Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

searchnu

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

searchnu

Unread postby bjmyers » April 11th, 2012, 6:28 am

OK, sorry: this is my third attempt to request help with this problem. This time I've included the contents of dds.txt and attach.txt as part of this post as requested.

I am only aware of one (relatively innocuous) symptom: when I open a new tab in Firefox, <http://www.searchnu.com/406?tag=newtab> appears in lieu of the default home page selected under Tools>Options>General.

Many thanks.

****************

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Run by user at 9:23:03 on 2012-04-11
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2047.1260 [GMT 2:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Accelerer PC\PCSUService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\Mozilla Thunderbird\thunderbird.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\BandwidthMeter\BandwidthMeter.exe
C:\Program Files\Philips\Philips SPC210NC Webcam\TrayMin210.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [BigDogPath] c:\windows\VM_STI.EXE Philips SPC210NC Webcam
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\docume~1\user\menudm~1\progra~1\dmarra~1\openoffice.org 3.3.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\bandwidth meter.lnk - c:\windows\installer\{297849a8-eec6-4aba-aae5-c66a093fede3}\_F3096655F6814A76D66DB9.exe
StartupFolder: c:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\microsoft office.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\traymin210.exe.lnk - c:\program files\philips\philips spc210nc webcam\TrayMin210.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0DBAD01D-EDCC-40E1-A488-50D499A51933} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{FA60B384-2022-4E12-9B19-E6FE938AD71F} : DhcpNameServer = 192.168.1.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\fichiers communs\microsoft shared\web folders\PKMCDO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\0jw58nej.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.fr/
FF - component: c:\program files\searchqu toolbar\datamngr\firefoxextension\components\DataMngrHlpFF3.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-10-19 11608]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\avira\antivir desktop\sched.exe [2009-10-19 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-10-19 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-5-21 66616]
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-6-15 249648]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-1-25 55136]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-10 654408]
R2 PCSUService;PC Speed Up Service;c:\program files\accelerer pc\PCSUService.exe [2011-8-31 206336]
R3 dvdfab;dvdfab;c:\windows\system32\drivers\dvdfab.sys [2010-12-3 49536]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-10 22344]
R3 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-6-1 34064]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-11-5 1691480]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2011-1-2 23456]
S3 fsssvc;Windows Live Contrôle parental;c:\program files\windows live\family safety\fsssvc.exe [2008-12-8 533344]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-7-29 25112]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [2009-1-23 215552]
.
=============== Created Last 30 ================
.
2012-04-10 19:26:40 -------- dc----w- c:\documents and settings\user\application data\Malwarebytes
2012-04-10 19:26:34 -------- dc----w- c:\documents and settings\all users\application data\Malwarebytes
2012-04-10 19:26:33 22344 -c--a-w- c:\windows\system32\drivers\mbam.sys
2012-04-10 19:26:33 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-10 17:27:34 -------- dc----w- c:\program files\Searchqu Toolbar
2012-03-26 19:42:22 -------- dc----w- c:\documents and settings\user\local settings\application data\Audible
2012-03-26 19:42:17 255352 -c--a-w- c:\windows\system32\awrdscdc.ax
2012-03-26 19:42:04 -------- dc----w- c:\program files\Audible
2012-03-22 19:12:12 4435968 -c--a-w- c:\windows\system32\GPhotos.scr
2012-03-21 07:55:11 -------- dc----w- c:\documents and settings\all users\application data\Sommer Informatik GmbH
2012-03-21 07:54:45 -------- dc----w- c:\program files\Saint-Gobain
.
==================== Find3M ====================
.
2012-02-03 09:58:01 1860224 -c--a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 9:23:22,78 ===============


****************

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Édition familiale
Boot Device: \Device\HarddiskVolume2
Install Date: 20.05.2008 17:30:00
System Uptime: 11.04.2012 07:40:20 (2 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5K-VM
Processor: Intel(R) Core(TM)2 Duo CPU E4600 @ 2.40GHz | LGA775 | 2409/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 30 GiB total, 4,623 GiB free.
D: is FIXED (NTFS) - 195 GiB total, 13,866 GiB free.
F: is CDROM ()
I: is Removable
J: is Removable
K: is Removable
L: is Removable
N: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Clavier standard 101/102 touches ou clavier Microsoft Natural Keyboard PS/2
Device ID: ACPI\PNP0303\4&1400782C&0
Manufacturer: (Claviers standard)
Name: Clavier standard 101/102 touches ou clavier Microsoft Natural Keyboard PS/2
PNP Device ID: ACPI\PNP0303\4&1400782C&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP822: 09.02.2012 20:24:06 - Point de vérification système
RP823: 11.02.2012 09:26:00 - Point de vérification système
RP824: 12.02.2012 09:50:55 - Point de vérification système
RP825: 13.02.2012 10:27:48 - Point de vérification système
RP826: 14.02.2012 13:48:18 - Point de vérification système
RP827: 15.02.2012 18:29:32 - Point de vérification système
RP828: 16.02.2012 07:25:16 - Software Distribution Service 3.0
RP829: 17.02.2012 12:32:20 - Point de vérification système
RP830: 18.02.2012 13:15:14 - Point de vérification système
RP831: 19.02.2012 20:07:13 - Point de vérification système
RP832: 21.02.2012 16:55:10 - Point de vérification système
RP833: 21.02.2012 23:31:16 - Software Distribution Service 3.0
RP834: 23.02.2012 11:00:06 - Point de vérification système
RP835: 24.02.2012 13:03:07 - Point de vérification système
RP836: 24.02.2012 13:35:37 - Installed Windows XP Wdf01009.
RP837: 25.02.2012 13:44:45 - Point de vérification système
RP838: 01.03.2012 11:49:50 - Point de vérification système
RP839: 07.03.2012 10:21:49 - Point de vérification système
RP840: 10.03.2012 18:31:45 - Point de vérification système
RP841: 11.03.2012 19:22:25 - Point de vérification système
RP842: 12.03.2012 20:02:26 - Point de vérification système
RP843: 13.03.2012 20:45:38 - Point de vérification système
RP844: 15.03.2012 07:11:34 - Software Distribution Service 3.0
RP845: 16.03.2012 09:50:13 - Point de vérification système
RP846: 18.03.2012 14:11:57 - Point de vérification système
RP847: 19.03.2012 14:23:23 - Point de vérification système
RP848: 20.03.2012 21:33:19 - Point de vérification système
RP849: 21.03.2012 08:54:43 - Installed Caluwin.
RP850: 25.03.2012 11:37:48 - Point de vérification système
RP851: 26.03.2012 13:43:02 - Point de vérification système
RP852: 27.03.2012 14:19:45 - Point de vérification système
RP853: 28.03.2012 15:19:50 - Point de vérification système
RP854: 30.03.2012 09:57:36 - Point de vérification système
RP855: 01.04.2012 10:34:16 - Point de vérification système
RP856: 02.04.2012 13:50:47 - Point de vérification système
RP857: 03.04.2012 14:24:01 - Point de vérification système
RP858: 04.04.2012 16:50:33 - Point de vérification système
RP859: 05.04.2012 20:09:08 - Point de vérification système
RP860: 06.04.2012 20:32:12 - Point de vérification système
RP861: 10.04.2012 20:38:37 - Point de vérification système
.
==== Installed Programs ======================
.
802.11 USB Wireless LAN Adapter
AC3Filter (remove only)
ACDSee for PENTAX 3.0
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 8.1.5
AoA Audio Extractor
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Archiveur WinRAR
Assistant de connexion Windows Live
Audacity 1.2.6
AudibleManager
Avira AntiVir Personal - Free Antivirus
BandwidthMeter
Bing Bar
BitTorrent
Bonjour
BurnInTest v5.3 Pro
Caluwin
Camera RAW Plug-In for EPSON Creativity Suite
Chinese Simplified Fonts Support For Adobe Reader 8
Choice Guard
Compatibility Pack for the 2007 Office system
Correctif pour Lecteur Windows Media 11 (KB939683)
Correctif pour Windows XP (KB2158563)
Correctif pour Windows XP (KB2443685)
Correctif pour Windows XP (KB2570791)
Correctif pour Windows XP (KB2633952)
Correctif pour Windows XP (KB952287)
Correctif pour Windows XP (KB961118)
Correctif pour Windows XP (KB970653-v3)
Correctif pour Windows XP (KB976098-v2)
Correctif pour Windows XP (KB979306)
Correctif pour Windows XP (KB981793)
DivX-Setup
DriverAgent by eSupport.com
DVD Shrink 3.2
DVDFab 8.0.5.0 (18/11/2010)
DVDFab Passkey 8.0.0.2 (17/11/2010)
Emicsoft MTS Converter
Free Audio CD Burner version 1.4.7
Free DVD Video Burner version 3.0.0
Free M4a to MP3 Converter 6.2
Free Mp3 Wma Converter V 2.0
Free Video to DVD Converter version 1.6.18
Free YouTube to MP3 Converter version 3.9.33
Galerie de photos Windows Live
GoodSync V6
High Definition Audio Driver Package - KB888111
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB976002-v5)
Installation Windows Live
J2SE Runtime Environment 5.0 Update 12
Japanese Fonts Support For Adobe Reader 8
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 24
Junk Mail filter update
KB408682
Lecteur Windows Media 11
LG PC Suite
LG United Mobile Driver
LG USB WML Modem Driver
Malwarebytes Anti-Malware version 1.61.0.1400
Marvell Miniport Driver
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA
Microsoft .NET Framework 3.5 Language Pack SP1 - fra
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 7.1
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office Live Add-in 1.3
Microsoft Office XP Professional
Microsoft Office XP Professional mit FrontPage
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mise à jour critique pour Lecteur Windows Media 11 (KB959772)
Mise à jour de sécurité pour Lecteur Windows Media (KB2378111)
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)
Mise à jour de sécurité pour Lecteur Windows Media (KB954155)
Mise à jour de sécurité pour Lecteur Windows Media (KB968816)
Mise à jour de sécurité pour Lecteur Windows Media (KB973540)
Mise à jour de sécurité pour Lecteur Windows Media (KB975558)
Mise à jour de sécurité pour Lecteur Windows Media (KB978695)
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)
Mise à jour de sécurité pour Microsoft Windows (KB2564958)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2183461)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2360131)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2416400)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2482017)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2497640)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2510531)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2530548)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2544521)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2559049)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2586448)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2618444)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2647516)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB969897)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB971961)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB972260)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB974455)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB976325)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB978207)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB981332)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB982381)
Mise à jour de sécurité pour Windows XP (KB2079403)
Mise à jour de sécurité pour Windows XP (KB2115168)
Mise à jour de sécurité pour Windows XP (KB2121546)
Mise à jour de sécurité pour Windows XP (KB2160329)
Mise à jour de sécurité pour Windows XP (KB2229593)
Mise à jour de sécurité pour Windows XP (KB2259922)
Mise à jour de sécurité pour Windows XP (KB2279986)
Mise à jour de sécurité pour Windows XP (KB2286198)
Mise à jour de sécurité pour Windows XP (KB2296011)
Mise à jour de sécurité pour Windows XP (KB2296199)
Mise à jour de sécurité pour Windows XP (KB2347290)
Mise à jour de sécurité pour Windows XP (KB2360937)
Mise à jour de sécurité pour Windows XP (KB2387149)
Mise à jour de sécurité pour Windows XP (KB2393802)
Mise à jour de sécurité pour Windows XP (KB2412687)
Mise à jour de sécurité pour Windows XP (KB2419632)
Mise à jour de sécurité pour Windows XP (KB2423089)
Mise à jour de sécurité pour Windows XP (KB2436673)
Mise à jour de sécurité pour Windows XP (KB2440591)
Mise à jour de sécurité pour Windows XP (KB2443105)
Mise à jour de sécurité pour Windows XP (KB2476490)
Mise à jour de sécurité pour Windows XP (KB2476687)
Mise à jour de sécurité pour Windows XP (KB2478960)
Mise à jour de sécurité pour Windows XP (KB2478971)
Mise à jour de sécurité pour Windows XP (KB2479628)
Mise à jour de sécurité pour Windows XP (KB2479943)
Mise à jour de sécurité pour Windows XP (KB2481109)
Mise à jour de sécurité pour Windows XP (KB2483185)
Mise à jour de sécurité pour Windows XP (KB2485376)
Mise à jour de sécurité pour Windows XP (KB2485663)
Mise à jour de sécurité pour Windows XP (KB2491683)
Mise à jour de sécurité pour Windows XP (KB2503658)
Mise à jour de sécurité pour Windows XP (KB2503665)
Mise à jour de sécurité pour Windows XP (KB2506212)
Mise à jour de sécurité pour Windows XP (KB2506223)
Mise à jour de sécurité pour Windows XP (KB2507618)
Mise à jour de sécurité pour Windows XP (KB2507938)
Mise à jour de sécurité pour Windows XP (KB2508272)
Mise à jour de sécurité pour Windows XP (KB2508429)
Mise à jour de sécurité pour Windows XP (KB2509553)
Mise à jour de sécurité pour Windows XP (KB2511455)
Mise à jour de sécurité pour Windows XP (KB2524375)
Mise à jour de sécurité pour Windows XP (KB2535512)
Mise à jour de sécurité pour Windows XP (KB2536276-v2)
Mise à jour de sécurité pour Windows XP (KB2536276)
Mise à jour de sécurité pour Windows XP (KB2544893-v2)
Mise à jour de sécurité pour Windows XP (KB2544893)
Mise à jour de sécurité pour Windows XP (KB2555917)
Mise à jour de sécurité pour Windows XP (KB2562937)
Mise à jour de sécurité pour Windows XP (KB2566454)
Mise à jour de sécurité pour Windows XP (KB2567053)
Mise à jour de sécurité pour Windows XP (KB2567680)
Mise à jour de sécurité pour Windows XP (KB2570222)
Mise à jour de sécurité pour Windows XP (KB2570947)
Mise à jour de sécurité pour Windows XP (KB2584146)
Mise à jour de sécurité pour Windows XP (KB2585542)
Mise à jour de sécurité pour Windows XP (KB2592799)
Mise à jour de sécurité pour Windows XP (KB2598479)
Mise à jour de sécurité pour Windows XP (KB2603381)
Mise à jour de sécurité pour Windows XP (KB2618451)
Mise à jour de sécurité pour Windows XP (KB2619339)
Mise à jour de sécurité pour Windows XP (KB2620712)
Mise à jour de sécurité pour Windows XP (KB2621440)
Mise à jour de sécurité pour Windows XP (KB2624667)
Mise à jour de sécurité pour Windows XP (KB2631813)
Mise à jour de sécurité pour Windows XP (KB2633171)
Mise à jour de sécurité pour Windows XP (KB2639417)
Mise à jour de sécurité pour Windows XP (KB2641653)
Mise à jour de sécurité pour Windows XP (KB2646524)
Mise à jour de sécurité pour Windows XP (KB2647518)
Mise à jour de sécurité pour Windows XP (KB2660465)
Mise à jour de sécurité pour Windows XP (KB2661637)
Mise à jour de sécurité pour Windows XP (KB923561)
Mise à jour de sécurité pour Windows XP (KB938464)
Mise à jour de sécurité pour Windows XP (KB941569)
Mise à jour de sécurité pour Windows XP (KB946648)
Mise à jour de sécurité pour Windows XP (KB950762)
Mise à jour de sécurité pour Windows XP (KB950974)
Mise à jour de sécurité pour Windows XP (KB951066)
Mise à jour de sécurité pour Windows XP (KB951376-v2)
Mise à jour de sécurité pour Windows XP (KB951698)
Mise à jour de sécurité pour Windows XP (KB951748)
Mise à jour de sécurité pour Windows XP (KB952004)
Mise à jour de sécurité pour Windows XP (KB952954)
Mise à jour de sécurité pour Windows XP (KB953838)
Mise à jour de sécurité pour Windows XP (KB953839)
Mise à jour de sécurité pour Windows XP (KB954211)
Mise à jour de sécurité pour Windows XP (KB954459)
Mise à jour de sécurité pour Windows XP (KB954600)
Mise à jour de sécurité pour Windows XP (KB955069)
Mise à jour de sécurité pour Windows XP (KB956390)
Mise à jour de sécurité pour Windows XP (KB956391)
Mise à jour de sécurité pour Windows XP (KB956572)
Mise à jour de sécurité pour Windows XP (KB956744)
Mise à jour de sécurité pour Windows XP (KB956802)
Mise à jour de sécurité pour Windows XP (KB956803)
Mise à jour de sécurité pour Windows XP (KB956841)
Mise à jour de sécurité pour Windows XP (KB956844)
Mise à jour de sécurité pour Windows XP (KB957095)
Mise à jour de sécurité pour Windows XP (KB957097)
Mise à jour de sécurité pour Windows XP (KB958215)
Mise à jour de sécurité pour Windows XP (KB958644)
Mise à jour de sécurité pour Windows XP (KB958687)
Mise à jour de sécurité pour Windows XP (KB958690)
Mise à jour de sécurité pour Windows XP (KB958869)
Mise à jour de sécurité pour Windows XP (KB959426)
Mise à jour de sécurité pour Windows XP (KB960225)
Mise à jour de sécurité pour Windows XP (KB960714)
Mise à jour de sécurité pour Windows XP (KB960715)
Mise à jour de sécurité pour Windows XP (KB960803)
Mise à jour de sécurité pour Windows XP (KB960859)
Mise à jour de sécurité pour Windows XP (KB961371)
Mise à jour de sécurité pour Windows XP (KB961373)
Mise à jour de sécurité pour Windows XP (KB961501)
Mise à jour de sécurité pour Windows XP (KB963027)
Mise à jour de sécurité pour Windows XP (KB968537)
Mise à jour de sécurité pour Windows XP (KB969059)
Mise à jour de sécurité pour Windows XP (KB969897)
Mise à jour de sécurité pour Windows XP (KB969898)
Mise à jour de sécurité pour Windows XP (KB969947)
Mise à jour de sécurité pour Windows XP (KB970238)
Mise à jour de sécurité pour Windows XP (KB970430)
Mise à jour de sécurité pour Windows XP (KB971468)
Mise à jour de sécurité pour Windows XP (KB971486)
Mise à jour de sécurité pour Windows XP (KB971557)
Mise à jour de sécurité pour Windows XP (KB971633)
Mise à jour de sécurité pour Windows XP (KB971657)
Mise à jour de sécurité pour Windows XP (KB972270)
Mise à jour de sécurité pour Windows XP (KB973346)
Mise à jour de sécurité pour Windows XP (KB973354)
Mise à jour de sécurité pour Windows XP (KB973507)
Mise à jour de sécurité pour Windows XP (KB973525)
Mise à jour de sécurité pour Windows XP (KB973869)
Mise à jour de sécurité pour Windows XP (KB973904)
Mise à jour de sécurité pour Windows XP (KB974112)
Mise à jour de sécurité pour Windows XP (KB974318)
Mise à jour de sécurité pour Windows XP (KB974392)
Mise à jour de sécurité pour Windows XP (KB974571)
Mise à jour de sécurité pour Windows XP (KB975025)
Mise à jour de sécurité pour Windows XP (KB975467)
Mise à jour de sécurité pour Windows XP (KB975560)
Mise à jour de sécurité pour Windows XP (KB975561)
Mise à jour de sécurité pour Windows XP (KB975562)
Mise à jour de sécurité pour Windows XP (KB975713)
Mise à jour de sécurité pour Windows XP (KB977165)
Mise à jour de sécurité pour Windows XP (KB977816)
Mise à jour de sécurité pour Windows XP (KB977914)
Mise à jour de sécurité pour Windows XP (KB978037)
Mise à jour de sécurité pour Windows XP (KB978251)
Mise à jour de sécurité pour Windows XP (KB978262)
Mise à jour de sécurité pour Windows XP (KB978338)
Mise à jour de sécurité pour Windows XP (KB978542)
Mise à jour de sécurité pour Windows XP (KB978601)
Mise à jour de sécurité pour Windows XP (KB978706)
Mise à jour de sécurité pour Windows XP (KB979309)
Mise à jour de sécurité pour Windows XP (KB979482)
Mise à jour de sécurité pour Windows XP (KB979559)
Mise à jour de sécurité pour Windows XP (KB979683)
Mise à jour de sécurité pour Windows XP (KB979687)
Mise à jour de sécurité pour Windows XP (KB980195)
Mise à jour de sécurité pour Windows XP (KB980218)
Mise à jour de sécurité pour Windows XP (KB980232)
Mise à jour de sécurité pour Windows XP (KB980436)
Mise à jour de sécurité pour Windows XP (KB981322)
Mise à jour de sécurité pour Windows XP (KB981852)
Mise à jour de sécurité pour Windows XP (KB981957)
Mise à jour de sécurité pour Windows XP (KB981997)
Mise à jour de sécurité pour Windows XP (KB982132)
Mise à jour de sécurité pour Windows XP (KB982214)
Mise à jour de sécurité pour Windows XP (KB982665)
Mise à jour de sécurité pour Windows XP (KB982802)
Mise à jour pour Windows Internet Explorer 8 (KB971930)
Mise à jour pour Windows Internet Explorer 8 (KB976662)
Mise à jour pour Windows Internet Explorer 8 (KB976749)
Mise à jour pour Windows Internet Explorer 8 (KB980182)
Mise à jour pour Windows XP (KB2141007)
Mise à jour pour Windows XP (KB2345886)
Mise à jour pour Windows XP (KB2467659)
Mise à jour pour Windows XP (KB2541763)
Mise à jour pour Windows XP (KB2607712)
Mise à jour pour Windows XP (KB2616676)
Mise à jour pour Windows XP (KB2641690)
Mise à jour pour Windows XP (KB898461)
Mise à jour pour Windows XP (KB951072-v2)
Mise à jour pour Windows XP (KB951978)
Mise à jour pour Windows XP (KB955759)
Mise à jour pour Windows XP (KB955839)
Mise à jour pour Windows XP (KB967715)
Mise à jour pour Windows XP (KB968389)
Mise à jour pour Windows XP (KB971029)
Mise à jour pour Windows XP (KB971737)
Mise à jour pour Windows XP (KB973687)
Mise à jour pour Windows XP (KB973815)
Module linguistique Microsoft .NET Framework 3.5 SP1- fra
Mozilla Firefox (3.6.9)
Mozilla Thunderbird 11.0.1 (x86 fr)
MSVCRT
msvcrt_installer
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nokia Connectivity Cable Driver
NVIDIA Drivers
OmniPage SE
OpenOffice.org 3.3
Outil de téléchargement Windows Live
PC Speed Up - Complete uninstall
PCSpeedUp Application
Philips SPC210NC Webcam
Picasa 3
PowerQuest PartitionMagic Pro 7.0
QuickTime
QuickTime for Windows (32-bit)
Radios Francaises
RealPlayer
Realtek High Definition Audio Driver
ScanSoft PDF Professional 4
SDL MultiTerm 7 Desktop
SDL Trados 2006 Freelance
Searchqu Toolbar
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Segoe UI
Skype™ 5.3
TRADOS MultiTerm 5.5
Uniblue SpeedUpMyPC 2009
Uniblue System Tweaker
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC80CRTRedist - 8.0.50727.4053
WebFldrs XP
Winamp
Winamp Detector Plug-in
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Contrôle parental
Windows Live Mail
Windows Live Messenger
Windows Live Sync
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
winpcap-nmap 4.02
XML Paper Specification Shared Components Language Pack 1.0
Xvid 1.2.2 final uninstall
.
==== End Of File ===========================
bjmyers
Active Member
 
Posts: 10
Joined: April 11th, 2012, 2:03 am
Advertisement
Register to Remove

Re: searchnu

Unread postby pgmigg » April 11th, 2012, 10:29 am

Hello bjmyers,

Welcome to the forum! :)

My name is pgmigg and I'll be helping you with any malware problems.

Currently I am working under the guidance of the MRU teachers and everything I post to you, must first be approved by them.
This additional review process can add some extra time to my responses, but I will post back with instructions for you as soon as possible.


Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your log and will return, as soon as possible, with additional instructions. In the meantime...
Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: searchnu

Unread postby pgmigg » April 11th, 2012, 6:40 pm

Hello bjmyers,

Thank you for your patience... :)

P2P Advisory!
IMPORTANT: There are signs of one or more P2P (Peer to Peer) File Sharing Programs installed on your computer:

BitTorrent

As long as you have the P2P program(s) installed, per Forum Policy, I can offer you no further assistance.
If you choose NOT to remove the program(s), please indicate that in your next reply and this topic will be closed.

Otherwise, please perform the following steps:

For safety reason (to have a good registry to restore if needed), I will ask you to create a System Restore Point (SRP) before most of my instructions sets...

Step 0.
Create System Restore Point
  1. Click Start.
  2. Select All Programs -> Accessories -> System Tools, then press System Restore.
  3. At the Welcome screen select Create a restore point and then press Next.
  4. In the description box, type a name to describe this restore point.
      System Restore automatically adds (to your description) the current date and time.
  5. Click Create to finish creating this restore point.
  6. Click Close to exit System Restore.
Unless you use some other method to create system restore points, it is advisable to leave this feature ON and active.

If you have successfully created a System Restore Point, we can proceed.
STOP! If you have NOT successfully created a System Restore Point... STOP! and do not go any further!
Please post back so we can determine why it was unsuccessful.

Step 1.
Add/Remove Programs
I need you to uninstall one program from your computer.
  1. Click Start -> Run.
  2. Copy and paste the value below, into the open text entry box:
    appwiz.cpl
  3. Click the OK. It takes a few seconds for the program list to be populated.
  4. Locate the following program:
    BitTorrent
    Searchqu Toolbar
  5. Press the "Remove" or "Change/Remove" button to uninstall the program.
    Carefully read any prompts...
    Some uninstallers prompt in a way to trick you into keeping the program, sometimes, preventing them from being uninstalled again!
    Don't worry if you can not find all programs from the list - some may not have an uninstall feature or may have been removed in previous steps.
  6. When finished, close/exit Add/Remove Programs.

Step 2.
OTL - Download
Please download OTL.exe by Old Timer and save it to your Desktop.

OTL - Run Fix Script
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Double click on OTL.exe to run it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Copy and Paste the following code into the Image text box. Do not include the word Code
    Code: Select all
    :Reg
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Start Page"=-
    [-HKEY_CURRENT_USER\Software\AppDataLow\Software\searchqutoolbar]
    [-HKEY_CURRENT_USER\Software\DataMngr]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bandoo]
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu 406 MediaBar]
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\menuorder\start menu2\programs\bandoo]
    [-HKEY_CURRENT_USER\Software\Trolltech]
    [-HKEY_CURRENT_USER\Software\ilivid]
    [-HKEY_CURRENT_USER\Software\searchqutoolbar]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Bandoo]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BandooCore.EXE]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1.exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore.1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr.1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr.1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr.1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\ilivid.exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASMANCS]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\SearchquMediabarTb]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{b543ef05-9758-464e-9f37-4c28525b4a4c}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{8f5f1cb6-ea9e-40af-a5ca-c7fd63cc1971}\1.0]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\currentversion\app management\arpcache\searchqu 406 mediabar]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{a40dc6c5-79d0-4ca8-a185-8ff989af1115}\inprocserver32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{cc1ac828-bb47-4361-afb5-96eee259dd87}\inprocserver32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{fefd3af5-a346-4451-aa23-a3ad54915515}\inprocserver32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{5b4144e1-b61d-495a-9a50-cd1a95d86d15}\1.0]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{6a4bcaba-c437-4c76-a54e-af31b8a76cb9}\1.0]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{841d5a49-e48d-413c-9c28-eb3d9081d705}\1.0]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet explorer\low rights\elevationpolicy\{99079a25-328f-4bd4-be04-00955acaa0a7}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet explorer\low rights\elevationpolicy\{d0a4be92-2216-42db-ab35-d72efb9f0176}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\shared tools\msconfig\startupreg\datamngr]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}]
    
    :Files
    %APPDATA%\Mozilla\Firefox\Profiles\SearchquWebSearch.xml /S
    %APPDATA%\Mozilla\Firefox\Profiles\searchqutoolbar /S
    %APPDATA%\Mozilla\Firefox\Profiles\{99079a25-328f-4bd4-be04-00955acaa0a7} /S
    %APPDATA%\Microsoft\Windows\Cookies\*@sweetim[1].txt
    %APPDATA%\Microsoft\Windows\Cookies\Low\*@ilivid[1].txt
    %APPDATA%\Microsoft\Windows\Cookies\Low\*@ilivid[2].txt
    %APPDATA%\Microsoft\Windows\Cookies\Low\*@searchqu[1].txt
    %APPDATA%\Microsoft\Windows\Cookies\Low\*@searchqu[2].txt
    %APPDATA%\Microsoft\Windows\Cookies\Low\*@stats.ilivid[1].txt
    %APPDATA%\Microsoft\Windows\Cookies\Low\*@sweetim[1].txt
    %APPDATA%\Microsoft\Windows\Cookies\Low\*@www.sweetim[2].txt
    %APPDATA%\Microsoft\Windows\Cookies\Low\*@www.sweetim[3].txt
    %LOCALAPPDATA%\Ilivid Player /S
    %LOCALAppData%\Microsoft\Windows\Temporary Internet Files\Content.IE5\iLividSetupV1.exe /S
    %LOCALAppData%\Microsoft\Windows\Temporary Internet Files\Content.IE5\ilivid[1].7z /S
    %LOCALAppData%\Microsoft\Windows\Temporary Internet Files\Content.IE5\SetupDataMngr_Searchqu[1].exe /S
    %LOCALAppData%\Microsoft\Windows\Temporary Internet Files\Content.IE5\SweetImSetup.exe /S
    %LOCALAppData%\Microsoft\Windows\Temporary Internet Files\Content.IE5\BandooV6[1].exe /S
    %LOCALAppData%\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\searchqu_net[1].htm /S
    %TEMP%\BandooFiles
    %TEMP%\BandooV6.exe
    %TEMP%\SetupDataMngr_Searchqu.exe
    %TEMP%\SweetIMReinstall
    %TEMP%\SweetIMReinstall\SweetImSetup.exe
    %TEMP%\ilivid.7z
    %TEMP%\searchqu.ini
    %TEMP%\searchqutoolbar-manifest.xml
    %USERPROFILE%\AppData\LocalLow\searchquband
    %USERPROFILE%\AppData\LocalLow\searchqutoolbar
    %USERPROFILE%\Downloads\SweetImSetup.exe
    %USERPROFILE%\Downloads\iLividSetupV1.exe
    C:\Program Files\Windows iLivid Toolbar
    C:\Program Files\iLivid
    C:\Windows\Prefetch\ILIVID*
    C:\Windows\Prefetch\SEARCHQUMEDIABAR*
    C:\Windows\Prefetch\SETUPDATAMNGR*
    
    :Commands
    [EMPTYTEMP]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. When the scan completes, Notepad will open with the scan results (OTL.txt). The report is saved in the same location as OTL.
  8. Please post the contents of report in your next reply.

Step 3.
SystemLook
Please download SystemLook.exe by jpshortstuff and save it to your Desktop.
Alternate download site.
  1. Double-click SystemLook.exe to run it.
    If you receive an "Open file - security warning"... asking "Do you want to run this file?", press the Run button.
  2. Highlight and copy the following entries into SystemLook's main text entry window:
    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchqu
    iLivid
    whitesmoke
    datamngr
    kelkoopartners
    trolltech
    
  3. Press the Look button to start the scan.
    When finished, a Notepad window will open with the results of the scan.
    A file will be created (on your Desktop) with the results of the scan, named SystemLook.txt
  4. Please post the contents of the SystemLook.txt file in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the OTL.txt log file after OTL FixScript run
  3. Contents of the SystemLook.txt log file
  4. Do you see any changes in computer behavior?

Thanks,
pgmigg
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: searchnu

Unread postby bjmyers » April 12th, 2012, 3:34 am

Good morning pgmigg,

I've followed your instructions to the letter (I think), but it seems that I've already encountered my first stumbling block....

Here are my responses to the four elements requested at the end of your previous post:

> 1. Do you have any problems executing the instructions?
Step 0 - no problem: created system restore point
Step 1 - no problem: removed BitTorent and Searchqu Toolbar
Step 2 - problem

OTL.exe downloaded OK. I closed all applications, ran OTL from my desktop, and pasted the text block you provided (i.e. the first of two) into the "Custom scan/fix" box at the bottom of the OTL window as instructed, also no problem.

When I ran "Fix", however, the machine locked up more or less immediately. The OTL status bar (i.e. at the very bottom) displayed the message "Killing processes. DO NOT INTERRUPT..." and there was a separate pop-up window with the following error message: "MBAM Service terminated unexpectedly: see Event Log for details".

The rest of the desktop/taskbar was displayed normally but inactive. Only the cursor remained active. In the absence of any other signs of life for 20 minutes, the patient was declared dead and removed from life support (I powered down and started over).

The machine powered up again OK. I shut down my trial version of Malwarebytes Anti-Malware (installed and started a few days ago) before running OTL a second time. The machine locked up again with the same OTL status bar message "Killing processes. DO NOT INTERRUPT...". This time there was no MBAM Service termination pop-up. Apparently XP had also partly shut down, i.e. only the desktop background colour remained (behind the frozen OTL window). The desktop image, icons, shortcuts, Start button, taskbar, quick launch icons, clock, etc had all disappeared.

I powered the machine down again and it came back up OK, but I thought it best to ask your advice before proceeding further.

> 2. Contents of the OTL.txt log file after OTL FixScript run
I didn't get that far.

> 3. Contents of the SystemLook.txt log file
I didn't get that far.

> 4. Do you see any changes in computer behavior?
Yes. I am pleased to report that the original (and only known) symptom of the malware infection has disappeared: now when I open a new tab in Firefox, that pesky <h!!p://www.searchnu.com/406?tag=newtab> page no longer appears and my normal default home page appears instead, exactly as I like. Presumably this was simply a matter of removing the Searchqu Toolbar program.

I dare not say "mission accomplished" however, and await your further instructions.

-------
Many thanks,
bjmyers
bjmyers
Active Member
 
Posts: 10
Joined: April 11th, 2012, 2:03 am

Re: searchnu

Unread postby pgmigg » April 12th, 2012, 4:06 pm

Hello bjmyers,
I dare not say "mission accomplished" however, and await your further instructions.
Thank you for your detailed explanation - you were absolutely right when stopped and inform me about your problems. Please don't worry and let continue...
I am pleased to report that the original (and only known) symptom of the malware infection has disappeared: now when I open a new tab in Firefox, that pesky <h!!p://www.searchnu.com/406?tag=newtab> page no longer appears and my normal default home page appears instead, exactly as I like. Presumably this was simply a matter of removing the Searchqu Toolbar program.
I glad to hear it but I still would like to be sure that after uninstalling of Searchqu Toolbar the all possible rest was gone too.

Please do the following:

SystemLook
Please download SystemLook.exe by jpshortstuff and save it to your Desktop.
Alternate download site.
  1. Double-click SystemLook.exe to run it.
    If you receive an "Open file - security warning"... asking "Do you want to run this file?", press the Run button.
  2. Highlight and copy the following entries into SystemLook's main text entry window:
    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchqu
    iLivid
    whitesmoke
    datamngr
    kelkoopartners
    trolltech
    
  3. Press the Look button to start the scan.
    When finished, a Notepad window will open with the results of the scan.
    A file will be created (on your Desktop) with the results of the scan, named SystemLook.txt
  4. Please post the contents of the SystemLook.txt file in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the SystemLook.txt log file
  3. Do you see any changes in computer behavior?

Thanks,
pgmigg
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: searchnu

Unread postby bjmyers » April 12th, 2012, 5:07 pm

Hello pgmigg,

Here are the contents of SystemLook.txt:


SystemLook 30.07.11 by jpshortstuff
Log created at 22:36 on 12/04/2012 by user
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchqu*"
C:\Documents and Settings\user\Local Settings\Temp\Searchqu.ini --a--c- 353 bytes [17:27 10/04/2012] [17:27 10/04/2012] 8B5CB22762241ED44DF8DF12444BFC7C
C:\Documents and Settings\user\Local Settings\Temp\searchqutoolbar-manifest.xml --a--c- 9422 bytes [08:42 27/02/2012] [08:42 27/02/2012] B4CF632013D5A08B137DB737D2825F12
C:\Documents and Settings\user\Local Settings\Temp\SetupDataMngr_Searchqu.exe --a--c- 3779936 bytes [17:27 10/04/2012] [17:27 10/04/2012] 272A776C4425F061837AE105FA3406C5
C:\Documents and Settings\user\Local Settings\Temp\nsy104\nsf105.tmp\SetupDataMngr_Searchqu.exe --a--c- 3779936 bytes [17:27 10/04/2012] [17:27 10/04/2012] 272A776C4425F061837AE105FA3406C5

Searching for "*iLivid*"
No files found.

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
C:\Documents and Settings\user\Local Settings\Temp\SetupDataMngr_Searchqu.exe --a--c- 3779936 bytes [17:27 10/04/2012] [17:27 10/04/2012] 272A776C4425F061837AE105FA3406C5
C:\Documents and Settings\user\Local Settings\Temp\nsy104\nsf105.tmp\SetupDataMngr_Searchqu.exe --a--c- 3779936 bytes [17:27 10/04/2012] [17:27 10/04/2012] 272A776C4425F061837AE105FA3406C5
C:\Program Files\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF3.dll --a--c- 355840 bytes [17:27 10/04/2012] [12:09 12/03/2012] BB16A34A7E14048C4657FB24E723BA92

Searching for "*trolltech*"
No files found.

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchqu*"
C:\Program Files\Searchqu Toolbar d----c- [17:27 10/04/2012]

Searching for "*iLivid*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
C:\Program Files\Searchqu Toolbar\Datamngr d----c- [17:27 10/04/2012]

Searching for "*trolltech*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{029DCC81-E024-475C-B5BF-3AD1DC1F1E4F}]
"AppPath"="C:\PROGRA~1\Searchqu Toolbar\Datamngr\ToolBar"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe"="C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe:*:Enabled:DTX broker"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe"="C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe:*:Enabled:DTX broker"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe"="C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe:*:Enabled:DTX broker"

Searching for "iLivid"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"D:\download firefox\iLividSetupV1.exe"="iLivid Install"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\Program Files\iLivid\iLivid.exe"="iLivid"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\DOCUME~1\user\LOCALS~1\Temp\~nsu.tmp\Au_.exe"="iLivid Install"
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files\iLivid]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\C:\Program Files\iLivid]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1.exe]
[HKEY_USERS\S-1-5-21-1801674531-1343024091-725345543-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"D:\download firefox\iLividSetupV1.exe"="iLivid Install"
[HKEY_USERS\S-1-5-21-1801674531-1343024091-725345543-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\Program Files\iLivid\iLivid.exe"="iLivid"
[HKEY_USERS\S-1-5-21-1801674531-1343024091-725345543-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\DOCUME~1\user\LOCALS~1\Temp\~nsu.tmp\Au_.exe"="iLivid Install"
[HKEY_USERS\S-1-5-21-1801674531-1343024091-725345543-1004\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files\iLivid]
[HKEY_USERS\S-1-5-21-1801674531-1343024091-725345543-1004\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\C:\Program Files\iLivid]

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{029DCC81-E024-475C-B5BF-3AD1DC1F1E4F}]
"AppPath"="C:\PROGRA~1\Searchqu Toolbar\Datamngr\ToolBar"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe"="C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe:*:Enabled:DTX broker"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe"="C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe:*:Enabled:DTX broker"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe"="C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe:*:Enabled:DTX broker"

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QSqlDriverFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QTextCodecFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-1801674531-1343024091-725345543-1004\Software\Trolltech]
[HKEY_USERS\S-1-5-21-1801674531-1343024091-725345543-1004\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-1801674531-1343024091-725345543-1004\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QSqlDriverFactoryInterface:]
[HKEY_USERS\S-1-5-21-1801674531-1343024091-725345543-1004\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QTextCodecFactoryInterface:]
[HKEY_USERS\S-1-5-21-1801674531-1343024091-725345543-1004\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

-= EOF =-

***************
In reply to your questions/requests:

> 1. Do you have any problems executing the instructions?
No.

> 2. Contents of the SystemLook.txt log file
See above. Apparently some odd bits still want cleaning up, but I frankly expected worse.

> 3. Do you see any changes in computer behavior?
No: stable operation as before.
In checking the CPU usage as displayed by the Task Manager just now, however, I was very pleasantly surprised to find it consistently well below 10% (averaging about 3%). I guess it's been ages since I've seen it so low on this machine. Unfortunately it's also been a while since the last time I checked it - several days at least, perhaps as much as several weeks - so I cannot correlate the improvement to any specific action.

I look forward to your status assessment and further instructions.

Cheers
bjmyers
bjmyers
Active Member
 
Posts: 10
Joined: April 11th, 2012, 2:03 am

Re: searchnu

Unread postby pgmigg » April 13th, 2012, 9:58 am

Hello bjmyers,

Good job! :)
Let continue...

Step 0.
Create System Restore Point
  1. Click Start.
  2. Select All Programs -> Accessories -> System Tools, then press System Restore.
  3. At the Welcome screen select Create a restore point and then press Next.
  4. In the description box, type a name to describe this restore point.
      System Restore automatically adds (to your description) the current date and time.
  5. Click Create to finish creating this restore point.
  6. Click Close to exit System Restore.
Unless you use some other method to create system restore points, it is advisable to leave this feature ON and active.

If you have successfully created a System Restore Point, we can proceed.
STOP! If you have NOT successfully created a System Restore Point... STOP! and do not go any further!
Please post back so we can determine why it was unsuccessful.

Step 1.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Double click on OTL.exe to run it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Copy and Paste the following code into the Image text box. Do not include the word Code
    Code: Select all
    :Files
    C:\Documents and Settings\user\Local Settings\Temp\Searchqu.ini
    C:\Documents and Settings\user\Local Settings\Temp\searchqutoolbar-manifest.xml
    C:\Documents and Settings\user\Local Settings\Temp\SetupDataMngr_Searchqu.exe
    C:\Documents and Settings\user\Local Settings\Temp\nsy104
    C:\Program Files\Searchqu Toolbar
    
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{029DCC81-E024-475C-B5BF-3AD1DC1F1E4F}]
    "AppPath"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
    "D:\download firefox\iLividSetupV1.exe"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
    "C:\Program Files\iLivid\iLivid.exe"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
    "C:\DOCUME~1\user\LOCALS~1\Temp\~nsu.tmp\Au_.exe"=-
    [HKEY_USERS\S-1-5-21-1801674531-1343024091-725345543-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache]
    "D:\download firefox\iLividSetupV1.exe"=-
    [HKEY_USERS\S-1-5-21-1801674531-1343024091-725345543-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache]
    "C:\Program Files\iLivid\iLivid.exe"=-
    [HKEY_USERS\S-1-5-21-1801674531-1343024091-725345543-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache]
    "C:\DOCUME~1\user\LOCALS~1\Temp\~nsu.tmp\Au_.exe"=-
    [-HKEY_USERS\S-1-5-21-1801674531-1343024091-725345543-1004\Software\Trolltech]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{029DCC81-E024-475C-B5BF-3AD1DC1F1E4F}]
    "AppPath"=-
    [-HKEY_CURRENT_USER\Software\Trolltech]
    
    :Commands
    [REBOOT]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. When the scan completes, Notepad will open with the scan results (OTL.txt). The report is saved in the same location as OTL.
  8. Please post the contents of report in your next reply.

Step 2.
SystemLook
Please download SystemLook.exe by jpshortstuff and save it to your Desktop.
Alternate download site.
  1. Double-click SystemLook.exe to run it.
    If you receive an "Open file - security warning"... asking "Do you want to run this file?", press the Run button.
  2. Highlight and copy the following entries into SystemLook's main text entry window:
    Code: Select all
    :filefind
    *Searchqu*
    *datamngr*
    
    :folderfind
    *Searchqu*
    *datamngr*
    
    :Regfind
    Searchqu
    iLivid
    datamngr
    trolltech
    
  3. Press the Look button to start the scan.
    When finished, a Notepad window will open with the results of the scan.
    A file will be created (on your Desktop) with the results of the scan, named SystemLook.txt
  4. Please post the contents of the SystemLook.txt file in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the OTL.txt log file after OTL FixScript run
  3. Contents of the SystemLook.txt log file
  4. Do you see any changes in computer behavior?

Thanks,
pgmigg
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: searchnu

Unread postby bjmyers » April 13th, 2012, 5:31 pm

Hello pgmigg,

My replies....
> 1. Do you have any problems executing the instructions?
No, not really. I established the restore point, ran OTL and ran SystemLook as requested.

The only minor problem occurred when I ran OTL: the log file didn't appear after re-boot and it was not on my desktop (even though I ran OTL.exe from the desktop). I thought something had gone wrong, so I ran OTL a second time, but the result was the same (no log file appeared and no log file on the desktop). I eventually found what appears to be a log file -- actually two log files, one from each of the two times I ran OTL. They are stored in C:\_OTL\MovedFiles and named by their timestamps:

04132012_225341.log
04132012_225945.log

I have pasted their contents further down in this post.

> 2. Contents of the OTL.txt log file after OTL FixScript run
See below.

> 3. Contents of the SystemLook.txt log file
See below.

> 4. Do you see any changes in computer behavior?
No, performance still appears to be stable.


========== FILES ==========
C:\Documents and Settings\user\Local Settings\Temp\Searchqu.ini moved successfully.
C:\Documents and Settings\user\Local Settings\Temp\searchqutoolbar-manifest.xml moved successfully.
C:\Documents and Settings\user\Local Settings\Temp\SetupDataMngr_Searchqu.exe moved successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsy104\nsg10C.tmp folder moved successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsy104\nsf105.tmp folder moved successfully.
C:\Documents and Settings\user\Local Settings\Temp\nsy104 folder moved successfully.
C:\Program Files\Searchqu Toolbar\Datamngr\FirefoxExtension\components folder moved successfully.
C:\Program Files\Searchqu Toolbar\Datamngr\FirefoxExtension folder moved successfully.
C:\Program Files\Searchqu Toolbar\Datamngr folder moved successfully.
C:\Program Files\Searchqu Toolbar folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{029DCC81-E024-475C-B5BF-3AD1DC1F1E4F}\\AppPath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\\D:\download firefox\iLividSetupV1.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\\C:\Program Files\iLivid\iLivid.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\\C:\DOCUME~1\user\LOCALS~1\Temp\~nsu.tmp\Au_.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1801674531-1343024091-725345543-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache\\D:\download firefox\iLividSetupV1.exe not found.
Registry value HKEY_USERS\S-1-5-21-1801674531-1343024091-725345543-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache\\C:\Program Files\iLivid\iLivid.exe not found.
Registry value HKEY_USERS\S-1-5-21-1801674531-1343024091-725345543-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache\\C:\DOCUME~1\user\LOCALS~1\Temp\~nsu.tmp\Au_.exe not found.
Registry key HKEY_USERS\S-1-5-21-1801674531-1343024091-725345543-1004\Software\Trolltech\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{029DCC81-E024-475C-B5BF-3AD1DC1F1E4F}\\AppPath not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\ not found.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.39.2 log created on 04132012_225341


******************
========== FILES ==========
File\Folder C:\Documents and Settings\user\Local Settings\Temp\Searchqu.ini not found.
File\Folder C:\Documents and Settings\user\Local Settings\Temp\searchqutoolbar-manifest.xml not found.
File\Folder C:\Documents and Settings\user\Local Settings\Temp\SetupDataMngr_Searchqu.exe not found.
File\Folder C:\Documents and Settings\user\Local Settings\Temp\nsy104 not found.
File\Folder C:\Program Files\Searchqu Toolbar not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{029DCC81-E024-475C-B5BF-3AD1DC1F1E4F}\\AppPath not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\\D:\download firefox\iLividSetupV1.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\\C:\Program Files\iLivid\iLivid.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\\C:\DOCUME~1\user\LOCALS~1\Temp\~nsu.tmp\Au_.exe not found.
Registry value HKEY_USERS\S-1-5-21-1801674531-1343024091-725345543-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache\\D:\download firefox\iLividSetupV1.exe not found.
Registry value HKEY_USERS\S-1-5-21-1801674531-1343024091-725345543-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache\\C:\Program Files\iLivid\iLivid.exe not found.
Registry value HKEY_USERS\S-1-5-21-1801674531-1343024091-725345543-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache\\C:\DOCUME~1\user\LOCALS~1\Temp\~nsu.tmp\Au_.exe not found.
Registry key HKEY_USERS\S-1-5-21-1801674531-1343024091-725345543-1004\Software\Trolltech\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{029DCC81-E024-475C-B5BF-3AD1DC1F1E4F}\\AppPath not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\ not found.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.39.2 log created on 04132012_225945


*********************

SystemLook 30.07.11 by jpshortstuff
Log created at 23:05 on 13/04/2012 by user
Administrator - Elevation successful

========== filefind ==========

Searching for "*Searchqu*"
C:\_OTL\MovedFiles\04132012_225341\C_Documents and Settings\user\Local Settings\Temp\Searchqu.ini --a--c- 353 bytes [17:27 10/04/2012] [17:27 10/04/2012] 8B5CB22762241ED44DF8DF12444BFC7C
C:\_OTL\MovedFiles\04132012_225341\C_Documents and Settings\user\Local Settings\Temp\searchqutoolbar-manifest.xml --a--c- 9422 bytes [08:42 27/02/2012] [08:42 27/02/2012] B4CF632013D5A08B137DB737D2825F12
C:\_OTL\MovedFiles\04132012_225341\C_Documents and Settings\user\Local Settings\Temp\SetupDataMngr_Searchqu.exe --a--c- 3779936 bytes [17:27 10/04/2012] [17:27 10/04/2012] 272A776C4425F061837AE105FA3406C5
C:\_OTL\MovedFiles\04132012_225341\C_Documents and Settings\user\Local Settings\Temp\nsy104\nsf105.tmp\SetupDataMngr_Searchqu.exe --a--c- 3779936 bytes [17:27 10/04/2012] [17:27 10/04/2012] 272A776C4425F061837AE105FA3406C5

Searching for "*datamngr*"
C:\_OTL\MovedFiles\04132012_225341\C_Documents and Settings\user\Local Settings\Temp\SetupDataMngr_Searchqu.exe --a--c- 3779936 bytes [17:27 10/04/2012] [17:27 10/04/2012] 272A776C4425F061837AE105FA3406C5
C:\_OTL\MovedFiles\04132012_225341\C_Documents and Settings\user\Local Settings\Temp\nsy104\nsf105.tmp\SetupDataMngr_Searchqu.exe --a--c- 3779936 bytes [17:27 10/04/2012] [17:27 10/04/2012] 272A776C4425F061837AE105FA3406C5
C:\_OTL\MovedFiles\04132012_225341\C_Program Files\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF3.dll --a--c- 355840 bytes [17:27 10/04/2012] [12:09 12/03/2012] BB16A34A7E14048C4657FB24E723BA92

========== folderfind ==========

Searching for "*Searchqu*"
C:\_OTL\MovedFiles\04132012_225341\C_Program Files\Searchqu Toolbar d----c- [20:53 13/04/2012]

Searching for "*datamngr*"
C:\_OTL\MovedFiles\04132012_225341\C_Program Files\Searchqu Toolbar\Datamngr d----c- [20:53 13/04/2012]

========== Regfind ==========

Searching for "Searchqu"
No data found.

Searching for "iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1.exe]

Searching for "datamngr"

***********************
That's it for now. I'll be away from this machine all weekend, so there might be no reply to your next post before Monday morning.

Cheers
bjmyers
bjmyers
Active Member
 
Posts: 10
Joined: April 11th, 2012, 2:03 am

Re: searchnu

Unread postby pgmigg » April 14th, 2012, 3:18 pm

Hello bjmyers,

Good job! :)
But we need to continue a little bit more...

Step 1.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Double click on OTL.exe to run it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Copy and Paste the following code into the Image text box. Do not include the word Code
    Code: Select all
    :Reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1.exe]
    
    :Commands
    [CREATERESTOREPOINT]
    [REBOOT]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. When the scan completes, Notepad will open with the scan results (OTL.txt). The report is saved in the same location as OTL.
  8. Please post the contents of report in your next reply.

Step 2.
Fresh OTL Scan
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Double-click on OTL.exe to run it.
  2. Under Output, ensure that Standard Output is selected.
  3. Check the boxes labeled:
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  4. Click on Run Scan at the top left hand corner.
  5. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  6. Please post the contents of OTL.txt file ONLY in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log file after OTL fix
  3. Contents of a OTL.txt log file after OTL Fresh Scan run
  4. Do you see any changes in computer behavior?

Thanks,
pgmigg
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: searchnu

Unread postby bjmyers » April 15th, 2012, 11:56 am

Hello pgmigg,

Here's the latest round of answers:

> Do you have any problems executing the instructions?
No. Just a minor hestation about the configuration of the OTL scan (Step 2). You specified "Use SafeList" for Extra Registry, but you did not specify which option to select for the other five categories: Processes, Modules, Services, Drivers and Standard Registry. I left the default value in all cases: "Use SafeList".

> Contents of C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log file after OTL fix

========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1.exe\ deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.39.2 log created on 04152012_172338


> Contents of a OTL.txt log file after OTL Fresh Scan run
OTL logfile created on: 15.04.2012 17:29:34 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\user\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Allemagne | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,44 Gb Available Physical Memory | 71,84% Memory free
3,85 Gb Paging File | 3,37 Gb Available in Paging File | 87,54% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29,99 Gb Total Space | 5,13 Gb Free Space | 17,10% Space Free | Partition Type: NTFS
Drive D: | 195,09 Gb Total Space | 13,93 Gb Free Space | 7,14% Space Free | Partition Type: NTFS

Computer Name: USER-5BEB1FA432 | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.04.12 07:26:56 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Bureau\OTL.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.08.31 16:00:27 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.07.20 13:37:54 | 000,206,336 | ---- | M] () -- C:\Program Files\Accelerer PC\PCSUService.exe
PRC - [2011.07.11 23:47:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2011.06.15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.05.01 17:29:01 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.03 13:33:24 | 000,555,008 | ---- | M] (Safe Download Ltd) -- C:\BandwidthMeter\BandwidthMeter.exe
PRC - [2011.01.17 19:09:00 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 19:09:00 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010.01.14 23:11:14 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008.04.13 19:34:04 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.05.10 14:24:34 | 000,278,528 | ---- | M] () -- C:\Program Files\Philips\Philips SPC210NC Webcam\TrayMin210.exe
PRC - [2004.06.09 16:37:02 | 000,040,960 | ---- | M] (BIGDOG) -- C:\WINDOWS\VM_STI.EXE
PRC - [2001.02.23 10:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe


========== Modules (No Company Name) ==========

MOD - [2012.04.12 07:18:19 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d96906db18e87ffe2e08f6cda7e2be0f\System.Windows.Forms.ni.dll
MOD - [2012.04.12 07:17:59 | 001,591,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\8d886cdc2ca5f0ff97cd1afe8773bb6e\System.Drawing.ni.dll
MOD - [2012.02.16 09:28:48 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
MOD - [2012.02.16 08:34:47 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
MOD - [2012.02.16 08:32:52 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2011.10.14 22:51:59 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011.09.27 07:32:36 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2011.07.20 13:37:54 | 000,206,336 | ---- | M] () -- C:\Program Files\Accelerer PC\PCSUService.exe
MOD - [2011.03.03 13:33:06 | 000,208,896 | ---- | M] () -- C:\BandwidthMeter\Wizard.UI.DLL
MOD - [2010.06.17 16:28:02 | 000,355,688 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2008.12.04 10:40:42 | 000,311,296 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_fr_b77a5c561934e089\mscorlib.resources.dll
MOD - [2008.12.04 10:40:41 | 000,015,360 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Drawing.resources.dll
MOD - [2008.04.13 19:33:32 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2006.05.10 14:24:34 | 000,278,528 | ---- | M] () -- C:\Program Files\Philips\Philips SPC210NC Webcam\TrayMin210.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.08.31 16:00:27 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.07.20 13:37:54 | 000,206,336 | ---- | M] () [Auto | Running] -- C:\Program Files\Accelerer PC\PCSUService.exe -- (PCSUService)
SRV - [2011.07.07 19:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.06.15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011.05.01 17:29:01 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.04.16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2004.10.22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2001.02.23 10:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.10.18 20:53:14 | 006,439,528 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2011.08.31 16:00:27 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.08.31 16:00:27 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.08.17 10:56:32 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011.08.17 10:56:30 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011.08.17 10:56:26 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011.08.17 10:56:22 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011.01.02 18:52:20 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2010.11.18 02:18:22 | 000,049,536 | ---- | M] (Fengtao Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dvdfab.sys -- (dvdfab)
DRV - [2010.10.14 05:26:38 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2010.10.14 05:26:36 | 000,025,216 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2010.10.14 05:26:34 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2010.07.29 00:25:42 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ivusb.sys -- (ivusb)
DRV - [2010.06.17 16:28:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.06.17 16:27:52 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.11.18 08:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009.11.18 08:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008.12.08 18:01:56 | 000,055,136 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008.06.01 09:13:10 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (npf)
DRV - [2008.02.29 03:13:46 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008.02.29 03:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008.02.29 03:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008.02.29 03:12:48 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2006.07.26 08:56:00 | 000,248,832 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2005.11.02 11:53:40 | 000,215,552 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sis163u.sys -- (SIS163u)
DRV - [2005.02.26 17:25:52 | 000,091,527 | ---- | M] (VM) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbVM31b.sys -- (ZSMC301b)
DRV - [2004.08.13 12:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2001.08.10 07:00:00 | 000,003,252 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.SYS -- (PQNTDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1801674531-1343024091-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data]
IE - HKU\S-1-5-21-1801674531-1343024091-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-1801674531-1343024091-725345543-1004\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKU\S-1-5-21-1801674531-1343024091-725345543-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1801674531-1343024091-725345543-1004\..\SearchScopes\{16232187-B0D8-45D8-9882-304000AFF041}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1801674531-1343024091-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.fr/"
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.13
FF - prefs.js..extensions.enabledItems: smartbookmarksbar@remy.juteau:1.4.3
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}:5.0.12
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.7
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008.06.06 22:49:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.14 07:25:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.14 07:25:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.24 23:32:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2012.04.10 19:27:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
[2012.04.14 07:28:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\0jw58nej.default\extensions
[2012.03.19 08:07:41 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\0jw58nej.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010.04.28 09:33:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\0jw58nej.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.04.10 19:55:21 | 000,000,000 | ---D | M] (New Tab Homepage) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\0jw58nej.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}
[2011.07.12 10:07:57 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\0jw58nej.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}(2)
[2011.02.14 15:49:28 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\0jw58nej.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.07.12 10:07:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\0jw58nej.default\extensions\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}(2)
[2009.02.19 08:09:17 | 000,000,000 | ---D | M] (Smart Bookmarks Bar) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\0jw58nej.default\extensions\smartbookmarksbar@remy.juteau
[2009.09.30 22:09:26 | 000,001,692 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\0jw58nej.default\searchplugins\linguee-de-en.xml
[2009.01.25 18:14:29 | 000,001,775 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\0jw58nej.default\searchplugins\live-search.xml
[2012.04.14 07:25:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0JW58NEJ.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
[2012.03.13 06:38:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.07.11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.03.13 07:43:04 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2012.03.13 07:33:26 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.13 07:43:04 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2012.03.13 07:43:04 | 000,001,154 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2012.03.13 07:43:04 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2012.03.13 07:43:04 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2006.03.02 14:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-1801674531-1343024091-725345543-1004\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1801674531-1343024091-725345543-1004\..\Toolbar\WebBrowser: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No CLSID value found.
O4 - HKLM..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE (BIGDOG)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Bandwidth Meter.lnk = C:\WINDOWS\Installer\{297849A8-EEC6-4ABA-AAE5-C66A093FEDE3}\_F3096655F6814A76D66DB9.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\TrayMin210.exe.lnk = C:\Program Files\Philips\Philips SPC210NC Webcam\TrayMin210.exe ()
O4 - Startup: C:\Documents and Settings\user\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1801674531-1343024091-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0DBAD01D-EDCC-40E1-A488-50D499A51933}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA60B384-2022-4E12-9B19-E6FE938AD71F}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.05.20 17:28:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012.04.12 07:31:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.04.12 07:27:08 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Bureau\OTL.exe
[2012.04.11 17:45:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Bureau\9243 Roth Mersen Aufhebungsvertrag
[2012.04.11 17:41:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Bureau\120864 MB VIP Newsletter April
[2012.04.11 09:20:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user\Menu Démarrer\Programmes\Outils d'administration
[2012.04.10 21:26:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Malwarebytes
[2012.04.10 21:26:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malwarebytes' Anti-Malware
[2012.04.10 21:26:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012.04.10 21:26:33 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.04.10 21:26:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.04.05 23:42:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Bureau\128xxx MB PPT G-Klasse GLK Event-Handbuch
[2012.04.04 12:05:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Bureau\120826 VDW Report Vorwort
[2012.04.03 13:48:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Bureau\120813 MB AvantGarde
[2012.04.02 13:21:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Bureau\120805 VDW
[2012.03.30 15:57:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Bureau\120795 Melowind Ferrostaal
[2012.03.30 12:05:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Bureau\120793 Gelbau
[2012.03.30 11:32:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Bureau\120792 Cornelsen again
[2012.03.29 14:22:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Bureau\120459 VDW Report
[2012.03.28 13:01:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Bureau\120748 Cornelsen
[2012.03.27 14:48:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Bureau\120744 Steuler
[2012.03.27 13:47:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Bureau\120749 CT
[2012.03.26 21:42:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Audible
[2012.03.26 21:42:17 | 000,255,352 | ---- | C] (Audible, Inc.) -- C:\WINDOWS\System32\awrdscdc.ax
[2012.03.26 21:42:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\AudibleManager
[2012.03.26 21:42:04 | 000,000,000 | ---D | C] -- D:\mes documents\Audible
[2012.03.26 21:42:04 | 000,000,000 | ---D | C] -- C:\Program Files\Audible
[2012.03.26 21:42:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Audible
[2012.03.23 22:35:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Bureau\120722 InPosition
[2012.03.22 21:12:12 | 004,435,968 | ---- | C] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[2012.03.21 13:34:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Bureau\120679 MB quiz 2
[2012.03.21 09:55:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sommer Informatik GmbH
[2012.03.21 09:54:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Sommer Informatik GmbH
[2012.03.21 09:54:45 | 000,000,000 | ---D | C] -- C:\Program Files\Saint-Gobain
[2012.03.20 14:43:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Bureau\120669 Caluwin
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Documents and Settings\user\Bureau\*.tmp files -> C:\Documents and Settings\user\Bureau\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.04.15 17:25:11 | 000,000,312 | ---- | M] () -- C:\WINDOWS\tasks\Mozilla Thunderbird.job
[2012.04.15 17:24:55 | 000,002,193 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Bandwidth Meter.lnk
[2012.04.15 17:24:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.04.15 14:17:24 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.04.14 07:25:33 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012.04.14 07:25:33 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Firefox.lnk
[2012.04.13 23:02:13 | 000,001,154 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Raccourci vers Bureau.lnk
[2012.04.13 15:22:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012.04.12 22:35:46 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\user\Bureau\SystemLook.exe
[2012.04.12 07:57:37 | 000,512,870 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2012.04.12 07:57:37 | 000,443,370 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.04.12 07:57:37 | 000,086,240 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2012.04.12 07:57:37 | 000,072,636 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.04.12 07:26:56 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Bureau\OTL.exe
[2012.04.12 00:38:59 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.04.11 17:56:23 | 000,039,181 | ---- | M] () -- C:\Documents and Settings\user\Bureau\Crédit Agricole 11-04-2012.pdf
[2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.04.04 09:18:18 | 000,041,696 | ---- | M] () -- C:\Documents and Settings\user\Bureau\Crédit Agricole 4-4-2012.pdf
[2012.04.01 17:18:40 | 000,050,176 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.04.01 00:05:21 | 000,055,808 | ---- | M] () -- C:\Documents and Settings\user\Bureau\Les Architectes sont des chefs.BAK
[2012.03.26 21:42:22 | 000,001,606 | ---- | M] () -- C:\Documents and Settings\user\Bureau\Audible Manager.lnk
[2012.03.26 21:42:17 | 000,255,352 | ---- | M] (Audible, Inc.) -- C:\WINDOWS\System32\awrdscdc.ax
[2012.03.22 21:12:12 | 004,435,968 | ---- | M] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Documents and Settings\user\Bureau\*.tmp files -> C:\Documents and Settings\user\Bureau\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.04.14 07:25:33 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Mozilla Firefox.lnk
[2012.04.14 07:25:33 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Firefox.lnk
[2012.04.12 22:35:46 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\user\Bureau\SystemLook.exe
[2012.04.11 17:53:41 | 000,039,181 | ---- | C] () -- C:\Documents and Settings\user\Bureau\Crédit Agricole 11-04-2012.pdf
[2012.04.04 09:15:26 | 000,041,696 | ---- | C] () -- C:\Documents and Settings\user\Bureau\Crédit Agricole 4-4-2012.pdf
[2012.03.31 22:30:40 | 000,055,808 | ---- | C] () -- C:\Documents and Settings\user\Bureau\Les Architectes sont des chefs.BAK
[2012.03.26 21:42:22 | 000,001,606 | ---- | C] () -- C:\Documents and Settings\user\Bureau\Audible Manager.lnk
[2012.02.15 09:29:36 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.01.14 10:57:46 | 000,000,024 | ---- | C] () -- C:\WINDOWS\EPUNIDAD.INI
[2012.01.14 10:57:40 | 000,000,849 | ---- | C] () -- C:\WINDOWS\ERUNILX.INI
[2011.11.05 23:07:22 | 000,016,836 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2011.09.12 21:10:20 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2011.08.26 00:49:36 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.06.28 23:31:41 | 000,802,744 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011.06.28 22:53:20 | 000,000,275 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\HamsterVideoConverterSettings.cfg
[2011.03.10 12:49:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2010.12.15 14:44:16 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll
[2010.12.15 14:44:16 | 000,002,413 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2010.04.27 21:27:13 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010.04.27 21:27:12 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

========== LOP Check ==========

[2009.01.25 15:09:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2008.10.20 14:21:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVSVideoBurner
[2011.09.13 07:02:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2011.06.30 07:10:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2008.09.05 08:56:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoodSync
[2010.12.15 14:44:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
[2011.06.21 16:36:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panasonic
[2008.12.19 19:48:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2008.12.04 14:30:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2012.03.21 09:55:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sommer Informatik GmbH
[2009.02.17 11:51:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2009.02.17 11:51:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2011.06.28 23:21:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009.03.17 13:23:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TRADOS
[2008.11.16 20:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2011.06.30 07:15:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2010.09.19 21:24:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualizedApplications
[2009.12.04 18:17:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2008.06.06 18:38:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zeon
[2010.05.27 21:56:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2008.12.04 10:44:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
[2009.01.25 15:10:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\ACD Systems
[2008.09.05 10:55:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Canon
[2011.02.14 16:57:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\DVDVideoSoft
[2011.02.14 15:49:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\DVDVideoSoftIEHelpers
[2010.03.08 22:55:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\EPSON
[2011.09.12 21:10:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\FreeAudioPack
[2008.09.05 07:00:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\GoodSync
[2010.12.15 15:59:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\LG Electronics
[2011.06.30 07:13:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Logoport
[2011.09.27 07:33:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\OpenOffice.org
[2008.06.06 20:53:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\ScanSoft
[2010.09.20 16:54:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\SoftGrid Client
[2008.12.04 11:21:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\System Tweaker
[2011.07.14 07:52:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Thunderbird
[2011.09.19 13:59:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Todae
[2010.09.01 10:33:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\TP
[2008.06.26 18:30:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Trados
[2008.12.04 10:44:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\uniblue
[2010.12.03 13:03:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Vso
[2009.09.17 14:41:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Windows Live Writer
[2008.06.06 19:37:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Zeon

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\WINDOWS:5463AAC8D074B0DE
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8C35AEA7

< End of report >

**********

> Do you see any changes in computer behavior?
No, everything still seems OK.
By the way: I downloaded and installed Firefox 11.0 yesterday.


Thanks,
bjmyers
bjmyers
Active Member
 
Posts: 10
Joined: April 11th, 2012, 2:03 am

Re: searchnu

Unread postby pgmigg » April 16th, 2012, 11:28 am

Hello bjmyers,

Nice job! :)

Looks like we are near the finish and I am almost done with infections you had...
However, there are a few additional steps before I can give you my general post how to keep your computer safe and secure.
So, let continue...

Step 1.
Java Update Needed!
Your Java is out of date.
Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
Please follow these steps to remove older versions of Java components and update:

Attention: Print these instructions or copy them. You will be closing your browser!!

DOWNLOAD UPDATED VERSION
  1. Get the latest version (7u3) of Java Runtime Environment (JRE)... © Sun Microsystems, Inc.
  2. Click the "Download JRE" button to the right.
  3. Check "Accept License Agreement "
  4. Locate the entry for Windows x86 Offline and click on the associated file name, save the file to your desktop.
<STOP> Do not install the new version of Java yet. We need to do some cleanup first!

REMOVE OLD JAVA VERSIONS
  1. Close any programs you may have running - especially your web browser.
  2. Click Start -> Run.
  3. Copy and paste the value below, into the open text entry box:
    appwiz.cpl
  4. Click the OK. It takes a few seconds for the program list to be populated.
  5. Locate the following program:
    Java Auto Updater
    Java(TM) 6 Update 22
    Java(TM) 6 Update 24
  6. Press the "Remove" or "Change/Remove" button to uninstall the program.
    Carefully read any prompts...
    Some uninstallers prompt in a way to trick you into keeping the program, sometimes, preventing them from being uninstalled again!
    Don't worry if you can not find all programs from the list - some may not have an uninstall feature or may have been removed in previous steps.
  7. When finished, close/exit Add/Remove Programs.

Step 2.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Double click on OTL.exe to run it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Copy and Paste the following code into the Image text box. Do not include the word Code
    Code: Select all
    :OTL
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}:5.0.12
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
    
    :Files
    C:\WINDOWS\System32\*.tmp files
    C:\WINDOWS\*.tmp files
    C:\Documents and Settings\user\Bureau\*.tmp files
    @C:\WINDOWS:5463AAC8D074B0DE
    @C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE
    @C:\Documents and Settings\All Users\Application Data\TEMP:8C35AEA7
    
    :Commands
    [REBOOT]
    [CREATERESTOREPOINT]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. When the scan completes, Notepad will open with the scan results (OTL.txt). The report is saved in the same location as OTL.
  8. Please post the contents of report in your next reply.

Step 3.
INSTALL UPDATED VERSION OF JAVA
  1. Close all open applications (standard), especially your browser.
  2. From desktop please double-click on jre-7u3-windows-i586.exe to install the newest version.
  3. Follow the on-screen directions and when installation is completed successfully, reboot your computer normally.
  4. Once the computer has been restarted, you can delete the "downloaded" installation file from your desktop.

OPTIONAL:
To prevent some unnecessary JAVA components from running when you boot your computer each time...
  1. Go to Control Panel and click on the JAVA icon.
  2. Press the Update tab and UNCHECK "Check for Updates Automatically". (You can check for updates manually.)
      Reply "Never Check" to the warning prompt.
  3. Now press the Advanced tab. Press the [+] to expand the "Miscellaneous" options.
  4. UNCHECK "Java Quick Starter".
  5. Press Apply and OK. Then close the Java Control Panel. Close and exit Control Panel.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log file after OTL fix
  3. Do you see any changes in computer behavior?

Thanks,
pgmigg
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: searchnu

Unread postby bjmyers » April 16th, 2012, 12:54 pm

Hello pgmigg,

My responses....

> Do you have any problems executing the instructions?
No, not really. It only took me a while to find the extra control panel (other control panel options) for the Java configuration.

> Contents of C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log file after OTL fix

========== OTL ==========
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}:5.0.12 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin\ not found.
File C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
========== FILES ==========
File\Folder C:\WINDOWS\System32\*.tmp files not found.
File\Folder C:\WINDOWS\*.tmp files not found.
File\Folder C:\Documents and Settings\user\Bureau\*.tmp files not found.
ADS C:\WINDOWS:5463AAC8D074B0DE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8C35AEA7 deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.39.2 log created on 04162012_184004


> Do you see any changes in computer behavior?
None so far....

Thanks and cheers
bjmyers
bjmyers
Active Member
 
Posts: 10
Joined: April 11th, 2012, 2:03 am

Re: searchnu

Unread postby pgmigg » April 16th, 2012, 8:08 pm

Hello bjmyers,

Very good! :)

I see you use Avira Antivir software which is very competent anti virus tool and I would like to ask you to run final scan with it to be sure that everything is clean...

Step 1.
Update and Scan with Avira Antivir
  1. Right click the red umbrella icon and choose Start Antivir.
  2. When the window comes up, please click Start Update.
  3. When the update is complete, click on Scan System Now.
    Note: This full scan could take a hour or more.
  4. It will ask what to do with any item it finds.
    IMPORTANT >> Tell it to DELETE or QUARANTINE any items it finds.

Step 2.
Get Last Avira Antivir Report
  1. Right click the red umbrella icon in the system tray and click Start Antivir
  2. In the left pane, click Overview, then click Reports. There will be reports titled Update and reports titled Scan. Find the most recent report in the list titled Scan
  3. Click on the Report File button, or right click the report and choose Display Report. The report contents will come up in Notepad.
  4. Highlight the entire report (Ctrl+A) and copy to the clipboard (Ctrl+C). Paste the contents (Ctrl+V) into your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of scan results from latest Avira Antivir report file.
  3. Do you see any changes in computer behavior?

Thanks,
pgmigg
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: searchnu

Unread postby bjmyers » April 18th, 2012, 1:16 am

Hello pmigg,

It's reassuring to hear that Avira gets good marks - I've always wondered (but never had a reason to doubt).
Avira found 0 problems.

Here's the Avira scan log (sorry, it's in French):
"Aucun virus trouvé !" means "No virus found!"
--------------

Avira AntiVir Personal
Date de création du fichier de rapport : mardi 17 avril 2012 22:04

La recherche porte sur 3639804 souches de virus.

Le programme fonctionne en version intégrale illimitée.
Les services en ligne sont disponibles.

Détenteur de la licence : Avira AntiVir Personal - Free Antivirus
Numéro de série : 0000149996-ADJIE-0000001
Plateforme : Windows XP
Version de Windows : (Service Pack 3) [5.1.2600]
Mode Boot : Démarré normalement
Identifiant : SYSTEM
Nom de l'ordinateur : USER-5BEB1FA432

Informations de version :
BUILD.DAT : 10.2.0.165 35934 Bytes 30/01/2012 15:45:00
AVSCAN.EXE : 10.3.0.7 484008 Bytes 31/08/2011 14:00:27
AVSCAN.DLL : 10.0.5.0 56680 Bytes 31/08/2011 14:00:27
LUKE.DLL : 10.3.0.5 45416 Bytes 31/08/2011 14:00:27
LUKERES.DLL : 10.0.0.0 13672 Bytes 17/08/2010 12:39:11
AVSCPLR.DLL : 10.3.0.7 119656 Bytes 31/08/2011 14:00:27
AVREG.DLL : 10.3.0.9 88833 Bytes 31/08/2011 14:00:27
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 08:07:58
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 06:18:11
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20/12/2011 07:14:34
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01/02/2012 06:24:45
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28/03/2012 05:16:25
VBASE005.VDF : 7.11.26.45 2048 Bytes 28/03/2012 05:16:25
VBASE006.VDF : 7.11.26.46 2048 Bytes 28/03/2012 05:16:25
VBASE007.VDF : 7.11.26.47 2048 Bytes 28/03/2012 05:16:26
VBASE008.VDF : 7.11.26.48 2048 Bytes 28/03/2012 05:16:26
VBASE009.VDF : 7.11.26.49 2048 Bytes 28/03/2012 05:16:26
VBASE010.VDF : 7.11.26.50 2048 Bytes 28/03/2012 05:16:27
VBASE011.VDF : 7.11.26.51 2048 Bytes 28/03/2012 05:16:28
VBASE012.VDF : 7.11.26.52 2048 Bytes 28/03/2012 05:16:28
VBASE013.VDF : 7.11.26.53 2048 Bytes 28/03/2012 05:16:28
VBASE014.VDF : 7.11.26.107 221696 Bytes 30/03/2012 05:34:28
VBASE015.VDF : 7.11.26.179 224768 Bytes 02/04/2012 15:25:50
VBASE016.VDF : 7.11.26.241 142336 Bytes 04/04/2012 15:26:14
VBASE017.VDF : 7.11.27.41 247808 Bytes 08/04/2012 16:57:34
VBASE018.VDF : 7.11.27.107 161280 Bytes 12/04/2012 06:05:18
VBASE019.VDF : 7.11.27.159 148992 Bytes 13/04/2012 12:20:09
VBASE020.VDF : 7.11.27.201 207360 Bytes 17/04/2012 19:26:25
VBASE021.VDF : 7.11.27.202 2048 Bytes 17/04/2012 19:26:25
VBASE022.VDF : 7.11.27.203 2048 Bytes 17/04/2012 19:26:25
VBASE023.VDF : 7.11.27.204 2048 Bytes 17/04/2012 19:26:25
VBASE024.VDF : 7.11.27.205 2048 Bytes 17/04/2012 19:26:25
VBASE025.VDF : 7.11.27.206 2048 Bytes 17/04/2012 19:26:25
VBASE026.VDF : 7.11.27.207 2048 Bytes 17/04/2012 19:26:25
VBASE027.VDF : 7.11.27.208 2048 Bytes 17/04/2012 19:26:25
VBASE028.VDF : 7.11.27.209 2048 Bytes 17/04/2012 19:26:25
VBASE029.VDF : 7.11.27.210 2048 Bytes 17/04/2012 19:26:25
VBASE030.VDF : 7.11.27.211 2048 Bytes 17/04/2012 19:26:25
VBASE031.VDF : 7.11.27.224 32256 Bytes 17/04/2012 19:26:26
Version du moteur : 8.2.10.48
AEVDF.DLL : 8.1.2.2 106868 Bytes 25/10/2011 17:48:14
AESCRIPT.DLL : 8.1.4.16 446842 Bytes 05/04/2012 15:27:37
AESCN.DLL : 8.1.8.2 131444 Bytes 27/01/2012 06:16:06
AESBX.DLL : 8.2.5.5 606579 Bytes 12/03/2012 16:13:07
AERDL.DLL : 8.1.9.15 639348 Bytes 10/09/2011 05:43:47
AEPACK.DLL : 8.2.16.9 807287 Bytes 31/03/2012 05:34:35
AEOFFICE.DLL : 8.1.2.27 201082 Bytes 05/04/2012 15:27:31
AEHEUR.DLL : 8.1.4.15 4628855 Bytes 13/04/2012 06:05:39
AEHELP.DLL : 8.1.19.1 254327 Bytes 02/04/2012 15:25:55
AEGEN.DLL : 8.1.5.26 418164 Bytes 17/04/2012 19:26:29
AEEXP.DLL : 8.1.0.29 82293 Bytes 13/04/2012 06:05:40
AEEMU.DLL : 8.1.3.0 393589 Bytes 05/12/2010 18:38:40
AECORE.DLL : 8.1.25.6 201078 Bytes 16/03/2012 06:29:40
AEBB.DLL : 8.1.1.0 53618 Bytes 23/04/2010 19:37:56
AVWINLL.DLL : 10.0.0.0 19304 Bytes 17/08/2010 12:38:56
AVPREF.DLL : 10.0.3.2 44904 Bytes 31/08/2011 14:00:27
AVREP.DLL : 10.0.0.10 174120 Bytes 18/05/2011 05:35:25
AVARKT.DLL : 10.0.26.1 255336 Bytes 31/08/2011 14:00:27
AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 31/08/2011 14:00:27
SQLITE3.DLL : 3.6.19.0 355688 Bytes 17/06/2010 14:28:02
AVSMTP.DLL : 10.0.0.17 63848 Bytes 17/08/2010 12:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 17/06/2010 14:28:01
RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 31/08/2011 14:00:26
RCTEXT.DLL : 10.0.64.0 100712 Bytes 31/08/2011 14:00:26

Configuration pour la recherche actuelle :
Nom de la tâche...............................: Contrôle intégral du système
Fichier de configuration......................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Documentation.................................: par défaut
Action principale.............................: interactif
Action secondaire.............................: ignorer
Recherche sur les secteurs d'amorçage maître..: marche
Recherche sur les secteurs d'amorçage.........: marche
Secteurs d'amorçage...........................: C:, D:,
Recherche dans les programmes actifs..........: marche
Programmes en cours étendus...................: marche
Recherche en cours sur l'enregistrement.......: marche
Recherche de Rootkits.........................: marche
Contrôle d'intégrité de fichiers système......: arrêt
Fichier mode de recherche.....................: Tous les fichiers
Recherche sur les archives....................: marche
Limiter la profondeur de récursivité..........: 20
Archive Smart Extensions......................: marche
Heuristique de macrovirus.....................: marche
Heuristique fichier...........................: avancé

Début de la recherche : mardi 17 avril 2012 22:04

La recherche d'objets cachés commence.

La recherche sur les processus démarrés commence :
Processus de recherche 'rsmsink.exe' - '29' module(s) sont contrôlés
Processus de recherche 'msdtc.exe' - '40' module(s) sont contrôlés
Processus de recherche 'dllhost.exe' - '61' module(s) sont contrôlés
Processus de recherche 'dllhost.exe' - '45' module(s) sont contrôlés
Processus de recherche 'vssvc.exe' - '48' module(s) sont contrôlés
Processus de recherche 'avscan.exe' - '66' module(s) sont contrôlés
Processus de recherche 'avcenter.exe' - '64' module(s) sont contrôlés
Processus de recherche 'SingletonResource.exe' - '26' module(s) sont contrôlés
Processus de recherche 'TagEditor.exe' - '81' module(s) sont contrôlés
Processus de recherche 'thunderbird.exe' - '135' module(s) sont contrôlés
Processus de recherche 'winamp.exe' - '186' module(s) sont contrôlés
Processus de recherche 'explorer.exe' - '133' module(s) sont contrôlés
Processus de recherche 'TW4Win.exe' - '116' module(s) sont contrôlés
Processus de recherche 'DivXUpdate.exe' - '52' module(s) sont contrôlés
Processus de recherche 'alg.exe' - '33' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '42' module(s) sont contrôlés
Processus de recherche 'PCSUService.exe' - '19' module(s) sont contrôlés
Processus de recherche 'nvsvc32.exe' - '39' module(s) sont contrôlés
Processus de recherche 'avshadow.exe' - '26' module(s) sont contrôlés
Processus de recherche 'mdm.exe' - '22' module(s) sont contrôlés
Processus de recherche 'mbamservice.exe' - '41' module(s) sont contrôlés
Processus de recherche 'mDNSResponder.exe' - '33' module(s) sont contrôlés
Processus de recherche 'SeaPort.EXE' - '49' module(s) sont contrôlés
Processus de recherche 'avguard.exe' - '55' module(s) sont contrôlés
Processus de recherche 'soffice.bin' - '82' module(s) sont contrôlés
Processus de recherche 'soffice.exe' - '16' module(s) sont contrôlés
Processus de recherche 'TrayMin210.exe' - '24' module(s) sont contrôlés
Processus de recherche 'BandwidthMeter.exe' - '85' module(s) sont contrôlés
Processus de recherche 'ctfmon.exe' - '25' module(s) sont contrôlés
Processus de recherche 'mbamgui.exe' - '30' module(s) sont contrôlés
Processus de recherche 'RTHDCPL.EXE' - '37' module(s) sont contrôlés
Processus de recherche 'winampa.exe' - '20' module(s) sont contrôlés
Processus de recherche 'VM_STI.EXE' - '36' module(s) sont contrôlés
Processus de recherche 'sched.exe' - '46' module(s) sont contrôlés
Processus de recherche 'spoolsv.exe' - '56' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '32' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '30' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '165' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '40' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '52' module(s) sont contrôlés
Processus de recherche 'lsass.exe' - '51' module(s) sont contrôlés
Processus de recherche 'services.exe' - '38' module(s) sont contrôlés
Processus de recherche 'winlogon.exe' - '71' module(s) sont contrôlés
Processus de recherche 'csrss.exe' - '14' module(s) sont contrôlés
Processus de recherche 'smss.exe' - '2' module(s) sont contrôlés

La recherche sur les secteurs d'amorçage maître commence :
Secteur d'amorçage maître HD0
[INFO] Aucun virus trouvé !

La recherche sur les secteurs d'amorçage commence :
Secteur d'amorçage 'C:\'
[INFO] Aucun virus trouvé !
Secteur d'amorçage 'D:\'
[INFO] Aucun virus trouvé !

La recherche sur les renvois aux fichiers exécutables (registre) commence :
Le registre a été contrôlé ( '1783' fichiers).


La recherche sur les fichiers sélectionnés commence :

Recherche débutant dans 'C:\'
Recherche débutant dans 'D:\' <DATA>


Fin de la recherche : mercredi 18 avril 2012 00:00
Temps nécessaire: 1:56:08 Heure(s)

La recherche a été effectuée intégralement

24774 Les répertoires ont été contrôlés
931382 Des fichiers ont été contrôlés
0 Des virus ou programmes indésirables ont été trouvés
0 Des fichiers ont été classés comme suspects
0 Des fichiers ont été supprimés
0 Des virus ou programmes indésirables ont été réparés
0 Les fichiers ont été déplacés dans la quarantaine
0 Les fichiers ont été renommés
0 Impossible de scanner des fichiers
931382 Fichiers non infectés
11451 Les archives ont été contrôlées
0 Avertissements
0 Consignes
460995 Des objets ont été contrôlés lors du Rootkitscan
0 Des objets cachés ont été trouvés

------------------
Otherwise, no trouble running the scan and no apparent change in operation.

Regards,
bjmyers
bjmyers
Active Member
 
Posts: 10
Joined: April 11th, 2012, 2:03 am

Re: searchnu

Unread postby pgmigg » April 18th, 2012, 4:34 pm

Hello bjmyers,
Here's the Avira scan log (sorry, it's in French):
"Aucun virus trouvé !" means "No virus found!".
Very good news, thank you! :)

Your latest set of logs appear to be clean! :cheers:
This is my general post for when your logs show no more signs of malware.
Before I give you instructions how to keep your computer clean and secure, you need to make a few additional steps

Step 1.
Update Adobe Reader
Your version of Adobe Reader is out-of-date. There are serious security issues with older versions of Adobe Reader.
I'm not asking you to update any Adobe Acrobat installation... this can be quite costly. I am going to insist that you update your Adobe Reader software.
Then use the Reader for viewing PDF files - you can use the Acrobat software for your other needs.

Firstly, I need you to uninstall old Adobe Reader from your computer.
Add/Remove Programs
  1. Click Start -> Run.
  2. Copy and paste the value below, into the open text entry box:
    appwiz.cpl
  3. Click the OK. It takes a few seconds for the program list to be populated.
  4. Locate the following program:
    Adobe Reader 8.1.5
  5. Press the "Remove" or "Change/Remove" button to uninstall the program.
    Carefully read any prompts...
    Some uninstallers prompt in a way to trick you into keeping the program, sometimes, preventing them from being uninstalled again!
    Don't worry if you can not find all programs from the list - some may not have an uninstall feature or may have been removed in previous steps.
  6. When finished, close/exit Add/Remove Programs.

Now, please download the current version of Adobe Reader...Copyright © Adobe Systems Inc.
Please UNCHECK the box for the: Free McAfee® Security Scan Plus.
  1. Click the yellow Download now button. If you don't already have Adobe Download Manager (DLM)... you may receive a prompt. The Adobe DLM is no longer used to facilitate the download of Adobe Reader or Adobe Flash Player. Adobe DLM software removal instructions available here, if wanted.
  2. The Adobe installer will check your system and begin the installation process. Use the default installation parameters.
  3. When the installation is complete, please Close and re-open your Internet browser.

Adobe Reader X - recommended (safety) program settings
When the program is open, click on Edit and select Preferences. In the categories below, use these settings:
  • Javascript - Uncheck Enable Acrobat Javascript.
  • Security (Enhanced) - Uncheck Automatically trust sites from my Win OS security zones.
  • Secure Trust Manager- Uncheck Allow opening of non-PDF file attachments with external applications.

Step 2.
OTL - Run Fix Script
You should still have OTL on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Double click on OTL.exe to run it.
  2. Copy and Paste the following code into the Image
    text box. Do not include the word Code
    Code: Select all
    :Commands
    [EMPTYTEMP]
    [CLEARALLRESTOREPOINTS]
    

  3. Click under the Custom Scan/Fixes box and paste the copied text.
  4. Click the Run Fix button. If prompted... click OK.
  5. OTL may ask to reboot the machine. Please do so if asked.

Step 3.
OTL-Cleanup
  1. Double click on OTL.exe to run it.
  2. Press the CleanUp button.
  3. When done, you will be prompted to reboot your system to finish file removal, please select OK to reboot your computer.


Finally, please click HERE to find a short guide to staying safer online.

Please don't hesitate to ask any additional questions.

Stay Safe! ;)
pgmigg
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 122 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware