MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help removing Sogou...

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Help removing Sogou...

Unread postby Boo » May 24th, 2013, 7:28 pm

I've been having a hard time trying to remove Sogou from a laptop I borrowed from a friend. I've tried using programs such as Malwarebytes but all to no avail. They can't seem to be able to locate any problems.

http://123.sogou.com/co/index.php?11228-1464 <--- This page full of Chinese words pops up constantly on whatever internet browser I use, whether it be Firefox or Chrome. It really is frustrating me now, especially as it's a borrowed laptop. I don't even know how it got here in the first place. :(

Any help really would be highly appreciated.

DDS Log:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6000.17037 BrowserJavaVersion: 10.10.2
Run by betty at 0:15:22 on 2013-05-25
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.1014.102 [GMT 1:00]
============== Running Processes ================
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Acer\Empowering Technology\eDSMSNfix.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
============== Pseudo HJT Report ===============
uStart Page = hxxp://hao.kuaibo.com/?qi20130326
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.uk.acer.yahoo.com
mDefault_Page_URL = hxxp://en.uk.acer.yahoo.com
uProxyServer = localhost:21320
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - <orphaned>
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.0.318\McAfeeMSS_IE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Yahooo Search Protection: {25BC7718-0BFA-40EA-B381-4B2D9732D686} - c:\program files\yahoo!\search protection\ysp.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - <orphaned>
BHO: ShowBarObj Class: {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - c:\windows\system32\ActiveToolBand.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\windows live toolbar\msntb.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Windows Live Toolbar: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\windows live toolbar\msntb.dll
TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - c:\windows\system32\eDStoolbar.dll
TB: Windows Live Toolbar: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\windows live toolbar\msntb.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Acer Tour Reminder] <no file>
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [eRecoveryService] <no file>
StartupFolder: c:\users\betty\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.318\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mediac~1.lnk - c:\program files\hotalbummybox\MediaChecker.exe
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - c:\program files\yahoo!\search protection\ysp.dll
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
TCP: NameServer =
TCP: Interfaces\{352D701F-57B5-4B8C-941F-8D3C8AA1BE24} : DHCPNameServer =
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs= eNetHook.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.64\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
================= FIREFOX ===================
FF - ProfilePath - c:\users\betty\appdata\roaming\mozilla\firefox\profiles\215hqcr2.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.ftp -
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.gopher - wwwcache2.city.ac.uk
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http -
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks -
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl -
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect32.dll
FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect64.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mcafee security scan\3.0.318\npMcAfeeMSS.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2009-08-20 07:30; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
============= SERVICES / DRIVERS ===============
=============== File Associations ===============
FileExt: .js: jsfile="c:\program files\adobe\adobe dreamweaver cs6\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs6\dreamweaver.exe", "%1"
=============== Created Last 30 ================
2013-05-24 18:03:30 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-05-24 18:02:53 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-05-24 18:02:42 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-05-21 19:42:51 -------- d-----w- c:\users\betty\appdata\roaming\Softland
2013-05-21 19:42:42 24384 ----a-w- c:\windows\system32\dopdfmn7.dll
2013-05-21 19:42:42 21312 ----a-w- c:\windows\system32\dopdfmi7.dll
2013-05-21 19:42:39 -------- d-----w- c:\program files\Softland
2013-05-21 19:11:26 -------- d-----w- c:\windows\system32\tempdir
2013-05-21 19:11:25 1503232 ----a-w- c:\windows\system32\ptj.exe
2013-05-21 19:11:24 4369408 ----a-w- c:\windows\system32\pdftk.exe
2013-05-21 19:11:24 235008 ----a-w- c:\windows\system32\office.exe
2013-05-21 19:11:23 -------- d-----w- c:\program files\Advanced Word to Pdf Converter Free
2013-05-21 17:03:28 -------- d-----w- c:\program files\Jpg2Pdf
2013-05-21 13:35:01 -------- dc-h--w- c:\programdata\{7E8842F4-ECF1-457B-9B22-AA8299B810D9}
2013-05-21 13:34:53 -------- d-----w- c:\users\betty\appdata\local\PackageAware
2013-05-21 13:34:15 -------- d-----w- c:\users\betty\Topaz Adjust
2013-05-21 13:33:08 -------- d-----w- c:\program files\Topaz Labs
2013-05-21 13:24:29 -------- d-----w- c:\program files\common files\Topaz Labs
2013-05-21 13:20:22 -------- d-----w- c:\users\betty\New Folder
2013-05-21 12:00:28 -------- d-----w- c:\users\betty\appdata\roaming\PDAppFlex
2013-05-20 15:24:30 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2013-05-07 17:19:54 -------- d-----w- c:\users\betty\appdata\roaming\Malwarebytes
2013-05-07 17:19:40 -------- d-----w- c:\programdata\Malwarebytes
2013-05-07 17:19:38 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-07 17:19:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
==================== Find3M ====================
2013-05-15 09:28:45 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-15 09:28:45 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
============= FINISH: 0:17:44.38 ===============

Attach Log:

DDS (Ver_2012-11-20.01)
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 09/06/2007 17:57:56
System Uptime: 24/05/2013 17:13:52 (7 hours ago)
Motherboard: Acer | | Grapevine
Processor: Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz | U1 | 1000/166mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 33 GiB total, 6.832 GiB free.
D: is FIXED (NTFS) - 32 GiB total, 11.835 GiB free.
E: is CDROM ()
F: is CDROM ()
==== Disabled Device Manager Items =============
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Broadcom 440x 10/100 Integrated Controller
Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_00901025&REV_02\4&10D9C0DD&0&08F0
Manufacturer: Broadcom
Name: Broadcom 440x 10/100 Integrated Controller
PNP Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_00901025&REV_02\4&10D9C0DD&0&08F0
Service: bcm4sbxp
Class GUID: {4d36e977-e325-11ce-bfc1-08002be10318}
Description: ENE CB-712/714/810 Cardbus Controller
Device ID: PCI\VEN_1524&DEV_1412&SUBSYS_00901025&REV_10\4&10D9C0DD&0&20F0
Name: ENE CB-712/714/810 Cardbus Controller
PNP Device ID: PCI\VEN_1524&DEV_1412&SUBSYS_00901025&REV_10\4&10D9C0DD&0&20F0
Service: pci
==== System Restore Points ===================
RP356: 24/05/2013 22:44:57 - Scheduled Checkpoint
==== Installed Programs ======================
32 Bit HP CIO Components Installer
Acer Arcade Deluxe
Acer eDataSecurity Management
Acer eLock Management
Acer Empowering Technology
Acer eNet Management
Acer ePower Management
Acer ePresentation Management
Acer eSettings Management
Acer GridVista
Acer Mobility Center Plug-In
Acer ScreenSaver
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Dreamweaver CS6
Adobe Flash Player 11 Plugin
Adobe Flash Player 9 ActiveX
Adobe Help Manager
Adobe Photoshop CS6
Adobe Reader X (10.1.4)
Adobe Widget Browser
Advanced Word to Pdf Converter Free 5.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Compatibility Pack for the 2007 Office system
DivX Setup
doPDF 7.3 printer
EPSON Printer Software
FileZilla Client
Full Tilt Poker
Google Chrome
Google Update Helper
HDAUDIO Soft Data Fax Modem with SmartCP
Highlight Viewer (Windows Live Toolbar)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Deskjet All-In-One Software 9.0
Intel(R) Graphics Media Accelerator Driver
Japanese Fonts Support For Adobe Reader X
Java 7 Update 10
Java Auto Updater
Jpg2Pdf version 1.2
KODAK EASYSHARE Gallery Upload ActiveX Control
Launch Manager
Magic ISO Maker v5.4 (build 0251)
MagicDisc 2.5.79
Malwarebytes Anti-Malware version
Map Button (Windows Live Toolbar)
Markstrat Online Team
McAfee Security Scan Plus
Microsoft .NET Framework 3.5 SP1
Microsoft Office Professional Edition 2003
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 21.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NTI Backup NOW! 4.7
NTI CD & DVD-Maker
PDF Settings CS6
Realtek High Definition Audio Driver
Skype™ 3.5
Smart Menus (Windows Live Toolbar)
SMSC Fast Infrared Driver
Spybot - Search & Destroy
Synaptics Pointing Device Driver
Topaz Adjust 5
Topaz Detail 3
Topaz Fusion Express 2
Topaz Lens Effects
Topaz Star Effects
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC80CRTRedist - 8.0.50727.6195
VideoLAN VLC media player 0.8.6d
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Writer
WinRAR 4.20 (32-bit)
Yahoo! Search Protection
Yahoo! Software Update
==== End Of File ===========================
Active Member
Posts: 1
Joined: May 24th, 2013, 7:20 pm
Re: Help removing Sogou...

Unread postby nunped » May 25th, 2013, 7:19 am

Hello Boo, and welcome to the forum.

My name is nunped and I'll be helping you with any malware problems. I'm an Undergraduate trainee here, and as such my posts to you have to first be checked by a Teacher, because of this my replies to your posts may be slightly delayed. Please be patient and I'm sure we'll be able to resolve your problems.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Here are some guidelines for the cleaning process to run as easy as possible.

  1. Please read this topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
  2. The instructions being given are for YOUR computer and system only! Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  3. You must have Administrator rights permissions for this computer.
  4. DO NOT run any other fix or removal tools unless instructed to do so!
  5. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  6. Only post your problem at one help site. Applying fixes from multiple help sites can cause problems.
  7. Only reply to this thread. Do not start another thread.
  8. The absence of symptoms does not imply the absence of malware. Please continue responding until I give you the "All Clean".
  9. No Reply Within 3 Days will result in your topic being closed!

Read through these instructions with your full attention.
Please ask first if you have any doubts.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions.
User avatar
MRU Honors Grad Emeritus
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Help removing Sogou...

Unread postby deltalima » May 26th, 2013, 8:09 am

Operating Systems no longer supported by Microsoft
It appears you are using a computer with an unsupported Operating System.

May I draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which you should have read before posting for help.

The section here explains why we do not offer help for such computers. Thank you for your understanding.

This topic is now closed.
User avatar
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

