Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

INFESTED WITH BANDOO/SEARCHQU

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: INFESTED WITH BANDOO/SEARCHQU

Unread postby ladyross » June 30th, 2011, 9:27 am

Yes, I am prompted to install updates everyday and I do it everytime. It's been a while since everytime I open my pc it says that updates were not configured correctly. Reverting changes. I can't remember how long its been since i'm having update failure and it says in my update history that some always fails to update and other applications were successfully updated. Windows update indicated that updates were installed today but failed. I am trying to download the updates again. Hope it wors this time.

Is this related to my p.c.'s slow performance? My p.c. is a lot slower now its much faster when searchqu / bandoo was still present in my system. I hope we can still fix it though. Just downloaded the updates.
ladyross
Regular Member
 
Posts: 35
Joined: June 17th, 2011, 10:11 pm
Advertisement
Register to Remove

Re: INFESTED WITH BANDOO/SEARCHQU

Unread postby Gary R » June 30th, 2011, 9:50 am

If updates are failing to install properly they can have any number of peculiar effects on your computer.

If you try to update, note any that fail, and if possible please note down any error codes that Windows displays when they fail.


Been looking over your logs again and there's a couple of things in your DDS log that didn't show in the OTL logs, they may no longer be there, but I'd like to make sure.

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:Reg
[-HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0974ba1e-64ec-11de-b2a5-e43756d89593}]
[-HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74322bf9-df26-493f-b0da-6d2fc5e6429e}]
[HKLM\Software\Microsoft\Windows\Internet Explorer\Toolbar]
"MediaBar"=-
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"DataMngr"=-

:Commands
[emptytemp]

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: INFESTED WITH BANDOO/SEARCHQU

Unread postby ladyross » June 30th, 2011, 8:50 pm

Here is the latest OTL log: It was produced after a reboot...


All processes killed
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0974ba1e-64ec-11de-b2a5-e43756d89593}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0974ba1e-64ec-11de-b2a5-e43756d89593}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74322bf9-df26-493f-b0da-6d2fc5e6429e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74322bf9-df26-493f-b0da-6d2fc5e6429e}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Internet Explorer\Toolbar not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DataMngr not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: ROSS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Y450
->Temp folder emptied: 588945 bytes
->Temporary Internet Files folder emptied: 71475784 bytes
->FireFox cache emptied: 16704163 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 1653 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5107387 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 90.00 mb


OTL by OldTimer - Version 3.2.24.1 log created on 07012011_080342

Files\Folders moved on Reboot...
C:\Users\Y450\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0SUOW2BB\viewtopic[1].htm moved successfully.
C:\Users\Y450\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...
ladyross
Regular Member
 
Posts: 35
Joined: June 17th, 2011, 10:11 pm

Re: INFESTED WITH BANDOO/SEARCHQU

Unread postby Gary R » July 1st, 2011, 12:56 am

Any problems still with updating ?
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: INFESTED WITH BANDOO/SEARCHQU

Unread postby ladyross » July 1st, 2011, 7:41 am

I tried updating only I.E. for I.E. 9 and I didn't have any problem from downloading, installing and rebooting. Just downloaded the following files and hope it wont have problems with installations.

downloaded 8 files marked as important updates.

Cumulative Security Update for Internet Explorer 9 for Windows Vista (KB2530548)
Definition Update for Windows Defender - KB915597 (Definition 1.107.834.0)
Microsoft SQL Server 2005 Express Edition Service Pack 4 (KB2463332)
Security Update for .NET Framework 3.5 SP1, Windows Vista SP2, and Windows Server 2008 SP2 x86 (KB2518866)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Update for Windows Vista (KB2541763)
Update for Windows Vista (KB2545698)
Windows PowerShell 2.0 and WinRM 2.0 for Windows Vista (KB968930)

It says there's 5 updates that succeeded and 3 failed

Errors found are : CODE 80070643 AND CODE B5C

I restarted the PC and the same thing happened it took 10 minutes installing the updated, 20 minutes configuring it and 20 minutes reverting changes made. :(

The only update that says it was successfully updated is the DEFINITION UPDATE FOR WINDOWS DEFENDER - KB 915597
ladyross
Regular Member
 
Posts: 35
Joined: June 17th, 2011, 10:11 pm

Re: INFESTED WITH BANDOO/SEARCHQU

Unread postby Gary R » July 1st, 2011, 12:45 pm

Create a new System Restore point ....

  • Click Start, and type Create a restore point into the Search programs and files box.
  • Now click on the Create a restore point icon at the top of the find list.
  • This will open a System Properties box, with the System Protection tab open ...
    • Click on the Create button in the lower part of the window.
    • Type Pre Update Reset into the description box, then click Create.
    • Windows will now create a Restore Point and notify you when finished.
    • Exit any open windows.

Next

Go to http://www.sevenforums.com/tutorials/91 ... reset.html and scroll down to OPTION 2 - To Reset and Reregister Windows Update Components (Do not use Option 1 - to reset update history)

Follow the instructions listed 1 - 6 then try updating Windows again.

Let me know if that resolves your update problems.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: INFESTED WITH BANDOO/SEARCHQU

Unread postby ladyross » July 2nd, 2011, 5:50 am

I followed your last instructions and tried to install this two out of seven important updates and it still failed. Same errors were posted after it tried to install.. :(

Microsoft SQL Server 2005 Express Edition Service Pack 4 (KB2463332)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)

I also tried to update this and it did install :)
Cumulative Security Update for Internet Explorer 9 for Windows Vista (KB2530548)

I'm still trying to install the other important updates and i'm doing it one at a time...Hope everything gets installed.Be updating you again. Thanks again! :D
ladyross
Regular Member
 
Posts: 35
Joined: June 17th, 2011, 10:11 pm

Re: INFESTED WITH BANDOO/SEARCHQU

Unread postby Gary R » July 2nd, 2011, 10:40 am

If some updates are installing, and some are not, then the problem does not appear to be a general failure of your update system.

Instead it seems to be a problem or problems specific to certain updates only.

I need to know which updates fail (the KB number), and the specific error code associated with each failure.

To ensure that permissions are not a problem please make sure when you update you run Windows update as an Administrator ....

  • Click Start > All Programs
  • Right click Windows Update and select Run as Administrator
  • OK the UAC prompt.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: INFESTED WITH BANDOO/SEARCHQU

Unread postby ladyross » July 3rd, 2011, 6:46 am

Hi! I've been trying to install 4 of the new important updates this update - Security Update for .NET Framework 3.5 SP1, Windows Vista SP2, and Windows Server 2008 SP2 x86 (KB2518866) doesn't state any error. It says its downloaded and that its ready to be installed but when the p.c. reboots it often reverts changes because its not configured properly.

the other THREE have the following errors:

Windows PowerShell 2.0 and WinRM 2.0 for Windows Vista (KB968930)
error found : CODE 80070BC9

Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
error found : CODE 80070643

Microsoft SQL Server 2005 Express Edition Service Pack 4 (KB2463332)
error found : CODE B5C

:(
ladyross
Regular Member
 
Posts: 35
Joined: June 17th, 2011, 10:11 pm

Re: INFESTED WITH BANDOO/SEARCHQU

Unread postby Gary R » July 3rd, 2011, 10:45 am

Try downloading the update packages and installing them manually one at a time and see if that is successful.

http://www.microsoft.com/download/en/de ... en&id=9864

http://www.microsoft.com/download/en/de ... x?id=24723

http://www.microsoft.com/download/en/de ... px?id=7218 .... you want the x86 package.

Please reboot your computer between each install.

Let me know if you still have problems, including the KB no and the respective error code.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: INFESTED WITH BANDOO/SEARCHQU

Unread postby ladyross » July 3rd, 2011, 8:48 pm

Windows PowerShell 2.0 and WinRM 2.0 for Windows Vista (KB968930)
Installer encountered an error 0x80073afc
the resource loader failed to find MUI file.

Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
it just said the installation of this package failed
ladyross
Regular Member
 
Posts: 35
Joined: June 17th, 2011, 10:11 pm

Re: INFESTED WITH BANDOO/SEARCHQU

Unread postby Gary R » July 4th, 2011, 2:07 am

For the first 2 updates Windows Update is saying you don't have the appropriate Multi-Lingual User Interface (MUI) pack installed, either that or if you do have the MUI pack installed your Windows installation is corrupted. You'll have to install the appropriate MUI pack for the language you use ....

To be honest quite how you'd do that is outside of my experience and expertise. I'm not even sure if it's possible for Vista Home Premium, any language pack installers I've found are for Vista Ultimate.

At this point I believe your update problems would be best addressed by someone who is expert in dealing with Windows Update problems. My expertise is with removing Malware, and as far as I can see there is no Malware related reason for your updates failing to install.

Update support from Microsoft is free ...... https://support.microsoft.com/oas/defau ... ct=1&sd=gn
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: INFESTED WITH BANDOO/SEARCHQU

Unread postby ladyross » July 4th, 2011, 8:15 pm

Thank you for trying to help me with the updates I understand its not part of the malware removal anymore. I was able to run GMER and here is the output :

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-07-05 08:08:31
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0
Running: wcppeq3f.exe; Driver: C:\Users\Y450\AppData\Local\Temp\pxldrpoc.sys


---- System - GMER 1.0.15 ----

SSDT 8DF421D4 ZwCreateThread
SSDT 8DF421C0 ZwOpenProcess
SSDT 8DF421C5 ZwOpenThread
SSDT 8DF421CF ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 221 826B49A4 4 Bytes [D4, 21, F4, 8D]
.text ntkrnlpa.exe!KeSetEvent + 3F1 826B4B74 4 Bytes [C0, 21, F4, 8D]
.text ntkrnlpa.exe!KeSetEvent + 40D 826B4B90 4 Bytes [C5, 21, F4, 8D]
.text ntkrnlpa.exe!KeSetEvent + 621 826B4DA4 4 Bytes [CF, 21, F4, 8D]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4472] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6140AA53] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4472] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6140A985] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4472] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [6140A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4472] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6140A9C5] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4472] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6140AA53] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4472] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6140A985] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4472] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6140A9C5] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4472] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [6140A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4472] @ C:\Windows\system32\USER32.dll [GDI32.dll!GetStockObject] [6140989A] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4472] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6140A9C5] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4472] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6140AA53] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4472] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6140A985] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4472] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [6140A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4472] @ C:\Windows\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [6140989A] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4472] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [614097D5] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4472] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [61409F96] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4472] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [61409F96] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4472] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6140AA53] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4472] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [6140A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4472] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6140A9C5] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4472] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6140A985] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4472] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!GetStockObject] [6140989A] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4472] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [61409742] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4472] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [61409704] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4472] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [614098A0] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4472] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColor] [614097D5] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4472] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [61409F96] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4472] @ C:\Windows\system32\SHELL32.dll [USER32.dll!AnimateWindow] [61409935] C:\Program Files\Yahoo!\Messenger\yui.dll

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs tvtumon.sys (Windows Update Monitor Driver/Lenovo)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002556fdfa60
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002556fdfa60 (not active ControlSet)

---- EOF - GMER 1.0.15 ----
ladyross
Regular Member
 
Posts: 35
Joined: June 17th, 2011, 10:11 pm

Re: INFESTED WITH BANDOO/SEARCHQU

Unread postby Gary R » July 5th, 2011, 1:45 am

Nothing of any concern that I can see in your GMER report, as far as I can see you're clean of malware.

Apart from the update problems, what other issues do you have with your computer now ?
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: INFESTED WITH BANDOO/SEARCHQU

Unread postby ladyross » July 5th, 2011, 6:10 am

That's thanks to you sir! :D So far I don't see anything wrong with my p.c. Just the updates and the event viewer's error. If my p.c. is clean should I uninstall any of the software used for cleaning it? What software should I keep to help maintain clean my p.c. every now and then.
ladyross
Regular Member
 
Posts: 35
Joined: June 17th, 2011, 10:11 pm
Advertisement
Register to Remove

PreviousNext

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 316 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware