Computer issues

coreyb · #1 May 7th, 2012, 10:08 PM

Hi guys,
Have a computer with all kind of issues including "searchnu406" wondering what my first step should be?

Aaflac · #2 May 7th, 2012, 10:33 PM

Welcome to CTH, coreyb!

Let's see what we can find with the following...

Please download OTL from: Here

Save it to the Desktop.
OTL is does not need to be installed, simply click OTL.exe to run the program.
Click the Scan All Users checkbox.
Press the Run Scan button.
Two reports appear:
- OTL.txt <-- Opened on the Desktop
- Extra.txt <-- Minimized on the TaskBar

Please post (do not attach) the OTL.txt and Extra.txt reports in your reply.

Also, which browser(s) do you use..Internet Explorer, FireFox, Chrome, any other?

coreyb · #3 May 7th, 2012, 11:32 PM

This computer has firefox, Chrome and IE installed on it, using Firefox predominantly. I started OTL scan, is it normal to scan FireFox settings for a long period?

Aaflac · #4 May 8th, 2012, 04:55 AM

Sometimes malware blocks OTL.exe

Try one of these alternatives:

OTL.com:
http://oldtimer.geekstogo.com/OTL.com

OTL.scr:
http://oldtimer.geekstogo.com/OTL.scr

coreyb · #5 May 8th, 2012, 01:37 PM

Tried the two applications, both failed each time hanging up on "scanning firefox settings".

Aaflac · #6 May 8th, 2012, 10:59 PM

Let's see what this program does...

Download DDS from one of these locations:
Link 1
Link 2

Save it to the Desktop

Make sure you temporarily disable your AntiVirus, Firewall, and any other AntiSpyware applications. They may interfere with the programs we are about to run.

If you wish to look at information on how to disable these programs, please refer to the information available through this link

XP: Double-click the downloaded file to run the program
Vista/Windows 7: Right-click DDS and select 'Run as Administrator'

When done, DDS opens two logs:
-DDS.txt (Opens on the Desktop)
-Attach.txt (Minimized on the TaskBar)

Save the reports to your Desktop, and post both reports in your reply.

coreyb · #7 May 9th, 2012, 10:47 AM

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by corey at 19:25:03 on 2012-05-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1771.949 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\CxAudMsg64.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\Launch Manager\LMutilps32.exe
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?affID=112049&babsrc=HP_ss&mntrId=9603ad4300000000 000060d8191ac15b
uDefault_Page_URL = hxxp://acer.msn.com
uSearch Bar = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%languag e
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
mSearchAssistant = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80273&lng=en
mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80273
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AppGraffiti: {6f6a5334-78e9-4d9b-8182-8b41ea8c39ef} - C:\PROGRA~2\APPGRA~1\APPGRA~1.DLL
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: !{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
TB: !{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - No File
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Browser companion helper] C:\Program Files (x86)\BrowserCompanion\BCHelper.exe /T=3 /CHI=clbfjfbnelcflpgpklppgplejolacbej
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Sta rtup\ACERVC~1.LNK - C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{912EA306-6AB0-4E92-97BE-5295BF6D2F4A} : DhcpNameServer = 192.168.1.250
TCP: Interfaces\{BC3A1FF1-9A92-4723-A747-4FC931CC5EB6} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{BC3A1FF1-9A92-4723-A747-4FC931CC5EB6}\05C434 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BC3A1FF1-9A92-4723-A747-4FC931CC5EB6}\2375942554938393 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{BC3A1FF1-9A92-4723-A747-4FC931CC5EB6}\C696E6B6379737 : DhcpNameServer = 97.64.183.164 97.64.209.37
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AppGraffiti: {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\PROGRA~2\APPGRA~1\APPGRA~1.DLL
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - No File
TB-X64: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
mRun-x64: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun-x64: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun-x64: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Browser companion helper] C:\Program Files (x86)\BrowserCompanion\BCHelper.exe /T=3 /CHI=clbfjfbnelcflpgpklppgplejolacbej
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\corey\AppData\Roaming\Mozilla\Firefox\Pro files\ac35la36.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={s earchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/406
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=113&systemid=406&sr=0&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp .dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112049
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 9603ad4300000000000060d8191ac15b
FF - user.js: extensions.BabylonToolbar_i.hardId - 9603ad4300000000000060d8191ac15b
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15459
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1715:40:55
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.s ys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIV ERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVER S\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVER S\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswF sBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\driver s\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-5-5 44768]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-12 249648]
R2 CxAudMsg;Conexant Audio Message Service;C:\Windows\system32\CxAudMsg64.exe --> C:\Windows\system32\CxAudMsg64.exe [?]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-7-29 353360]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-9-18 872552]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-1-17 29696]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-7-29 244624]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-5 654408]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 RS_Service;Raw Socket Service;C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [2011-7-29 260640]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atik mdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atik mpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sy s --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system3 2\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-28 136176]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752]
S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-4-2 173424]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-28 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-7 129976]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsus bflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-05-08 10:19:30 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{324A18BD-8353-4518-83A3-47E396EDF689}\mpengine.dll
2012-05-07 20:30:20 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-07 20:30:14 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-07 20:30:14 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-05-07 14:32:22 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-05-06 02:13:45 53080 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-05-06 02:13:41 819032 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-05-06 02:13:38 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-05-06 02:13:01 41184 ----a-w- C:\Windows\avastSS.scr
2012-05-06 02:12:37 -------- d-----w- C:\ProgramData\AVAST Software
2012-05-06 02:12:37 -------- d-----w- C:\Program Files\AVAST Software
2012-05-06 00:03:04 -------- d-----w- C:\Users\corey\AppData\Roaming\Malwarebytes
2012-05-06 00:02:09 -------- d-----w- C:\ProgramData\Malwarebytes
2012-05-06 00:02:01 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-05-06 00:02:00 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-29 18:33:35 -------- d-----w- C:\ProgramData\IBUpdaterService
2012-04-19 00:11:48 -------- d-----w- C:\Program Files (x86)\World of Warcraft
2012-04-17 21:32:50 -------- d-----w- C:\Users\corey\AppData\Local\Babylon
2012-04-17 21:32:42 -------- d-----w- C:\ProgramData\Babylon
2012-04-17 21:32:41 -------- d-----w- C:\Users\corey\AppData\Roaming\Babylon
2012-04-17 21:32:39 -------- d-----w- C:\Program Files (x86)\BrowserCompanion
2012-04-12 08:03:50 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-12 08:03:47 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-12 08:03:46 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-12 08:03:04 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-12 08:03:04 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-12 08:03:03 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-12 08:03:00 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-12 08:03:00 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-12 08:03:00 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-12 08:03:00 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
.
==================== Find3M ====================
.
2012-02-27 10:16:19 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 15:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
.
============= FINISH: 19:26:00.02 ===============

coreyb · #8 May 9th, 2012, 10:49 AM

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 12/9/2011 11:16:36 PM
System Uptime: 5/8/2012 6:10:19 PM (1 hours ago)
.
Motherboard: Acer | | JE10-BZ
Processor: AMD C-60 APU with Radeon(tm) HD Graphics | Socket FT1 | 1000/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 285 GiB total, 244.206 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP51: 4/13/2012 10:57:23 AM - Windows Update
RP52: 4/14/2012 3:00:21 AM - Windows Update
RP53: 4/15/2012 1:28:02 PM - Windows Update
RP54: 4/16/2012 3:58:14 PM - Windows Update
RP55: 4/17/2012 4:18:16 PM - Windows Update
RP56: 4/18/2012 5:04:25 PM - Windows Update
RP57: 4/20/2012 4:18:38 PM - Windows Update
RP58: 4/22/2012 8:31:01 AM - Windows Update
RP59: 4/23/2012 8:34:19 PM - Windows Update
RP60: 4/24/2012 9:46:47 PM - Windows Update
RP61: 4/25/2012 5:09:55 PM - Windows Update
RP62: 4/26/2012 5:34:18 PM - Windows Update
RP63: 4/27/2012 8:44:19 PM - Windows Update
RP64: 4/29/2012 1:37:08 PM - Windows Update
RP65: 5/1/2012 5:09:29 PM - Windows Update
RP66: 5/2/2012 8:59:16 PM - Windows Update
RP67: 5/5/2012 6:29:15 PM - Windows Update
RP68: 5/5/2012 9:11:59 PM - avast! Free Antivirus Setup
RP69: 5/5/2012 10:32:29 PM - Removed PC Inspector smart recovery
RP70: 5/5/2012 10:34:25 PM - Removed newsXpresso
RP71: 5/5/2012 10:53:57 PM - Removed Times Reader
RP72: 5/7/2012 9:29:59 AM - Windows Update
RP73: 5/7/2012 9:33:34 AM - Windows Update
RP74: 5/7/2012 9:45:23 AM - Windows Update
RP75: 5/7/2012 1:43:12 PM - Windows Update
RP76: 5/7/2012 3:02:47 PM - Windows Update
RP77: 5/7/2012 3:23:05 PM - Windows Update
RP78: 5/7/2012 3:24:05 PM - Windows Update
RP79: 5/7/2012 3:27:20 PM - Windows Update
RP80: 5/7/2012 8:40:38 PM - Windows Update
RP81: 5/8/2012 4:41:21 AM - Windows Update
.
==== Installed Programs ======================
.
Acer Crystal Eye Webcam
Acer ePower Management
Acer eRecovery Management
Acer Games
Acer Registration
Acer ScreenSaver
Acer Updater
Acer VCM
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader X MUI
Agatha Christie - Death on the Nile
AMD VISION Engine Control Center
AppGraffiti
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
avast! Free Antivirus
Bejeweled 2 Deluxe
Bing Bar
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
D3DX10
eBay Worldwide
Express Zip File Compression Software
FATE
Final Drive: Nitro
Galerie de photos Windows Live
GIMP 2.6.10
Google Chrome
Google Update Helper
Identity Card
Insaniquarium Deluxe
Jewel Match 3
Jewel Quest Solitaire
Junk Mail filter update
Launch Manager
Malwarebytes Anti-Malware version 1.61.0.1400
Mesh Runtime
Microsoft Office 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyWinLocker 4
MyWinLocker Suite
NOOK for PC
Norton Online Backup
Penguins!
Plants vs. Zombies - Game of the Year
Polar Bowler
Prism Video File Converter
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Shredder
Skip-Bo - Castaway Caper
Skype™ 5.3
Slingo Deluxe
Torchlight
Tradewinds Legends
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update Installer for WildTangent Games App
Virtual Villagers 4 - The Tree of Life
Wedding Dash
Welcome Center
WildTangent Games App (Acer Games)
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
World of Warcraft
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
5/8/2012 4:42:23 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Windows Internet Explorer 9 for Windows 7 for x64-based Systems.
5/7/2012 1:43:47 PM, Error: Microsoft-Windows-Kernel-General [6] - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): '\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy19\ Users\default\ntuser.dat'.
.
==== End Of File ===========================

Aaflac · #9 May 10th, 2012, 05:23 AM

SearchQu/SearchNu is installed as an Add-on in FireFox, Internet Explorer, and other browsers.

Add-ons usually require your permission before they are installed on your computer. However, some are installed without your knowledge!

To remove any SearchQu/SearchNu Add-ons from FireFox:
At the top of the Firefox window, click on the FireFox button
Click Add-ons, for the Add-ons Manager tab to open.
In the Add-ons Manager tab, select the Extensions or Appearance panel.
Select the add-on you wish to remove: SearchQu
Click the Remove button.
Click Restart now if it alerts you to do so.
Your tabs are saved and restored after the restart.

To permanently disable SearchQu add-ons in Internet Explorer:
Open Internet Explorer
Click the Tools button, and then click: Manage Add-ons Under Show, click All add-ons.
Click the add-on you want to disable, and then click: Disable
Repeat the above step for every add-on you want to disable.
When finished, click: Close

Now, to change your Home page in Internet Explorer…
Go to Tools > Internet Options
Select the General tab
Click the Use default button, or, enter the website of your choice, instead of searchqu.com.
Click: Apply > OK to save the changes.

To change your Home page in FireFox, go to Tools > Options
Under the General tab, reset the startup homepage, or, change it to the website of your choice, instead of searchqu.com.

After doing the above, are you still having SearchQu/SearchNu problems?