Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Searchqu hijacks mozilla start page search

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Searchqu hijacks mozilla start page search

Unread postby jkball » October 31st, 2011, 8:22 am

SystemLook 30.07.11 by jpshortstuff
Log created at 08:13 on 31/10/2011 by Joey
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
C:\_OTL\MovedFiles\10262011_180154\C_Users\Joey\AppData\Local\Temp\BandooV6.exe --a---- 7258288 bytes [02:17 02/09/2011] [02:17 02/09/2011] 71D31A92472BD1C2D0001BC417CB6EEA
C:\_OTL\MovedFiles\10262011_180154\C_Windows\SysWOW64\Macromed\Flash\FlashPlayerTrust\Bandoo.cfg --a---- 43 bytes [02:17 02/09/2011] [02:17 02/09/2011] EA3CD845938769CCCA7D45EE01AE8CE6

Searching for "*Searchqu*"
C:\_OTL\MovedFiles\10262011_180154\C_Users\Joey\AppData\Local\Temp\searchqu.ini --a---- 413 bytes [02:14 02/09/2011] [02:14 02/09/2011] 34EBFC0B18CA3F20847EEB5448456120
C:\_OTL\MovedFiles\10262011_180154\C_Users\Joey\AppData\Local\Temp\searchqutoolbar-manifest.xml --a---- 9422 bytes [12:30 31/05/2011] [12:30 31/05/2011] B3FE09D2AB12FDF1657D1210E6332FD1
C:\_OTL\MovedFiles\10262011_180154\C_Users\Joey\AppData\Local\Temp\SetupDataMngr_Searchqu.exe --a---- 3616120 bytes [02:15 02/09/2011] [02:15 02/09/2011] 7CF4F9EC7CCE12B53CAEBAC328B7C272

Searching for "*iLivid*"
C:\_OTL\MovedFiles\10262011_180154\C_Users\Joey\AppData\Local\Temp\ilivid.7z --a---- 901399 bytes [02:15 02/09/2011] [02:15 02/09/2011] B38425304D8D2AAA300A7ECC2F9741BC

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
C:\_OTL\MovedFiles\10262011_180154\C_Users\Joey\AppData\Local\Temp\SetupDataMngr_Searchqu.exe --a---- 3616120 bytes [02:15 02/09/2011] [02:15 02/09/2011] 7CF4F9EC7CCE12B53CAEBAC328B7C272

Searching for "*trolltech*"
No files found.

Searching for "*SweetIM*"
No files found.

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
C:\_OTL\MovedFiles\10262011_180154\C_Users\Joey\AppData\LocalLow\Bandoo d------ [02:17 02/09/2011]

Searching for "*Searchqu*"
C:\_OTL\MovedFiles\10262011_180154\C_Users\Joey\AppData\LocalLow\searchquband d------ [16:19 06/09/2011]

Searching for "*iLivid*"
C:\_OTL\MovedFiles\10262011_180154\C_Users\Joey\AppData\Local\Ilivid Player d------ [02:17 02/09/2011]

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
C:\_OTL\MovedFiles\10262011_180154\C_Users\Joey\AppData\LocalLow\DataMngr d------ [16:19 06/09/2011]

Searching for "*trolltech*"
No folders found.

Searching for "*SweetIM*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "iLivid"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
No data found.

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
No data found.

Searching for "SweetIM"
No data found.

-= EOF =-
jkball
Regular Member
 
Posts: 22
Joined: October 23rd, 2011, 3:33 pm
Advertisement
Register to Remove

Re: Searchqu hijacks mozilla start page search

Unread postby jkball » October 31st, 2011, 8:29 am

No threats found but here is the log just in case,
08:24:19.0182 5944 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01
08:24:21.0187 5944 ============================================================
08:24:21.0187 5944 Current date / time: 2011/10/31 08:24:21.0187
08:24:21.0187 5944 SystemInfo:
08:24:21.0187 5944
08:24:21.0188 5944 OS Version: 6.1.7601 ServicePack: 1.0
08:24:21.0188 5944 Product type: Workstation
08:24:21.0188 5944 ComputerName: JOEY-PC
08:24:21.0188 5944 UserName: Joey
08:24:21.0188 5944 Windows directory: C:\windows
08:24:21.0188 5944 System windows directory: C:\windows
08:24:21.0188 5944 Running under WOW64
08:24:21.0188 5944 Processor architecture: Intel x64
08:24:21.0188 5944 Number of processors: 4
08:24:21.0188 5944 Page size: 0x1000
08:24:21.0188 5944 Boot type: Normal boot
08:24:21.0188 5944 ============================================================
08:24:21.0979 5944 Initialize success
08:24:57.0481 3932 ============================================================
08:24:57.0481 3932 Scan started
08:24:57.0481 3932 Mode: Manual;
08:24:57.0481 3932 ============================================================
08:24:57.0818 3932 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
08:24:57.0841 3932 1394ohci - ok
08:24:57.0956 3932 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
08:24:57.0962 3932 ACPI - ok
08:24:58.0098 3932 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
08:24:58.0116 3932 AcpiPmi - ok
08:24:58.0247 3932 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
08:24:58.0256 3932 adp94xx - ok
08:24:58.0363 3932 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
08:24:58.0370 3932 adpahci - ok
08:24:58.0468 3932 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
08:24:58.0472 3932 adpu320 - ok
08:24:58.0602 3932 AFD (d5b031c308a409a0a576bff4cf083d30) C:\windows\system32\drivers\afd.sys
08:24:58.0612 3932 AFD - ok
08:24:58.0734 3932 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\windows\system32\DRIVERS\agrsm64.sys
08:24:58.0754 3932 AgereSoftModem - ok
08:24:58.0851 3932 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
08:24:58.0871 3932 agp440 - ok
08:24:58.0988 3932 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
08:24:58.0990 3932 aliide - ok
08:24:59.0116 3932 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
08:24:59.0118 3932 amdide - ok
08:24:59.0228 3932 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
08:24:59.0231 3932 AmdK8 - ok
08:24:59.0329 3932 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
08:24:59.0332 3932 AmdPPM - ok
08:24:59.0428 3932 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
08:24:59.0432 3932 amdsata - ok
08:24:59.0542 3932 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
08:24:59.0547 3932 amdsbs - ok
08:24:59.0644 3932 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
08:24:59.0647 3932 amdxata - ok
08:24:59.0741 3932 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
08:24:59.0745 3932 AppID - ok
08:24:59.0904 3932 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
08:24:59.0907 3932 arc - ok
08:25:00.0009 3932 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
08:25:00.0012 3932 arcsas - ok
08:25:00.0123 3932 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
08:25:00.0124 3932 AsyncMac - ok
08:25:00.0209 3932 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
08:25:00.0211 3932 atapi - ok
08:25:00.0363 3932 athr (e857eee6b92aaa473ebb3465add8f7e7) C:\windows\system32\DRIVERS\athrx.sys
08:25:00.0386 3932 athr - ok
08:25:00.0527 3932 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
08:25:00.0555 3932 b06bdrv - ok
08:25:00.0645 3932 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
08:25:00.0652 3932 b57nd60a - ok
08:25:00.0756 3932 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
08:25:00.0757 3932 Beep - ok
08:25:00.0982 3932 BHDrvx64 (cd0ecb395666fc9ae23d7381e9e3370d) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20111014.001\BHDrvx64.sys
08:25:01.0002 3932 BHDrvx64 - ok
08:25:01.0108 3932 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
08:25:01.0111 3932 blbdrive - ok
08:25:01.0255 3932 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
08:25:01.0276 3932 bowser - ok
08:25:01.0373 3932 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
08:25:01.0374 3932 BrFiltLo - ok
08:25:01.0470 3932 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
08:25:01.0471 3932 BrFiltUp - ok
08:25:01.0584 3932 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
08:25:01.0591 3932 Brserid - ok
08:25:01.0697 3932 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
08:25:01.0699 3932 BrSerWdm - ok
08:25:01.0800 3932 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
08:25:01.0801 3932 BrUsbMdm - ok
08:25:01.0900 3932 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
08:25:01.0902 3932 BrUsbSer - ok
08:25:01.0999 3932 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
08:25:02.0002 3932 BTHMODEM - ok
08:25:02.0048 3932 catchme - ok
08:25:02.0133 3932 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
08:25:02.0137 3932 cdfs - ok
08:25:02.0247 3932 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
08:25:02.0251 3932 cdrom - ok
08:25:02.0367 3932 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
08:25:02.0369 3932 circlass - ok
08:25:02.0447 3932 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
08:25:02.0454 3932 CLFS - ok
08:25:02.0578 3932 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
08:25:02.0580 3932 CmBatt - ok
08:25:02.0683 3932 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
08:25:02.0700 3932 cmdide - ok
08:25:02.0799 3932 CNG (d5fea92400f12412b3922087c09da6a5) C:\windows\system32\Drivers\cng.sys
08:25:02.0807 3932 CNG - ok
08:25:02.0923 3932 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
08:25:02.0925 3932 Compbatt - ok
08:25:03.0042 3932 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
08:25:03.0044 3932 CompositeBus - ok
08:25:03.0142 3932 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
08:25:03.0144 3932 crcdisk - ok
08:25:03.0275 3932 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
08:25:03.0279 3932 DfsC - ok
08:25:03.0391 3932 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
08:25:03.0393 3932 discache - ok
08:25:03.0500 3932 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
08:25:03.0522 3932 Disk - ok
08:25:03.0637 3932 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
08:25:03.0640 3932 drmkaud - ok
08:25:03.0760 3932 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
08:25:03.0777 3932 DXGKrnl - ok
08:25:03.0962 3932 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
08:25:04.0055 3932 ebdrv - ok
08:25:04.0130 3932 eeCtrl (5e3a50930447f464c66032e05a4632f5) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
08:25:04.0139 3932 eeCtrl - ok
08:25:04.0259 3932 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
08:25:04.0269 3932 elxstor - ok
08:25:04.0404 3932 EraserUtilRebootDrv (dcb76ecc6b50a266fdc16e1963ab98ce) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
08:25:04.0408 3932 EraserUtilRebootDrv - ok
08:25:04.0501 3932 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
08:25:04.0504 3932 ErrDev - ok
08:25:04.0616 3932 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
08:25:04.0622 3932 exfat - ok
08:25:04.0714 3932 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
08:25:04.0719 3932 fastfat - ok
08:25:04.0829 3932 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
08:25:04.0831 3932 fdc - ok
08:25:04.0933 3932 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
08:25:04.0946 3932 FileInfo - ok
08:25:05.0041 3932 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
08:25:05.0044 3932 Filetrace - ok
08:25:05.0137 3932 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
08:25:05.0138 3932 flpydisk - ok
08:25:05.0265 3932 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
08:25:05.0272 3932 FltMgr - ok
08:25:05.0367 3932 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
08:25:05.0370 3932 FsDepends - ok
08:25:05.0458 3932 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
08:25:05.0461 3932 Fs_Rec - ok
08:25:05.0572 3932 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
08:25:05.0577 3932 fvevol - ok
08:25:05.0666 3932 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\windows\system32\DRIVERS\FwLnk.sys
08:25:05.0669 3932 FwLnk - ok
08:25:05.0761 3932 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
08:25:05.0764 3932 gagp30kx - ok
08:25:05.0850 3932 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
08:25:05.0852 3932 GEARAspiWDM - ok
08:25:05.0952 3932 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
08:25:05.0954 3932 hcw85cir - ok
08:25:06.0082 3932 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
08:25:06.0108 3932 HdAudAddService - ok
08:25:06.0214 3932 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
08:25:06.0218 3932 HDAudBus - ok
08:25:06.0307 3932 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys
08:25:06.0310 3932 HECIx64 - ok
08:25:06.0405 3932 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
08:25:06.0407 3932 HidBatt - ok
08:25:06.0503 3932 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
08:25:06.0506 3932 HidBth - ok
08:25:06.0603 3932 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
08:25:06.0605 3932 HidIr - ok
08:25:06.0706 3932 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
08:25:06.0707 3932 HidUsb - ok
08:25:06.0818 3932 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
08:25:06.0821 3932 HpSAMD - ok
08:25:06.0952 3932 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
08:25:06.0965 3932 HTTP - ok
08:25:07.0059 3932 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
08:25:07.0061 3932 hwpolicy - ok
08:25:07.0171 3932 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys
08:25:07.0175 3932 i8042prt - ok
08:25:07.0278 3932 iaStor (631fa8935163b01fc0c02966cb3adb92) C:\windows\system32\DRIVERS\iaStor.sys
08:25:07.0285 3932 iaStor - ok
08:25:07.0410 3932 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
08:25:07.0419 3932 iaStorV - ok
08:25:07.0632 3932 IDSVia64 (0b97f1a640ad3d159a7b5d2164c42e50) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20111028.030\IDSvia64.sys
08:25:07.0642 3932 IDSVia64 - ok
08:25:07.0955 3932 igfx (0372c154226f7074cd150f475a4870a6) C:\windows\system32\DRIVERS\igdkmd64.sys
08:25:08.0164 3932 igfx - ok
08:25:08.0254 3932 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
08:25:08.0257 3932 iirsp - ok
08:25:08.0343 3932 Impcd (36fdf367a1dabff903e2214023d71368) C:\windows\system32\DRIVERS\Impcd.sys
08:25:08.0347 3932 Impcd - ok
08:25:08.0501 3932 IntcAzAudAddService (450bec18b45bccfdc923e11f856dbda7) C:\windows\system32\drivers\RTKVHD64.sys
08:25:08.0576 3932 IntcAzAudAddService - ok
08:25:08.0683 3932 IntcDAud (408b401cd7cdb075c7470b0ff7ba8d0b) C:\windows\system32\DRIVERS\IntcDAud.sys
08:25:08.0689 3932 IntcDAud - ok
08:25:08.0782 3932 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
08:25:08.0802 3932 intelide - ok
08:25:08.0910 3932 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
08:25:08.0912 3932 intelppm - ok
08:25:09.0017 3932 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
08:25:09.0020 3932 IpFilterDriver - ok
08:25:09.0108 3932 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
08:25:09.0111 3932 IPMIDRV - ok
08:25:09.0203 3932 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
08:25:09.0220 3932 IPNAT - ok
08:25:09.0334 3932 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
08:25:09.0336 3932 IRENUM - ok
08:25:09.0436 3932 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
08:25:09.0438 3932 isapnp - ok
08:25:09.0548 3932 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
08:25:09.0555 3932 iScsiPrt - ok
08:25:09.0656 3932 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\drivers\kbdclass.sys
08:25:09.0659 3932 kbdclass - ok
08:25:09.0747 3932 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
08:25:09.0749 3932 kbdhid - ok
08:25:09.0848 3932 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\windows\system32\Drivers\ksecdd.sys
08:25:09.0851 3932 KSecDD - ok
08:25:09.0954 3932 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\windows\system32\Drivers\ksecpkg.sys
08:25:09.0958 3932 KSecPkg - ok
08:25:10.0055 3932 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
08:25:10.0069 3932 ksthunk - ok
08:25:10.0194 3932 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
08:25:10.0196 3932 lltdio - ok
08:25:10.0342 3932 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
08:25:10.0346 3932 LSI_FC - ok
08:25:10.0443 3932 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
08:25:10.0447 3932 LSI_SAS - ok
08:25:10.0546 3932 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
08:25:10.0549 3932 LSI_SAS2 - ok
08:25:10.0648 3932 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
08:25:10.0652 3932 LSI_SCSI - ok
08:25:10.0739 3932 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
08:25:10.0743 3932 luafv - ok
08:25:10.0829 3932 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
08:25:10.0831 3932 megasas - ok
08:25:10.0920 3932 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
08:25:10.0927 3932 MegaSR - ok
08:25:11.0040 3932 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
08:25:11.0043 3932 Modem - ok
08:25:11.0061 3932 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
08:25:11.0061 3932 monitor - ok
08:25:11.0162 3932 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
08:25:11.0164 3932 mouclass - ok
08:25:11.0259 3932 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
08:25:11.0260 3932 mouhid - ok
08:25:11.0316 3932 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
08:25:11.0319 3932 mountmgr - ok
08:25:11.0398 3932 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
08:25:11.0403 3932 mpio - ok
08:25:11.0484 3932 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
08:25:11.0487 3932 mpsdrv - ok
08:25:11.0579 3932 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
08:25:11.0584 3932 MRxDAV - ok
08:25:11.0687 3932 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
08:25:11.0692 3932 mrxsmb - ok
08:25:11.0778 3932 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
08:25:11.0785 3932 mrxsmb10 - ok
08:25:11.0882 3932 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
08:25:11.0887 3932 mrxsmb20 - ok
08:25:11.0976 3932 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
08:25:11.0977 3932 msahci - ok
08:25:12.0078 3932 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
08:25:12.0083 3932 msdsm - ok
08:25:12.0182 3932 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
08:25:12.0184 3932 Msfs - ok
08:25:12.0273 3932 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
08:25:12.0275 3932 mshidkmdf - ok
08:25:12.0367 3932 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
08:25:12.0384 3932 msisadrv - ok
08:25:12.0493 3932 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
08:25:12.0495 3932 MSKSSRV - ok
08:25:12.0580 3932 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
08:25:12.0602 3932 MSPCLOCK - ok
08:25:12.0691 3932 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
08:25:12.0694 3932 MSPQM - ok
08:25:12.0796 3932 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
08:25:12.0803 3932 MsRPC - ok
08:25:12.0860 3932 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
08:25:12.0861 3932 mssmbios - ok
08:25:12.0962 3932 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
08:25:12.0964 3932 MSTEE - ok
08:25:13.0047 3932 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
08:25:13.0049 3932 MTConfig - ok
08:25:13.0138 3932 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
08:25:13.0140 3932 Mup - ok
08:25:13.0251 3932 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
08:25:13.0273 3932 NativeWifiP - ok
08:25:13.0420 3932 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20111030.005\ENG64.SYS
08:25:13.0424 3932 NAVENG - ok
08:25:13.0627 3932 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20111030.005\EX64.SYS
08:25:13.0659 3932 NAVEX15 - ok
08:25:13.0796 3932 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
08:25:13.0811 3932 NDIS - ok
08:25:13.0911 3932 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
08:25:13.0914 3932 NdisCap - ok
08:25:14.0004 3932 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
08:25:14.0005 3932 NdisTapi - ok
08:25:14.0103 3932 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
08:25:14.0105 3932 Ndisuio - ok
08:25:14.0191 3932 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
08:25:14.0196 3932 NdisWan - ok
08:25:14.0300 3932 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
08:25:14.0303 3932 NDProxy - ok
08:25:14.0393 3932 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
08:25:14.0396 3932 NetBIOS - ok
08:25:14.0492 3932 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
08:25:14.0498 3932 NetBT - ok
08:25:14.0601 3932 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
08:25:14.0604 3932 nfrd960 - ok
08:25:14.0712 3932 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
08:25:14.0714 3932 Npfs - ok
08:25:14.0799 3932 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
08:25:14.0801 3932 nsiproxy - ok
08:25:14.0937 3932 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
08:25:14.0963 3932 Ntfs - ok
08:25:15.0045 3932 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
08:25:15.0047 3932 Null - ok
08:25:15.0149 3932 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
08:25:15.0154 3932 nvraid - ok
08:25:15.0261 3932 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
08:25:15.0266 3932 nvstor - ok
08:25:15.0373 3932 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
08:25:15.0390 3932 nv_agp - ok
08:25:15.0493 3932 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
08:25:15.0496 3932 ohci1394 - ok
08:25:15.0646 3932 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
08:25:15.0649 3932 Parport - ok
08:25:15.0743 3932 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
08:25:15.0746 3932 partmgr - ok
08:25:15.0836 3932 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
08:25:15.0841 3932 pci - ok
08:25:15.0939 3932 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
08:25:15.0941 3932 pciide - ok
08:25:16.0028 3932 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
08:25:16.0053 3932 pcmcia - ok
08:25:16.0141 3932 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
08:25:16.0144 3932 pcw - ok
08:25:16.0236 3932 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
08:25:16.0248 3932 PEAUTH - ok
08:25:16.0371 3932 PGEffect (663962900e7fea522126ba287715bb4a) C:\windows\system32\DRIVERS\pgeffect.sys
08:25:16.0385 3932 PGEffect - ok
08:25:16.0511 3932 Point64 (33328fa8a580885ab0065be6db266e9f) C:\windows\system32\DRIVERS\point64.sys
08:25:16.0514 3932 Point64 - ok
08:25:16.0636 3932 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
08:25:16.0639 3932 PptpMiniport - ok
08:25:16.0749 3932 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
08:25:16.0751 3932 Processor - ok
08:25:16.0925 3932 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
08:25:16.0927 3932 Psched - ok
08:25:17.0106 3932 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
08:25:17.0131 3932 ql2300 - ok
08:25:17.0229 3932 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
08:25:17.0233 3932 ql40xx - ok
08:25:17.0263 3932 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
08:25:17.0266 3932 QWAVEdrv - ok
08:25:17.0355 3932 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
08:25:17.0357 3932 RasAcd - ok
08:25:17.0426 3932 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
08:25:17.0429 3932 RasAgileVpn - ok
08:25:17.0513 3932 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
08:25:17.0517 3932 Rasl2tp - ok
08:25:17.0616 3932 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
08:25:17.0620 3932 RasPppoe - ok
08:25:17.0649 3932 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
08:25:17.0652 3932 RasSstp - ok
08:25:17.0762 3932 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
08:25:17.0769 3932 rdbss - ok
08:25:17.0906 3932 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
08:25:17.0909 3932 rdpbus - ok
08:25:18.0012 3932 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
08:25:18.0013 3932 RDPCDD - ok
08:25:18.0120 3932 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
08:25:18.0121 3932 RDPENCDD - ok
08:25:18.0208 3932 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
08:25:18.0210 3932 RDPREFMP - ok
08:25:18.0312 3932 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\windows\system32\drivers\RDPWD.sys
08:25:18.0335 3932 RDPWD - ok
08:25:18.0440 3932 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
08:25:18.0446 3932 rdyboost - ok
08:25:18.0553 3932 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
08:25:18.0556 3932 rspndr - ok
08:25:18.0671 3932 RSUSBSTOR (a48f861547fdd1d68201c9216acfe6dc) C:\windows\system32\Drivers\RtsUStor.sys
08:25:18.0675 3932 RSUSBSTOR - ok
08:25:18.0769 3932 RTL8167 (16d4e350420baa7e63e16e3fc033e1f5) C:\windows\system32\DRIVERS\Rt64win7.sys
08:25:18.0778 3932 RTL8167 - ok
08:25:18.0902 3932 rtl8192se (7475548b0ba58eba4d12414fc9e9dfe6) C:\windows\system32\DRIVERS\rtl8192se.sys
08:25:18.0921 3932 rtl8192se - ok
08:25:19.0044 3932 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
08:25:19.0047 3932 sbp2port - ok
08:25:19.0151 3932 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
08:25:19.0153 3932 scfilter - ok
08:25:19.0264 3932 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
08:25:19.0266 3932 secdrv - ok
08:25:19.0378 3932 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
08:25:19.0379 3932 Serenum - ok
08:25:19.0474 3932 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
08:25:19.0478 3932 Serial - ok
08:25:19.0584 3932 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
08:25:19.0587 3932 sermouse - ok
08:25:19.0699 3932 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
08:25:19.0701 3932 sffdisk - ok
08:25:19.0799 3932 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
08:25:19.0801 3932 sffp_mmc - ok
08:25:19.0896 3932 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
08:25:19.0899 3932 sffp_sd - ok
08:25:19.0985 3932 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
08:25:19.0987 3932 sfloppy - ok
08:25:20.0069 3932 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
08:25:20.0071 3932 SiSRaid2 - ok
08:25:20.0120 3932 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
08:25:20.0123 3932 SiSRaid4 - ok
08:25:20.0223 3932 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
08:25:20.0228 3932 Smb - ok
08:25:20.0364 3932 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
08:25:20.0365 3932 spldr - ok
08:25:20.0534 3932 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\windows\System32\Drivers\NISx64\1206000.01D\SRTSP64.SYS
08:25:20.0548 3932 SRTSP - ok
08:25:20.0678 3932 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\windows\system32\drivers\NISx64\1206000.01D\SRTSPX64.SYS
08:25:20.0680 3932 SRTSPX - ok
08:25:20.0785 3932 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
08:25:20.0794 3932 srv - ok
08:25:20.0895 3932 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
08:25:20.0903 3932 srv2 - ok
08:25:21.0013 3932 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
08:25:21.0024 3932 srvnet - ok
08:25:21.0135 3932 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
08:25:21.0137 3932 stexstor - ok
08:25:21.0244 3932 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
08:25:21.0260 3932 swenum - ok
08:25:21.0419 3932 SymDS (6160145c7a87fc7672e8e3b886888176) C:\windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS
08:25:21.0428 3932 SymDS - ok
08:25:21.0580 3932 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS
08:25:21.0595 3932 SymEFA - ok
08:25:21.0707 3932 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
08:25:21.0712 3932 SymEvent - ok
08:25:21.0803 3932 SymIM (3aa3b2df451da88c38ab00b19fa3562e) C:\windows\system32\DRIVERS\SymIMv.sys
08:25:21.0805 3932 SymIM - ok
08:25:21.0954 3932 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS
08:25:21.0959 3932 SymIRON - ok
08:25:22.0106 3932 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\windows\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS
08:25:22.0114 3932 SymNetS - ok
08:25:22.0224 3932 SynTP (e28ca52ecf8cb6eb04b34de440ba260e) C:\windows\system32\DRIVERS\SynTP.sys
08:25:22.0231 3932 SynTP - ok
08:25:22.0393 3932 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\windows\system32\drivers\tcpip.sys
08:25:22.0424 3932 Tcpip - ok
08:25:22.0561 3932 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\windows\system32\DRIVERS\tcpip.sys
08:25:22.0583 3932 TCPIP6 - ok
08:25:22.0683 3932 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
08:25:22.0686 3932 tcpipreg - ok
08:25:22.0796 3932 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
08:25:22.0799 3932 tdcmdpst - ok
08:25:22.0884 3932 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
08:25:22.0887 3932 TDPIPE - ok
08:25:23.0003 3932 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
08:25:23.0006 3932 TDTCP - ok
08:25:23.0122 3932 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
08:25:23.0126 3932 tdx - ok
08:25:23.0214 3932 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
08:25:23.0217 3932 TermDD - ok
08:25:23.0370 3932 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys
08:25:23.0379 3932 tos_sps64 - ok
08:25:23.0489 3932 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
08:25:23.0492 3932 tssecsrv - ok
08:25:23.0607 3932 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
08:25:23.0610 3932 TsUsbFlt - ok
08:25:23.0713 3932 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
08:25:23.0717 3932 tunnel - ok
08:25:23.0797 3932 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
08:25:23.0799 3932 TVALZ - ok
08:25:23.0905 3932 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
08:25:23.0906 3932 TVALZFL - ok
08:25:23.0988 3932 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
08:25:23.0991 3932 uagp35 - ok
08:25:24.0091 3932 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
08:25:24.0099 3932 udfs - ok
08:25:24.0205 3932 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
08:25:24.0218 3932 uliagpkx - ok
08:25:24.0339 3932 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\drivers\umbus.sys
08:25:24.0342 3932 umbus - ok
08:25:24.0446 3932 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
08:25:24.0448 3932 UmPass - ok
08:25:24.0573 3932 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\windows\system32\Drivers\usbaapl64.sys
08:25:24.0576 3932 USBAAPL64 - ok
08:25:24.0685 3932 usbbus (c73cb90e6a2ff90fd02451a8dfc6af8a) C:\windows\system32\DRIVERS\lgx64bus.sys
08:25:24.0686 3932 usbbus - ok
08:25:24.0781 3932 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
08:25:24.0785 3932 usbccgp - ok
08:25:24.0874 3932 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
08:25:24.0878 3932 usbcir - ok
08:25:24.0972 3932 UsbDiag (856ce1f23785369bb5a2de0aedad0aa7) C:\windows\system32\DRIVERS\lgx64diag.sys
08:25:24.0985 3932 UsbDiag - ok
08:25:25.0087 3932 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys
08:25:25.0090 3932 usbehci - ok
08:25:25.0130 3932 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
08:25:25.0138 3932 usbhub - ok
08:25:25.0228 3932 USBModem (f81055629778d33c9317b32e4d2b58db) C:\windows\system32\DRIVERS\lgx64modem.sys
08:25:25.0229 3932 USBModem - ok
08:25:25.0330 3932 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
08:25:25.0333 3932 usbohci - ok
08:25:25.0432 3932 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
08:25:25.0433 3932 usbprint - ok
08:25:25.0540 3932 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
08:25:25.0542 3932 usbscan - ok
08:25:25.0633 3932 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
08:25:25.0637 3932 USBSTOR - ok
08:25:25.0725 3932 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
08:25:25.0728 3932 usbuhci - ok
08:25:25.0849 3932 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\System32\Drivers\usbvideo.sys
08:25:25.0854 3932 usbvideo - ok
08:25:25.0959 3932 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
08:25:25.0961 3932 vdrvroot - ok
08:25:26.0073 3932 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
08:25:26.0076 3932 vga - ok
08:25:26.0108 3932 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
08:25:26.0111 3932 VgaSave - ok
08:25:26.0213 3932 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
08:25:26.0219 3932 vhdmp - ok
08:25:26.0341 3932 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
08:25:26.0343 3932 viaide - ok
08:25:26.0440 3932 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
08:25:26.0443 3932 volmgr - ok
08:25:26.0491 3932 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
08:25:26.0499 3932 volmgrx - ok
08:25:26.0609 3932 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
08:25:26.0615 3932 volsnap - ok
08:25:26.0706 3932 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
08:25:26.0710 3932 vsmraid - ok
08:25:26.0812 3932 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
08:25:26.0814 3932 vwifibus - ok
08:25:26.0908 3932 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
08:25:26.0911 3932 vwififlt - ok
08:25:27.0005 3932 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
08:25:27.0006 3932 vwifimp - ok
08:25:27.0036 3932 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
08:25:27.0038 3932 WacomPen - ok
08:25:27.0158 3932 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
08:25:27.0162 3932 WANARP - ok
08:25:27.0177 3932 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
08:25:27.0180 3932 Wanarpv6 - ok
08:25:27.0292 3932 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
08:25:27.0294 3932 Wd - ok
08:25:27.0385 3932 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
08:25:27.0397 3932 Wdf01000 - ok
08:25:27.0508 3932 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
08:25:27.0510 3932 WfpLwf - ok
08:25:27.0610 3932 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
08:25:27.0614 3932 WIMMount - ok
08:25:27.0756 3932 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
08:25:27.0759 3932 WinUsb - ok
08:25:27.0874 3932 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
08:25:27.0876 3932 WmiAcpi - ok
08:25:28.0018 3932 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
08:25:28.0021 3932 ws2ifsl - ok
08:25:28.0128 3932 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
08:25:28.0131 3932 WudfPf - ok
08:25:28.0253 3932 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
08:25:28.0259 3932 WUDFRd - ok
08:25:28.0312 3932 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
08:25:28.0332 3932 \Device\Harddisk0\DR0 - ok
08:25:28.0353 3932 Boot (0x1200) (679e8d3ac775d9205b1f1ccbb5f90861) \Device\Harddisk0\DR0\Partition0
08:25:28.0354 3932 \Device\Harddisk0\DR0\Partition0 - ok
08:25:28.0355 3932 ============================================================
08:25:28.0355 3932 Scan finished
08:25:28.0355 3932 ============================================================
08:25:28.0372 3216 Detected object count: 0
08:25:28.0372 3216 Actual detected object count: 0
jkball
Regular Member
 
Posts: 22
Joined: October 23rd, 2011, 3:33 pm

Re: Searchqu hijacks mozilla start page search

Unread postby Gary R » October 31st, 2011, 11:00 am

Seems like all the searchqu entries have now been removed, the 3 registry entries are legit ones that were flagged because they had searchqu as part of their names ...... ISearchQueryHelper

It's strange you are still being re-directed.

Please try the following ....

Please download MiniToolBox to your Desktop.

  • Double click MiniToolBox.exe to launch the program.
  • Checkmark the following checkboxes:
    • Flush DNS
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
  • Click Go to start the scan.
  • When finished a log Result.txt will open.
  • Please post it in your next reply.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21871
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Searchqu hijacks mozilla start page search

Unread postby jkball » October 31st, 2011, 3:53 pm

Ok today I have brought my computer to work with me and I noticed the startpage search is now going to search-results.com? Really strange, I thought FF default was to use google. Anyway I have run the scan from here at work don't know if that will make any difference, if so I can run it from home later. Anyway here is the log,
127.0.0.1 localhost

========================= IP Configuration: ================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Joey-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : B4-82-FE-6E-A9-49
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC
Physical Address. . . . . . . . . : B4-82-FE-6E-A9-49
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::2d66:8d89:506a:6161%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.76(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, October 30, 2011 11:55:03 AM
Lease Expires . . . . . . . . . . : Monday, October 31, 2011 3:48:18 PM
Default Gateway . . . . . . . . . : fe80::ad36:f5c:45a0:dda1%11
192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 313819902
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-20-EB-BB-00-26-6C-49-EE-5F
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 00-26-6C-49-EE-5F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.gateway.2wire.net:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{8ED31966-1A8B-4AFC-AC2C-7FB9C388BFED}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:82b:180d:b965:cf64(Preferred)
Link-local IPv6 Address . . . . . : fe80::82b:180d:b965:cf64%14(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{221D60CE-C4BA-40FF-9869-3D7A013858BF}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.1.254

DNS request timed out.
timeout was 2 seconds.
Name: google.com
Addresses: 74.125.65.104
74.125.65.103
74.125.65.106
74.125.65.147
74.125.65.99
74.125.65.105


Pinging google.com [74.125.47.106] with 32 bytes of data:
Reply from 74.125.47.106: bytes=32 time=23ms TTL=48
Reply from 74.125.47.106: bytes=32 time=24ms TTL=48

Ping statistics for 74.125.47.106:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 23ms, Maximum = 24ms, Average = 23ms
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.1.254

DNS request timed out.
timeout was 2 seconds.
Name: yahoo.com
Addresses: 98.139.180.149
209.191.122.70
67.195.160.76
72.30.2.43
98.137.149.56


Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=44ms TTL=48
Reply from 209.191.122.70: bytes=32 time=53ms TTL=48

Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 44ms, Maximum = 53ms, Average = 48ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
17...b4 82 fe 6e a9 49 ......Microsoft Virtual WiFi Miniport Adapter
11...b4 82 fe 6e a9 49 ......Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC
10...00 26 6c 49 ee 5f ......Realtek PCIe FE Family Controller
1...........................Software Loopback Interface 1
13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
34...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.76 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.76 281
192.168.1.76 255.255.255.255 On-link 192.168.1.76 281
192.168.1.255 255.255.255.255 On-link 192.168.1.76 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.76 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.76 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
14 58 ::/0 On-link
11 281 ::/0 fe80::ad36:f5c:45a0:dda1
1 306 ::1/128 On-link
14 58 2001::/32 On-link
14 306 2001:0:4137:9e76:82b:180d:b965:cf64/128
On-link
11 281 fe80::/64 On-link
14 306 fe80::/64 On-link
14 306 fe80::82b:180d:b965:cf64/128
On-link
11 281 fe80::2d66:8d89:506a:6161/128
On-link
1 306 ff00::/8 On-link
14 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

**** End of log ****
jkball
Regular Member
 
Posts: 22
Joined: October 23rd, 2011, 3:33 pm

Re: Searchqu hijacks mozilla start page search

Unread postby Gary R » October 31st, 2011, 5:35 pm

OK that all looks right.

I think your router at home might be the problem. What I suspect is that the DNS settings have been changed by the infection and you'll need to reset your router to change them back to your default DNS settings.


  • This can generally be done by inserting something like an opened paper clip into a small hole labeled Reset that's usually found at the back of the router.
  • Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
  • If you don’t know your router's default password, you can look it up. HERE
  • You will need to reconfigure any security settings you had in place prior to the reset.
  • You may also need to ask your Internet Service Provider (ISP) which DNS servers your network should be using if you have to set them manually (usually you don't have to).
User avatar
Gary R
Administrator
Administrator
 
Posts: 21871
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Searchqu hijacks mozilla start page search

Unread postby jkball » November 2nd, 2011, 9:23 pm

Hi sorry for the long delay but I had some exams this week. I have reset the router and it seems like I am no longer being redirected, thanks for all of your help. If there is anything else I need to do please let me know. Thanks again!
jkball
Regular Member
 
Posts: 22
Joined: October 23rd, 2011, 3:33 pm

Re: Searchqu hijacks mozilla start page search

Unread postby Gary R » November 3rd, 2011, 2:57 am

You're welcome :) . Glad we got you clean in the end.

We've just got a bit of tidying up to do, and then we're finished.

Let's clear out Combofix and the files/folders it created
  • Click Start > Run
  • Copy/Paste ComboFix /Uninstall into the Run box.
  • Click OK
  • Combofix will now delete its files and folders and also perform the following function.
    • Clears System Restore cache and creates a new Restore point. This will remove any "malicious" System Restore files, which may have been created whilst your computer was infected.
IMPORTANT
  • Do not use your computer while Combofix is running.
  • Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Next

Let's clear out OTL and the files and folders it created. This will also remove SystemLook and TDSSKiller.
  • Double click OTL.exe to launch the programme.
  • Click on the CleanUp! button.
  • OTL will download a list from the Internet, if your firewall or other defensive programmes alerts you, allow it access.
  • You will be prompted to allow the clean up procedure, click Yes
  • When finished exit out of OTL
  • Now delete OTL.exe (if still present).

Next

Please delete MiniToolbox

As far as I can see, your computer looks clear of infection now.

Are you still noticing any problems ?
  • If you are let me know about them.
  • If not it's time to make your computer more secure.

Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.

If your computer is running slowly after your clean up, please read.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21871
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Searchqu hijacks mozilla start page search

Unread postby Gary R » November 4th, 2011, 2:07 am

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21871
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 20 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware