u-search hijacker?

Hello,
I have this problem for 2 days or so...
Every time I open Firefox, instead of google.com it opens "http://u-search.net/?a=1&e=1". Even if I set it back to google.com, it automatically sets back to "http://u-search.net/?a=1&e=1", also every new tab I open is u-search.
when I googled how to deal with this problem, I've found articles, that this "u-search" thing not just changes my homepage, it also gathers my information.
example: View topic - How to Remove u-search.net? (Browser Hijacker Virus Removal Guide)- AnviSoft or Remove u-search.net (Uninstall Guide)
now that I think of it, I did downloaded "free youtube downloader" and "grooveshark" downloader" :( (I have no idea are thous programs are legal, since they popped up in first google search page by typing "youtube downloader")

P.S.
pc restarted itself with blue screen 2 times when I ran gmer.exe, it never happened before, ever.


DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.13.2
Run by MM at 14:10:19 on 2013-03-07
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3583.2511 [GMT 2:00]
.
AV: ESET NOD32 Antivirus 6.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 6.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Razer\Synapse\RzSynapse.exe
C:\Program Files\Razer\Naga\RazerNagaSysTray.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Steam\steam.exe
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\explorer.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://u-search.net/?a=1&e=1
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [Spybot-S&D Cleaning] "c:\program files\spybot - search & destroy 2\SDCleaner.exe" /autoclean
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Razer Synapse] "c:\program files\razer\synapse\RzSynapse.exe"
mRun: [Razer Naga Driver] c:\program files\razer\naga\RazerNagaSysTray.exe
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 212.59.2.2 212.59.1.1
TCP: Interfaces\{05F8114A-71E6-424C-8970-363A8B0818CF} : DHCPNameServer = 212.59.2.2 212.59.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mm\appdata\roaming\mozilla\firefox\profiles\en5at2od.default\
FF - prefs.js: browser.search.defaulturl - hxxp://u-search.net/?a=1&e=2&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://u-search.net/?a=1&e=1
FF - prefs.js: keyword.URL - hxxp://u-search.net/?a=1&e=2&q=
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_168.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2013-01-21 13:41; {7473b6bd-4691-4744-a82b-7854eb3d70b6}; c:\users\mm\appdata\roaming\mozilla\firefox\profiles\en5at2od.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
.
---- FIREFOX POLICIES ----
FF - user.js: browser.search.defaultengine - u-Search
FF - user.js: browser.search.defaultenginename - u-Search
FF - user.js: browser.search.order.1 - u-Search
FF - user.js: browser.newtab.url - hxxp://u-search.net/?a=1&e=1
FF - user.js: browser.startup.homepage - hxxp://u-search.net/?a=1&e=1
FF - user.js: browser.search.defaulturl - hxxp://u-search.net/?a=1&e=2&q=
FF - user.js: keyword.URL - hxxp://u-search.net/?a=1&e=2&q=
.
============= SERVICES / DRIVERS ===============
.
R1 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2012-10-23 170656]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2012-11-26 1329304]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2012-10-23 104712]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-3-6 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-3-6 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-3-6 168384]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-12-29 383416]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
R3 rzudd;Razer Keyboard Driver;c:\windows\system32\drivers\rzudd.sys [2012-11-7 94592]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2009-9-19 98432]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2009-9-19 14848]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2009-9-19 123648]
S3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\drivers\ss_bserd.sys [2009-9-19 100224]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2013-1-22 1343400]
.
=============== Created Last 30 ================
.
2013-03-07 12:01:40 60872 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b4990fab-9311-40ff-9657-27458ce4bde3}\offreg.dll
2013-03-07 11:53:44 737072 ----a-w- c:\programdata\microsoft\ehome\packages\sportsv2\sportstemplatecore\Microsoft.MediaCenter.Sports.UI.dll
2013-03-07 11:43:24 2876528 ----a-w- c:\programdata\microsoft\ehome\packages\mceclientux\updateablemarkup\markup.dll
2013-03-07 11:43:12 42776 ----a-w- c:\programdata\microsoft\ehome\packages\mceclientux\dsm\StartResources.dll
2013-03-07 11:43:03 539984 ----a-w- c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
2013-03-07 11:40:19 -------- d-----w- c:\programdata\Nero
2013-03-06 09:58:14 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-03-06 09:58:07 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-03-06 09:58:04 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-03-06 09:57:29 -------- d-----w- c:\users\mm\appdata\local\Programs
2013-03-06 09:33:07 -------- d-----w- c:\program files\Enigma Software Group
2013-03-06 09:32:48 -------- d-----w- c:\windows\D8167CA8236B4334B77DF388F494EE18.TMP
2013-03-06 09:32:48 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2013-03-05 18:39:03 6954968 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b4990fab-9311-40ff-9657-27458ce4bde3}\mpengine.dll
2013-03-04 21:52:19 -------- d-----w- c:\users\mm\appdata\roaming\Groovedown_Uninstall
2013-03-04 21:52:19 -------- d-----w- c:\users\mm\appdata\roaming\Groovedown
2013-03-04 21:40:58 -------- d-----w- c:\program files\Nero
2013-03-04 21:27:24 -------- d-----w- c:\programdata\YTD Video Downloader
2013-03-04 21:27:22 -------- d-----w- c:\program files\GreenTree Applications
2013-02-25 08:54:35 -------- d-----w- c:\users\mm\appdata\roaming\iMobie
2013-02-25 08:54:29 -------- d-----w- c:\program files\iMobie
2013-02-19 13:13:09 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-02-19 13:13:09 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-19 13:12:59 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-18 20:32:38 -------- d-----w- c:\users\mm\appdata\local\ElevatedDiagnostics
2013-02-18 12:02:58 962612 ----a-w- c:\windows\system32\mfc42d.dll
2013-02-18 12:02:58 434252 ----a-w- c:\windows\system32\MSVCRTD.DLL
2013-02-18 12:02:49 24576 ----a-w- c:\windows\system32\AsIO.dll
2013-02-18 12:02:49 12400 ----a-w- c:\windows\system32\drivers\AsIO.sys
2013-02-18 12:02:46 -------- d-----w- c:\program files\ASUS
2013-02-16 23:59:41 -------- d-----w- c:\windows\CheckSur
2013-02-13 06:26:35 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-02-13 06:26:29 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-02-13 06:26:28 3913064 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-13 06:26:27 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-13 06:26:27 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-13 06:26:26 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-02-05 16:16:34 -------- d-----w- c:\program files\CCleaner
.
==================== Find3M ====================
.
2013-02-18 12:00:25 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-18 12:00:25 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-16 23:28:58 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-13 21:17:03 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17:02 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16:42 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12:46 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11:21 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11:08 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11:07 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31:00 1247744 ----a-w- c:\windows\system32\DWrite.dll
2013-01-13 20:30:34 906240 ----a-w- c:\windows\system32\FntCache.dll
2013-01-13 20:22:22 1988096 ----a-w- c:\windows\system32\d3d10warp.dll
2013-01-13 20:20:31 293376 ----a-w- c:\windows\system32\dxgi.dll
2013-01-13 20:09:00 249856 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-01-13 20:08:43 220160 ----a-w- c:\windows\system32\d3d10core.dll
2013-01-13 20:08:35 1504768 ----a-w- c:\windows\system32\d3d11.dll
2013-01-13 19:54:01 604160 ----a-w- c:\windows\system32\d3d10level9.dll
2013-01-13 19:53:58 207872 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-01-13 19:53:14 187392 ----a-w- c:\windows\system32\UIAnimation.dll
2013-01-13 19:48:47 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2013-01-13 19:46:25 1080832 ----a-w- c:\windows\system32\d3d10.dll
2013-01-13 19:43:21 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-01-13 19:37:57 3419136 ----a-w- c:\windows\system32\d2d1.dll
2013-01-13 19:02:06 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2013-01-13 18:34:58 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-01-13 17:26:42 1158144 ----a-w- c:\windows\system32\XpsPrint.dll
2013-01-08 22:11:21 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-01-08 22:03:20 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-01-08 22:03:12 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-01-08 21:59:02 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-01-08 21:58:29 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-01-08 21:56:23 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-01-04 06:11:21 2284544 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2012-12-29 10:26:54 8904632 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-12-29 10:26:54 889784 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-12-29 10:26:54 7931896 ----a-w- c:\windows\system32\nvcuda.dll
2012-12-29 10:26:54 6263784 ----a-w- c:\windows\system32\nvopencl.dll
2012-12-29 10:26:54 2720696 ----a-w- c:\windows\system32\nvcuvid.dll
2012-12-29 10:26:54 2504248 ----a-w- c:\windows\system32\nvapi.dll
2012-12-29 10:26:54 20450232 ----a-w- c:\windows\system32\nvoglv32.dll
2012-12-29 10:26:54 1985976 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-12-29 10:26:54 17560504 ----a-w- c:\windows\system32\nvcompiler.dll
2012-12-29 10:26:54 15129064 ----a-w- c:\windows\system32\nvd3dum.dll
2012-12-29 10:26:54 12641120 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-12-29 10:26:54 1017272 ----a-w- c:\windows\system32\nvdispco32.dll
2012-12-29 08:26:22 4129720 ----a-w- c:\windows\system32\nvcpl.dll
2012-12-29 08:26:22 3001272 ----a-w- c:\windows\system32\nvsvc.dll
2012-12-29 08:25:57 639928 ----a-w- c:\windows\system32\nvvsvc.exe
2012-12-29 08:25:57 62904 ----a-w- c:\windows\system32\nvshext.dll
2012-12-29 08:25:57 108984 ----a-w- c:\windows\system32\nvmctray.dll
2012-12-29 00:54:24 550328 ----a-w- c:\windows\system32\nvStreaming.exe
2012-12-16 14:13:28 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-07 12:26:17 308736 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- c:\windows\system32\gameux.dll
.
============= FINISH: 14:10:28.91 ===============

Hope you can help me guys,
Thanks.

Attached Files

attach.zip (2.9 KB)