njoki13

oh i just wanna cry right now. someone please help me. i also have this freakin 'searchnu' on my laptop. I am not a tech person so i need instruction on how to remove it form my pc. I tried uninstalling it but it was a total fail. i tried the dds.scr but i now dont know what to do with that. below was is what was on the notepad. there was also another notepad attachment but i cannot make a zip for it. . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 Run by njoki at 1:24:40 on 2012-05-18 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3032.2044 [GMT -4:00] . AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\Windows\system32\mfevtps.exe C:\Program Files\McAfee\Common Framework\naPrdMgr.exe C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe C:\Windows\system32\conhost.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\svchost.exe -k SDRSVC C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.searchnu.com/406 BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun uRun: [Facebook Update] "c:\users\njoki\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey mRun: [shStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRunOnce: [removeSearchqudatamngr] cmd.exe /c RD /S /Q "c:\program files\Searchqu Toolbar" mRunOnce: [removeSearchqutoolbar] cmd.exe /c RD /S /Q "c:\program files\searchqu toolbar\datamngr\ToolBar" mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{0FE2C5DB-1463-4279-BD9E-E4DBA5D129C1} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{0FE2C5DB-1463-4279-BD9E-E4DBA5D129C1}\14C65687028457E6475627723702D4163624F6F6B6020527F6 : DhcpNameServer = 10.0.2.1 TCP: Interfaces\{0FE2C5DB-1463-4279-BD9E-E4DBA5D129C1}\2375942554230383 : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{0FE2C5DB-1463-4279-BD9E-E4DBA5D129C1}\2375942554438333 : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{0FE2C5DB-1463-4279-BD9E-E4DBA5D129C1}\36964797023747164756 : DhcpNameServer = 75.75.76.76 75.75.75.75 192.168.1.1 75.75.76.76 75.75.75.75 TCP: Interfaces\{0FE2C5DB-1463-4279-BD9E-E4DBA5D129C1}\55451477962756C6563737023556475707 : DhcpNameServer = 129.107.31.80 129.107.45.80 129.107.62.80 TCP: Interfaces\{0FE2C5DB-1463-4279-BD9E-E4DBA5D129C1}\C696E6B6379737 : DhcpNameServer = 192.168.1.1 209.18.47.61 209.18.47.62 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL AppInit_DLLs: SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\njoki\appdata\roaming\mozilla\firefox\profiles\tl14sjnt.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.searchnu.com/406 FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=360&systemid=406&sr=0&q= FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\users\njoki\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-12-20 343664] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-12-20 91672] R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-12-20 43288] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-12-20 65448] . =============== Created Last 30 ================ . 2012-05-17 17:06:09 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e85291d6-fafd-48f7-a1b1-f479b4a578fa}\offreg.dll 2012-05-15 23:42:34 6734704 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e85291d6-fafd-48f7-a1b1-f479b4a578fa}\mpengine.dll 2012-05-15 19:48:57 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-05-15 05:27:34 -------- d-----w- c:\program files\Mozilla Maintenance Service 2012-05-15 05:27:28 588728 ----a-w- c:\program files\mozilla firefox\gkmedias.dll 2012-05-15 05:27:27 43960 ----a-w- c:\program files\mozilla firefox\mozglue.dll 2012-05-15 05:27:27 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe 2012-05-15 05:27:27 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe 2012-05-15 01:07:51 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-05-15 01:07:48 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll 2012-05-15 01:07:47 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL 2012-05-15 01:07:46 989184 ----a-w- c:\program files\windows journal\JNTFiltr.dll 2012-05-15 01:07:45 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll 2012-05-15 01:07:38 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-05-15 01:07:37 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-15 01:07:36 2343424 ----a-w- c:\windows\system32\win32k.sys 2012-05-15 01:07:26 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys 2012-05-15 01:07:24 1077248 ----a-w- c:\windows\system32\DWrite.dll 2012-04-23 00:08:52 -------- d-----w- c:\users\njoki\appdata\local\Ilivid Player 2012-04-23 00:08:13 -------- d-----w- c:\program files\iLivid 2012-04-23 00:06:52 -------- d-----w- c:\programdata\boost_interprocess 2012-04-23 00:06:51 -------- d-----w- c:\program files\Searchqu Toolbar 2012-04-22 05:23:25 -------- d-----w- c:\users\njoki\appdata\local\Facebook . ==================== Find3M ==================== . 2012-05-15 20:44:05 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-03-01 05:46:57 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-03-01 05:37:41 172544 ----a-w- c:\windows\system32\wintrust.dll 2012-03-01 05:33:23 159232 ----a-w- c:\windows\system32\imagehlp.dll 2012-03-01 05:29:16 5120 ----a-w- c:\windows\system32\wmi.dll 2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll 2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl 2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll 2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-02-23 15:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe . ============= FINISH: 1:26:08.65 ===============