njoki13 Posted May 18, 2012 ID:552524 Share Posted May 18, 2012 oh i just wanna cry right now. someone please help me. i also have this freakin 'searchnu' on my laptop. I am not a tech person so i need instruction on how to remove it form my pc. I tried uninstalling it but it was a total fail. i tried the dds.scr but i now dont know what to do with that. below was is what was on the notepad. there was also another notepad attachment but i cannot make a zip for it..DDS (Ver_2011-08-26.01) - NTFSx86Internet Explorer: 9.0.8112.16421Run by njoki at 1:24:40 on 2012-05-18Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3032.2044 [GMT -4:00].AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exeC:\Program Files\McAfee\Common Framework\FrameworkService.exeC:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exeC:\Windows\system32\mfevtps.exeC:\Program Files\McAfee\Common Framework\naPrdMgr.exeC:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exeC:\Program Files\McAfee\VirusScan Enterprise\mfeann.exeC:\Windows\system32\conhost.exeC:\Windows\system32\WUDFHost.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\system32\svchost.exe -k SDRSVCC:\Windows\servicing\TrustedInstaller.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\McAfee\VirusScan Enterprise\shstat.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\McAfee\Common Framework\McTray.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\conhost.exeC:\Windows\system32\wbem\wmiprvse.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.searchnu.com/406BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dllBHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dllBHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dlluRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrunuRun: [Facebook Update] "c:\users\njoki\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashservermRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKeymRun: [shStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONEmRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osbootmRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"mRunOnce: [removeSearchqudatamngr] cmd.exe /c RD /S /Q "c:\program files\Searchqu Toolbar"mRunOnce: [removeSearchqutoolbar] cmd.exe /c RD /S /Q "c:\program files\searchqu toolbar\datamngr\ToolBar"mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLLTCP: DhcpNameServer = 192.168.1.1TCP: Interfaces\{0FE2C5DB-1463-4279-BD9E-E4DBA5D129C1} : DhcpNameServer = 192.168.1.1TCP: Interfaces\{0FE2C5DB-1463-4279-BD9E-E4DBA5D129C1}\14C65687028457E6475627723702D4163624F6F6B6020527F6 : DhcpNameServer = 10.0.2.1TCP: Interfaces\{0FE2C5DB-1463-4279-BD9E-E4DBA5D129C1}\2375942554230383 : DhcpNameServer = 192.168.1.254TCP: Interfaces\{0FE2C5DB-1463-4279-BD9E-E4DBA5D129C1}\2375942554438333 : DhcpNameServer = 192.168.1.254TCP: Interfaces\{0FE2C5DB-1463-4279-BD9E-E4DBA5D129C1}\36964797023747164756 : DhcpNameServer = 75.75.76.76 75.75.75.75 192.168.1.1 75.75.76.76 75.75.75.75TCP: Interfaces\{0FE2C5DB-1463-4279-BD9E-E4DBA5D129C1}\55451477962756C6563737023556475707 : DhcpNameServer = 129.107.31.80 129.107.45.80 129.107.62.80TCP: Interfaces\{0FE2C5DB-1463-4279-BD9E-E4DBA5D129C1}\C696E6B6379737 : DhcpNameServer = 192.168.1.1 209.18.47.61 209.18.47.62Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLLAppInit_DLLs: SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll.================= FIREFOX ===================.FF - ProfilePath - c:\users\njoki\appdata\roaming\mozilla\firefox\profiles\tl14sjnt.default\FF - prefs.js: browser.startup.homepage - hxxp://www.searchnu.com/406FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=360&systemid=406&sr=0&q=FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dllFF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dllFF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dllFF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dllFF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dllFF - plugin: c:\users\njoki\appdata\local\facebook\video\skype\npFacebookVideoCalling.dllFF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll.============= SERVICES / DRIVERS ===============.R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-12-20 343664]R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-12-20 91672]R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-12-20 43288]S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-12-20 65448].=============== Created Last 30 ================.2012-05-17 17:06:09 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e85291d6-fafd-48f7-a1b1-f479b4a578fa}\offreg.dll2012-05-15 23:42:34 6734704 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e85291d6-fafd-48f7-a1b1-f479b4a578fa}\mpengine.dll2012-05-15 19:48:57 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe2012-05-15 05:27:34 -------- d-----w- c:\program files\Mozilla Maintenance Service2012-05-15 05:27:28 588728 ----a-w- c:\program files\mozilla firefox\gkmedias.dll2012-05-15 05:27:27 43960 ----a-w- c:\program files\mozilla firefox\mozglue.dll2012-05-15 05:27:27 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe2012-05-15 05:27:27 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe2012-05-15 01:07:51 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys2012-05-15 01:07:48 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll2012-05-15 01:07:47 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL2012-05-15 01:07:46 989184 ----a-w- c:\program files\windows journal\JNTFiltr.dll2012-05-15 01:07:45 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll2012-05-15 01:07:38 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe2012-05-15 01:07:37 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe2012-05-15 01:07:36 2343424 ----a-w- c:\windows\system32\win32k.sys2012-05-15 01:07:26 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys2012-05-15 01:07:24 1077248 ----a-w- c:\windows\system32\DWrite.dll2012-04-23 00:08:52 -------- d-----w- c:\users\njoki\appdata\local\Ilivid Player2012-04-23 00:08:13 -------- d-----w- c:\program files\iLivid2012-04-23 00:06:52 -------- d-----w- c:\programdata\boost_interprocess2012-04-23 00:06:51 -------- d-----w- c:\program files\Searchqu Toolbar2012-04-22 05:23:25 -------- d-----w- c:\users\njoki\appdata\local\Facebook.==================== Find3M ====================.2012-05-15 20:44:05 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-03-01 05:46:57 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys2012-03-01 05:37:41 172544 ----a-w- c:\windows\system32\wintrust.dll2012-03-01 05:33:23 159232 ----a-w- c:\windows\system32\imagehlp.dll2012-03-01 05:29:16 5120 ----a-w- c:\windows\system32\wmi.dll2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb2012-02-23 15:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe.============= FINISH: 1:26:08.65 =============== Link to post Share on other sites More sharing options...
MrCharlie Posted May 18, 2012 ID:552579 Share Posted May 18, 2012 Welcome to the forum.Following this guide usually works:http://deletemalware.blogspot.ca/2012/04/remove-searchnu-uninstall-guide.htmlDon't download any of the scanners they recommend!When done, reboot and run another OTL scan.(Attach.txt)Please let me know, MrC Link to post Share on other sites More sharing options...
MrCharlie Posted May 21, 2012 ID:553242 Share Posted May 21, 2012 How are we doing??Do you still need help or can I close this post??MrC Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 22, 2012 ID:553563 Share Posted May 22, 2012 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts