Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Request for Assistance - Search Nu Removal

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

OTL Scan

Unread postby Geronimo » July 8th, 2012, 6:27 pm

Edit: Triple Post
Last edited by Geronimo on July 8th, 2012, 6:37 pm, edited 1 time in total.
Geronimo
Regular Member
 
Posts: 19
Joined: July 7th, 2012, 3:43 pm
Advertisement
Register to Remove

OTL Scan

Unread postby Geronimo » July 8th, 2012, 6:27 pm

Edit: Triple Post
Last edited by Geronimo on July 8th, 2012, 6:38 pm, edited 1 time in total.
Geronimo
Regular Member
 
Posts: 19
Joined: July 7th, 2012, 3:43 pm

OTL Scan

Unread postby Geronimo » July 8th, 2012, 6:27 pm

Edit: Triple Post
Geronimo
Regular Member
 
Posts: 19
Joined: July 7th, 2012, 3:43 pm

Re: Request for Assistance - Search Nu Removal

Unread postby Geronimo » July 8th, 2012, 6:39 pm

Sorry - Dodgy net connection sat here. Didn't mean to quad post!
Geronimo
Regular Member
 
Posts: 19
Joined: July 7th, 2012, 3:43 pm

Re: Request for Assistance - Search Nu Removal

Unread postby Geronimo » July 8th, 2012, 6:43 pm

Sorry, forgot to mention i'd got rid of the redirects early on, so that's not been a problem since i started this post. Was more concerned about anythign else left lurking behind the curtain.
Geronimo
Regular Member
 
Posts: 19
Joined: July 7th, 2012, 3:43 pm

Re: Request for Assistance - Search Nu Removal

Unread postby diver79 » July 9th, 2012, 1:11 pm

Geronimo wrote:Hi,
Ok - just off to run the OTL scan. DO i need no worry about those last 3 reg values from Systemlook ?
No, those have been reset to the default value. They are legitimate keys that have been flagged because the key value contains searchqu.
Geronimo wrote:Pc's running better, mouse only juddering occasionally but there is so much vaio junk such as the custom menu bar on here that i don't know what that's affecting.
This computer should be able to run those programs without stalling. I don't think there is malware at work here but we'll check for additional infections with ESET's online scanner.
I've noticed the machine produced a minidump file, lets take a look at that and the event viewer to see if that can shed any light on the performance issue.

MiniToolBox
Please download MiniToolBox© by farbar and save it to your desktop. Click here.
  • Double click on MiniToolBox.exe to run it.
    Please check (tick) the following options:
    • List last 10 Event Viewer Errors
    • List Devices (Only Problems)
    • List Minidump Files
  • Click on the GO button. A log will open.
  • Please post the contents of this log. It can also be found on the desktop as Result.txt.


ESET Online Scanner:
Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable Virgin Media Security.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

MiniToolbox

Unread postby Geronimo » July 9th, 2012, 4:57 pm

Diver79 - Thanks for this.
I had binned OTL twice as i was trying to customise the script before you started to provide reponses, and had forgotten to put the "file:" leadin before the flushdns command, so it hung while trying to complete that command. Sorry if that futher confuses/complicates things.

MiniToolBox by Farbar Version: 25-06-2012
Ran by Andrew (administrator) on 09-07-2012 at 21:50:44
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/08/2012 09:29:05 PM) (Source: Application Hang) (User: )
Description: The program OTL.exe version 3.2.53.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1570

Start Time: 01cd5d480d2a5565

Termination Time: 15

Application Path: C:\Users\Andrew\Documents\Downloads\OTL.exe

Report Id: 8dad0378-c93b-11e1-af58-f0bf971daff3

Error: (07/08/2012 09:02:09 PM) (Source: Application Hang) (User: )
Description: The program OTL.exe version 3.2.53.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 4fc

Start Time: 01cd5d43d56cae0f

Termination Time: 0

Application Path: C:\Users\Andrew\Documents\Downloads\OTL.exe

Report Id: ca94b63f-c937-11e1-92f2-f0bf971daff3

Error: (07/06/2012 01:36:11 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (07/05/2012 11:06:31 PM) (Source: Windows Search Service) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-1291092248-1590860807-464702161-1001}/">.

Error: (07/05/2012 11:05:52 PM) (Source: Windows Search Service) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-1291092248-1590860807-464702161-1001}/">.

Error: (07/05/2012 11:04:42 PM) (Source: Windows Search Service) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-1291092248-1590860807-464702161-1001}/">.

Error: (07/05/2012 10:54:45 PM) (Source: MsiInstaller) (User: Andrew-VAIO)Andrew-VAIO
Description: Product: Java(TM) 6 Update 33 -- Error 25099. Unzipping core files failed.

Error: (07/01/2012 02:48:43 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (06/30/2012 04:15:26 PM) (Source: Application Error) (User: )
Description: Faulting application name: NOBuClient.exe, version: 2.1.17869.0, time stamp: 0x4c056071
Faulting module name: NOBuClient.exe, version: 2.1.17869.0, time stamp: 0x4c056071
Exception code: 0xc0000409
Fault offset: 0x0000000000042936
Faulting process id: 0x17f0
Faulting application start time: 0xNOBuClient.exe0
Faulting application path: NOBuClient.exe1
Faulting module path: NOBuClient.exe2
Report Id: NOBuClient.exe3

Error: (06/30/2012 04:10:27 PM) (Source: Application Error) (User: )
Description: Faulting application name: DllHost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bca54
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec4aa8e
Exception code: 0xc0000005
Fault offset: 0x000000000009970a
Faulting process id: 0x2360
Faulting application start time: 0xDllHost.exe0
Faulting application path: DllHost.exe1
Faulting module path: DllHost.exe2
Report Id: DllHost.exe3


System errors:
=============
Error: (07/09/2012 09:48:04 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\athExt.dll
Error Code: 126

Error: (07/08/2012 10:27:12 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\athExt.dll
Error Code: 126

Error: (07/08/2012 10:24:33 PM) (Source: Service Control Manager) (User: )
Description: The Adobe Active File Monitor V8 service terminated unexpectedly. It has done this 1 time(s).

Error: (07/08/2012 10:19:29 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\athExt.dll
Error Code: 126

Error: (07/08/2012 10:16:25 PM) (Source: Service Control Manager) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).

Error: (07/08/2012 09:28:46 PM) (Source: Service Control Manager) (User: )
Description: The Adobe Active File Monitor V8 service terminated unexpectedly. It has done this 1 time(s).

Error: (07/08/2012 09:10:02 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\athExt.dll
Error Code: 126

Error: (07/08/2012 09:07:41 PM) (Source: Service Control Manager) (User: )
Description: The Adobe Active File Monitor V8 service terminated unexpectedly. It has done this 1 time(s).

Error: (07/08/2012 09:05:01 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\athExt.dll
Error Code: 126

Error: (07/08/2012 09:02:43 PM) (Source: Service Control Manager) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (07/08/2012 09:29:05 PM) (Source: Application Hang)(User: )
Description: OTL.exe3.2.53.1157001cd5d480d2a556515C:\Users\Andrew\Documents\Downloads\OTL.exe8dad0378-c93b-11e1-af58-f0bf971daff3

Error: (07/08/2012 09:02:09 PM) (Source: Application Hang)(User: )
Description: OTL.exe3.2.53.14fc01cd5d43d56cae0f0C:\Users\Andrew\Documents\Downloads\OTL.execa94b63f-c937-11e1-92f2-f0bf971daff3

Error: (07/06/2012 01:36:11 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (07/05/2012 11:06:31 PM) (Source: Windows Search Service)(User: )
Description: 300x80040d07iehistory://{S-1-5-21-1291092248-1590860807-464702161-1001}/

Error: (07/05/2012 11:05:52 PM) (Source: Windows Search Service)(User: )
Description: 300x80040d07iehistory://{S-1-5-21-1291092248-1590860807-464702161-1001}/

Error: (07/05/2012 11:04:42 PM) (Source: Windows Search Service)(User: )
Description: 300x80040d07iehistory://{S-1-5-21-1291092248-1590860807-464702161-1001}/

Error: (07/05/2012 10:54:45 PM) (Source: MsiInstaller)(User: Andrew-VAIO)Andrew-VAIO
Description: Product: Java(TM) 6 Update 33 -- Error 25099. Unzipping core files failed.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/01/2012 02:48:43 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (06/30/2012 04:15:26 PM) (Source: Application Error)(User: )
Description: NOBuClient.exe2.1.17869.04c056071NOBuClient.exe2.1.17869.04c056071c0000409000000000004293617f001cd56d325e0ee6eC:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exeC:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe6b1c4aa9-c2c6-11e1-a16b-90004eaa6102

Error: (06/30/2012 04:10:27 PM) (Source: Application Error)(User: )
Description: DllHost.exe6.1.7600.163854a5bca54ntdll.dll6.1.7601.177254ec4aa8ec0000005000000000009970a236001cd56d279dcfb9bC:\Windows\system32\DllHost.exeC:\Windows\SYSTEM32\ntdll.dllb90b2568-c2c5-11e1-8a2a-f0bf971daff3


========================= Devices: ================================

Name: Photosmart C4500 series
Description: Photosmart C4500 series
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart C4500 series
Description: Photosmart C4500 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

========================= Minidump Files ==================================

No minidump file found


**** End of log ****
Geronimo
Regular Member
 
Posts: 19
Joined: July 7th, 2012, 3:43 pm

Re: Request for Assistance - Search Nu Removal

Unread postby Geronimo » July 10th, 2012, 2:27 am

ESET logs

I thought the cursor delay/stuttering might have gone away, but it just happened again for about 30 seconds when i tried to load the log i'm not sure if it's a hard drive access thing or anything else.

File: C:\Program Files (x86)\ESET\ESET Online Scanner

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=e9ba50b5d061fa4eaaf3b77f138f064d
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-05 10:53:38
# local_time=2012-07-05 11:53:38 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 13316611 13316611 0 0
# compatibility_mode=5893 16776574 100 94 13388174 93993448 0 0
# compatibility_mode=8192 67108863 100 0 434 434 0 0
# scanned=17830
# found=0
# cleaned=0
# scan_time=420
esets_scanner_update returned -1 esets_gle=53251
Geronimo
Regular Member
 
Posts: 19
Joined: July 7th, 2012, 3:43 pm

Re: Request for Assistance - Search Nu Removal

Unread postby diver79 » July 10th, 2012, 8:58 am

Nothing of note in either of the two logs. It doesnt look to be malware related. I'll see if we can pin it down here, if not you may need to look for help in the software forum.

I don't have much knowledge on Virgin Media Security but I found a few posts stating it has resulted in slow performance. Virgin have released a patch for it which you can download here. See if that makes a difference and then check your hard disk for errors.

Check Hard Disk For Errors
Open an Elevated Command Prompt
  1. Press the Image button
  2. In the Start Menu search box area type:
    cmd
  3. Right click on cmd.exe (at top of the menu)... click on Run As Administrator.
    A black screen will open. You should see the elevated command prompt open to C:\Windows\System32
  4. Copy the following command line (including the quotes):
    chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"
    At the Command Prompt window.
  5. Right click on the window title "Administrator Command Prompt" area. A menu will appear.
  6. Select Edit... then choose Paste. You should see the chkdsk command string you copied, in the black window.
  7. Press Enter ... Chkdsk will now start checking your hard drive. DO NOT CLOSE the Command Prompt window!
    The Chkdsk process can take a while, depending on the size of your hard drive.
    A file named checkhd.txt will appear on your desktop while Chkdsk is running.
  8. When your hard drive light stops flashing constantly... Open the checkhd.txt file.
    You should see totals of bytes on the drive, bytes in files...etc. If you do not see these totals, Chkdsk is still running, close the file, wait a little longer.
  9. Please post the contents of the checkhd.txt file, in your next reply.
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: Request for Assistance - Search Nu Removal

Unread postby Geronimo » July 10th, 2012, 1:15 pm

Hi Diver79.

I think we should call it quits here - I've run the checkdisk, and it's come up with absolutely nothing ( i can't get access to the network from that PC at that moment).

From discussisosn with the owner, the cursor has always shuddered when accessing the hard drive since he's had it, so i'm going to leave that with him to resolve with driver updates.

Thanks for the support - Understand that the forum don't accept donations, but do they have a charity they support?

Thanks in advance,

Geronimo.
Geronimo
Regular Member
 
Posts: 19
Joined: July 7th, 2012, 3:43 pm

Re: Request for Assistance - Search Nu Removal

Unread postby diver79 » July 11th, 2012, 3:42 pm

Hi Geronimo,

OK, thats good. We just need to do some cleanup to remove infected restore points some of the tools we used. See my all clean speech below.

Regarding donations, we do actually accept donations to assist with the running of the website. See here for more information.

Congratulations your PC is now feee from infection 8) Follow the below steps to cleanup the tools we have used and tighten your systems security.


Clear infected restore points
We need to run an OTL Fix
  • Right click OTL.exe and select Run as Administrator to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :commands
    [CLEARALLRESTOREPOINTS]
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.


Clean up with OTL
  • Right click OTL.exe and select Run as Administrator to start the program. This will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.


Additional Security Tips.
Update your Antivirus programs and other programs regularly.
Secunia Personal Software Inspector - Copyright © Secunia. This app will monitor programs on your computer for known vulnerabilities. You can set it to auto-update for you, or just prompt you if an update is available. I highly recommend it.
F-secure Health Check - Copyright © F-Secure Corporation. F-Secure Health Check is a free application that tells you if your computer is protected and helps you fix possible security issues.


Microsoft Windows Update
Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Install the updates immediately if they are found.
To update Windows
Go to Start > All Programs > Windows Update > Check for updates.
To update Office
Open up any Office program.
Go to Help > Check for Updates


Read, stay informed.
To help minimize the chances of becoming re-infected, please read.
Computer Security - a short guide to staying safer online

If your computer is running slowly after your clean up, please read.
What to do if your Computer is running slowly

Please let me know that you completed the cleanup steps. Once I receive your reply, unless there are other malware questions or concerns, I will have this topic closed as resolved.
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: Request for Assistance - Search Nu Removal

Unread postby Wingman » July 13th, 2012, 12:34 pm

As your problems appear to have been resolved, this topic is now closed.
We are pleased we could help you resolve your computer's malware issues.

If you are satisfied with our assistance and wish to donate to help with the costs of this volunteer site, please read :
Donations For Malware Removal
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 131 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware