by ihatemalware8 » April 26th, 2011, 12:50 pm
here's part of my systemlook log, it turned into a 1.5mb txt file because it was so long. i think a lot of the entries are from my spybot s&d and javacool spyware blaster's restricted domains list. However I took a quick peek at the beginning and there is still some searchqu stuff. if you want to see the whole list i can upload it somewhere and you can download the txt file.
ystemLook 04.09.10 by jpshortstuff
Log created at 12:05 on 26/04/2011 by Joan
Administrator - Elevation successful
========== regfind ==========
Searching for "www.search-results.com"
No data found.
Searching for "search-results.com"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mysearch-results.com]
[HKEY_USERS\S-1-5-21-2350576119-2956720047-572655467-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mysearch-results.com]
Searching for "search results"
No data found.
Searching for "search"
[HKEY_CURRENT_USER\AppEvents\EventLabels\SearchProviderDiscovered]
[HKEY_CURRENT_USER\AppEvents\EventLabels\SearchProviderDiscovered]
@="Search Provider Discovered"
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\SearchProviderDiscovered]
[HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\9.0\FindSearch]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\searchqutoolbar]
[HKEY_CURRENT_USER\Software\DataMngr\Files\Homepage]
"Value"="http://www.searchqu.com/406"
[HKEY_CURRENT_USER\Software\DataMngr\Files\Homepage]
"DefaultValue"="user_pref("browser.startup.homepage", "http://www.searchqu.com/406");"
[HKEY_CURRENT_USER\Software\DataMngr\Files\SelectedSearch]
[HKEY_CURRENT_USER\Software\DataMngr\Files\SelectedSearch]
"Value"="Web Search"
[HKEY_CURRENT_USER\Software\DataMngr\Files\SelectedSearch]
"Message"="search engine"
[HKEY_CURRENT_USER\Software\DataMngr\Files\UrlbarSearch]
[HKEY_CURRENT_USER\Software\DataMngr\Files\UrlbarSearch]
"Value"="http://www.searchqu.com/web?src=ffb&systemid=406&q="
[HKEY_CURRENT_USER\Software\DataMngr\Files\UrlbarSearch]
"Message"="search engine"
[HKEY_CURRENT_USER\Software\DataMngr\Files\UrlbarSearch]
"DefaultValue"="user_pref("keyword.URL", "http://www.searchqu.com/web?src=ffb&systemid=406&q=");"
[HKEY_CURRENT_USER\Software\DataMngr\Files\UrlbarSearch]
"Name"="FFUrlbar search"
[HKEY_CURRENT_USER\Software\DataMngr\List\Item1]
"Key"="Software\Microsoft\Internet Explorer\SearchScopes"
[HKEY_CURRENT_USER\Software\DataMngr\List\Item1]
"Message"="search engine"
[HKEY_CURRENT_USER\Software\DataMngr\List\Item2]
"Value"="http://www.searchqu.com/406"
[HKEY_CURRENT_USER\Software\Microsoft\IAM\Accounts\Active Directory GC]
"LDAP Search Base"="NULL"
[HKEY_CURRENT_USER\Software\Microsoft\IAM\Accounts\VeriSign]
"LDAP Search Base"="NULL"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{486D7793-3043-488C-A39B-B676A05F9FBB}]
"URL"="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{486D7793-3043-488C-A39B-B676A05F9FBB}]
"SuggestionsURLFallback"="http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{486D7793-3043-488C-A39B-B676A05F9FBB}]
"FaviconPath"="C:\Users\Joan\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{486D7793-3043-488C-A39B-B676A05F9FBB}.ico"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]
"DisplayName"="Web Search"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]
"URL"="http://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]
"ShowSearchSuggestions"="1"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&systemid=406&qu={searchTerms}&ft=json"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8B1A8E36-C6C3-4461-8966-2BDE0BA6E4F8}]
"URL"="http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8B1A8E36-C6C3-4461-8966-2BDE0BA6E4F8}]
"SuggestionsURLFallback"="http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}§ionHeight={ie:sectionHeight}&FORM=IE8SSC&market={language}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8B1A8E36-C6C3-4461-8966-2BDE0BA6E4F8}]
"FaviconPath"="C:\Users\Joan\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{8B1A8E36-C6C3-4461-8966-2BDE0BA6E4F8}.ico"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AB0EC67F-D6F8-4DCC-8619-E966207B336E}]
"FaviconPath"="C:\Users\Joan\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{AB0EC67F-D6F8-4DCC-8619-E966207B336E}.ico"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Common\Research]
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Common\Research\Sources\{81F95CF7-A582-402A-AE2F-CEA901D4207E}]
"QueryPath"="http://integrate.factiva.com/research/query.asmx"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Common\Research\Sources\{81F95CF7-A582-402A-AE2F-CEA901D4207E}]
"RegistrationPath"="http://integrate.factiva.com/research/query.asmx"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Common\Research\Sources\{81F95CF7-A582-402A-AE2F-CEA901D4207E}\{E76BCF9F-AFE3-4509-BF75-F0187BF195C5}]
"AboutPath"="http://www.factiva.com/en/research"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Common\Research\Sources\{88686849-2DD9-474D-9300-778E3336FA5D}]
"QueryPath"="http://office.microsoft.com/Research/query.asmx"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Common\Research\Sources\{88686849-2DD9-474D-9300-778E3336FA5D}]
"RegistrationPath"="http://office.microsoft.com/Research/query.asmx"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Common\Research\Sources\{88686849-2DD9-474D-9300-778E3336FA5D}\{05EA20D9-18DC-4446-A9F8-F6C5161357CE}]
"Description"="Provides the latest price information, news, research, and analysis tools for stocks and funds."
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Common\Research\Sources\{88686849-2DD9-474D-9300-778E3336FA5D}\{19BC3378-2319-4C50-990A-17600534DFF9}]
"ServiceName"="Local Address Search (Korean)"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Common\Research\Sources\{88686849-2DD9-474D-9300-778E3336FA5D}\{2EF9BA38-C64D-4D08-8287-EB9B2F34D0E9}]
"Description"="Provides the latest price information, news, research, and analysis tools for stocks and funds."
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Common\Research\Sources\{88686849-2DD9-474D-9300-778E3336FA5D}\{3025A91E-BDA1-4AFC-93A0-C8FFA8ED2003}]
"ServiceName"="Live Search Singapore"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Common\Research\Sources\{88686849-2DD9-474D-9300-778E3336FA5D}\{3025A91E-BDA1-4AFC-93A0-C8FFA8ED2003}]
"Description"="Use the Bing service to search for web results relevant to your query."
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Common\Research\Sources\{88686849-2DD9-474D-9300-778E3336FA5D}\{367320E9-4519-4DA9-B378-7D558B634090}]
"ServiceName"="Live Search Canada: French"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Common\Research\Sources\{88686849-2DD9-474D-9300-778E3336FA5D}\{367320E9-4519-4DA9-B378-7D558B634090}]
"Description"="Use the Bing service to search for web results relevant to your query."
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Common\Research\Sources\{88686849-2DD9-474D-9300-778E3336FA5D}\{431EDE57-B54B-49FB-A944-76201F746749}]
"Description"="Provides the latest price information, news, research, and analysis tools for stocks and funds."
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Common\Research\Sources\{88686849-2DD9-474D-9300-778E3336FA5D}\{585D6C55-32A2-4E14-B287-5B0BA7088E00}]
"ServiceName"="Live Search Canada"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Common\Research\Sources\{88686849-2DD9-474D-9300-778E3336FA5D}\{585D6C55-32A2-4E14-B287-5B0BA7088E00}]
"Description"="Use the Bing service to search for web results relevant to your query."
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Common\Research\Sources\{88686849-2DD9-474D-9300-778E3336FA5D}\{5B6013C8-5C36-47D4-9AC0-22DBC558E5CB}]
"ServiceName"="Live Search India"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Common\Research\Sources\{88686849-2DD9-474D-9300-778E3336FA5D}\{5B6013C8-5C36-47D4-9AC0-22DBC558E5CB}]
"Description"="Use the Bing service to search for web results relevant to your query."
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Common\Research\Sources\{88686849-2DD9-474D-9300-778E3336FA5D}\{5ECE69BA-86F3-43F1-B120-E16447CBD2F7}]
"Description"="Use the Bing service to search for web results relevant to your query."
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Common\Research\Sources\{88686849-2DD9-474D-9300-778E3336FA5D}\{67D50A84-401A-42C1-801A-029435E34615}]
"Description"="Provides the latest price information, news, research, and analysis tools for stocks and funds."
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Common\Research\Sources\{88686849-2DD9-474D-9300-778E3336FA5D}\{6AEF5596-203D-4817-A17B-8A4810BF5D33}]
"Description"="Provides the latest price information, news, research, and analysis tools for stocks and funds."
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Common\Research\Sources\{88686849-2DD9-474D-9300-778E3336FA5D}\{818435D0-0F60-401D-A48D-C677372AA835}]
"ServiceName"="Live Search Australia"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Common\Research\Sources\{88686849-2DD9-474D-9300-778E3336FA5D}\{818435D0-0F60-401D-A48D-C677372AA835}]
"Description"="Use the Bing service to search for web results relevant to your query."
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Common\Research\Sources\{88686849-2DD9-474D-9300-778E3336FA5D}\{89B7F815-F3B1-4E57-8AFE-31FE4F5A05F4}]
"ServiceName"="Live Search U.K."
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Common\Research\Sources\{88686849-2DD9-474D-9300-778E3336FA5D}\{89B7F815-F3B1-4E57-8AFE-31FE4F5A05F4}]
"Description"="Use the Bing service to search for web results relevant to your query."
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Common\Research\Sources\{88686849-2DD9-474D-9300-778E3336FA5D}\{934E2429-BC83-4FFB-B3A2-6761EC6870DE}]
"ServiceName"="Live Search South Africa"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Common\Research\Sources\{88686849-2DD9-474D-9300-778E3336FA5D}\{934E2429-BC83-4FFB-B3A2-6761EC6870DE}]
"Description"="Use the Bing service to search for web results relevant to your query."
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Common\Research\Sources\{88686849-2DD9-474D-9300-778E3336FA5D}\{A9167F26-9553-416D-B94E-1F6D9A2EEC3C}]
"Description"="Provides the latest price information, news, research, and analysis tools for stocks and funds."
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Common\Research\Sources\{88686849-2DD9-474D-9300-778E3336FA5D}\{AE88164D-E0DF-4BC6-9B31-4399E9B4E5C5}]
"ServiceName"="Live Search New Zealand"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Common\Research\Sources\{88686849-2DD9-474D-9300-778E3336FA5D}\{AE88164D-E0DF-4BC6-9B31-4399E9B4E5C5}]
"Description"="Use the Bing service to search for web results relevant to your query."
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Common\Research\Sources\{88686849-2DD9-474D-9300-778E3336FA5D}\{C8AB1768-BC24-4789-B87B-33ABA88A8975}]
"ServiceName"="Live Search Malaysia"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Common\Research\Sources\{88686849-2DD9-474D-9300-778E3336FA5D}\{C8AB1768-BC24-4789-B87B-33ABA88A8975}]
"Description"="Use the Bing service to search for web results relevant to your query."
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Common\Research\Sources\{88686849-2DD9-474D-9300-778E3336FA5D}\{C8DF8ECA-78C5-4073-88D0-A24585AB987A}]
"Description"="Provides the latest price information, news, research, and analysis tools for stocks and funds."
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Common\Research\Sources\{88686849-2DD9-474D-9300-778E3336FA5D}\{DA0B6D82-B161-4190-8878-AA5D07F94C9F}]
"Description"="Provides the latest price information, news, research, and analysis tools for stocks and funds."
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Common\Research\Sources\{88686849-2DD9-474D-9300-778E3336FA5D}\{E13847DA-E186-427A-94D0-AA01163D80CE}]
"Description"="Provides the latest price information, news, research, and analysis tools for stocks and funds."
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Common\Research\Sources\{88686849-2DD9-474D-9300-778E3336FA5D}\{ED0B84FD-3B80-47DF-AFA9-8B54E8BFEA2F}]
"ServiceName"="Live Search U.S.: Spanish"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Common\Research\Sources\{88686849-2DD9-474D-9300-778E3336FA5D}\{ED0B84FD-3B80-47DF-AFA9-8B54E8BFEA2F}]
"Description"="Use the Bing service to search for web results relevant to your query."
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Common\Research\Sources\{88686849-2DD9-474D-9300-778E3336FA5D}\{FBEEEE40-FB96-4A4B-9D02-D293FF69FC07}]
"Description"="Provides the latest price information, news, research, and analysis tools for stocks and funds."
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Common\Research\Sources\{C818DC43-F71C-11D6-9039-00B0D019A5D1}]
"ProviderName"="HighBeam Research, Inc."
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Common\Research\Sources\{C818DC43-F71C-11D6-9039-00B0D019A5D1}\{C818DC43-F71C-11D6-9039-00B0D019A5D1}]
"ServiceName"="HighBeam (TM) Research"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Common\Research\Sources\{C818DC43-F71C-11D6-9039-00B0D019A5D1}\{C818DC43-F71C-11D6-9039-00B0D019A5D1}]
"TermsOfUse"="Copyright (c) 2004 Highbeam Research, Inc."
[HKEY_CURRENT_USER\Software\Microsoft\Search Enhancement Pack]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu 406 MediaBar]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.search-ms]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Search]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Search\ScopeList]
"a"="C:\Users\Joan\Searches\Everywhere.search-ms"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Search\ScopeList]
"b"="C:\Users\Joan\Searches\Indexed Locations.search-ms"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SearchPlatform]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SearchPlatform\Preferences]
"BreadCrumbBarSearchDefault"="MSNSearch"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SearchPlatform\Preferences]
"IEAddressBarSearchDefault"="MSNSearch"