Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

www.searchqu.com hijack

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

www.searchqu.com hijack

Unread postby subman » October 10th, 2011, 2:16 pm

Help! The above 'site' has hijacked my search tools/browsers. Done a bit of a look at it on the net and mixed ideas as to wethere it is malware or not, but the hints to get rid of it have not worked for me so hoping someone here can help, really hope it's not bad...

Logs below:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_26
Run by Dan at 19:09:27 on 2011-10-10
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.511.80 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\DeltaIITray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SoulseekNS\slsk.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.searchqu.com/406
uSearch Bar = hxxp://www.searchqu.com/sidebar.html?sr ... d=406&sr=0
uSearchAssistant = hxxp://www.searchqu.com/web?src=ieb&app ... 06&sr=0&q={searchTerms}
mSearchAssistant = hxxp://www.searchqu.com/web?src=ieb&app ... 06&sr=0&q={searchTerms}
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [USRpdA]
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [M-Audio Taskbar Icon] c:\windows\system32\DeltaIITray.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [VMonitorVMUVC] "c:\program files\vimicro corporation\vmuvc\VMonitor.exe" VMUVC
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\dan\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
uPolicies-explorer: NoInstrumentation = 1 (0x1)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: NoInstrumentation = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F850872D-D43F-49BC-BF34-DF2A2DED6691} : DhcpNameServer = 192.168.1.1
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\dan\application data\mozilla\firefox\profiles\b5nghl79.default\
FF - prefs.js: browser.search.selectedEngine - iLivid Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.mobiledjscotland.co.uk/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsl27248f39;MpKsl27248f39;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{88097401-60b6-4f21-940d-c42f6e3726e5}\MpKsl27248f39.sys [2011-10-10 28752]
R1 MpKsl37198c3b;MpKsl37198c3b;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{88097401-60b6-4f21-940d-c42f6e3726e5}\MpKsl37198c3b.sys [2011-10-10 28752]
R3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows\system32\drivers\MAudioDelta.sys [2011-8-2 303880]
S1 MpKsl624db5e6;MpKsl624db5e6;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{24b92ac6-9009-4f74-ae1e-872c3ad394b4}\mpksl624db5e6.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{24b92ac6-9009-4f74-ae1e-872c3ad394b4}\MpKsl624db5e6.sys [?]
S1 MpKsl64834217;MpKsl64834217;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4a6d4238-b212-466b-9f6b-4512d57b45c1}\mpksl64834217.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4a6d4238-b212-466b-9f6b-4512d57b45c1}\MpKsl64834217.sys [?]
S1 MpKsla2a506c7;MpKsla2a506c7;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f4a1e485-a511-41e6-a665-47953ad7c248}\mpksla2a506c7.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f4a1e485-a511-41e6-a665-47953ad7c248}\MpKsla2a506c7.sys [?]
S1 MpKslb2a91ec4;MpKslb2a91ec4;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d4bd7b74-b348-454e-96b4-83eb6b3730fc}\mpkslb2a91ec4.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d4bd7b74-b348-454e-96b4-83eb6b3730fc}\MpKslb2a91ec4.sys [?]
S1 MpKslee9ef90c;MpKslee9ef90c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{19374947-ff06-40d6-af3b-e8214c7992d4}\mpkslee9ef90c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{19374947-ff06-40d6-af3b-e8214c7992d4}\MpKslee9ef90c.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [2011-9-3 254720]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2011-9-3 398720]
.
=============== Created Last 30 ================
.
2011-10-10 15:32:29 -------- d-----w- c:\documents and settings\dan\application data\Malwarebytes
2011-10-10 15:32:16 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-10-10 15:32:11 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-10 15:32:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-10 15:22:57 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{88097401-60b6-4f21-940d-c42f6e3726e5}\MpKsl27248f39.sys
2011-10-10 12:48:11 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{88097401-60b6-4f21-940d-c42f6e3726e5}\MpKsl37198c3b.sys
2011-10-10 12:48:01 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{88097401-60b6-4f21-940d-c42f6e3726e5}\offreg.dll
2011-10-10 09:33:53 7269712 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{88097401-60b6-4f21-940d-c42f6e3726e5}\mpengine.dll
2011-10-06 18:45:18 -------- d-----w- c:\documents and settings\dan\local settings\application data\Ilivid Player
2011-10-06 18:42:57 -------- d-----w- c:\documents and settings\all users\application data\boost_interprocess
2011-10-06 18:42:19 -------- d-----w- c:\documents and settings\dan\local settings\application data\PackageAware
2011-09-26 21:54:39 -------- d-----w- c:\documents and settings\dan\local settings\application data\Adobe
2011-09-21 12:57:09 -------- d-----w- c:\documents and settings\dan\local settings\application data\Identities
.
==================== Find3M ====================
.
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-02 10:46:01 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
============= FINISH: 19:11:04.54 ===============





.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 02/08/2011 00:11:05
System Uptime: 10/10/2011 16:22:07 (3 hours ago)
.
Motherboard: ASUSTek Computer Inc. | | P4P800
Processor: Intel(R) Pentium(R) 4 CPU 2.60GHz | CPU 1 | 2605/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 16.217 GiB free.
D: is Removable
E: is FIXED (NTFS) - 149 GiB total, 68.48 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E96D-E325-11CE-BFC1-08002BE10318}
Description: U.S. Robotics 56K Voice Win Int
Device ID: PCI\VEN_12B9&DEV_1007&SUBSYS_00C412B9&REV_00\4&2E98101C&0&60F0
Manufacturer: U.S. Robotics Corporation
Name: U.S. Robotics 56K Voice Win Int
PNP Device ID: PCI\VEN_12B9&DEV_1007&SUBSYS_00C412B9&REV_00\4&2E98101C&0&60F0
Service: Modem
.
==== System Restore Points ===================
.
RP19: 11/08/2011 17:18:42 - Software Distribution Service 3.0
RP20: 16/08/2011 11:13:54 - Software Distribution Service 3.0
RP21: 17/08/2011 11:40:53 - Removed OpenOffice.org 3.3
RP22: 17/08/2011 13:38:35 - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
RP23: 17/08/2011 13:39:32 - Installed Java(TM) 6 Update 22
RP24: 17/08/2011 13:40:24 - Installed OpenOffice.org 3.3
RP25: 17/08/2011 14:27:32 - Software Distribution Service 3.0
RP26: 18/08/2011 15:15:45 - System Checkpoint
RP27: 18/08/2011 16:55:57 - Software Distribution Service 3.0
RP28: 18/08/2011 17:23:02 - Software Distribution Service 3.0
RP29: 19/08/2011 17:23:39 - System Checkpoint
RP30: 20/08/2011 10:26:30 - Software Distribution Service 3.0
RP31: 21/08/2011 13:10:13 - Software Distribution Service 3.0
RP32: 25/08/2011 12:06:26 - Software Distribution Service 3.0
RP33: 25/08/2011 15:55:47 - Software Distribution Service 3.0
RP34: 27/08/2011 10:39:13 - Software Distribution Service 3.0
RP35: 29/08/2011 11:08:54 - Software Distribution Service 3.0
RP36: 30/08/2011 16:30:26 - System Checkpoint
RP37: 02/09/2011 10:29:43 - Software Distribution Service 3.0
RP38: 03/09/2011 11:01:56 - Software Distribution Service 3.0
RP39: 03/09/2011 18:34:06 - Installed Vimicro USB2.0 UVC PC Camera
RP40: 03/09/2011 19:07:26 - Removed Vimicro USB2.0 UVC PC Camera
RP41: 03/09/2011 19:08:45 - Installed Vimicro USB2.0 UVC PC Camera
RP42: 04/09/2011 02:11:23 - Software Distribution Service 3.0
RP43: 05/09/2011 10:52:03 - Software Distribution Service 3.0
RP44: 06/09/2011 15:32:07 - Software Distribution Service 3.0
RP45: 07/09/2011 10:52:44 - Software Distribution Service 3.0
RP46: 08/09/2011 09:44:51 - Software Distribution Service 3.0
RP47: 09/09/2011 10:04:25 - Software Distribution Service 3.0
RP48: 12/09/2011 14:56:04 - Software Distribution Service 3.0
RP49: 13/09/2011 15:13:11 - System Checkpoint
RP50: 14/09/2011 09:09:22 - Software Distribution Service 3.0
RP51: 15/09/2011 10:28:14 - Software Distribution Service 3.0
RP52: 15/09/2011 11:02:29 - Software Distribution Service 3.0
RP53: 16/09/2011 11:54:50 - Software Distribution Service 3.0
RP54: 17/09/2011 14:50:08 - Software Distribution Service 3.0
RP55: 18/09/2011 22:16:37 - Software Distribution Service 3.0
RP56: 20/09/2011 08:51:54 - Software Distribution Service 3.0
RP57: 22/09/2011 08:59:35 - Software Distribution Service 3.0
RP58: 24/09/2011 18:38:34 - Software Distribution Service 3.0
RP59: 26/09/2011 12:02:04 - Software Distribution Service 3.0
RP60: 27/09/2011 12:42:35 - System Checkpoint
RP61: 27/09/2011 16:10:06 - Software Distribution Service 3.0
RP62: 29/09/2011 14:08:46 - Software Distribution Service 3.0
RP63: 29/09/2011 16:05:14 - Software Distribution Service 3.0
RP64: 30/09/2011 17:56:28 - System Checkpoint
RP65: 31/10/2011 16:42:15 - Installed Java(TM) 6 Update 26
RP66: 31/10/2011 16:46:37 - Software Distribution Service 3.0
RP67: 03/10/2011 20:20:11 - System Checkpoint
RP68: 04/10/2011 20:27:59 - System Checkpoint
RP69: 05/10/2011 14:33:05 - Software Distribution Service 3.0
RP70: 06/10/2011 20:01:03 - Software Distribution Service 3.0
RP71: 06/10/2011 20:07:36 - Removed Click to Call with Skype
RP72: 06/10/2011 20:08:02 - Removed Bonjour
RP73: 08/10/2011 17:59:49 - Software Distribution Service 3.0
RP74: 09/10/2011 02:13:49 - Software Distribution Service 3.0
RP75: 10/10/2011 10:33:29 - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Photoshop Elements 8.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
CDBurnerXP
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB976002-v5)
iTunes
Java Auto Updater
Java(TM) 6 Update 26
LAME v3.98.3 for Audacity
M-Audio Delta Driver 6.0.5 (x86)
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Security Client
Microsoft Security Essentials
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 5.0.1 (x86 en-GB)
OpenOffice.org 3.3
QuickTime
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2530548)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2559049)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Skype™ 5.3
SoulSeek 157 NS 13e
SoundMAX
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Vimicro USB2.0 UVC PC Camera
VLC media player 1.1.11
WebFldrs XP
.
==== Event Viewer Messages From Past Week ========
.
31/10/2011 16:35:27, error: W32Time [34] - The time service has detected that the system time needs to be changed by -2422878 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.51:123->207.46.250.85:123) is working properly.
10/10/2011 16:39:26, error: Service Control Manager [7000] - The MBAMSwissArmy service failed to start due to the following error: The system cannot find the file specified.
.
==== End Of File ===========================
subman
Active Member
 
Posts: 4
Joined: October 10th, 2011, 2:12 pm
Advertisement
Register to Remove

Re: www.searchqu.com hijack

Unread postby Cypher » October 12th, 2011, 1:31 pm

Hi and welcome to Malware Removal Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Absence of symptoms does not mean that everything is clear.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.


  • Please download MGA Diagnostic Tool and save it to your Desktop.
  • Double click on MGADiag.exe to run it.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in the window.
  • Save this file and copy/paste it in your next reply.

Next.

Please download WVCheck and save it to the desktop.
  • Double click on WVCheck.exe and follow the prompts.
  • The scan may take some time depending on the Hard-Drive size.
  • Please post the contents of the notepad file WVCheck_1436_dd-mm-yyyy that can be located on the desktop.


Logs/Information to Post in your Next Reply

  • MGADiag log.
  • WVCheck log.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: www.searchqu.com hijack

Unread postby subman » October 13th, 2011, 12:15 pm

ok here goes:

Windows Validation Check
Version: 1.9.12.5
Log Created On: 1712_13-10-2011
-----------------------

Windows Information
-----------------------
Windows Version: Windows XP Service Pack 3
Windows Mode: Normal
Systemroot Path: C:\WINDOWS

WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Download updates and install them automatically.
-----------------------
Last Success Time for Update Detection: 2011-10-13 08:57:57
Last Success Time for Update Download: 2011-10-13 09:03:21
Last Success Time for Update Installation: 2011-10-13 09:48:07


WVCheck's Registry Check Check
-----------------------
Antiwpa: Not Found
-----------------------
Chew7Hale: Not Found
-----------------------


WVCheck's File Dump
-----------------------
WVCheck found no known bad files.


WVCheck's Dir Dump
-----------------------
WVCheck found no known bad directories.


WVCheck's Missing File Check
-----------------------
WVCheck found no missing Windows files.


WVCheck's MBAM Quarantine Check
-----------------------
There were no bad files quarantined by MBAM.


WVCheck's HOSTS File Check
-----------------------
Line: 127.0.0.1 mpa.one.microsoft.com
Matched: *microsoft.com*
-----------------------


WVCheck's MD5 Check
EXPERIMENTAL!!
-----------------------
user32.dll - b26b135ff1b9f60c9388b4a7d16f600b


-------- End of File, program close at 1714_13-10-2011 --------



and...



Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Validation Control not Installed
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-WDX78-FHY2Y-K793G
Windows Product Key Hash: LqroEfkI2QTxawkFokhnTWiVbIc=
Windows Product ID: 55274-640-8134982-23226
Windows Product ID Type: 1
Windows License Type: Volume
Windows OS version: 5.1.2600.2.00010100.3.0.pro
ID: {4B44228F-64E0-4E89-AB3B-F54312DA5371}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-8009_E2AD56EA-766-2f7d_E2AD56EA-148-80004005_16E0B333-89-80004005
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-230-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
subman
Active Member
 
Posts: 4
Joined: October 10th, 2011, 2:12 pm

Re: www.searchqu.com hijack

Unread postby Cypher » October 13th, 2011, 12:39 pm

Hi subman,

Quick question is this computer used for business purposes? i need to know so i can give you appropriate instructions.

  • Please visit This website using Internet Explorer.
  • Follow the instructions to Validate Windows, then run MGADiag.exe again and post the new log in your next reply.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: www.searchqu.com hijack

Unread postby subman » October 13th, 2011, 5:19 pm

Hi, no this is a home PC. Thanks.
subman
Active Member
 
Posts: 4
Joined: October 10th, 2011, 2:12 pm

Re: www.searchqu.com hijack

Unread postby subman » October 13th, 2011, 5:35 pm

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-WDX78-FHY2Y-K793G
Windows Product Key Hash: LqroEfkI2QTxawkFokhnTWiVbIc=
Windows Product ID: 55274-640-8134982-23226
Windows Product ID Type: 1
Windows License Type: Volume
Windows OS version: 5.1.2600.2.00010100.3.0.pro
ID: {4B44228F-64E0-4E89-AB3B-F54312DA5371}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.42.0
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-8009_E2AD56EA-766-2f7d_E2AD56EA-148-80004005_16E0B333-89-80004005
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-230-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{4B44228F-64E0-4E89-AB3B-F54312DA5371}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.3.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-K793G</PKey><PID>55274-640-8134982-23226</PID><PIDType>1</PIDType><SID>S-1-5-21-484763869-776561741-842925246</SID><SYSTEM><Manufacturer>To Be Filled By O.E.M.</Manufacturer><Model>To Be Filled By O.E.M.</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>1006.010</Version><SMBIOSVersion major="2" minor="3"/><Date>20030521000000.000000+000</Date></BIOS><HWID>FB663D1F01846052</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 1C0C2:GENUINE C&C INC
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

OEM Activation 2.0 Data-->
N/A
subman
Active Member
 
Posts: 4
Joined: October 10th, 2011, 2:12 pm

Re: www.searchqu.com hijack

Unread postby Cypher » October 14th, 2011, 5:32 am

no this is a home PC

Entries in the logs you have provided suggest that this is a "Business" computer.

May I draw your attention to THIS topic, which you should have read before posting for help.

The section Posting for help for business machines explains why we do not offer help for such computers.

This topic is now closed
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 41 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware