Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

SearchQu has taken over all my browsers...

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

SearchQu has taken over all my browsers...

Unread postby chriskendall » November 20th, 2011, 7:47 pm

hxxp://www.searchqu.com/102 has taken over all my browsers and their settings. Really appreciate some help to get rid of it, here's the logs:


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 10.0.0
Run by Chris Kendall at 23:38:27 on 2011-11-20
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.3002.1486 [GMT 0:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\STacSV.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\dlbtcoms.exe
C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\SMINST\BLService.exe
C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Giraffic\Veoh_Giraffic.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kaspersky Security Scan\KSS.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Users\Chris Kendall\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Users\Chris Kendall\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Chris Kendall\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.searchqu.com/102
uDefault_Page_URL =
mDefault_Page_URL =
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Veoh Web Player Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - c:\program files\veoh_web_player\prxtbVeo0.dll
mURLSearchHooks: Veoh Web Player Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - c:\program files\veoh_web_player\prxtbVeo0.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\5.1.0.29\ips\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi9130~1\datamngr\toolbar\searchqudtx.dll
BHO: DataMngr: {9d717f81-9148-4f12-8568-69135f087db0} - c:\progra~1\wi9130~1\datamngr\BROWSE~1.DLL
BHO: Veoh Web Player Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - c:\program files\veoh_web_player\prxtbVeo0.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll
TB: Veoh Web Player Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - c:\program files\veoh_web_player\prxtbVeo0.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi9130~1\datamngr\toolbar\searchqudtx.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [DATAMNGR] c:\progra~1\wi9130~1\datamngr\DATAMN~1.EXE
StartupFolder: c:\users\chrisk~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\chris kendall\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\chrisk~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\kasper~1.lnk - c:\program files\kaspersky security scan\KSS.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\chris kendall\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{1ACB099C-4DEA-4D3B-8C67-83A8FB76EFB7} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{3CB121FE-93DE-4EBF-92D7-B381A237E9D1} : DhcpNameServer = 192.168.2.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\windows\system32\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\wi9130~1\datamngr\datamngr.dll c:\progra~1\wi9130~1\datamngr\IEBHO.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\chris kendall\appdata\roaming\mozilla\firefox\profiles\pcu2ktj1.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Search Results
FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/102
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ff ... 02&sr=0&q=
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\chris kendall\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\users\chris kendall\appdata\roaming\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\users\chris kendall\appdata\roaming\facebook\npfbplugin_1_0_3.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0501000.01d\SymDS.sys [2011-5-30 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0501000.01d\SymEFA.sys [2011-5-30 744568]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\bashdefs\20111114.002\BHDrvx86.sys [2011-11-14 819320]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\ipsdefs\20111118.030\IDSvix86.sys [2011-11-19 368248]
R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [2010-2-26 390528]
R1 RapportCerberus_32301;RapportCerberus_32301;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_32301.sys [2011-11-7 227312]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-11-7 71440]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-11-7 164112]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0501000.01d\Ironx86.sys [2011-5-30 136312]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0501000.01d\symtdiv.sys [2011-5-30 331384]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_fa807195\AEstSrv.exe [2009-4-12 81920]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files\giraffic\veoh_girafficwatchdog.exe --service --> c:\program files\giraffic\Veoh_GirafficWatchdog.exe --service [?]
R2 N360;Norton 360;c:\program files\norton 360\engine\5.1.0.29\ccSvcHst.exe [2011-5-30 130008]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-11-7 931640]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2009-2-25 365952]
R2 Start BT in service;Start BT in service;c:\program files\ivt corporation\bluesoleil\StartSkysolSvc.exe [2008-3-19 51816]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-2-25 222512]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-11-9 106104]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-9-22 112128]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-5-31 27632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-12 136176]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2010-5-31 13224]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-12 136176]
S3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\28896\RapportIaso.sys [2011-8-7 21520]
S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-11-7 56208]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-11-20 12:17:48 -------- d-----w- c:\users\chris kendall\appdata\local\jZip
2011-11-20 12:17:18 -------- d-----w- c:\program files\Windows Searchqu Toolbar
2011-11-20 12:17:06 -------- d-----w- c:\program files\jZip
2011-11-14 22:37:56 -------- d-----w- c:\program files\iPod
2011-11-09 22:32:27 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-11-09 22:32:23 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 22:32:19 707584 ----a-w- c:\program files\common files\system\wab32.dll
2011-11-07 21:28:38 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-10-30 16:33:22 -------- d-----w- c:\windows\pss
2011-10-30 15:56:00 -------- d-----w- c:\users\chris kendall\appdata\roaming\WinPatrol
2011-10-30 15:55:45 -------- d-----w- c:\program files\BillP Studios
2011-10-24 14:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 14:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
==================== Find3M ====================
.
2011-09-06 13:30:12 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-09-02 13:39:07 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-30 22:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-30 22:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-30 22:05:04 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-08-25 16:15:04 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-08-25 16:14:01 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-25 16:14:01 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-08-25 13:31:01 4096 ----a-w- c:\windows\system32\oleaccrc.dll
.
============= FINISH: 23:40:50.03 ===============










.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume1
Install Date: 12/04/2009 11:33:37
System Uptime: 20/11/2011 23:28:24 (0 hours ago)
.
Motherboard: Quanta | | 3069
Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz | CPU | 1200/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 139 GiB total, 81.93 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 1.744 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP379: 03/11/2011 23:18:30 - Scheduled Checkpoint
RP381: 04/11/2011 06:48:49 - Installed Rapport
RP382: 10/11/2011 07:11:43 - Windows Update
RP384: 11/11/2011 06:54:46 - Installed Rapport
RP385: 11/11/2011 06:58:44 - Windows Update
RP386: 20/11/2011 00:17:08 - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.1)
Adobe Shockwave Player
Amazon Kindle
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Driver Installation Program
Audacity 1.3.13 (Unicode)
blinkx beat
Bluesoleil2.7.0.35 VoIP Release 080317
Bonjour
BufferChm
C4600
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite
CyberLink YouCam
Dell Driver Download Manager
Destinations
DeviceDiscovery
DivX Setup
Dropbox
ESU for Microsoft Vista
Facebook Plug-In
FotoSketcher 2.10
Free Metronome V.1.00
Free YouTube to MP3 Converter version 3.10.11.923
Google Chrome
Google Earth
Google Update Helper
GPBaseService2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Common Access Service Library
HP Customer Experience Enhancements
HP Customer Participation Program 13.0
HP DVD Play 3.7
HP Help and Support
HP Imaging Device Functions 13.0
HP Photosmart C4600 All-In-One Driver Software 13.0 Rel .5
HP Print Projects 1.0
HP Quick Launch Buttons 6.40 M1
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Total Care Advisor
HP Total Care Setup
HP Update
HP User Guides 0138
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
HPPhotoGadget
hpPrintProjects
HPProductAssistant
hpWLPGInstaller
IDT Audio
Intel(R) Graphics Media Accelerator Driver
iTunes
Java Auto Updater
Java(TM) 7
jZip
Kaspersky Security Scan
LAME v3.98.2 for Audacity
LightScribe System Software 1.14.17.1
Malwarebytes' Anti-Malware version 1.51.0.1200
MarketResearch
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MobileMe Control Panel
Mozilla Firefox 7.0.1 (x86 en-GB)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
muvee Reveal
Norton 360
PDF Text Reader
Power2Go
PS_AIO_05_C4600_Software_Min
QuickTime
Rapport
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek USB 2.0 Card Reader
RealUpgrade 1.1
Safari
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype™ 3.8
SmartWebPrinting
SolutionCenter
Status
Synaptics Pointing Device Driver
Toolbox
TrayApp
TweetDeck
Uninstall 1.0.0.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Service
VC80CRTRedist - 8.0.50727.6195
Veoh Giraffic Video Accelerator
Veoh Web Player Toolbar
WebReg
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Player Firefox Plugin
Windows Searchqu Toolbar
WinZip 15.5
Yahoo! Detect
.
==== End Of File ===========================
Last edited by Cypher on November 21st, 2011, 11:13 am, edited 1 time in total.
Reason: Disabled URL
chriskendall
Regular Member
 
Posts: 17
Joined: July 6th, 2011, 5:39 am
Advertisement
Register to Remove

Re: SearchQu has taken over all my browsers...

Unread postby pgmigg » November 20th, 2011, 9:03 pm

Hello chriskendall,

Welcome to the forum! :)

My name is pgmigg and I'll be helping you with any malware problems.

Currently I am working under the guidance of the MRU teachers and everything I post to you, must first be approved by them.
This additional review process can add some extra time to my responses, but I will post back with instructions for you as soon as possible.


Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your log and will return, as soon as possible, with additional instructions. In the meantime...
Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf, you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: SearchQu has taken over all my browsers...

Unread postby pgmigg » November 22nd, 2011, 12:21 am

Hello chriskendall,

Thank you for your patience... :)

Yes, there's definitely signs of searchqu in your logs, and probably others that are not detected by DDS.

For safety reason (to have a good registry to restore if needed), I will ask you to create a System Restore Point (SRP) before each of my instructions sets...

Step 0.
Create System Restore Point
  1. Right-click on Computer and select Properties.
  2. In the left pane under Tasks please click System protection.
    If UAC prompts for an administrator password or approval, type the password or give your "permission to continue".
  3. Select System Protection, then choose Create.
  4. In the System Restore dialog box, type a description for the restore point and then click Create again.
    A window will pop up with "The Restore Point was created successfully" confirmation message.
  5. Click OK, then close the System Restore dialog.

If you have successfully created a System Restore Point... we can proceed.
If you have NOT successfully created a System Restore Point... do not go any further!
Please post back so we can determine why it was unsuccessful.


Step 1.
OTL - Download
Please download OTL.exe by Old Timer and save it to your Desktop.

OTL - Run Fix Script
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Copy and Paste the following code into the Image text box. Do not include the word Code
    Code: Select all
    :processes
    killallprocesses
    
    :Reg
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Start Page"=-
    [-HKEY_CURRENT_USER\Software\AppDataLow\Software\searchqutoolbar]
    [-HKEY_CURRENT_USER\Software\DataMngr]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bandoo]
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu 406 MediaBar]
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\menuorder\start menu2\programs\bandoo]
    [-HKEY_CURRENT_USER\Software\Trolltech]
    [-HKEY_CURRENT_USER\Software\ilivid]
    [-HKEY_CURRENT_USER\Software\searchqutoolbar]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Bandoo]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BandooCore.EXE]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1.exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore.1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr.1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr.1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr.1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\ilivid.exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASMANCS]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\SearchquMediabarTb]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{b543ef05-9758-464e-9f37-4c28525b4a4c}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{8f5f1cb6-ea9e-40af-a5ca-c7fd63cc1971}\1.0]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\currentversion\app management\arpcache\searchqu 406 mediabar]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{a40dc6c5-79d0-4ca8-a185-8ff989af1115}\inprocserver32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{cc1ac828-bb47-4361-afb5-96eee259dd87}\inprocserver32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{fefd3af5-a346-4451-aa23-a3ad54915515}\inprocserver32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{5b4144e1-b61d-495a-9a50-cd1a95d86d15}\1.0]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{6a4bcaba-c437-4c76-a54e-af31b8a76cb9}\1.0]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{841d5a49-e48d-413c-9c28-eb3d9081d705}\1.0]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet explorer\low rights\elevationpolicy\{99079a25-328f-4bd4-be04-00955acaa0a7}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet explorer\low rights\elevationpolicy\{d0a4be92-2216-42db-ab35-d72efb9f0176}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\shared tools\msconfig\startupreg\datamngr]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}]
    
    :Files
    %APPDATA%\Mozilla\Firefox\Profiles\SearchquWebSearch.xml /S
    %APPDATA%\Mozilla\Firefox\Profiles\searchqutoolbar /S
    %APPDATA%\Mozilla\Firefox\Profiles\{99079a25-328f-4bd4-be04-00955acaa0a7} /S
    %APPDATA%\Microsoft\Windows\Cookies\*@sweetim[1].txt
    %APPDATA%\Microsoft\Windows\Cookies\Low\*@ilivid[1].txt
    %APPDATA%\Microsoft\Windows\Cookies\Low\*@ilivid[2].txt
    %APPDATA%\Microsoft\Windows\Cookies\Low\*@searchqu[1].txt
    %APPDATA%\Microsoft\Windows\Cookies\Low\*@searchqu[2].txt
    %APPDATA%\Microsoft\Windows\Cookies\Low\*@stats.ilivid[1].txt
    %APPDATA%\Microsoft\Windows\Cookies\Low\*@sweetim[1].txt
    %APPDATA%\Microsoft\Windows\Cookies\Low\*@www.sweetim[2].txt
    %APPDATA%\Microsoft\Windows\Cookies\Low\*@www.sweetim[3].txt
    %LOCALAPPDATA%\Ilivid Player /S
    %LOCALAppData%\Microsoft\Windows\Temporary Internet Files\Content.IE5\iLividSetupV1.exe /S
    %LOCALAppData%\Microsoft\Windows\Temporary Internet Files\Content.IE5\ilivid[1].7z /S
    %LOCALAppData%\Microsoft\Windows\Temporary Internet Files\Content.IE5\SetupDataMngr_Searchqu[1].exe /S
    %LOCALAppData%\Microsoft\Windows\Temporary Internet Files\Content.IE5\SweetImSetup.exe /S
    %LOCALAppData%\Microsoft\Windows\Temporary Internet Files\Content.IE5\BandooV6[1].exe /S
    %LOCALAppData%\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\searchqu_net[1].htm /S
    %TEMP%\BandooFiles
    %TEMP%\BandooV6.exe
    %TEMP%\SetupDataMngr_Searchqu.exe
    %TEMP%\SweetIMReinstall
    %TEMP%\SweetIMReinstall\SweetImSetup.exe
    %TEMP%\ilivid.7z
    %TEMP%\searchqu.ini
    %TEMP%\searchqutoolbar-manifest.xml
    %USERPROFILE%\AppData\LocalLow\searchquband
    %USERPROFILE%\AppData\LocalLow\searchqutoolbar
    %USERPROFILE%\Downloads\SweetImSetup.exe
    %USERPROFILE%\Downloads\iLividSetupV1.exe
    C:\Program Files\Windows iLivid Toolbar
    C:\Program Files\iLivid
    C:\Windows\Prefetch\ILIVID*
    C:\Windows\Prefetch\SEARCHQUMEDIABAR*
    C:\Windows\Prefetch\SETUPDATAMNGR*
    
    :Commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    [Reboot]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. When the scan completes, Notepad will open with the scan results (OTL.txt). The report is saved in the same location as OTL.
  8. Please post the contents of report in your next reply.

Step 2.
SystemLook
Please download SystemLook.exe by jpshortstuff and save it to your Desktop.
Alternate download site.
  1. Double-click SystemLook.exe to run it.
    If you receive an "Open file - security warning"... asking "Do you want to run this file?", press the Run button.
  2. Highlight and copy the following entries: into SystemLook's main text entry window.
    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchqu
    iLivid
    whitesmoke
    datamngr
    kelkoopartners
    trolltech
    
  3. Press the Look button to start the scan.
    When finished, a Notepad window will open with the results of the scan.
    A file will be created (on your Desktop) with the results of the scan, named SystemLook.txt
  4. Please post the contents of the SystemLook.txt file in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of OTL.txt created after OTL fix
  3. Contents of SystemLook.txt log file
  4. Do you see any changes in computer behavior?

Thanks,
pgmigg
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: SearchQu has taken over all my browsers...

Unread postby chriskendall » November 22nd, 2011, 3:06 pm

Hello, many thanks for your help! Here are the logs you require:

All processes killed
========== PROCESSES ==========
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page deleted successfully.
Registry key HKEY_CURRENT_USER\Software\AppDataLow\Software\searchqutoolbar\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\DataMngr\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bandoo\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu 406 MediaBar\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\menuorder\start menu2\programs\bandoo\ not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\ilivid\ not found.
Registry key HKEY_CURRENT_USER\Software\searchqutoolbar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Bandoo\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BandooCore.EXE\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1301A8A5-3DFB-4731-A162-B357D00C9644}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477F210A-2A86-4666-9C4B-1189634D2C84}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF871E51-2655-4D06-AED5-745962A96B32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f000001-db8e-f89c-2fec-49bf726f8c12}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9189560-573A-4fde-B055-AE7B0F4CF080}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\ilivid.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASAPI32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASMANCS\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\SearchquMediabarTb\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{b543ef05-9758-464e-9f37-4c28525b4a4c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b543ef05-9758-464e-9f37-4c28525b4a4c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{8f5f1cb6-ea9e-40af-a5ca-c7fd63cc1971}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\currentversion\app management\arpcache\searchqu 406 mediabar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{a40dc6c5-79d0-4ca8-a185-8ff989af1115}\inprocserver32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{cc1ac828-bb47-4361-afb5-96eee259dd87}\inprocserver32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{fefd3af5-a346-4451-aa23-a3ad54915515}\inprocserver32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{5b4144e1-b61d-495a-9a50-cd1a95d86d15}\1.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{6a4bcaba-c437-4c76-a54e-af31b8a76cb9}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{841d5a49-e48d-413c-9c28-eb3d9081d705}\1.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet explorer\low rights\elevationpolicy\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet explorer\low rights\elevationpolicy\{d0a4be92-2216-42db-ab35-d72efb9f0176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0a4be92-2216-42db-ab35-d72efb9f0176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\shared tools\msconfig\startupreg\datamngr\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
========== FILES ==========
File/Folder C:\Users\Chris Kendall\AppData\Roaming\Mozilla\Firefox\Profiles\SearchquWebSearch.xml not found.
C:\Users\Chris Kendall\AppData\Roaming\Mozilla\Firefox\Profiles\pcu2ktj1.default\searchqutoolbar folder moved successfully.
C:\Users\Chris Kendall\AppData\Roaming\Mozilla\Firefox\Profiles\pcu2ktj1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components folder moved successfully.
C:\Users\Chris Kendall\AppData\Roaming\Mozilla\Firefox\Profiles\pcu2ktj1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\searchbar folder moved successfully.
C:\Users\Chris Kendall\AppData\Roaming\Mozilla\Firefox\Profiles\pcu2ktj1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\options folder moved successfully.
C:\Users\Chris Kendall\AppData\Roaming\Mozilla\Firefox\Profiles\pcu2ktj1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Users\Chris Kendall\AppData\Roaming\Mozilla\Firefox\Profiles\pcu2ktj1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Users\Chris Kendall\AppData\Roaming\Mozilla\Firefox\Profiles\pcu2ktj1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Users\Chris Kendall\AppData\Roaming\Mozilla\Firefox\Profiles\pcu2ktj1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Users\Chris Kendall\AppData\Roaming\Mozilla\Firefox\Profiles\pcu2ktj1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa folder moved successfully.
C:\Users\Chris Kendall\AppData\Roaming\Mozilla\Firefox\Profiles\pcu2ktj1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images folder moved successfully.
C:\Users\Chris Kendall\AppData\Roaming\Mozilla\Firefox\Profiles\pcu2ktj1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\css folder moved successfully.
C:\Users\Chris Kendall\AppData\Roaming\Mozilla\Firefox\Profiles\pcu2ktj1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio folder moved successfully.
C:\Users\Chris Kendall\AppData\Roaming\Mozilla\Firefox\Profiles\pcu2ktj1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images folder moved successfully.
C:\Users\Chris Kendall\AppData\Roaming\Mozilla\Firefox\Profiles\pcu2ktj1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Users\Chris Kendall\AppData\Roaming\Mozilla\Firefox\Profiles\pcu2ktj1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images folder moved successfully.
C:\Users\Chris Kendall\AppData\Roaming\Mozilla\Firefox\Profiles\pcu2ktj1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\css folder moved successfully.
C:\Users\Chris Kendall\AppData\Roaming\Mozilla\Firefox\Profiles\pcu2ktj1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default folder moved successfully.
C:\Users\Chris Kendall\AppData\Roaming\Mozilla\Firefox\Profiles\pcu2ktj1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\css folder moved successfully.
C:\Users\Chris Kendall\AppData\Roaming\Mozilla\Firefox\Profiles\pcu2ktj1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels folder moved successfully.
C:\Users\Chris Kendall\AppData\Roaming\Mozilla\Firefox\Profiles\pcu2ktj1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib folder moved successfully.
C:\Users\Chris Kendall\AppData\Roaming\Mozilla\Firefox\Profiles\pcu2ktj1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin folder moved successfully.
C:\Users\Chris Kendall\AppData\Roaming\Mozilla\Firefox\Profiles\pcu2ktj1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.PPCBully folder moved successfully.
C:\Users\Chris Kendall\AppData\Roaming\Mozilla\Firefox\Profiles\pcu2ktj1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets folder moved successfully.
C:\Users\Chris Kendall\AppData\Roaming\Mozilla\Firefox\Profiles\pcu2ktj1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\modules folder moved successfully.
C:\Users\Chris Kendall\AppData\Roaming\Mozilla\Firefox\Profiles\pcu2ktj1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib folder moved successfully.
C:\Users\Chris Kendall\AppData\Roaming\Mozilla\Firefox\Profiles\pcu2ktj1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\data\search folder moved successfully.
C:\Users\Chris Kendall\AppData\Roaming\Mozilla\Firefox\Profiles\pcu2ktj1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\data folder moved successfully.
C:\Users\Chris Kendall\AppData\Roaming\Mozilla\Firefox\Profiles\pcu2ktj1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content folder moved successfully.
C:\Users\Chris Kendall\AppData\Roaming\Mozilla\Firefox\Profiles\pcu2ktj1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome folder moved successfully.
C:\Users\Chris Kendall\AppData\Roaming\Mozilla\Firefox\Profiles\pcu2ktj1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} folder moved successfully.
File/Folder C:\Users\Chris Kendall\AppData\Roaming\Microsoft\Windows\Cookies\*@sweetim[1].txt not found.
File/Folder C:\Users\Chris Kendall\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@ilivid[1].txt not found.
File/Folder C:\Users\Chris Kendall\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@ilivid[2].txt not found.
File/Folder C:\Users\Chris Kendall\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@searchqu[1].txt not found.
File/Folder C:\Users\Chris Kendall\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@searchqu[2].txt not found.
File/Folder C:\Users\Chris Kendall\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@stats.ilivid[1].txt not found.
File/Folder C:\Users\Chris Kendall\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@sweetim[1].txt not found.
File/Folder C:\Users\Chris Kendall\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@www.sweetim[2].txt not found.
File/Folder C:\Users\Chris Kendall\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@www.sweetim[3].txt not found.
File/Folder C:\Users\Chris Kendall\AppData\Local\Ilivid Player not found.
File/Folder C:\Users\Chris Kendall\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\iLividSetupV1.exe not found.
File/Folder C:\Users\Chris Kendall\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ilivid[1].7z not found.
File/Folder C:\Users\Chris Kendall\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SetupDataMngr_Searchqu[1].exe not found.
File/Folder C:\Users\Chris Kendall\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SweetImSetup.exe not found.
File/Folder C:\Users\Chris Kendall\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BandooV6[1].exe not found.
File/Folder C:\Users\Chris Kendall\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\searchqu_net[1].htm not found.
File/Folder C:\Users\CHRISK~1\AppData\Local\Temp\BandooFiles not found.
File/Folder C:\Users\CHRISK~1\AppData\Local\Temp\BandooV6.exe not found.
File/Folder C:\Users\CHRISK~1\AppData\Local\Temp\SetupDataMngr_Searchqu.exe not found.
File/Folder C:\Users\CHRISK~1\AppData\Local\Temp\SweetIMReinstall not found.
File/Folder C:\Users\CHRISK~1\AppData\Local\Temp\SweetIMReinstall\SweetImSetup.exe not found.
File/Folder C:\Users\CHRISK~1\AppData\Local\Temp\ilivid.7z not found.
C:\Users\CHRISK~1\AppData\Local\Temp\Searchqu.ini moved successfully.
C:\Users\CHRISK~1\AppData\Local\Temp\searchqutoolbar-manifest.xml moved successfully.
C:\Users\Chris Kendall\AppData\LocalLow\searchquband folder moved successfully.
C:\Users\Chris Kendall\AppData\LocalLow\searchqutoolbar\weather folder moved successfully.
C:\Users\Chris Kendall\AppData\LocalLow\searchqutoolbar folder moved successfully.
File/Folder C:\Users\Chris Kendall\Downloads\SweetImSetup.exe not found.
File/Folder C:\Users\Chris Kendall\Downloads\iLividSetupV1.exe not found.
File\Folder C:\Program Files\Windows iLivid Toolbar not found.
File\Folder C:\Program Files\iLivid not found.
File\Folder C:\Windows\Prefetch\ILIVID* not found.
File\Folder C:\Windows\Prefetch\SEARCHQUMEDIABAR* not found.
File\Folder C:\Windows\Prefetch\SETUPDATAMNGR* not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Chris Kendall
->Temp folder emptied: 47371613 bytes
->Temporary Internet Files folder emptied: 751816191 bytes
->Java cache emptied: 314027 bytes
->FireFox cache emptied: 45090626 bytes
->Google Chrome cache emptied: 468209106 bytes
->Apple Safari cache emptied: 549888 bytes
->Flash cache emptied: 146087 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 162406532 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 568783 bytes

Total Files Cleaned = 1,408.00 mb



OTL by OldTimer - Version 3.2.26.1 log created on 11222011_181748

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\TMP7441.tmp not found!

Registry entries deleted on Reboot...







System look



SystemLook 30.07.11 by jpshortstuff
Log created at 18:45 on 22/11/2011 by Chris Kendall
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\bandoocode.js --a---- 27324 bytes [13:37 31/10/2011] [13:37 31/10/2011] C4F2571481A116A0C24C9644F0E4B4F5
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\bandoocode.js --a---- 33963 bytes [13:37 31/10/2011] [13:37 31/10/2011] 11363D5ADC24F5BBC44C678BE8A29FCC
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bandoo.css --a---- 8308 bytes [13:37 31/10/2011] [13:37 31/10/2011] D98167EFDC45E8EC6F4769791A15CE36
C:\_OTL\MovedFiles\08102011_210452\C_Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\bandoocode.js --a---- 24210 bytes [12:30 31/05/2011] [12:30 31/05/2011] E2B3734A723FB575F4168B48552793BE
C:\_OTL\MovedFiles\08102011_210452\C_Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\lib\bandoocode.js --a---- 30447 bytes [12:30 31/05/2011] [12:30 31/05/2011] 06ED4E13216E83D78D1659907C48C7D2
C:\_OTL\MovedFiles\08102011_210452\C_Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\bandoo.css --a---- 8308 bytes [12:30 31/05/2011] [12:30 31/05/2011] D98167EFDC45E8EC6F4769791A15CE36
C:\_OTL\MovedFiles\08102011_210452\C_Users\Chris Kendall\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T2VD3MCE\BandooV6[1].exe --a---- 4686368 bytes [07:19 08/08/2011] [07:19 08/08/2011] DC718250EEDF0C923D6B8573A102B522
C:\_OTL\MovedFiles\08102011_210452\C_Users\Chris Kendall\AppData\Local\Temp\BandooV6.exe --a---- 4686368 bytes [07:19 08/08/2011] [07:19 08/08/2011] DC718250EEDF0C923D6B8573A102B522
C:\_OTL\MovedFiles\08102011_210452\C_Users\Chris Kendall\AppData\Local\Temp\BandooFiles\Bin\Bandoo.exe --a---- 1617296 bytes [07:19 08/08/2011] [14:54 25/05/2011] AFA0E803A7C009EB454CD35F26B1E828
C:\_OTL\MovedFiles\08102011_210452\C_Users\Chris Kendall\AppData\Local\Temp\BandooFiles\Bin\BandooGo.exe --a---- 836496 bytes [07:19 08/08/2011] [14:55 25/05/2011] 1602616A6706868F4AC227A877BE9DA7
C:\_OTL\MovedFiles\08102011_210452\C_Users\Chris Kendall\AppData\Local\Temp\BandooFiles\Bin\BandooLmx.dll --a---- 1524112 bytes [07:19 08/08/2011] [14:55 25/05/2011] 4D550112E7DBB9454151A6CE40A33DD9
C:\_OTL\MovedFiles\08102011_210452\C_Users\Chris Kendall\AppData\Local\Temp\BandooFiles\Bin\BandooUI.exe --a---- 1477520 bytes [07:19 08/08/2011] [14:55 25/05/2011] AF799F798E38A9834879FCF6021A97E6
C:\_OTL\MovedFiles\08102011_210452\C_Users\Chris Kendall\AppData\Local\Temp\BandooFiles\Bin\resources\BandooMessages.xml --a---- 10376 bytes [07:19 08/08/2011] [14:34 25/05/2011] F8A585F947DD38E477B61A65E80173C0
C:\_OTL\MovedFiles\08102011_210452\C_Users\Chris Kendall\AppData\Local\Temp\BandooFiles\Bin\resources\downloadingBandoo.gif --a---- 4117 bytes [07:19 08/08/2011] [12:15 21/09/2010] 0CFF9AA4BD24052CA40164B132F2573F
C:\_OTL\MovedFiles\08102011_210452\C_Users\Chris Kendall\AppData\Local\Temp\BandooFiles\Bin\resources\plugins\IE\bandoo.js --a---- 9954 bytes [07:19 08/08/2011] [12:14 21/09/2010] 4C0E1A919C4F77AB75F75E77ED855B6C
C:\_OTL\MovedFiles\08102011_210452\C_Users\Chris Kendall\AppData\Local\Temp\BandooFiles\Bin\resources\plugins\MSN\Toolbar\BandooToolbar.xml --a---- 4890 bytes [07:19 08/08/2011] [14:34 25/05/2011] 9742A7FE49EEC0173C33D02E167261AC
C:\_OTL\MovedFiles\08102011_210452\C_Users\Chris Kendall\AppData\Local\Temp\BandooFiles\Bin\resources\plugins\MSN\Toolbar\Images\1006Bandoo.dat --a---- 3667 bytes [07:19 08/08/2011] [12:14 21/09/2010] 1D1C83B84AB286DE80E2AB3C2D7A0E75
C:\_OTL\MovedFiles\08102011_210452\C_Users\Chris Kendall\AppData\Local\Temp\BandooFiles\Bin\resources\plugins\OE\Toolbar\BandooToolbar.xml --a---- 3516 bytes [07:19 08/08/2011] [14:34 25/05/2011] 6DD29D8BEF0678133184FF7CE2EAFF28
C:\_OTL\MovedFiles\08102011_210452\C_Users\Chris Kendall\AppData\Local\Temp\BandooFiles\Bin\resources\plugins\OE\Toolbar\Images\1006Bandoo.dat --a---- 3667 bytes [07:19 08/08/2011] [12:14 21/09/2010] 1D1C83B84AB286DE80E2AB3C2D7A0E75
C:\_OTL\MovedFiles\08102011_210452\C_Users\Chris Kendall\AppData\Local\Temp\BandooFiles\Bin\resources\plugins\Yahoo\Toolbar\BandooToolbar.xml --a---- 4385 bytes [07:19 08/08/2011] [14:34 25/05/2011] 2269B9C126B176FB4A8472602E9E583E
C:\_OTL\MovedFiles\08102011_210452\C_Users\Chris Kendall\AppData\Local\Temp\BandooFiles\Bin\resources\plugins\Yahoo\Toolbar\BandooToolbarV9.xml --a---- 4768 bytes [07:19 08/08/2011] [14:34 25/05/2011] 239CFFF064E52D43E141E8DB4A425462
C:\_OTL\MovedFiles\08102011_210452\C_Users\Chris Kendall\AppData\Local\Temp\BandooFiles\Static\licenseBandoo.rtf --a---- 44071 bytes [07:19 08/08/2011] [15:23 02/01/2011] 2131AFB5A850D4DD1D3726BD7A325C3D
C:\_OTL\MovedFiles\08102011_210452\C_Users\Chris Kendall\AppData\Roaming\Mozilla\Firefox\Profiles\pcu2ktj1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\bandoocode.js --a---- 24210 bytes [12:30 31/05/2011] [12:30 31/05/2011] E2B3734A723FB575F4168B48552793BE
C:\_OTL\MovedFiles\08102011_210452\C_Users\Chris Kendall\AppData\Roaming\Mozilla\Firefox\Profiles\pcu2ktj1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib\bandoocode.js --a---- 30447 bytes [12:30 31/05/2011] [12:30 31/05/2011] 06ED4E13216E83D78D1659907C48C7D2
C:\_OTL\MovedFiles\08102011_210452\C_Users\Chris Kendall\AppData\Roaming\Mozilla\Firefox\Profiles\pcu2ktj1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\bandoo.css --a---- 8308 bytes [12:30 31/05/2011] [12:30 31/05/2011] D98167EFDC45E8EC6F4769791A15CE36
C:\_OTL\MovedFiles\11222011_181748\C_Users\Chris Kendall\AppData\Roaming\Mozilla\Firefox\Profiles\pcu2ktj1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\bandoocode.js --a---- 27324 bytes [13:37 31/10/2011] [13:37 31/10/2011] C4F2571481A116A0C24C9644F0E4B4F5
C:\_OTL\MovedFiles\11222011_181748\C_Users\Chris Kendall\AppData\Roaming\Mozilla\Firefox\Profiles\pcu2ktj1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib\bandoocode.js --a---- 33963 bytes [13:37 31/10/2011] [13:37 31/10/2011] 11363D5ADC24F5BBC44C678BE8A29FCC
C:\_OTL\MovedFiles\11222011_181748\C_Users\Chris Kendall\AppData\Roaming\Mozilla\Firefox\Profiles\pcu2ktj1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\bandoo.css --a---- 8308 bytes [13:37 31/10/2011] [13:37 31/10/2011] D98167EFDC45E8EC6F4769791A15CE36

Searching for "*Searchqu*"
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchquband.dll --a---- 449424 bytes [13:37 31/10/2011] [13:37 31/10/2011] 39ECB144372B2ED7B1B91A1E63D3F275
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll --a---- 88976 bytes [13:37 31/10/2011] [13:37 31/10/2011] AD14E447F7CED4CA987B91B379EAF952
C:\_OTL\MovedFiles\08102011_210452\C_Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchquband.dll --a---- 449424 bytes [12:29 31/05/2011] [12:29 31/05/2011] 39ECB144372B2ED7B1B91A1E63D3F275
C:\_OTL\MovedFiles\08102011_210452\C_Users\Chris Kendall\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4PH7K978\SetupDataMngr_Searchqu[1].exe --a---- 3493320 bytes [07:17 08/08/2011] [07:17 08/08/2011] E847327A61EC4DBBE1A2A716833F4C28
C:\_OTL\MovedFiles\08102011_210452\C_Users\Chris Kendall\AppData\Local\Temp\searchqu.ini --a---- 411 bytes [07:17 08/08/2011] [07:17 08/08/2011] 1B5BE5456268B9C5D0FC4E3DA1E3E787
C:\_OTL\MovedFiles\08102011_210452\C_Users\Chris Kendall\AppData\Local\Temp\searchqutoolbar-manifest.xml --a---- 9422 bytes [12:30 31/05/2011] [12:30 31/05/2011] B3FE09D2AB12FDF1657D1210E6332FD1
C:\_OTL\MovedFiles\08102011_210452\C_Users\Chris Kendall\AppData\Local\Temp\SetupDataMngr_Searchqu.exe --a---- 3493320 bytes [07:17 08/08/2011] [07:17 08/08/2011] E847327A61EC4DBBE1A2A716833F4C28
C:\_OTL\MovedFiles\08102011_210452\C_Users\Chris Kendall\AppData\Roaming\Microsoft\Windows\Cookies\Low\chris_kendall@searchqu[1].txt --a---- 522 bytes [22:04 08/08/2011] [22:04 08/08/2011] 62EE13E81C5E78BB169520CF438F3CA0
C:\_OTL\MovedFiles\11222011_181748\C_Users\Chris Kendall\AppData\Local\Temp\Searchqu.ini --a---- 257 bytes [12:17 20/11/2011] [12:17 20/11/2011] 651FA8A05110BA514C0634FFAD3AC332
C:\_OTL\MovedFiles\11222011_181748\C_Users\Chris Kendall\AppData\Local\Temp\searchqutoolbar-manifest.xml --a---- 9422 bytes [13:37 31/10/2011] [13:37 31/10/2011] 28A352E64F4374BBC6774AD3473A413C

Searching for "*iLivid*"
C:\_OTL\MovedFiles\08102011_210452\C_Users\Chris Kendall\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CLNI2AO8\ilivid[1].7z --a---- 901399 bytes [07:18 08/08/2011] [07:18 08/08/2011] B38425304D8D2AAA300A7ECC2F9741BC
C:\_OTL\MovedFiles\08102011_210452\C_Users\Chris Kendall\AppData\Local\Temp\ilivid.7z --a---- 901399 bytes [07:18 08/08/2011] [07:18 08/08/2011] B38425304D8D2AAA300A7ECC2F9741BC
C:\_OTL\MovedFiles\08102011_210452\C_Users\Chris Kendall\Downloads\iLividSetupV1.exe --a---- 2066296 bytes [07:16 08/08/2011] [07:16 08/08/2011] 4C9C72BBBCF1E47BE3DD17FBDEF2CA84

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
C:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngr.dll --a---- 1236368 bytes [12:17 20/11/2011] [07:58 13/11/2011] 232FF2E508B8F1E29BA7F9D96EA5A034
C:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe --a---- 1694608 bytes [12:17 20/11/2011] [07:58 13/11/2011] 93294DC9C849B61738C1EBCD9C5ED72C
C:\Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlp.dll --a---- 351232 bytes [12:17 20/11/2011] [14:38 02/08/2011] 4D9F92DF1AA8AA39F7645C27D6E7CB1A
C:\Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlp.xpt --a---- 978 bytes [12:17 20/11/2011] [07:57 13/11/2011] 0CE6DC5C1FB9591A1973586DDDCBEAEB
C:\Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF3.dll --a---- 355840 bytes [12:17 20/11/2011] [07:56 13/11/2011] 150F3C14A5CD3672B4AD6F55461C35B4
C:\Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF4.dll --a---- 351744 bytes [12:17 20/11/2011] [07:57 13/11/2011] 2E66ACFB6F2FACD347F0C25DAC9CAE47
C:\Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF5.dll --a---- 351744 bytes [12:17 20/11/2011] [07:57 13/11/2011] 1E41F9CF786ED9C8DD5A964B6B882CC3
C:\Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF6.dll --a---- 351744 bytes [12:17 20/11/2011] [07:57 13/11/2011] 7525EA8E07E5AAFB67EB72CE0A8F42AF
C:\Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF7.dll --a---- 351744 bytes [12:17 20/11/2011] [07:58 13/11/2011] 14E9F51B03046AB91695C7FE4308A409
C:\Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\DataMngr.js --a---- 16184 bytes [12:17 20/11/2011] [06:50 25/10/2011] 74EA142FA2CF77FA2306892E2B45FA13
C:\_OTL\MovedFiles\08102011_210452\C_Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll --a---- 1235856 bytes [07:17 08/08/2011] [20:44 01/06/2011] 411F14AC8C0FB320FC135818C253871E
C:\_OTL\MovedFiles\08102011_210452\C_Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe --a---- 1546640 bytes [07:17 08/08/2011] [20:44 01/06/2011] C0909655D4BDF541DA23E828B7B05A7A
C:\_OTL\MovedFiles\08102011_210452\C_Program Files\Windows iLivid Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlp.dll --a---- 351232 bytes [07:17 08/08/2011] [20:43 01/06/2011] 26ECBED42B0EF60ECABB1DDB202D7B71
C:\_OTL\MovedFiles\08102011_210452\C_Program Files\Windows iLivid Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlp.xpt --a---- 951 bytes [07:17 08/08/2011] [20:42 01/06/2011] F04246FA7AE5D34DE1FA0AAB3A96C19D
C:\_OTL\MovedFiles\08102011_210452\C_Program Files\Windows iLivid Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF3.dll --a---- 355840 bytes [07:17 08/08/2011] [20:41 01/06/2011] 0C12A63D6FCE1512AE1A22D734395FD2
C:\_OTL\MovedFiles\08102011_210452\C_Program Files\Windows iLivid Toolbar\Datamngr\FirefoxExtension\content\DataMngr.js --a---- 16334 bytes [07:17 08/08/2011] [07:38 09/05/2011] 0D42546AA02541A98CD98AC72EB14A69
C:\_OTL\MovedFiles\08102011_210452\C_Users\Chris Kendall\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4PH7K978\SetupDataMngr_Searchqu[1].exe --a---- 3493320 bytes [07:17 08/08/2011] [07:17 08/08/2011] E847327A61EC4DBBE1A2A716833F4C28
C:\_OTL\MovedFiles\08102011_210452\C_Users\Chris Kendall\AppData\Local\Temp\SetupDataMngr_Searchqu.exe --a---- 3493320 bytes [07:17 08/08/2011] [07:17 08/08/2011] E847327A61EC4DBBE1A2A716833F4C28

Searching for "*trolltech*"
No files found.

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
C:\_OTL\MovedFiles\08102011_210452\C_Users\Chris Kendall\AppData\Local\Temp\BandooFiles d------ [07:19 08/08/2011]
C:\_OTL\MovedFiles\08102011_210452\C_Users\Chris Kendall\AppData\Local\Temp\BandooFiles\Bin\resources\tutorial\images\Bandoo d------ [07:19 08/08/2011]

Searching for "*Searchqu*"
C:\Program Files\Windows Searchqu Toolbar d------ [12:17 20/11/2011]
C:\_OTL\MovedFiles\08102011_210452\C_Users\Chris Kendall\AppData\LocalLow\searchquband d------ [22:04 08/08/2011]
C:\_OTL\MovedFiles\08102011_210452\C_Users\Chris Kendall\AppData\LocalLow\searchqutoolbar d------ [07:17 08/08/2011]
C:\_OTL\MovedFiles\08102011_210452\C_Users\Chris Kendall\AppData\Roaming\Mozilla\Firefox\Profiles\pcu2ktj1.default\searchqutoolbar d------ [07:17 08/08/2011]
C:\_OTL\MovedFiles\11222011_181748\C_Users\Chris Kendall\AppData\LocalLow\searchquband d------ [14:28 20/11/2011]
C:\_OTL\MovedFiles\11222011_181748\C_Users\Chris Kendall\AppData\LocalLow\searchqutoolbar d------ [12:17 20/11/2011]
C:\_OTL\MovedFiles\11222011_181748\C_Users\Chris Kendall\AppData\Roaming\Mozilla\Firefox\Profiles\pcu2ktj1.default\searchqutoolbar d------ [12:17 20/11/2011]

Searching for "*iLivid*"
C:\_OTL\MovedFiles\08102011_210452\C_Program Files\Windows iLivid Toolbar d------ [07:17 08/08/2011]
C:\_OTL\MovedFiles\08102011_210452\C_Users\Chris Kendall\AppData\Local\Ilivid Player d------ [07:19 08/08/2011]

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
C:\Program Files\Windows Searchqu Toolbar\Datamngr d------ [12:17 20/11/2011]
C:\Users\Chris Kendall\AppData\LocalLow\DataMngr d------ [14:28 20/11/2011]
C:\_OTL\MovedFiles\08102011_210452\C_Program Files\Windows iLivid Toolbar\Datamngr d------ [07:17 08/08/2011]
C:\_OTL\MovedFiles\08122011_103926\C_Users\Chris Kendall\AppData\LocalLow\DataMngr d------ [14:35 05/07/2011]

Searching for "*trolltech*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\jZip]
"Publisher"="Bandoo Media Inc."
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar]
"Contact"="@set COMPANY=Bandoo Media, Inc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar]
"Publisher"="Bandoo media inc"

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{99079a25-328f-4bd4-be04-00955acaa0a7}"="Searchqu Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar]
"DisplayName"="Windows Searchqu Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar]
"UninstallString"="C:\Program Files\Windows Searchqu Toolbar\uninstall.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar]
"DisplayIcon"="C:\Program Files\Windows Searchqu Toolbar\uninstall.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar]
"Path"="C:\Program Files\Windows Searchqu Toolbar"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RapportBuka]
"buka_dump_prev"="FD2C7C1D \Device\HarddiskVolume1\Windows\System32\dllhost.exe
FD2C7E00 \Device\HarddiskVolume1\Program Files\Synaptics\SynTP\SynTPHelper.exe
FD2CA85A \Device\HarddiskVolume1\Program Files\Mozilla Firefox\plugin-container.exe
FD2D1303 \Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
FD2D18F3 \Device\HarddiskVolume1\Program Files\Google\Update\GoogleUpdate.exe
FD2D1D24 \Device\HarddiskVolume1\Program Files\Google\Update\GoogleUpdate.exe
FD2D1DF8 \Device\HarddiskVolume1\Program Files\Google\Update\GoogleUpdate.exe
FD2D1EBA \Device\HarddiskVolume1\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe
FD2D1EDD \Device\HarddiskVolume1\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
FD2D4D31 \Device\HarddiskVolume1\Program Files\Norton 360\Engine\5.1.0.29\WSCStub.exe
FD2D4E49 \Device\HarddiskVolume1\Program Files\Norton 360\Engine\5.1.0.29\WSCStub.exe
FD2D4EF8 \Device\HarddiskVolume1
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{B9C9D25E-1FBA-484C-B5FE-0C6D07AE555D}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{EC25043D-AAC6-416F-BA2D-C44E34FB533B}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet036\Services\RapportBuka]
"buka_dump_prev"="FD2C7C1D \Device\HarddiskVolume1\Windows\System32\dllhost.exe
FD2C7E00 \Device\HarddiskVolume1\Program Files\Synaptics\SynTP\SynTPHelper.exe
FD2CA85A \Device\HarddiskVolume1\Program Files\Mozilla Firefox\plugin-container.exe
FD2D1303 \Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
FD2D18F3 \Device\HarddiskVolume1\Program Files\Google\Update\GoogleUpdate.exe
FD2D1D24 \Device\HarddiskVolume1\Program Files\Google\Update\GoogleUpdate.exe
FD2D1DF8 \Device\HarddiskVolume1\Program Files\Google\Update\GoogleUpdate.exe
FD2D1EBA \Device\HarddiskVolume1\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe
FD2D1EDD \Device\HarddiskVolume1\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
FD2D4D31 \Device\HarddiskVolume1\Program Files\Norton 360\Engine\5.1.0.29\WSCStub.exe
FD2D4E49 \Device\HarddiskVolume1\Program Files\Norton 360\Engine\5.1.0.29\WSCStub.exe
FD2D4EF8 \Device\HarddiskVolume1
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet036\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{B9C9D25E-1FBA-484C-B5FE-0C6D07AE555D}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet036\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{EC25043D-AAC6-416F-BA2D-C44E34FB533B}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RapportBuka]
"buka_dump_prev"="FD2C7C1D \Device\HarddiskVolume1\Windows\System32\dllhost.exe
FD2C7E00 \Device\HarddiskVolume1\Program Files\Synaptics\SynTP\SynTPHelper.exe
FD2CA85A \Device\HarddiskVolume1\Program Files\Mozilla Firefox\plugin-container.exe
FD2D1303 \Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
FD2D18F3 \Device\HarddiskVolume1\Program Files\Google\Update\GoogleUpdate.exe
FD2D1D24 \Device\HarddiskVolume1\Program Files\Google\Update\GoogleUpdate.exe
FD2D1DF8 \Device\HarddiskVolume1\Program Files\Google\Update\GoogleUpdate.exe
FD2D1EBA \Device\HarddiskVolume1\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe
FD2D1EDD \Device\HarddiskVolume1\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
FD2D4D31 \Device\HarddiskVolume1\Program Files\Norton 360\Engine\5.1.0.29\WSCStub.exe
FD2D4E49 \Device\HarddiskVolume1\Program Files\Norton 360\Engine\5.1.0.29\WSCStub.exe
FD2D4EF8 \Device\HarddiskVol
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{B9C9D25E-1FBA-484C-B5FE-0C6D07AE555D}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{EC25043D-AAC6-416F-BA2D-C44E34FB533B}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"

Searching for "iLivid"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
[HKEY_CURRENT_USER\Software\DataMngr]
[HKEY_CURRENT_USER\Software\DataMngr_Toolbar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserConnection.Loader]
@="DataMngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserConnection.Loader.1]
@="DataMngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}]
@="DataMngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\InprocServer32]
@="C:\PROGRA~1\WI9130~1\Datamngr\BROWSE~1.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{69CF75C1-35AB-4DE5-A51F-662C9020AD4A}]
"AppPath"="C:\PROGRA~1\WI9130~1\Datamngr\ToolBar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DATAMNGR"="C:\PROGRA~1\WI9130~1\Datamngr\DATAMN~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\WI9130~1\Datamngr\datamngr.dll C:\PROGRA~1\WI9130~1\Datamngr\IEBHO.dll "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RapportBuka]
"buka_dump_prev"="FD2C7C1D \Device\HarddiskVolume1\Windows\System32\dllhost.exe
FD2C7E00 \Device\HarddiskVolume1\Program Files\Synaptics\SynTP\SynTPHelper.exe
FD2CA85A \Device\HarddiskVolume1\Program Files\Mozilla Firefox\plugin-container.exe
FD2D1303 \Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
FD2D18F3 \Device\HarddiskVolume1\Program Files\Google\Update\GoogleUpdate.exe
FD2D1D24 \Device\HarddiskVolume1\Program Files\Google\Update\GoogleUpdate.exe
FD2D1DF8 \Device\HarddiskVolume1\Program Files\Google\Update\GoogleUpdate.exe
FD2D1EBA \Device\HarddiskVolume1\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe
FD2D1EDD \Device\HarddiskVolume1\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
FD2D4D31 \Device\HarddiskVolume1\Program Files\Norton 360\Engine\5.1.0.29\WSCStub.exe
FD2D4E49 \Device\HarddiskVolume1\Program Files\Norton 360\Engine\5.1.0.29\WSCStub.exe
FD2D4EF8 \Device\HarddiskVolume1
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{B9C9D25E-1FBA-484C-B5FE-0C6D07AE555D}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{EC25043D-AAC6-416F-BA2D-C44E34FB533B}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet036\Services\RapportBuka]
"buka_dump_prev"="FD2C7C1D \Device\HarddiskVolume1\Windows\System32\dllhost.exe
FD2C7E00 \Device\HarddiskVolume1\Program Files\Synaptics\SynTP\SynTPHelper.exe
FD2CA85A \Device\HarddiskVolume1\Program Files\Mozilla Firefox\plugin-container.exe
FD2D1303 \Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
FD2D18F3 \Device\HarddiskVolume1\Program Files\Google\Update\GoogleUpdate.exe
FD2D1D24 \Device\HarddiskVolume1\Program Files\Google\Update\GoogleUpdate.exe
FD2D1DF8 \Device\HarddiskVolume1\Program Files\Google\Update\GoogleUpdate.exe
FD2D1EBA \Device\HarddiskVolume1\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe
FD2D1EDD \Device\HarddiskVolume1\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
FD2D4D31 \Device\HarddiskVolume1\Program Files\Norton 360\Engine\5.1.0.29\WSCStub.exe
FD2D4E49 \Device\HarddiskVolume1\Program Files\Norton 360\Engine\5.1.0.29\WSCStub.exe
FD2D4EF8 \Device\HarddiskVolume1
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet036\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{B9C9D25E-1FBA-484C-B5FE-0C6D07AE555D}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet036\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{EC25043D-AAC6-416F-BA2D-C44E34FB533B}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RapportBuka]
"buka_dump_prev"="FD2C7C1D \Device\HarddiskVolume1\Windows\System32\dllhost.exe
FD2C7E00 \Device\HarddiskVolume1\Program Files\Synaptics\SynTP\SynTPHelper.exe
FD2CA85A \Device\HarddiskVolume1\Program Files\Mozilla Firefox\plugin-container.exe
FD2D1303 \Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
FD2D18F3 \Device\HarddiskVolume1\Program Files\Google\Update\GoogleUpdate.exe
FD2D1D24 \Device\HarddiskVolume1\Program Files\Google\Update\GoogleUpdate.exe
FD2D1DF8 \Device\HarddiskVolume1\Program Files\Google\Update\GoogleUpdate.exe
FD2D1EBA \Device\HarddiskVolume1\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe
FD2D1EDD \Device\HarddiskVolume1\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
FD2D4D31 \Device\HarddiskVolume1\Program Files\Norton 360\Engine\5.1.0.29\WSCStub.exe
FD2D4E49 \Device\HarddiskVolume1\Program Files\Norton 360\Engine\5.1.0.29\WSCStub.exe
FD2D4EF8 \Device\HarddiskVol
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{B9C9D25E-1FBA-484C-B5FE-0C6D07AE555D}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{EC25043D-AAC6-416F-BA2D-C44E34FB533B}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_USERS\S-1-5-21-4093849599-2187081926-435706602-1000\Software\DataMngr]
[HKEY_USERS\S-1-5-21-4093849599-2187081926-435706602-1000\Software\DataMngr_Toolbar]

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.3\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-4093849599-2187081926-435706602-1000\Software\Trolltech]
[HKEY_USERS\S-1-5-21-4093849599-2187081926-435706602-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.3\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

-= EOF =-
chriskendall
Regular Member
 
Posts: 17
Joined: July 6th, 2011, 5:39 am

Re: SearchQu has taken over all my browsers...

Unread postby chriskendall » November 22nd, 2011, 3:10 pm

Oh - and there were no problems in running the reports, and there is no change in my computer which I have yet noticed.
chriskendall
Regular Member
 
Posts: 17
Joined: July 6th, 2011, 5:39 am

Re: SearchQu has taken over all my browsers...

Unread postby pgmigg » November 23rd, 2011, 9:58 am

Hello chriskendall,

Great job! :D
Oh - and there were no problems in running the reports, and there is no change in my computer which I have yet noticed.

We are not finished yet - we are just started! Let continue our treatment...

Step 0.
Create System Restore Point
  1. Right-click on Computer and select Properties.
  2. In the left pane under Tasks please click System protection.
    If UAC prompts for an administrator password or approval, type the password or give your "permission to continue".
  3. Select System Protection, then choose Create.
  4. In the System Restore dialog box, type a description for the restore point and then click Create again.
    A window will pop up with "The Restore Point was created successfully" confirmation message.
  5. Click OK, then close the System Restore dialog.

If you have successfully created a System Restore Point... we can proceed.
If you have NOT successfully created a System Restore Point... do not go any further!
Please post back so we can determine why it was unsuccessful.


Step 1.
Uninstall Programs
I need you to uninstall one program.
  1. Click on Start, then click the Start Search box on the Start Menu.
  2. Copy and paste the value below, into the open text entry box:
    control appwiz.cpl
      Depending on your current view setting...
    • Double click on Programs and Features.
    • Under Programs, click on Uninstall a program.
  3. Locate the following program:
    Rapport
  4. Select the program and click on Uninstall to uninstall it.

Step 2.
OTL - Run Fix Script
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Copy and Paste the following code into the Image text box. Do not include the word Code
    Code: Select all
    :processes
    killallprocesses
    
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\jZip]
    "Publisher"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{99079a25-328f-4bd4-be04-00955acaa0a7}"=-
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RapportBuka]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{B9C9D25E-1FBA-484C-B5FE-0C6D07AE555D}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{EC25043D-AAC6-416F-BA2D-C44E34FB533B}"=-
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet036\Services\RapportBuka]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet036\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{B9C9D25E-1FBA-484C-B5FE-0C6D07AE555D}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet036\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{EC25043D-AAC6-416F-BA2D-C44E34FB533B}"=-
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RapportBuka]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{B9C9D25E-1FBA-484C-B5FE-0C6D07AE555D}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{EC25043D-AAC6-416F-BA2D-C44E34FB533B}"=-
    [-HKEY_CURRENT_USER\Software\DataMngr]
    [-HKEY_CURRENT_USER\Software\DataMngr_Toolbar]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserConnection.Loader]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserConnection.Loader.1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{69CF75C1-35AB-4DE5-A51F-662C9020AD4A}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DATAMNGR"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=-
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RapportBuka]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{B9C9D25E-1FBA-484C-B5FE-0C6D07AE555D}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{EC25043D-AAC6-416F-BA2D-C44E34FB533B}"=-
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet036\Services\RapportBuka]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet036\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{B9C9D25E-1FBA-484C-B5FE-0C6D07AE555D}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet036\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{EC25043D-AAC6-416F-BA2D-C44E34FB533B}"=-
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RapportBuka]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{B9C9D25E-1FBA-484C-B5FE-0C6D07AE555D}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{EC25043D-AAC6-416F-BA2D-C44E34FB533B}"=-
    [-HKEY_USERS\S-1-5-21-4093849599-2187081926-435706602-1000\Software\DataMngr]
    [-HKEY_USERS\S-1-5-21-4093849599-2187081926-435706602-1000\Software\DataMngr_Toolbar]
    [-HKEY_CURRENT_USER\Software\Trolltech]
    [-HKEY_USERS\S-1-5-21-4093849599-2187081926-435706602-1000\Software\Trolltech]
    
    :Files
    C:\Program Files\Windows Searchqu Toolbar
    C:\Users\Chris Kendall\AppData\LocalLow\DataMngr
    
    :Commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    [Reboot]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. When the scan completes, Notepad will open with the scan results (OTL.txt). The report is saved in the same location as OTL.
  8. Please post the contents of report in your next reply.

Step 3.
SystemLook
  1. Double-click SystemLook.exe to run it.
    If you receive an "Open file - security warning"... asking "Do you want to run this file?", press the Run button.
  2. Highlight and copy the following entries: into SystemLook's main text entry window.
    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchqu
    iLivid
    whitesmoke
    datamngr
    kelkoopartners
    trolltech
    
  3. Press the Look button to start the scan.
    When finished, a Notepad window will open with the results of the scan.
    A file will be created (on your Desktop) with the results of the scan, named SystemLook.txt
  4. Please post the contents of the SystemLook.txt file in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of a log created by OTL.txt
  3. Contents of a log created by SystemLook.txt
  4. Do you see any changes in computer behavior?

Thanks,
pgmigg
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: SearchQu has taken over all my browsers...

Unread postby chriskendall » November 23rd, 2011, 7:46 pm

All processes killed
========== PROCESSES ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\jZip\\Publisher deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RapportBuka\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B9C9D25E-1FBA-484C-B5FE-0C6D07AE555D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B9C9D25E-1FBA-484C-B5FE-0C6D07AE555D}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EC25043D-AAC6-416F-BA2D-C44E34FB533B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC25043D-AAC6-416F-BA2D-C44E34FB533B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet036\Services\RapportBuka\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet036\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B9C9D25E-1FBA-484C-B5FE-0C6D07AE555D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B9C9D25E-1FBA-484C-B5FE-0C6D07AE555D}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet036\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EC25043D-AAC6-416F-BA2D-C44E34FB533B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC25043D-AAC6-416F-BA2D-C44E34FB533B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RapportBuka\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B9C9D25E-1FBA-484C-B5FE-0C6D07AE555D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B9C9D25E-1FBA-484C-B5FE-0C6D07AE555D}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EC25043D-AAC6-416F-BA2D-C44E34FB533B} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC25043D-AAC6-416F-BA2D-C44E34FB533B}\ not found.
Registry key HKEY_CURRENT_USER\Software\DataMngr\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\DataMngr_Toolbar\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserConnection.Loader\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserConnection.Loader.1\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{69CF75C1-35AB-4DE5-A51F-662C9020AD4A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69CF75C1-35AB-4DE5-A51F-662C9020AD4A}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RapportBuka\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B9C9D25E-1FBA-484C-B5FE-0C6D07AE555D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B9C9D25E-1FBA-484C-B5FE-0C6D07AE555D}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EC25043D-AAC6-416F-BA2D-C44E34FB533B} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC25043D-AAC6-416F-BA2D-C44E34FB533B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet036\Services\RapportBuka\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet036\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B9C9D25E-1FBA-484C-B5FE-0C6D07AE555D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B9C9D25E-1FBA-484C-B5FE-0C6D07AE555D}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet036\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EC25043D-AAC6-416F-BA2D-C44E34FB533B} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC25043D-AAC6-416F-BA2D-C44E34FB533B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RapportBuka\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B9C9D25E-1FBA-484C-B5FE-0C6D07AE555D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B9C9D25E-1FBA-484C-B5FE-0C6D07AE555D}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EC25043D-AAC6-416F-BA2D-C44E34FB533B} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC25043D-AAC6-416F-BA2D-C44E34FB533B}\ not found.
Registry key HKEY_USERS\S-1-5-21-4093849599-2187081926-435706602-1000\Software\DataMngr\ not found.
Registry key HKEY_USERS\S-1-5-21-4093849599-2187081926-435706602-1000\Software\DataMngr_Toolbar\ not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-4093849599-2187081926-435706602-1000\Software\Trolltech\ not found.
========== FILES ==========
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\components folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\css folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar folder moved successfully.
C:\Users\Chris Kendall\AppData\LocalLow\DataMngr folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Chris Kendall
->Temp folder emptied: 85432 bytes
->Temporary Internet Files folder emptied: 38734548 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 96158066 bytes
->Google Chrome cache emptied: 44180777 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 9482 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12657 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 171.00 mb



OTL by OldTimer - Version 3.2.26.1 log created on 11232011_190124

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...







SystemLook 30.07.11 by jpshortstuff
Log created at 23:31 on 23/11/2011 by Chris Kendall
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
C:\_OTL\MovedFiles\08102011_210452\C_Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\bandoocode.js --a---- 24210 bytes [12:30 31/05/2011] [12:30 31/05/2011] E2B3734A723FB575F4168B48552793BE
C:\_OTL\MovedFiles\08102011_210452\C_Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\lib\bandoocode.js --a---- 30447 bytes [12:30 31/05/2011] [12:30 31/05/2011] 06ED4E13216E83D78D1659907C48C7D2
C:\_OTL\MovedFiles\08102011_210452\C_Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\bandoo.css --a---- 8308 bytes [12:30 31/05/2011] [12:30 31/05/2011] D98167EFDC45E8EC6F4769791A15CE36
C:\_OTL\MovedFiles\08102011_210452\C_Users\Chris Kendall\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T2VD3MCE\BandooV6[1].exe --a---- 4686368 bytes [07:19 08/08/2011] [07:19 08/08/2011] DC718250EEDF0C923D6B8573A102B522
C:\_OTL\MovedFiles\08102011_210452\C_Users\Chris Kendall\AppData\Local\Temp\BandooV6.exe --a---- 4686368 bytes [07:19 08/08/2011] [07:19 08/08/2011] DC718250EEDF0C923D6B8573A102B522
C:\_OTL\MovedFiles\08102011_210452\C_Users\Chris Kendall\AppData\Local\Temp\BandooFiles\Bin\Bandoo.exe --a---- 1617296 bytes [07:19 08/08/2011] [14:54 25/05/2011] AFA0E803A7C009EB454CD35F26B1E828
C:\_OTL\MovedFiles\08102011_210452\C_Users\Chris Kendall\AppData\Local\Temp\BandooFiles\Bin\BandooGo.exe --a---- 836496 bytes [07:19 08/08/2011] [14:55 25/05/2011] 1602616A6706868F4AC227A877BE9DA7
C:\_OTL\MovedFiles\08102011_210452\C_Users\Chris Kendall\AppData\Local\Temp\BandooFiles\Bin\BandooLmx.dll --a---- 1524112 bytes [07:19 08/08/2011] [14:55 25/05/2011] 4D550112E7DBB9454151A6CE40A33DD9
C:\_OTL\MovedFiles\08102011_210452\C_Users\Chris Kendall\AppData\Local\Temp\BandooFiles\Bin\BandooUI.exe --a---- 1477520 bytes [07:19 08/08/2011] [14:55 25/05/2011] AF799F798E38A9834879FCF6021A97E6
C:\_OTL\MovedFiles\08102011_210452\C_Users\Chris Kendall\AppData\Local\Temp\BandooFiles\Bin\resources\BandooMessages.xml --a---- 10376 bytes [07:19 08/08/2011] [14:34 25/05/2011] F8A585F947DD38E477B61A65E80173C0
C:\_OTL\MovedFiles\08102011_210452\C_Users\Chris Kendall\AppData\Local\Temp\BandooFiles\Bin\resources\downloadingBandoo.gif --a---- 4117 bytes [07:19 08/08/2011] [12:15 21/09/2010] 0CFF9AA4BD24052CA40164B132F2573F
C:\_OTL\MovedFiles\08102011_210452\C_Users\Chris Kendall\AppData\Local\Temp\BandooFiles\Bin\resources\plugins\IE\bandoo.js --a---- 9954 bytes [07:19 08/08/2011] [12:14 21/09/2010] 4C0E1A919C4F77AB75F75E77ED855B6C
C:\_OTL\MovedFiles\08102011_210452\C_Users\Chris Kendall\AppData\Local\Temp\BandooFiles\Bin\resources\plugins\MSN\Toolbar\BandooToolbar.xml --a---- 4890 bytes [07:19 08/08/2011] [14:34 25/05/2011] 9742A7FE49EEC0173C33D02E167261AC
C:\_OTL\MovedFiles\08102011_210452\C_Users\Chris Kendall\AppData\Local\Temp\BandooFiles\Bin\resources\plugins\MSN\Toolbar\Images\1006Bandoo.dat --a---- 3667 bytes [07:19 08/08/2011] [12:14 21/09/2010] 1D1C83B84AB286DE80E2AB3C2D7A0E75
C:\_OTL\MovedFiles\08102011_210452\C_Users\Chris Kendall\AppData\Local\Temp\BandooFiles\Bin\resources\plugins\OE\Toolbar\BandooToolbar.xml --a---- 3516 bytes [07:19 08/08/2011] [14:34 25/05/2011] 6DD29D8BEF0678133184FF7CE2EAFF28
C:\_OTL\MovedFiles\08102011_210452\C_Users\Chris Kendall\AppData\Local\Temp\BandooFiles\Bin\resources\plugins\OE\Toolbar\Images\1006Bandoo.dat --a---- 3667 bytes [07:19 08/08/2011] [12:14 21/09/2010] 1D1C83B84AB286DE80E2AB3C2D7A0E75
C:\_OTL\MovedFiles\08102011_210452\C_Users\Chris Kendall\AppData\Local\Temp\BandooFiles\Bin\resources\plugins\Yahoo\Toolbar\BandooToolbar.xml --a---- 4385 bytes [07:19 08/08/2011] [14:34 25/05/2011] 2269B9C126B176FB4A8472602E9E583E
C:\_OTL\MovedFiles\08102011_210452\C_Users\Chris Kendall\AppData\Local\Temp\BandooFiles\Bin\resources\plugins\Yahoo\Toolbar\BandooToolbarV9.xml --a---- 4768 bytes [07:19 08/08/2011] [14:34 25/05/2011] 239CFFF064E52D43E141E8DB4A425462
C:\_OTL\MovedFiles\08102011_210452\C_Users\Chris Kendall\AppData\Local\Temp\BandooFiles\Static\licenseBandoo.rtf --a---- 44071 bytes [07:19 08/08/2011] [15:23 02/01/2011] 2131AFB5A850D4DD1D3726BD7A325C3D
C:\_OTL\MovedFiles\08102011_210452\C_Users\Chris Kendall\AppData\Roaming\Mozilla\Firefox\Profiles\pcu2ktj1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\bandoocode.js --a---- 24210 bytes [12:30 31/05/2011] [12:30 31/05/2011] E2B3734A723FB575F4168B48552793BE
C:\_OTL\MovedFiles\08102011_210452\C_Users\Chris Kendall\AppData\Roaming\Mozilla\Firefox\Profiles\pcu2ktj1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib\bandoocode.js --a---- 30447 bytes [12:30 31/05/2011] [12:30 31/05/2011] 06ED4E13216E83D78D1659907C48C7D2
C:\_OTL\MovedFiles\08102011_210452\C_Users\Chris Kendall\AppData\Roaming\Mozilla\Firefox\Profiles\pcu2ktj1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\bandoo.css --a---- 8308 bytes [12:30 31/05/2011] [12:30 31/05/2011] D98167EFDC45E8EC6F4769791A15CE36
C:\_OTL\MovedFiles\11222011_181748\C_Users\Chris Kendall\AppData\Roaming\Mozilla\Firefox\Profiles\pcu2ktj1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\bandoocode.js --a---- 27324 bytes [13:37 31/10/2011] [13:37 31/10/2011] C4F2571481A116A0C24C9644F0E4B4F5
C:\_OTL\MovedFiles\11222011_181748\C_Users\Chris Kendall\AppData\Roaming\Mozilla\Firefox\Profiles\pcu2ktj1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib\bandoocode.js --a---- 33963 bytes [13:37 31/10/2011] [13:37 31/10/2011] 11363D5ADC24F5BBC44C678BE8A29FCC
C:\_OTL\MovedFiles\11222011_181748\C_Users\Chris Kendall\AppData\Roaming\Mozilla\Firefox\Profiles\pcu2ktj1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\bandoo.css --a---- 8308 bytes [13:37 31/10/2011] [13:37 31/10/2011] D98167EFDC45E8EC6F4769791A15CE36
C:\_OTL\MovedFiles\11232011_190124\C_Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\bandoocode.js --a---- 27324 bytes [13:37 31/10/2011] [13:37 31/10/2011] C4F2571481A116A0C24C9644F0E4B4F5
C:\_OTL\MovedFiles\11232011_190124\C_Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\bandoocode.js --a---- 33963 bytes [13:37 31/10/2011] [13:37 31/10/2011] 11363D5ADC24F5BBC44C678BE8A29FCC
C:\_OTL\MovedFiles\11232011_190124\C_Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bandoo.css --a---- 8308 bytes [13:37 31/10/2011] [13:37 31/10/2011] D98167EFDC45E8EC6F4769791A15CE36

Searching for "*Searchqu*"
C:\_OTL\MovedFiles\08102011_210452\C_Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchquband.dll --a---- 449424 bytes [12:29 31/05/2011] [12:29 31/05/2011] 39ECB144372B2ED7B1B91A1E63D3F275
C:\_OTL\MovedFiles\08102011_210452\C_Users\Chris Kendall\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4PH7K978\SetupDataMngr_Searchqu[1].exe --a---- 3493320 bytes [07:17 08/08/2011] [07:17 08/08/2011] E847327A61EC4DBBE1A2A716833F4C28
C:\_OTL\MovedFiles\08102011_210452\C_Users\Chris Kendall\AppData\Local\Temp\searchqu.ini --a---- 411 bytes [07:17 08/08/2011] [07:17 08/08/2011] 1B5BE5456268B9C5D0FC4E3DA1E3E787
C:\_OTL\MovedFiles\08102011_210452\C_Users\Chris Kendall\AppData\Local\Temp\searchqutoolbar-manifest.xml --a---- 9422 bytes [12:30 31/05/2011] [12:30 31/05/2011] B3FE09D2AB12FDF1657D1210E6332FD1
C:\_OTL\MovedFiles\08102011_210452\C_Users\Chris Kendall\AppData\Local\Temp\SetupDataMngr_Searchqu.exe --a---- 3493320 bytes [07:17 08/08/2011] [07:17 08/08/2011] E847327A61EC4DBBE1A2A716833F4C28
C:\_OTL\MovedFiles\08102011_210452\C_Users\Chris Kendall\AppData\Roaming\Microsoft\Windows\Cookies\Low\chris_kendall@searchqu[1].txt --a---- 522 bytes [22:04 08/08/2011] [22:04 08/08/2011] 62EE13E81C5E78BB169520CF438F3CA0
C:\_OTL\MovedFiles\11222011_181748\C_Users\Chris Kendall\AppData\Local\Temp\Searchqu.ini --a---- 257 bytes [12:17 20/11/2011] [12:17 20/11/2011] 651FA8A05110BA514C0634FFAD3AC332
C:\_OTL\MovedFiles\11222011_181748\C_Users\Chris Kendall\AppData\Local\Temp\searchqutoolbar-manifest.xml --a---- 9422 bytes [13:37 31/10/2011] [13:37 31/10/2011] 28A352E64F4374BBC6774AD3473A413C
C:\_OTL\MovedFiles\11232011_190124\C_Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchquband.dll --a---- 449424 bytes [13:37 31/10/2011] [13:37 31/10/2011] 39ECB144372B2ED7B1B91A1E63D3F275
C:\_OTL\MovedFiles\11232011_190124\C_Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll --a---- 88976 bytes [13:37 31/10/2011] [13:37 31/10/2011] AD14E447F7CED4CA987B91B379EAF952

Searching for "*iLivid*"
C:\_OTL\MovedFiles\08102011_210452\C_Users\Chris Kendall\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CLNI2AO8\ilivid[1].7z --a---- 901399 bytes [07:18 08/08/2011] [07:18 08/08/2011] B38425304D8D2AAA300A7ECC2F9741BC
C:\_OTL\MovedFiles\08102011_210452\C_Users\Chris Kendall\AppData\Local\Temp\ilivid.7z --a---- 901399 bytes [07:18 08/08/2011] [07:18 08/08/2011] B38425304D8D2AAA300A7ECC2F9741BC
C:\_OTL\MovedFiles\08102011_210452\C_Users\Chris Kendall\Downloads\iLividSetupV1.exe --a---- 2066296 bytes [07:16 08/08/2011] [07:16 08/08/2011] 4C9C72BBBCF1E47BE3DD17FBDEF2CA84

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
C:\_OTL\MovedFiles\08102011_210452\C_Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll --a---- 1235856 bytes [07:17 08/08/2011] [20:44 01/06/2011] 411F14AC8C0FB320FC135818C253871E
C:\_OTL\MovedFiles\08102011_210452\C_Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe --a---- 1546640 bytes [07:17 08/08/2011] [20:44 01/06/2011] C0909655D4BDF541DA23E828B7B05A7A
C:\_OTL\MovedFiles\08102011_210452\C_Program Files\Windows iLivid Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlp.dll --a---- 351232 bytes [07:17 08/08/2011] [20:43 01/06/2011] 26ECBED42B0EF60ECABB1DDB202D7B71
C:\_OTL\MovedFiles\08102011_210452\C_Program Files\Windows iLivid Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlp.xpt --a---- 951 bytes [07:17 08/08/2011] [20:42 01/06/2011] F04246FA7AE5D34DE1FA0AAB3A96C19D
C:\_OTL\MovedFiles\08102011_210452\C_Program Files\Windows iLivid Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF3.dll --a---- 355840 bytes [07:17 08/08/2011] [20:41 01/06/2011] 0C12A63D6FCE1512AE1A22D734395FD2
C:\_OTL\MovedFiles\08102011_210452\C_Program Files\Windows iLivid Toolbar\Datamngr\FirefoxExtension\content\DataMngr.js --a---- 16334 bytes [07:17 08/08/2011] [07:38 09/05/2011] 0D42546AA02541A98CD98AC72EB14A69
C:\_OTL\MovedFiles\08102011_210452\C_Users\Chris Kendall\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4PH7K978\SetupDataMngr_Searchqu[1].exe --a---- 3493320 bytes [07:17 08/08/2011] [07:17 08/08/2011] E847327A61EC4DBBE1A2A716833F4C28
C:\_OTL\MovedFiles\08102011_210452\C_Users\Chris Kendall\AppData\Local\Temp\SetupDataMngr_Searchqu.exe --a---- 3493320 bytes [07:17 08/08/2011] [07:17 08/08/2011] E847327A61EC4DBBE1A2A716833F4C28
C:\_OTL\MovedFiles\11232011_190124\C_Program Files\Windows Searchqu Toolbar\Datamngr\datamngr.dll --a---- 1236368 bytes [12:17 20/11/2011] [07:58 13/11/2011] 232FF2E508B8F1E29BA7F9D96EA5A034
C:\_OTL\MovedFiles\11232011_190124\C_Program Files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe --a---- 1694608 bytes [12:17 20/11/2011] [07:58 13/11/2011] 93294DC9C849B61738C1EBCD9C5ED72C
C:\_OTL\MovedFiles\11232011_190124\C_Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlp.dll --a---- 351232 bytes [12:17 20/11/2011] [14:38 02/08/2011] 4D9F92DF1AA8AA39F7645C27D6E7CB1A
C:\_OTL\MovedFiles\11232011_190124\C_Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlp.xpt --a---- 978 bytes [12:17 20/11/2011] [07:57 13/11/2011] 0CE6DC5C1FB9591A1973586DDDCBEAEB
C:\_OTL\MovedFiles\11232011_190124\C_Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF3.dll --a---- 355840 bytes [12:17 20/11/2011] [07:56 13/11/2011] 150F3C14A5CD3672B4AD6F55461C35B4
C:\_OTL\MovedFiles\11232011_190124\C_Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF4.dll --a---- 351744 bytes [12:17 20/11/2011] [07:57 13/11/2011] 2E66ACFB6F2FACD347F0C25DAC9CAE47
C:\_OTL\MovedFiles\11232011_190124\C_Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF5.dll --a---- 351744 bytes [12:17 20/11/2011] [07:57 13/11/2011] 1E41F9CF786ED9C8DD5A964B6B882CC3
C:\_OTL\MovedFiles\11232011_190124\C_Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF6.dll --a---- 351744 bytes [12:17 20/11/2011] [07:57 13/11/2011] 7525EA8E07E5AAFB67EB72CE0A8F42AF
C:\_OTL\MovedFiles\11232011_190124\C_Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF7.dll --a---- 351744 bytes [12:17 20/11/2011] [07:58 13/11/2011] 14E9F51B03046AB91695C7FE4308A409
C:\_OTL\MovedFiles\11232011_190124\C_Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\DataMngr.js --a---- 16184 bytes [12:17 20/11/2011] [06:50 25/10/2011] 74EA142FA2CF77FA2306892E2B45FA13

Searching for "*trolltech*"
No files found.

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
C:\_OTL\MovedFiles\08102011_210452\C_Users\Chris Kendall\AppData\Local\Temp\BandooFiles d------ [07:19 08/08/2011]
C:\_OTL\MovedFiles\08102011_210452\C_Users\Chris Kendall\AppData\Local\Temp\BandooFiles\Bin\resources\tutorial\images\Bandoo d------ [07:19 08/08/2011]

Searching for "*Searchqu*"
C:\_OTL\MovedFiles\08102011_210452\C_Users\Chris Kendall\AppData\LocalLow\searchquband d------ [22:04 08/08/2011]
C:\_OTL\MovedFiles\08102011_210452\C_Users\Chris Kendall\AppData\LocalLow\searchqutoolbar d------ [07:17 08/08/2011]
C:\_OTL\MovedFiles\08102011_210452\C_Users\Chris Kendall\AppData\Roaming\Mozilla\Firefox\Profiles\pcu2ktj1.default\searchqutoolbar d------ [07:17 08/08/2011]
C:\_OTL\MovedFiles\11222011_181748\C_Users\Chris Kendall\AppData\LocalLow\searchquband d------ [14:28 20/11/2011]
C:\_OTL\MovedFiles\11222011_181748\C_Users\Chris Kendall\AppData\LocalLow\searchqutoolbar d------ [12:17 20/11/2011]
C:\_OTL\MovedFiles\11222011_181748\C_Users\Chris Kendall\AppData\Roaming\Mozilla\Firefox\Profiles\pcu2ktj1.default\searchqutoolbar d------ [12:17 20/11/2011]
C:\_OTL\MovedFiles\11232011_190124\C_Program Files\Windows Searchqu Toolbar d------ [12:17 20/11/2011]

Searching for "*iLivid*"
C:\_OTL\MovedFiles\08102011_210452\C_Program Files\Windows iLivid Toolbar d------ [07:17 08/08/2011]
C:\_OTL\MovedFiles\08102011_210452\C_Users\Chris Kendall\AppData\Local\Ilivid Player d------ [07:19 08/08/2011]

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
C:\_OTL\MovedFiles\08102011_210452\C_Program Files\Windows iLivid Toolbar\Datamngr d------ [07:17 08/08/2011]
C:\_OTL\MovedFiles\08122011_103926\C_Users\Chris Kendall\AppData\LocalLow\DataMngr d------ [14:35 05/07/2011]
C:\_OTL\MovedFiles\11232011_190124\C_Program Files\Windows Searchqu Toolbar\Datamngr d------ [12:17 20/11/2011]
C:\_OTL\MovedFiles\11232011_190124\C_Users\Chris Kendall\AppData\LocalLow\DataMngr d------ [14:28 20/11/2011]

Searching for "*trolltech*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchqu"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu Toolbar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_USERS\S-1-5-21-4093849599-2187081926-435706602-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu Toolbar]

Searching for "iLivid"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
No data found.

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.3\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-4093849599-2187081926-435706602-1000\Software\Trolltech]
[HKEY_USERS\S-1-5-21-4093849599-2187081926-435706602-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.3\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

-= EOF =-
chriskendall
Regular Member
 
Posts: 17
Joined: July 6th, 2011, 5:39 am

Re: SearchQu has taken over all my browsers...

Unread postby pgmigg » November 24th, 2011, 9:34 am

Hello chriskendall,

Very good and your logs look much better but there are something more to remove ! :D
Let continue our treatment...

Step 0.
Create System Restore Point
  1. Right-click on Computer and select Properties.
  2. In the left pane under Tasks please click System protection.
    If UAC prompts for an administrator password or approval, type the password or give your "permission to continue".
  3. Select System Protection, then choose Create.
  4. In the System Restore dialog box, type a description for the restore point and then click Create again.
    A window will pop up with "The Restore Point was created successfully" confirmation message.
  5. Click OK, then close the System Restore dialog.

If you have successfully created a System Restore Point... we can proceed.
If you have NOT successfully created a System Restore Point... do not go any further!
Please post back so we can determine why it was unsuccessful.


Step 1.
OTL - Run Fix Script
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Copy and Paste the following code into the Image text box. Do not include the word Code
    Code: Select all
    :processes
    killallprocesses
    
    :Reg
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu Toolbar]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
    [-HKEY_USERS\S-1-5-21-4093849599-2187081926-435706602-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu Toolbar]
    [-HKEY_CURRENT_USER\Software\Trolltech]
    [-HKEY_USERS\S-1-5-21-4093849599-2187081926-435706602-1000\Software\Trolltech]
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [EMPTYTEMP]
    [CLEARALLRESTOREPOINTS]
    [EMPTYFLASH]
    [EMPTYJAVA]
    [REBOOT]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. When the scan completes, Notepad will open with the scan results (OTL.txt). The report is saved in the same location as OTL.
  8. Please post the contents of report in your next reply.

Step 2.
SystemLook
  1. Double-click SystemLook.exe to run it.
    If you receive an "Open file - security warning"... asking "Do you want to run this file?", press the Run button.
  2. Highlight and copy the following entries: into SystemLook's main text entry window.
    Code: Select all
    :Regfind
    Searchqu
    trolltech
    
  3. Press the Look button to start the scan.
    When finished, a Notepad window will open with the results of the scan.
    A file will be created (on your Desktop) with the results of the scan, named SystemLook.txt
  4. Please post the contents of the SystemLook.txt file in your next reply.

Step 3.
ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

  1. Firstly please Disable any Antivirus you have active, as shown in This topic.
  2. Note: Don't forget to re-enable it after the scan.
  3. Next please click on the following link to open a new window to ESET online scannner
  4. Then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  5. Select the option YES, I accept the Terms of Use then click on: Image
  6. When prompted allow the Add-On/Active X to install.
  7. Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  8. Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  9. Now click on: Image
  10. The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  11. When completed the Online Scan will begin automatically.
  12. Do not touch either the mouse or keyboard during the scan otherwise it may stall.
  13. When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  14. Now click on: Image
  15. Use notepad to open the log file located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  16. Copy and paste that log as a reply to this topic.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of a OTL.txt log file
  3. Contents of a SystemLook.txt log file
  4. Contents of a ESET log.txt file
  5. Do you see any changes in computer behavior?

Thanks,
pgmigg
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: SearchQu has taken over all my browsers...

Unread postby askey127 » November 29th, 2011, 5:12 pm

Due to Lack of Response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 292 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware