Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

www.searchqu.com/406 Firefox/IE explorer.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

www.searchqu.com/406 Firefox/IE explorer.

Unread postby sctwigg » September 6th, 2011, 8:17 pm

I have this bug that won't go away. I also have lost the passwords saved from Firefox sync, but I don't know if this is a related issue. Would like to remove this maleware.

Here is DDS

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by StephnMarijaHome at 17:10:25 on 2011-09-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5887.4045 [GMT -7:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\PROGRA~2\Bandoo\Bandoo.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Sony\Bloggie Software\BGVolumeWatcher.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Constant Guard Protection Suite\Uninstall\uninstall.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Windows\notepad.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://xfinity.comcast.net/?cid=cgps08262011
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\IPS\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll
BHO: UrlHelper Class: {a40dc6c5-79d0-4ca8-a185-8ff989af1115} - C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: BandooIEPlugin Class: {eb5cee80-030a-4ed8-8e20-454e9c68380f} - C:\Program Files (x86)\Bandoo\Plugins\IE\ieplugin.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [AROReminder] C:\Program Files (x86)\ARO 2011\ARO.exe -rem
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [DATAMNGR] C:\PROGRA~2\WI3C8A~1\Datamngr\DATAMN~1.EXE
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\STEPHN~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\BLOGGI~1.LNK - C:\Program Files (x86)\Sony\Bloggie Software\BGVolumeWatcher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLOGGI~1.LNK - C:\Program Files (x86)\Sony\Bloggie Software\BGVolumeWatcher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 68.87.76.182 68.87.78.134
TCP: Interfaces\{D289AED4-13EC-4326-A327-709053869B8C} : DhcpNameServer = 68.87.76.182 68.87.78.134
AppInit_DLLs: c:\progra~2\wi3c8a~1\datamngr\datamngr.dll c:\progra~2\wi3c8a~1\datamngr\iebho.dll c:\progra~2\bandoo\bndhook.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll
BHO-X64: Searchqu Toolbar - No File
BHO-X64: UrlHelper Class: {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: BandooIEPlugin Class: {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files (x86)\Bandoo\Plugins\IE\ieplugin.dll
BHO-X64: Bandoo IE Plugin - No File
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun-x64: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [DATAMNGR] C:\PROGRA~2\WI3C8A~1\Datamngr\DATAMN~1.EXE
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce-x64: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
AppInit_DLLs-X64: c:\progra~2\wi3c8a~1\datamngr\datamngr.dll c:\progra~2\wi3c8a~1\datamngr\iebho.dll c:\progra~2\bandoo\bndhook.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\StephnMarijaHome\AppData\Roaming\Mozilla\Firefox\Profiles\kcqbswz7.default\
FF - prefs.js: browser.startup.homepage - hxxp://mail.aol.com/34078-111/aol-6/en- ... x/blocked/
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ff ... mid=406&q=
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: C:\Users\StephnMarijaHome\AppData\Roaming\Mozilla\Firefox\Profiles\kcqbswz7.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Sony\Bloggie Software\npsome.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\StephnMarijaHome\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110812.001\BHDrvx64.sys [2011-8-12 1151096]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110903.030_cbb\IDSviA64.sys [2011-9-3 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0501000.01D\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0501000.01D\SYMNETS.SYS [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-1-25 92216]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-9-6 366640]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe [2011-7-8 130008]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-9-6 136824]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
RUnknown GIDv2;GIDv2; [x]
S2 Ca1528av;SPCA1528 Video Camera Service;C:\Windows\system32\Drivers\Ca1528av.sys --> C:\Windows\system32\Drivers\Ca1528av.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-14 136176]
S3 Bulk1528;SPCA1528 Still Camera Service;C:\Windows\system32\Drivers\Bulk1528.sys --> C:\Windows\system32\Drivers\Bulk1528.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-14 136176]
S3 libusb0;libusb-win32 - Kernel Driver 04/08/2011 1.2.4.0;C:\Windows\system32\DRIVERS\libusb0.sys --> C:\Windows\system32\DRIVERS\libusb0.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 vjoy;vJoy Device;C:\Windows\system32\DRIVERS\vjoy.sys --> C:\Windows\system32\DRIVERS\vjoy.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-09-06 22:00:00 -------- d-----w- C:\Users\StephnMarijaHome\AppData\Roaming\Malwarebytes
2011-09-06 21:59:56 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-09-06 21:59:55 -------- d-----w- C:\ProgramData\Malwarebytes
2011-09-06 21:59:52 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-09-06 21:59:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-09-06 20:43:25 -------- d-----w- C:\Users\StephnMarijaHome\AppData\Roaming\Sammsoft
2011-09-06 20:43:01 -------- d-----w- C:\Program Files (x86)\ARO 2011
2011-09-06 20:42:33 -------- d-----w- C:\Users\StephnMarijaHome\AppData\Roaming\OpenCandy
2011-09-06 20:42:33 -------- d-----w- C:\Users\StephnMarijaHome\AppData\Local\OpenCandy
2011-09-06 20:31:49 24576 ----a-w- C:\Windows\SysWow64\msxml3a.dll
2011-09-06 20:31:49 1700352 ----a-w- C:\Windows\SysWow64\GdiPlus.dll
2011-09-06 20:18:44 -------- d-----w- C:\Windows\System32\SPReview
2011-09-06 20:16:30 -------- d-----w- C:\Windows\System32\EventProviders
2011-09-06 19:56:40 -------- d-----w- C:\ProgramData\Bandoo
2011-09-06 19:34:51 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-09-01 17:02:40 -------- d-----w- C:\Users\StephnMarijaHome\AppData\Local\{A863468E-85FB-4937-BAB9-1F26EF061217}
2011-09-01 17:02:29 -------- d-----w- C:\Users\StephnMarijaHome\AppData\Local\{AD7ACA17-C86E-4E9B-9B26-C6EACA3D086D}
2011-08-31 06:32:38 -------- d-----w- C:\Users\StephnMarijaHome\AppData\Local\{45655ECF-700A-4FCF-80F9-651B98065ED3}
2011-08-31 06:32:28 -------- d-----w- C:\Users\StephnMarijaHome\AppData\Local\{B99FF417-B7A3-4A52-B0FD-0E60F217DD6F}
2011-08-29 06:07:24 -------- d-----w- C:\Users\StephnMarijaHome\AppData\Local\{F56AF5AD-A295-4FF8-92F5-19E59EC823BF}
2011-08-29 06:07:13 -------- d-----w- C:\Users\StephnMarijaHome\AppData\Local\{55A73F7D-13BA-4D6D-9E00-B0D832982D2A}
2011-08-29 05:35:19 -------- d-----w- C:\Users\StephnMarijaHome\AppData\Roaming\AnvSoft
2011-08-29 05:35:08 -------- d-----w- C:\Program Files (x86)\AnvSoft
2011-08-29 04:20:33 -------- d-----w- C:\Users\StephnMarijaHome\AppData\Roaming\AVS4YOU
2011-08-29 04:17:16 -------- d-----w- C:\ProgramData\AVS4YOU
2011-08-29 04:17:16 -------- d-----w- C:\Program Files (x86)\Common Files\AVSMedia
2011-08-29 04:17:16 -------- d-----w- C:\Program Files (x86)\AVS4YOU
2011-08-29 02:53:21 -------- d-----w- C:\ConverterOutput
2011-08-29 02:53:11 -------- d-----w- C:\Program Files (x86)\Cucusoft
2011-08-29 01:18:27 -------- d-----w- C:\Users\StephnMarijaHome\AppData\Local\{03F7872B-3959-465A-8270-C822629EFDFA}
2011-08-29 01:18:13 -------- d-----w- C:\Users\StephnMarijaHome\AppData\Roaming\Windows Live Writer
2011-08-29 01:18:13 -------- d-----w- C:\Users\StephnMarijaHome\AppData\Local\Windows Live Writer
2011-08-28 07:23:59 -------- d-----w- C:\Users\StephnMarijaHome\AppData\Local\Apple_Inc
2011-08-28 07:17:50 -------- d-----w- C:\Users\StephnMarijaHome\AppData\Local\{CA3ECF4D-AE6A-4F48-A3D6-15C63CE3AC0A}
2011-08-28 07:17:40 -------- d-----w- C:\Users\StephnMarijaHome\AppData\Local\{0F889C1A-FDEC-41F8-B1E0-1F6C64BF48B8}
2011-08-28 07:16:53 -------- d-----w- C:\Users\StephnMarijaHome\Tracing
2011-08-28 07:08:54 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll
2011-08-28 07:08:54 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll
2011-08-28 07:08:53 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2011-08-28 07:08:53 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2011-08-28 07:03:15 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\8d1cb6801cc655011\DXSETUP.exe
2011-08-28 07:03:14 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\8d1cb6801cc655011\DSETUP.dll
2011-08-28 07:03:14 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\8d1cb6801cc655011\dsetup32.dll
2011-08-28 07:03:08 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\891538001cc655010\DSETUP.dll
2011-08-28 07:03:08 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\891538001cc655010\DXSETUP.exe
2011-08-28 07:03:08 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\891538001cc655010\dsetup32.dll
2011-08-28 07:01:10 -------- d-----w- C:\Users\StephnMarijaHome\AppData\Local\Windows Live
2011-08-28 04:30:51 -------- d-----w- C:\Users\StephnMarijaHome\AppData\Roaming\GetRightToGo
2011-08-28 03:32:35 -------- d-----w- C:\Users\StephnMarijaHome\AppData\Local\Apple Computer
2011-08-28 03:31:56 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-08-28 03:31:56 -------- d-----w- C:\Program Files\iTunes
2011-08-28 03:31:56 -------- d-----w- C:\Program Files\iPod
2011-08-28 03:31:56 -------- d-----w- C:\Program Files (x86)\iTunes
2011-08-28 03:31:17 -------- d-----w- C:\Program Files\Bonjour
2011-08-28 03:31:17 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-08-27 16:51:19 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2011-08-27 05:08:40 912504 ----a-w- C:\Windows\System32\drivers\N360x64\0501000.01D\symefa64.sys
2011-08-27 05:08:40 744568 ----a-w- C:\Windows\System32\drivers\N360x64\0501000.01D\srtsp64.sys
2011-08-27 05:08:40 450680 ----a-w- C:\Windows\System32\drivers\N360x64\0501000.01D\symds64.sys
2011-08-27 05:08:40 40568 ----a-w- C:\Windows\System32\drivers\N360x64\0501000.01D\srtspx64.sys
2011-08-27 05:08:40 382584 ----a-w- C:\Windows\System32\drivers\N360x64\0501000.01D\symnets.sys
2011-08-27 05:08:40 171128 ----a-r- C:\Windows\System32\drivers\N360x64\0501000.01D\ironx64.sys
2011-08-27 04:07:32 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2011-08-27 04:07:03 -------- d-----w- C:\Program Files (x86)\Norton Security Suite
2011-08-27 04:06:58 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2011-08-27 03:56:54 -------- d-----w- C:\Users\StephnMarijaHome\AppData\Local\ID Vault
2011-08-27 03:56:54 -------- d-----w- C:\ProgramData\IsolatedStorage
2011-08-27 03:55:15 -------- d-----w- C:\Users\StephnMarijaHome\AppData\Roaming\ID Vault
2011-08-27 03:54:47 29288 ----a-w- C:\Windows\System32\drivers\gidv2.remove
2011-08-27 03:54:46 65816 ----a-w- C:\Windows\System32\GIDLogonCP64.dll.remove
2011-08-27 03:54:46 446752 ----a-w- C:\Windows\System32\GIDHookLogon64.dll.remove
2011-08-27 03:54:45 467224 ----a-w- C:\Windows\System32\GIDHOOK64.DLL.remove
2011-08-27 03:54:45 206608 ----a-w- C:\Windows\System32\GIDBIN1.DLL.remove
2011-08-27 03:54:45 109064 ----a-w- C:\Windows\System32\EasyHook64.dll.remove
2011-08-27 03:54:45 102160 ----a-w- C:\Windows\System32\GIDBIN3.DLL.remove
2011-08-27 03:54:02 -------- d-----w- C:\Program Files (x86)\Constant Guard Protection Suite
2011-08-27 03:53:44 -------- d-----w- C:\ProgramData\White Sky, Inc
2011-08-27 03:45:05 -------- d-sh--w- C:\found.000
2011-08-24 06:51:31 -------- d-----w- C:\Program Files (x86)\SDA
2011-08-24 06:50:57 -------- d-----w- C:\Users\StephnMarijaHome\AppData\Local\Downloaded Installations
2011-08-24 05:31:04 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-08-24 05:31:04 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-08-23 23:47:14 476904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-08-23 23:47:14 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-08-18 07:11:42 -------- d-----w- C:\Users\StephnMarijaHome\AppData\Local\NPE
2011-08-15 18:00:11 2401112 ----a-w- C:\Windows\System32\D3DX9_43.dll
2011-08-15 18:00:11 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll
2011-08-15 17:59:50 -------- d-----w- C:\Users\StephnMarijaHome\AppData\Local\Sony Corporation
2011-08-15 17:59:15 -------- d-----w- C:\Program Files (x86)\Sony
2011-08-15 17:58:24 -------- d-----w- C:\ProgramData\Sony Corporation
2011-08-11 16:46:49 -------- d-----w- C:\Users\StephnMarijaHome\AppData\Roaming\Bandoo
2011-08-10 04:36:42 -------- d-----w- C:\Users\StephnMarijaHome\AppData\Local\CrashDumps
2011-08-10 02:57:42 75200 ----a-w- C:\Windows\System32\libusb0.dll
2011-08-10 02:57:42 67008 ----a-w- C:\Windows\SysWow64\libusb0.dll
2011-08-10 02:57:42 44480 ----a-w- C:\Windows\System32\drivers\libusb0.sys
.
==================== Find3M ====================
.
2011-09-06 20:30:08 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-09-06 20:30:08 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-08-11 16:33:13 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-12 18:34:00 96104 ----a-w- C:\Windows\System32\dns-sd.exe
2011-07-12 18:34:00 85864 ----a-w- C:\Windows\System32\dnssd.dll
2011-07-12 18:34:00 61288 ----a-w- C:\Windows\System32\jdns_sd.dll
2011-07-12 18:34:00 212840 ----a-w- C:\Windows\System32\dnssdX.dll
2011-07-12 18:20:54 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-07-12 18:20:54 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-07-12 18:20:54 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
2011-07-12 18:20:54 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll
2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-07-06 01:37:00 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-07-06 01:37:00 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2011-06-27 05:07:24 12288 ----a-w- C:\Windows\System32\drivers\vjoy.sys
2011-06-24 05:34:53 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-06-24 05:25:49 338432 ----a-w- C:\Windows\System32\conhost.exe
2011-06-23 05:43:12 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-06-23 04:33:57 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-06-23 04:33:57 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-06-21 06:34:00 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-06-15 10:02:23 212992 ----a-w- C:\Windows\System32\odbctrac.dll
2011-06-15 10:02:23 163840 ----a-w- C:\Windows\System32\odbccp32.dll
2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccu32.dll
2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccr32.dll
2011-06-15 08:55:19 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll
2011-06-15 08:55:19 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll
2011-06-15 08:55:19 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll
2011-06-15 08:55:19 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll
2011-06-15 08:55:19 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll
2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 17:11:04.65 ===============


Here is Attach txt DDS

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/24/2010 8:11:00 PM
System Uptime: 9/6/2011 3:14:03 PM (2 hours ago)
.
Motherboard: PEGATRON CORPORATION | | VIOLET6
Processor: AMD Athlon(tm) II X4 620 Processor | CPU 1 | 2600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 921 GiB total, 731.143 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.532 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP84: 9/6/2011 1:18:32 PM - Windows 7 Service Pack 1
RP85: 9/6/2011 1:42:45 PM - ARO 2011 - Before Installation
RP86: 9/6/2011 1:43:29 PM - ARO 2011 - FIRST RUN
RP87: 9/6/2011 2:03:58 PM - ARO 2011 Tue, Sep 06, 11 14:03
.
==== Installed Programs ======================
.
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.0)
Any Video Converter Professional 3.2.7
Apple Application Support
Apple Software Update
ARO 2011
Bandoo
Bloggie Software
Compatibility Pack for the 2007 Office system
Constant Guard Protection Suite
CyberLink DVD Suite Deluxe
DirectX for Managed Code Update (Summer 2004)
DVD Menu Pack for HP MediaSmart Video
Google Chrome
Google Update Helper
HP Advisor
HP Customer Experience Enhancements
HP Games
HP MediaSmart Demo
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP MediaSmart/TouchSmart Netflix
HP Odometer
HP Remote Solution
HP Setup
HP Support Assistant
HP Support Information
HP Update
HPAsset component for HP Active Support Library
Hulu Desktop
iLivid
Java Auto Updater
Java(TM) 6 Update 26
Junk Mail filter update
LabelPrint
LightScribe System Software
Malwarebytes' Anti-Malware version 1.51.1.1800
McAfee Security Scan Plus
Microsoft Choice Guard
Microsoft Live Search Toolbar
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Movie Theme Pack for HP MediaSmart Video
Mozilla Firefox 6.0 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton Online Backup
Norton Security Suite
Octoshape add-in for Adobe Flash Player
PictureMover
Power2Go
PowerDirector
QuickTime
RealFlight G5 R/C Simulator
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Recovery Manager
Safari
SDFormatter
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
SPCA1528 PC Driver
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Windows iLivid Toolbar
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
WinRAR 4.01 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
9/6/2011 2:48:42 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer MARIJA-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{D289AED4-13EC-4326-A327-709053869B8C}. The master browser is stopping or an election is being forced.
9/6/2011 2:28:34 PM, Error: Service Control Manager [7000] - The SPCA1528 Video Camera Service service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
9/6/2011 1:40:00 PM, Error: NetBT [4319] - A duplicate name has been detected on the TCP network. The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.
9/6/2011 1:13:02 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
9/6/2011 1:11:17 PM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..
9/2/2011 9:37:28 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
9/2/2011 9:32:27 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the CGPS Service service to connect.
9/2/2011 9:32:27 PM, Error: Service Control Manager [7000] - The CGPS Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

Thank you,

Steve
sctwigg
Active Member
 
Posts: 1
Joined: September 6th, 2011, 8:02 pm
Advertisement
Register to Remove

Re: www.searchqu.com/406 Firefox/IE explorer.

Unread postby Dakeyras » September 8th, 2011, 8:13 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.

Hi and welcome to Malware Removal. :)

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Windows 7 Advice:

All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator.

The Operating System in use comes with a inbuilt utility called User Access Control(UAC) when prompted by this with anything I ask you to do carry out please select the option Allow.

Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Next:

Now please go to Start(Windows 7 Orb) >> Control Panel >> Programs and Features and remove the following (if present):

ARO 2011 <-- I personally deem this a rogue application plus has the capacity to turn your machine into a expensive doorstop!
Bandoo
iLivid
Java(TM) 6 Update 26 <-- We will update this in due course.
Windows iLivid Toolbar

To do so click once on each of the above to highlight then click on Uninstall/Change and follow the prompts.

Note: Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into keeping the program.

Next:

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2

  • Right-click on SystemLook.exe and select Run as Administrator.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *ARO 2011*
    *Bandoo*
    *Fun4IM*
    *iLivid*
    *Searchqu*
    *whitesmoke*
    
    :folderfind
    *ARO 2011*
    *Bandoo*
    *Fun4IM*
    *iLivid*
    *Searchqu*
    *whitesmoke*
    
    :Regfind
    ARO 2011
    Bandoo
    Fun4IM
    iLivid
    Searchqu
    whitesmoke
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Scan with OTL:

Please download OTL and save it to your Desktop.

Alternate downloads are here and here.

  • Right-click on OTL.exe and select Run as Administrator to start OTL.
  • Ensure Include 64bit Scans is selected.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • SystemLook Log.
  • Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: www.searchqu.com/406 Firefox/IE explorer.

Unread postby Cypher » September 11th, 2011, 3:28 pm

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 31 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware