Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

searchnu virus

Started by butterrice , Aug 25 2012 11:57 PM

  • Please log in to reply

#1
butterrice
Posted 25 August 2012 - 11:57 PM

butterrice

    Member

  • Member
  • PipPipPip
  • 403 posts
I have an Acer Travelmate with Windows 7. I seem to be infected by the Searchnu 406 Virus. I have ran TFC, Malwarebytes, SuperAntispyware, Bitdefender online scanner, Eset online scanner, and Microsoft Security Essentials. I have removed it's components from the Add/remove program, but it still seems to be in my browsers.

Here is the OTL log:

OTL logfile created on: 8/25/2012 10:41:18 PM - Run 1
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\Bea\Downloads
Home Basic Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.18 Mb Total Physical Memory | 122.20 Mb Available Physical Memory | 12.05% Memory free
1.99 Gb Paging File | 0.99 Gb Available in Paging File | 49.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 64.20 Gb Free Space | 57.43% Space Free | Partition Type: NTFS
Drive E: | 3.83 Gb Total Space | 3.83 Gb Free Space | 100.00% Space Free | Partition Type: FAT32

Computer Name: BEA-PC | User Name: Bea | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/25 22:40:51 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Bea\Downloads\OTL.exe
PRC - [2012/08/15 00:26:55 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
PRC - [2012/07/28 19:24:55 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,258,712 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MpCmdRun.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2011/10/01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/27 13:37:18 | 000,025,256 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddamon.exe
PRC - [2009/04/27 13:37:16 | 000,291,496 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddmon.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/05/25 09:41:38 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxddcoms.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/15 00:26:53 | 009,465,032 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_271.dll
MOD - [2012/07/28 19:24:38 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/07/01 18:03:53 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/07/01 18:03:20 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/07/01 18:03:06 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/07/01 18:02:56 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/07/01 18:02:49 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/07/01 18:02:43 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/07/01 18:02:33 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/04/27 13:37:18 | 000,025,256 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddamon.exe
MOD - [2009/04/27 13:37:16 | 000,291,496 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddmon.exe
MOD - [2008/05/16 12:35:22 | 000,040,960 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.Monitor.Core.dll
MOD - [2008/05/16 12:35:22 | 000,028,672 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.Monitor.Common.dll
MOD - [2008/05/16 12:34:18 | 000,057,344 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.DevMons.MCMDevMon.dll
MOD - [2007/04/30 08:20:26 | 000,011,776 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.DevMons.MCMDevMon.AutoPlayUtil.dll
MOD - [2007/04/30 08:19:52 | 000,020,480 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.DevMons.ScanDevMon.dll
MOD - [2007/04/30 08:19:48 | 000,020,480 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.DevMons.NetworkCardDevMon.dll
MOD - [2007/03/06 08:16:48 | 000,589,824 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxdddatr.dll
MOD - [2007/01/09 17:10:06 | 000,278,528 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddscw.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/08/15 00:29:15 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/12 05:56:40 | 000,107,520 | ---- | M] () [Auto | Stopped] -- C:\Users\Rebecca for Ipod\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe -- (DefaultTabUpdate)
SRV - [2012/07/28 19:24:54 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/10/01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/05/25 09:41:54 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe -- (lxddCATSCustConnectService)
SRV - [2007/05/25 09:41:38 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxddcoms.exe -- (lxdd_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E614F164-AB11-464A-8F7E-ED28E1F6AB7C}\MpKsl42db2632.sys -- (MpKsl42db2632)
DRV - [2012/06/30 00:45:52 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\41384646.sys -- (41384646)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/10/01 08:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011/10/01 08:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011/10/01 08:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011/10/01 08:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2011/09/14 09:58:38 | 000,319,264 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/02/11 05:35:44 | 000,728,064 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8192cu.sys -- (RTL8192cu)
DRV - [2010/11/20 02:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 01:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/06/19 11:44:14 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2004/10/08 10:51:08 | 001,270,540 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = http://dts.search-re...q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchnu.com/410
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 03 D2 FE 29 3C CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.searchnu.com/410"
FF - prefs.js..keyword.URL: "http://dts.search-re...id=410&sr=0&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Bea\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Bea\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/28 19:24:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/20 19:22:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/28 19:24:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/20 19:22:43 | 000,000,000 | ---D | M]

[2012/08/20 22:52:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bea\AppData\Roaming\Mozilla\Extensions
[2012/08/25 22:22:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bea\AppData\Roaming\Mozilla\Firefox\Profiles\zcthndkd.default\extensions
[2012/06/04 18:41:49 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Bea\AppData\Roaming\Mozilla\Firefox\Profiles\zcthndkd.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/08/01 00:17:37 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Bea\AppData\Roaming\Mozilla\Firefox\Profiles\zcthndkd.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2012/08/25 22:22:28 | 000,000,000 | ---D | M] ("SavingsApp") -- C:\Users\Bea\AppData\Roaming\Mozilla\Firefox\Profiles\zcthndkd.default\extensions\[email protected]
[2012/08/19 21:21:05 | 000,002,519 | ---- | M] () -- C:\Users\Bea\AppData\Roaming\Mozilla\Firefox\Profiles\zcthndkd.default\searchplugins\Search_Results.xml
[2012/08/20 22:52:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/28 19:24:56 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/07/04 15:59:02 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/07/05 23:40:43 | 000,000,686 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\searchresultstb.xml
[2012/08/19 21:21:05 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012/07/04 15:59:02 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Bea\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Bea\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Bea\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Bea\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: WOT = C:\Users\Bea\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.3.1_0\
CHR - Extension: YouTube = C:\Users\Bea\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Bea\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: We-Care.com Reminder = C:\Users\Bea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.27_0\
CHR - Extension: DefaultTab = C:\Users\Bea\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.8_0\
CHR - Extension: Gmail = C:\Users\Bea\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/05/27 20:07:17 | 000,000,864 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 validation.sls.microsoft.com
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Rebecca for Ipod\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~2\Datamngr\ToolBar\searchqudtx.dll File not found
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~2\Datamngr\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O4 - HKLM..\Run: [lxddamon] C:\Program Files\Lexmark 2500 Series\lxddamon.exe ()
O4 - HKLM..\Run: [lxddmon.exe] C:\Program Files\Lexmark 2500 Series\lxddmon.exe ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Bea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_13577808.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EAE02274-777A-4FFC-8B22-B0D34381BAA5}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/19 21:21:07 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012/08/19 21:20:34 | 000,479,232 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudioVisu.dll
[2012/08/19 21:20:34 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\WMAFile.dll
[2012/08/19 21:20:33 | 001,212,416 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudioInfos.dll
[2012/08/19 21:20:33 | 000,458,752 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudPlayer.dll
[2012/08/19 21:20:33 | 000,454,656 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudioRecord.dll
[2012/08/19 21:20:32 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudFile.dll
[2012/08/19 21:20:32 | 000,417,792 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudDisplay.dll
[2012/08/19 21:20:31 | 002,084,864 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudDesign.dll
[2012/08/19 21:20:24 | 000,000,000 | ---D | C] -- C:\Users\Bea\AppData\Roaming\FreeAudioPack
[2012/08/19 21:20:24 | 000,000,000 | ---D | C] -- C:\Program Files\Free mp3 Wma Converter
[2012/08/12 05:57:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/08/12 05:57:38 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/08/12 05:57:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2012/08/12 05:56:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2012/08/12 05:56:39 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo
[2012/08/12 05:56:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/08/12 05:55:56 | 000,000,000 | ---D | C] -- C:\Program Files\Free Offers from Freeze.com
[2012/08/12 05:55:52 | 000,000,000 | ---D | C] -- C:\ProgramData\WeCareReminder
[2012/08/12 05:55:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2012/08/12 05:55:13 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2012/08/03 22:22:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/08/03 22:22:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/08/01 00:17:43 | 000,000,000 | ---D | C] -- C:\Users\Bea\AppData\Roaming\QuickScan
[2012/07/30 18:43:37 | 000,000,000 | ---D | C] -- C:\Users\Bea\AppData\Roaming\Lexmark Productivity Studio
[2012/07/30 18:39:11 | 000,000,000 | ---D | C] -- C:\Program Files\Lx_cats
[2012/07/30 18:38:45 | 000,000,000 | ---D | C] -- C:\logs
[2012/07/30 18:35:12 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark Toolbar
[2012/07/30 18:33:07 | 000,000,000 | ---D | C] -- C:\lexmark
[2012/07/30 18:25:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark 2500 Series
[2012/07/30 18:25:49 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark 2500 Series
[2012/07/30 18:25:10 | 000,000,000 | ---D | C] -- C:\drivers

========== Files - Modified Within 30 Days ==========

[2012/08/25 22:29:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/25 22:26:55 | 000,014,512 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/25 22:26:55 | 000,014,512 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/25 22:19:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/25 22:18:52 | 797,577,216 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/25 06:19:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3621547231-3342464628-1144188245-1000UA.job
[2012/08/25 00:07:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3621547231-3342464628-1144188245-1000Core.job
[2012/08/19 21:20:34 | 000,001,162 | ---- | M] () -- C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.lnk
[2012/08/18 13:03:58 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2012/08/15 03:25:18 | 000,257,736 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/08/11 03:07:47 | 000,626,722 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/11 03:07:47 | 000,107,708 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/30 20:21:04 | 000,000,260 | ---- | M] () -- C:\ProgramData\lxdd
[2012/07/30 18:44:38 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\Lexmark Imaging Studio - 2500 Series.LNK
[2012/07/30 18:39:02 | 000,062,446 | ---- | M] () -- C:\Windows\System32\LexFiles.ulf

========== Files Created - No Company Name ==========

[2012/08/19 21:20:34 | 000,116,296 | ---- | C] () -- C:\Windows\System32\NCTWMAProfiles.prx
[2012/08/19 21:20:34 | 000,001,162 | ---- | C] () -- C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.lnk
[2012/08/18 13:03:58 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2012/08/15 00:26:57 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/30 19:24:01 | 000,000,260 | ---- | C] () -- C:\ProgramData\lxdd
[2012/07/30 18:44:38 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\Lexmark Imaging Studio - 2500 Series.LNK
[2012/07/30 18:34:25 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxddinpa.dll
[2012/07/30 18:34:25 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxddiesc.dll
[2012/07/30 18:34:25 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXDDhcp.dll
[2012/07/30 18:34:25 | 000,286,720 | ---- | C] () -- C:\Windows\System32\LXDDinst.dll
[2012/07/30 18:34:24 | 001,232,896 | ---- | C] ( ) -- C:\Windows\System32\lxddserv.dll
[2012/07/30 18:34:24 | 000,999,424 | ---- | C] ( ) -- C:\Windows\System32\lxddusb1.dll
[2012/07/30 18:34:23 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxddpmui.dll
[2012/07/30 18:34:23 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxddprox.dll
[2012/07/30 18:34:23 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxddpplc.dll
[2012/07/30 18:34:22 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxddlmpm.dll
[2012/07/30 18:34:22 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxddih.exe
[2012/07/30 18:34:21 | 000,700,416 | ---- | C] ( ) -- C:\Windows\System32\lxddhbn3.dll
[2012/07/30 18:34:21 | 000,646,455 | ---- | C] () -- C:\Windows\System32\lxddhelp.chm
[2012/07/30 18:34:21 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxddgrd.dll
[2012/07/30 18:34:20 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxddcoms.exe
[2012/07/30 18:34:19 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxddcomc.dll
[2012/07/30 18:34:19 | 000,425,984 | ---- | C] ( ) -- C:\Windows\System32\lxddcomm.dll
[2012/07/30 18:34:18 | 000,394,160 | ---- | C] ( ) -- C:\Windows\System32\lxddcfg.exe
[2012/07/30 18:34:18 | 000,001,932 | ---- | C] () -- C:\Windows\System32\lxdd.loc
[2012/07/30 18:25:56 | 000,062,446 | ---- | C] () -- C:\Windows\System32\LexFiles.ulf
[2012/07/30 18:25:49 | 000,000,494 | ---- | C] () -- C:\Windows\System32\lxddplc.ini
[2012/05/26 23:33:31 | 000,150,996 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT

========== LOP Check ==========

[2012/05/27 22:06:24 | 000,000,000 | ---D | M] -- C:\Users\Bea\AppData\Roaming\Auslogics
[2012/06/16 22:50:47 | 000,000,000 | ---D | M] -- C:\Users\Bea\AppData\Roaming\Foxit Software
[2012/08/19 21:21:29 | 000,000,000 | ---D | M] -- C:\Users\Bea\AppData\Roaming\FreeAudioPack
[2012/07/30 18:43:37 | 000,000,000 | ---D | M] -- C:\Users\Bea\AppData\Roaming\Lexmark Productivity Studio
[2012/08/21 23:08:30 | 000,000,000 | ---D | M] -- C:\Users\Bea\AppData\Roaming\QuickScan
[2012/07/31 11:36:08 | 000,000,000 | ---D | M] -- C:\Users\Bea\AppData\Roaming\SoftGrid Client
[2012/05/27 20:22:57 | 000,000,000 | ---D | M] -- C:\Users\Bea\AppData\Roaming\TP
[2012/08/12 03:12:50 | 000,011,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >
  • 0

Advertisements

#2
RKinner
Posted 26 August 2012 - 01:13 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c


:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchnu.com/410
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = http://dts.search-re...q={searchTerms}
FF - prefs.js..browser.startup.homepage: "http://www.searchnu.com/410"
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=134&systemid=410&sr=0&q="
[2012/08/25 22:22:28 | 000,000,000 | ---D | M] ("SavingsApp") -- C:\Users\Bea\AppData\Roaming\Mozilla\Firefox\Profiles\zcthndkd.default\extensions\[email protected]
[2012/08/19 21:21:05 | 000,002,519 | ---- | M] () -- C:\Users\Bea\AppData\Roaming\Mozilla\Firefox\Profiles\zcthndkd.default\searchplugins\Search_Results.xml
[2012/07/05 23:40:43 | 000,000,686 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\searchresultstb.xml
[2012/08/19 21:21:05 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012/07/04 15:59:02 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~2\Datamngr\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~2\Datamngr\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - Startup: C:\Users\Bea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_13577808.lnk = File not found

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and then close all browsers then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.
It appears that Old Timer is now hiding the log in c:\_OTL\RemovedFiles\08262012-some number.log.

Do you still see searchnu?

Ron
  • 0

#3
butterrice
Posted 26 August 2012 - 10:30 AM

butterrice

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 403 posts
Searchnu is gone! THank you!

Here is the log:

========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}\ not found.
Prefs.js: "http://www.searchnu.com/410" removed from browser.startup.homepage
Prefs.js: "http://dts.search-re...id=410&sr=0&q=" removed from keyword.URL
C:\Users\Bea\AppData\Roaming\Mozilla\Firefox\Profiles\zcthndkd.default\extensions\[email protected]\skin folder moved successfully.
C:\Users\Bea\AppData\Roaming\Mozilla\Firefox\Profiles\zcthndkd.default\extensions\[email protected]\locale\en-US folder moved successfully.
C:\Users\Bea\AppData\Roaming\Mozilla\Firefox\Profiles\zcthndkd.default\extensions\[email protected]\locale folder moved successfully.
C:\Users\Bea\AppData\Roaming\Mozilla\Firefox\Profiles\zcthndkd.default\extensions\[email protected]\defaults\preferences folder moved successfully.
C:\Users\Bea\AppData\Roaming\Mozilla\Firefox\Profiles\zcthndkd.default\extensions\[email protected]\defaults folder moved successfully.
C:\Users\Bea\AppData\Roaming\Mozilla\Firefox\Profiles\zcthndkd.default\extensions\[email protected]\chrome\content folder moved successfully.
C:\Users\Bea\AppData\Roaming\Mozilla\Firefox\Profiles\zcthndkd.default\extensions\[email protected]\chrome folder moved successfully.
C:\Users\Bea\AppData\Roaming\Mozilla\Firefox\Profiles\zcthndkd.default\extensions\[email protected] folder moved successfully.
C:\Users\Bea\AppData\Roaming\Mozilla\Firefox\Profiles\zcthndkd.default\searchplugins\Search_Results.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\searchresultstb.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\Search_Results.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\twitter.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll moved successfully.
C:\Users\Bea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_13577808.lnk moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Bea
->Flash cache emptied: 2687 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Rebecca for Ipod
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Bea
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Public

User: Rebecca for Ipod
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.58.1 log created on 08262012_121306
  • 0

#4
butterrice
Posted 26 August 2012 - 10:32 AM

butterrice

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 403 posts
I have now two icons that are faded on my desktop labeled "Desktop.ini". I'm able to click on them - contents are:


[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769
IconResource=%SystemRoot%\system32\imageres.dll,-183

AND


[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21799

Is this something I can just delete?
  • 0

#5
RKinner
Posted 26 August 2012 - 11:27 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
They are just normally hidden system files. I think if you run OTL again and click on the Cleanup tab it will hide those for you.
  • 0

#6
butterrice
Posted 26 August 2012 - 11:44 AM

butterrice

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 403 posts
They're gone now too! Thank you so much for your help!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP