Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

remove searchqu hijacked firefox

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

remove searchqu hijacked firefox

Unread postby thesuker » August 21st, 2011, 8:25 am

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_25
Run by Administrador at 14:24:19 on 2011-08-21
Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.2046.1414 [GMT 2:00]
.
.
============== Running Processes ===============
.
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
E:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\Archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe
E:\WINDOWS\RTHDCPL.EXE
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Archivos de programa\Canon\MyPrinter\BJMyPrt.exe
E:\Archivos de programa\Canon\Solution Menu EX\CNSEMAIN.EXE
E:\ARCHIV~1\WI9130~1\Datamngr\DATAMN~1.EXE
E:\Archivos de programa\LogMeIn Hamachi\hamachi-2-ui.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe
svchost.exe
E:\Archivos de programa\SUPERAntiSpyware\SASCORE.EXE
E:\Archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe
E:\Archivos de programa\LogMeIn Hamachi\hamachi-2.exe
E:\Archivos de programa\Canon\IJPLM\IJPLMSVC.EXE
E:\Archivos de programa\Java\jre6\bin\jqs.exe
E:\WINDOWS\system32\svchost.exe -k imgsvc
E:\ARCHIV~1\Bandoo\Bandoo.exe
E:\WINDOWS\system32\wbem\wmiapsrv.exe
E:\Archivos de programa\Mozilla Firefox\firefox.exe
E:\Archivos de programa\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.busca7.com/
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - e:\archivos de programa\archivos comunes\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: UrlHelper Class: {a40dc6c5-79d0-4ca8-a185-8ff989af1115} - e:\archiv~1\wi9130~1\datamngr\IEBHO.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - e:\archivos de programa\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - e:\archivos de programa\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: BandooIEPlugin Class: {eb5cee80-030a-4ed8-8e20-454e9c68380f} - e:\archivos de programa\bandoo\plugins\ie\ieplugin.dll
uRun: [ctfmon.exe] e:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] e:\archivos de programa\superantispyware\SUPERAntiSpyware.exe
mRun: [egui] "e:\archivos de programa\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NvMediaCenter] RUNDLL32.EXE e:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE e:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] e:\archivos de programa\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [SunJavaUpdateSched] "e:\archivos de programa\archivos comunes\java\java update\jusched.exe"
mRun: [CanonMyPrinter] e:\archivos de programa\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenuEx] e:\archivos de programa\canon\solution menu ex\CNSEMAIN.EXE /logon
mRun: [DATAMNGR] e:\archiv~1\wi9130~1\datamngr\DATAMN~1.EXE
mRun: [Adobe ARM] "e:\archivos de programa\archivos comunes\adobe\arm\1.0\AdobeARM.exe"
mRun: [LogMeIn Hamachi Ui] "e:\archivos de programa\logmein hamachi\hamachi-2-ui.exe" --auto-start
dRun: [CTFMON.EXE] e:\windows\system32\CTFMON.EXE
dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
uPolicies-explorer: NoSMMyPictures = 1 (0x1)
uPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: NoSMHelp = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
dPolicies-explorer: NoSMMyPictures = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
IE: E&xportar a Microsoft Excel - e:\archiv~1\micros~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - e:\archiv~1\micros~1\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: Interfaces\{EFA32A52-C5DF-46C1-9F3B-0E4285F7E4DD} : DhcpNameServer = 212.89.0.31
Notify: !SASWinLogon - e:\archivos de programa\superantispyware\SASWINLO.DLL
AppInit_DLLs: e:\archiv~1\wi9130~1\datamngr\datamngr.dll e:\archiv~1\wi9130~1\datamngr\iebho.dll e:\archiv~1\bandoo\bndhook.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - e:\windows\system32\wpdshserviceobj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - e:\archivos de programa\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - e:\documents and settings\administrador\datos de programa\mozilla\firefox\profiles\bca5ablq.default\
FF - prefs.js: browser.search.selectedEngine - Search Results
FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ff ... mid=101&q=
FF - plugin: e:\archivos de programa\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: e:\archivos de programa\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: e:\archivos de programa\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: e:\documents and settings\administrador\configuraciã³n local\datos de programa\unity\webplayer\loader\npUnity3D32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 epfwtdir;epfwtdir;e:\windows\system32\drivers\epfwtdir.sys [2008-3-13 33800]
R1 SASDIFSV;SASDIFSV;e:\archivos de programa\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;e:\archivos de programa\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;e:\archivos de programa\superantispyware\SASCore.exe [2011-8-12 116608]
R2 ekrn;Eset Service;e:\archivos de programa\eset\eset nod32 antivirus\ekrn.exe [2008-3-13 472320]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;e:\archivos de programa\logmein hamachi\hamachi-2.exe [2011-8-4 1361288]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;e:\windows\system32\drivers\nvhda32.sys [2011-4-14 100456]
S2 NOD32FiXTemDono;Eset Nod32 Boot;e:\windows\system32\regedt32.exe [2001-8-24 3584]
.
=============== Created Last 30 ================
.
2011-08-19 09:50:12 388096 ----a-r- e:\documents and settings\administrador\datos de programa\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-08-19 09:50:11 -------- d-----w- e:\archivos de programa\Trend Micro
2011-08-18 10:09:41 -------- d-----w- e:\documents and settings\administrador\datos de programa\SUPERAntiSpyware.com
2011-08-18 10:08:44 -------- d-----w- e:\documents and settings\all users\datos de programa\SUPERAntiSpyware.com
2011-08-18 10:08:44 -------- d-----w- e:\archivos de programa\SUPERAntiSpyware
2011-08-15 16:54:44 -------- d-----w- e:\archivos de programa\LogMeIn Hamachi
2011-08-14 16:38:22 -------- d-----w- e:\documents and settings\administrador\datos de programa\.minecraft
2011-08-11 08:28:38 139656 ------w- e:\windows\system32\dllcache\rdpwd.sys
2011-08-11 08:28:37 10496 ------w- e:\windows\system32\dllcache\ndistapi.sys
.
==================== Find3M ====================
.
2011-08-17 09:08:02 98304 ----a-w- e:\windows\DUMP683f.tmp
2011-07-15 13:29:31 456320 ----a-w- e:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- e:\windows\system32\drivers\ndistapi.sys
2011-07-06 17:52:42 41272 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 17:52:42 22712 ----a-w- e:\windows\system32\drivers\mbam.sys
2011-06-24 14:10:39 139656 ----a-w- e:\windows\system32\drivers\rdpwd.sys
2011-06-21 18:39:13 832512 ----a-w- e:\windows\system32\wininet.dll
2011-06-21 18:39:12 1830912 ----a-w- e:\windows\system32\inetcpl.cpl
2011-06-21 18:39:11 78336 ----a-w- e:\windows\system32\ieencode.dll
2011-06-21 18:39:11 17408 ----a-w- e:\windows\system32\corpol.dll
2011-06-21 11:47:20 389120 ----a-w- e:\windows\system32\html.iec
2011-06-20 17:44:48 293888 ----a-w- e:\windows\system32\winsrv.dll
2011-06-16 13:57:39 404640 ----a-w- e:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-06 11:35:25 1859072 ----a-w- e:\windows\system32\win32k.sys
2011-06-01 19:24:38 1524112 ----a-w- e:\windows\system32\bandoolmx.dll
.
============= FINISH: 14:24:44,48 ===============
thesuker
Active Member
 
Posts: 4
Joined: August 19th, 2011, 6:04 am
Advertisement
Register to Remove

Re: remove searchqu hijacked firefox

Unread postby deltalima » August 22nd, 2011, 4:36 pm

Checking your log - back soon.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: remove searchqu hijacked firefox

Unread postby deltalima » August 22nd, 2011, 4:44 pm

Hi thesuker,

Welcome to the forum.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Please note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please do not run any scans or make any changes to the system unless I ask you too.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Please post an Uninstall list.

  • Open HijackThis.
  • Click on the Open the Misc Tools section button.
  • Look under System tools.
  • Click on the Open Uninstall Manager... button.
  • Click on the Save list... button.
  • It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  • Notepad will open. Please post this log in your next reply.

CKScanner

  • Please download CKScanner from here to your Desktop.
  • Make sure that CKScanner.exe is on the your Desktop before running the application!
  • Double-click on CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved
  • Double-click on the CKFiles.txt icon on your Desktop and copy/paste the contents in your next reply.

Next

  • Please download this tool from Microsoft.
  • Double click on MGADiag.exe to run it.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in the window.
  • Save this file and copy/paste it in your next reply.

Please let me know if the computer is used for home or for business use.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: remove searchqu hijacked firefox

Unread postby thesuker » August 23rd, 2011, 5:46 am

found the problem when pasting hijackthis uninstall list. one of the items was windows searchqu toolbar (I was looking for searchqu, didnt see it among many windows updates). uninstalled it and disappeared. thanks for the help :)
thesuker
Active Member
 
Posts: 4
Joined: August 19th, 2011, 6:04 am

Re: remove searchqu hijacked firefox

Unread postby deltalima » August 23rd, 2011, 5:58 am

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 288 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware