Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

remove searchnu.com/406

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

remove searchnu.com/406

Unread postby russele » May 17th, 2012, 5:38 pm

My browser keeps redirecting to the following hxxp://www.searchnu.com/406. Can you help remove please?

DDS.txt log

C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\Launch Manager\LMutilps32.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Users\Evans Laptop\AppData\Local\Akamai\netsession_win.exe
C:\Users\Evans Laptop\AppData\Local\Akamai\netsession_win.exe
C:\Users\Evans Laptop\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Users\Evans Laptop\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\DOLBY PCEE4\pcee4.exe
C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Users\Evans Laptop\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Evans Laptop\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Evans Laptop\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Evans Laptop\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Evans Laptop\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Users\Evans Laptop\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Evans Laptop\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Evans Laptop\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://startsear.ch/?aff=1&cf=b759122e- ... 70f4ad6b22
uDefault_Page_URL = hxxp://acer.msn.com
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://startsear.ch/?aff=1&cf=b759122e- ... 70f4ad6b22
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: PodcastBHO Class: {65134fdf-f8a5-4b3d-91d9-cdf273cfd578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
uRun: [Google Update] "C:\Users\Evans Laptop\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Akamai NetSession Interface] "C:\Users\Evans Laptop\AppData\Local\Akamai\netsession_win.exe"
uRun: [Facebook Update] "C:\Users\Evans Laptop\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [MusicManager] "C:\Users\Evans Laptop\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [Spotify] "C:\Users\Evans Laptop\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [Dolby Advanced Audio v2] "C:\Dolby PCEE4\pcee4.exe" -autostart
mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
StartupFolder: C:\Users\EVANSL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Evans Laptop\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{3019B72C-CAC5-495C-B40C-88CB7DBE2E18} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{69BB2179-BC30-48A1-AC0A-0A960D9C6BB5} : DhcpNameServer = 150.200.3.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs:
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: PodcastBHO Class: {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll
BHO-X64: dTPodcastBHO - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun-x64: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun-x64: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [Dolby Advanced Audio v2] "C:\Dolby PCEE4\pcee4.exe" -autostart
mRun-x64: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
AppInit_DLLs-X64:
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 RapportKE64;RapportKE64;C:\Windows\system32\Drivers\RapportKE64.sys --> C:\Windows\system32\Drivers\RapportKE64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
R1 RapportCerberus_34302;RapportCerberus_34302;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_34302.sys [2012-5-3 397520]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-5-3 55056]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-5-3 61712]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-14 20992]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-6-8 352336]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-7-25 872552]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 29696]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-6-8 13336]
R2 iPodDrv;iPodDrv;\??\C:\Windows\system32\drivers\iPodDrv.sys --> C:\Windows\system32\drivers\iPodDrv.sys [?]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-6-8 244624]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-9-26 375176]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2011-9-16 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-3-9 257344]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-5-3 931640]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-7-25 2656280]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 b57xdbd;Broadcom xD Picture Bus Driver Service;C:\Windows\system32\drivers\b57xdbd.sys --> C:\Windows\system32\drivers\b57xdbd.sys [?]
R3 b57xdmp;Broadcom xD Picture vstorp client drv;C:\Windows\system32\drivers\b57xdmp.sys --> C:\Windows\system32\drivers\b57xdmp.sys [?]
R3 bScsiMSa;bScsiMSa;C:\Windows\system32\drivers\bScsiMSa.sys --> C:\Windows\system32\drivers\bScsiMSa.sys [?]
R3 bScsiSDa;bScsiSDa;C:\Windows\system32\DRIVERS\bScsiSDa.sys --> C:\Windows\system32\DRIVERS\bScsiSDa.sys [?]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-5 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-3 257696]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]
S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-9-28 172912]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-2-29 1431888]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-5 136176]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\system32\Drivers\nx6000.sys --> C:\Windows\system32\Drivers\nx6000.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-10-8 150016]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2012-05-17 20:47:49 -------- d-----w- C:\Windows\pss
2012-05-15 20:11:34 -------- d-----w- C:\ProgramData\boost_interprocess
2012-05-05 11:24:47 -------- d--h--w- C:\$AVG
2012-05-02 21:22:46 -------- d-----w- C:\Users\Evans Laptop\AppData\Local\Ilivid Player
2012-04-27 18:40:36 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-27 18:40:36 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-27 18:40:36 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-27 18:40:35 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-27 18:40:35 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-27 18:40:35 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-27 18:40:35 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-19 21:41:47 -------- d-----w- C:\MySQL 4.0
2012-04-19 21:41:46 -------- d-----w- C:\Program Files (x86)\MySQL 4.0
2012-04-19 21:41:39 -------- d-----w- C:\Program Files (x86)\DEHNsupport DEMO
2012-04-17 22:57:10 -------- d-----w- C:\Users\Evans Laptop\AppData\Local\assembly
.
==================== Find3M ====================
.
2012-05-04 23:24:45 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-04 23:24:45 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-04 23:23:48 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-05-03 22:24:10 63760 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys
2012-03-22 19:12:12 4435968 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2012-03-17 19:52:51 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-03-06 06:53:37 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-06 05:59:47 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-06 05:59:41 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 22:20:09.73 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 05/10/2011 14:39:20
System Uptime: 17/05/2012 21:49:43 (1 hours ago)
.
Motherboard: Acer | | JE50_HR
Processor: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz | CPU1 | 2301/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 259.53 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP47: 03/04/2012 22:01:27 - Windows Update
RP48: 03/04/2012 22:02:06 - Windows Update
RP49: 25/04/2012 22:21:58 - Removed Google Cloud Connect for Microsoft Office
RP50: 27/04/2012 19:39:30 - Windows Update
RP51: 15/05/2012 21:14:20 - Removed Photosynth 2.0110.0317.1042
RP52: 17/05/2012 21:54:18 - Installed Rapport
.
==== Installed Programs ======================
.
???? ??? Windows Live
???? Windows Live
????? Windows Live
?????? ??????? ?? Windows Live
???????? ?????????? Windows Live
?????????? Windows Live
??????????? ?? Windows Live
1912 Titanic Mystery
Acer Backup Manager
Acer Crystal Eye Webcam
Acer ePower Management
Acer eRecovery Management
Acer GameZone Console
Acer Registration
Acer ScreenSaver
Acer Updater
Acrobat.com
Adobe AIR
Adobe Reader 9.5.1 MUI
AGi32 v2.31
Akamai NetSession Interface
AndreaMosaic 3.33.0
Apple Application Support
Apple Software Update
Audacity 1.3.13 (Unicode)
Autodesk 123D Catch
Autodesk Design Review 2012
Autodesk Material Library 2012
Autodesk Material Library Base Resolution Image Library 2012
Autodesk Material Library Low Resolution Image Library 2012
Autodesk Material Library Medium Resolution Image Library 2012
Backup Manager V3
Bejeweled 2 Deluxe
Belles Beauty Boutique
Bing Bar
Chicken Invaders 3
clear.fi
clear.fi Client
Convert VOB to AVI
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DEHNsupport DEMO 2.042
Dolby Advanced Audio v2
doubleTwist
Dream Day First Home
Dropbox
Easy DVD Rip
eBay Worldwide
Express Zip File Compression Software
Facebook Video Calling 1.2.0.159
Farm Frenzy 3 Ice Age
FARO LS 1.1.406.58
ffdshow [rev 2527] [2008-12-19]
Flip Words
Fotogalerija Windows Live
Free DWG Viewer 7.0
Galapago
Galeria de Fotografias do Windows Live
Galeria fotografii uslugi Windows Live
Galeria fotogràfica del Windows Live
Galerie de photos Windows Live
Galerie foto Windows Live
Galería fotográfica de Windows Live
GmoteServer
Google Chrome
Google Earth
Google SketchUp 8
Google Talk Plugin
Google Update Helper
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
Hotfix for Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (KB944899)
Identity Card
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Java Auto Updater
Java(TM) 6 Update 31
Jessops Photo
Junk Mail filter update
Launch Manager
LogMeIn
Mesh Runtime
Microsoft Corporation
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2008 x64 ATL Runtime 9.0.30729
Microsoft Visual C++ 2008 x64 CRT Runtime 9.0.30729
Microsoft Visual C++ 2008 x64 MFC Runtime 9.0.30729
Microsoft Visual C++ 2008 x64 OpenMP Runtime 9.0.30729
Microsoft Visual C++ 2008 x86 ATL Runtime 9.0.30729
Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729
Microsoft Visual C++ 2008 x86 MFC Runtime 9.0.30729
Microsoft Visual C++ 2008 x86 OpenMP Runtime 9.0.30729
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140)
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Tools for Applications 2.0 Runtime
MSVCRT
MSVCRT_amd64
Music Manager
MyWinLocker 4
MyWinLocker Suite
newsXpresso
Norton Online Backup
NTI Media Maker 9
Photosynth 2.0110.0317.1042
Picasa 3
Poczta uslugi Windows Live
Podstawowe programy Windows Live
Pošta Windows Live
QuickTime
Raccolta foto di Windows Live
Rapport
Realtek High Definition Audio Driver
S?????? f?t???af??? t?? Windows Live
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
Shredder
Spotify
Sprill and Ritchie
Switch Sound File Converter
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177
Visual Studio 2008 x64 Redistributables
WavePad Sound Editor
Welcome Center
Windows Live
Windows Live ???
Windows Live ????
Windows Live Argazki Galeria
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotótár
Windows Live Fotogalerie
Windows Live Fotogalleri
Windows Live Fotogaléria
Windows Live Fotograf Galerisi
Windows Live Galeria de Fotos
Windows Live Galerija fotografija
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Temel Parçalar
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Liven asennustyökalu
Windows Liven sähköposti
Windows Liven valokuvavalikoima
World of Goo
XviD & MP3 Codec Pack (remove only)
XviD MPEG-4 Video Codec
.
==== Event Viewer Messages From Past Week ========
.
17/05/2012 21:50:57, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ASPI32
17/05/2012 21:50:00, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers\ASPI32.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
.
==== End Of File ===========================


thanks
Last edited by Cypher on May 18th, 2012, 7:34 am, edited 1 time in total.
Reason: Disabled link
russele
Regular Member
 
Posts: 21
Joined: May 17th, 2012, 5:27 pm
Advertisement
Register to Remove

Re: remove searchnu.com/406

Unread postby diver79 » May 19th, 2012, 2:45 pm

Hi and welcome to MalwareRemoval.com.
My name is Diver79, and I will be helping you with your malware problems.

Before we start please note the following important guidelines.
  • The instructions given are for THIS computer only! Using these instructions on a different computer, can make it inoperable!
  • Please DO NOT run any other software or scans whilst I am helping you.

Note: If you haven't done so already, please ensure you have read the following article. ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
diver79 wrote:Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
Because of this, I advise you to backup any personal files and folders before you start.
How to backup your data - Vista/Win7

Looking into your logs now. Will post instructions soon...

diver79.
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: remove searchnu.com/406

Unread postby diver79 » May 19th, 2012, 3:21 pm

Hi russele,


Searchnu embeds itself into many areas of the OS. We will use a cutom fix to remove its known locations, we will then use Systemlook to search for the remaining entries. Run the tools below and post back the requested logs.

OTL - Custom Fix
Please right-click on the filename link below and select "Save target as..." or "Save Link as...", choose the Desktop location, and choose to save as the filename :Fix.txt
SQW7-Vista_x64.TXT

Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.
Double Click the OTL icon (Right click and choose "Run as administrator" in Vista/Win7)
  • Click the Run Fix button at the top.
  • You will see a popup dialog reporting "No fix has been provided. Click OK to load from a file or Cancel". Click on OK
  • When the Open dialog comes up, Navigate to the Desktop, scroll to find the file named Fix.txt and click Open
  • Some text will appear in the Custom scans/Fixes box.
  • Click the Run Fix button.
  • Let the program run unhindered and reboot the PC when it is done.
    When the computer Reboots, and you start your usual account, a Notepad text file will appear.
  • Copy the contents of that file and post it in your next reply. The file will also appear on your desktop as OTL.txt


Next:


Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


  • Right click SystemLook.exe and select Run as Administrator to run it.
  • Copy and paste the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchnu
    Searchqu
    iLivid
    whitesmoke
    datamngr
    kelkoopartners
    trolltech
    
  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: remove searchnu.com/406

Unread postby russele » May 19th, 2012, 5:39 pm

All processes killed
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page deleted successfully.
Registry key HKEY_CURRENT_USER\Software\AppDataLow\Software\searchqutoolbar\ not found.
Registry key HKEY_CURRENT_USER\Software\DataMngr\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bandoo\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu 406 MediaBar\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\menuorder\start menu2\programs\bandoo\ not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\DataMngr_Toolbar\ not found.
Registry key HKEY_CURRENT_USER\Software\ilivid\ not found.
Registry key HKEY_CURRENT_USER\Software\searchqutoolbar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Bandoo\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BandooCore.EXE\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1301A8A5-3DFB-4731-A162-B357D00C9644}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477F210A-2A86-4666-9C4B-1189634D2C84}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF871E51-2655-4D06-AED5-745962A96B32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f000001-db8e-f89c-2fec-49bf726f8c12}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9189560-573A-4fde-B055-AE7B0F4CF080}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFBD6D47-F5E5-49E4-8157-8BCFF11F3CC3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBD6D47-F5E5-49E4-8157-8BCFF11F3CC3}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Save video on Savevid.com\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\ilivid.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASAPI32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASMANCS\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\SearchquMediabarTb\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{b543ef05-9758-464e-9f37-4c28525b4a4c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b543ef05-9758-464e-9f37-4c28525b4a4c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{8f5f1cb6-ea9e-40af-a5ca-c7fd63cc1971}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\currentversion\app management\arpcache\searchqu 406 mediabar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{a40dc6c5-79d0-4ca8-a185-8ff989af1115}\inprocserver32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{cc1ac828-bb47-4361-afb5-96eee259dd87}\inprocserver32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{fefd3af5-a346-4451-aa23-a3ad54915515}\inprocserver32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{5b4144e1-b61d-495a-9a50-cd1a95d86d15}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{6a4bcaba-c437-4c76-a54e-af31b8a76cb9}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{841d5a49-e48d-413c-9c28-eb3d9081d705}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet explorer\low rights\elevationpolicy\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet explorer\low rights\elevationpolicy\{d0a4be92-2216-42db-ab35-d72efb9f0176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0a4be92-2216-42db-ab35-d72efb9f0176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\shared tools\msconfig\startupreg\datamngr\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\searchqu.com\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160\ not found.
Registry key HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA942DEC3AFA384B94ECC932BD3DC5A\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFE82A48FED40644C984C808A1785C7F\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EFB5D9F3E46440D4A9C379467CEADEBB\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toobar not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3B0118C8-8D12-46CD-A083-2116D587A11F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3B0118C8-8D12-46CD-A083-2116D587A11F}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C39DB3DF-7935-4821-9BD7-170D277DA935} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C39DB3DF-7935-4821-9BD7-170D277DA935}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6B2163BE-A595-4E6E-AAF0-E22A29D38262} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B2163BE-A595-4E6E-AAF0-E22A29D38262}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A49227EB-05C7-449A-9BB6-18F653936F32} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A49227EB-05C7-449A-9BB6-18F653936F32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3B0118C8-8D12-46CD-A083-2116D587A11F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3B0118C8-8D12-46CD-A083-2116D587A11F}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C39DB3DF-7935-4821-9BD7-170D277DA935} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C39DB3DF-7935-4821-9BD7-170D277DA935}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6B2163BE-A595-4E6E-AAF0-E22A29D38262} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B2163BE-A595-4E6E-AAF0-E22A29D38262}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A49227EB-05C7-449A-9BB6-18F653936F32} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A49227EB-05C7-449A-9BB6-18F653936F32}\ not found.
Unable to set value : HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ProxyStubClsid32\\@|"{B056521A-9B10-425E-B616-1FCD828DB3B1}" /E!
Unable to set value : HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ProxyStubClsid32\\@|"{B056521A-9B10-425E-B616-1FCD828DB3B1}" /E!
Unable to set value : HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\\@|"ISearchQueryHelper" /E!
Unable to set value : HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ProxyStubClsid32\\@|"{B056521A-9B10-425E-B616-1FCD828DB3B1}" /E!
========== FILES ==========
File/Folder C:\Users\Evans Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\SearchquWebSearch.xml not found.
File/Folder C:\Users\Evans Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\searchqutoolbar not found.
File/Folder C:\Users\Evans Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\{99079a25-328f-4bd4-be04-00955acaa0a7} not found.
File/Folder C:\Users\Evans Laptop\AppData\Roaming\Microsoft\Windows\Cookies\*@sweetim[1].txt not found.
File/Folder C:\Users\Evans Laptop\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@ilivid[1].txt not found.
File/Folder C:\Users\Evans Laptop\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@ilivid[2].txt not found.
File/Folder C:\Users\Evans Laptop\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@searchqu[1].txt not found.
File/Folder C:\Users\Evans Laptop\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@searchqu[2].txt not found.
File/Folder C:\Users\Evans Laptop\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@stats.ilivid[1].txt not found.
File/Folder C:\Users\Evans Laptop\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@sweetim[1].txt not found.
File/Folder C:\Users\Evans Laptop\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@www.sweetim[2].txt not found.
File/Folder C:\Users\Evans Laptop\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@www.sweetim[3].txt not found.
C:\Users\Evans Laptop\AppData\Local\Ilivid Player folder moved successfully.
C:\Users\Evans Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F2F3N5I2\iLividSetupV1.exe moved successfully.
C:\Users\Evans Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RLQ0VFA8\iLividSetupV1.exe moved successfully.
File/Folder C:\Users\Evans Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ilivid[1].7z not found.
File/Folder C:\Users\Evans Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SetupDataMngr_Searchqu[1].exe not found.
File/Folder C:\Users\Evans Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SweetImSetup.exe not found.
File/Folder C:\Users\Evans Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BandooV6[1].exe not found.
File/Folder C:\Users\Evans Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\searchqu_net[1].htm not found.
File/Folder C:\Users\EVANSL~1\AppData\Local\Temp\BandooFiles not found.
File/Folder C:\Users\EVANSL~1\AppData\Local\Temp\BandooV6.exe not found.
C:\Users\EVANSL~1\AppData\Local\Temp\SetupDataMngr_Searchqu.exe moved successfully.
File/Folder C:\Users\EVANSL~1\AppData\Local\Temp\SweetIMReinstall not found.
File/Folder C:\Users\EVANSL~1\AppData\Local\Temp\SweetIMReinstall\SweetImSetup.exe not found.
File/Folder C:\Users\EVANSL~1\AppData\Local\Temp\ilivid.7z not found.
C:\Users\EVANSL~1\AppData\Local\Temp\Searchqu.ini moved successfully.
C:\Users\EVANSL~1\AppData\Local\Temp\searchqutoolbar-manifest.xml moved successfully.
File/Folder C:\Users\Evans Laptop\AppData\LocalLow\searchquband not found.
File/Folder C:\Users\Evans Laptop\AppData\LocalLow\searchqutoolbar not found.
File/Folder C:\Users\Evans Laptop\Downloads\SweetImSetup.exe not found.
File/Folder C:\Users\Evans Laptop\Downloads\iLividSetupV1.exe not found.
C:\Users\Evans Laptop\AppData\LocalLow\DataMngr folder moved successfully.
File/Folder C:\Users\Evans Laptop\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\3AJVC1WF\www.ilivid[1].xml not found.
File/Folder C:\Users\Evans Laptop\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\TYBUQFS4\www.searchqu[1].xml not found.
File\Folder C:\Windows\Prefetch\SEARCHQU TOOLBAR UNINSTALL.EX-4EFDDDEA.pf not found.
File\Folder C:\Program Files\Windows iLivid Toolbar not found.
File\Folder C:\Program Files\iLivid not found.
C:\Windows\Prefetch\ILIVID.EXE-5A70B400.pf moved successfully.
C:\Windows\Prefetch\ILIVIDSETUPV1.EXE-CD6B70EE.pf moved successfully.
C:\Windows\Prefetch\ILIVIDSETUPV1.EXE-D2ECDC6D.pf moved successfully.
C:\Windows\Prefetch\SEARCHQUMEDIABAR.EXE-F1248793.pf moved successfully.
C:\Windows\Prefetch\SETUPDATAMNGR_SEARCHQU.EXE-EBDC0128.pf moved successfully.
File\Folder C:\Program Files (x86)\iLivid not found.
File\Folder C:\Program Files (x86)\Windows Savevid Toolbar not found.
File\Folder C:\Program Files (x86)\Savevid not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Evans Laptop\Desktop\cmd.bat deleted successfully.
C:\Users\Evans Laptop\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Evans Laptop
->Temp folder emptied: 1180402436 bytes
->Temporary Internet Files folder emptied: 633828793 bytes
->Java cache emptied: 3216298 bytes
->Google Chrome cache emptied: 104953644 bytes
->Apple Safari cache emptied: 16384 bytes
->Flash cache emptied: 58030 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 312972288 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
RecycleBin emptied: 274157063 bytes

Total Files Cleaned = 2,393.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.43.0 log created on 05192012_222847

Files\Folders moved on Reboot...
C:\Users\Evans Laptop\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Evans Laptop\AppData\Local\Temp\MMDUtl.log moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\LMutilps.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...
russele
Regular Member
 
Posts: 21
Joined: May 17th, 2012, 5:27 pm

Re: remove searchnu.com/406

Unread postby russele » May 19th, 2012, 5:55 pm

SystemLook 30.07.11 by jpshortstuff
Log created at 22:41 on 19/05/2012 by Evans Laptop
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchnu*"
No files found.

Searching for "*Searchqu*"
C:\Windows\Prefetch\SEARCHQU TOOLBAR UNINSTALL.EX-2A186B85.pf --a---- 54846 bytes [21:44 02/05/2012] [21:44 02/05/2012] A617D345281E742C1A1B957B7014B77C
C:\_OTL\MovedFiles\05192012_222847\C_Users\Evans Laptop\AppData\Local\Temp\Searchqu.ini --a---- 359 bytes [21:21 02/05/2012] [21:22 02/05/2012] EF387C88DFC49BBB7226488C23BD7800
C:\_OTL\MovedFiles\05192012_222847\C_Users\Evans Laptop\AppData\Local\Temp\searchqutoolbar-manifest.xml --a---- 9422 bytes [08:42 27/02/2012] [08:42 27/02/2012] B4CF632013D5A08B137DB737D2825F12
C:\_OTL\MovedFiles\05192012_222847\C_Users\Evans Laptop\AppData\Local\Temp\SetupDataMngr_Searchqu.exe --a---- 3779936 bytes [21:21 02/05/2012] [21:22 02/05/2012] 272A776C4425F061837AE105FA3406C5
C:\_OTL\MovedFiles\05192012_222847\C_Windows\Prefetch\SEARCHQUMEDIABAR.EXE-F1248793.pf --a---- 92104 bytes [21:21 02/05/2012] [21:22 02/05/2012] 79C0D247A2860139C266A3E24BBAB447
C:\_OTL\MovedFiles\05192012_222847\C_Windows\Prefetch\SETUPDATAMNGR_SEARCHQU.EXE-EBDC0128.pf --a---- 138454 bytes [21:21 02/05/2012] [21:22 02/05/2012] BF5C061D38349EFD903AB572E55AFCD9

Searching for "*iLivid*"
C:\_OTL\MovedFiles\05192012_222847\C_Users\Evans Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F2F3N5I2\iLividSetupV1.exe --a---- 516136 bytes [21:21 02/05/2012] [21:21 02/05/2012] F89762AD8C0A3C596B143283E6045B53
C:\_OTL\MovedFiles\05192012_222847\C_Users\Evans Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RLQ0VFA8\iLividSetupV1.exe --a---- 516136 bytes [21:20 02/05/2012] [21:21 02/05/2012] F89762AD8C0A3C596B143283E6045B53
C:\_OTL\MovedFiles\05192012_222847\C_Windows\Prefetch\ILIVID.EXE-5A70B400.pf --a---- 173564 bytes [21:22 02/05/2012] [21:42 02/05/2012] BDF70474D9396E68413DF18D487C7EE0
C:\_OTL\MovedFiles\05192012_222847\C_Windows\Prefetch\ILIVIDSETUPV1.EXE-CD6B70EE.pf --a---- 47606 bytes [21:21 02/05/2012] [21:21 02/05/2012] 1CC67994EB4591FBB82EEC5239A1424E
C:\_OTL\MovedFiles\05192012_222847\C_Windows\Prefetch\ILIVIDSETUPV1.EXE-D2ECDC6D.pf --a---- 53092 bytes [21:22 02/05/2012] [21:22 02/05/2012] 6E4CAA21BD2EA619EF3EF48EF32A3670

Searching for "*whitesmoke*"
C:\Program Files (x86)\Google\Google SketchUp 8\Materials\Colors-Named\0129_WhiteSmoke.skm --a---- 1526 bytes [13:47 23/12/2010] [13:47 23/12/2010] AD41BC61879535202A0D3867FFB67716

Searching for "*datamngr*"
C:\Windows\Prefetch\DATAMNGRUI.EXE-DE01E39F.pf --a---- 38738 bytes [21:22 02/05/2012] [21:22 02/05/2012] 7A18C758C76AF69B6D2F835C4C289C88
C:\_OTL\MovedFiles\05192012_222847\C_Users\Evans Laptop\AppData\Local\Temp\SetupDataMngr_Searchqu.exe --a---- 3779936 bytes [21:21 02/05/2012] [21:22 02/05/2012] 272A776C4425F061837AE105FA3406C5
C:\_OTL\MovedFiles\05192012_222847\C_Windows\Prefetch\SETUPDATAMNGR_SEARCHQU.EXE-EBDC0128.pf --a---- 138454 bytes [21:21 02/05/2012] [21:22 02/05/2012] BF5C061D38349EFD903AB572E55AFCD9

Searching for "*trolltech*"
No files found.

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchnu*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*iLivid*"
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_ilivid.exe_b2d2d7c3d7d2fb15d1c75ca036d7173607ec5_340c149e d----c- [21:24 02/05/2012]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_ilivid.exe_b2d2d7c3d7d2fb15d1c75ca036d7173607ec5_340c149e d----c- [21:24 02/05/2012]
C:\Users\Evans Laptop\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_ilivid.exe_17dd6d2222ed81be218dac6765d48fcd870bfb1_0be88828 d----c- [21:42 02/05/2012]
C:\Users\Evans Laptop\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_ilivid.exe_17dd6d2222ed81be218dac6765d48fcd870bfb1_18b77f33 d----c- [21:41 02/05/2012]
C:\Users\Evans Laptop\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppHang_ilivid.exe_a281f07628c996e7c08ca8b3242f78bde66afae5_09757370 d----c- [21:34 02/05/2012]
C:\_OTL\MovedFiles\05192012_222847\C_Users\Evans Laptop\AppData\Local\Ilivid Player d------ [21:22 02/05/2012]

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
C:\_OTL\MovedFiles\05192012_222847\C_Users\Evans Laptop\AppData\LocalLow\DataMngr d------ [21:24 02/05/2012]

Searching for "*trolltech*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchnu"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs]
"url4"="http://uk.search-results.com/web?l=dis&o=100000051&q=how%20to%20watch%20sky%20sports%204%20online&atb=sysid%3D406%3Auid%3D6d7721d04d81fb0f%3Auc%3D1335994174%3Ab%3DSearchnu%3Asrc%3Dhmp%3Ao%3D100000051%3Aq%3Dhow%2520to%2520watch%2520sky%2520sports%25204%252"
[HKEY_USERS\S-1-5-21-1719121310-340545087-3617579295-1001\Software\Microsoft\Internet Explorer\TypedURLs]
"url4"="http://uk.search-results.com/web?l=dis&o=100000051&q=how%20to%20watch%20sky%20sports%204%20online&atb=sysid%3D406%3Auid%3D6d7721d04d81fb0f%3Auc%3D1335994174%3Ab%3DSearchnu%3Asrc%3Dhmp%3Ao%3D100000051%3Aq%3Dhow%2520to%2520watch%2520sky%2520sports%25204%252"

Searching for "Searchqu"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{DA9A957F-C463-4D1D-9C66-7F5D84C2739F}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&appid=306&systemid=406&qu={searchTerms}&ft=json"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&appid=306&systemid=406&qu={searchTerms}&ft=json"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{DA9A957F-C463-4D1D-9C66-7F5D84C2739F}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&appid=306&systemid=406&qu={searchTerms}&ft=json"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_USERS\S-1-5-21-1719121310-340545087-3617579295-1001\Software\Microsoft\Internet Explorer\SearchScopes\{DA9A957F-C463-4D1D-9C66-7F5D84C2739F}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&appid=306&systemid=406&qu={searchTerms}&ft=json"

Searching for "iLivid"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs]
"url1"="http://www.ilivid.com/"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\Debug]
"StoreLocation"="C:\Users\Evans Laptop\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_ilivid.exe_17dd6d2222ed81be218dac6765d48fcd870bfb1_0be88828"
[HKEY_USERS\S-1-5-21-1719121310-340545087-3617579295-1001\Software\Microsoft\Internet Explorer\TypedURLs]
"url1"="http://www.ilivid.com/"
[HKEY_USERS\S-1-5-21-1719121310-340545087-3617579295-1001\Software\Microsoft\Windows\Windows Error Reporting\Debug]
"StoreLocation"="C:\Users\Evans Laptop\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_ilivid.exe_17dd6d2222ed81be218dac6765d48fcd870bfb1_0be88828"

Searching for "whitesmoke"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B760674538A35F241999134C94EA70A1]
"AA5ABB74F6AC14A458D87A7A672FA9B8"="C:\Program Files (x86)\Google\Google SketchUp 8\Materials\Colors-Named\0129_WhiteSmoke.skm"

Searching for "datamngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{24EBA8C6-B37F-4DDA-9188-C99F1FBDBF32}]
"AppPath"="C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6B131604-2232-4806-A509-F6CB5180E803}]
"AppPath"="C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar"

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
No data found.

-= EOF =-
russele
Regular Member
 
Posts: 21
Joined: May 17th, 2012, 5:27 pm

Re: remove searchnu.com/406

Unread postby russele » May 19th, 2012, 5:56 pm

BTW - Thanks for helping!
russele
Regular Member
 
Posts: 21
Joined: May 17th, 2012, 5:27 pm

Re: remove searchnu.com/406

Unread postby diver79 » May 19th, 2012, 6:46 pm

Hi russele,

russele wrote:BTW - Thanks for helping!
Your welcome!

Good work so far, still some more nasties left. See updated instructions below.

Run OTL Script
We need to run an OTL Fix
  • Right click OTL.exe and select Run as Administrator to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :files
    C:\Windows\Prefetch\SEARCHQU TOOLBAR UNINSTALL.EX-2A186B85.pf
    C:\Windows\Prefetch\DATAMNGRUI.EXE-DE01E39F.pf
    :reg
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs]
    "url4"=-
    [HKEY_USERS\S-1-5-21-1719121310-340545087-3617579295-1001\Software\Microsoft\Internet Explorer\TypedURLs]
    "url4"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{DA9A957F-C463-4D1D-9C66-7F5D84C2739F}]
    "SuggestionsURL_JSON"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
    "SuggestionsURL_JSON"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{DA9A957F-C463-4D1D-9C66-7F5D84C2739F}]
    "SuggestionsURL_JSON"=-
    [HKEY_USERS\S-1-5-21-1719121310-340545087-3617579295-1001\Software\Microsoft\Internet Explorer\SearchScopes\{DA9A957F-C463-4D1D-9C66-7F5D84C2739F}]
    "SuggestionsURL_JSON"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs]
    "url1"=-
    [HKEY_USERS\S-1-5-21-1719121310-340545087-3617579295-1001\Software\Microsoft\Internet Explorer\TypedURLs]
    "url1"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{24EBA8C6-B37F-4DDA-9188-C99F1FBDBF32}]
    "AppPath"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6B131604-2232-4806-A509-F6CB5180E803}]
    "AppPath"=-
    :commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.


  • Right click SystemLook.exe and select Run as Administrator to run it.
  • Copy and paste the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Searchqu*
    *iLivid*
    *datamngr*
    
    
    :Regfind
    Searchnu
    Searchqu
    iLivid
    datamngr
    
  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: remove searchnu.com/406

Unread postby russele » May 20th, 2012, 7:43 am

All processes killed
========== FILES ==========
C:\Windows\Prefetch\SEARCHQU TOOLBAR UNINSTALL.EX-2A186B85.pf moved successfully.
C:\Windows\Prefetch\DATAMNGRUI.EXE-DE01E39F.pf moved successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs\\url4 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1719121310-340545087-3617579295-1001\Software\Microsoft\Internet Explorer\TypedURLs\\url4 not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{DA9A957F-C463-4D1D-9C66-7F5D84C2739F}\\SuggestionsURL_JSON deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{DA9A957F-C463-4D1D-9C66-7F5D84C2739F}\\SuggestionsURL_JSON deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1719121310-340545087-3617579295-1001\Software\Microsoft\Internet Explorer\SearchScopes\{DA9A957F-C463-4D1D-9C66-7F5D84C2739F}\\SuggestionsURL_JSON not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs\\url1 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1719121310-340545087-3617579295-1001\Software\Microsoft\Internet Explorer\TypedURLs\\url1 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{24EBA8C6-B37F-4DDA-9188-C99F1FBDBF32}\\AppPath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6B131604-2232-4806-A509-F6CB5180E803}\\AppPath deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Evans Laptop
->Temp folder emptied: 31407041 bytes
->Temporary Internet Files folder emptied: 314992 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 48478126 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 498 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 737005 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 77.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.43.0 log created on 05202012_123704

Files\Folders moved on Reboot...
C:\Users\Evans Laptop\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Evans Laptop\AppData\Local\Temp\MMDUtl.log moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\LMutilps.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...
russele
Regular Member
 
Posts: 21
Joined: May 17th, 2012, 5:27 pm

Re: remove searchnu.com/406

Unread postby russele » May 20th, 2012, 7:51 am

SystemLook 30.07.11 by jpshortstuff
Log created at 12:44 on 20/05/2012 by Evans Laptop
Administrator - Elevation successful

========== filefind ==========

Searching for "*Searchqu*"
C:\_OTL\MovedFiles\05192012_222847\C_Users\Evans Laptop\AppData\Local\Temp\Searchqu.ini --a---- 359 bytes [21:21 02/05/2012] [21:22 02/05/2012] EF387C88DFC49BBB7226488C23BD7800
C:\_OTL\MovedFiles\05192012_222847\C_Users\Evans Laptop\AppData\Local\Temp\searchqutoolbar-manifest.xml --a---- 9422 bytes [08:42 27/02/2012] [08:42 27/02/2012] B4CF632013D5A08B137DB737D2825F12
C:\_OTL\MovedFiles\05192012_222847\C_Users\Evans Laptop\AppData\Local\Temp\SetupDataMngr_Searchqu.exe --a---- 3779936 bytes [21:21 02/05/2012] [21:22 02/05/2012] 272A776C4425F061837AE105FA3406C5
C:\_OTL\MovedFiles\05192012_222847\C_Windows\Prefetch\SEARCHQUMEDIABAR.EXE-F1248793.pf --a---- 92104 bytes [21:21 02/05/2012] [21:22 02/05/2012] 79C0D247A2860139C266A3E24BBAB447
C:\_OTL\MovedFiles\05192012_222847\C_Windows\Prefetch\SETUPDATAMNGR_SEARCHQU.EXE-EBDC0128.pf --a---- 138454 bytes [21:21 02/05/2012] [21:22 02/05/2012] BF5C061D38349EFD903AB572E55AFCD9
C:\_OTL\MovedFiles\05202012_123704\C_Windows\Prefetch\SEARCHQU TOOLBAR UNINSTALL.EX-2A186B85.pf --a---- 54846 bytes [21:44 02/05/2012] [21:44 02/05/2012] A617D345281E742C1A1B957B7014B77C

Searching for "*iLivid*"
C:\_OTL\MovedFiles\05192012_222847\C_Users\Evans Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F2F3N5I2\iLividSetupV1.exe --a---- 516136 bytes [21:21 02/05/2012] [21:21 02/05/2012] F89762AD8C0A3C596B143283E6045B53
C:\_OTL\MovedFiles\05192012_222847\C_Users\Evans Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RLQ0VFA8\iLividSetupV1.exe --a---- 516136 bytes [21:20 02/05/2012] [21:21 02/05/2012] F89762AD8C0A3C596B143283E6045B53
C:\_OTL\MovedFiles\05192012_222847\C_Windows\Prefetch\ILIVID.EXE-5A70B400.pf --a---- 173564 bytes [21:22 02/05/2012] [21:42 02/05/2012] BDF70474D9396E68413DF18D487C7EE0
C:\_OTL\MovedFiles\05192012_222847\C_Windows\Prefetch\ILIVIDSETUPV1.EXE-CD6B70EE.pf --a---- 47606 bytes [21:21 02/05/2012] [21:21 02/05/2012] 1CC67994EB4591FBB82EEC5239A1424E
C:\_OTL\MovedFiles\05192012_222847\C_Windows\Prefetch\ILIVIDSETUPV1.EXE-D2ECDC6D.pf --a---- 53092 bytes [21:22 02/05/2012] [21:22 02/05/2012] 6E4CAA21BD2EA619EF3EF48EF32A3670

Searching for "*datamngr*"
C:\_OTL\MovedFiles\05192012_222847\C_Users\Evans Laptop\AppData\Local\Temp\SetupDataMngr_Searchqu.exe --a---- 3779936 bytes [21:21 02/05/2012] [21:22 02/05/2012] 272A776C4425F061837AE105FA3406C5
C:\_OTL\MovedFiles\05192012_222847\C_Windows\Prefetch\SETUPDATAMNGR_SEARCHQU.EXE-EBDC0128.pf --a---- 138454 bytes [21:21 02/05/2012] [21:22 02/05/2012] BF5C061D38349EFD903AB572E55AFCD9
C:\_OTL\MovedFiles\05202012_123704\C_Windows\Prefetch\DATAMNGRUI.EXE-DE01E39F.pf --a---- 38738 bytes [21:22 02/05/2012] [21:22 02/05/2012] 7A18C758C76AF69B6D2F835C4C289C88

========== Regfind ==========

Searching for "Searchnu"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&appid=306&systemid=406&qu={searchTerms}&ft=json"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "iLivid"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\Debug]
"StoreLocation"="C:\Users\Evans Laptop\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_ilivid.exe_17dd6d2222ed81be218dac6765d48fcd870bfb1_0be88828"
[HKEY_USERS\S-1-5-21-1719121310-340545087-3617579295-1001\Software\Microsoft\Windows\Windows Error Reporting\Debug]
"StoreLocation"="C:\Users\Evans Laptop\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_ilivid.exe_17dd6d2222ed81be218dac6765d48fcd870bfb1_0be88828"

Searching for "datamngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr]

-= EOF =-
russele
Regular Member
 
Posts: 21
Joined: May 17th, 2012, 5:27 pm

Re: remove searchnu.com/406

Unread postby diver79 » May 20th, 2012, 8:59 am

Hi russele,

Good work, almost there now.

Run OTL Script
We need to run an OTL Fix
  • Right click OTL.exe and select Run as Administrator to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
    "SuggestionsURL_JSON"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr]
    :commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.


Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware and save to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:
    Update Malwarebytes' Anti-Malware
    Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
  • The log can also be found here:
    C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: remove searchnu.com/406

Unread postby russele » May 20th, 2012, 10:43 am

All processes killed
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Evans Laptop
->Temp folder emptied: 190583 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 64892501 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 755 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10616 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 62.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.43.0 log created on 05202012_153755

Files\Folders moved on Reboot...
C:\Users\Evans Laptop\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Evans Laptop\AppData\Local\Temp\MMDUtl.log moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\LMutilps.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...
russele
Regular Member
 
Posts: 21
Joined: May 17th, 2012, 5:27 pm

Re: remove searchnu.com/406

Unread postby russele » May 20th, 2012, 11:51 am

2012/05/20 15:49:03 +0100 EVANSLAPTOP-PC Evans Laptop MESSAGE Starting protection
2012/05/20 15:49:05 +0100 EVANSLAPTOP-PC Evans Laptop MESSAGE Protection started successfully
2012/05/20 15:49:08 +0100 EVANSLAPTOP-PC Evans Laptop MESSAGE Starting IP protection
2012/05/20 15:49:09 +0100 EVANSLAPTOP-PC Evans Laptop MESSAGE IP Protection started successfully
2012/05/20 16:00:50 +0100 EVANSLAPTOP-PC Evans Laptop MESSAGE Executing scheduled update: Daily
2012/05/20 16:00:52 +0100 EVANSLAPTOP-PC Evans Laptop MESSAGE Database already up-to-date
2012/05/20 16:07:52 +0100 EVANSLAPTOP-PC Evans Laptop MESSAGE Starting protection
2012/05/20 16:08:09 +0100 EVANSLAPTOP-PC Evans Laptop MESSAGE Protection started successfully
2012/05/20 16:08:12 +0100 EVANSLAPTOP-PC Evans Laptop MESSAGE Starting IP protection
2012/05/20 16:08:13 +0100 EVANSLAPTOP-PC Evans Laptop MESSAGE IP Protection started successfully
russele
Regular Member
 
Posts: 21
Joined: May 17th, 2012, 5:27 pm

Re: remove searchnu.com/406

Unread postby russele » May 20th, 2012, 11:53 am

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.20.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Evans Laptop :: EVANSLAPTOP-PC [administrator]

Protection: Enabled

20/05/2012 15:49:08
mbam-log-2012-05-20 (15-49-08).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 223978
Time elapsed: 4 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bad: (http://startsear.ch/?aff=1&cf=b759122e- ... 70f4ad6b22) Good: (http://www.google.com) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Evans Laptop\Downloads\Gimp_Setup.exe (Adware.IBryte) -> Quarantined and deleted successfully.

(end)
russele
Regular Member
 
Posts: 21
Joined: May 17th, 2012, 5:27 pm

Re: remove searchnu.com/406

Unread postby diver79 » May 20th, 2012, 4:24 pm

Hi russele,

That should be all of it gone now. How is the computer performing?

Please run the below scan.

Security Check
  • Please download Security Check by screen317 from one of the links below:
  • Save it to your Desktop.
  • Right click SecurityCheck.exe And select " Run as administrator " , then follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt
  • Please post the contents of that document.
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: remove searchnu.com/406

Unread postby russele » May 20th, 2012, 4:49 pm

Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java(TM) 6 Update 31
Adobe Reader 9 Adobe Reader out of date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
AVG avgtray.exe
Symantec Norton Online Backup NOBuAgent.exe
``````````End of Log````````````
russele
Regular Member
 
Posts: 21
Joined: May 17th, 2012, 5:27 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 116 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware