Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help removing searchqu firefox hijack

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Help removing searchqu firefox hijack

Unread postby thesuker » August 19th, 2011, 6:06 am

my firefox browser has been hijacked by searchqu and i can't remove it. here's the DDS log:

DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_25
Run by Administrador at 11:58:15 on 2011-08-19
Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.2046.1441 [GMT 2:00]
============== Running Processes ===============
E:\WINDOWS\system32\svchost -k DcomLaunch
E:\WINDOWS\System32\svchost.exe -k netsvcs
E:\Archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe
E:\Archivos de programa\Canon\MyPrinter\BJMyPrt.exe
E:\Archivos de programa\Canon\Solution Menu EX\CNSEMAIN.EXE
E:\Archivos de programa\LogMeIn Hamachi\hamachi-2-ui.exe
E:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe
E:\Archivos de programa\SUPERAntiSpyware\SASCORE.EXE
E:\Archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe
E:\Archivos de programa\LogMeIn Hamachi\hamachi-2.exe
E:\Archivos de programa\Canon\IJPLM\IJPLMSVC.EXE
E:\Archivos de programa\Java\jre6\bin\jqs.exe
E:\WINDOWS\system32\svchost.exe -k imgsvc
E:\Archivos de programa\Mozilla Firefox\firefox.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.busca7.com/
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - e:\archivos de programa\archivos comunes\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: UrlHelper Class: {a40dc6c5-79d0-4ca8-a185-8ff989af1115} - e:\archiv~1\wi9130~1\datamngr\IEBHO.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - e:\archivos de programa\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - e:\archivos de programa\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: BandooIEPlugin Class: {eb5cee80-030a-4ed8-8e20-454e9c68380f} - e:\archivos de programa\bandoo\plugins\ie\ieplugin.dll
uRun: [ctfmon.exe] e:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] e:\archivos de programa\superantispyware\SUPERAntiSpyware.exe
mRun: [egui] "e:\archivos de programa\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NvMediaCenter] RUNDLL32.EXE e:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE e:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] e:\archivos de programa\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [SunJavaUpdateSched] "e:\archivos de programa\archivos comunes\java\java update\jusched.exe"
mRun: [CanonMyPrinter] e:\archivos de programa\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenuEx] e:\archivos de programa\canon\solution menu ex\CNSEMAIN.EXE /logon
mRun: [DATAMNGR] e:\archiv~1\wi9130~1\datamngr\DATAMN~1.EXE
mRun: [Adobe ARM] "e:\archivos de programa\archivos comunes\adobe\arm\1.0\AdobeARM.exe"
mRun: [LogMeIn Hamachi Ui] "e:\archivos de programa\logmein hamachi\hamachi-2-ui.exe" --auto-start
dRun: [CTFMON.EXE] e:\windows\system32\CTFMON.EXE
dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
uPolicies-explorer: NoSMMyPictures = 1 (0x1)
uPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: NoSMHelp = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
dPolicies-explorer: NoSMMyPictures = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
IE: E&xportar a Microsoft Excel - e:\archiv~1\micros~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - e:\archiv~1\micros~1\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: Interfaces\{EFA32A52-C5DF-46C1-9F3B-0E4285F7E4DD} : DhcpNameServer =
Notify: !SASWinLogon - e:\archivos de programa\superantispyware\SASWINLO.DLL
AppInit_DLLs: e:\archiv~1\wi9130~1\datamngr\datamngr.dll e:\archiv~1\wi9130~1\datamngr\iebho.dll e:\archiv~1\bandoo\bndhook.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - e:\windows\system32\wpdshserviceobj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - e:\archivos de programa\superantispyware\SASSEH.DLL
================= FIREFOX ===================
FF - ProfilePath - e:\documents and settings\administrador\datos de programa\mozilla\firefox\profiles\bca5ablq.default\
FF - prefs.js: browser.search.selectedEngine - Search Results
FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ff ... mid=101&q=
FF - plugin: e:\archivos de programa\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: e:\archivos de programa\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: e:\archivos de programa\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: e:\documents and settings\administrador\configuraciã³n local\datos de programa\unity\webplayer\loader\npUnity3D32.dll
============= SERVICES / DRIVERS ===============
R1 epfwtdir;epfwtdir;e:\windows\system32\drivers\epfwtdir.sys [2008-3-13 33800]
R1 SASDIFSV;SASDIFSV;e:\archivos de programa\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;e:\archivos de programa\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;e:\archivos de programa\superantispyware\SASCore.exe [2011-8-12 116608]
R2 ekrn;Eset Service;e:\archivos de programa\eset\eset nod32 antivirus\ekrn.exe [2008-3-13 472320]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;e:\archivos de programa\logmein hamachi\hamachi-2.exe [2011-8-4 1361288]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;e:\windows\system32\drivers\nvhda32.sys [2011-4-14 100456]
S2 NOD32FiXTemDono;Eset Nod32 Boot;e:\windows\system32\regedt32.exe [2001-8-24 3584]
=============== Created Last 30 ================
2011-08-19 09:50:12 388096 ----a-r- e:\documents and settings\administrador\datos de programa\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-08-19 09:50:11 -------- d-----w- e:\archivos de programa\Trend Micro
2011-08-18 10:09:41 -------- d-----w- e:\documents and settings\administrador\datos de programa\SUPERAntiSpyware.com
2011-08-18 10:08:44 -------- d-----w- e:\documents and settings\all users\datos de programa\SUPERAntiSpyware.com
2011-08-18 10:08:44 -------- d-----w- e:\archivos de programa\SUPERAntiSpyware
2011-08-15 16:54:44 -------- d-----w- e:\archivos de programa\LogMeIn Hamachi
2011-08-14 16:38:22 -------- d-----w- e:\documents and settings\administrador\datos de programa\.minecraft
2011-08-11 08:28:38 139656 ------w- e:\windows\system32\dllcache\rdpwd.sys
2011-08-11 08:28:37 10496 ------w- e:\windows\system32\dllcache\ndistapi.sys
==================== Find3M ====================
2011-08-17 09:08:02 98304 ----a-w- e:\windows\DUMP683f.tmp
2011-07-15 13:29:31 456320 ----a-w- e:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- e:\windows\system32\drivers\ndistapi.sys
2011-07-06 17:52:42 41272 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 17:52:42 22712 ----a-w- e:\windows\system32\drivers\mbam.sys
2011-06-24 14:10:39 139656 ----a-w- e:\windows\system32\drivers\rdpwd.sys
2011-06-21 18:39:13 832512 ----a-w- e:\windows\system32\wininet.dll
2011-06-21 18:39:12 1830912 ----a-w- e:\windows\system32\inetcpl.cpl
2011-06-21 18:39:11 78336 ----a-w- e:\windows\system32\ieencode.dll
2011-06-21 18:39:11 17408 ----a-w- e:\windows\system32\corpol.dll
2011-06-21 11:47:20 389120 ----a-w- e:\windows\system32\html.iec
2011-06-20 17:44:48 293888 ----a-w- e:\windows\system32\winsrv.dll
2011-06-16 13:57:39 404640 ----a-w- e:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-06 11:35:25 1859072 ----a-w- e:\windows\system32\win32k.sys
2011-06-01 19:24:38 1524112 ----a-w- e:\windows\system32\bandoolmx.dll
============= FINISH: 11:58:33,82 ===============
Active Member
Posts: 4
Joined: August 19th, 2011, 6:04 am
Register to Remove

Re: Help removing searchqu firefox hijack

Unread postby thesuker » August 21st, 2011, 7:56 am

Active Member
Posts: 4
Joined: August 19th, 2011, 6:04 am

Re: Help removing searchqu firefox hijack

Unread postby deltalima » August 21st, 2011, 7:59 am

You have replied to your own topic, and as a result we must close this topic.

May I draw your attention to THIS topic, which you should have read before posting for help.

THIS is the section that tells you why you should not reply to your own topic.

This topic will now be closed

If you still require help, please open a new thread in the Malware Removal forum, post the logs asked for in the first topic I linked to and wait for assistance.
User avatar
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

  • Similar Topics
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!

Who is online

Users browsing this forum: No registered users and 61 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware