Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

www.searchnu.com/406 Problem

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

www.searchnu.com/406 Problem

Unread postby pshaw1993 » May 26th, 2012, 10:40 pm

This little bugger showed up tonight. I installed "Ilivid" to my computer which seems to be the culprit. I installed OTL and received the following log.

OTL logfile created on: 5/26/2012 10:09:48 PM - Run 1
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 1.14 Gb Available Physical Memory | 58.79% Memory free
3.78 Gb Paging File | 2.98 Gb Available in Paging File | 78.80% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 63.53 Gb Free Space | 85.24% Space Free | Partition Type: NTFS

Computer Name: HP-D2E6C9939B0A | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Processes (SafeList) ==========

PRC - [2012/05/26 22:08:27 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe
PRC - [2012/05/14 07:47:23 | 001,116,544 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/05/14 07:46:20 | 000,932,736 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
PRC - [2012/05/08 15:02:09 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/08 15:02:08 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/05/08 15:02:08 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/05/08 15:02:08 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/04/20 21:18:58 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/04/04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
PRC - [2012/04/04 15:04:58 | 005,515,088 | ---- | M] (Firetrust) -- C:\Program Files\FireTrust\MailWasher\MailWasherPro.exe
PRC - [2012/03/12 08:12:01 | 001,694,608 | ---- | M] (Bandoo Media, inc) -- C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe
PRC - [2009/11/19 11:37:32 | 001,601,536 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\Zoom Wireless-N USB\Common\RaUI.exe
PRC - [2009/10/20 14:13:44 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\Zoom Wireless-N USB\Common\RaRegistry.exe
PRC - [2008/07/03 10:38:24 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/26 18:52:51 | 008,797,856 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2012/05/14 07:47:23 | 001,116,544 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012/05/14 07:46:21 | 000,130,944 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\SiteSafety.dll
MOD - [2012/05/14 07:46:20 | 000,932,736 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
MOD - [2012/05/08 15:02:09 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2012/05/08 07:47:29 | 017,629,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7f91eecda3ff7ce478146b6458580c98\PresentationFramework.ni.dll
MOD - [2012/05/08 07:47:16 | 006,754,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\92cccedc7cda413ff6fc6492cb256b58\System.Data.ni.dll
MOD - [2012/05/08 07:47:15 | 011,057,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\3963e9ce8d44f50e8367e92a8e3e42e6\PresentationCore.ni.dll
MOD - [2012/05/08 07:47:13 | 013,006,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\17e020ae92d7fab33bcc1c98b25019d0\System.Windows.Forms.ni.dll
MOD - [2012/05/08 07:47:10 | 000,656,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\016f9a150fce0e0a4c93532d8fa4c749\PresentationFramework.Luna.ni.dll
MOD - [2012/05/08 07:47:07 | 007,025,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\713647b987b140a17e3c4ffe4c721f85\System.Core.ni.dll
MOD - [2012/05/08 07:47:05 | 003,779,072 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\d17606e813f01376bd0def23726ecc62\WindowsBase.ni.dll
MOD - [2012/05/08 07:47:04 | 005,571,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\e997d0200c25f7db6bd32313d50b729d\System.Xml.ni.dll
MOD - [2012/05/08 07:47:03 | 001,651,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\dd57bc19f5807c6dbe8f88d4a23277f6\System.Drawing.ni.dll
MOD - [2012/05/08 07:47:01 | 000,973,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\ac18c2dcd06bd2a0589bac94ccae5716\System.Configuration.ni.dll
MOD - [2012/05/08 07:47:00 | 000,450,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\3555f5f74c56fa92c0ab7a635af91bfa\PresentationFramework.Aero.ni.dll
MOD - [2012/05/08 07:46:56 | 009,000,960 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\964da027ebca3b263a05cadb8eaa20a3\System.ni.dll
MOD - [2012/05/08 07:46:48 | 000,144,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Numerics\b07f0d26a34ad53fc369248f289d1126\System.Numerics.ni.dll
MOD - [2012/05/08 07:46:46 | 014,415,872 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\246f1a5abb686b9dcdf22d3505b08cea\mscorlib.ni.dll
MOD - [2012/04/20 21:19:01 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/04/03 15:47:08 | 000,272,384 | ---- | M] () -- C:\Program Files\FireTrust\MailWasher\FTClientNode.dll
MOD - [2012/04/03 15:47:08 | 000,061,952 | ---- | M] () -- C:\Program Files\FireTrust\MailWasher\MWPBridgeDLL.dll
MOD - [2012/04/03 15:47:08 | 000,061,952 | ---- | M] () -- C:\Program Files\FireTrust\MailWasher\FTBridge.dll
MOD - [2012/01/30 15:23:02 | 004,637,184 | ---- | M] () -- C:\Program Files\FireTrust\MailWasher\MWPappDLL.dll
MOD - [2009/10/20 14:13:52 | 000,147,456 | ---- | M] () -- C:\WINDOWS\system32\DiagFunc.dll
MOD - [2009/10/20 14:13:42 | 000,860,160 | ---- | M] () -- C:\Program Files\Zoom Wireless-N USB\Common\RaWLAPI.dll
MOD - [2006/10/26 14:56:46 | 000,757,008 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/05/26 18:52:51 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/14 07:46:20 | 000,932,736 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe -- (vToolbarUpdater11.0.2)
SRV - [2012/05/08 15:02:09 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/08 15:02:08 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/04/20 21:19:00 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/10/20 14:13:44 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files\Zoom Wireless-N USB\Common\RaRegistry.exe -- (RalinkRegistryWriter)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/05/08 15:02:09 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/05/08 15:02:09 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/09/16 00:55:04 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010/06/17 16:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/11/10 16:28:44 | 000,246,000 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SRS_PremiumSound_i386.sys -- (SRS_PremiumSound_Service)
DRV - [2009/10/20 14:13:54 | 000,019,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Scutum50.sys -- (Scutum50)
DRV - [2009/10/20 14:13:22 | 000,779,136 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2008/06/05 11:58:18 | 000,144,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1k5132.sys -- (e1kexpress) Intel(R)
DRV - [2008/03/28 12:42:12 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2008/03/28 12:14:02 | 000,024,064 | ---- | M] (Sonic Focus, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfaudio.sys -- (SFAUDIO)
DRV - [2007/01/23 09:13:26 | 000,036,608 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q= {searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ie ... 06&sr=0&q= {searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1645522239-2111687655-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid= {CE1AA19F-466D-4DD1-ADFD-024CDF4F3472}&mid=&lang=en&ds=ft011&pr=sa&d=2012-05-14 07:47:23&v=11.0.0.9&sap=hp
IE - HKU\S-1-5-21-1645522239-2111687655-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1645522239-2111687655-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1645522239-2111687655-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 08 8B 72 E5 1E C8 CC 01 [binary data]
IE - HKU\S-1-5-21-1645522239-2111687655-682003330-500\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-1645522239-2111687655-682003330-500\..\URLSearchHook: {939a6a52-7680-7e14-35d7-5851ade84213} - C:\Program Files\Bekko Search Bar 1.0\Helper.dll ()
IE - HKU\S-1-5-21-1645522239-2111687655-682003330-500\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-1645522239-2111687655-682003330-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q= {searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1645522239-2111687655-682003330-500\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid= {CE1AA19F-466D-4DD1-ADFD-024CDF4F3472}&mid=&lang=en&ds=ft011&pr=sa&d=2012-05-14 07:47:23&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1645522239-2111687655-682003330-500\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ie ... 06&sr=0&q= {searchTerms}
IE - HKU\S-1-5-21-1645522239-2111687655-682003330-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.searchnu.com/406"
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=394&systemid=406&sr=0&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\11.0.0.9\ [2012/05/14 07:46:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/14 07:47:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/05/15 08:37:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2012/05/26 22:07:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\s0byu6dm.default\extensions
[2012/05/26 21:27:57 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\s0byu6dm.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/05/15 08:37:12 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\s0byu6dm.default\searchplugins\Search_Results.xml
[2012/05/15 08:37:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/20 21:19:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/05/14 07:47:12 | 000,003,695 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/04/20 21:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/05/15 08:37:12 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012/04/20 21:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2008/04/14 11:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Bekko Search Bar 1.0 BHO) - {0A7E0730-1D2B-21F4-D160-DBCB5520151E} - C:\Program Files\Bekko Search Bar 1.0\Toolbar.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (Bekko Search Bar 1.0) - {D8E6FAB1-CCB0-9174-716B-7C4727C14BC8} - C:\Program Files\Bekko Search Bar 1.0\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-1645522239-2111687655-682003330-500\..\Toolbar\WebBrowser: (Bekko Search Bar 1.0) - {D8E6FAB1-CCB0-9174-716B-7C4727C14BC8} - C:\Program Files\Bekko Search Bar 1.0\Toolbar.dll ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-1645522239-2111687655-682003330-500..\RunOnce: [!SearchquDSFF] C:\Documents and Settings\Administrator\Local Settings\Temp\SRAssetsHelper.dll ()
O4 - HKU\S-1-5-21-1645522239-2111687655-682003330-500..\RunOnce: [!SearchquFFHP] C:\Documents and Settings\Administrator\Local Settings\Temp\installhelper.dll ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher\MailWasherPro.exe (Firetrust)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Zoom Wireless-N USB.lnk = C:\Program Files\Zoom Wireless-N USB\Common\RaUI.exe (Ralink Technology, Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1645522239-2111687655-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O13 - gopher Prefix: missing
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/In ... ect118.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F5EB84F-3D16-40FF-B718-AF2BDB109EA6}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll) - C:\Program Files\Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll) - C:\Program Files\Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/12/21 19:34:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{4f2e3caf-2c2d-11e1-80dd-9a623a05b253}\Shell\AutoRun\command - "" = en1nmk.exe
O33 - MountPoints2\{4f2e3caf-2c2d-11e1-80dd-9a623a05b253}\Shell\open\Command - "" = en1nmk.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 60 Days ==========

[2012/05/26 21:41:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Ilivid Player
[2012/05/26 18:55:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2012/05/26 18:55:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Sun
[2012/05/26 18:52:51 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/05/26 18:52:51 | 000,070,304 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/05/26 18:48:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2012/05/26 18:48:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/05/26 18:47:37 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/05/26 18:47:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Oracle
[2012/05/26 18:47:32 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2012/05/26 18:47:32 | 000,687,504 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2012/05/26 18:47:32 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/05/26 18:46:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2012/05/15 08:37:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\searchqutoolbar
[2012/05/15 08:37:12 | 000,000,000 | ---D | C] -- C:\Program Files\Searchqu Toolbar
[2012/05/14 07:47:22 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/05/14 07:47:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2012/05/14 07:47:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2012/05/14 07:47:01 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/05/14 07:47:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/05/14 07:46:59 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/05/14 07:46:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\AVG Secure Search
[2012/05/14 07:46:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\AVG Secure Search
[2012/05/14 07:46:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2012/05/14 07:46:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/05/14 07:45:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2012/05/11 21:33:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
[2012/05/09 08:45:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Supplies
[2012/05/08 07:48:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Firetrust
[2012/05/08 07:48:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Firetrust
[2012/05/08 07:47:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Firetrust
[2012/05/07 23:11:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\MailWasher Free
[2012/05/07 23:11:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\MailWasherFree
[2012/05/07 23:11:42 | 000,000,000 | ---D | C] -- C:\Program Files\FireTrust
[2012/05/07 23:11:18 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo
[2012/05/07 23:11:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\FCTB000100803
[2012/05/07 23:11:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2012/05/07 23:11:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Bekko Search Bar 1.0
[2012/05/07 23:11:13 | 009,708,976 | ---- | C] (FireTrust Limited ) -- C:\Documents and Settings\Administrator\My Documents\MailWasher_Free_654-Setup.exe
[2012/05/07 23:11:13 | 000,000,000 | ---D | C] -- C:\Program Files\Bekko Search Bar 1.0
[2012/04/28 16:02:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PCHealth
[2012/04/28 15:00:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2012/04/28 14:45:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2012/04/28 14:45:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2012/04/28 14:45:10 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2012/04/28 07:33:42 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msyuv.dll
[2012/04/28 07:33:29 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iyuv_32.dll
[2012/04/28 07:33:29 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsbyuv.dll
[2012/04/28 07:33:21 | 000,361,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpip.sys
[2012/04/28 07:33:15 | 002,148,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2012/04/28 07:33:14 | 002,192,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2012/04/28 07:33:14 | 002,027,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2012/04/28 07:32:38 | 000,457,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2012/04/28 07:32:00 | 002,067,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstscax.dll
[2012/04/28 07:31:50 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2012/04/28 07:31:50 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2012/04/28 07:31:50 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2012/04/28 07:31:49 | 002,000,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2012/04/28 07:31:47 | 011,081,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 60 Days ==========

[2012/05/26 21:16:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/26 18:52:51 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/05/26 18:52:51 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/05/26 18:47:14 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/05/26 18:47:14 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/05/14 07:47:02 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/05/14 07:47:02 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/05/08 15:02:09 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2012/05/08 15:02:09 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2012/05/08 07:48:29 | 000,000,871 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MailWasherPro.lnk
[2012/05/08 07:48:29 | 000,000,839 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MailWasherPro.lnk
[2012/05/08 07:47:45 | 000,484,234 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/08 07:47:45 | 000,080,122 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/08 07:35:31 | 000,008,352 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\receipt_firetrust_8684929103.pdf
[2012/05/07 23:11:46 | 000,000,771 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MailWasher Free.lnk
[2012/05/07 23:09:46 | 009,708,976 | ---- | M] (FireTrust Limited ) -- C:\Documents and Settings\Administrator\My Documents\MailWasher_Free_654-Setup.exe
[2012/05/03 02:34:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/03 02:34:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/28 15:57:57 | 000,266,208 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/04/28 15:00:25 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/04/04 18:47:36 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/04/04 18:47:24 | 000,227,720 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/04/04 18:47:08 | 000,772,504 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2012/04/04 18:47:02 | 000,687,504 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/26 18:52:51 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/14 07:47:02 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/05/14 07:47:02 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/05/14 07:47:02 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/05/08 07:48:29 | 000,000,871 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MailWasherPro.lnk
[2012/05/08 07:48:29 | 000,000,839 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MailWasherPro.lnk
[2012/05/08 07:35:31 | 000,008,352 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\receipt_firetrust_8684929103.pdf
[2012/05/07 23:11:46 | 000,000,771 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MailWasher Free.lnk
[2011/12/31 20:38:10 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.dll
[2011/12/31 20:38:10 | 000,001,191 | ---- | C] () -- C:\WINDOWS\System32\W32N55.INI
[2011/12/31 20:38:10 | 000,000,480 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.ini
[2011/12/31 20:37:52 | 000,013,931 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2011/12/21 20:23:35 | 000,246,000 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_PremiumSound_i386.sys
[2011/12/21 19:48:49 | 000,982,196 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2011/12/21 19:48:49 | 000,417,344 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2011/12/21 19:48:49 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/12/21 19:48:48 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011/12/21 19:48:43 | 000,790,528 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/12/21 19:48:43 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/12/21 19:48:42 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/12/21 19:39:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/12/21 19:32:22 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/12/21 19:32:03 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2011/12/21 19:32:03 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2011/12/21 19:32:03 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2011/12/21 19:32:03 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2011/12/21 19:32:03 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2011/12/21 14:21:53 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/12/21 14:21:04 | 000,266,208 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

< End of report >


I would appreciate your help in anyway possible.

8)
pshaw1993
Regular Member
 
Posts: 28
Joined: May 26th, 2012, 10:32 pm

Re: www.searchnu.com/406 Problem

Unread postby Gary R » May 28th, 2012, 11:24 am

Looking over your logs, back soon.
User avatar
Gary R
Administrator
Administrator
 
Posts: 18127
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: www.searchnu.com/406 Problem

Unread postby Gary R » May 28th, 2012, 11:33 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "Help with spyware removal" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi pshaw1993

I'm Gary R,

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Please observe these rules while we work:
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • If you're using XP, you'll need Administrator privileges to perform the fixes. (XP accounts are Administrator by default)
  • If you're using Vista or Windows7, it will be necessary to right click all tools we use and select ----> Run as Administrator
Important As I said earlier removing Malware is a potentially hazardous thing to do, so to increase our chances of recovery in the event of something unexpected happening, I'd like you to make a backup of your Registry before we start to clean your computer.
  • Download ERUNT to your desktop
  • Alternate Download
  • Double-click on erunt_setup.exe to install the program
  • Untick the NTREGOPT desktop shortcut option
  • Click No when you get the option to run Erunt at Windows startup.
  • During the installation, tick Launch Erunt.
  • Accept the default options for running a backup.
  • Erunt will then backup your registry.
  • Click OK to finish.
  • If you are unable to back up your Registry with ERUNT ....
    • Let me know.
    • Do not follow any further instructions until I tell you to.
It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


Please right-click on the filename link below and select "Save target as..." or "Save Link as...", choose the Desktop location, and choose to save as the filename :Fix.txt
Windows XP, 32 bit : SQWinXP_x32.TXT

---------------------------------------------
Download the latest version of OTL
Delete your current version and download OTL.exe by OldTimer and save it to your desktop.
----------------------------------------------
Perform a Custom Fix with OTL
Double Click the OTL icon (Right click and choose "Run as administrator" in Vista/Win7)
  • Click the Run Fix button at the top.
  • You will see a popup dialog reporting "No fix has been provided. Click OK to load from a file or Cancel". Click on OK
  • When the Open dialog comes up, Navigate to the Desktop, scroll to find the file named Fix.txt and click Open
  • Some text will appear in the Custom scans/Fixes box.
  • Click the Run Fix button.
  • Let the program run unhindered and reboot the PC when it is done.
    When the computer Reboots, and you start your usual account, a Notepad text file will appear.
  • Copy the contents of that file and post it in your next reply. The file will also appear on your desktop as OTL.txt

Next

Please download SystemLook from one of the links below and save it to your Desktop.

For 32 bit Systems:
Download Mirror #1
Download Mirror #2


  • Double-click SystemLook.exe to run it.
  • Copy and paste the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchnu
    Searchqu
    iLivid
    whitesmoke
    datamngr
    kelkoopartners
    trolltech
    
  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Summary of the logs I need from you in your next post:
  • OTL fix log
  • SystemLook log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 18127
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: www.searchnu.com/406 Problem

Unread postby pshaw1993 » May 28th, 2012, 12:41 pm

Dear Sir:

When trying to follow your instructions below,
"Let the program run unhindered and reboot the PC when it is done.
When the computer Reboots, and you start your usual account, a Notepad text file will appear.
Copy the contents of that file and post it in your next reply. The file will also appear on your desktop as OTL.txt"
, the following notepad was generated with the following file name 05282012_122508-Notepad and no file with the OTL.txt appeared on the desktop. Here are the contents of the file.

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~1\wi371a~1\datamngr\datamngr.dll deleted successfully.
File pInit_DLLs: not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~1\wi371a~1\datamngr\iebho.dll deleted successfully.
File pInit_DLLs: not found.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page deleted successfully.
Registry key HKEY_CURRENT_USER\Software\DataMngr_Toolbar\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Bandoo\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\iLivid\ not found.
Registry key HKEY_CURRENT_USER\Software\AppDataLow\Software\searchqutoolbar\ not found.
Registry key HKEY_CURRENT_USER\Software\DataMngr\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bandoo\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu 406 MediaBar\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\menuorder\start menu2\programs\bandoo\ not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\ilivid\ not found.
Registry key HKEY_CURRENT_USER\Software\searchqutoolbar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Bandoo\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BandooCore.EXE\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1301A8A5-3DFB-4731-A162-B357D00C9644}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477F210A-2A86-4666-9C4B-1189634D2C84}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF871E51-2655-4D06-AED5-745962A96B32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f000001-db8e-f89c-2fec-49bf726f8c12}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9189560-573A-4fde-B055-AE7B0F4CF080}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\ilivid.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASAPI32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASMANCS\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Searchqu Toolbar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Windows Searchqu Toolbar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Searchqu Toolbar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\SearchquMediabarTb\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{b543ef05-9758-464e-9f37-4c28525b4a4c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b543ef05-9758-464e-9f37-4c28525b4a4c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{8f5f1cb6-ea9e-40af-a5ca-c7fd63cc1971}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\currentversion\app management\arpcache\searchqu 406 mediabar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{a40dc6c5-79d0-4ca8-a185-8ff989af1115}\inprocserver32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{cc1ac828-bb47-4361-afb5-96eee259dd87}\inprocserver32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{fefd3af5-a346-4451-aa23-a3ad54915515}\inprocserver32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{5b4144e1-b61d-495a-9a50-cd1a95d86d15}\1.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{6a4bcaba-c437-4c76-a54e-af31b8a76cb9}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{841d5a49-e48d-413c-9c28-eb3d9081d705}\1.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet explorer\low rights\elevationpolicy\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet explorer\low rights\elevationpolicy\{d0a4be92-2216-42db-ab35-d72efb9f0176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0a4be92-2216-42db-ab35-d72efb9f0176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\shared tools\msconfig\startupreg\datamngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0EDE4701-347A-45E0-81F0-D81D9F69BBFB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EDE4701-347A-45E0-81F0-D81D9F69BBFB}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\\C:\PROGRA~1\WINDOW~4\Datamngr\DATAMN~1.EXE not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR deleted successfully.
========== FILES ==========
File\Folder C:\Program Files\Windows iLivid Toolbar not found.
File\Folder C:\Program Files\Windows Searchqu Toolbar not found.
File\Folder C:\Program Files\iLivid not found.
C:\Windows\Prefetch\ILIVID.EXE-0178C79C.pf moved successfully.
C:\Windows\Prefetch\ILIVIDSETUPV1.EXE-2A4D2147.pf moved successfully.
C:\Windows\Prefetch\SEARCHQUMEDIABAR.EXE-13776AC9.pf moved successfully.
C:\Windows\Prefetch\SETUPDATAMNGR_SEARCHQU.EXE-00FD0BE9.pf moved successfully.
File\Folder C:\Program Files\mozilla firefox\searchplugins\SearchquWebSearch.xml not found.
File/Folder C:\Documents and Settings\Administrator\Application Data\searchquband not found.
C:\Documents and Settings\Administrator\Application Data\searchqutoolbar folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 216125788 bytes
->Temporary Internet Files folder emptied: 73982374 bytes
->FireFox cache emptied: 61260809 bytes
->Flash cache emptied: 6400 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3302900 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 54152128 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 2254612 bytes

Total Files Cleaned = 392.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.43.2 log created on 05282012_122508

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DFA5A4.tmp not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DFA7C2.tmp not found!
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.Word\~WRS{17BDD2B1-9457-4645-9EB5-D6408534B2B9}.tmp moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.Word\~WRS{91833952-7E1D-494B-AB13-C1FA7CA94C88}.tmp moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.Word\~WRS{DF16339F-B1BB-4A5D-9675-2D83D7426C46}.tmp moved successfully.
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.MSO\mso277.tmp not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.MSO\mso278.tmp not found!

Registry entries deleted on Reboot...

Percy
pshaw1993
Regular Member
 
Posts: 28
Joined: May 26th, 2012, 10:32 pm

Re: www.searchnu.com/406 Problem

Unread postby Gary R » May 28th, 2012, 1:15 pm

It's OK, that's the file I wanted to see, sorry for any confusion.

Can you run the SystemLook scan now please and post me the log it produces.
User avatar
Gary R
Administrator
Administrator
 
Posts: 18127
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: www.searchnu.com/406 Problem

Unread postby pshaw1993 » May 28th, 2012, 11:33 pm

That's ok. Here is the SystemLook scan.

SystemLook 30.07.11 by jpshortstuff
Log created at 23:28 on 28/05/2012 by Administrator
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\bandoocode.js --a---- 28930 bytes [08:42 27/02/2012] [08:42 27/02/2012] 328007B562F9A5A23B7AD15EDF23A1FB
C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\bandoocode.js --a---- 35569 bytes [08:42 27/02/2012] [08:42 27/02/2012] 5CF1B92435FF1EEDEDF8B9BB23846933
C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bandoo.css --a---- 8308 bytes [08:42 27/02/2012] [08:42 27/02/2012] D98167EFDC45E8EC6F4769791A15CE36

Searching for "*Searchnu*"
No files found.

Searching for "*Searchqu*"
C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchquband.dll --a---- 449424 bytes [08:42 27/02/2012] [08:42 27/02/2012] 39ECB144372B2ED7B1B91A1E63D3F275
C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll --a---- 88976 bytes [08:42 27/02/2012] [08:42 27/02/2012] AD14E447F7CED4CA987B91B379EAF952
C:\_OTL\MovedFiles\05282012_122508\C_Windows\Prefetch\SEARCHQUMEDIABAR.EXE-13776AC9.pf --a---- 47098 bytes [12:37 15/05/2012] [12:37 15/05/2012] D4BEA9F0B87B79E58C3FF085F0579110
C:\_OTL\MovedFiles\05282012_122508\C_Windows\Prefetch\SETUPDATAMNGR_SEARCHQU.EXE-00FD0BE9.pf --a---- 34306 bytes [12:37 15/05/2012] [12:37 15/05/2012] 05C01795F7118C3801E08A17AFCC3F12

Searching for "*iLivid*"
C:\Documents and Settings\Administrator\My Documents\Downloads\iLividSetupV1.exe --a---- 516136 bytes [12:36 15/05/2012] [12:36 15/05/2012] 775C003E5068F2708BD27F7D424AC47E
C:\_OTL\MovedFiles\05282012_122508\C_Windows\Prefetch\ILIVID.EXE-0178C79C.pf --a---- 52864 bytes [01:41 27/05/2012] [01:41 27/05/2012] 40DBC2ACA0C4B978D7176B8C433BFEF6
C:\_OTL\MovedFiles\05282012_122508\C_Windows\Prefetch\ILIVIDSETUPV1.EXE-2A4D2147.pf --a---- 26012 bytes [12:37 15/05/2012] [12:37 15/05/2012] F881169453B68C3AD55296EEE2D16ADA

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
C:\Program Files\Searchqu Toolbar\Datamngr\datamngr.dll --a---- 1236368 bytes [12:37 15/05/2012] [12:12 12/03/2012] FC1D7766DCFEDEE9B1620D3926566E99
C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe --a---- 1694608 bytes [12:37 15/05/2012] [12:12 12/03/2012] 67873CD260C78BF5FAFFF1C8FCF9FCEF
C:\Program Files\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlp.dll --a---- 351232 bytes [12:37 15/05/2012] [14:38 02/08/2011] 4D9F92DF1AA8AA39F7645C27D6E7CB1A
C:\Program Files\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlp.xpt --a---- 981 bytes [12:37 15/05/2012] [12:11 12/03/2012] B4E345F24F98FD5690FA1B2D7F5DC3BD
C:\Program Files\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF10.dll --a---- 351744 bytes [12:37 15/05/2012] [12:11 12/03/2012] 1AC803089576DF214AB0D5B266963274
C:\Program Files\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF11.dll --a---- 351744 bytes [12:37 15/05/2012] [12:11 12/03/2012] 4DD4BB84149826D6ED76090EBACA0091
C:\Program Files\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF3.dll --a---- 355840 bytes [12:37 15/05/2012] [12:09 12/03/2012] BB16A34A7E14048C4657FB24E723BA92
C:\Program Files\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF4.dll --a---- 351744 bytes [12:37 15/05/2012] [12:09 12/03/2012] FD5B2DCC9D0BDF339B330DDF9AE889F2
C:\Program Files\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF5.dll --a---- 351744 bytes [12:37 15/05/2012] [12:10 12/03/2012] B5087EBC621FA459653A233716F99248
C:\Program Files\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF6.dll --a---- 351744 bytes [12:37 15/05/2012] [12:10 12/03/2012] DF1B9DEDFC3F97B9E922522EF6E4CDF2
C:\Program Files\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF7.dll --a---- 351744 bytes [12:37 15/05/2012] [12:10 12/03/2012] 334C747E342546D01A65EDE11A92DF1E
C:\Program Files\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF8.dll --a---- 351744 bytes [12:37 15/05/2012] [12:11 12/03/2012] C5F107775CF025C828ED5636486FA85F
C:\Program Files\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF9.dll --a---- 351744 bytes [12:37 15/05/2012] [12:11 12/03/2012] B6208CA135BA5C8FAC464D93C45C7751
C:\Program Files\Searchqu Toolbar\Datamngr\FirefoxExtension\content\DataMngr.js --a---- 16184 bytes [12:37 15/05/2012] [06:50 25/10/2011] 74EA142FA2CF77FA2306892E2B45FA13
C:\_OTL\MovedFiles\05282012_122508\C_Windows\Prefetch\SETUPDATAMNGR_SEARCHQU.EXE-00FD0BE9.pf --a---- 34306 bytes [12:37 15/05/2012] [12:37 15/05/2012] 05C01795F7118C3801E08A17AFCC3F12

Searching for "*trolltech*"
No files found.

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchnu*"
No folders found.

Searching for "*Searchqu*"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\s0byu6dm.default\searchqutoolbar d------ [12:37 15/05/2012]
C:\Program Files\Searchqu Toolbar d------ [12:37 15/05/2012]
C:\_OTL\MovedFiles\05282012_122508\C_Documents and Settings\Administrator\Application Data\searchqutoolbar d------ [12:37 15/05/2012]

Searching for "*iLivid*"
C:\Documents and Settings\Administrator\Local Settings\Application Data\Ilivid Player d------ [01:41 27/05/2012]

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
C:\Program Files\Searchqu Toolbar\Datamngr d------ [12:37 15/05/2012]

Searching for "*trolltech*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar]
"Contact"="Bandoo Media, Inc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar]
"Publisher"="Bandoo Media Inc"

Searching for "Searchnu"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu Toolbar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar]
"DisplayName"="Searchqu Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar]
"UninstallString"="C:\Program Files\Searchqu Toolbar\uninstall.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar]
"DisplayIcon"="C:\Program Files\Searchqu Toolbar\uninstall.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar]
"Path"="C:\Program Files\Searchqu Toolbar"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe"="C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe:*:Enabled:DTX broker"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe"="C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe:*:Enabled:DTX broker"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe"="C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe:*:Enabled:DTX broker"

Searching for "iLivid"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\Documents and Settings\Administrator\My Documents\Downloads\iLividSetupV1.exe"="iLivid Install"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\Program Files\iLivid\ilivid.exe"="ilivid"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~nsu.tmp\Au_.exe"="iLivid Install"
[HKEY_USERS\S-1-5-21-1645522239-2111687655-682003330-500\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\Documents and Settings\Administrator\My Documents\Downloads\iLividSetupV1.exe"="iLivid Install"
[HKEY_USERS\S-1-5-21-1645522239-2111687655-682003330-500\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\Program Files\iLivid\ilivid.exe"="ilivid"
[HKEY_USERS\S-1-5-21-1645522239-2111687655-682003330-500\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~nsu.tmp\Au_.exe"="iLivid Install"

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserConnection.Loader]
@="DataMngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserConnection.Loader.1]
@="DataMngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{51FBD398-85BD-4D22-A077-0284DB6B842F}]
"AppPath"="C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe"="C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe:*:Enabled:DTX broker"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe"="C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe:*:Enabled:DTX broker"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe"="C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe:*:Enabled:DTX broker"

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
No data found.

-= EOF =-
pshaw1993
Regular Member
 
Posts: 28
Joined: May 26th, 2012, 10:32 pm

Re: www.searchnu.com/406 Problem

Unread postby Gary R » May 29th, 2012, 1:22 am

Still a little work to do ....

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:Files
C:\Program Files\Searchqu Toolbar
C:\Documents and Settings\Administrator\My Documents\Downloads\iLividSetupV1.exe
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\s0byu6dm.default\searchqutoolbar
C:\Documents and Settings\Administrator\Local Settings\Application Data\Ilivid Player
ipconfig /flushdns /c

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu Toolbar]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\Documents and Settings\Administrator\My Documents\Downloads\iLividSetupV1.exe"=-
"C:\Program Files\iLivid\ilivid.exe"=-
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~nsu.tmp\Au_.exe"=-
[HKEY_USERS\S-1-5-21-1645522239-2111687655-682003330-500\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\Documents and Settings\Administrator\My Documents\Downloads\iLividSetupV1.exe"=-
"C:\Program Files\iLivid\ilivid.exe"=-
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~nsu.tmp\Au_.exe"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserConnection.Loader]
@=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserConnection.Loader.1]
@=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{51FBD398-85BD-4D22-A077-0284DB6B842F}]
"AppPath"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe"=-

:Commands
[emptytemp]
[resethosts]

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Next

I'd like you to run a new scan with OTL

  • Double click OTL.exe to launch the programme.
  • Check the following.
    • Scan all users.
    • Standard Output.
    • Lop check.
    • Purity check.
  • Under Extra Registry section, select Use SafeList
  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce two logs.
    • OTL.txt (open on your desktop).
    • Extras.txt (minimised in your taskbar)
  • Please post me just the OTL.txt

Next

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go HERE then click on: Image
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log in your next reply please.
  • Now click on: Image (Selecting Uninstall application on close if you so wish)

Summary of the logs I need from you in your next post:
  • OTL fix log
  • OTL scan log (OTL.txt)
  • E-Set log
  • Also please let me know how your computer is behaving now.


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 18127
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: www.searchnu.com/406 Problem

Unread postby pshaw1993 » May 29th, 2012, 8:54 am

Hi Gary,

In response to your post entitled "still a little work to do," double clinking on OTL.exe and copying and pasting the code I receive the following txt:

Files\Folders moved on Reboot...
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.Word\~WRS{5A85FEF7-952B-4B13-A14A-C66E89405B3C}.tmp moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.Word\~WRS{90313F4A-9B3B-4676-ABF7-2DAF41573B83}.tmp moved successfully.
File move failed. C:\WINDOWS\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...


Did I do something wrong?

Percy
pshaw1993
Regular Member
 
Posts: 28
Joined: May 26th, 2012, 10:32 pm

Re: www.searchnu.com/406 Problem

Unread postby Gary R » May 29th, 2012, 11:30 am

Try running through the instructions again and see what happens this time.
User avatar
Gary R
Administrator
Administrator
 
Posts: 18127
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: www.searchnu.com/406 Problem

Unread postby pshaw1993 » May 29th, 2012, 7:28 pm

Hi Gary,

This is the log that was produced after you told me to try again.

05292012_192001 - Notepad

All processes killed
========== FILES ==========
File\Folder C:\Program Files\Searchqu Toolbar not found.
File\Folder C:\Documents and Settings\Administrator\My Documents\Downloads\iLividSetupV1.exe not found.
File\Folder C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\s0byu6dm.default\searchqutoolbar not found.
File\Folder C:\Documents and Settings\Administrator\Local Settings\Application Data\Ilivid Player not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu Toolbar\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\\C:\Documents and Settings\Administrator\My Documents\Downloads\iLividSetupV1.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\\C:\Program Files\iLivid\ilivid.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~nsu.tmp\Au_.exe not found.
Registry value HKEY_USERS\S-1-5-21-1645522239-2111687655-682003330-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\\C:\Documents and Settings\Administrator\My Documents\Downloads\iLividSetupV1.exe not found.
Registry value HKEY_USERS\S-1-5-21-1645522239-2111687655-682003330-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\\C:\Program Files\iLivid\ilivid.exe not found.
Registry value HKEY_USERS\S-1-5-21-1645522239-2111687655-682003330-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~nsu.tmp\Au_.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserConnection.Loader\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserConnection.Loader.1\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{51FBD398-85BD-4D22-A077-0284DB6B842F}\\AppPath not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 17555 bytes
->Temporary Internet Files folder emptied: 684045 bytes
->FireFox cache emptied: 49299732 bytes
->Flash cache emptied: 515 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 30740 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 48.00 mb


OTL by OldTimer - Version 3.2.43.2 log created on 05292012_192001

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


Percy
pshaw1993
Regular Member
 
Posts: 28
Joined: May 26th, 2012, 10:32 pm

Re: www.searchnu.com/406 Problem

Unread postby pshaw1993 » May 29th, 2012, 7:40 pm

Gary,

Here is the OTL.txt report you asked for.

OTL logfile created on: 5/29/2012 7:33:09 PM - Run 2
OTL by OldTimer - Version 3.2.43.2 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 1.32 Gb Available Physical Memory | 68.17% Memory free
3.78 Gb Paging File | 3.18 Gb Available in Paging File | 84.22% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 63.89 Gb Free Space | 85.72% Space Free | Partition Type: NTFS

Computer Name: HP-D2E6C9939B0A | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/28 12:21:58 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2012/05/14 07:47:23 | 001,116,544 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/05/14 07:46:20 | 000,932,736 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
PRC - [2012/05/08 15:02:09 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/08 15:02:08 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/05/08 15:02:08 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/05/08 15:02:08 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/04/20 21:18:58 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/04/04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
PRC - [2012/04/04 15:04:58 | 005,515,088 | ---- | M] (Firetrust) -- C:\Program Files\FireTrust\MailWasher\MailWasherPro.exe
PRC - [2009/11/19 11:37:32 | 001,601,536 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\Zoom Wireless-N USB\Common\RaUI.exe
PRC - [2009/10/20 14:13:44 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\Zoom Wireless-N USB\Common\RaRegistry.exe
PRC - [2008/07/03 10:38:24 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/14 07:47:23 | 001,116,544 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012/05/14 07:46:21 | 000,130,944 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\SiteSafety.dll
MOD - [2012/05/14 07:46:20 | 000,932,736 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
MOD - [2012/05/08 15:02:09 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2012/05/08 08:08:29 | 000,245,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\cc063533b04f9420d1aa571a36d1fabd\WindowsFormsIntegration.ni.dll
MOD - [2012/05/08 08:07:47 | 013,273,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\642a7b3d47828fb0070a55cfeb58f42b\System.Data.Entity.ni.dll
MOD - [2012/05/08 08:06:52 | 000,134,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\caecc65b5c0ede0fe0d55b9f48ada80f\System.Data.DataSetExtensions.ni.dll
MOD - [2012/05/08 08:06:33 | 000,195,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\5786f917a7b62d63ca8dd5b47aaf9610\UIAutomationTypes.ni.dll
MOD - [2012/05/08 08:06:33 | 000,096,768 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\0eb3c18ec758534395684f3ca286a201\UIAutomationProvider.ni.dll
MOD - [2012/05/08 08:06:25 | 001,776,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\035910922f160d304fb834aae41f45a6\System.Xaml.ni.dll
MOD - [2012/05/08 08:06:04 | 000,044,544 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Accessibility\01254caa0efc15b5cd48fb3178018701\Accessibility.ni.dll
MOD - [2012/05/08 07:47:29 | 017,629,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7f91eecda3ff7ce478146b6458580c98\PresentationFramework.ni.dll
MOD - [2012/05/08 07:47:16 | 006,754,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\92cccedc7cda413ff6fc6492cb256b58\System.Data.ni.dll
MOD - [2012/05/08 07:47:15 | 011,057,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\3963e9ce8d44f50e8367e92a8e3e42e6\PresentationCore.ni.dll
MOD - [2012/05/08 07:47:13 | 013,006,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\17e020ae92d7fab33bcc1c98b25019d0\System.Windows.Forms.ni.dll
MOD - [2012/05/08 07:47:10 | 000,656,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\016f9a150fce0e0a4c93532d8fa4c749\PresentationFramework.Luna.ni.dll
MOD - [2012/05/08 07:47:07 | 007,025,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\713647b987b140a17e3c4ffe4c721f85\System.Core.ni.dll
MOD - [2012/05/08 07:47:05 | 003,779,072 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\d17606e813f01376bd0def23726ecc62\WindowsBase.ni.dll
MOD - [2012/05/08 07:47:04 | 005,571,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\e997d0200c25f7db6bd32313d50b729d\System.Xml.ni.dll
MOD - [2012/05/08 07:47:03 | 001,651,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\dd57bc19f5807c6dbe8f88d4a23277f6\System.Drawing.ni.dll
MOD - [2012/05/08 07:47:01 | 000,973,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\ac18c2dcd06bd2a0589bac94ccae5716\System.Configuration.ni.dll
MOD - [2012/05/08 07:47:00 | 000,450,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\3555f5f74c56fa92c0ab7a635af91bfa\PresentationFramework.Aero.ni.dll
MOD - [2012/05/08 07:46:56 | 009,000,960 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\964da027ebca3b263a05cadb8eaa20a3\System.ni.dll
MOD - [2012/05/08 07:46:48 | 000,144,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Numerics\b07f0d26a34ad53fc369248f289d1126\System.Numerics.ni.dll
MOD - [2012/05/08 07:46:46 | 014,415,872 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\246f1a5abb686b9dcdf22d3505b08cea\mscorlib.ni.dll
MOD - [2012/04/20 21:19:01 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/04/03 15:47:08 | 000,272,384 | ---- | M] () -- C:\Program Files\FireTrust\MailWasher\FTClientNode.dll
MOD - [2012/04/03 15:47:08 | 000,061,952 | ---- | M] () -- C:\Program Files\FireTrust\MailWasher\MWPBridgeDLL.dll
MOD - [2012/04/03 15:47:08 | 000,061,952 | ---- | M] () -- C:\Program Files\FireTrust\MailWasher\FTBridge.dll
MOD - [2012/01/30 15:23:02 | 004,637,184 | ---- | M] () -- C:\Program Files\FireTrust\MailWasher\MWPappDLL.dll
MOD - [2009/10/20 14:13:52 | 000,147,456 | ---- | M] () -- C:\WINDOWS\system32\DiagFunc.dll
MOD - [2009/10/20 14:13:42 | 000,860,160 | ---- | M] () -- C:\Program Files\Zoom Wireless-N USB\Common\RaWLAPI.dll
MOD - [2006/10/26 14:56:46 | 000,757,008 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/05/26 18:52:51 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/14 07:46:20 | 000,932,736 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe -- (vToolbarUpdater11.0.2)
SRV - [2012/05/08 15:02:09 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/08 15:02:08 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/04/20 21:19:00 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/10/20 14:13:44 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files\Zoom Wireless-N USB\Common\RaRegistry.exe -- (RalinkRegistryWriter)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/05/08 15:02:09 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/05/08 15:02:09 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/09/16 00:55:04 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010/06/17 16:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/11/10 16:28:44 | 000,246,000 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SRS_PremiumSound_i386.sys -- (SRS_PremiumSound_Service)
DRV - [2009/10/20 14:13:54 | 000,019,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Scutum50.sys -- (Scutum50)
DRV - [2009/10/20 14:13:22 | 000,779,136 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2008/06/05 11:58:18 | 000,144,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1k5132.sys -- (e1kexpress) Intel(R)
DRV - [2008/03/28 12:42:12 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2008/03/28 12:14:02 | 000,024,064 | ---- | M] (Sonic Focus, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfaudio.sys -- (SFAUDIO)
DRV - [2007/01/23 09:13:26 | 000,036,608 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q= {searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1645522239-2111687655-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1645522239-2111687655-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1645522239-2111687655-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 08 8B 72 E5 1E C8 CC 01 [binary data]
IE - HKU\S-1-5-21-1645522239-2111687655-682003330-500\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-1645522239-2111687655-682003330-500\..\URLSearchHook: {939a6a52-7680-7e14-35d7-5851ade84213} - C:\Program Files\Bekko Search Bar 1.0\Helper.dll ()
IE - HKU\S-1-5-21-1645522239-2111687655-682003330-500\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-1645522239-2111687655-682003330-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q= {searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1645522239-2111687655-682003330-500\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid= {CE1AA19F-466D-4DD1-ADFD-024CDF4F3472}&mid=&lang=en&ds=ft011&pr=sa&d=2012-05-14 07:47:23&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1645522239-2111687655-682003330-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.searchnu.com/406"
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=394&systemid=406&sr=0&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\11.0.0.9\ [2012/05/14 07:46:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/14 07:47:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/05/15 08:37:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2012/05/26 22:07:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\s0byu6dm.default\extensions
[2012/05/26 21:27:57 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\s0byu6dm.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/05/15 08:37:12 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\s0byu6dm.default\searchplugins\Search_Results.xml
[2012/05/29 08:48:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/20 21:19:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/05/14 07:47:12 | 000,003,695 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/04/20 21:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/05/15 08:37:12 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012/04/20 21:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2008/04/14 11:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Bekko Search Bar 1.0 BHO) - {0A7E0730-1D2B-21F4-D160-DBCB5520151E} - C:\Program Files\Bekko Search Bar 1.0\Toolbar.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O2 - BHO: (no name) - {9D717F81-9148-4f12-8568-69135F087DB0} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Bekko Search Bar 1.0) - {D8E6FAB1-CCB0-9174-716B-7C4727C14BC8} - C:\Program Files\Bekko Search Bar 1.0\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-1645522239-2111687655-682003330-500\..\Toolbar\WebBrowser: (Bekko Search Bar 1.0) - {D8E6FAB1-CCB0-9174-716B-7C4727C14BC8} - C:\Program Files\Bekko Search Bar 1.0\Toolbar.dll ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher\MailWasherPro.exe (Firetrust)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Zoom Wireless-N USB.lnk = C:\Program Files\Zoom Wireless-N USB\Common\RaUI.exe (Ralink Technology, Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1645522239-2111687655-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O13 - gopher Prefix: missing
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/In ... ect118.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F5EB84F-3D16-40FF-B718-AF2BDB109EA6}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/12/21 19:34:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{4f2e3caf-2c2d-11e1-80dd-9a623a05b253}\Shell\AutoRun\command - "" = en1nmk.exe
O33 - MountPoints2\{4f2e3caf-2c2d-11e1-80dd-9a623a05b253}\Shell\open\Command - "" = en1nmk.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/28 12:25:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/28 12:21:58 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/05/28 12:11:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/05/28 12:10:25 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/05/28 12:10:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/05/26 18:55:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2012/05/26 18:55:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Sun
[2012/05/26 18:52:51 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/05/26 18:52:51 | 000,070,304 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/05/26 18:48:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2012/05/26 18:48:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/05/26 18:47:37 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/05/26 18:47:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Oracle
[2012/05/26 18:47:32 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2012/05/26 18:47:32 | 000,687,504 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2012/05/26 18:47:32 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/05/26 18:46:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2012/05/14 07:47:22 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/05/14 07:47:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2012/05/14 07:47:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2012/05/14 07:47:01 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/05/14 07:47:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/05/14 07:46:59 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/05/14 07:46:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\AVG Secure Search
[2012/05/14 07:46:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\AVG Secure Search
[2012/05/14 07:46:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2012/05/14 07:46:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/05/14 07:45:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2012/05/11 21:33:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
[2012/05/09 08:45:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Supplies
[2012/05/08 07:48:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Firetrust
[2012/05/08 07:48:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Firetrust
[2012/05/08 07:47:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Firetrust
[2012/05/07 23:11:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\MailWasher Free
[2012/05/07 23:11:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\MailWasherFree
[2012/05/07 23:11:42 | 000,000,000 | ---D | C] -- C:\Program Files\FireTrust
[2012/05/07 23:11:18 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo
[2012/05/07 23:11:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\FCTB000100803
[2012/05/07 23:11:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2012/05/07 23:11:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Bekko Search Bar 1.0
[2012/05/07 23:11:13 | 009,708,976 | ---- | C] (FireTrust Limited ) -- C:\Documents and Settings\Administrator\My Documents\MailWasher_Free_654-Setup.exe
[2012/05/07 23:11:13 | 000,000,000 | ---D | C] -- C:\Program Files\Bekko Search Bar 1.0

========== Files - Modified Within 30 Days ==========

[2012/05/29 19:26:40 | 000,484,234 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/29 19:26:40 | 000,080,122 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/29 19:22:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/29 19:22:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/29 19:16:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/28 23:27:02 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SystemLook.exe
[2012/05/28 12:29:00 | 000,266,208 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/28 12:21:58 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/05/28 12:10:25 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2012/05/26 18:52:51 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/05/26 18:52:51 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/05/26 18:47:14 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/05/26 18:47:14 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/05/14 07:47:02 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/05/14 07:47:02 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/05/08 15:02:09 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2012/05/08 15:02:09 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2012/05/08 07:48:29 | 000,000,871 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MailWasherPro.lnk
[2012/05/08 07:48:29 | 000,000,839 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MailWasherPro.lnk
[2012/05/08 07:35:31 | 000,008,352 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\receipt_firetrust_8684929103.pdf
[2012/05/07 23:11:46 | 000,000,771 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MailWasher Free.lnk
[2012/05/07 23:09:46 | 009,708,976 | ---- | M] (FireTrust Limited ) -- C:\Documents and Settings\Administrator\My Documents\MailWasher_Free_654-Setup.exe

========== Files Created - No Company Name ==========

[2012/05/28 23:25:54 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SystemLook.exe
[2012/05/28 12:28:35 | 000,810,638 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1645522239-2111687655-682003330-500-0.dat
[2012/05/28 12:28:35 | 000,270,398 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/05/28 12:10:25 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2012/05/26 18:52:51 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/14 07:47:02 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/05/14 07:47:02 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/05/14 07:47:02 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/05/08 07:48:29 | 000,000,871 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MailWasherPro.lnk
[2012/05/08 07:48:29 | 000,000,839 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MailWasherPro.lnk
[2012/05/08 07:35:31 | 000,008,352 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\receipt_firetrust_8684929103.pdf
[2012/05/07 23:11:46 | 000,000,771 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MailWasher Free.lnk
[2011/12/31 20:38:10 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.dll
[2011/12/31 20:38:10 | 000,001,191 | ---- | C] () -- C:\WINDOWS\System32\W32N55.INI
[2011/12/31 20:38:10 | 000,000,480 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.ini
[2011/12/31 20:37:52 | 000,013,931 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2011/12/21 20:23:35 | 000,246,000 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_PremiumSound_i386.sys
[2011/12/21 19:48:49 | 000,982,196 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2011/12/21 19:48:49 | 000,417,344 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2011/12/21 19:48:49 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/12/21 19:48:48 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011/12/21 19:48:43 | 000,790,528 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/12/21 19:48:43 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/12/21 19:48:42 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/12/21 19:39:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/12/21 19:32:22 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/12/21 19:32:03 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2011/12/21 19:32:03 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2011/12/21 19:32:03 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2011/12/21 19:32:03 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2011/12/21 19:32:03 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2011/12/21 14:21:53 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/12/21 14:21:04 | 000,266,208 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2012/05/14 07:46:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG Secure Search
[2012/05/07 23:11:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FCTB000100803
[2012/05/08 07:48:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Firetrust
[2012/05/08 07:58:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MailWasherFree
[2012/05/26 18:47:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Oracle
[2011/12/21 19:41:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2012/01/27 22:30:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Search
[2012/05/14 07:46:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2012/05/08 07:49:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Firetrust
[2011/12/31 20:37:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ralink Driver
[2012/05/07 23:11:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer

========== Purity Check ==========



< End of report >


Percy
pshaw1993
Regular Member
 
Posts: 28
Joined: May 26th, 2012, 10:32 pm

Re: www.searchnu.com/406 Problem

Unread postby pshaw1993 » May 29th, 2012, 8:38 pm

Gary,

Here is the ESET log.txt.

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=780ba60e31562d4b85ec8109c66247f0
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-05-30 12:29:50
# local_time=2012-05-29 08:29:50 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1792 16777191 100 0 13740059 13740059 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=41291
# found=8
# cleaned=0
# scan_time=950
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Yontoo\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\05292012_081348\C_Program Files\Searchqu Toolbar\Datamngr\BrowserConnection.dll Win32/Toolbar.SearchSuite application (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\05292012_081348\C_Program Files\Searchqu Toolbar\Datamngr\datamngr.dll Win32/Toolbar.SearchSuite application (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\05292012_081348\C_Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe a variant of Win32/Toolbar.SearchSuite application (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\05292012_081348\C_Program Files\Searchqu Toolbar\Datamngr\DnsBHO.dll Win32/Toolbar.SearchSuite application (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\05292012_081348\C_Program Files\Searchqu Toolbar\Datamngr\IEBHO.dll Win32/Toolbar.SearchSuite application (unable to clean) 00000000000000000000000000000000 I


The "www.searchnu.com/406 still shows up.

Percy
pshaw1993
Regular Member
 
Posts: 28
Joined: May 26th, 2012, 10:32 pm

Re: www.searchnu.com/406 Problem

Unread postby pshaw1993 » May 29th, 2012, 8:42 pm

Gary,

The "www.searchnu.com/406" is showing up in FoxFire but not Internet Explorer (with no add-ons).

Percy
pshaw1993
Regular Member
 
Posts: 28
Joined: May 26th, 2012, 10:32 pm

Re: www.searchnu.com/406 Problem

Unread postby Gary R » May 30th, 2012, 1:28 am

Still a few remnants left to remove. You also have what looks like a remnant of an old AVG install which also needs removing, since you appear to be using Avira Anti-Vir as your current anti-virus program.

First

Please go to Control Panel > Add/Remove Programs and Uninstall the following:

Java Plug-in 1.6.0_13


Reboot your computer when finished.

Now download and install JDK 6 Update 32 (JDK or JRE).

Next

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:OTL
MOD - [2012/05/14 07:47:23 | 001,116,544 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012/05/14 07:46:21 | 000,130,944 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\SiteSafety.dll
MOD - [2012/05/14 07:46:20 | 000,932,736 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
SRV - [2012/05/14 07:46:20 | 000,932,736 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe -- (vToolbarUpdater11.0.2)
IE - HKU\S-1-5-21-1645522239-2111687655-682003330-500\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-1645522239-2111687655-682003330-500\..\URLSearchHook: {939a6a52-7680-7e14-35d7-5851ade84213} - C:\Program Files\Bekko Search Bar 1.0\Helper.dll ()
IE - HKU\S-1-5-21-1645522239-2111687655-682003330-500\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-1645522239-2111687655-682003330-500\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={CE1AA19F-466D-4DD1-ADFD-024CDF4F3472}&mid=&lang=en&ds=ft011&pr=sa&d=2012-05-14 07:47:23&v=11.0.0.9&sap=dsp&q={searchTerms}
FF - prefs.js..browser.startup.homepage: "http://www.searchnu.com/406"
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=394&systemid=406&sr=0&q="
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\11.0.0.9\ [2012/05/14 07:46:26 | 000,000,000 | ---D | M]
[2012/05/14 07:47:12 | 000,003,695 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
O2 - BHO: (Bekko Search Bar 1.0 BHO) - {0A7E0730-1D2B-21F4-D160-DBCB5520151E} - C:\Program Files\Bekko Search Bar 1.0\Toolbar.dll ()
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O2 - BHO: (no name) - {9D717F81-9148-4f12-8568-69135F087DB0} - No CLSID value found.
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Bekko Search Bar 1.0) - {D8E6FAB1-CCB0-9174-716B-7C4727C14BC8} - C:\Program Files\Bekko Search Bar 1.0\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-1645522239-2111687655-682003330-500\..\Toolbar\WebBrowser: (Bekko Search Bar 1.0) - {D8E6FAB1-CCB0-9174-716B-7C4727C14BC8} - C:\Program Files\Bekko Search Bar 1.0\Toolbar.dll ()
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O33 - MountPoints2\{4f2e3caf-2c2d-11e1-80dd-9a623a05b253}\Shell\AutoRun\command - "" = en1nmk.exe
O33 - MountPoints2\{4f2e3caf-2c2d-11e1-80dd-9a623a05b253}\Shell\open\Command - "" = en1nmk.exe
[2012/05/14 07:46:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\AVG Secure Search
[2012/05/14 07:46:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2012/05/14 07:46:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/05/07 23:11:18 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo
[2012/05/07 23:11:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Bekko Search Bar 1.0
[2012/05/07 23:11:13 | 000,000,000 | ---D | C] -- C:\Program Files\Bekko Search Bar 1.0

:Files
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll
C:\Program Files\Yontoo\YontooIEClient.dll

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Are you still being re-directed to searchnu now ?
User avatar
Gary R
Administrator
Administrator
 
Posts: 18127
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: www.searchnu.com/406 Problem

Unread postby pshaw1993 » May 30th, 2012, 9:02 am

Hi Gary,

Here is the log after uninstalling the Java and AVG on my system and running OTL. When I click on JDK 6 Update 32 (JDK or JRE) at the Java site they have Java 7 which also installs a fix.

========== OTL ==========
Error: No service named vToolbarUpdater11.0.2 was found to stop!
Service\Driver key vToolbarUpdater11.0.2 not found.
File C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe not found.
Registry value HKEY_USERS\S-1-5-21-1645522239-2111687655-682003330-500\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1645522239-2111687655-682003330-500\Software\Microsoft\Internet Explorer\URLSearchHooks\\{939a6a52-7680-7e14-35d7-5851ade84213} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{939a6a52-7680-7e14-35d7-5851ade84213}\ deleted successfully.
C:\Program Files\Bekko Search Bar 1.0\Helper.dll moved successfully.
HKEY_USERS\S-1-5-21-1645522239-2111687655-682003330-500\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1645522239-2111687655-682003330-500\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Prefs.js: "http://www.searchnu.com/406" removed from browser.startup.homepage
Prefs.js: "http://dts.search-results.com/sr?src=ffb&appid=394&systemid=406&sr=0&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin\ not found.
File C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll not found.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\11.0.0.9\ not found.
C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0A7E0730-1D2B-21F4-D160-DBCB5520151E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A7E0730-1D2B-21F4-D160-DBCB5520151E}\ deleted successfully.
C:\Program Files\Bekko Search Bar 1.0\Toolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
File C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
C:\Program Files\Yontoo\YontooIEClient.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
File C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D8E6FAB1-CCB0-9174-716B-7C4727C14BC8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D8E6FAB1-CCB0-9174-716B-7C4727C14BC8}\ deleted successfully.
File C:\Program Files\Bekko Search Bar 1.0\Toolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1645522239-2111687655-682003330-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D8E6FAB1-CCB0-9174-716B-7C4727C14BC8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D8E6FAB1-CCB0-9174-716B-7C4727C14BC8}\ not found.
File C:\Program Files\Bekko Search Bar 1.0\Toolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\vProt not found.
File C:\Program Files\AVG Secure Search\vprot.exe not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f2e3caf-2c2d-11e1-80dd-9a623a05b253}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4f2e3caf-2c2d-11e1-80dd-9a623a05b253}\ not found.
File en1nmk.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f2e3caf-2c2d-11e1-80dd-9a623a05b253}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4f2e3caf-2c2d-11e1-80dd-9a623a05b253}\ not found.
File en1nmk.exe not found.
Folder C:\Documents and Settings\Administrator\Application Data\AVG Secure Search\ not found.
Folder C:\Documents and Settings\All Users\Application Data\AVG Secure Search\ not found.
Folder C:\Program Files\Common Files\AVG Secure Search\ not found.
C:\Program Files\Yontoo folder moved successfully.
C:\Documents and Settings\Administrator\Start Menu\Programs\Bekko Search Bar 1.0 folder moved successfully.
C:\Program Files\Bekko Search Bar 1.0\js_components\util folder moved successfully.
C:\Program Files\Bekko Search Bar 1.0\js_components\res\weatherplugin\proppage folder moved successfully.
C:\Program Files\Bekko Search Bar 1.0\js_components\res\weatherplugin folder moved successfully.
C:\Program Files\Bekko Search Bar 1.0\js_components\res\searchcomponent folder moved successfully.
C:\Program Files\Bekko Search Bar 1.0\js_components\res\rssreader\proppage\images folder moved successfully.
C:\Program Files\Bekko Search Bar 1.0\js_components\res\rssreader\proppage folder moved successfully.
C:\Program Files\Bekko Search Bar 1.0\js_components\res\rssreader folder moved successfully.
C:\Program Files\Bekko Search Bar 1.0\js_components\res\radioplugin\proppage\widgets folder moved successfully.
C:\Program Files\Bekko Search Bar 1.0\js_components\res\radioplugin\proppage\images folder moved successfully.
C:\Program Files\Bekko Search Bar 1.0\js_components\res\radioplugin\proppage folder moved successfully.
C:\Program Files\Bekko Search Bar 1.0\js_components\res\radioplugin\js folder moved successfully.
C:\Program Files\Bekko Search Bar 1.0\js_components\res\radioplugin\images folder moved successfully.
C:\Program Files\Bekko Search Bar 1.0\js_components\res\radioplugin\css folder moved successfully.
C:\Program Files\Bekko Search Bar 1.0\js_components\res\radioplugin folder moved successfully.
C:\Program Files\Bekko Search Bar 1.0\js_components\res\msgboxplugin folder moved successfully.
C:\Program Files\Bekko Search Bar 1.0\js_components\res\emailchecker\proppage\widgets folder moved successfully.
C:\Program Files\Bekko Search Bar 1.0\js_components\res\emailchecker\proppage folder moved successfully.
C:\Program Files\Bekko Search Bar 1.0\js_components\res\emailchecker folder moved successfully.
C:\Program Files\Bekko Search Bar 1.0\js_components\res\common\proppage folder moved successfully.
C:\Program Files\Bekko Search Bar 1.0\js_components\res\common folder moved successfully.
C:\Program Files\Bekko Search Bar 1.0\js_components\res\bookmarksplugin\proppage\images folder moved successfully.
C:\Program Files\Bekko Search Bar 1.0\js_components\res\bookmarksplugin\proppage folder moved successfully.
C:\Program Files\Bekko Search Bar 1.0\js_components\res\bookmarksplugin folder moved successfully.
C:\Program Files\Bekko Search Bar 1.0\js_components\res folder moved successfully.
C:\Program Files\Bekko Search Bar 1.0\js_components folder moved successfully.
C:\Program Files\Bekko Search Bar 1.0\images\weather\png folder moved successfully.
C:\Program Files\Bekko Search Bar 1.0\images\weather folder moved successfully.
C:\Program Files\Bekko Search Bar 1.0\images\ticker folder moved successfully.
C:\Program Files\Bekko Search Bar 1.0\images\msgbox folder moved successfully.
C:\Program Files\Bekko Search Bar 1.0\images folder moved successfully.
C:\Program Files\Bekko Search Bar 1.0 folder moved successfully.
========== FILES ==========
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll moved successfully.
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll moved successfully.
File\Folder C:\Program Files\Yontoo\YontooIEClient.dll not found.

OTL by OldTimer - Version 3.2.43.2 log created on 05302012_085649


Percy
pshaw1993
Regular Member
 
Posts: 28
Joined: May 26th, 2012, 10:32 pm

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 17 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware