windows drive).
  5. Click the Create button to create a new restore point. In the Name dialog, type a descriptive name... then click Create.
  6. You will get a message that the Restore Point was created successfully. Click Close.
  7. Click OK and close the System window in the Control Panel.
    < STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!


Step 2.
Did you press the Run Fix button initially after entering the entries from the code box, into OTL? If so...
A copy of an OTL fix log is saved in a text file at
:\_OTL\Moved Files
in most cases this will be C:\_OTL\Moved Files
Please see if the file is there and if so, please copy and past the contents in your next reply.

Step 3.
When you state the Virus Total scan results were "not found" do you mean the file was not found on your system or there were no viuses found after the scan?


Step 4.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. Answer my questions
  3. OTL.txt - fix scan output
  4. How is the computer behaving?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: Livid/Searchqu

Unread postby daprell » July 9th, 2011, 10:42 pm

Hello Wingman,
Please see the OTL text file below. My computer is behaving fine. The Virus total scan results said 'not found' (i.e. after I pressed the Compact button).
Thanks,
Daprell

All processes killed
========== OTL ==========
HKU\S-1-5-21-789506316-4129952747-355184729-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: "http://www.searchqu.com/web?src=ffb&systemid=406&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Users\Mel Prell\AppData\Local\Ilivid Player folder moved successfully.
File EY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] not found.
Folder EY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]\ not found.
Folder KEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]\ not found.
Folder EY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]\ not found.
File KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32] not found.
File KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS] not found.
File KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32] not found.
File KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS] not found.
Folder KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASAPI32]\ not found.
Folder KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASMANCS]\ not found.
File EY_USERS\S-1-5-21-789506316-4129952747-355184729-1004\Software\Microsoft\Internet Explorer\Main] not found.
Folder EY_USERS\S-1-5-21-789506316-4129952747-355184729-1004\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]\ not found.
File KEY_CURRENT_USER\Software\ilivid] not found.
Folder KEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files\iLivid]\ not found.
Folder KEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\C:\Program Files\iLivid]\ not found.
File KEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1.exe] not found.
File KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32] not found.
File KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS] not found.
File KEY_USERS\S-1-5-21-789506316-4129952747-355184729-1004\Software\ilivid] not found.
Folder KEY_USERS\S-1-5-21-789506316-4129952747-355184729-1004\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files\iLivid]\ not found.
Folder KEY_USERS\S-1-5-21-789506316-4129952747-355184729-1004\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\C:\Program Files\iLivid]\ not found.
File PTYTEMP] not found.
File PTYFLASH] not found.

OTL by OldTimer - Version 3.2.26.0 log created on 07092011_105331

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
daprell
Active Member
 
Posts: 10
Joined: June 29th, 2011, 7:55 am

Re: Livid/Searchqu

Unread postby Wingman » July 10th, 2011, 6:39 am

Hello daprell,

Glad your computer is working fine now. :)
I want to get a couple final scans run, to make sure there is nothing hiding in the corners and then we'll take care of some programs, that pose a security threat, when not updated.

Please do not make any changes to your system: do not add or remove any software, run any scans or "fix" programs and/or remove any files unless instructed to do so, by me. Please read these instructions carefully before executing and then perform the steps, in the order given. If you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

The steps presented in these posts are for this person and machine ONLY. Do not apply these steps to your own system, without the guidance of a trained malware removal helper. Doing so, may possibly damage your system, preventing it from starting.

Vista - Windows 7 Users - Please Note:
The programs I ask you to run need to be installed and run in Administrator Mode by... Right clicking the installation file and the executable program file & selecting: Run as Administrator. Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program. When prompted, please select: Allow. Reference: User Account Control (UAC) and Running as Administrator


Step 1.
Create a System Restore Point - W7

  1. Go to Start > Control Panel... click the System icon in the Control Panel.
  2. In the left pane click on System Protection.
  3. When the Dialog comes up, click on theSystem protection tab.
  4. Check that the drive letter where Windows is located (usually C:) indicates System protection ON.
    (This indicates System restore is turned ON for the Windows drive).
  5. Click the Create button to create a new restore point. In the Name dialog, type a descriptive name... then click Create.
  6. You will get a message that the Restore Point was created successfully. Click Close.
  7. Click OK and close the System window in the Control Panel.
    < STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!


Step 2.
Malwarebytes' Anti-Malware
  1. Please start MBAM (Malwarebytes' Anti-Malware) again.
    You must be connected to the Internet to obtain any updates.
  2. Press the Update tab.. then press the Check for Updates...button. <<---Important!
    Once any updates are installed or you get the message that you are up-to-date
  3. Press the Scanner tab...
  4. Select FULL SCAN this time... then press the Scan...button. This scan will take a while, so please be patient.
    When the scan finishes...
  5. Check all items except any items (if present) in the C:\System Volume Information folder... then click on Remove Selected.
  6. Let MBAM remove what it can... if there are files to be deleted on reboot... please reboot the machine so MBAM can finish the removal.
    If you rebooted, then you'll need to start MBAM again.
  7. Press the LOG... tab. Locate the most current log file.
    Please copy and paste the most recent log (from this new run) in your next reply.

Step 3.
ESET NOD32 Online Scan
Vista - W7 users: You will need to to right-click on the IE or FF icons on the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.
Note: If using Mozilla Firefox you will need to download "esetsmartinstaller_enu.exe" when prompted... then double click on it to install.

Please temporarily disable your Anti-virus real-time protection. If active, it could impact the online scan.
Please go to ESET Online Scanner - © ESET All Rights Reserved... to run an online scan.
** Make sure you are using an account that has Administrative privileges **
    Press the "ESET Online Scanner" button.
  1. Check the box next to "YES, I accept the Terms of Use."
  2. Click "Start"... a window will open... it may appear nothing is happening... please be patient.
  3. Click Yes... at the run ActiveX prompt. Click Install... at the install ActiveX prompt.
    Once installed, the scanner will be initialized.
  4. Click "Start". Make sure that the options:
    • Remove found threats is UNCHECKED
    • Leave the "default" settings under Advanced as they are, if not set , please check:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
  5. Click "Start"... ESET scanner will begin to download the virus signatures database.
    When the signatures have been downloaded, the scan will start automatically.
  6. Wait for the scan to finish... it may take a while... please be patient. When the scan is finished...
  7. Use Notepad to open the log file located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  8. Copy and paste the contents of log.txt in your next reply.
Remember to enable your Anti-virus protection... before continuing!

Step 4.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. MBAM scan results.
  3. ESET online scan results.
  4. How is the computer behaving?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: Livid/Searchqu

Unread postby daprell » July 11th, 2011, 5:18 am

Hi Wingman,

Please see logs below:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7069

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11/07/2011 19:49:19
mbam-log-2011-07-11 (19-49-19).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|)
Objects scanned: 299724
Time elapsed: 2 hour(s), 2 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Computer still working fine.
Thanks
daprell
Active Member
 
Posts: 10
Joined: June 29th, 2011, 7:55 am

Re: Livid/Searchqu

Unread postby Wingman » July 11th, 2011, 6:29 am

Hello daprell,

The MBAM scan looks good... the ESET scan output is incomplete...
Can you locate the current log?
Use Notepad to open the log file located at C:\Program Files\ESET\ESET Online Scanner\log.txt

In the meantime, we can update your Adobe Reader and Java software, these are out-of-date and can be a security risk when not kept up-to-date.

Please do not make any changes to your system: do not add or remove any software, run any scans or "fix" programs and/or remove any files unless instructed to do so, by me. Please read these instructions carefully before executing and then perform the steps, in the order given. If you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

The steps presented in these posts are for this person and machine ONLY. Do not apply these steps to your own system, without the guidance of a trained malware removal helper. Doing so, may possibly damage your system, preventing it from starting.

Vista - Windows 7 Users - Please Note:
The programs I ask you to run need to be installed and run in Administrator Mode by... Right clicking the installation file and the executable program file & selecting: Run as Administrator. Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program. When prompted, please select: Allow. Reference: User Account Control (UAC) and Running as Administrator


Step 1.
Create a System Restore Point - W7

  1. Go to Start > Control Panel... click the System icon in the Control Panel.
  2. In the left pane click on System Protection.
  3. When the Dialog comes up, click on theSystem protection tab.
  4. Check that the drive letter where Windows is located (usually C:) indicates System protection ON.
    (This indicates System restore is turned ON for the Windows drive).
  5. Click the Create button to create a new restore point. In the Name dialog, type a descriptive name... then click Create.
  6. You will get a message that the Restore Point was created successfully. Click Close.
  7. Click OK and close the System window in the Control Panel.
    < STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!


Step 2.
Uninstall Programs
I need you to uninstall your current version of Adobe Reader.
  1. Click on Start...then... Click the Start Search box on the Start Menu.
  2. Copy and paste the one of the values below, into the open text entry box:
    control appwiz.cpl
    or
    shell:ChangeRemoveProgramsFolder
      Depending on your current view setting ...
    • Double click on Programs and Features.
    • Under Programs, click on Uninstall a program.
  3. Locate the following program(s):
    Adobe Reader 9.4.5
  4. Select the program and click on Uninstall to uninstall it.
    Carefully read any prompts...
    Some uninstallers prompt in a way to trick you into keeping the program, sometimes, preventing them from being uninstalled again!
  5. When finished... Close the Control Panel window.

Step 3.
Update Adobe Reader
Your version (Adobe Reader 9.4.5) of Adobe Reader is out-of-date. There are serious security issues with older versions of Adobe Reader.
I'm not asking you to update any Adobe Acrobat installation... this can be quite costly. I am going to insist that you update your Adobe Reader software.
Then use the Reader for viewing PDF files... you can use the Acrobat software for your other needs.

Please download the current version of Adobe Reader...Copyright © Adobe Systems Inc.
Please UNCHECK the box for the: Free McAfee® Security Scan Plus.
  1. Click the yellow "Download now"... button. If you don't already have Adobe DLM... you may receive a prompt.
    Adobe DLM software removal instructions available here...if wanted.
  2. The Adobe installer will check your system and begin the installation process. Use the default installation parameters.
  3. When the installation is complete... Close and re-open your Internet browser.

Adobe Reader X - recommended (safety) program settings
When the program is open, click on Edit and select Preferences. In the categories below, use these settings:
  • Javascript - Uncheck Enable Acrobat Javascript.
  • Security (Enhanced) - Uncheck Automatically trust sites from my Win OS security zones.
  • Secure Trust Manager- Uncheck Allow opening of non-PDF file attachments with external applications.
An alternate to Adobe Reader, you could try the free (for personal use) Foxit-Reader. It's a smaller download and when installed, uses less resources than Adobe Reader. Note: Let me know if interested in Foxit-Reader and I will provide safe download and installation instructions.

Step 4.
Java Update Needed!
Your Java is out of date.
Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
Please follow these steps to remove older versions of Java components and update:

Attention: Print these instructions or copy them. You will be closing your browser!!

DOWNLOAD UPDATED VERSION
  1. Get the latest version of Java Runtime Environment (JRE)... © Sun Microsystems, Inc.
  2. Look for "Java SE 6 Update 26"
  3. Click the "Download JRE" button to the right.
  4. Check "Accept License Agreement "
  5. Locate the entry for Windows x86 Offline and click on the associated file name, save the file to your desktop.
<STOP> Do not install the new version of Java yet. We need to do some cleanup first!

REMOVE OLD JAVA VERSIONS
  1. Click on Start...then... Click the Start Search box on the Start Menu.
  2. Copy and paste control appwiz.cpl into the open text entry box.
      Depending on your current view setting ...
    • Double click on Programs and Features.
    • Under Programs, click on Uninstall a program.
  3. Locate the following program(s):
    Java Auto Updater
    Java(TM) 6 Update 24
  4. Select the program and click on Uninstall to uninstall it.
  5. Repeat steps 3 - 4 for each program in the list. When finished... Close the Control Panel window.

INSTALL UPDATED VERSION
  1. Close all open applications (standard), especially your browser.
  2. From desktop... Right-click on jre-6u26-windows-i586.exe select "Run As Administrator" to install the newest version.
  3. Follow the on-screen directions...when installation is completed successfully, reboot your computer normally.
  4. Once the computer has been restarted, you can delete the "downloaded" installation file from your desktop.
OPTIONAL:
To prevent some unnecessary JAVA components from running when you boot your computer each time...
  1. Go to Control Panel... click on the JAVA icon.
  2. Press the Update tab... UNCHECK "Check for Updates Automatically". (You can check for updates manually.)
      Reply "Never Check" to the warning prompt.
  3. Now press the Advanced tab. Press the [+] to expand the "Miscellaneous" options.
  4. UNCHECK "Java Quick Starter".
  5. Press Apply and OK... then close the Java Control Panel. close and exit Control Panel.

Step 5.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. ESET online scan results.
  3. Adobe and Java programs updated?
  4. How is the computer behaving?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: Livid/Searchqu

Unread postby daprell » July 14th, 2011, 5:23 am

Hi Wingman,
I have installed Adobe Reader X and Java as requested. I have checked the Eset Online Scanner file again and there is no further data in there.. Do you want me to re-run the scan?
Also noticed that Firefox is getting a bit slower than usual. It's not that big an issue just noticed a difference.
Thanks,
Daprell
daprell
Active Member
 
Posts: 10
Joined: June 29th, 2011, 7:55 am

Re: Livid/Searchqu

Unread postby Wingman » July 14th, 2011, 11:18 am

Yes, please rerun the ESET scan... post the results when done. Thanks
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 269 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware