Sign in to follow this  
Followers 0
deanwhu

Please help remove: searchnu.com/406

6 posts in this topic

Hello, I have the common searchnu virus on my machine. I would very much appreciate some guidance with its removal.

Thank you in advance. I attach my OTL log:

OTL logfile created on: 5/15/2012 11:46:00 AM - Run 1

OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Laura\Downloads

Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 61.04% Memory free

3.98 Gb Paging File | 2.98 Gb Available in Paging File | 74.81% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 186.21 Gb Total Space | 22.31 Gb Free Space | 11.98% Space Free | Partition Type: NTFS

Computer Name: LAURA-PC | User Name: Laura | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/15 11:27:02 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Laura\Downloads\OTL.exe

PRC - [2012/05/04 08:59:09 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2012/03/29 03:44:56 | 000,313,160 | ---- | M] (Smilebox, Inc.) -- C:\Users\Laura\AppData\Roaming\Smilebox\SmileboxTray.exe

PRC - [2012/03/12 08:12:01 | 001,694,608 | ---- | M] (Bandoo Media, inc) -- C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe

PRC - [2012/03/06 19:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe

PRC - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

PRC - [2012/01/31 21:30:08 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe

PRC - [2012/01/31 21:30:02 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/09/16 14:10:50 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe

PRC - [2011/09/16 14:10:50 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2010/11/20 08:29:22 | 000,101,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\consent.exe

PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2008/10/14 02:44:44 | 000,159,232 | ---- | M] (matt.malensek.net) -- C:\Program Files\3RVX\3RVX.exe

========== Modules (No Company Name) ==========

MOD - [2012/05/04 08:59:08 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll

MOD - [2011/12/11 23:30:40 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll

MOD - [2011/08/30 21:56:31 | 012,432,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll

MOD - [2011/08/30 21:56:31 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\9859a6e0562f64eacfb8ad76f260a2d6\Accessibility.ni.dll

MOD - [2011/08/30 21:55:48 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll

MOD - [2011/08/30 21:55:25 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll

MOD - [2011/08/30 21:55:20 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll

MOD - [2011/08/30 21:55:18 | 007,963,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll

MOD - [2011/08/30 21:54:49 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll

MOD - [2011/06/25 01:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/06/25 01:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011/03/04 15:02:54 | 007,745,536 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll

MOD - [2011/03/04 15:02:52 | 000,135,168 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll

MOD - [2011/03/04 15:02:50 | 002,121,728 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll

MOD - [2009/01/12 19:50:42 | 000,259,480 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll

MOD - [2009/01/12 19:50:42 | 000,120,216 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSchMgr.dll

MOD - [2009/01/12 19:50:42 | 000,038,184 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll

MOD - [2009/01/12 19:50:40 | 000,345,384 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLTinyDB.dll

MOD - [2007/12/30 23:55:18 | 000,019,968 | ---- | M] () -- C:\Program Files\3RVX\CoreAudioApi.dll

========== Win32 Services (SafeList) ==========

SRV - [2012/05/04 08:59:09 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV - [2012/01/31 21:30:08 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)

SRV - [2012/01/31 21:30:02 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)

SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/09/16 14:10:50 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)

SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)

DRV - [2012/03/06 19:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2012/03/06 19:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2012/03/06 19:02:14 | 000,044,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)

DRV - [2012/03/06 19:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2012/03/06 19:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV - [2012/03/06 19:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2012/03/02 00:13:58 | 000,021,504 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)

DRV - [2012/01/31 21:30:36 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)

DRV - [2011/09/16 14:10:50 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)

DRV - [2011/09/16 14:10:50 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)

DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)

DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)

DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)

DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010/11/20 06:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)

DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)

DRV - [2010/02/25 03:02:30 | 000,015,544 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBTTN.sys -- (HBtnKey)

DRV - [2009/10/02 23:23:26 | 006,000,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (netw5v32) Intel®

DRV - [2009/04/29 10:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

DRV - [2008/03/03 15:10:44 | 000,182,272 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)

DRV - [2006/11/28 19:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

DRV - [2006/11/14 20:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=119&systemid=406&sr=0&q={searchTerms}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2966386090-575164438-3064633297-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =http://www.searchnu.com/406

IE - HKU\S-1-5-21-2966386090-575164438-3064633297-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

IE - HKU\S-1-5-21-2966386090-575164438-3064633297-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=119&systemid=406&sr=0&q={searchTerms}

IE - HKU\S-1-5-21-2966386090-575164438-3064633297-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2966386090-575164438-3064633297-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search Results"

FF - prefs.js..browser.search.order.1: "Search Results"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "http://www.searchnu.com/406"

FF - prefs.js..extensions.enabledItems: {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.5.1

FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=119&systemid=406&sr=0&q="

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Laura\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Laura\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Laura\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Laura\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012/03/20 10:28:42 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/04 08:59:09 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/26 08:35:29 | 000,000,000 | ---D | M]

[2012/05/03 20:08:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laura\AppData\Roaming\Mozilla\Extensions

[2012/05/03 20:08:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\busro4f5.default\extensions

[2012/05/03 20:08:28 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\busro4f5.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}

[2011/08/26 13:11:49 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\busro4f5.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}

[2012/05/03 20:08:22 | 000,002,519 | ---- | M] () -- C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\busro4f5.default\searchplugins\Search_Results.xml

[2012/05/03 20:08:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012/02/28 16:41:42 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2012/05/04 08:59:09 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012/05/04 08:59:07 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml

[2012/03/04 11:50:30 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012/05/04 08:59:07 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml

[2012/05/04 08:59:07 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml

[2012/05/03 20:08:22 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml

[2012/05/04 08:59:09 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

[2012/05/04 08:59:07 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Search Results (Enabled)

CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=crb&appid=119&systemid=406&sr=0&q={searchTerms}

CHR - default_search_provider: suggest_url =

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\pdf.dll

CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Laura\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Laura\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: avast! WebRep = C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\

CHR - Extension: Skype Click to Call = C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\

O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()

O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)

O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)

O4 - HKU\S-1-5-21-2966386090-575164438-3064633297-1000..\Run: [3RVX] C:\Program Files\3RVX\3RVX.exe (matt.malensek.net)

O4 - HKU\S-1-5-21-2966386090-575164438-3064633297-1000..\Run: [smileboxTray] C:\Users\Laura\AppData\Roaming\Smilebox\SmileboxTray.exe (Smilebox, Inc.)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-2966386090-575164438-3064633297-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2E3DB781-40B3-41E2-9120-848F7F3714B8}: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4548FC74-0E5F-43DA-B57A-8E9B41818E39}: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll) - C:\Program Files\Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)

O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll) - C:\Program Files\Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O27 - HKLM IFEO\ehshell.exe: Debugger - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{d4abf775-7809-11e1-95e5-001a6be33777}\Shell - "" = AutoRun

O33 - MountPoints2\{d4abf775-7809-11e1-95e5-001a6be33777}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/09 20:17:04 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\LogMeIn

[2012/05/09 20:16:59 | 000,030,592 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\LMIport.dll

[2012/05/09 20:16:58 | 000,083,360 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\LMIRfsClientNP.dll

[2012/05/09 20:16:58 | 000,047,640 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\drivers\LMIRfsDriver.sys

[2012/05/09 20:16:54 | 000,087,424 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\LMIinit.dll

[2012/05/09 20:16:47 | 000,000,000 | ---D | C] -- C:\ProgramData\LogMeIn

[2012/05/09 20:16:25 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn

[2012/05/04 08:59:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla

[2012/05/04 08:59:12 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service

[2012/05/03 20:09:07 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\Ilivid Player

[2012/05/03 20:08:22 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess

[2012/05/03 20:08:21 | 000,000,000 | ---D | C] -- C:\Program Files\Searchqu Toolbar

[2012/04/22 12:43:44 | 000,000,000 | ---D | C] -- C:\Users\Laura\Documents\Anatomy Full Text Book

[2012/04/19 22:43:44 | 000,000,000 | ---D | C] -- C:\Users\Laura\Documents\1111 EEEEEEE BOOOOKS

[2012/04/19 22:32:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe

[2012/04/19 22:26:52 | 000,000,000 | ---D | C] -- C:\Users\Laura\Documents\My Digital Editions

[2012/04/19 22:13:58 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\Kobo

[2012/04/19 22:13:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kobo

[2012/04/19 22:10:39 | 000,000,000 | ---D | C] -- C:\Program Files\Kobo

[2011/09/21 19:27:54 | 003,063,561 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MobileTV.exe

[2011/09/21 19:27:53 | 002,989,660 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\DVD.exe

[2011/09/21 19:27:53 | 002,864,396 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MPV.exe

[2011/09/21 19:27:53 | 002,331,174 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\Karaoke.exe

[2011/09/21 19:27:53 | 002,231,606 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\Games.exe

========== Files - Modified Within 30 Days ==========

[2012/05/15 11:38:22 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/05/15 11:20:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/05/15 11:08:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2966386090-575164438-3064633297-1000UA.job

[2012/05/15 10:57:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/05/15 10:33:49 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/05/15 10:33:49 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/05/15 10:26:43 | 000,000,254 | ---- | M] () -- C:\ProgramData\hpqp.ini

[2012/05/15 10:24:57 | 1602,789,376 | -HS- | M] () -- C:\hiberfil.sys

[2012/05/13 16:42:47 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2966386090-575164438-3064633297-1000Core.job

[2012/05/10 07:40:47 | 000,615,360 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/05/10 07:40:47 | 000,103,702 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/05/09 20:16:51 | 000,001,024 | ---- | M] () -- C:\.rnd

[2012/04/30 22:05:14 | 000,002,286 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2012/04/19 22:32:24 | 000,002,148 | ---- | M] () -- C:\Users\Laura\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions.lnk

[2012/04/19 22:32:24 | 000,002,124 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Digital Editions.lnk

[2012/04/19 22:13:09 | 000,000,975 | ---- | M] () -- C:\Users\Public\Desktop\Kobo.lnk

[2012/04/16 20:58:22 | 000,004,096 | -H-- | M] () -- C:\Users\Laura\AppData\Local\keyfile3.drm

========== Files Created - No Company Name ==========

[2012/05/09 20:16:49 | 000,001,024 | ---- | C] () -- C:\.rnd

[2012/05/09 20:16:36 | 000,000,958 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn.lnk

[2012/04/19 22:32:24 | 000,002,148 | ---- | C] () -- C:\Users\Laura\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions.lnk

[2012/04/19 22:32:24 | 000,002,136 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions.lnk

[2012/04/19 22:32:24 | 000,002,124 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Digital Editions.lnk

[2012/04/19 22:13:09 | 000,000,975 | ---- | C] () -- C:\Users\Public\Desktop\Kobo.lnk

[2012/04/16 20:58:22 | 000,004,096 | -H-- | C] () -- C:\Users\Laura\AppData\Local\keyfile3.drm

[2011/08/30 17:52:02 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe

[2011/08/30 17:49:42 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

[2011/08/30 16:55:13 | 000,000,254 | ---- | C] () -- C:\ProgramData\hpqp.ini

========== LOP Check ==========

[2012/04/30 22:02:02 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\Smilebox

[2012/05/06 23:33:40 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\uTorrent

[2012/04/06 10:24:26 | 000,032,574 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Share this post


Link to post
Share on other sites

Welcome to the forum.

Following this guide usually works:

http://deletemalware...tall-guide.html

Don't download any of the scanners they recommend!

When done, reboot and run another OTL scan.

Please let me know, MrC

Share this post


Link to post
Share on other sites

OK, please scan the system again and post the log so we can clean up any left overs and check for any other infections.

MrC

Share this post


Link to post
Share on other sites

How are we doing??

Do you still need help or can I close this post??

MrC

Share this post


Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.