Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Browser Hijack searchnu......com/410

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Browser Hijack searchnu......com/410

Unread postby mein12 » March 13th, 2012, 11:01 pm

I have been "hijacked" by the hxxp:// searchnu.com/410. It is redirecting my browser. It has become my home page. Using Firefox as browser. Here are the logs as requested. Thank you in advance for your guidance and help. I do not know if I have one of the XP versions that are no longer supported. If I do, please excuse my ignorance.
Thank you, Catherine

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Owner at 21:23:27 on 2012-03-13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.72 [GMT -5:00]
.
AV: Norton AntiVirus *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton AntiVirus\Engine\17.9.0.12\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Norton AntiVirus\Engine\17.9.0.12\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\PROGRA~1\Intuit\QUICKB~3\QBDBMgr.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Nero\Nero 7\Core\nero.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\PROGRA~1\WI9130~1\Datamngr\DATAMN~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.searchnu.com/410
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\17.9.0.12\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi9130~1\datamngr\toolbar\searchqudtx.dll
BHO: DataMngr: {9d717f81-9148-4f12-8568-69135f087db0} - c:\progra~1\wi9130~1\datamngr\BROWSE~1.DLL
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: @c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi9130~1\datamngr\toolbar\searchqudtx.dll
uRun: [ccleaner] "c:\program files\ccleaner\CCleaner.exe" /AUTO
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [TaskScheduler] c:\prowin10\32bit\tasksch.exe
uRun: [HLBackupScheduler] c:\program files\verizon v cast media manager\V CAST Backup Scheduler.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10p_Plugin.exe -update plugin
uRunOnce: [!SearchquDSFF] c:\windows\system32\rundll32.exe c:\docume~1\owner\locals~1\temp\SRASSE~1.DLL,_SetFirefoxAssets Search Results,Search_Results,http://dts.search-results.com/sr?src=ffb&appid=100&systemid=410&sr=0&q=,
uRunOnce: [!SearchquFFHP] c:\windows\system32\rundll32.exe c:\docume~1\owner\locals~1\temp\INSTAL~1.DLL,_SetFirefoxHP http://www.searchnu.com/410,
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [VMM Mode Selection] c:\program files\htc\modeselection\VMMModeSelection.exe
mRun: [<NO NAME>]
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [Bing Bar] "c:\program files\msn toolbar\platform\5.0.1449.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [DATAMNGR] c:\progra~1\wi9130~1\datamngr\DATAMN~1.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\intuit~1.lnk - c:\program files\common files\intuit\dataprotect\IntuitDataProtect.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\ms excel 2000\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~2.lnk - c:\program files\intuit\quickbooks 2012\QBW32.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicke~1.lnk - c:\program files\quicken\bagent.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupda ... 5303713109
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {C9E2242D-DC05-4C54-9483-A5C90653F7BC} - hxxps://techinline.net/Client/TIClient.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 24.177.176.38 71.92.29.130 24.217.201.67
TCP: Interfaces\{604B4926-0420-46D8-8133-071FF1F46D11} : DhcpNameServer = 24.177.176.38 71.92.29.130 24.217.201.67
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\intuit\quickbooks 2011\HelpAsyncPluggableProtocol.dll
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - c:\program files\intuit\quickbooks 2012\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
AppInit_DLLs: c:\progra~1\wi9130~1\datamngr\datamngr.dll c:\progra~1\wi9130~1\datamngr\IEBHO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 http://www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\1ddqxcri.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.searchnu.com/410
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ff ... 10&sr=0&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\1ddqxcri.default\extensions\remotedesktopclient@techinline.com\plugins\npTiClient.dll
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
.
============= SERVICES / DRIVERS ===============
.
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\definitions\bashdefs\20120302.001\BHDrvx86.sys [2012-3-2 820856]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1109000.00c\cchpx86.sys [2011-10-11 485512]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [2011-5-13 20160]
.
=============== Created Last 30 ================
.
2012-03-13 04:13:27 -------- d-----w- c:\documents and settings\owner\application data\searchqutoolbar
2012-03-13 04:12:12 164144 ----a-w- c:\windows\system32\COMCT232.OCX
2012-03-13 03:50:42 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin7.dll
2012-03-13 03:50:42 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin6.dll
2012-03-13 03:50:42 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin5.dll
2012-03-13 03:50:42 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin4.dll
2012-03-13 03:50:42 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin3.dll
2012-03-13 03:50:42 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin2.dll
2012-03-13 03:50:42 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin.dll
2012-03-10 14:08:40 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-10 14:06:55 41184 ----a-w- c:\windows\avastSS.scr
2012-03-10 14:06:12 -------- d-----w- c:\program files\AVAST Software
2012-03-10 14:06:12 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2012-02-29 09:32:48 -------- d-sh--w- c:\documents and settings\owner\IETldCache
2012-02-29 09:12:00 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-02-29 09:10:58 -------- d-----w- c:\windows\ie8updates
2012-02-29 09:10:10 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-02-29 09:10:09 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-02-29 09:10:09 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-02-29 09:06:54 -------- dc-h--w- c:\windows\ie8
2012-02-25 19:58:19 -------- d-----w- c:\documents and settings\owner\local settings\application data\HP
2012-02-25 17:47:48 319488 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpfpp02t.dll
2012-02-25 17:47:48 125440 ----a-w- c:\windows\system32\hpf3l02t.dll
2012-02-25 17:46:33 -------- d-----w- c:\program files\Microsoft
2012-02-25 17:46:30 -------- d-----w- c:\program files\MSN Toolbar
2012-02-25 17:45:37 -------- d-----w- c:\program files\Bing Bar Installer
2012-02-25 17:44:56 -------- d-----w- c:\program files\common files\HP
2012-02-25 17:44:54 -------- d-----w- c:\program files\common files\Hewlett-Packard
2012-02-25 17:44:04 454504 ----a-w- c:\windows\system32\hpzids01.dll
2012-02-25 17:43:32 -------- d-----w- c:\program files\HP
2012-02-16 06:17:33 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-16 06:17:33 3072 ------w- c:\windows\system32\iacenc.dll
.
==================== Find3M ====================
.
2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46:36 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46:36 43520 ------w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46:36 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22:58 385024 ------w- c:\windows\system32\html.iec
.
============= FINISH: 21:29:50.27 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/13/2011 10:38:24 AM
System Uptime: 3/1/2012 9:20:54 AM (300 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P4PE-X
Processor: Intel(R) Pentium(R) 4 CPU 2.66GHz | PGA 478 | 2672/133mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 30.086 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP267: 1/12/2012 6:21:24 AM - System Checkpoint
RP268: 1/13/2012 6:50:15 AM - System Checkpoint
RP269: 1/14/2012 7:39:11 AM - System Checkpoint
RP270: 1/15/2012 8:50:19 AM - System Checkpoint
RP271: 1/16/2012 9:39:04 AM - System Checkpoint
RP272: 1/17/2012 10:39:04 AM - System Checkpoint
RP273: 1/18/2012 11:40:05 AM - System Checkpoint
RP274: 1/19/2012 12:16:09 PM - System Checkpoint
RP275: 1/20/2012 12:23:18 PM - System Checkpoint
RP276: 1/24/2012 1:19:53 AM - System Checkpoint
RP277: 1/25/2012 1:58:29 AM - System Checkpoint
RP278: 1/26/2012 2:58:30 AM - System Checkpoint
RP279: 1/26/2012 3:00:21 AM - Software Distribution Service 3.0
RP280: 1/27/2012 8:48:15 PM - System Checkpoint
RP281: 1/28/2012 9:14:33 PM - System Checkpoint
RP282: 1/30/2012 3:42:34 PM - System Checkpoint
RP283: 1/31/2012 4:22:16 PM - System Checkpoint
RP284: 2/1/2012 5:22:17 PM - System Checkpoint
RP285: 2/2/2012 6:39:17 PM - System Checkpoint
RP286: 2/3/2012 7:35:15 PM - System Checkpoint
RP287: 2/5/2012 1:19:22 PM - System Checkpoint
RP288: 2/6/2012 1:22:16 PM - System Checkpoint
RP289: 2/7/2012 2:48:24 PM - System Checkpoint
RP290: 2/8/2012 4:25:20 PM - System Checkpoint
RP291: 2/9/2012 5:41:25 PM - System Checkpoint
RP292: 2/10/2012 6:29:23 PM - System Checkpoint
RP293: 2/11/2012 6:45:05 PM - System Checkpoint
RP294: 2/12/2012 9:13:43 PM - System Checkpoint
RP295: 2/13/2012 10:10:09 PM - System Checkpoint
RP296: 2/14/2012 10:10:50 PM - System Checkpoint
RP297: 2/15/2012 11:10:50 PM - System Checkpoint
RP298: 2/16/2012 3:00:24 AM - Software Distribution Service 3.0
RP299: 2/17/2012 3:08:26 PM - System Checkpoint
RP300: 2/19/2012 2:51:52 PM - System Checkpoint
RP301: 2/20/2012 10:57:56 PM - System Checkpoint
RP302: 2/21/2012 11:01:41 PM - System Checkpoint
RP303: 2/22/2012 11:20:33 PM - System Checkpoint
RP304: 2/25/2012 3:14:52 PM - System Checkpoint
RP305: 2/26/2012 3:00:21 AM - Software Distribution Service 3.0
RP306: 2/27/2012 3:28:26 AM - System Checkpoint
RP307: 2/28/2012 3:41:57 AM - System Checkpoint
RP308: 2/29/2012 3:00:35 AM - Software Distribution Service 3.0
RP309: 3/1/2012 3:00:28 AM - Software Distribution Service 3.0
RP310: 3/2/2012 7:24:35 AM - System Checkpoint
RP311: 3/3/2012 7:25:42 AM - System Checkpoint
RP312: 3/4/2012 10:16:55 AM - System Checkpoint
RP313: 3/5/2012 10:25:45 AM - System Checkpoint
RP314: 3/6/2012 1:53:10 PM - System Checkpoint
RP315: 3/7/2012 11:37:05 PM - System Checkpoint
RP316: 3/9/2012 12:53:41 AM - System Checkpoint
RP317: 3/10/2012 1:25:17 AM - System Checkpoint
RP318: 3/10/2012 8:06:11 AM - avast! Free Antivirus Setup
RP319: 3/11/2012 9:25:32 AM - System Checkpoint
RP320: 3/12/2012 10:14:14 AM - System Checkpoint
RP321: 3/13/2012 3:39:14 PM - System Checkpoint
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
6500_E709_BasicWeb
6500_E709_Help_BasicWeb
Adobe AIR
Adobe Community Help
Adobe Download Assistant
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.1)
Adobe Shockwave Player 11.5
AnswerWorks 4.0 Runtime - English
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
Avery DesignPro
Bing Bar
Bing Bar Platform
Bonjour
bpd_scan
BPDSoftware_Ini
Broadcom 440x 10/100 Integrated Controller
BufferChm
Camera Access Library
Camera Support Core Library
Camera Window DS
Camera Window DVC
Camera Window MC
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window DSLR 5 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Canon ZoomBrowser EX (E)
CCleaner
Coupon Printer for Windows
CutePDF Writer 2.8
ffdshow [rev 2527] [2008-12-19]
Free Mp3 Wma Converter V 2.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB969084)
HP Officejet 6500 E709 Series
Intuit Entitlement Client
iTunes
Java Auto Updater
Java(TM) 6 Update 25
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Excel 2000
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Click-to-Run 2010
Microsoft Office Home and Student 2010 - English
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
MovieEdit Task
Mozilla Firefox 10.0.2 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Nero 7 Essentials
neroxml
Network
Norton AntiVirus
PhotoStitch
ProSeries 2010
ProSeries User's Guide 2010
QuickBooks
QuickBooks Premier: Accountant Edition 2011
QuickBooks Premier: Accountant Edition 2012
Quicken 2004
QuickTime
RAW Image Task 2.2
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB2618444)
Security Update for Windows Internet Explorer 7 (KB2647516)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2483614)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2497640)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Spybot - Search & Destroy
Tax Forms Helper 2011 10.0
Toolbox
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Verizon V CAST Media Manager
VirtualDJ Home FREE
VirtualDJ Toolbar
VirtualDJ Toolbar Updater
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Searchqu Toolbar
WModem Driver Installer
.
==== End Of File ===========================
mein12
Regular Member
 
Posts: 16
Joined: March 13th, 2012, 10:48 pm
Advertisement
Register to Remove

Re: Browser Hijack searchnu......com/410

Unread postby mambass » March 14th, 2012, 9:37 am

Hi Catherine, :)

Welcome to the forum.

My nickname is mambass and I'll be helping you with any malware problems.

Before we begin...please read and follow these important guidelines so things will proceed smoothly.

  1. If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
  2. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  3. Please read all instructions carefully before executing them and perform the steps in the order given.
    lf you have any questions or problems executing these instructions then <<STOP>> do not proceed but rather post back with the question or problem.
  4. Your security programs may give warnings for some of the tools I will ask you to use. Be assured that any links I give are safe.
  5. You must have Administrator rights permissions for this computer.
  6. DO NOT run any other fix or removal tools unless instructed to do so!
  7. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  8. Only post your problem at one (1) help site. Applying fixes from multiple help sites can cause problems.
  9. Only reply to this thread. Do not start another thread.
  10. The absence of symptoms does not imply the absence of malware. Please continue responding until I give you the "All Clean".
  11. You might want to place a link to this thread in your Favorites/Bookmarks for easy access.
  12. No Reply Within 3 Days Will Result In Your Topic Being Closed! Please let me know in advance if you will not be able to reply within this time limit.
  13. The logs I request can take a while to research so please be patient.
  14. I am currently in training at Malware Removal University. Each set of instructions that I provide will be reviewed by a faculty member before being posted to this thread. This process may add a small amount of time to my replies. On the positive side you will have two people working together to resolve your malware issues.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection. I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system or to necessitate you taking your computer to a repair shop.

Because of this I advise you to backup any personal files and folders before you start.

How to back up or transfer your data on a Windows-based computer

-----------------------------------------------------------

I am currently reviewing your log and will return as soon as possible with additional instructions.

Thanks,

mambass
User avatar
mambass
Retired Graduate
 
Posts: 826
Joined: April 23rd, 2010, 9:26 am

Re: Browser Hijack searchnu......com/410

Unread postby mambass » March 15th, 2012, 2:13 pm

Hi Catherine, :)
Catherine wrote:I do not know if I have one of the XP versions that are no longer supported.
You have XP with Service Pack 3 (SP3). That is still supported by Microsoft and we'll be glad to help you with your malware problems.

Can you please let me know if this computer is used for business purposes?

mambass
User avatar
mambass
Retired Graduate
 
Posts: 826
Joined: April 23rd, 2010, 9:26 am

Re: Browser Hijack searchnu......com/410

Unread postby mein12 » March 16th, 2012, 9:57 am

I no longer use this computer for business. I purchased a new computer a couple of weeks ago. This one is now used for my children (2 teens and one adult). I think my daughter received this when she downloaded "Free Mp3 WMA Converter" and "Free CD Ripper" and "Easy Audio Cutter". She was working on a film for school. I would also like to know how dangerous this is. When transferring data files to my new computer will I infect my new computer? Thank you so much for your help.

Yours,

Catherine
mein12
Regular Member
 
Posts: 16
Joined: March 13th, 2012, 10:48 pm

Re: Browser Hijack searchnu......com/410

Unread postby mambass » March 17th, 2012, 8:07 am

Hi Catherine, :)

Catherine wrote:When transferring data files to my new computer will I infect my new computer?
Data files should not be a problem. Do not, however, transfer any executable images or procedures. After transferring files, run a full antivirus scan on the new system.

The infection that you have can be difficult to remove and typically takes several passes. There is evidence in your logs of additional fixes that will be necessary once the primary infection has been removed. Please do not interpret the absence of symptoms to imply the absence of issues that need to be addressed. I will make every effort to reply to your posts as soon as possible in order to get ahead of this infection. In return, I ask that you:
  • Perform the requested steps as soon as possible.
  • Continue responding until I tell you that your computer is clear of all malware.


Please print these instructions because you will not have access to the Internet while performing some of the tasks below.

  1. Download SystemLook
    1. Click here to download SystemLook by jpshortstuff and save it to your Desktop.
    2. Find the icon on your desktop so you'll know where to look later.
    3. Do not run the program at this time.

  2. Backup Your Registry with ERUNT
    1. Click here to download erunt_setup.exe and save it to your Desktop.
    2. Double-click erunt_setup.exe to install ERUNT
      1. Uncheck (untick) the NTREGOPT desktop shortcut option.
      2. Click No when given the option to run ERUNT at Windows startup.
      3. Accept the default options for running a backup
    3. ERUNT will then backup your registry.
    4. Click OK to finish.
    Note: If you are unable to backup your registry with ERUNT then STOP – Let me know what happened and DO NOT perform any of the steps below.

  3. Run the Initial Searchqu OTL Fix
    1. Right-click on the filename link below and select "Save target as..." or "Save Link as...", and save it to your Desktop as filename: Fix.txt.

      SQWinXP_x32.TXT

    2. Double-click the OTL icon on your Desktop to run OTL.
    3. Click the Run Fix button at the top. You will see a popup dialog reporting "No fix has been provided. Click OK to load from a file or Cancel".
    4. Click the OK button. An Open dialog will be displayed.
    5. Navigate to the Desktop, scroll to find the file named Fix.txt and click Open button. Some text will appear in the Custom scans/Fixes box.
    6. Click the Run Fix button.
    7. Let the program run unhindered and reboot the PC when it is done.
      When the computer Reboots, and you start your usual account, a Notepad text file will appear.
    8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log.

  4. Run SystemLook
    • Double-click SystemLook.exe to run it.
    • Copy and paste the contents of the following codebox into the main textfield (do not include the word code:):
      Code: Select all
      :filefind
      *Fun4IM*
      *Bandoo*
      *Searchqu*
      *iLivid*
      *whitesmoke*
      *datamngr*
      *trolltech*
      
      :folderfind
      *Fun4IM*
      *Bandoo*
      *Searchqu*
      *iLivid*
      *whitesmoke*
      *datamngr*
      *trolltech*
      
      :Regfind
      Fun4IM
      Bandoo
      Searchqu
      iLivid
      whitesmoke
      datamngr
      kelkoopartners
      trolltech
       
    • Click the Look button to start the scan.
      Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt


Please include in your reply (use multiple posts if more convenient):
  1. The text of any error messages and/or a description of any problems you encountered while performing these steps.
  2. The contents of the OTL Fix log.
  3. The contents of the SystemLook.txt log.


mambass
User avatar
mambass
Retired Graduate
 
Posts: 826
Joined: April 23rd, 2010, 9:26 am

Re: Browser Hijack searchnu......com/410

Unread postby mambass » March 20th, 2012, 8:07 am

Hi Catherine,

It's been 72 hours since I posted my instructions. I just wanted to remind you that, per Forum policy here, this thread may now be closed.

Could you please let me know if you still need help and, if so, if you require additional time to perform the requested tasks?

Thank you. :)

mambass
User avatar
mambass
Retired Graduate
 
Posts: 826
Joined: April 23rd, 2010, 9:26 am

Re: Browser Hijack searchnu......com/410

Unread postby mein12 » March 20th, 2012, 11:38 pm

Yes, I still need help. Have been backing up files, etc. Am working now to send you requested. information.
thank you. Catherine
mein12
Regular Member
 
Posts: 16
Joined: March 13th, 2012, 10:48 pm

Re: Browser Hijack searchnu......com/410

Unread postby mein12 » March 21st, 2012, 12:45 am

Here is the log from OTL. which by the way I did not have that icon on my desktop. So I downloaded it from the internet. It worked fine. Had trouble trying to get Firefox to start. Here is the error message from that "unresponsive script": A script on this page may be busy, or it may have stopped responding. You can stop the script now, or you can continue to see if the script will complete.

Script: chrome://global/content/bindings/text.xml:35

Here is the log from OTL:

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~1\wi371a~1\datamngr\datamngr.dll deleted successfully.
File pInit_DLLs: not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~1\wi371a~1\datamngr\iebho.dll deleted successfully.
File pInit_DLLs: not found.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page deleted successfully.
Registry key HKEY_CURRENT_USER\Software\DataMngr_Toolbar\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Bandoo\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\iLivid\ not found.
Registry key HKEY_CURRENT_USER\Software\AppDataLow\Software\searchqutoolbar\ not found.
Registry key HKEY_CURRENT_USER\Software\DataMngr\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bandoo\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu 406 MediaBar\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\menuorder\start menu2\programs\bandoo\ not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\ not found.
Registry key HKEY_CURRENT_USER\Software\ilivid\ not found.
Registry key HKEY_CURRENT_USER\Software\searchqutoolbar\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Bandoo\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BandooCore.EXE\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1301A8A5-3DFB-4731-A162-B357D00C9644}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477F210A-2A86-4666-9C4B-1189634D2C84}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF871E51-2655-4D06-AED5-745962A96B32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f000001-db8e-f89c-2fec-49bf726f8c12}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9189560-573A-4fde-B055-AE7B0F4CF080}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\ilivid.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASAPI32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASMANCS\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Searchqu Toolbar\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Windows Searchqu Toolbar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Searchqu Toolbar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\SearchquMediabarTb\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{b543ef05-9758-464e-9f37-4c28525b4a4c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b543ef05-9758-464e-9f37-4c28525b4a4c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{8f5f1cb6-ea9e-40af-a5ca-c7fd63cc1971}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\currentversion\app management\arpcache\searchqu 406 mediabar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{a40dc6c5-79d0-4ca8-a185-8ff989af1115}\inprocserver32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{cc1ac828-bb47-4361-afb5-96eee259dd87}\inprocserver32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{fefd3af5-a346-4451-aa23-a3ad54915515}\inprocserver32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{5b4144e1-b61d-495a-9a50-cd1a95d86d15}\1.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{6a4bcaba-c437-4c76-a54e-af31b8a76cb9}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{841d5a49-e48d-413c-9c28-eb3d9081d705}\1.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet explorer\low rights\elevationpolicy\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet explorer\low rights\elevationpolicy\{d0a4be92-2216-42db-ab35-d72efb9f0176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0a4be92-2216-42db-ab35-d72efb9f0176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\shared tools\msconfig\startupreg\datamngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0EDE4701-347A-45E0-81F0-D81D9F69BBFB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EDE4701-347A-45E0-81F0-D81D9F69BBFB}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\\C:\PROGRA~1\WINDOW~4\Datamngr\DATAMN~1.EXE not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs deleted successfully.
========== FILES ==========
File\Folder C:\Program Files\Windows iLivid Toolbar not found.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\components folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\css folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar folder moved successfully.
File\Folder C:\Program Files\iLivid not found.
File\Folder C:\Windows\Prefetch\ILIVID* not found.
File\Folder C:\Windows\Prefetch\SEARCHQUMEDIABAR* not found.
File\Folder C:\Windows\Prefetch\SETUPDATAMNGR* not found.
File\Folder C:\Program Files\mozilla firefox\searchplugins\SearchquWebSearch.xml not found.
C:\Documents and Settings\Owner\Application Data\searchquband folder moved successfully.
C:\Documents and Settings\Owner\Application Data\searchqutoolbar\weather folder moved successfully.
C:\Documents and Settings\Owner\Application Data\searchqutoolbar folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 616028 bytes

User: Owner
->Temp folder emptied: 13915563 bytes
->Temporary Internet Files folder emptied: 8033987 bytes
->Java cache emptied: 2883102 bytes
->FireFox cache emptied: 69148529 bytes
->Flash cache emptied: 62648 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2402044 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 139423500 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 226.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.39.1 log created on 03202012_232447

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Will now run System look.

Thank you for your patience and help.

Catherine
mein12
Regular Member
 
Posts: 16
Joined: March 13th, 2012, 10:48 pm

Re: Browser Hijack searchnu......com/410

Unread postby mein12 » March 21st, 2012, 1:06 am

Here is the System Look log:

SystemLook 30.07.11 by jpshortstuff
Log created at 23:47 on 20/03/2012 by Owner
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ddqxcri.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\bandoocode.js --a---- 28930 bytes [08:42 27/02/2012] [08:42 27/02/2012] 328007B562F9A5A23B7AD15EDF23A1FB
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ddqxcri.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib\bandoocode.js --a---- 35569 bytes [08:42 27/02/2012] [08:42 27/02/2012] 5CF1B92435FF1EEDEDF8B9BB23846933
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ddqxcri.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\bandoo.css --a---- 8308 bytes [08:42 27/02/2012] [08:42 27/02/2012] D98167EFDC45E8EC6F4769791A15CE36
C:\_OTL\MovedFiles\03202012_232447\C_Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\bandoocode.js --a---- 28930 bytes [08:42 27/02/2012] [08:42 27/02/2012] 328007B562F9A5A23B7AD15EDF23A1FB
C:\_OTL\MovedFiles\03202012_232447\C_Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\bandoocode.js --a---- 35569 bytes [08:42 27/02/2012] [08:42 27/02/2012] 5CF1B92435FF1EEDEDF8B9BB23846933
C:\_OTL\MovedFiles\03202012_232447\C_Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bandoo.css --a---- 8308 bytes [08:42 27/02/2012] [08:42 27/02/2012] D98167EFDC45E8EC6F4769791A15CE36

Searching for "*Searchqu*"
C:\_OTL\MovedFiles\03202012_232447\C_Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchquband.dll --a---- 449424 bytes [08:42 27/02/2012] [08:42 27/02/2012] 39ECB144372B2ED7B1B91A1E63D3F275
C:\_OTL\MovedFiles\03202012_232447\C_Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll --a---- 88976 bytes [08:42 27/02/2012] [08:42 27/02/2012] AD14E447F7CED4CA987B91B379EAF952

Searching for "*iLivid*"
C:\Documents and Settings\Owner\My Documents\Downloads\iLividSetupV1.exe --a---- 2063040 bytes [23:39 26/01/2012] [23:39 26/01/2012] 257B37708E5977CBD873015048934FDD

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
C:\_OTL\MovedFiles\03202012_232447\C_Program Files\Windows Searchqu Toolbar\Datamngr\datamngr.dll --a---- 1236368 bytes [04:12 13/03/2012] [08:02 07/03/2012] BEEF3699A4BB5D4A2635370F0DCA6BD0
C:\_OTL\MovedFiles\03202012_232447\C_Program Files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe --a---- 1694608 bytes [04:12 13/03/2012] [08:02 07/03/2012] AD655DC36242ECFE81981FC36A7A0E46
C:\_OTL\MovedFiles\03202012_232447\C_Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlp.dll --a---- 351232 bytes [04:13 13/03/2012] [14:38 02/08/2011] 4D9F92DF1AA8AA39F7645C27D6E7CB1A
C:\_OTL\MovedFiles\03202012_232447\C_Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlp.xpt --a---- 981 bytes [04:13 13/03/2012] [08:02 07/03/2012] B4E345F24F98FD5690FA1B2D7F5DC3BD
C:\_OTL\MovedFiles\03202012_232447\C_Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF10.dll --a---- 351744 bytes [04:13 13/03/2012] [08:02 07/03/2012] 04D77F77872A53C69C93CBBACFA487BC
C:\_OTL\MovedFiles\03202012_232447\C_Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF11.dll --a---- 351744 bytes [04:13 13/03/2012] [08:02 07/03/2012] 61FF94116B52B5D838F77B8080BDABB8
C:\_OTL\MovedFiles\03202012_232447\C_Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF3.dll --a---- 355840 bytes [04:13 13/03/2012] [07:59 07/03/2012] D40D9FB2E3EEA712FD47A64508BDF309
C:\_OTL\MovedFiles\03202012_232447\C_Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF4.dll --a---- 351744 bytes [04:13 13/03/2012] [08:00 07/03/2012] E766E9F7881B3DCE7206F77702F32716
C:\_OTL\MovedFiles\03202012_232447\C_Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF5.dll --a---- 351744 bytes [04:13 13/03/2012] [08:00 07/03/2012] D696A9AA0AA01A14F1830C3E7543D1A6
C:\_OTL\MovedFiles\03202012_232447\C_Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF6.dll --a---- 351744 bytes [04:13 13/03/2012] [08:01 07/03/2012] 51B750F744F757C7AFDCEB01E9268A4E
C:\_OTL\MovedFiles\03202012_232447\C_Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF7.dll --a---- 351744 bytes [04:13 13/03/2012] [08:01 07/03/2012] 828DED649CCB0C3EC8411DC14DD7CA53
C:\_OTL\MovedFiles\03202012_232447\C_Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF8.dll --a---- 351744 bytes [04:13 13/03/2012] [08:01 07/03/2012] 0CCEC1EF2FAB37080B6EFF6109AAF8F5
C:\_OTL\MovedFiles\03202012_232447\C_Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF9.dll --a---- 351744 bytes [04:13 13/03/2012] [08:01 07/03/2012] E0741DE8D0A06972559B7177149937FB
C:\_OTL\MovedFiles\03202012_232447\C_Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\DataMngr.js --a---- 16184 bytes [04:13 13/03/2012] [06:50 25/10/2011] 74EA142FA2CF77FA2306892E2B45FA13

Searching for "*trolltech*"
No files found.

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchqu*"
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ddqxcri.default\searchqutoolbar d------ [04:14 13/03/2012]
C:\_OTL\MovedFiles\03202012_232447\C_Documents and Settings\Owner\Application Data\searchquband d------ [18:54 18/03/2012]
C:\_OTL\MovedFiles\03202012_232447\C_Documents and Settings\Owner\Application Data\searchqutoolbar d------ [04:26 21/03/2012]
C:\_OTL\MovedFiles\03202012_232447\C_Program Files\Windows Searchqu Toolbar d------ [04:25 21/03/2012]

Searching for "*iLivid*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
C:\Documents and Settings\Owner\AppData\LocalLow\DataMngr d------ [18:54 18/03/2012]
C:\_OTL\MovedFiles\03202012_232447\C_Program Files\Windows Searchqu Toolbar\Datamngr d------ [04:25 21/03/2012]

Searching for "*trolltech*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchqu"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&appid=100&systemid=410&qu={searchTerms}&ft=json"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8408BA8D-2245-49A0-8FEA-538669B0CFF7}]
@="NeroSearchQuerySourceSettings Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8408BA8D-2245-49A0-8FEA-538669B0CFF7}\ProgID]
@="NeroSearch.NeroSearchQuerySourceSettings.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8408BA8D-2245-49A0-8FEA-538669B0CFF7}\VersionIndependentProgID]
@="NeroSearch.NeroSearchQuerySourceSettings"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C9E6B7A-6B70-4768-9656-444DCA6890B2}]
@="NMSearchQuerySyntaxTree Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C9E6B7A-6B70-4768-9656-444DCA6890B2}\ProgID]
@="NMSearch.NMSearchQuerySyntaxTree.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C9E6B7A-6B70-4768-9656-444DCA6890B2}\VersionIndependentProgID]
@="NMSearch.NMSearchQuerySyntaxTree"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BFF3B8F9-4CF4-4843-9DA6-097193056FB3}]
@="NMSearchQueryConfigManager Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BFF3B8F9-4CF4-4843-9DA6-097193056FB3}\ProgID]
@="NMSearch.NMSearchQueryConfigManager.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BFF3B8F9-4CF4-4843-9DA6-097193056FB3}\VersionIndependentProgID]
@="NMSearch.NMSearchQueryConfigManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{09BB29E0-C8C5-4AF3-B553-FD2158D99852}]
@="INMSearchQueryConfigHolder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{183AA129-9D53-4735-BB1F-92BA2B66B575}]
@="INMSearchQueryCallback"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{21E4A815-2464-4CB1-BDD9-82DD0EF9D922}]
@="INeroSearchQueryTranslator2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{227DF978-FB93-4247-BD8F-2CDB4C485EFD}]
@="INeroSearchQueryDNF"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2D9A4D8E-AEC7-4434-BB6C-B2FB6CFEBDB8}]
@="INeroSearchQueryOperandString"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2F2FD52C-3D82-4B96-81DB-F1D41442BB9B}]
@="INMSearchQueryHandle"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3C453A7C-D1C6-4D48-B063-CEAFCEF7042A}]
@="INeroSearchQuerySourceSettings"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{422A9ACE-3453-44DF-BC41-71B8D89C22A3}]
@="INeroSearchQueryOperandCriterion"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{43D899E4-4085-4B50-8E5F-F9334FBA7C2A}]
@="INMSearchQueryConstSyntaxTree"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{48DEBF52-F73F-4F0F-9255-ECBC1C922D7C}]
@="INeroSearchQueryTerm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4B07C813-AA0B-4E71-BBB0-D343CC42DF1C}]
@="INMSearchQueryResult"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5D75DC77-4997-4E83-9A6B-B1E4C1C0CB87}]
@="INeroSearchQueryTranslator"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5D824B76-5027-4936-AC1A-1266E0763522}]
@="INMSearchQueryContext"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{607C2DEF-18DB-4F34-A645-2D3A5349000F}]
@="INMSearchQueryErrorEvent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7A1FBB2E-27A9-438B-9CED-57B03D61D9D0}]
@="INMSearchQuerySource"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8A3637CB-97D5-4956-AF77-1356D61F7AA3}]
@="INeroSearchQueryOperandNumber"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B931B92F-FBF7-42DA-B690-C64A26160B77}]
@="INMSearchQueryResultEvent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BA41016E-B64A-47E2-B4E7-58AAE086819A}]
@="INMSearchQueryResult2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C84C7F87-F9FE-4024-A214-17AE8C22257C}]
@="INMSearchQueryResultEnumerator"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D0A51603-B44E-4B2D-8DA1-D0CFD83AF832}]
@="INeroSearchQueryKeyword"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DFA5ADF8-8326-49E3-9B04-2751097A6510}]
@="INeroSearchQueryCNF"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E0297562-6321-4938-9B2F-A3D330E44079}]
@="INeroSearchQuerySourceEnumerator"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F1B98CD5-F00C-49E3-B355-C9571B1348C3}]
@="INMSearchQueryConfigManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F45EA53D-A0AC-40ED-B446-EAE772F635B2}]
@="INMSearchQueryResultDirectoryAccessor"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F82BA77D-ED8F-4999-A71A-0CDB7223E30B}]
@="INMSearchQueryRefinement"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FDC8ED21-7F9F-4E80-846B-6A02DDFF4AF2}]
@="INMSearchQuerySyntaxTree"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FECB3D13-009D-452E-B7C3-B3EFA98D1FB5}]
@="INMSearchQuerySourceDeprecated"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NeroSearch.NeroSearchQuerySourceSettings]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NeroSearch.NeroSearchQuerySourceSettings]
@="NeroSearchQuerySourceSettings Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NeroSearch.NeroSearchQuerySourceSettings\CurVer]
@="NeroSearch.NeroSearchQuerySourceSettings.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NeroSearch.NeroSearchQuerySourceSettings.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NeroSearch.NeroSearchQuerySourceSettings.1]
@="NeroSearchQuerySourceSettings Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NMSearch.NMSearchQueryConfigManager]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NMSearch.NMSearchQueryConfigManager]
@="NMSearchQueryConfigManager Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NMSearch.NMSearchQueryConfigManager\CurVer]
@="NMSearch.NMSearchQueryConfigManager.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NMSearch.NMSearchQueryConfigManager.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NMSearch.NMSearchQueryConfigManager.1]
@="NMSearchQueryConfigManager Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NMSearch.NMSearchQuerySyntaxTree]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NMSearch.NMSearchQuerySyntaxTree]
@="NMSearchQuerySyntaxTree Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NMSearch.NMSearchQuerySyntaxTree\CurVer]
@="NMSearch.NMSearchQuerySyntaxTree.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NMSearch.NMSearchQuerySyntaxTree.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NMSearch.NMSearchQuerySyntaxTree.1]
@="NMSearchQuerySyntaxTree Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&appid=100&systemid=410&qu={searchTerms}&ft=json"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe"="C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe:*:Enabled:DTX broker"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe"="C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe:*:Enabled:DTX broker"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe"="C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe:*:Enabled:DTX broker"
[HKEY_USERS\S-1-5-21-1123561945-963894560-1417001333-1003\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&appid=100&systemid=410&qu={searchTerms}&ft=json"

Searching for "iLivid"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserConnection.Loader]
@="DataMngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserConnection.Loader.1]
@="DataMngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{879A2A4B-2ABC-44F1-AE34-C9EAC0B87EF4}]
"AppPath"="C:\PROGRA~1\WI9130~1\Datamngr\ToolBar"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe"="C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe:*:Enabled:DTX broker"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe"="C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe:*:Enabled:DTX broker"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe"="C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe:*:Enabled:DTX broker"

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
No data found.

-= EOF =-

Where do we go from here?
mein12
Regular Member
 
Posts: 16
Joined: March 13th, 2012, 10:48 pm

Re: Browser Hijack searchnu......com/410

Unread postby mein12 » March 21st, 2012, 9:00 am

Dear mambass,

This morning I was able to reset my home page to yahoo. Does this mean I am cured? The only weird thing I have encountered is when I set my weather default to Auburn, Al it gives me the news from Beaufort, SC. Probably just Yahoo. Thanks so much for your help.

Yours,

Catherine
mein12
Regular Member
 
Posts: 16
Joined: March 13th, 2012, 10:48 pm

Re: Browser Hijack searchnu......com/410

Unread postby mambass » March 21st, 2012, 1:35 pm

Hi Catherine, :)

Catherine wrote:This morning I was able to reset my home page to yahoo. Does this mean I am cured?
The initial symptoms are likely gone now but we still have more work to do. Please continue to reply until I tell you that your computer no longer contains any malware.

Please print these instructions because you will not have access to the Internet while performing some of the tasks below.

  1. Backup Your Registry with ERUNT
    1. Click Start > All Programs > ERUNT > ERUNT to run ERUNT.
    2. Accept the default options for running a backup
    3. Click OK to finish.
    Note: If you are unable to backup your registry with ERUNT then STOP – Let me know what happened and [b]DO NOT[/b] perform any of the steps below.

  2. Perform a Custom Fix with OTL
    1. Double-click the OTL icon on your Desktop to run the program.
    2. In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
      Code: Select all
      :Reg
      [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8408BA8D-2245-49A0-8FEA-538669B0CFF7}]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C9E6B7A-6B70-4768-9656-444DCA6890B2}]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BFF3B8F9-4CF4-4843-9DA6-097193056FB3}]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{09BB29E0-C8C5-4AF3-B553-FD2158D99852}]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{183AA129-9D53-4735-BB1F-92BA2B66B575}]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{21E4A815-2464-4CB1-BDD9-82DD0EF9D922}]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{227DF978-FB93-4247-BD8F-2CDB4C485EFD}]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2D9A4D8E-AEC7-4434-BB6C-B2FB6CFEBDB8}]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2F2FD52C-3D82-4B96-81DB-F1D41442BB9B}]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3C453A7C-D1C6-4D48-B063-CEAFCEF7042A}]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{422A9ACE-3453-44DF-BC41-71B8D89C22A3}]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{43D899E4-4085-4B50-8E5F-F9334FBA7C2A}]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{48DEBF52-F73F-4F0F-9255-ECBC1C922D7C}]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4B07C813-AA0B-4E71-BBB0-D343CC42DF1C}]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5D75DC77-4997-4E83-9A6B-B1E4C1C0CB87}]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5D824B76-5027-4936-AC1A-1266E0763522}]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{607C2DEF-18DB-4F34-A645-2D3A5349000F}]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7A1FBB2E-27A9-438B-9CED-57B03D61D9D0}]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8A3637CB-97D5-4956-AF77-1356D61F7AA3}]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B931B92F-FBF7-42DA-B690-C64A26160B77}]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BA41016E-B64A-47E2-B4E7-58AAE086819A}]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C84C7F87-F9FE-4024-A214-17AE8C22257C}]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D0A51603-B44E-4B2D-8DA1-D0CFD83AF832}]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DFA5ADF8-8326-49E3-9B04-2751097A6510}]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E0297562-6321-4938-9B2F-A3D330E44079}]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F1B98CD5-F00C-49E3-B355-C9571B1348C3}]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F45EA53D-A0AC-40ED-B446-EAE772F635B2}]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F82BA77D-ED8F-4999-A71A-0CDB7223E30B}]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FDC8ED21-7F9F-4E80-846B-6A02DDFF4AF2}]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FECB3D13-009D-452E-B7C3-B3EFA98D1FB5}]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}]
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
      "C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe"=-
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
      "C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe"=-
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
      "C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe"=-
      [-HKEY_USERS\S-1-5-21-1123561945-963894560-1417001333-1003\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserConnection.Loader]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{879A2A4B-2ABC-44F1-AE34-C9EAC0B87EF4}]
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
      "C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe"=-
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
      "C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe"=-
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
      "C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe"=-
      
      :Files
      C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ddqxcri.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\bandoocode.js
      C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ddqxcri.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib\bandoocode.js
      C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ddqxcri.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\bandoo.css
      C:\Documents and Settings\Owner\My Documents\Downloads\iLividSetupV1.exe
      C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ddqxcri.default\searchqutoolbar
      C:\Documents and Settings\Owner\AppData\LocalLow\DataMngr
      
      :Commands
      [EMPTYTEMP]
      [CREATERESTOREPOINT]
      
      
    3. Close all running applications other than OTL.
    4. Click the Run Fix button at the top.
    5. Let the program run unhindered and reboot the PC when it is done.
    6. When the computer Reboots, and you start your usual account, a Notepad text file will appear.
    7. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log.

  3. Run SystemLook
    • Double-click the SystemLook.exe icon on your Desktop to run it.
    • Copy and paste the contents of the following codebox into the main textfield (do not include the word code:):
      Code: Select all
      :filefind
      *Fun4IM*
      *Bandoo*
      *Searchqu*
      *iLivid*
      *whitesmoke*
      *datamngr*
      *trolltech*
      
      :folderfind
      *Fun4IM*
      *Bandoo*
      *Searchqu*
      *iLivid*
      *whitesmoke*
      *datamngr*
      *trolltech*
      
      :Regfind
      Fun4IM
      Bandoo
      Searchqu
      iLivid
      whitesmoke
      datamngr
      kelkoopartners
      trolltech
       
    • Click the Look button to start the scan.
      Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt

  4. Run a Scan with OTL
    1. Double-click the OTL icon on your Desktop to run the program.
    2. Check the boxes labeled :
      • Scan All Users
      • LOP check
      • Purity check
      • Extra Registry > Use SafeList <-- Make sure this option is selected
    3. Make sure all other windows are closed so that it can run uninterrupted.
    4. Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so. The scan won't take long.
    5. When the scan completes, it will open two notepad windows. OTL.Txt will be displayed and Extras.Txt will be minimized. These are saved in the same location as OTL. (desktop)
    6. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.


Please include in your reply (user separate posts if more convenient):
  1. The text of any error messages and/or a description of any problems you encountered while performing these steps.
  2. The contents of the OTL Fix log.
  3. The contents of the SystemLook.txt log.
  4. The contents of the OTL.txt and Extras.txt scan logs.
  5. After posting your reply message, please verify that the last line of the last report is present in the post. If any log is cut off then please post the logs in sections.


mambass
User avatar
mambass
Retired Graduate
 
Posts: 826
Joined: April 23rd, 2010, 9:26 am

Re: Browser Hijack searchnu......com/410

Unread postby mein12 » March 21st, 2012, 3:08 pm

Here is the OTL Log:

All processes killed
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8408BA8D-2245-49A0-8FEA-538669B0CFF7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8408BA8D-2245-49A0-8FEA-538669B0CFF7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C9E6B7A-6B70-4768-9656-444DCA6890B2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C9E6B7A-6B70-4768-9656-444DCA6890B2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BFF3B8F9-4CF4-4843-9DA6-097193056FB3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BFF3B8F9-4CF4-4843-9DA6-097193056FB3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{09BB29E0-C8C5-4AF3-B553-FD2158D99852}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09BB29E0-C8C5-4AF3-B553-FD2158D99852}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{183AA129-9D53-4735-BB1F-92BA2B66B575}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{183AA129-9D53-4735-BB1F-92BA2B66B575}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{21E4A815-2464-4CB1-BDD9-82DD0EF9D922}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21E4A815-2464-4CB1-BDD9-82DD0EF9D922}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{227DF978-FB93-4247-BD8F-2CDB4C485EFD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{227DF978-FB93-4247-BD8F-2CDB4C485EFD}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2D9A4D8E-AEC7-4434-BB6C-B2FB6CFEBDB8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2D9A4D8E-AEC7-4434-BB6C-B2FB6CFEBDB8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2F2FD52C-3D82-4B96-81DB-F1D41442BB9B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2F2FD52C-3D82-4B96-81DB-F1D41442BB9B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3C453A7C-D1C6-4D48-B063-CEAFCEF7042A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3C453A7C-D1C6-4D48-B063-CEAFCEF7042A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{422A9ACE-3453-44DF-BC41-71B8D89C22A3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{422A9ACE-3453-44DF-BC41-71B8D89C22A3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{43D899E4-4085-4B50-8E5F-F9334FBA7C2A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43D899E4-4085-4B50-8E5F-F9334FBA7C2A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{48DEBF52-F73F-4F0F-9255-ECBC1C922D7C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48DEBF52-F73F-4F0F-9255-ECBC1C922D7C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4B07C813-AA0B-4E71-BBB0-D343CC42DF1C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B07C813-AA0B-4E71-BBB0-D343CC42DF1C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5D75DC77-4997-4E83-9A6B-B1E4C1C0CB87}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D75DC77-4997-4E83-9A6B-B1E4C1C0CB87}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5D824B76-5027-4936-AC1A-1266E0763522}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D824B76-5027-4936-AC1A-1266E0763522}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{607C2DEF-18DB-4F34-A645-2D3A5349000F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{607C2DEF-18DB-4F34-A645-2D3A5349000F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7A1FBB2E-27A9-438B-9CED-57B03D61D9D0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7A1FBB2E-27A9-438B-9CED-57B03D61D9D0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8A3637CB-97D5-4956-AF77-1356D61F7AA3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A3637CB-97D5-4956-AF77-1356D61F7AA3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B931B92F-FBF7-42DA-B690-C64A26160B77}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B931B92F-FBF7-42DA-B690-C64A26160B77}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BA41016E-B64A-47E2-B4E7-58AAE086819A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA41016E-B64A-47E2-B4E7-58AAE086819A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C84C7F87-F9FE-4024-A214-17AE8C22257C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C84C7F87-F9FE-4024-A214-17AE8C22257C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D0A51603-B44E-4B2D-8DA1-D0CFD83AF832}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0A51603-B44E-4B2D-8DA1-D0CFD83AF832}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DFA5ADF8-8326-49E3-9B04-2751097A6510}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFA5ADF8-8326-49E3-9B04-2751097A6510}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E0297562-6321-4938-9B2F-A3D330E44079}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E0297562-6321-4938-9B2F-A3D330E44079}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F1B98CD5-F00C-49E3-B355-C9571B1348C3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F1B98CD5-F00C-49E3-B355-C9571B1348C3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F45EA53D-A0AC-40ED-B446-EAE772F635B2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F45EA53D-A0AC-40ED-B446-EAE772F635B2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F82BA77D-ED8F-4999-A71A-0CDB7223E30B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F82BA77D-ED8F-4999-A71A-0CDB7223E30B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FDC8ED21-7F9F-4E80-846B-6A02DDFF4AF2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDC8ED21-7F9F-4E80-846B-6A02DDFF4AF2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FECB3D13-009D-452E-B7C3-B3EFA98D1FB5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FECB3D13-009D-452E-B7C3-B3EFA98D1FB5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe not found.
Registry key HKEY_USERS\S-1-5-21-1123561945-963894560-1417001333-1003\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserConnection.Loader\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{879A2A4B-2ABC-44F1-AE34-C9EAC0B87EF4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{879A2A4B-2ABC-44F1-AE34-C9EAC0B87EF4}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe not found.
========== FILES ==========
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ddqxcri.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\bandoocode.js moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ddqxcri.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib\bandoocode.js moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ddqxcri.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\bandoo.css moved successfully.
C:\Documents and Settings\Owner\My Documents\Downloads\iLividSetupV1.exe moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ddqxcri.default\searchqutoolbar folder moved successfully.
C:\Documents and Settings\Owner\AppData\LocalLow\DataMngr folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner
->Temp folder emptied: 4187183 bytes
->Temporary Internet Files folder emptied: 3264633 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 43601128 bytes
->Flash cache emptied: 848 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 33251 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 49.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.39.1 log created on 03212012_133512

Files\Folders moved on Reboot...
C:\Documents and Settings\Owner\Local Settings\Temp\CVHLauncher(20120320234642A60).log moved successfully.
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_d08.dat not found!

Registry entries deleted on Reboot...
Here is the Ssystem Look :

SystemLook 30.07.11 by jpshortstuff
Log created at 13:50 on 21/03/2012 by Owner
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
C:\_OTL\MovedFiles\03202012_232447\C_Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\bandoocode.js --a---- 28930 bytes [08:42 27/02/2012] [08:42 27/02/2012] 328007B562F9A5A23B7AD15EDF23A1FB
C:\_OTL\MovedFiles\03202012_232447\C_Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\bandoocode.js --a---- 35569 bytes [08:42 27/02/2012] [08:42 27/02/2012] 5CF1B92435FF1EEDEDF8B9BB23846933
C:\_OTL\MovedFiles\03202012_232447\C_Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bandoo.css --a---- 8308 bytes [08:42 27/02/2012] [08:42 27/02/2012] D98167EFDC45E8EC6F4769791A15CE36
C:\_OTL\MovedFiles\03212012_133512\C_Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ddqxcri.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\bandoocode.js --a---- 28930 bytes [08:42 27/02/2012] [08:42 27/02/2012] 328007B562F9A5A23B7AD15EDF23A1FB
C:\_OTL\MovedFiles\03212012_133512\C_Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ddqxcri.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib\bandoocode.js --a---- 35569 bytes [08:42 27/02/2012] [08:42 27/02/2012] 5CF1B92435FF1EEDEDF8B9BB23846933
C:\_OTL\MovedFiles\03212012_133512\C_Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ddqxcri.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\bandoo.css --a---- 8308 bytes [08:42 27/02/2012] [08:42 27/02/2012] D98167EFDC45E8EC6F4769791A15CE36

Searching for "*Searchqu*"
C:\_OTL\MovedFiles\03202012_232447\C_Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchquband.dll --a---- 449424 bytes [08:42 27/02/2012] [08:42 27/02/2012] 39ECB144372B2ED7B1B91A1E63D3F275
C:\_OTL\MovedFiles\03202012_232447\C_Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll --a---- 88976 bytes [08:42 27/02/2012] [08:42 27/02/2012] AD14E447F7CED4CA987B91B379EAF952

Searching for "*iLivid*"
C:\_OTL\MovedFiles\03212012_133512\C_Documents and Settings\Owner\My Documents\Downloads\iLividSetupV1.exe --a---- 2063040 bytes [23:39 26/01/2012] [23:39 26/01/2012] 257B37708E5977CBD873015048934FDD

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
C:\_OTL\MovedFiles\03202012_232447\C_Program Files\Windows Searchqu Toolbar\Datamngr\datamngr.dll --a---- 1236368 bytes [04:12 13/03/2012] [08:02 07/03/2012] BEEF3699A4BB5D4A2635370F0DCA6BD0
C:\_OTL\MovedFiles\03202012_232447\C_Program Files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe --a---- 1694608 bytes [04:12 13/03/2012] [08:02 07/03/2012] AD655DC36242ECFE81981FC36A7A0E46
C:\_OTL\MovedFiles\03202012_232447\C_Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlp.dll --a---- 351232 bytes [04:13 13/03/2012] [14:38 02/08/2011] 4D9F92DF1AA8AA39F7645C27D6E7CB1A
C:\_OTL\MovedFiles\03202012_232447\C_Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlp.xpt --a---- 981 bytes [04:13 13/03/2012] [08:02 07/03/2012] B4E345F24F98FD5690FA1B2D7F5DC3BD
C:\_OTL\MovedFiles\03202012_232447\C_Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF10.dll --a---- 351744 bytes [04:13 13/03/2012] [08:02 07/03/2012] 04D77F77872A53C69C93CBBACFA487BC
C:\_OTL\MovedFiles\03202012_232447\C_Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF11.dll --a---- 351744 bytes [04:13 13/03/2012] [08:02 07/03/2012] 61FF94116B52B5D838F77B8080BDABB8
C:\_OTL\MovedFiles\03202012_232447\C_Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF3.dll --a---- 355840 bytes [04:13 13/03/2012] [07:59 07/03/2012] D40D9FB2E3EEA712FD47A64508BDF309
C:\_OTL\MovedFiles\03202012_232447\C_Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF4.dll --a---- 351744 bytes [04:13 13/03/2012] [08:00 07/03/2012] E766E9F7881B3DCE7206F77702F32716
C:\_OTL\MovedFiles\03202012_232447\C_Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF5.dll --a---- 351744 bytes [04:13 13/03/2012] [08:00 07/03/2012] D696A9AA0AA01A14F1830C3E7543D1A6
C:\_OTL\MovedFiles\03202012_232447\C_Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF6.dll --a---- 351744 bytes [04:13 13/03/2012] [08:01 07/03/2012] 51B750F744F757C7AFDCEB01E9268A4E
C:\_OTL\MovedFiles\03202012_232447\C_Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF7.dll --a---- 351744 bytes [04:13 13/03/2012] [08:01 07/03/2012] 828DED649CCB0C3EC8411DC14DD7CA53
C:\_OTL\MovedFiles\03202012_232447\C_Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF8.dll --a---- 351744 bytes [04:13 13/03/2012] [08:01 07/03/2012] 0CCEC1EF2FAB37080B6EFF6109AAF8F5
C:\_OTL\MovedFiles\03202012_232447\C_Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF9.dll --a---- 351744 bytes [04:13 13/03/2012] [08:01 07/03/2012] E0741DE8D0A06972559B7177149937FB
C:\_OTL\MovedFiles\03202012_232447\C_Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\DataMngr.js --a---- 16184 bytes [04:13 13/03/2012] [06:50 25/10/2011] 74EA142FA2CF77FA2306892E2B45FA13

Searching for "*trolltech*"
No files found.

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchqu*"
C:\_OTL\MovedFiles\03202012_232447\C_Documents and Settings\Owner\Application Data\searchquband d------ [18:54 18/03/2012]
C:\_OTL\MovedFiles\03202012_232447\C_Documents and Settings\Owner\Application Data\searchqutoolbar d------ [04:26 21/03/2012]
C:\_OTL\MovedFiles\03202012_232447\C_Program Files\Windows Searchqu Toolbar d------ [04:25 21/03/2012]
C:\_OTL\MovedFiles\03212012_133512\C_Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ddqxcri.default\searchqutoolbar d------ [04:14 13/03/2012]

Searching for "*iLivid*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
C:\_OTL\MovedFiles\03202012_232447\C_Program Files\Windows Searchqu Toolbar\Datamngr d------ [04:25 21/03/2012]
C:\_OTL\MovedFiles\03212012_133512\C_Documents and Settings\Owner\AppData\LocalLow\DataMngr d------ [18:54 18/03/2012]

Searching for "*trolltech*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NeroSearch.NeroSearchQuerySourceSettings]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NeroSearch.NeroSearchQuerySourceSettings]
@="NeroSearchQuerySourceSettings Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NeroSearch.NeroSearchQuerySourceSettings\CurVer]
@="NeroSearch.NeroSearchQuerySourceSettings.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NeroSearch.NeroSearchQuerySourceSettings.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NeroSearch.NeroSearchQuerySourceSettings.1]
@="NeroSearchQuerySourceSettings Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NMSearch.NMSearchQueryConfigManager]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NMSearch.NMSearchQueryConfigManager]
@="NMSearchQueryConfigManager Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NMSearch.NMSearchQueryConfigManager\CurVer]
@="NMSearch.NMSearchQueryConfigManager.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NMSearch.NMSearchQueryConfigManager.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NMSearch.NMSearchQueryConfigManager.1]
@="NMSearchQueryConfigManager Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NMSearch.NMSearchQuerySyntaxTree]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NMSearch.NMSearchQuerySyntaxTree]
@="NMSearchQuerySyntaxTree Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NMSearch.NMSearchQuerySyntaxTree\CurVer]
@="NMSearch.NMSearchQuerySyntaxTree.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NMSearch.NMSearchQuerySyntaxTree.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NMSearch.NMSearchQuerySyntaxTree.1]
@="NMSearchQuerySyntaxTree Class"

Searching for "iLivid"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserConnection.Loader.1]
@="DataMngr"

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"

This was the last line in the Notepad of System Look Text - window did not pop up automatically. Did I exit too soon?

Catherine
mein12
Regular Member
 
Posts: 16
Joined: March 13th, 2012, 10:48 pm

Re: Browser Hijack searchnu......com/410

Unread postby mein12 » March 21st, 2012, 3:29 pm

Here is the OTL text:

12`` OTL logfile created on: 3/21/2012 2:09:20 PM - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.47 Mb Total Physical Memory | 291.47 Mb Available Physical Memory | 56.99% Memory free
1.22 Gb Paging File | 0.76 Gb Available in Paging File | 61.90% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 32.21 Gb Free Space | 43.23% Space Free | Partition Type: NTFS
Drive F: | 7.26 Gb Total Space | 5.99 Gb Free Space | 82.46% Space Free | Partition Type: FAT32

Computer Name: OWNER-CFB93CB1D | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/20 23:09:34 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2012/03/06 19:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/01/03 17:31:34 | 001,391,272 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011/12/06 12:41:18 | 001,175,912 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2011/12/06 11:48:02 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2011/10/01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/09/26 02:56:20 | 004,950,152 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
PRC - [2011/08/03 23:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\17.9.0.12\ccsvchst.exe
PRC - [2011/06/30 13:25:52 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
PRC - [2011/02/14 08:55:15 | 000,043,520 | R--- | M] () -- C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
PRC - [2010/02/28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\OFFICEVIRT.EXE
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/06/02 15:54:34 | 000,086,606 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/21 04:13:32 | 001,744,896 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12032100\algo.dll
MOD - [2012/02/16 04:31:00 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\11dcb806c92f55111f5fa9f1a90e3bdd\System.ServiceProcess.ni.dll
MOD - [2012/02/16 04:23:26 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2012/02/16 04:19:32 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\d7fbfc6836ce7e53486ddb79b598ca8d\System.ServiceProcess.ni.dll
MOD - [2012/02/16 04:04:51 | 009,090,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\3ff4657a86a0e14b4be577969e0ec762\System.ni.dll
MOD - [2012/01/11 04:13:34 | 014,407,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\52f4f785f7cf45a64606a8e13c8cf04c\mscorlib.ni.dll
MOD - [2011/10/13 03:23:22 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/09/26 02:56:20 | 004,950,152 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
MOD - [2011/09/26 02:56:00 | 000,100,352 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\avutil-50.dll
MOD - [2011/09/26 02:55:58 | 000,684,032 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\libexpat.dll
MOD - [2011/09/26 02:55:58 | 000,466,975 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\sqlite3.dll
MOD - [2011/03/21 17:30:20 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/02/14 08:55:15 | 000,043,520 | R--- | M] () -- C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
MOD - [2010/02/28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\OFFICEVIRT.EXE
MOD - [2009/11/05 08:39:40 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/12/06 11:48:02 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2011/10/01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/08/03 23:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton AntiVirus\Engine\17.9.0.12\ccSvcHst.exe -- (NAV)
SRV - [2011/06/30 13:25:52 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2005/06/02 15:54:34 | 000,086,606 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/03/06 19:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 19:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 19:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/03/06 19:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 19:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/03/06 19:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/03/06 18:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/03/06 17:04:10 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20120307.002\IDSXpx86.sys -- (IDSxpx86)
DRV - [2012/03/02 13:58:02 | 000,820,856 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20120302.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/02/03 22:15:21 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/02/03 22:15:21 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/10/01 09:30:42 | 000,018,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftvolxp.sys -- (Sftvol)
DRV - [2011/10/01 09:30:40 | 000,020,584 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftredirxp.sys -- (Sftredir)
DRV - [2011/10/01 09:30:38 | 000,209,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftplayxp.sys -- (Sftplay)
DRV - [2011/10/01 09:30:36 | 000,584,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftfsxp.sys -- (Sftfs)
DRV - [2011/08/21 21:53:36 | 000,362,360 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1109000.00C\symtdi.sys -- (SYMTDI)
DRV - [2011/08/21 21:53:35 | 000,173,176 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1109000.00C\symefa.sys -- (SymEFA)
DRV - [2011/08/03 23:19:30 | 000,485,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1109000.00C\cchpx86.sys -- (ccHP)
DRV - [2011/08/03 20:14:05 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20120307.035\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/03 20:14:04 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20120307.035\NAVENG.SYS -- (NAVENG)
DRV - [2011/07/27 22:32:02 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/04/29 00:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1109000.00C\ironx86.sys -- (SymIRON)
DRV - [2010/04/21 21:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NAV\1109000.00C\srtsp.sys -- (SRTSP)
DRV - [2010/04/21 21:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1109000.00C\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2009/08/29 19:17:18 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1109000.00C\symds.sys -- (SymDS)
DRV - [2008/04/13 19:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 17:04:16 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/08/13 13:00:42 | 000,107,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ac97ich4.sys -- (ac97intc) Intel(r) 82801DB/DBM Audio Driver Service (WDM)
DRV - [2004/05/26 15:18:18 | 000,044,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2001/08/17 12:11:18 | 000,020,160 | ---- | M] (ADMtek Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ADM8511.SYS -- (ADM8511)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1123561945-963894560-1417001333-1003\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
IE - HKU\S-1-5-21-1123561945-963894560-1417001333-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1123561945-963894560-1417001333-1003\..\SearchScopes\{9CB38A67-DD67-4796-87FA-65C0AC4E1609}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-1123561945-963894560-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1123561945-963894560-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=100&systemid=410&sr=0&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/07/12 09:17:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\IPSFFPlgn\ [2011/08/10 03:43:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2012/02/25 12:46:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2012/02/26 04:02:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/10 09:08:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/20 22:30:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/12 22:50:42 | 000,000,000 | ---D | M]

[2012/03/13 14:57:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2012/03/20 23:34:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ddqxcri.default\extensions
[2012/03/12 23:14:10 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ddqxcri.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2011/06/27 10:20:06 | 000,000,000 | ---D | M] (Techinline Remote Desktop Client) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ddqxcri.default\extensions\RemoteDesktopClient@techinline.com
[2012/02/01 21:03:03 | 000,000,000 | ---D | M] ("VirtualDJ Toolbar") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ddqxcri.default\extensions\toolbar@ask.com
[2012/03/12 23:11:40 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ddqxcri.default\searchplugins\Search_Results.xml
[2012/03/13 14:57:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/20 22:30:22 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/07/23 11:37:08 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2011/03/18 13:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/03/18 13:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/02/04 19:23:38 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/12 23:11:40 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012/02/04 19:23:38 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/06/17 06:37:26 | 000,435,122 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14977 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.9.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {9D717F81-9148-4f12-8568-69135F087DB0} - No CLSID value found.
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-1123561945-963894560-1417001333-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe ()
O4 - HKU\S-1-5-21-1123561945-963894560-1417001333-1003..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-1123561945-963894560-1417001333-1003..\Run: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe ()
O4 - HKU\S-1-5-21-1123561945-963894560-1417001333-1003..\Run: [TaskScheduler] C:\ProWin10\32bit\TaskSch.exe (Intuit, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk = C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\MS Excel 2000\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk = C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe (Intuit Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1123561945-963894560-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 5303713109 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {C9E2242D-DC05-4C54-9483-A5C90653F7BC} https://techinline.net/Client/TIClient.cab (ClientPlugin Object)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.177.176.38 71.92.29.130 24.217.201.67
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{604B4926-0420-46D8-8133-071FF1F46D11}: DhcpNameServer = 24.177.176.38 71.92.29.130 24.217.201.67
O18 - Protocol\Handler\intu-help-qb3 - No CLSID value found
O18 - Protocol\Handler\intu-help-qb4 {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\intu-help-qb5 {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/05/13 10:35:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\##goody#Goody#Windows Updates#0427\Shell - "" = AutoRun
O33 - MountPoints2\##goody#Goody#Windows Updates#0427\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\##goody#Goody#Windows Updates#0427\Shell\AutoRun\command - "" = Z:\UpdateInstaller.exe
O33 - MountPoints2\{03fced0c-bab1-11e0-9b01-000c6ef39663}\Shell - "" = AutoRun
O33 - MountPoints2\{03fced0c-bab1-11e0-9b01-000c6ef39663}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{03fced0c-bab1-11e0-9b01-000c6ef39663}\Shell\AutoRun\command - "" = F:\TL-Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/20 23:24:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/03/20 23:09:23 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/03/20 22:50:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/03/20 22:48:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/03/20 22:48:42 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/03/20 22:43:22 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Owner\Desktop\erunt-setup.exe
[2012/03/18 13:54:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\AppData
[2012/03/14 03:28:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2012/03/12 23:12:12 | 000,164,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\COMCT232.OCX
[2012/03/12 23:12:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Free Audio Pack
[2012/03/12 23:11:43 | 000,479,232 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudioVisu.dll
[2012/03/12 23:11:43 | 000,458,752 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudPlayer.dll
[2012/03/12 23:11:43 | 000,454,656 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudioRecord.dll
[2012/03/12 23:11:43 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\WMAFile.dll
[2012/03/12 23:11:42 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudFile.dll
[2012/03/12 23:11:42 | 001,212,416 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudioInfos.dll
[2012/03/12 23:11:42 | 000,417,792 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudDisplay.dll
[2012/03/12 23:11:41 | 002,084,864 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudDesign.dll
[2012/03/12 23:11:41 | 000,119,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6FR.DLL
[2012/03/12 23:11:41 | 000,115,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msinet.OCX
[2012/03/12 23:11:41 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6STKIT.DLL
[2012/03/12 23:11:41 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetfr.DLL
[2012/03/12 23:11:40 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TABCTFR.DLL
[2012/03/12 23:11:34 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCMCFR.DLL
[2012/03/12 23:11:34 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Mscc2fr.dll
[2012/03/12 23:11:32 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CMDLGFR.DLL
[2012/03/12 23:11:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\FreeAudioPack
[2012/03/12 23:11:27 | 000,000,000 | ---D | C] -- C:\Program Files\Free mp3 Wma Converter
[2012/03/12 09:09:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\QBBackupTemp Mon, Mar 12 2012 09 09 41 AM
[2012/03/10 09:08:46 | 000,020,696 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/03/10 09:08:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2012/03/10 09:08:45 | 000,337,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/03/10 09:08:42 | 000,035,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/03/10 09:08:41 | 000,053,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/03/10 09:08:40 | 000,612,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/03/10 09:08:38 | 000,095,704 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/03/10 09:08:38 | 000,089,048 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/03/10 09:08:38 | 000,024,920 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/03/10 09:06:55 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/03/10 09:06:52 | 000,201,352 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/03/10 09:06:12 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/03/10 09:06:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/02/29 04:32:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\IETldCache
[2012/02/29 04:10:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2012/02/29 04:10:09 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2012/02/29 04:06:54 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/02/26 04:01:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2012/02/25 14:58:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\HP
[2012/02/25 12:49:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\HP
[2012/02/25 12:47:48 | 000,125,440 | ---- | C] (Hewlett-Packard Company) -- C:\WINDOWS\System32\hpf3l02t.dll
[2012/02/25 12:46:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2012/02/25 12:46:30 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar
[2012/02/25 12:46:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/02/25 12:45:37 | 000,000,000 | ---D | C] -- C:\Program Files\Bing Bar Installer
[2012/02/25 12:45:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HP
[2012/02/25 12:44:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2012/02/25 12:44:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2012/02/25 12:44:04 | 000,454,504 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpzids01.dll
[2012/02/25 12:43:32 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2012/02/24 17:01:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\New Folder (6)
[1 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/21 14:16:05 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/03/21 13:42:32 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/21 13:40:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/21 13:40:55 | 536,383,488 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/20 23:30:22 | 003,506,952 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/20 23:09:34 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/03/20 22:48:45 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2012/03/20 22:43:23 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Owner\Desktop\erunt-setup.exe
[2012/03/20 22:39:25 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SystemLook.exe
[2012/03/20 19:48:55 | 000,000,392 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\TO YOUR HEALTH SPROUTED BREAD & FLOUR CO., INC.QBW.ND
[2012/03/20 19:48:54 | 023,937,024 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\TO YOUR HEALTH SPROUTED BREAD & FLOUR CO., INC.QBW
[2012/03/20 19:48:54 | 000,589,824 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\TO YOUR HEALTH SPROUTED BREAD & FLOUR CO., INC.QBW.TLG
[2012/03/16 21:16:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/03/14 12:36:24 | 000,437,319 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\meinhardt.10i
[2012/03/14 03:32:47 | 000,502,590 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/14 03:32:47 | 000,088,112 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/12 23:13:13 | 000,000,985 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Easy Audio Cutter.lnk
[2012/03/12 23:13:11 | 000,000,969 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Free CD Ripper.lnk
[2012/03/12 23:13:09 | 000,000,967 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Free Mp3 Wma Converter.lnk
[2012/03/12 23:13:07 | 000,000,967 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Easy Audio Cutter.lnk
[2012/03/12 23:13:03 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Free CD Ripper.lnk
[2012/03/12 23:12:57 | 000,000,949 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Free Mp3 Wma Converter.lnk
[2012/03/12 22:39:32 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/03/12 22:37:08 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2012/03/12 08:18:39 | 012,049,344 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\QDATA11.QDF
[2012/03/12 08:18:39 | 000,080,896 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\QDATA11.QEL
[2012/03/12 08:18:39 | 000,055,065 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\QDATA11.QSD
[2012/03/12 08:14:09 | 000,000,042 | ---- | M] () -- C:\Documents and Settings\Owner\default.pls
[2012/03/12 08:13:58 | 000,001,447 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2012/03/12 08:13:22 | 001,111,868 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\QDATA11.IDX
[2012/03/10 09:08:47 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/03/10 09:08:39 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/03/06 19:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/03/06 19:15:14 | 000,201,352 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/03/06 19:03:51 | 000,612,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/03/06 19:03:38 | 000,337,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/03/06 19:02:00 | 000,035,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/03/06 19:01:53 | 000,053,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/03/06 19:01:39 | 000,095,704 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/03/06 19:01:35 | 000,089,048 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/03/06 19:01:30 | 000,020,696 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/03/06 18:58:29 | 000,024,920 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/02/29 04:32:52 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/25 12:49:23 | 000,189,177 | ---- | M] () -- C:\WINDOWS\hpwins23.dat
[2012/02/24 17:21:35 | 000,006,888 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ZbThumbnail.info
[2012/02/24 17:10:51 | 000,007,680 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/20 22:48:45 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2012/03/20 22:39:22 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SystemLook.exe
[2012/03/12 23:13:11 | 000,000,985 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Easy Audio Cutter.lnk
[2012/03/12 23:13:09 | 000,000,969 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Free CD Ripper.lnk
[2012/03/12 23:13:08 | 000,000,967 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Free Mp3 Wma Converter.lnk
[2012/03/12 23:13:06 | 000,000,967 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Easy Audio Cutter.lnk
[2012/03/12 23:13:02 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Free CD Ripper.lnk
[2012/03/12 23:12:54 | 000,000,949 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Free Mp3 Wma Converter.lnk
[2012/03/12 23:11:44 | 000,116,296 | ---- | C] () -- C:\WINDOWS\System32\NCTWMAProfiles.prx
[2012/03/12 23:11:31 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2012/03/12 22:39:30 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/03/12 08:13:22 | 001,111,868 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\QDATA11.IDX
[2012/03/10 09:08:47 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/02/29 04:31:37 | 000,813,384 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/02/25 12:46:43 | 000,001,077 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Default Manager.lnk
[2012/02/25 12:45:48 | 000,001,077 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Live ID.lnk
[2012/02/25 12:41:13 | 000,189,177 | ---- | C] () -- C:\WINDOWS\hpwins23.dat
[2012/02/25 12:41:13 | 000,001,501 | ---- | C] () -- C:\WINDOWS\hpwmdl23.dat
[2012/02/16 01:17:33 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/10/17 20:54:20 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/08/19 22:26:28 | 000,000,186 | ---- | C] () -- C:\WINDOWS\System32\Gsw32.exe.config
[2011/08/09 08:45:34 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2011/08/02 10:56:19 | 000,000,064 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2011/07/27 10:09:13 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/06/23 10:30:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/06/22 20:48:38 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/05/29 08:35:35 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2011/05/27 12:49:49 | 000,020,280 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/05/20 08:00:27 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/19 15:47:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2011/05/19 13:55:44 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2011/05/19 13:39:04 | 000,001,447 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2011/05/13 10:38:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/05/13 10:32:52 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/05/13 05:20:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/05/13 05:19:33 | 003,506,952 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2012/03/10 09:06:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/03/14 03:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2011/05/19 13:55:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/05/16 10:35:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/05/19 13:56:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2012/01/28 10:21:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Raize
[2011/11/28 11:54:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/05/20 11:01:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2011/07/22 21:39:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualizedApplications
[2011/05/27 11:59:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/05/16 10:35:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG10
[2011/07/23 11:37:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Catalina Marketing Corp
[2011/11/28 11:16:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/03/12 23:15:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FreeAudioPack
[2012/03/14 03:23:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SoftGrid Client
[2011/05/19 12:21:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TP
[2012/03/21 14:16:05 | 000,000,234 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Owner\Desktop\hs_err_pid1504.log:SummaryInformation

< End of report >
mein12
Regular Member
 
Posts: 16
Joined: March 13th, 2012, 10:48 pm

Re: Browser Hijack searchnu......com/410

Unread postby mein12 » March 21st, 2012, 3:31 pm

Here is the Extras text:

OTL Extras logfile created on: 3/21/2012 2:09:20 PM - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.47 Mb Total Physical Memory | 291.47 Mb Available Physical Memory | 56.99% Memory free
1.22 Gb Paging File | 0.76 Gb Available in Paging File | 61.90% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 32.21 Gb Free Space | 43.23% Space Free | Partition Type: NTFS
Drive F: | 7.26 Gb Total Space | 5.99 Gb Free Space | 82.46% Space Free | Partition Type: FAT32

Computer Name: OWNER-CFB93CB1D | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-1123561945-963894560-1417001333-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Intuit\QuickBooks 2011\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2011\QBDBMgrN.exe:*:Enabled:QuickBooks 2011 Data Manager -- (Intuit, Inc.)
"C:\Program Files\Intuit\QuickBooks 2012\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2012\QBDBMgrN.exe:*:Enabled:QuickBooks 2012 Data Manager -- (Intuit, Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00110409-78E1-11D2-B60F-006097C998E7}" = Microsoft Excel 2000
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Camera Window DS
"{0E52A52C-E120-461C-AA1B-21B045BEE842}" = bpd_scan
"{0FFD15DD-B6B7-4F1E-8764-9DD1FED7DC0A}" = ProSeries User's Guide 2010
"{11968F04-71FB-4C8C-B4D8-14FA4171EE36}" = 6500_E709_Help_BasicWeb
"{11E0AC7D-6823-4F67-865F-EE1C13D28C38}" = QuickBooks Premier: Accountant Edition 2011
"{1D70AABC-CB59-4700-A708-EA56D1CA07B0}" = QuickBooks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2181214D-1954-4C60-91FD-EEA7EBB32022}" = QuickBooks Premier: Accountant Edition 2012
"{25E202D1-D8E7-46AF-B4B0-157D9993A93E}" = QuickBooks
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 25
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2CC982C0-7EAE-11D4-ACC3-0050568AD318}" = Avery DesignPro
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C8C6D37-CA3C-4EF6-A1E5-0D188E7B6021}" = HP Officejet 6500 E709 Series
"{4F7177E9-2B54-48B4-AAFD-03FA1F87A542}" = Bing Bar Platform
"{50E25180-3BDC-4B6D-80A2-3F1F0C9CF39D}" = Camera Window DVC
"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5E1375CB-6792-4464-8715-CC3EC83D48FA}" = VirtualDJ Home FREE
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6C3A75A6-9A90-44A3-A703-82AC1EA6A85D}" = Camera Window MC
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{779C40FF-9211-427B-A5C4-2026B85A1033}" = Nero 7 Essentials
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86196C81-759C-4F74-8DFF-36F9F50FEEAC}" = 6500_E709_BasicWeb
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = VirtualDJ Toolbar
"{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = PhotoStitch
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140011-0061-0409-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - English
"{901F8ED7-13E8-43EF-B738-2FE89B0588EB}" = Camera Access Library
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1D0D14A-B776-4907-BC00-5149F2298086}" = Camera Support Core Library
"{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Camera Window DVC
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B147DC1B-49B3-4368-8A01-5AD9992CD58D}" = MovieEdit Task
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = RAW Image Task 2.2
"{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}" = Canon PhotoRecord
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon ZoomBrowser EX (E)
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{FA0092C2-C0FE-40DA-A79E-E4C0FCA129F9}" = Intuit Entitlement Client
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FAD96046-769E-4A4B-949B-8D29D885EFD6}" = BPDSoftware_Ini
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"CutePDF Writer Installation" = CutePDF Writer 2.8
"ERUNT_is1" = ERUNT 1.1j
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 2.2
"HTC_WModemDriver" = WModem Driver Installer
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Canon Camera Window DSLR 5 for ZoomBrowser EX
"InstallShield_{50E25180-3BDC-4B6D-80A2-3F1F0C9CF39D}" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"InstallShield_{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"InstallShield_{6C3A75A6-9A90-44A3-A703-82AC1EA6A85D}" = Canon Camera Window MC 6 for ZoomBrowser EX
"InstallShield_{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{901F8ED7-13E8-43EF-B738-2FE89B0588EB}" = Canon Camera Access Library
"InstallShield_{A1D0D14A-B776-4907-BC00-5149F2298086}" = Canon Camera Support Core Library
"InstallShield_{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"InstallShield_{B147DC1B-49B3-4368-8A01-5AD9992CD58D}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = Canon RAW Image Task for ZoomBrowser EX
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NAV" = Norton AntiVirus
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"ProSeries 2010" = ProSeries 2010
"Tax Forms Helper 2011_is1" = Tax Forms Helper 2011 10.0
"Verizon V CAST Media Manager" = Verizon V CAST Media Manager
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1123561945-963894560-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = VirtualDJ Toolbar Updater

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/15/2012 5:41:28 PM | Computer Name = OWNER-CFB93CB1D | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 3/20/2012 3:13:21 PM | Computer Name = OWNER-CFB93CB1D | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 3/20/2012 3:13:21 PM | Computer Name = OWNER-CFB93CB1D | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 3/20/2012 3:13:21 PM | Computer Name = OWNER-CFB93CB1D | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 3/20/2012 8:50:19 PM | Computer Name = OWNER-CFB93CB1D | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 3/20/2012 8:50:19 PM | Computer Name = OWNER-CFB93CB1D | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 3/20/2012 8:50:19 PM | Computer Name = OWNER-CFB93CB1D | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 3/20/2012 11:06:45 PM | Computer Name = OWNER-CFB93CB1D | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 3/20/2012 11:06:45 PM | Computer Name = OWNER-CFB93CB1D | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 3/20/2012 11:06:45 PM | Computer Name = OWNER-CFB93CB1D | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

[ System Events ]
Error - 3/21/2012 2:35:19 PM | Computer Name = OWNER-CFB93CB1D | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 3/21/2012 2:35:19 PM | Computer Name = OWNER-CFB93CB1D | Source = Service Control Manager | ID = 7034
Description = The QBCFMonitorService service terminated unexpectedly. It has done
this 1 time(s).

Error - 3/21/2012 2:35:21 PM | Computer Name = OWNER-CFB93CB1D | Source = Service Control Manager | ID = 7034
Description = The QBIDPService service terminated unexpectedly. It has done this
1 time(s).

Error - 3/21/2012 2:35:21 PM | Computer Name = OWNER-CFB93CB1D | Source = Service Control Manager | ID = 7034
Description = The Application Virtualization Service Agent service terminated unexpectedly.
It has done this 1 time(s).

Error - 3/21/2012 2:35:22 PM | Computer Name = OWNER-CFB93CB1D | Source = Service Control Manager | ID = 7034
Description = The Canon Camera Access Library 8 service terminated unexpectedly.
It has done this 1 time(s).

Error - 3/21/2012 2:35:24 PM | Computer Name = OWNER-CFB93CB1D | Source = Service Control Manager | ID = 7031
Description = The Norton AntiVirus service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 120000 milliseconds:
Restart the service.

Error - 3/21/2012 2:35:25 PM | Computer Name = OWNER-CFB93CB1D | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 3/21/2012 2:35:25 PM | Computer Name = OWNER-CFB93CB1D | Source = Service Control Manager | ID = 7034
Description = The Application Virtualization Client service terminated unexpectedly.
It has done this 1 time(s).

Error - 3/21/2012 2:36:45 PM | Computer Name = OWNER-CFB93CB1D | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Apple Mobile Device service
to connect.

Error - 3/21/2012 2:36:45 PM | Computer Name = OWNER-CFB93CB1D | Source = Service Control Manager | ID = 7000
Description = The Apple Mobile Device service failed to start due to the following
error: %%1053


< End of report >

Late for a meeting. Thanks again. Catherine
mein12
Regular Member
 
Posts: 16
Joined: March 13th, 2012, 10:48 pm

Re: Browser Hijack searchnu......com/410

Unread postby mambass » March 23rd, 2012, 12:16 pm

Hi Catherine, :)

This was the last line in the Notepad of System Look Text - window did not pop up automatically. Did I exit too soon?
What you did was fine. :thumbup:

The second item in the instructions below will remove installed programs. There are two steps that require some explanation.
  • You currently have both Avast! Free Antivirus and Norton Antivirus installed. You should always have one and only one antivirus application installed and virus definitions associated with that application should be kept up-to-date. Select the one that you wish to retain and remove the other one.
  • You currently have Coupon Printer for Windows installed. You may find the article here to be of value when deciding whether to retain this application. My recommendation is that you remove it unless you find it to be useful and are willing to accept the associated issues raised in the article.

Please print these instructions because you will not have access to the Internet while performing some of the tasks below.

  1. Backup Your Registry with ERUNT
    1. Click Start > All Programs > ERUNT > ERUNT to run ERUNT.
    2. Accept the default options for running a backup
    3. Click OK to finish.
    Note: If you are unable to backup your registry with ERUNT then STOP – Let me know what happened and [b]DO NOT[/b] perform any of the steps below.

  2. Remove Programs Using Control Panel
    Take extra care in answering questions posed by any Uninstaller.

    1. Click Start > Settings > Control Panel or Start > Control Panel then double-click Add/Remove Programs.
    2. Highlight the antivirus product that you wish to remove and choose Remove.
    3. If you wish to remove it, highlight Coupon Printer for Windows and choose Remove.
    4. Highlight Java Auto Updater , if it exists, and choose Remove.
    5. Highlight Java(TM) 6 Update 25 , if it exists, and choose Remove.
    6. Close both the Add or Remove Programs window and the Control Panel window.

  3. Perform a Custom Fix with OTL
    1. Double-click the OTL icon on your Desktop to run the program.
    2. In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
      Code: Select all
      :OTL
      FF - prefs.js..browser.search.defaultenginename: "Search Results"
      FF - prefs.js..browser.search.order.1: "Search Results"
      FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=100&systemid=410&sr=0&q="
      O2 - BHO: (no name) - {9D717F81-9148-4f12-8568-69135F087DB0} - No CLSID value found.
      O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
      O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
      O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
      O3 - HKU\S-1-5-21-1123561945-963894560-1417001333-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
      O4 - HKLM..\Run: [] File not found
      O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_25)
      O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_25)
      O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_25)
      [1 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]
      @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Owner\Desktop\hs_err_pid1504.log: SummaryInformation
      
      :Reg
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserConnection.Loader.1]
      =-
      
      :Files
      C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ddqxcri.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
      C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ddqxcri.default\extensions\toolbar@ask.com
      C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ddqxcri.default\searchplugins\Search_Results.xml
      C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
      C:\Documents and Settings\All Users\Application Data\boost_interprocess
      C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
      C:\Program Files\Ask.com
      
      :Commands
      [EMPTYTEMP]
      [CREATERESTOREPOINT]
      
      
    3. Close all running applications other than OTL.
    4. Click the Run Fix button at the top.
    5. Let the program run unhindered and reboot the PC when it is done.
    6. When the computer Reboots, and you start your usual account, a Notepad text file will appear.
    7. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log.

  4. Install Java Runtime Environment
    1. Please goto http://www.oracle.com/technetwork/java/javase/downloads/index.html
    2. Find the section labeled Java SE 6 Update 31 and click on the JRE Download button. (DO NOT click the JDK Download button).
    3. Click the Accept License Agreement option.
    4. Find the Windows x86 (32-bit) Offline entry, click the jre-6u31-windows-i586.exe link and save the installer on your Desktop.
    5. Double-click the jre-6u31-windows-i586.exe icon on your Desktop to install the newest version of Java.
      1. During the Installation, be sure to UNCHECK any offer for McAfee Security Scan Plus. It's just adware.
      2. Also always UNCHECK any offer for Ask Toolbar during the installation of Java or any other product.
    6. When it finishes, you can remove the Installer from your desktop.

  5. Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.
    All versions numbered lower than 10.1 are vulnerable.
    1. Please click here to download the AdbeRdr1012_en_US.exe installer and save it to your desktop.
    2. Double-click the installer to install the latest version of Adobe Reader.
    3. After the new Reader is installed, Open Adobe Reader X, as it is called, and OK the license.
    4. Click on Edit and select Preferences.
    5. On the Left, click on the Javascript category and Uncheck Enable Acrobat Javascript.
    6. Click on the Security (Enhanced) category and Uncheck Automatically trust sites from my Win OS security zones.
    7. Click on the Trust Manager category and Uncheck Allow opening of non-PDF file attachments with external applications.
    8. Click the OK button
    9. When it finishes, you can remove the Installer from your desktop.

  6. Run a Scan with OTL
    1. Right-click the OTL icon on your Desktop and select Run As Administrator to run the program.
    2. Check the boxes labeled :
      • Scan All Users
      • LOP check
      • Purity check
      • Extra Registry > Use SafeList <-- Be sure to select this option
    3. Make sure all other windows are closed so that it can run uninterrupted.
    4. Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so. The scan won't take long.
    5. When the scan completes, it will open two notepad windows. OTL.Txt will be displayed and Extras.Txt will be minimized. These are saved in the same location as OTL. (desktop)
    6. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.


Please include in your reply (use separate posts if more convenient):
  1. The text of any error messages and/or a description of any problems you encountered while performing these steps.
  2. The contents of the OTL Fix log.
  3. The contents of the OTL.txt and Extras.txt scan logs.

mambass
User avatar
mambass
Retired Graduate
 
Posts: 826
Joined: April 23rd, 2010, 9:26 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 25 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware