Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

www.searchnu.com/421 problem

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

www.searchnu.com/421 problem

Unread postby pshaw1993 » August 31st, 2012, 11:00 am

Description of Problem
After downloading a "free" cd burner from the internet I started having trouble opening my foxfire browser and eventually started seeing the "www.searchnu.com/421 in the address bar. My computer has slowed down in productivity.

Below are the logs you asked for:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1
Run by Administrator at 10:51:06 on 2012-08-31
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1977.900 [GMT -4:00]
.
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Zoom Wireless-N USB\Common\RaUI.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\Zoom Wireless-N USB\Common\RaRegistry.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\FireTrust\MailWasher\MailWasherPro.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.searchnu.com/421
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\search~1\datamngr\toolbar\searchqudtx.dll
BHO: DataMngr: {9d717f81-9148-4f12-8568-69135f087db0} - c:\progra~1\search~1\datamngr\BROWSE~1.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\search~1\datamngr\toolbar\searchqudtx.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_3_300_271_Plugin.exe -update plugin
uRunOnce: [!SearchquDSFF] c:\windows\system32\rundll32.exe c:\docume~1\admini~1\locals~1\temp\SRASSE~1.DLL,_SetFirefoxAssets Search Results,Search_Results,http://dts.search-results.com/sr?src=ffb&appid=101&systemid=421&sr=0&q=,
uRunOnce: [!SearchquFFHP] c:\windows\system32\rundll32.exe c:\docume~1\admini~1\locals~1\temp\INSTAL~1.DLL,_SetFirefoxHP http://www.searchnu.com/421,
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [LGODDFU] "c:\program files\lg_fwupdate\lgfw.exe" blrun
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\media suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\media suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [BYR_AGENT] c:\documents and settings\all users\application data\lgmobileax\byr_client\VZWNotiAgent.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DATAMNGR] c:\progra~1\search~1\datamngr\DATAMN~1.EXE
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mailwa~1.lnk - c:\program files\firetrust\mailwasher\MailWasherPro.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\zoomwi~1.lnk - c:\program files\zoom wireless-n usb\common\RaUI.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/In ... ect118.cab
DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{8F5EB84F-3D16-40FF-B718-AF2BDB109EA6} : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\search~1\datamngr\datamngr.dll c:\progra~1\search~1\datamngr\IEBHO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\s0byu6dm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.searchnu.com/421
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ff ... 21&sr=0&q=
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2008-3-28 24064]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-12-21 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-12-21 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-12-21 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-12-21 83392]
R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\zoom wireless-n usb\common\RaRegistry.exe [2011-12-31 185632]
R2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [2011-12-31 19072]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [2011-12-21 144480]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2011-12-21 36608]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [2011-12-21 246000]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-26 250056]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-14 114144]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2011-12-31 779136]
.
=============== Created Last 30 ================
.
2012-08-30 21:42:38 -------- d-----w- c:\documents and settings\administrator\application data\searchqutoolbar
2012-08-30 21:42:36 -------- d-----w- c:\program files\Searchqu Toolbar
2012-08-30 21:42:17 40960 ----a-w- c:\windows\system32\SSubTmr6.dll
2012-08-30 21:42:17 15360 ----a-w- c:\windows\system32\inetfr.DLL
2012-08-30 21:42:17 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2012-08-30 21:42:16 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2012-08-30 21:42:16 152848 ----a-w- c:\windows\system32\COMDLG32.OCX
2012-08-30 21:42:16 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2012-08-30 21:42:16 -------- d-----w- c:\program files\Free Easy CD DVD Burner
2012-08-30 21:42:16 -------- d-----w- c:\documents and settings\administrator\application data\FreeBurner
2012-08-30 00:44:12 73696 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
2012-08-29 12:20:19 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Apple Computer
2012-08-29 12:20:12 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-29 12:20:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-29 12:19:31 -------- d-----w- c:\program files\iPod
2012-08-29 12:19:27 -------- d-----w- c:\program files\iTunes
2012-08-29 12:19:27 -------- d-----w- c:\documents and settings\all users\application data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-08-29 12:19:10 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Apple
2012-08-29 12:18:48 -------- d-----w- c:\program files\Bonjour
2012-08-20 20:06:15 -------- d-----w- c:\program files\SeaMonkey
.
==================== Find3M ====================
.
2012-08-14 23:16:05 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-14 23:16:05 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-19 14:26:13 16384 ----a-w- c:\windows\system32\lgfwunis.exe
2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
.
============= FINISH: 10:51:36.73 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/21/2011 6:39:34 PM
System Uptime: 8/23/2012 11:34:01 AM (191 hours ago)
.
Motherboard: Hewlett-Packard | | 3031h
Processor: Intel(R) Core(TM)2 Quad CPU Q9400 @ 2.66GHz | XU1 PROCESSOR | 2659/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 52.324 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\4&3AB037A0&0
Manufacturer: Microsoft
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\4&3AB037A0&0
Service: i8042prt
.
Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&3AB037A0&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&3AB037A0&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP99: 6/2/2012 11:12:06 AM - System Checkpoint
RP100: 6/3/2012 11:39:39 AM - System Checkpoint
RP101: 6/4/2012 12:39:39 PM - System Checkpoint
RP102: 6/5/2012 1:39:39 PM - System Checkpoint
RP103: 6/6/2012 2:39:39 PM - System Checkpoint
RP104: 6/7/2012 2:59:20 PM - System Checkpoint
RP105: 6/8/2012 3:39:39 PM - System Checkpoint
RP106: 6/9/2012 6:27:06 PM - System Checkpoint
RP107: 6/10/2012 6:39:37 PM - System Checkpoint
RP108: 6/11/2012 6:49:16 PM - System Checkpoint
RP109: 6/12/2012 8:20:03 PM - System Checkpoint
RP110: 6/13/2012 8:45:42 PM - System Checkpoint
RP111: 6/14/2012 9:39:37 PM - System Checkpoint
RP112: 6/15/2012 8:05:11 AM - Removed MailWasherPro
RP113: 6/15/2012 8:38:05 AM - Software Distribution Service 3.0
RP114: 6/16/2012 9:33:57 AM - System Checkpoint
RP115: 6/17/2012 10:32:52 AM - System Checkpoint
RP116: 6/18/2012 11:32:52 AM - System Checkpoint
RP117: 6/19/2012 10:06:08 AM - Installed Suite
RP118: 6/20/2012 10:15:45 AM - System Checkpoint
RP119: 6/21/2012 11:19:27 AM - System Checkpoint
RP120: 6/22/2012 11:27:33 AM - System Checkpoint
RP121: 6/23/2012 12:16:36 PM - System Checkpoint
RP122: 6/24/2012 1:04:36 PM - System Checkpoint
RP123: 6/25/2012 2:04:36 PM - System Checkpoint
RP124: 6/26/2012 1:47:00 PM - Installed Java(TM) 7 Update 5
RP125: 6/26/2012 1:47:35 PM - Removed JavaFX 2.1.0
RP126: 6/26/2012 1:47:40 PM - Installed JavaFX 2.1.1
RP127: 6/27/2012 4:53:59 PM - System Checkpoint
RP128: 6/28/2012 5:30:35 PM - System Checkpoint
RP129: 6/29/2012 6:04:36 PM - System Checkpoint
RP130: 6/30/2012 7:05:39 PM - System Checkpoint
RP131: 7/1/2012 8:04:34 PM - System Checkpoint
RP132: 7/2/2012 3:00:55 PM - Software Distribution Service 3.0
RP133: 7/3/2012 1:10:12 AM - Software Distribution Service 3.0
RP134: 7/4/2012 1:56:14 AM - System Checkpoint
RP135: 7/5/2012 2:56:14 AM - System Checkpoint
RP136: 7/6/2012 3:56:14 AM - System Checkpoint
RP137: 7/7/2012 4:56:14 AM - System Checkpoint
RP138: 7/8/2012 4:57:18 AM - System Checkpoint
RP139: 7/9/2012 5:56:13 AM - System Checkpoint
RP140: 7/10/2012 6:23:59 AM - System Checkpoint
RP141: 7/11/2012 7:25:04 AM - System Checkpoint
RP142: 7/12/2012 7:30:23 AM - System Checkpoint
RP143: 7/13/2012 8:44:03 AM - System Checkpoint
RP144: 7/14/2012 9:29:59 AM - System Checkpoint
RP145: 7/14/2012 3:07:41 PM - Install LG UNITED Drivers
RP146: 7/15/2012 3:28:54 PM - System Checkpoint
RP147: 7/16/2012 4:28:54 PM - System Checkpoint
RP148: 7/17/2012 4:47:54 PM - System Checkpoint
RP149: 7/18/2012 4:56:24 PM - System Checkpoint
RP150: 7/19/2012 5:58:44 PM - System Checkpoint
RP151: 7/20/2012 7:04:05 PM - System Checkpoint
RP152: 7/21/2012 7:28:54 PM - System Checkpoint
RP153: 7/22/2012 8:28:53 PM - System Checkpoint
RP154: 7/23/2012 10:46:23 PM - System Checkpoint
RP155: 7/24/2012 11:24:31 PM - System Checkpoint
RP156: 7/25/2012 11:41:50 PM - System Checkpoint
RP157: 7/27/2012 12:14:36 AM - System Checkpoint
RP158: 7/28/2012 12:56:44 AM - System Checkpoint
RP159: 7/29/2012 1:54:00 AM - System Checkpoint
RP160: 7/30/2012 2:34:37 AM - System Checkpoint
RP161: 7/31/2012 3:18:58 AM - System Checkpoint
RP162: 8/1/2012 4:18:58 AM - System Checkpoint
RP163: 8/2/2012 5:18:58 AM - System Checkpoint
RP164: 8/3/2012 5:20:03 AM - System Checkpoint
RP165: 8/4/2012 6:22:03 AM - System Checkpoint
RP166: 8/5/2012 6:30:25 AM - System Checkpoint
RP167: 8/6/2012 7:27:29 AM - System Checkpoint
RP168: 8/7/2012 7:28:34 AM - System Checkpoint
RP169: 8/8/2012 8:46:05 AM - System Checkpoint
RP170: 8/9/2012 9:40:36 AM - System Checkpoint
RP171: 8/10/2012 10:27:29 AM - System Checkpoint
RP172: 8/11/2012 10:28:34 AM - System Checkpoint
RP173: 8/12/2012 10:33:14 AM - System Checkpoint
RP174: 8/13/2012 11:22:42 AM - System Checkpoint
RP175: 8/14/2012 12:06:17 PM - System Checkpoint
RP176: 8/15/2012 1:06:16 PM - System Checkpoint
RP177: 8/16/2012 2:06:17 PM - System Checkpoint
RP178: 8/17/2012 3:06:17 PM - System Checkpoint
RP179: 8/18/2012 3:27:13 PM - System Checkpoint
RP180: 8/19/2012 4:12:05 PM - System Checkpoint
RP181: 8/20/2012 6:21:15 PM - System Checkpoint
RP182: 8/21/2012 8:20:07 PM - System Checkpoint
RP183: 8/22/2012 8:42:35 PM - System Checkpoint
RP184: 8/23/2012 9:46:49 PM - System Checkpoint
RP185: 8/24/2012 10:37:59 PM - System Checkpoint
RP186: 8/25/2012 11:37:59 PM - System Checkpoint
RP187: 8/27/2012 1:19:31 AM - System Checkpoint
RP188: 8/28/2012 1:35:01 AM - System Checkpoint
RP189: 8/29/2012 1:37:58 AM - System Checkpoint
RP190: 8/29/2012 8:19:20 AM - Installed iTunes
RP191: 8/30/2012 8:22:07 AM - System Checkpoint
RP192: 8/31/2012 9:11:04 AM - System Checkpoint
.
==== Installed Programs ======================
.
%WS4_ARP_DISPLAY%
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.1 - Korean
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avira Free Antivirus
Bekko Search Bar 1.0
Bonjour
ERUNT 1.1j
ESET Online Scanner v3
Hewlett-Packard ACLM.NET v1.1.0.0
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB954550-v5)
HP Product Detection
Intel(R) Graphics Media Accelerator Driver
Intel(R) Network Connections Drivers
iTunes
Java Auto Updater
Java(TM) 7 Update 5
JavaFX 2.1.1
K-Lite Mega Codec Pack 6.4.0
LG Burning Tool
LG CyberLink LabelPrint
LG CyberLink Media Suite
LG CyberLink PowerBackup
LG CyberLink YouCam
LG ODD Auto Firmware Update
LG Verizon United Drivers
MailWasher Free 6.5.4
MailWasherPro
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Service Pack 1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 15.0 (x86 en-US)
Mozilla Maintenance Service
MSN
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
SeaMonkey (2.11)
Searchqu Toolbar
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
SoundMAX
SRS Premium Sound for HP Thin Speakers
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Yontoo 1.10.02
Zoom Wireless-N USB Zoom Wireless-N USB
.
==== End Of File ===========================
pshaw1993
Regular Member
 
Posts: 28
Joined: May 26th, 2012, 10:32 pm
Advertisement
Register to Remove

Re: www.searchnu.com/421 problem

Unread postby askey127 » August 31st, 2012, 5:00 pm

Hi pshaw1993,
Hopefully, we can help get rid of this thing for you.
First, there is a recent serious vulnerability in Java as it applies to browsers.
The newest Java 7 update 7 does not necessarily fix it.
----------------------------------------------
New Java Infection Threat

You may want to shut off Java in your browsers until Oracle gets the problem fixed.
Lots of PC infections expected.
http://www.pcworld.com/article/261615/j ... #tk.hp_new

How to Disable Java in your Browser:
http://www.geekstogo.com/2600/how-to-di ... b-browser/
(This may cause failure of some websites to display or interact correctly).
----------------------------------------------
Preliminary Removals with an OTL Custom Fix
Please right-click on the filename link below and select "Save target as..." or "Save Link as...", choose the Desktop location, and choose to save as the filename :Fix.txt
Windows XP, 32 bit : SQWinXP_x32.TXT
Make sure that Fix.txt is the exact filename used.
----------------------------------------------
Perform a Custom Fix with OTL
Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.
Double Click the OTL icon (Right click and choose "Run as administrator" in Vista/Win7)
  • Click the Run Fix button at the top.
  • You will see a popup dialog reporting "No fix has been provided. Click OK to load from a file or Cancel". Click on OK
  • When the Open dialog comes up, Navigate to the Desktop, scroll to highlight the file named Fix.txt and click Open
  • Some text will appear in the Custom scans/Fixes box.
  • Click the Run Fix button in OTL.
  • Let the program run unhindered and reboot the PC when it is done.
    When the computer Reboots, and you start your usual account, a Notepad text file will appear.
  • Copy the contents of that file and post it in your next reply. The file will also appear on your desktop as OTL.txt
---------------------------------------------
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchnu
    Searchqu
    iLivid
    whitesmoke
    datamngr
    kelkoopartners
    trolltech
    
  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The results log can also be found on your Desktop, entitled SystemLook.txt

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: www.searchnu.com/421 problem

Unread postby pshaw1993 » August 31st, 2012, 7:53 pm

Hello askey127,

I followed the instructions for disabling Java for Firefox but was not able to follow the instructions for IE.
Following are the notepads for OTL.txt which shows as 08312012_192936.log and the SystemLook.txt.

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~1\wi371a~1\datamngr\datamngr.dll deleted successfully.
File pInit_DLLs: not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~1\wi371a~1\datamngr\iebho.dll deleted successfully.
File pInit_DLLs: not found.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page not found.
Registry key HKEY_CURRENT_USER\Software\DataMngr_Toolbar\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Bandoo\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\iLivid\ not found.
Registry key HKEY_CURRENT_USER\Software\AppDataLow\Software\searchqutoolbar\ not found.
Registry key HKEY_CURRENT_USER\Software\DataMngr\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bandoo\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu 406 MediaBar\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\menuorder\start menu2\programs\bandoo\ not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\ not found.
Registry key HKEY_CURRENT_USER\Software\ilivid\ not found.
Registry key HKEY_CURRENT_USER\Software\searchqutoolbar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Bandoo\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BandooCore.EXE\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1301A8A5-3DFB-4731-A162-B357D00C9644}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477F210A-2A86-4666-9C4B-1189634D2C84}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF871E51-2655-4D06-AED5-745962A96B32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f000001-db8e-f89c-2fec-49bf726f8c12}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9189560-573A-4fde-B055-AE7B0F4CF080}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\ilivid.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASAPI32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASMANCS\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Searchqu Toolbar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Windows Searchqu Toolbar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Searchqu Toolbar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\SearchquMediabarTb\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{b543ef05-9758-464e-9f37-4c28525b4a4c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b543ef05-9758-464e-9f37-4c28525b4a4c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{8f5f1cb6-ea9e-40af-a5ca-c7fd63cc1971}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\currentversion\app management\arpcache\searchqu 406 mediabar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{a40dc6c5-79d0-4ca8-a185-8ff989af1115}\inprocserver32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{cc1ac828-bb47-4361-afb5-96eee259dd87}\inprocserver32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{fefd3af5-a346-4451-aa23-a3ad54915515}\inprocserver32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{5b4144e1-b61d-495a-9a50-cd1a95d86d15}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{6a4bcaba-c437-4c76-a54e-af31b8a76cb9}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{841d5a49-e48d-413c-9c28-eb3d9081d705}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet explorer\low rights\elevationpolicy\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet explorer\low rights\elevationpolicy\{d0a4be92-2216-42db-ab35-d72efb9f0176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0a4be92-2216-42db-ab35-d72efb9f0176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\shared tools\msconfig\startupreg\datamngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0EDE4701-347A-45E0-81F0-D81D9F69BBFB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EDE4701-347A-45E0-81F0-D81D9F69BBFB}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\\C:\PROGRA~1\WINDOW~4\Datamngr\DATAMN~1.EXE not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR not found.
========== FILES ==========
File\Folder C:\Program Files\Windows iLivid Toolbar not found.
File\Folder C:\Program Files\Windows Searchqu Toolbar not found.
File\Folder C:\Program Files\iLivid not found.
File\Folder C:\Windows\Prefetch\ILIVID* not found.
File\Folder C:\Windows\Prefetch\SEARCHQUMEDIABAR* not found.
File\Folder C:\Windows\Prefetch\SETUPDATAMNGR* not found.
File\Folder C:\Program Files\mozilla firefox\searchplugins\SearchquWebSearch.xml not found.
File/Folder C:\Documents and Settings\Administrator\Application Data\searchquband not found.
File/Folder C:\Documents and Settings\Administrator\Application Data\searchqutoolbar not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 5191938 bytes
->Temporary Internet Files folder emptied: 308904 bytes
->FireFox cache emptied: 11660534 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 16.00 mb


OTL by OldTimer - Version 3.2.43.2 log created on 08312012_192936

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 5 for Trap-A-Holics-Trap_Music_Squad_Life_Edition_2_Hosted_By_Kay-O_Redd_OJ_Da_Juiceman.zip\Trap-A-Holics-Trap_Music_Squad_Life_Edition_2_Hosted_By_Kay-O_Redd_OJ_Da_Juiceman\01-Kay-O_Redd_Oj_Da_Juiceman-S not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 4 for Trap-A-Holics-Trap_Music_Squad_Life_Edition_2_Hosted_By_Kay-O_Redd_OJ_Da_Juiceman.zip\Trap-A-Holics-Trap_Music_Squad_Life_Edition_2_Hosted_By_Kay-O_Redd_OJ_Da_Juiceman\01-Kay-O_Redd_Oj_Da_Juiceman-S not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 3 for Trap-A-Holics-Trap_Music_Squad_Life_Edition_2_Hosted_By_Kay-O_Redd_OJ_Da_Juiceman.zip\Trap-A-Holics-Trap_Music_Squad_Life_Edition_2_Hosted_By_Kay-O_Redd_OJ_Da_Juiceman\01-Kay-O_Redd_Oj_Da_Juiceman-S not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 2 for Trap-A-Holics-Trap_Music_Squad_Life_Edition_2_Hosted_By_Kay-O_Redd_OJ_Da_Juiceman.zip\Trap-A-Holics-Trap_Music_Squad_Life_Edition_2_Hosted_By_Kay-O_Redd_OJ_Da_Juiceman\01-Kay-O_Redd_Oj_Da_Juiceman-S not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 1 for Trap-A-Holics-Trap_Music_Squad_Life_Edition_2_Hosted_By_Kay-O_Redd_OJ_Da_Juiceman.zip\Trap-A-Holics-Trap_Music_Squad_Life_Edition_2_Hosted_By_Kay-O_Redd_OJ_Da_Juiceman\01-Kay-O_Redd_Oj_Da_Juiceman-S not found!

Registry entries deleted on Reboot...

********************************************************************************************
SystemLook 30.07.11 by jpshortstuff
Log created at 19:42 on 31/08/2012 by Administrator
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\s0byu6dm.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\bandoocode.js --a---- 28930 bytes [08:42 27/02/2012] [08:42 27/02/2012] 328007B562F9A5A23B7AD15EDF23A1FB
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\s0byu6dm.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib\bandoocode.js --a---- 35569 bytes [08:42 27/02/2012] [08:42 27/02/2012] 5CF1B92435FF1EEDEDF8B9BB23846933
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\s0byu6dm.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\bandoo.css --a---- 8308 bytes [08:42 27/02/2012] [08:42 27/02/2012] D98167EFDC45E8EC6F4769791A15CE36
C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\bandoocode.js --a---- 28930 bytes [08:42 27/02/2012] [08:42 27/02/2012] 328007B562F9A5A23B7AD15EDF23A1FB
C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\bandoocode.js --a---- 35569 bytes [08:42 27/02/2012] [08:42 27/02/2012] 5CF1B92435FF1EEDEDF8B9BB23846933
C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bandoo.css --a---- 8308 bytes [08:42 27/02/2012] [08:42 27/02/2012] D98167EFDC45E8EC6F4769791A15CE36
C:\_OTL\MovedFiles\05292012_081348\C_Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\bandoocode.js --a---- 28930 bytes [08:42 27/02/2012] [08:42 27/02/2012] 328007B562F9A5A23B7AD15EDF23A1FB
C:\_OTL\MovedFiles\05292012_081348\C_Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\bandoocode.js --a---- 35569 bytes [08:42 27/02/2012] [08:42 27/02/2012] 5CF1B92435FF1EEDEDF8B9BB23846933
C:\_OTL\MovedFiles\05292012_081348\C_Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bandoo.css --a---- 8308 bytes [08:42 27/02/2012] [08:42 27/02/2012] D98167EFDC45E8EC6F4769791A15CE36

Searching for "*Searchnu*"
No files found.

Searching for "*Searchqu*"
C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchquband.dll --a---- 449424 bytes [08:42 27/02/2012] [08:42 27/02/2012] 39ECB144372B2ED7B1B91A1E63D3F275
C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll --a---- 88976 bytes [08:42 27/02/2012] [08:42 27/02/2012] AD14E447F7CED4CA987B91B379EAF952
C:\_OTL\MovedFiles\05282012_122508\C_Windows\Prefetch\SEARCHQUMEDIABAR.EXE-13776AC9.pf --a---- 47098 bytes [12:37 15/05/2012] [12:37 15/05/2012] D4BEA9F0B87B79E58C3FF085F0579110
C:\_OTL\MovedFiles\05282012_122508\C_Windows\Prefetch\SETUPDATAMNGR_SEARCHQU.EXE-00FD0BE9.pf --a---- 34306 bytes [12:37 15/05/2012] [12:37 15/05/2012] 05C01795F7118C3801E08A17AFCC3F12
C:\_OTL\MovedFiles\05292012_081348\C_Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchquband.dll --a---- 449424 bytes [08:42 27/02/2012] [08:42 27/02/2012] 39ECB144372B2ED7B1B91A1E63D3F275
C:\_OTL\MovedFiles\05292012_081348\C_Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll --a---- 88976 bytes [08:42 27/02/2012] [08:42 27/02/2012] AD14E447F7CED4CA987B91B379EAF952
C:\_OTL\MovedFiles\08312012_191511\C_Windows\Prefetch\SEARCHQUMEDIABAR.EXE-13776AC9.pf --a---- 48734 bytes [21:42 30/08/2012] [21:42 30/08/2012] 7BAEE27CEDD86393AEEE2A5AF04BCD4D
C:\_OTL\MovedFiles\08312012_191511\C_Windows\Prefetch\SETUPDATAMNGR_SEARCHQU.EXE-00FD0BE9.pf --a---- 46128 bytes [21:42 30/08/2012] [21:42 30/08/2012] BCD068165BD66ACFD03018C44EBE8565

Searching for "*iLivid*"
C:\_OTL\MovedFiles\05282012_122508\C_Windows\Prefetch\ILIVID.EXE-0178C79C.pf --a---- 52864 bytes [01:41 27/05/2012] [01:41 27/05/2012] 40DBC2ACA0C4B978D7176B8C433BFEF6
C:\_OTL\MovedFiles\05282012_122508\C_Windows\Prefetch\ILIVIDSETUPV1.EXE-2A4D2147.pf --a---- 26012 bytes [12:37 15/05/2012] [12:37 15/05/2012] F881169453B68C3AD55296EEE2D16ADA
C:\_OTL\MovedFiles\05292012_081348\C_Documents and Settings\Administrator\My Documents\Downloads\iLividSetupV1.exe --a---- 516136 bytes [12:36 15/05/2012] [12:36 15/05/2012] (Unable to calculate MD5)

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
C:\Program Files\Searchqu Toolbar\Datamngr\datamngr.dll --a---- 1723320 bytes [21:42 30/08/2012] [06:45 06/08/2012] 4A483BC3058E83AA42A8B24C83BA189E
C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe --a---- 1890744 bytes [21:42 30/08/2012] [06:45 06/08/2012] E202A85BAC78281EDF80055A07691987
C:\Program Files\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlp.xpt --a---- 989 bytes [21:42 30/08/2012] [06:44 06/08/2012] CB033DE4810614BD057D96DDCBF3427C
C:\Program Files\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF10.dll --a---- 840192 bytes [21:42 30/08/2012] [06:43 06/08/2012] 8595CC588D20DDEE48A36A681C9A826F
C:\Program Files\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF11.dll --a---- 840192 bytes [21:42 30/08/2012] [06:43 06/08/2012] 3D8EC580519E7B46CDFE3D068BB5C3AB
C:\Program Files\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF12.dll --a---- 840192 bytes [21:42 30/08/2012] [06:44 06/08/2012] A432F1E5D8FC3184941D656A06E02E0F
C:\Program Files\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF13.dll --a---- 840192 bytes [21:42 30/08/2012] [06:44 06/08/2012] D6B05B2B930ED9A35C1D042198A704C0
C:\Program Files\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF14.dll --a---- 840192 bytes [21:42 30/08/2012] [06:44 06/08/2012] 3BA3C4D01BB1F9C2AA048DEFBCF3C481
C:\Program Files\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF15.dll --a---- 840192 bytes [21:42 30/08/2012] [06:45 06/08/2012] F91216DB6B370609545824249AE9997C
C:\Program Files\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF3.dll --a---- 845824 bytes [21:42 30/08/2012] [06:41 06/08/2012] 5E022AA4221719FD7FE7840C5A5E5BCC
C:\Program Files\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF4.dll --a---- 840704 bytes [21:42 30/08/2012] [06:41 06/08/2012] CCF59D6813DC39FB5C7BD4B3405299CA
C:\Program Files\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF5.dll --a---- 840704 bytes [21:42 30/08/2012] [06:42 06/08/2012] 4CB38F3A5DD6D79DA72BD09DAB2D7C50
C:\Program Files\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF6.dll --a---- 840704 bytes [21:42 30/08/2012] [06:42 06/08/2012] 607AE0DD7EAE6E533D371052A5FCF85D
C:\Program Files\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF7.dll --a---- 840704 bytes [21:42 30/08/2012] [06:42 06/08/2012] A63A25EB9116FB21FF0476FF6BCECB8A
C:\Program Files\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF8.dll --a---- 840704 bytes [21:42 30/08/2012] [06:42 06/08/2012] F01D800DA3FF63E8CADF239D108EC127
C:\Program Files\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF9.dll --a---- 840704 bytes [21:42 30/08/2012] [06:43 06/08/2012] 171AFB22F62FE0BEA5D77B47C4516315
C:\Program Files\Searchqu Toolbar\Datamngr\FirefoxExtension\content\DataMngr.js --a---- 19145 bytes [21:42 30/08/2012] [14:15 02/07/2012] 289E815C8591C8FA9A374B2AB706F0A7
C:\_OTL\MovedFiles\05282012_122508\C_Windows\Prefetch\SETUPDATAMNGR_SEARCHQU.EXE-00FD0BE9.pf --a---- 34306 bytes [12:37 15/05/2012] [12:37 15/05/2012] 05C01795F7118C3801E08A17AFCC3F12
C:\_OTL\MovedFiles\05292012_081348\C_Program Files\Searchqu Toolbar\Datamngr\datamngr.dll --a---- 1236368 bytes [12:37 15/05/2012] [12:12 12/03/2012] FC1D7766DCFEDEE9B1620D3926566E99
C:\_OTL\MovedFiles\05292012_081348\C_Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe --a---- 1694608 bytes [12:37 15/05/2012] [12:12 12/03/2012] 67873CD260C78BF5FAFFF1C8FCF9FCEF
C:\_OTL\MovedFiles\05292012_081348\C_Program Files\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlp.dll --a---- 351232 bytes [12:37 15/05/2012] [14:38 02/08/2011] 4D9F92DF1AA8AA39F7645C27D6E7CB1A
C:\_OTL\MovedFiles\05292012_081348\C_Program Files\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlp.xpt --a---- 981 bytes [12:37 15/05/2012] [12:11 12/03/2012] B4E345F24F98FD5690FA1B2D7F5DC3BD
C:\_OTL\MovedFiles\05292012_081348\C_Program Files\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF10.dll --a---- 351744 bytes [12:37 15/05/2012] [12:11 12/03/2012] 1AC803089576DF214AB0D5B266963274
C:\_OTL\MovedFiles\05292012_081348\C_Program Files\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF11.dll --a---- 351744 bytes [12:37 15/05/2012] [12:11 12/03/2012] 4DD4BB84149826D6ED76090EBACA0091
C:\_OTL\MovedFiles\05292012_081348\C_Program Files\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF3.dll --a---- 355840 bytes [12:37 15/05/2012] [12:09 12/03/2012] BB16A34A7E14048C4657FB24E723BA92
C:\_OTL\MovedFiles\05292012_081348\C_Program Files\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF4.dll --a---- 351744 bytes [12:37 15/05/2012] [12:09 12/03/2012] FD5B2DCC9D0BDF339B330DDF9AE889F2
C:\_OTL\MovedFiles\05292012_081348\C_Program Files\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF5.dll --a---- 351744 bytes [12:37 15/05/2012] [12:10 12/03/2012] B5087EBC621FA459653A233716F99248
C:\_OTL\MovedFiles\05292012_081348\C_Program Files\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF6.dll --a---- 351744 bytes [12:37 15/05/2012] [12:10 12/03/2012] DF1B9DEDFC3F97B9E922522EF6E4CDF2
C:\_OTL\MovedFiles\05292012_081348\C_Program Files\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF7.dll --a---- 351744 bytes [12:37 15/05/2012] [12:10 12/03/2012] 334C747E342546D01A65EDE11A92DF1E
C:\_OTL\MovedFiles\05292012_081348\C_Program Files\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF8.dll --a---- 351744 bytes [12:37 15/05/2012] [12:11 12/03/2012] C5F107775CF025C828ED5636486FA85F
C:\_OTL\MovedFiles\05292012_081348\C_Program Files\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF9.dll --a---- 351744 bytes [12:37 15/05/2012] [12:11 12/03/2012] B6208CA135BA5C8FAC464D93C45C7751
C:\_OTL\MovedFiles\05292012_081348\C_Program Files\Searchqu Toolbar\Datamngr\FirefoxExtension\content\DataMngr.js --a---- 16184 bytes [12:37 15/05/2012] [06:50 25/10/2011] 74EA142FA2CF77FA2306892E2B45FA13
C:\_OTL\MovedFiles\08312012_191511\C_Windows\Prefetch\SETUPDATAMNGR_SEARCHQU.EXE-00FD0BE9.pf --a---- 46128 bytes [21:42 30/08/2012] [21:42 30/08/2012] BCD068165BD66ACFD03018C44EBE8565

Searching for "*trolltech*"
No files found.

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchnu*"
No folders found.

Searching for "*Searchqu*"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\s0byu6dm.default\searchqutoolbar d------ [21:42 30/08/2012]
C:\Program Files\Searchqu Toolbar d------ [21:42 30/08/2012]
C:\_OTL\MovedFiles\05282012_122508\C_Documents and Settings\Administrator\Application Data\searchqutoolbar d------ [12:37 15/05/2012]
C:\_OTL\MovedFiles\05292012_081348\C_Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\s0byu6dm.default\searchqutoolbar d------ [12:37 15/05/2012]
C:\_OTL\MovedFiles\05292012_081348\C_Program Files\Searchqu Toolbar d------ [12:13 29/05/2012]
C:\_OTL\MovedFiles\08312012_191511\C_Documents and Settings\Administrator\Application Data\searchquband d------ [22:55 31/08/2012]
C:\_OTL\MovedFiles\08312012_191511\C_Documents and Settings\Administrator\Application Data\searchqutoolbar d------ [23:15 31/08/2012]

Searching for "*iLivid*"
C:\_OTL\MovedFiles\05292012_081348\C_Documents and Settings\Administrator\Local Settings\Application Data\Ilivid Player d------ [01:41 27/05/2012]

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
C:\Documents and Settings\Administrator\AppData\LocalLow\DataMngr d------ [22:55 31/08/2012]
C:\Program Files\Searchqu Toolbar\Datamngr d------ [21:42 30/08/2012]
C:\_OTL\MovedFiles\05292012_081348\C_Program Files\Searchqu Toolbar\Datamngr d------ [12:13 29/05/2012]

Searching for "*trolltech*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar]
"Contact"="Bandoo Media, Inc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar]
"Publisher"="Bandoo Media Inc"

Searching for "Searchnu"
No data found.

Searching for "Searchqu"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&appid=101&systemid=421&qu={searchTerms}&ft=json"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&appid=101&systemid=421&qu={searchTerms}&ft=json"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu Toolbar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar]
"DisplayName"="Searchqu Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar]
"UninstallString"="C:\Program Files\Searchqu Toolbar\uninstall.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar]
"DisplayIcon"="C:\Program Files\Searchqu Toolbar\uninstall.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar]
"Path"="C:\Program Files\Searchqu Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar]
"RunDName"="C:\Program Files\Searchqu Toolbar\Datamngr\installhelper.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe"="C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe:*:Enabled:DTX broker"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe"="C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe:*:Enabled:DTX broker"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe"="C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe:*:Enabled:DTX broker"
[HKEY_USERS\S-1-5-21-1645522239-2111687655-682003330-500\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&appid=101&systemid=421&qu={searchTerms}&ft=json"

Searching for "iLivid"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserConnection.Loader]
@="DataMngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserConnection.Loader.1]
@="DataMngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3829492E-27D0-4A03-82EB-FCBA146C57F6}]
"AppPath"="C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar]
"RunDName"="C:\Program Files\Searchqu Toolbar\Datamngr\installhelper.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe"="C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe:*:Enabled:DTX broker"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe"="C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe:*:Enabled:DTX broker"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe"="C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe:*:Enabled:DTX broker"

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
No data found.

-= EOF =-
pshaw1993
Regular Member
 
Posts: 28
Joined: May 26th, 2012, 10:32 pm

Re: www.searchnu.com/421 problem

Unread postby askey127 » September 1st, 2012, 6:21 am

pshaw1993,
As you may be able to tell, this nuisance dumps a lot of files and registry entries to prevent removal.
It usually takes a few passes to get rid of all of it.
You are doing well so far, and we are getting there.
The folder named C:_OTL is OTL's quarantine folder. Files moved into that folder are rendered harmless.
That folder will be deleted when we are done.
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :Reg
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu Toolbar]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}]
    [-HKEY_USERS\S-1-5-21-1645522239-2111687655-682003330-500\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}]
    [-HKEY_USERS\S-1-5-21-1645522239-2111687655-682003330-500\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserConnection.Loader]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserConnection.Loader.1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3829492E-27D0-4A03-82EB-FCBA146C57F6}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe"=-
    
    :Files
    C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\s0byu6dm.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome
    C:\Program Files\Searchqu Toolbar
    C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\s0byu6dm.default\searchqutoolbar
    C:\Documents and Settings\Administrator\AppData\LocalLow\DataMngr
    ipconfig /flushdns /c
    
    :Commands
    [EMPTYTEMP]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
---------------------------------------------
Run A SystemLook Scan Again
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *datamngr*
    
    :folderfind
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *datamngr*
    
    :Regfind
    Bandoo
    Searchnu
    Searchqu
    iLivid
    datamngr
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The results log can also be found on your Desktop, entitled SystemLook.txt

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: www.searchnu.com/421 problem

Unread postby pshaw1993 » September 1st, 2012, 12:02 pm

Hello askey127,

Thanks so much for your help.

I tried to do the "Quick Scan" that you instructed after rebooting, but it seems to have stalled or frozen. Its been running for about 2 hours with no success. Is it suppose to take that long?

After the "Run Fix" a log was generated (09012012_094107). Was I suppose to copy and paste that log into the "Custom Scans/Fixes" box and then do the Quick Scan?

pshaw1993
pshaw1993
Regular Member
 
Posts: 28
Joined: May 26th, 2012, 10:32 pm

Re: www.searchnu.com/421 problem

Unread postby askey127 » September 1st, 2012, 12:38 pm

pshaw1993,
Don't worry about the OTL quick scan right now.
Please restart the machine, continue with the SystemLook scan, and post those results.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: www.searchnu.com/421 problem

Unread postby pshaw1993 » September 1st, 2012, 1:27 pm

Hi askey127,

Here is the System Lock log you asked for.

SystemLook 30.07.11 by jpshortstuff
Log created at 13:21 on 01/09/2012 by Administrator
Administrator - Elevation successful

========== filefind ==========

Searching for "*Bandoo*"
C:\_OTL\MovedFiles\05292012_081348\C_Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\bandoocode.js --a---- 28930 bytes [08:42 27/02/2012] [08:42 27/02/2012] 328007B562F9A5A23B7AD15EDF23A1FB
C:\_OTL\MovedFiles\05292012_081348\C_Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\bandoocode.js --a---- 35569 bytes [08:42 27/02/2012] [08:42 27/02/2012] 5CF1B92435FF1EEDEDF8B9BB23846933
C:\_OTL\MovedFiles\05292012_081348\C_Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bandoo.css --a---- 8308 bytes [08:42 27/02/2012] [08:42 27/02/2012] D98167EFDC45E8EC6F4769791A15CE36
C:\_OTL\MovedFiles\09012012_094107\C_Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\s0byu6dm.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\bandoocode.js --a---- 28930 bytes [08:42 27/02/2012] [08:42 27/02/2012] 328007B562F9A5A23B7AD15EDF23A1FB
C:\_OTL\MovedFiles\09012012_094107\C_Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\s0byu6dm.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib\bandoocode.js --a---- 35569 bytes [08:42 27/02/2012] [08:42 27/02/2012] 5CF1B92435FF1EEDEDF8B9BB23846933
C:\_OTL\MovedFiles\09012012_094107\C_Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\s0byu6dm.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\bandoo.css --a---- 8308 bytes [08:42 27/02/2012] [08:42 27/02/2012] D98167EFDC45E8EC6F4769791A15CE36
C:\_OTL\MovedFiles\09012012_094107\C_Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\bandoocode.js --a---- 28930 bytes [08:42 27/02/2012] [08:42 27/02/2012] 328007B562F9A5A23B7AD15EDF23A1FB
C:\_OTL\MovedFiles\09012012_094107\C_Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\bandoocode.js --a---- 35569 bytes [08:42 27/02/2012] [08:42 27/02/2012] 5CF1B92435FF1EEDEDF8B9BB23846933
C:\_OTL\MovedFiles\09012012_094107\C_Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bandoo.css --a---- 8308 bytes [08:42 27/02/2012] [08:42 27/02/2012] D98167EFDC45E8EC6F4769791A15CE36

Searching for "*Searchnu*"
No files found.

Searching for "*Searchqu*"
C:\_OTL\MovedFiles\05282012_122508\C_Windows\Prefetch\SEARCHQUMEDIABAR.EXE-13776AC9.pf --a---- 47098 bytes [12:37 15/05/2012] [12:37 15/05/2012] D4BEA9F0B87B79E58C3FF085F0579110
C:\_OTL\MovedFiles\05282012_122508\C_Windows\Prefetch\SETUPDATAMNGR_SEARCHQU.EXE-00FD0BE9.pf --a---- 34306 bytes [12:37 15/05/2012] [12:37 15/05/2012] 05C01795F7118C3801E08A17AFCC3F12
C:\_OTL\MovedFiles\05292012_081348\C_Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchquband.dll --a---- 449424 bytes [08:42 27/02/2012] [08:42 27/02/2012] 39ECB144372B2ED7B1B91A1E63D3F275
C:\_OTL\MovedFiles\05292012_081348\C_Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll --a---- 88976 bytes [08:42 27/02/2012] [08:42 27/02/2012] AD14E447F7CED4CA987B91B379EAF952
C:\_OTL\MovedFiles\08312012_191511\C_Windows\Prefetch\SEARCHQUMEDIABAR.EXE-13776AC9.pf --a---- 48734 bytes [21:42 30/08/2012] [21:42 30/08/2012] 7BAEE27CEDD86393AEEE2A5AF04BCD4D
C:\_OTL\MovedFiles\08312012_191511\C_Windows\Prefetch\SETUPDATAMNGR_SEARCHQU.EXE-00FD0BE9.pf --a---- 46128 bytes [21:42 30/08/2012] [21:42 30/08/2012] BCD068165BD66ACFD03018C44EBE8565
C:\_OTL\MovedFiles\09012012_094107\C_Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchquband.dll --a---- 449424 bytes [08:42 27/02/2012] [08:42 27/02/2012] 39ECB144372B2ED7B1B91A1E63D3F275
C:\_OTL\MovedFiles\09012012_094107\C_Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll --a---- 88976 bytes [08:42 27/02/2012] [08:42 27/02/2012] AD14E447F7CED4CA987B91B379EAF952

Searching for "*datamngr*"
C:\_OTL\MovedFiles\05282012_122508\C_Windows\Prefetch\SETUPDATAMNGR_SEARCHQU.EXE-00FD0BE9.pf --a---- 34306 bytes [12:37 15/05/2012] [12:37 15/05/2012] 05C01795F7118C3801E08A17AFCC3F12
C:\_OTL\MovedFiles\05292012_081348\C_Program Files\Searchqu Toolbar\Datamngr\datamngr.dll --a---- 1236368 bytes [12:37 15/05/2012] [12:12 12/03/2012] FC1D7766DCFEDEE9B1620D3926566E99
C:\_OTL\MovedFiles\05292012_081348\C_Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe --a---- 1694608 bytes [12:37 15/05/2012] [12:12 12/03/2012] 67873CD260C78BF5FAFFF1C8FCF9FCEF
C:\_OTL\MovedFiles\05292012_081348\C_Program Files\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlp.dll --a---- 351232 bytes [12:37 15/05/2012] [14:38 02/08/2011] 4D9F92DF1AA8AA39F7645C27D6E7CB1A
C:\_OTL\MovedFiles\05292012_081348\C_Program Files\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlp.xpt --a---- 981 bytes [12:37 15/05/2012] [12:11 12/03/2012] B4E345F24F98FD5690FA1B2D7F5DC3BD
C:\_OTL\MovedFiles\05292012_081348\C_Program Files\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF10.dll --a---- 351744 bytes [12:37 15/05/2012] [12:11 12/03/2012] 1AC803089576DF214AB0D5B266963274
C:\_OTL\MovedFiles\05292012_081348\C_Program Files\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF11.dll --a---- 351744 bytes [12:37 15/05/2012] [12:11 12/03/2012] 4DD4BB84149826D6ED76090EBACA0091
C:\_OTL\MovedFiles\05292012_081348\C_Program Files\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF3.dll --a---- 355840 bytes [12:37 15/05/2012] [12:09 12/03/2012] BB16A34A7E14048C4657FB24E723BA92
C:\_OTL\MovedFiles\05292012_081348\C_Program Files\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF4.dll --a---- 351744 bytes [12:37 15/05/2012] [12:09 12/03/2012] FD5B2DCC9D0BDF339B330DDF9AE889F2
C:\_OTL\MovedFiles\05292012_081348\C_Program Files\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF5.dll --a---- 351744 bytes [12:37 15/05/2012] [12:10 12/03/2012] B5087EBC621FA459653A233716F99248
C:\_OTL\MovedFiles\05292012_081348\C_Program Files\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF6.dll --a---- 351744 bytes [12:37 15/05/2012] [12:10 12/03/2012] DF1B9DEDFC3F97B9E922522EF6E4CDF2
C:\_OTL\MovedFiles\05292012_081348\C_Program Files\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF7.dll --a---- 351744 bytes [12:37 15/05/2012] [12:10 12/03/2012] 334C747E342546D01A65EDE11A92DF1E
C:\_OTL\MovedFiles\05292012_081348\C_Program Files\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF8.dll --a---- 351744 bytes [12:37 15/05/2012] [12:11 12/03/2012] C5F107775CF025C828ED5636486FA85F
C:\_OTL\MovedFiles\05292012_081348\C_Program Files\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF9.dll --a---- 351744 bytes [12:37 15/05/2012] [12:11 12/03/2012] B6208CA135BA5C8FAC464D93C45C7751
C:\_OTL\MovedFiles\05292012_081348\C_Program Files\Searchqu Toolbar\Datamngr\FirefoxExtension\content\DataMngr.js --a---- 16184 bytes [12:37 15/05/2012] [06:50 25/10/2011] 74EA142FA2CF77FA2306892E2B45FA13
C:\_OTL\MovedFiles\08312012_191511\C_Windows\Prefetch\SETUPDATAMNGR_SEARCHQU.EXE-00FD0BE9.pf --a---- 46128 bytes [21:42 30/08/2012] [21:42 30/08/2012] BCD068165BD66ACFD03018C44EBE8565
C:\_OTL\MovedFiles\09012012_094107\C_Program Files\Searchqu Toolbar\Datamngr\datamngr.dll --a---- 1723320 bytes [21:42 30/08/2012] [06:45 06/08/2012] 4A483BC3058E83AA42A8B24C83BA189E
C:\_OTL\MovedFiles\09012012_094107\C_Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe --a---- 1890744 bytes [21:42 30/08/2012] [06:45 06/08/2012] E202A85BAC78281EDF80055A07691987
C:\_OTL\MovedFiles\09012012_094107\C_Program Files\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlp.xpt --a---- 989 bytes [21:42 30/08/2012] [06:44 06/08/2012] CB033DE4810614BD057D96DDCBF3427C
C:\_OTL\MovedFiles\09012012_094107\C_Program Files\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF10.dll --a---- 840192 bytes [21:42 30/08/2012] [06:43 06/08/2012] 8595CC588D20DDEE48A36A681C9A826F
C:\_OTL\MovedFiles\09012012_094107\C_Program Files\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF11.dll --a---- 840192 bytes [21:42 30/08/2012] [06:43 06/08/2012] 3D8EC580519E7B46CDFE3D068BB5C3AB
C:\_OTL\MovedFiles\09012012_094107\C_Program Files\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF12.dll --a---- 840192 bytes [21:42 30/08/2012] [06:44 06/08/2012] A432F1E5D8FC3184941D656A06E02E0F
C:\_OTL\MovedFiles\09012012_094107\C_Program Files\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF13.dll --a---- 840192 bytes [21:42 30/08/2012] [06:44 06/08/2012] D6B05B2B930ED9A35C1D042198A704C0
C:\_OTL\MovedFiles\09012012_094107\C_Program Files\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF14.dll --a---- 840192 bytes [21:42 30/08/2012] [06:44 06/08/2012] 3BA3C4D01BB1F9C2AA048DEFBCF3C481
C:\_OTL\MovedFiles\09012012_094107\C_Program Files\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF15.dll --a---- 840192 bytes [21:42 30/08/2012] [06:45 06/08/2012] F91216DB6B370609545824249AE9997C
C:\_OTL\MovedFiles\09012012_094107\C_Program Files\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF3.dll --a---- 845824 bytes [21:42 30/08/2012] [06:41 06/08/2012] 5E022AA4221719FD7FE7840C5A5E5BCC
C:\_OTL\MovedFiles\09012012_094107\C_Program Files\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF4.dll --a---- 840704 bytes [21:42 30/08/2012] [06:41 06/08/2012] CCF59D6813DC39FB5C7BD4B3405299CA
C:\_OTL\MovedFiles\09012012_094107\C_Program Files\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF5.dll --a---- 840704 bytes [21:42 30/08/2012] [06:42 06/08/2012] 4CB38F3A5DD6D79DA72BD09DAB2D7C50
C:\_OTL\MovedFiles\09012012_094107\C_Program Files\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF6.dll --a---- 840704 bytes [21:42 30/08/2012] [06:42 06/08/2012] 607AE0DD7EAE6E533D371052A5FCF85D
C:\_OTL\MovedFiles\09012012_094107\C_Program Files\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF7.dll --a---- 840704 bytes [21:42 30/08/2012] [06:42 06/08/2012] A63A25EB9116FB21FF0476FF6BCECB8A
C:\_OTL\MovedFiles\09012012_094107\C_Program Files\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF8.dll --a---- 840704 bytes [21:42 30/08/2012] [06:42 06/08/2012] F01D800DA3FF63E8CADF239D108EC127
C:\_OTL\MovedFiles\09012012_094107\C_Program Files\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF9.dll --a---- 840704 bytes [21:42 30/08/2012] [06:43 06/08/2012] 171AFB22F62FE0BEA5D77B47C4516315
C:\_OTL\MovedFiles\09012012_094107\C_Program Files\Searchqu Toolbar\Datamngr\FirefoxExtension\content\DataMngr.js --a---- 19145 bytes [21:42 30/08/2012] [14:15 02/07/2012] 289E815C8591C8FA9A374B2AB706F0A7

========== folderfind ==========

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchnu*"
No folders found.

Searching for "*Searchqu*"
C:\_OTL\MovedFiles\05282012_122508\C_Documents and Settings\Administrator\Application Data\searchqutoolbar d------ [12:37 15/05/2012]
C:\_OTL\MovedFiles\05292012_081348\C_Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\s0byu6dm.default\searchqutoolbar d------ [12:37 15/05/2012]
C:\_OTL\MovedFiles\05292012_081348\C_Program Files\Searchqu Toolbar d------ [12:13 29/05/2012]
C:\_OTL\MovedFiles\08312012_191511\C_Documents and Settings\Administrator\Application Data\searchquband d------ [22:55 31/08/2012]
C:\_OTL\MovedFiles\08312012_191511\C_Documents and Settings\Administrator\Application Data\searchqutoolbar d------ [23:15 31/08/2012]
C:\_OTL\MovedFiles\09012012_094107\C_Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\s0byu6dm.default\searchqutoolbar d------ [21:42 30/08/2012]
C:\_OTL\MovedFiles\09012012_094107\C_Program Files\Searchqu Toolbar d------ [13:41 01/09/2012]

Searching for "*datamngr*"
C:\_OTL\MovedFiles\05292012_081348\C_Program Files\Searchqu Toolbar\Datamngr d------ [12:13 29/05/2012]
C:\_OTL\MovedFiles\09012012_094107\C_Documents and Settings\Administrator\AppData\LocalLow\DataMngr d------ [22:55 31/08/2012]
C:\_OTL\MovedFiles\09012012_094107\C_Program Files\Searchqu Toolbar\Datamngr d------ [13:41 01/09/2012]

========== Regfind ==========

Searching for "Bandoo"
No data found.

Searching for "Searchnu"
No data found.

Searching for "Searchqu"
No data found.

Searching for "iLivid"
No data found.

Searching for "datamngr"
No data found.

-= EOF =-
pshaw1993
Regular Member
 
Posts: 28
Joined: May 26th, 2012, 10:32 pm

Re: www.searchnu.com/421 problem

Unread postby askey127 » September 1st, 2012, 1:35 pm

pshaw1993,
When you can, you should update this program.
Adobe Reader 9.5.1 - Korean
There should be a version like 10.1.4 or similar.

Tell me how it's running.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: www.searchnu.com/421 problem

Unread postby pshaw1993 » September 1st, 2012, 2:40 pm

Hello askey127,

I installed Adobe Reader X as you asked and opened a file using it. It seems to be working well. I also installed McAfee Security along with it. Was that okay? I forgot to uncheck the box for its installation.

pshaw1993
pshaw1993
Regular Member
 
Posts: 28
Joined: May 26th, 2012, 10:32 pm

Re: www.searchnu.com/421 problem

Unread postby askey127 » September 1st, 2012, 3:16 pm

Go ahead and Uninstall the McAfee Security Scan Plus.
Its "security" is not necessary, to be gracious. It's more of a promotion.

After the Security Scan Plus is gone, start OTL and click the Clean Up button.
You should be good to go.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: www.searchnu.com/421 problem

Unread postby pshaw1993 » September 1st, 2012, 4:51 pm

Hello askey127,

I uninstalled McAffee, ran OTL cleanup but the "www.searchnu.com/421 still shows up. Also the OTL icon is gone off my desktop.


pshaw1993
pshaw1993
Regular Member
 
Posts: 28
Joined: May 26th, 2012, 10:32 pm

Re: www.searchnu.com/421 problem

Unread postby askey127 » September 2nd, 2012, 7:08 am

pshaw1993,
Yes, OTL removes itself.
It looks like something reloaded during reboot, or we just missed one.
Let's load up again. At least it should be simpler this time (fingers crossed).
Tell me which browser were you using when searchnu came up.
-------------------------------------------------
Please download RogueKiller.exe and save it to your desktop.

Run RogueKiller
  • First, quit all running programs.
  • Start RogueKiller.exe. (Double click in XP, Right click and choose "Run as administrator" in Vista/Win7)
  • Note: If the program is blocked, do not hesitate to try several times.
    If it really does not work (it could happen), rename it to winlogon.exe or RogueKiller.com.
  • Wait until prescan has finished.
  • Click on the Scan button in the upper right. Wait for it to finish.
  • When the scan is complete, a file icon named RKreport.txt should appear on your desktop.
  • Please double click that file RKreport.txt and post its contents in your next Reply.
    (You can also open the report by clicking the Report button on the right).
  • When you exit RogueKiller, you may get a popup reporting "None of the Elements have been deleted. Do you want to quit?" Click "Yes".
---------------------------------------------
Download the OTL Scanner Again
Please download OTL.exe by OldTimer and save it to your desktop.
---------------------------------------------
Run a Scan with OTL
  • For WinXP, double click on the OTL icon to run it.
  • Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  • Make sure all other windows are closed to let it run uninterrupted.
  • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so.
    When the scan starts, OTL may appear to be frozen while it runs. Please be patient.
When the scan completes, it will open a notepad windows. OTL.Txt. This will be saved in the same location as OTL. (desktop)
Please copy (Edit->Select All, Edit->Copy) the contents of OTL.txt, and post as a reply. Use separate replies if more convenient.
---------------------------------------------
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchnu
    Searchqu
    iLivid
    whitesmoke
    datamngr
    kelkoopartners
    trolltech
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The results log can also be found on your Desktop, entitled SystemLook.txt

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: www.searchnu.com/421 problem

Unread postby pshaw1993 » September 2nd, 2012, 1:05 pm

Hello askey127,

The "www.searchnu.com/421 showed up with the FireFox browser.

I was able to generate the RKreport.txt but after installing OTL and doing the "Run Scan" it seems to be frozen on "Scanning FireFox Settings...." When I hover the cursor over the OTL box the hour glass shows. This has been going on for about 4 hours. Is it suppose to be this long?

pshaw1993
pshaw1993
Regular Member
 
Posts: 28
Joined: May 26th, 2012, 10:32 pm

Re: www.searchnu.com/421 problem

Unread postby askey127 » September 2nd, 2012, 2:20 pm

pshaw1993,
Please post the RogueKiller report, and the results from Systemlook.
Then we will decide what scanner to use.
Thx,
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: www.searchnu.com/421 problem

Unread postby pshaw1993 » September 2nd, 2012, 3:42 pm

Hello askey127,

Here are the logs you asked for:

SystemLook 30.07.11 by jpshortstuff
Log created at 15:37 on 02/09/2012 by Administrator
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchnu*"
No files found.

Searching for "*Searchqu*"
No files found.

Searching for "*iLivid*"
No files found.

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
No files found.

Searching for "*trolltech*"
No files found.

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchnu*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
No folders found.

Searching for "*trolltech*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchnu"
No data found.

Searching for "Searchqu"
No data found.

Searching for "iLivid"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
No data found.

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
No data found.

-= EOF =-

***********************************************************************************
RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Administrator [Admin rights]
Mode : Scan -- Date : 09/02/2012 09:02:18

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] VZWNotiAgent.exe -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 2 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Run : BYR_AGENT (C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[25] : NtClose @ 0x805BC564 -> HOOKED (Unknown @ 0x9AFD8F3C)
SSDT[41] : NtCreateKey @ 0x80624006 -> HOOKED (Unknown @ 0x9AFD8EF6)
SSDT[50] : NtCreateSection @ 0x805AB3FC -> HOOKED (Unknown @ 0x9AFD8F46)
SSDT[53] : NtCreateThread @ 0x805D1068 -> HOOKED (Unknown @ 0x9AFD8EEC)
SSDT[63] : NtDeleteKey @ 0x806244A2 -> HOOKED (Unknown @ 0x9AFD8EFB)
SSDT[65] : NtDeleteValueKey @ 0x80624672 -> HOOKED (Unknown @ 0x9AFD8F05)
SSDT[68] : NtDuplicateObject @ 0x805BE03C -> HOOKED (Unknown @ 0x9AFD8F37)
SSDT[98] : NtLoadKey @ 0x8062622A -> HOOKED (Unknown @ 0x9AFD8F0A)
SSDT[122] : NtOpenProcess @ 0x805CB486 -> HOOKED (Unknown @ 0x9AFD8ED8)
SSDT[128] : NtOpenThread @ 0x805CB712 -> HOOKED (Unknown @ 0x9AFD8EDD)
SSDT[177] : NtQueryValueKey @ 0x8062222A -> HOOKED (Unknown @ 0x9AFD8F5F)
SSDT[193] : NtReplaceKey @ 0x806260DA -> HOOKED (Unknown @ 0x9AFD8F14)
SSDT[200] : NtRequestWaitReplyPort @ 0x805A2DAA -> HOOKED (Unknown @ 0x9AFD8F50)
SSDT[204] : NtRestoreKey @ 0x806259E6 -> HOOKED (Unknown @ 0x9AFD8F0F)
SSDT[213] : NtSetContextThread @ 0x805D2C4A -> HOOKED (Unknown @ 0x9AFD8F4B)
SSDT[237] : NtSetSecurityObject @ 0x805C0662 -> HOOKED (Unknown @ 0x9AFD8F55)
SSDT[247] : NtSetValueKey @ 0x80622578 -> HOOKED (Unknown @ 0x9AFD8F00)
SSDT[255] : NtSystemDebugControl @ 0x80617FDA -> HOOKED (Unknown @ 0x9AFD8F5A)
SSDT[257] : NtTerminateProcess @ 0x805D2308 -> HOOKED (Unknown @ 0x9AFD8EE7)
S_SSDT[549] : Unknown -> HOOKED (Unknown @ 0x9AFD8F6E)
S_SSDT[552] : Unknown -> HOOKED (Unknown @ 0x9AFD8F73)

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST380815AS +++++
--- User ---
[MBR] d8c327d760812efc635b81cc96829898
[BSP] e172f23372b80bfb6505b8c92870b8e0 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 76317 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt
pshaw1993
Regular Member
 
Posts: 28
Joined: May 26th, 2012, 10:32 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 51 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware