Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Removing SearchQu.com/406

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Removing SearchQu.com/406

Unread postby Zagnificent » August 6th, 2011, 12:41 pm

I use Mozilla Firefox as my browser. This virus is resetting my homepage to searchqu.com/406, which imitates Google. I've tried running ComboFix to rid my computer of the virus, but that has been unsuccessful. Any advice would be helpful, and greatly appreciated. Below is my OTL scan:

OTL logfile created on: 8/6/2011 12:38:48 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Jameson\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.42 Gb Total Physical Memory | 1.63 Gb Available Physical Memory | 47.56% Memory free
6.84 Gb Paging File | 5.14 Gb Available in Paging File | 75.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 172.79 Gb Total Space | 71.78 Gb Free Space | 41.54% Space Free | Partition Type: NTFS
Drive D: | 115.20 Gb Total Space | 113.65 Gb Free Space | 98.66% Space Free | Partition Type: NTFS
Drive E: | 100.14 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JAMESON-MSI | User Name: Jameson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Jameson\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\AVG\AVG10\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
PRC - C:\Program Files\System Control Manager\MSIService.exe (Micro-Star International Co., Ltd.)


========== Modules (SafeList) ==========

MOD - C:\Users\Jameson\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (LMS) Intel(R) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Micro Star SCM) -- C:\Program Files\System Control Manager\MSIService.exe (Micro-Star International Co., Ltd.)


========== Driver Services (SafeList) ==========

DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\windows\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\windows\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation)
DRV - (EUCR) -- C:\windows\system32\DRIVERS\EUCR6SK.SYS (ENE Technology Inc.)
DRV - (IntcDAud) Intel(R) -- C:\Windows\System32\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV - (Impcd) -- C:\windows\system32\DRIVERS\Impcd.sys (Intel Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (HECI) Intel(R) -- C:\windows\system32\DRIVERS\HECI.sys (Intel Corporation)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (ArcSoftKsUFilter) -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/410
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Search Results"
FF - prefs.js..browser.startup.homepage: "http://www.searchqu.com/410"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:2.12.21.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=0&systemid=410&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/15 15:00:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/08/04 13:49:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/24 13:59:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/16 17:07:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/15 15:00:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{45588CC3-20A4-4565-8888-69B9E172668D}: C:\Users\Jameson\AppData\Local\{45588CC3-20A4-4565-8888-69B9E172668D}

[2011/08/02 22:54:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jameson\AppData\Roaming\Mozilla\Extensions
[2011/08/02 22:54:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jameson\AppData\Roaming\Mozilla\Firefox\Profiles\zm7543jn.default\extensions
[2011/05/13 18:42:47 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\Jameson\AppData\Roaming\Mozilla\Firefox\Profiles\zm7543jn.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2011/01/05 00:42:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jameson\AppData\Roaming\Mozilla\Firefox\Profiles\zm7543jn.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}-trash
[2011/08/02 22:54:15 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Jameson\AppData\Roaming\Mozilla\Firefox\Profiles\zm7543jn.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2011/08/02 22:54:10 | 000,002,497 | ---- | M] () -- C:\Users\Jameson\AppData\Roaming\Mozilla\Firefox\Profiles\zm7543jn.default\searchplugins\SearchResults.xml
[2011/08/02 22:54:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/28 08:03:56 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/07/24 17:52:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/03 18:42:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/06/14 07:50:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2011/08/04 13:49:13 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2011/06/24 13:59:18 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/08/02 22:54:10 | 000,002,497 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml

O1 HOSTS File: ([2011/08/06 12:23:34 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)
O4 - HKCU..\Run: [Desktop Software] C:\Program Files\Common Files\SupportSoft\bin\bcont.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Jameson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/12/03 10:47:25 | 000,000,033 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/06 12:25:44 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/08/06 12:11:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2011/08/06 12:11:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2011/08/06 12:11:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2011/08/06 12:11:13 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2011/08/06 12:08:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/06 12:06:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/06 11:58:12 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2011/08/06 11:41:39 | 000,000,000 | ---D | C] -- C:\Users\Jameson\AppData\Roaming\Malwarebytes
[2011/08/06 11:41:34 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2011/08/06 11:41:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/06 11:41:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/08/06 11:41:30 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2011/08/06 11:41:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/02 22:54:07 | 000,164,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\COMCT232.OCX
[2011/08/02 22:54:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Audio Pack
[2011/08/02 22:54:06 | 002,084,864 | ---- | C] (NCT Company Ltd.) -- C:\windows\System32\AudDesign.dll
[2011/08/02 22:54:06 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\windows\System32\AudFile.dll
[2011/08/02 22:54:06 | 001,212,416 | ---- | C] (NCT Company Ltd.) -- C:\windows\System32\AudioInfos.dll
[2011/08/02 22:54:06 | 000,479,232 | ---- | C] (NCT Company Ltd.) -- C:\windows\System32\AudioVisu.dll
[2011/08/02 22:54:06 | 000,458,752 | ---- | C] (NCT Company Ltd.) -- C:\windows\System32\AudPlayer.dll
[2011/08/02 22:54:06 | 000,454,656 | ---- | C] (NCT Company Ltd.) -- C:\windows\System32\AudioRecord.dll
[2011/08/02 22:54:06 | 000,417,792 | ---- | C] (NCT Company Ltd.) -- C:\windows\System32\AudDisplay.dll
[2011/08/02 22:54:06 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\windows\System32\WMAFile.dll
[2011/08/02 22:54:06 | 000,224,016 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\TABCTL32.OCX
[2011/08/02 22:54:06 | 000,119,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\VB6FR.DLL
[2011/08/02 22:54:06 | 000,115,920 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msinet.OCX
[2011/08/02 22:54:06 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\VB6STKIT.DLL
[2011/08/02 22:54:06 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetfr.DLL
[2011/08/02 22:54:05 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MSCOMCT2.OCX
[2011/08/02 22:54:05 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\COMDLG32.OCX
[2011/08/02 22:54:05 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MSCMCFR.DLL
[2011/08/02 22:54:05 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Mscc2fr.dll
[2011/08/02 22:54:05 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\CMDLGFR.DLL
[2011/08/02 22:54:05 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\TABCTFR.DLL
[2011/08/02 22:54:05 | 000,000,000 | ---D | C] -- C:\Users\Jameson\AppData\Roaming\FreeAudioPack
[2011/08/02 22:54:05 | 000,000,000 | ---D | C] -- C:\Program Files\Free mp3 Wma Converter
[2011/08/02 22:41:52 | 000,000,000 | ---D | C] -- C:\Users\Jameson\AppData\Roaming\Mp3 Editor For Free
[2011/08/02 22:41:44 | 002,084,864 | ---- | C] (Online Media Technologies Ltd.) -- C:\windows\System32\NCTAudioDesign2.dll
[2011/08/02 22:41:44 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\windows\System32\NCTAudioFile2.dll
[2011/08/02 22:41:44 | 001,212,416 | ---- | C] (Online Media Technologies Ltd.) -- C:\windows\System32\NCTAudioInformation2.dll
[2011/08/02 22:41:44 | 000,880,640 | ---- | C] (Online Media Technologies Ltd.) -- C:\windows\System32\NCTAudioEditor2.dll
[2011/08/02 22:41:44 | 000,835,584 | ---- | C] (NCT) -- C:\windows\System32\NCTAudioCDGrabber2.dll
[2011/08/02 22:41:44 | 000,602,112 | ---- | C] (Online Media Technologies Ltd.) -- C:\windows\System32\NCTAudioTransform2.dll
[2011/08/02 22:41:44 | 000,479,232 | ---- | C] (Online Media Technologies Ltd.) -- C:\windows\System32\NCTAudioVisualization2.dll
[2011/08/02 22:41:44 | 000,458,752 | ---- | C] (Online Media Technologies Ltd.) -- C:\windows\System32\NCTAudioRecord2.dll
[2011/08/02 22:41:44 | 000,458,752 | ---- | C] (Online Media Technologies Ltd.) -- C:\windows\System32\NCTAudioPlayer2.dll
[2011/08/02 22:41:44 | 000,417,792 | ---- | C] (Online Media Technologies Ltd.) -- C:\windows\System32\NCTTextToAudio2.dll
[2011/08/02 22:41:44 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\windows\System32\NCTWMAFile2.dll
[2011/08/02 22:41:44 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msvcr70.dll
[2011/08/02 22:41:44 | 000,000,000 | ---D | C] -- C:\Program Files\Mp3 Editor For Free
[2011/07/28 08:03:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/07/21 17:38:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/07/21 17:38:03 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/07/21 17:36:19 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/07/21 17:24:45 | 000,000,000 | ---D | C] -- C:\Users\Jameson\AppData\Local\SupportSoft
[2011/07/21 17:24:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SupportSoft
[2011/07/21 17:24:19 | 000,000,000 | ---D | C] -- C:\Program Files\ComcastUI
[2011/07/13 07:49:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/13 07:49:09 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-security-base-l1-1-0.dll
[2011/07/13 07:49:09 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-file-l1-1-0.dll
[2011/07/13 07:49:09 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2011/07/13 07:49:09 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2011/07/13 07:49:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/07/13 07:49:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2011/07/13 07:49:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2011/07/13 07:49:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2011/07/13 07:49:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2011/07/13 07:49:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2011/07/13 07:49:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/07/13 07:49:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/07/13 07:49:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2011/07/13 07:49:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2011/07/13 07:49:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2011/07/13 07:49:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-util-l1-1-0.dll
[2011/07/13 07:49:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-string-l1-1-0.dll
[2011/07/13 07:49:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/07/13 07:49:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2011/07/13 07:49:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-io-l1-1-0.dll
[2011/07/13 07:49:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2011/07/13 07:49:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2011/07/13 07:49:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/07/13 07:49:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2011/07/13 07:49:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2011/07/13 07:49:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2011/07/13 07:49:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-console-l1-1-0.dll
[2011/07/13 07:49:07 | 000,271,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\conhost.exe
[2011/07/13 07:49:07 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\winsrv.dll
[2011/07/13 07:49:03 | 002,332,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2011/07/12 11:20:54 | 000,178,536 | ---- | C] (Apple Inc.) -- C:\windows\System32\dnssdX.dll
[2011/07/12 11:20:54 | 000,083,816 | ---- | C] (Apple Inc.) -- C:\windows\System32\dns-sd.exe
[2011/07/12 11:20:54 | 000,073,064 | ---- | C] (Apple Inc.) -- C:\windows\System32\dnssd.dll
[2011/07/12 11:20:54 | 000,050,536 | ---- | C] (Apple Inc.) -- C:\windows\System32\jdns_sd.dll
[2010/08/25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\windows\System32\IGFXDEVLib.dll
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\Jameson\Desktop\*.tmp files -> C:\Users\Jameson\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/06 12:23:34 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2011/08/06 12:04:47 | 000,017,600 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/06 12:04:47 | 000,017,600 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/06 11:57:04 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/08/06 11:56:27 | 2753,769,472 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/06 11:41:34 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/06 11:26:55 | 000,624,178 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/08/06 11:26:55 | 000,106,522 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/08/06 09:46:39 | 127,161,113 | ---- | M] () -- C:\windows\System32\drivers\Avg\incavi.avm
[2011/08/05 16:41:55 | 000,000,000 | ---- | M] () -- C:\Users\Jameson\AppData\Local\prvlcl.dat
[2011/08/04 13:49:14 | 000,000,933 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/08/02 22:54:56 | 000,685,048 | ---- | M] () -- C:\Users\Jameson\Desktop\Chamillionaire - Good Morning.mp3
[2011/08/02 22:54:09 | 000,001,306 | ---- | M] () -- C:\Users\Jameson\Application Data\Microsoft\Internet Explorer\Quick Launch\Easy Audio Cutter.lnk
[2011/08/02 22:54:09 | 000,001,290 | ---- | M] () -- C:\Users\Jameson\Application Data\Microsoft\Internet Explorer\Quick Launch\Free CD Ripper.lnk
[2011/08/02 22:54:09 | 000,001,288 | ---- | M] () -- C:\Users\Jameson\Application Data\Microsoft\Internet Explorer\Quick Launch\Free Mp3 Wma Converter.lnk
[2011/08/02 22:54:07 | 000,001,264 | ---- | M] () -- C:\Users\Jameson\Desktop\Free Mp3 Wma Converter.lnk
[2011/08/02 22:41:46 | 000,001,892 | ---- | M] () -- C:\Users\Jameson\Desktop\Mp3 Editor For Free.lnk
[2011/07/28 08:03:41 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/07/28 08:00:16 | 297,551,551 | ---- | M] () -- C:\windows\MEMORY.DMP
[2011/07/21 17:38:36 | 000,001,763 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/07/14 16:31:09 | 000,443,504 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2011/07/12 11:20:54 | 000,178,536 | ---- | M] (Apple Inc.) -- C:\windows\System32\dnssdX.dll
[2011/07/12 11:20:54 | 000,083,816 | ---- | M] (Apple Inc.) -- C:\windows\System32\dns-sd.exe
[2011/07/12 11:20:54 | 000,073,064 | ---- | M] (Apple Inc.) -- C:\windows\System32\dnssd.dll
[2011/07/12 11:20:54 | 000,050,536 | ---- | M] (Apple Inc.) -- C:\windows\System32\jdns_sd.dll
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\Jameson\Desktop\*.tmp files -> C:\Users\Jameson\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/06 12:11:21 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2011/08/06 12:11:21 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2011/08/06 12:11:21 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2011/08/06 12:11:21 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2011/08/06 12:11:21 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2011/08/06 11:41:34 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/02 22:54:55 | 000,685,048 | ---- | C] () -- C:\Users\Jameson\Desktop\Chamillionaire - Good Morning.mp3
[2011/08/02 22:54:09 | 000,001,306 | ---- | C] () -- C:\Users\Jameson\Application Data\Microsoft\Internet Explorer\Quick Launch\Easy Audio Cutter.lnk
[2011/08/02 22:54:09 | 000,001,290 | ---- | C] () -- C:\Users\Jameson\Application Data\Microsoft\Internet Explorer\Quick Launch\Free CD Ripper.lnk
[2011/08/02 22:54:09 | 000,001,288 | ---- | C] () -- C:\Users\Jameson\Application Data\Microsoft\Internet Explorer\Quick Launch\Free Mp3 Wma Converter.lnk
[2011/08/02 22:54:07 | 000,001,264 | ---- | C] () -- C:\Users\Jameson\Desktop\Free Mp3 Wma Converter.lnk
[2011/08/02 22:54:05 | 000,484,352 | ---- | C] () -- C:\windows\System32\lame_enc.dll
[2011/08/02 22:41:46 | 000,001,892 | ---- | C] () -- C:\Users\Jameson\Desktop\Mp3 Editor For Free.lnk
[2011/08/02 22:41:44 | 000,116,296 | ---- | C] () -- C:\windows\System32\NCTWMAProfiles.prx
[2011/07/28 08:03:41 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/07/25 17:20:33 | 004,603,291 | ---- | C] () -- C:\Users\Jameson\Desktop\Yosemite - Error In Judgement 1.jpg
[2011/07/21 17:38:36 | 000,001,763 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/07/07 17:30:18 | 004,438,538 | ---- | C] () -- C:\Users\Jameson\Desktop\CIMG2445.JPG
[2011/05/19 17:08:11 | 000,000,120 | ---- | C] () -- C:\Users\Jameson\AppData\Local\Jniwog.dat
[2011/05/19 17:08:11 | 000,000,000 | ---- | C] () -- C:\Users\Jameson\AppData\Local\Wwegozumahohew.bin
[2010/11/20 15:05:52 | 000,000,133 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/08/15 15:00:12 | 000,023,127 | ---- | C] () -- C:\windows\hpqins15.dat
[2010/08/14 14:26:13 | 000,221,155 | ---- | C] () -- C:\windows\hpoins19.dat
[2010/08/14 14:26:13 | 000,013,898 | ---- | C] () -- C:\windows\hpomdl19.dat
[2010/07/29 21:39:16 | 000,165,376 | ---- | C] () -- C:\windows\System32\unrar.dll
[2010/07/28 21:01:14 | 000,127,868 | ---- | C] () -- C:\windows\System32\igcompkrng575.bin
[2010/07/28 21:01:12 | 000,104,796 | ---- | C] () -- C:\windows\System32\igfcg575m.bin
[2010/07/28 21:01:10 | 000,870,560 | ---- | C] () -- C:\windows\System32\igkrng575.bin
[2010/07/27 16:29:10 | 000,000,000 | ---- | C] () -- C:\Users\Jameson\AppData\Local\prvlcl.dat
[2010/07/13 19:40:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/22 15:15:43 | 000,208,896 | ---- | C] () -- C:\windows\System32\iglhsip32.dll
[2009/12/22 15:15:43 | 000,143,360 | ---- | C] () -- C:\windows\System32\iglhcp32.dll
[2009/12/22 15:15:31 | 000,000,151 | ---- | C] () -- C:\windows\System32\GfxUI.exe.config
[2009/12/22 14:51:57 | 000,361,808 | ---- | C] () -- C:\windows\EMCRI_E.dll
[2009/12/22 14:50:05 | 000,140,288 | ---- | C] () -- C:\windows\System32\igfxtvcx.dll
[2009/12/03 09:27:30 | 000,080,416 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 00:33:53 | 000,443,504 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,624,178 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,106,522 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >
Zagnificent
Active Member
 
Posts: 1
Joined: August 6th, 2011, 12:36 pm
Advertisement
Register to Remove

Re: Removing SearchQu.com/406

Unread postby LDTate » August 7th, 2011, 7:35 am

User avatar
LDTate
WTT Teacher
WTT Teacher
 
Posts: 3920
Joined: February 18th, 2005, 8:38 pm
Location: Missouri, USA

Re: Removing SearchQu.com/406

Unread postby Cypher » August 7th, 2011, 7:54 am

You are already receiving help with this problem at another forum .....

http://forums.whatthetech.com/index.php ... 119823&hl=

May I draw your attention to THIS topic, which you should have read before posting for help, and THIS where we tell you why this is not a good idea.

This topic is now closed
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 32 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware