Jump to content

njoki13


Recommended Posts

oh i just wanna cry right now. someone please help me. i also have this freakin 'searchnu' on my laptop. I am not a tech person so i need instruction on how to remove it form my pc. I tried uninstalling it but it was a total fail. i tried the dds.scr but i now dont know what to do with that. below was is what was on the notepad. there was also another notepad attachment but i cannot make a zip for it.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by njoki at 1:24:40 on 2012-05-18

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3032.2044 [GMT -4:00]

.

AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

C:\Windows\system32\mfevtps.exe

C:\Program Files\McAfee\Common Framework\naPrdMgr.exe

C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.searchnu.com/406

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun

uRun: [Facebook Update] "c:\users\njoki\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey

mRun: [shStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRunOnce: [removeSearchqudatamngr] cmd.exe /c RD /S /Q "c:\program files\Searchqu Toolbar"

mRunOnce: [removeSearchqutoolbar] cmd.exe /c RD /S /Q "c:\program files\searchqu toolbar\datamngr\ToolBar"

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{0FE2C5DB-1463-4279-BD9E-E4DBA5D129C1} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{0FE2C5DB-1463-4279-BD9E-E4DBA5D129C1}\14C65687028457E6475627723702D4163624F6F6B6020527F6 : DhcpNameServer = 10.0.2.1

TCP: Interfaces\{0FE2C5DB-1463-4279-BD9E-E4DBA5D129C1}\2375942554230383 : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{0FE2C5DB-1463-4279-BD9E-E4DBA5D129C1}\2375942554438333 : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{0FE2C5DB-1463-4279-BD9E-E4DBA5D129C1}\36964797023747164756 : DhcpNameServer = 75.75.76.76 75.75.75.75 192.168.1.1 75.75.76.76 75.75.75.75

TCP: Interfaces\{0FE2C5DB-1463-4279-BD9E-E4DBA5D129C1}\55451477962756C6563737023556475707 : DhcpNameServer = 129.107.31.80 129.107.45.80 129.107.62.80

TCP: Interfaces\{0FE2C5DB-1463-4279-BD9E-E4DBA5D129C1}\C696E6B6379737 : DhcpNameServer = 192.168.1.1 209.18.47.61 209.18.47.62

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

AppInit_DLLs:

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\njoki\appdata\roaming\mozilla\firefox\profiles\tl14sjnt.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.searchnu.com/406

FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=360&systemid=406&sr=0&q=

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\users\njoki\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-12-20 343664]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-12-20 91672]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-12-20 43288]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-12-20 65448]

.

=============== Created Last 30 ================

.

2012-05-17 17:06:09 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e85291d6-fafd-48f7-a1b1-f479b4a578fa}\offreg.dll

2012-05-15 23:42:34 6734704 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e85291d6-fafd-48f7-a1b1-f479b4a578fa}\mpengine.dll

2012-05-15 19:48:57 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-05-15 05:27:34 -------- d-----w- c:\program files\Mozilla Maintenance Service

2012-05-15 05:27:28 588728 ----a-w- c:\program files\mozilla firefox\gkmedias.dll

2012-05-15 05:27:27 43960 ----a-w- c:\program files\mozilla firefox\mozglue.dll

2012-05-15 05:27:27 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe

2012-05-15 05:27:27 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe

2012-05-15 01:07:51 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-05-15 01:07:48 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll

2012-05-15 01:07:47 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL

2012-05-15 01:07:46 989184 ----a-w- c:\program files\windows journal\JNTFiltr.dll

2012-05-15 01:07:45 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll

2012-05-15 01:07:38 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-15 01:07:37 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-15 01:07:36 2343424 ----a-w- c:\windows\system32\win32k.sys

2012-05-15 01:07:26 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-05-15 01:07:24 1077248 ----a-w- c:\windows\system32\DWrite.dll

2012-04-23 00:08:52 -------- d-----w- c:\users\njoki\appdata\local\Ilivid Player

2012-04-23 00:08:13 -------- d-----w- c:\program files\iLivid

2012-04-23 00:06:52 -------- d-----w- c:\programdata\boost_interprocess

2012-04-23 00:06:51 -------- d-----w- c:\program files\Searchqu Toolbar

2012-04-22 05:23:25 -------- d-----w- c:\users\njoki\appdata\local\Facebook

.

==================== Find3M ====================

.

2012-05-15 20:44:05 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-03-01 05:46:57 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-03-01 05:37:41 172544 ----a-w- c:\windows\system32\wintrust.dll

2012-03-01 05:33:23 159232 ----a-w- c:\windows\system32\imagehlp.dll

2012-03-01 05:29:16 5120 ----a-w- c:\windows\system32\wmi.dll

2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll

2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll

2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-02-23 15:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe

.

============= FINISH: 1:26:08.65 ===============

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.