joibrooks
asked on
remove searchqu
I've read another post submitted by someone else regarding searchqu, but the solution wasn't selected. I was on the phone with McAfee and they were trouble shooting a problem and during that process downloaded some software that installed searchqu. I'm not thrilled with McAfee but really don't have time for another 3 hour all with them. I want searchqu off my machine!
I'm doing the following:
Running McAfee complete scan
Running Malwarebytes Anti malware
Ran Hijack This:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:23:36 PM, on 8/23/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Citrix\GoToMeeting\8 80\g2mstar t.exe
C:\Users\Harry\AppData\Loc al\Akamai\ netsession _win.exe
C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Users\Harry\AppData\Loc al\Akamai\ netsession _win.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeA RM.exe
C:\Program Files (x86)\iTunes\iTunesHelper. exe
C:\Program Files (x86)\Citrix\GoToMeeting\8 80\g2mcomm .exe
C:\Program Files (x86)\Citrix\GoToMeeting\8 80\g2mlaun cher.exe
C:\Users\Harry\AppData\Loc al\Google\ Chrome\App lication\c hrome.exe
C:\Users\Harry\AppData\Loc al\Google\ Chrome\App lication\c hrome.exe
C:\Users\Harry\AppData\Loc al\Google\ Chrome\App lication\c hrome.exe
C:\Users\Harry\AppData\Loc al\Google\ Chrome\App lication\c hrome.exe
C:\Users\Harry\AppData\Loc al\Google\ Chrome\App lication\c hrome.exe
C:\Users\Harry\AppData\Loc al\Google\ Chrome\App lication\c hrome.exe
c:\PROGRA~2\mcafee\SITEAD~ 1\saui.exe
C:\Users\Harry\AppData\Loc al\Google\ Chrome\App lication\c hrome.exe
C:\Users\Harry\Downloads\H ijackThis. exe
R1 - HKCU\Software\Microsoft\In ternet Explorer\Main,Default_Page _URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\In ternet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Default_Page _URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Default_Sear ch_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\In ternet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\In ternet Explorer\Search,SearchAssi stant =
R0 - HKLM\Software\Microsoft\In ternet Explorer\Search,CustomizeS earch =
R0 - HKLM\Software\Microsoft\In ternet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank. htm
R1 - HKCU\Software\Microsoft\Wi ndows\Curr entVersion \Internet Settings,ProxyOverride = 127.0.0.1:9421;*.local;<lo cal>
R0 - HKCU\Software\Microsoft\In ternet Explorer\Toolbar,LinksFold erName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C 042949C621 6} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\con tributeiep lugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-F A578C2EBDC 3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\Active X\AcroIEHe lperShim.d ll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-B E8AFE6163A B} - (no file)
O2 - BHO: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-F B6951629E5 5} - C:\Windows\SysWOW64\CbFsMn tNtf3.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D 4DAF1D92D4 3} - C:\Program Files (x86)\Java\jre7\bin\ssv.dl l
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6 309F01C523 1} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\Sc riptSn.201 2082314180 0.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5 164760863C 6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-0 0955acaa0a 7} - C:\PROGRA~2\SEARCH~1\Datam ngr\ToolBa r\searchqu dtx.dll
O2 - BHO: DataMngr - {9D717F81-9148-4f12-8568-6 9135F087DB 0} - C:\PROGRA~2\SEARCH~1\Datam ngr\BROWSE ~1.DLL
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1 455CBEFF28 9} - C:\Program Files (x86)\Windows Live\Companion\companionco re.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0 445EE16191 0} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\Active X\AcroIEFa vClient.dl l
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2 CD0E90A88F F} - c:\progra~2\mcafee\sitead~ 1\mcieplg. dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-4 2B3008E02F F} - C:\PROGRA~2\MICROS~2\Offic e14\URLRED IR.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-0 3dc2f38c34 f} - "C:\Program Files (x86)\Microsoft\BingBar\Bi ngExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9 C25C1C588A 9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv .dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-6 65D8EE6A07 7} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\Active X\AcroIEFa vClient.dl l
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8 fa844297b3 f} - "C:\Program Files (x86)\Microsoft\BingBar\Bi ngExt.dll" (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0 819E2EAAC9 3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\Active X\AcroIEFa vClient.dl l
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2 B52B6139FC 7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\con tributeiep lugin.dll
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-0 0955acaa0a 7} - C:\PROGRA~2\SEARCH~1\Datam ngr\ToolBa r\searchqu dtx.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-5 16ABECAE06 4} - c:\progra~2\mcafee\sitead~ 1\mcieplg. dll
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe "
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.ex e" /DelayServices
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\Sw itchBoard. exe
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceMa nager\CS5. 5ServiceMa nager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.ex e"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeA RM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper. exe"
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datam ngr\DATAMN ~1.EXE
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mca gent.exe" /runkey
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate \DSUpdate. exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate \DSUpdate. exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe " /background
O4 - HKCU\..\Run: [GoToMeeting] "C:\Program Files (x86)\Citrix\GoToMeeting\8 80\g2mstar t.exe" "/Trigger RunAtLogon"
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Harry\AppData\Lo cal\Akamai \netsessio n_win.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Harry\AppData\Lo cal\Google \Update\Go ogleUpdate .exe" /c
O4 - HKCU\..\Run: [eFax 4.4] "C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe" /R
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDo ck.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDo ck.exe
O4 - Startup: eFax 4.4.lnk = C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe
O4 - Startup: OpenOffice.org 3.4.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Jungle Disk Workgroup.lnk = C:\Program Files\Jungle Disk Workgroup\JungleDiskWorkgr oup.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2 \Office12\ EXCEL.EXE/ 3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionla ng.dll,-60 0 - {0000036B-C524-4050-81A0-2 43669A86B9 F} - C:\Program Files (x86)\Windows Live\Companion\companionco re.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWri terShortcu ts.dll,-10 04 - {219C3416-8CB2-491a-A3C7-D 9FCDDC9D60 0} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserE xtension.d ll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWri terShortcu ts.dll,-10 03 - {219C3416-8CB2-491a-A3C7-D 9FCDDC9D60 0} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserE xtension.d ll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5 663EE0C6C4 9} - C:\PROGRA~2\MICROS~2\Offic e12\ONBttn IE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5 663EE0C6C4 9} - C:\PROGRA~2\MICROS~2\Offic e12\ONBttn IE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3 C9C571A826 3} - C:\PROGRA~2\MICROS~2\Offic e12\REFIEB AR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-0 67394E91CC 5} - c:\progra~2\mcafee\sitead~ 1\mcieplg. dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-0 67394E91CC 5} - c:\progra~2\mcafee\sitead~ 1\mcieplg. dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-8 3F89B8E632 4} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProto colHandler .dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-7 86C45D7569 2} - c:\progra~2\mcafee\msc\mcs niepl.dll
O20 - AppInit_DLLs: C:\PROGRA~2\SEARCH~1\Datam ngr\datamn gr.dll C:\PROGRA~2\SEARCH~1\Datam ngr\IEBHO. dll
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-F B6951629E5 5} - C:\Windows\SysWOW64\CbFsMn tNtf3.dll
O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-F B6951629E5 5} - C:\Windows\SysWOW64\CbFsMn tNtf3.dll
O23 - Service: McAfee Application Installer Cleanup (0068121345740298) (0068121345740298mcinstcle anup) - McAfee, Inc. - C:\Users\Harry\AppData\Loc al\Temp\00 6812~1.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc ) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macrom ed\Flash\F lashPlayer UpdateServ ice.exe
O23 - Service: @%SystemRoot%\system32\Alg .exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.ex e (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceS ervice.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponde r.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLo gin.exe
O23 - Service: @%SystemRoot%\system32\efs svc.dll,-1 00 (EFS) - Unknown owner - C:\Windows\System32\lsass. exe (file missing)
O23 - Service: @%systemroot%\system32\fxs resm.dll,- 118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc .exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService .exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\61 5\g2aservi ce.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService .exe
O23 - Service: JungleDiskWorkgroupService - Jungle Disk, Inc. - C:\Program Files\Jungle Disk Workgroup\JungleDiskWorkgr oup.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass. exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.e xe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McS vHost.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McS vHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McS vHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McS vHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McS vHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mco ds.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McS vHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\m cshield.ex e
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\m fefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtp s.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc. exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McS vHost.exe
O23 - Service: @%SystemRoot%\System32\net logon.dll, -102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass. exe (file missing)
O23 - Service: @%systemroot%\system32\psb ase.dll,-3 00 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass. exe (file missing)
O23 - Service: @%systemroot%\system32\Loc ator.exe,- 2 (RpcLocator) - Unknown owner - C:\Windows\system32\locato r.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sam srv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass. exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: @%SystemRoot%\system32\snm ptrap.exe, -3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptr ap.exe (file missing)
O23 - Service: @%systemroot%\system32\spo olsv.exe,- 1 (Spooler) - Unknown owner - C:\Windows\System32\spools v.exe (file missing)
O23 - Service: @%SystemRoot%\system32\spp svc.exe,-1 01 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc .exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\Driver Store\File Repository \stwrt64.i nf_amd64_n eutral_afc 3018f8cfed d20\STacSV 64.exe
O23 - Service: Stuffit Archive Name Service - Smith Micro Software, Inc. - C:\Program Files (x86)\Smith Micro\StuffIt 2010\ArcNameService.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\Sw itchBoard. exe
O23 - Service: @%SystemRoot%\system32\ui0 detect.exe ,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Det ect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vau ltsvc.dll, -1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass. exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds .exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.ex e (file missing)
O23 - Service: @%systemroot%\system32\vss vc.exe,-10 2 (VSS) - Unknown owner - C:\Windows\system32\vssvc. exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat \WatUX.exe ,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\Wa tAdminSvc. exe (file missing)
O23 - Service: @%systemroot%\system32\wbe ngine.exe, -104 (wbengine) - Unknown owner - C:\Windows\system32\wbengi ne.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
O23 - Service: @%Systemroot%\system32\wbe m\wmiapsrv .exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\W miApSrv.ex e (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 17345 bytes
Please advise! Please!!
I'm doing the following:
Running McAfee complete scan
Running Malwarebytes Anti malware
Ran Hijack This:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:23:36 PM, on 8/23/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Citrix\GoToMeeting\8
C:\Users\Harry\AppData\Loc
C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Users\Harry\AppData\Loc
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeA
C:\Program Files (x86)\iTunes\iTunesHelper.
C:\Program Files (x86)\Citrix\GoToMeeting\8
C:\Program Files (x86)\Citrix\GoToMeeting\8
C:\Users\Harry\AppData\Loc
C:\Users\Harry\AppData\Loc
C:\Users\Harry\AppData\Loc
C:\Users\Harry\AppData\Loc
C:\Users\Harry\AppData\Loc
C:\Users\Harry\AppData\Loc
c:\PROGRA~2\mcafee\SITEAD~
C:\Users\Harry\AppData\Loc
C:\Users\Harry\Downloads\H
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\Wi
R0 - HKCU\Software\Microsoft\In
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-F
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-B
O2 - BHO: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-F
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-0
O2 - BHO: DataMngr - {9D717F81-9148-4f12-8568-6
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-4
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-0
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-6
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-0
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-5
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.ex
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\Sw
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager]
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.ex
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeA
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datam
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mca
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
O4 - HKCU\..\Run: [GoToMeeting] "C:\Program Files (x86)\Citrix\GoToMeeting\8
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Harry\AppData\Lo
O4 - HKCU\..\Run: [Google Update] "C:\Users\Harry\AppData\Lo
O4 - HKCU\..\Run: [eFax 4.4] "C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe" /R
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDo
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDo
O4 - Startup: eFax 4.4.lnk = C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe
O4 - Startup: OpenOffice.org 3.4.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Jungle Disk Workgroup.lnk = C:\Program Files\Jungle Disk Workgroup\JungleDiskWorkgr
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionla
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWri
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWri
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-0
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-0
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-8
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-7
O20 - AppInit_DLLs: C:\PROGRA~2\SEARCH~1\Datam
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-F
O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-F
O23 - Service: McAfee Application Installer Cleanup (0068121345740298) (0068121345740298mcinstcle
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc
O23 - Service: @%SystemRoot%\system32\Alg
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceS
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponde
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLo
O23 - Service: @%SystemRoot%\system32\efs
O23 - Service: @%systemroot%\system32\fxs
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\61
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService
O23 - Service: JungleDiskWorkgroupService
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.e
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McS
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McS
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McS
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McS
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McS
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mco
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McS
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\m
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\m
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtp
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McS
O23 - Service: @%SystemRoot%\System32\net
O23 - Service: @%systemroot%\system32\psb
O23 - Service: @%systemroot%\system32\Loc
O23 - Service: @%SystemRoot%\system32\sam
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: @%SystemRoot%\system32\snm
O23 - Service: @%systemroot%\system32\spo
O23 - Service: @%SystemRoot%\system32\spp
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\Driver
O23 - Service: Stuffit Archive Name Service - Smith Micro Software, Inc. - C:\Program Files (x86)\Smith Micro\StuffIt 2010\ArcNameService.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\Sw
O23 - Service: @%SystemRoot%\system32\ui0
O23 - Service: @%SystemRoot%\system32\vau
O23 - Service: @%SystemRoot%\system32\vds
O23 - Service: @%systemroot%\system32\vss
O23 - Service: @%SystemRoot%\system32\Wat
O23 - Service: @%systemroot%\system32\wbe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
O23 - Service: @%Systemroot%\system32\wbe
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 17345 bytes
Please advise! Please!!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Spybot came back with 6 problems which I fixed. I'm running that again. I don't see a way to download the log or save to a text file to attach.
TDSSkiller came back with only 2 file (Akamai, which I copied to quarantine, but didn't delete).
McAfee isn't finished yet, 42%.
I have not rebooted my computer since McAfee is still running.
What next?
TDSSkiller came back with only 2 file (Akamai, which I copied to quarantine, but didn't delete).
McAfee isn't finished yet, 42%.
I have not rebooted my computer since McAfee is still running.
What next?
Hi There
Did TDSS recommend pushing it to quarantine?
In the HiJackThis log you posted it should that you had a searchqu toolbar installed. Did spybot remove that?
If not you are going to need to go to Control Panel>Programs and Features and remove it from there.
Then need to reset Internet Explorer back to default settings.-
Open Internet Explorer
Click the Gear or Settings
Internet Options
Advanced Tab
Restore Advanced Settings
Reset (button below the above)
Restart Internet Explorer and change your home page back to whatever you had it.
What happens now?
Did TDSS recommend pushing it to quarantine?
In the HiJackThis log you posted it should that you had a searchqu toolbar installed. Did spybot remove that?
If not you are going to need to go to Control Panel>Programs and Features and remove it from there.
Then need to reset Internet Explorer back to default settings.-
Open Internet Explorer
Click the Gear or Settings
Internet Options
Advanced Tab
Restore Advanced Settings
Reset (button below the above)
Restart Internet Explorer and change your home page back to whatever you had it.
What happens now?
ASKER
I use Chrome, Firefox and IE. I work for an online marketing company, so I need Chrome, Firefox and IE to function properly. It may be that I'm running my CPU to death here, I can't even open IE. Chrome is open, but opening a new tab takes me to a rogue search page. The same with Firefox. Maleware prevents the page from loading, at this point. That may be the problem that I'm having with IE... it is trying to navigate to an odd page, and Maleware won't let it load.
No, Spybot didn't remove that tool bar. I'm managing that manually.
Spybot removed everything I asked but one file, that report is attached.
McAfee is still at 42%. I've closed every app on my computer but Chrome, McAfee and RogeKiller. What about the files (sent to you in a jpeg) that Rouge Killer found. Should I delete them?
No, TDSS did not recommend that I quarantine. I did that on my own. Bad?
SpybotSD.Results.txt
No, Spybot didn't remove that tool bar. I'm managing that manually.
Spybot removed everything I asked but one file, that report is attached.
McAfee is still at 42%. I've closed every app on my computer but Chrome, McAfee and RogeKiller. What about the files (sent to you in a jpeg) that Rouge Killer found. Should I delete them?
No, TDSS did not recommend that I quarantine. I did that on my own. Bad?
SpybotSD.Results.txt
ASKER
this is what i get now in chrome when i try to open a new tab:
This webpage is not found
No webpage was found for the web address: chrome-extension://bmapjpn dbiamjgnbl nlpghpbjcc ijkbc/conf ig/skin/ne w-tab.html
Error 6 (net::ERR_FILE_NOT_FOUND): The file or directory could not be found.
This webpage is not found
No webpage was found for the web address: chrome-extension://bmapjpn
Error 6 (net::ERR_FILE_NOT_FOUND):
ASKER
Okay. Decided to reboot (42% for McAfee for the last 2 hours appears as if it was stuck!?).
On reboot, browsers appear to be behaving.
Next?
Thank you!
On reboot, browsers appear to be behaving.
Next?
Thank you!
Hi Sorry
Drive time and dinner time.
First Question you asked-
Pictures of files in Rogue Killer- Run that program again and see what shows up now.
Next Question- What you quarantine was a add on that does a feel different things, but won't harm you.
Chrome is saying that because you have it in your settings to open up a specific tab. You need to reset the setting in chrome or just the page to open on new tab.
======
Click the Wrench>Settings
Under on Startup- Change that setting to New Tab. Click the blue link under that that says "specific pages" and make sure only ones you want are in there. I leave blank.
======
Restart Chrome and see if that got it fixed.
For good measure I would also use Ccleaner to clean out your temp files and so forth. I would also use the registry cleaner and scan and fix those errors also. MAKE SURE YOU BACK UP WHEN IT ASKS YOU TOO. Playing with the registry can lead to trouble. But Ccleaner hasn't failed me yet.
======
For good measure could you run another HiJackThis report and post the log?
Also do you see to have anything else acting funny on the computer or does it seem to be normal now?
Drive time and dinner time.
First Question you asked-
Pictures of files in Rogue Killer- Run that program again and see what shows up now.
Next Question- What you quarantine was a add on that does a feel different things, but won't harm you.
Chrome is saying that because you have it in your settings to open up a specific tab. You need to reset the setting in chrome or just the page to open on new tab.
======
Click the Wrench>Settings
Under on Startup- Change that setting to New Tab. Click the blue link under that that says "specific pages" and make sure only ones you want are in there. I leave blank.
======
Restart Chrome and see if that got it fixed.
For good measure I would also use Ccleaner to clean out your temp files and so forth. I would also use the registry cleaner and scan and fix those errors also. MAKE SURE YOU BACK UP WHEN IT ASKS YOU TOO. Playing with the registry can lead to trouble. But Ccleaner hasn't failed me yet.
======
For good measure could you run another HiJackThis report and post the log?
Also do you see to have anything else acting funny on the computer or does it seem to be normal now?
ASKER
No problem and thank you! I'm running McAfee (again) with hopes that it will finish a complete scan. Then I will run through your items and follow up on each. Yesterday was a waste of a day, between McAfee agent trying to fix the security software but downloading an infected file on my desktop instead, and then me trying to undo that damage. I've got my work cut out for me today.
Will come back with more information mid-morning (US ET).
Will come back with more information mid-morning (US ET).
No worries
Everything will eventually be better :)
Everything will eventually be better :)
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ran CCleaner.
I'm a little nervous about "fixing" the registry. It found a fair number of issues. The last thing I want is to lose my apps and data.
I did a registry "export" by main keys. Is that what you consider a backup? CCleaner didn't prompt me to backup the registry, but I didn't ask it to fix the registry, only to analyze it.
Let me know if I'm being conservative or foolish.
Ran roge killer, malewarebit and hijack this. Log files are attached.
Look and feel... the system is back to where it was before yesterday. However, as far as maleware and virus infection... I've seen this type of thing rear it's nasty head when you least expect it, month's and years down the line.
If I keep saying the same thing over and again, it is because I'm very thankful for your services. So, thank you again!
Rkill-24aug12.txt
mbam-log-2012-08-24--12-25-27-.txt
hijackthis-24aug12.txt
I'm a little nervous about "fixing" the registry. It found a fair number of issues. The last thing I want is to lose my apps and data.
I did a registry "export" by main keys. Is that what you consider a backup? CCleaner didn't prompt me to backup the registry, but I didn't ask it to fix the registry, only to analyze it.
Let me know if I'm being conservative or foolish.
Ran roge killer, malewarebit and hijack this. Log files are attached.
Look and feel... the system is back to where it was before yesterday. However, as far as maleware and virus infection... I've seen this type of thing rear it's nasty head when you least expect it, month's and years down the line.
If I keep saying the same thing over and again, it is because I'm very thankful for your services. So, thank you again!
Rkill-24aug12.txt
mbam-log-2012-08-24--12-25-27-.txt
hijackthis-24aug12.txt
Hi Again
As Ssharma mentioned- It's a good idea to run OTL in his link. That's a amazing program.
Could you run that and post the log, please?
HiJackThis has 2 things you can remove-
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-0 0955acaa0a 7} - C:\PROGRA~2\SEARCH~1\Datam ngr\ToolBa r\searchqu dtx.dll (file missing)
O3 - Toolbar: (no name) - !{0EBBBE48-BAD4-4B4C-8E5A- 516ABECAE0 64} - (no file)
But need that OTL scan for your 64bit, I forgot that HiJackThis doesn't do 64bit super well.
As for Registry Fix in Ccleaner- I understand you are neverous about it. I was also when I first did it. After you analyze and click the fix errors button it will ask you if you want to back up the registry then that is where I click yes.
Viruses, if cured completely, don't rear their head again. Now a new virus can get itself attached to your computer and you could be reinfected, thats why it is always good to keep your antivirus up to date and be careful at where you browse.
Depending on the OTL scan, I think you are good to go.
As Ssharma mentioned- It's a good idea to run OTL in his link. That's a amazing program.
Could you run that and post the log, please?
HiJackThis has 2 things you can remove-
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-0
O3 - Toolbar: (no name) - !{0EBBBE48-BAD4-4B4C-8E5A-
But need that OTL scan for your 64bit, I forgot that HiJackThis doesn't do 64bit super well.
As for Registry Fix in Ccleaner- I understand you are neverous about it. I was also when I first did it. After you analyze and click the fix errors button it will ask you if you want to back up the registry then that is where I click yes.
Viruses, if cured completely, don't rear their head again. Now a new virus can get itself attached to your computer and you could be reinfected, thats why it is always good to keep your antivirus up to date and be careful at where you browse.
Depending on the OTL scan, I think you are good to go.
I say the above and then I re-read the rkill report about the process it terminated.
Did you run a full malwarebytes scan 16minutes seems pretty short for a full scan?
Did you run a full malwarebytes scan 16minutes seems pretty short for a full scan?
ASKER
running OTL now.
did a quick scan with maleware. i'll fun a full one after OTL.
will run CCleaner against the registry and then run a fix as well.
i'll get back with the newer logs.
thanking ssharma and ben... i appreciate your help...
did a quick scan with maleware. i'll fun a full one after OTL.
will run CCleaner against the registry and then run a fix as well.
i'll get back with the newer logs.
thanking ssharma and ben... i appreciate your help...
ASKER
when you say
"you can remove-
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-0 0955acaa0a 7} - C:\PROGRA~2\SEARCH~1\Datam ngr\ToolBa r\searchqu dtx.dll (file missing)
O3 - Toolbar: (no name) - !{0EBBBE48-BAD4-4B4C-8E5A- 516ABECAE0 64} - (no file)"
how do i remove?
otl files are attached.
malewarebite full scan running now...
Extras.Txt
OTL.Txt
"you can remove-
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-0
O3 - Toolbar: (no name) - !{0EBBBE48-BAD4-4B4C-8E5A-
how do i remove?
otl files are attached.
malewarebite full scan running now...
Extras.Txt
OTL.Txt
To remove on hijackthis-
Check mark the box beside each one of those items I listed then at the bottom press- Fix Checked.
We need to reset your FireFox back to default settings-
===
http://support.mozilla.org/en-US/kb/reset-preferences-fix-problems
Firefox button at top- or settings>Help>Troubleshoot ing Information>Reset Firefox (on the right side)
===
Have you updated McAfee?
My eyes may have failed me, but that OTL should look clean after you clicked that button in HiJackThis.
In OTL also Click the RunFix and CleanUp.
===
Check mark the box beside each one of those items I listed then at the bottom press- Fix Checked.
We need to reset your FireFox back to default settings-
===
http://support.mozilla.org/en-US/kb/reset-preferences-fix-problems
Firefox button at top- or settings>Help>Troubleshoot
===
Have you updated McAfee?
My eyes may have failed me, but that OTL should look clean after you clicked that button in HiJackThis.
In OTL also Click the RunFix and CleanUp.
===
Hello joibrooks,
Run this custom script and when it is complete I need to know how the computer is doing
Run OTL Script
Double-click OTL.exe to start the program.
Copy and Paste the following code into the Custom Scans/Fixes textbox.
========================== ========== ======
:otl
O2:64bit: - BHO: (no name) - {27B4851A-3207-45A2-B947-B E8AFE6163A B} - No CLSID value found.
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-B E8AFE6163A B} - No CLSID value found.
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-0 0955acaa0a 7} - C:\PROGRA~2\SEARCH~1\Datam ngr\ToolBa r\searchqu dtx.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - !{0EBBBE48-BAD4-4B4C-8E5A- 516ABECAE0 64} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{0EBBBE48-BAD4-4B4C-8E5A- 516ABECAE0 64} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-0 0955acaa0a 7} - C:\PROGRA~2\SEARCH~1\Datam ngr\ToolBa r\searchqu dtx.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser : (no name) - {21FA44EF-376D-4D53-9B0F-8 A89D322906 8} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceMa nager\CS5. 5Se File not found
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe File not found
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - Startup: C:\Users\Harry\AppData\Roa ming\Micro soft\Windo ws\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files (x86)\Dell\DellDock\DellDo ck.exe File not found
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8 E305202313 F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-0 0c04f8ec29 4} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0 000F810575 4} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8 E305202313 F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtm l {03C514A3-1EFB-4856-9F99-1 0D7BE1653C 0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-8 3F89B8E632 4} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist : DllName - Reg Error: Key error. - C:\Program Files (x86)\Citrix\GoToAssist\61 5\g2awinlo gon_x64.dl l (Citrix Online, a division of Citrix Systems, Inc.)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxd ev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-0 0AA005127E D} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-0 0AA005127E D} - CLSID or File not found.
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
:Files
C:\TDSSKiller_Quarantine
C:\Windows\tasks\SA.DAT
ipconfig /flushdns /c
:Commands
[PURITY]
[EMPTYTEMP]
[emptyjava]
[EMPTYFLASH]
[RESETHOSTS]
========================== ========== =======
Then click the Run Fix button at the top.
Click OK
OTL may ask to reboot the machine. Please do so if asked.
The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.
Run this custom script and when it is complete I need to know how the computer is doing
Run OTL Script
Double-click OTL.exe to start the program.
Copy and Paste the following code into the Custom Scans/Fixes textbox.
==========================
:otl
O2:64bit: - BHO: (no name) - {27B4851A-3207-45A2-B947-B
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-B
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-0
O3:64bit: - HKLM\..\Toolbar: (no name) - !{0EBBBE48-BAD4-4B4C-8E5A-
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{0EBBBE48-BAD4-4B4C-8E5A-
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-0
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager]
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe File not found
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - Startup: C:\Users\Harry\AppData\Roa
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-0
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8
O18:64bit: - Protocol\Handler\wlmailhtm
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-8
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxd
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-0
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-0
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
:Files
C:\TDSSKiller_Quarantine
C:\Windows\tasks\SA.DAT
ipconfig /flushdns /c
:Commands
[PURITY]
[EMPTYTEMP]
[emptyjava]
[EMPTYFLASH]
[RESETHOSTS]
==========================
Then click the Run Fix button at the top.
Click OK
OTL may ask to reboot the machine. Please do so if asked.
The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.
ASKER
Hello, ssharma. I ran the script through the OTL app. Report is attached.
08272012-091751.log
08272012-091751.log
Great, now please run the ESET online scan on your computer and when finished let us know how your system is working.
ESET online scan
http://www.eset.com/us/online-scanner
Sudeep
ESET online scan
http://www.eset.com/us/online-scanner
Sudeep
ASKER
ESET is running now.
Thank you for jumping in and assisting Ssharma
ASKER
You've both been priceless, and that's for the record.
ESET is still scanning (18%). I'll follow up when it completes the scan.
ESET is still scanning (18%). I'll follow up when it completes the scan.
No problem.
Just make sure that when ESET is done, you would need to remove all the tools and there quarantines, which were used to remove the infection.
Also make sure you are able to do Windows Update, and also that you are running latest versions of Adobe Flash, Adobe Acrobat Reader and Java.
Just make sure that when ESET is done, you would need to remove all the tools and there quarantines, which were used to remove the infection.
Also make sure you are able to do Windows Update, and also that you are running latest versions of Adobe Flash, Adobe Acrobat Reader and Java.
Also I would run another Ccleaner to clean out all temp files and recycle bin stuff. We don't want this causing any stragglers.
ASKER
I ran ESET last night and it found 3 files. I'm running it again. I'll also run CCleaner, as Ben_b3n recommends.
SSharma, What do you mean: "when ESET is done, you would need to remove all the tools and there quarantines, which were used to remove the infection."
SSharma, What do you mean: "when ESET is done, you would need to remove all the tools and there quarantines, which were used to remove the infection."
Tools like TDSSKiller, Combofix, RogueKiller, Rkill etc. Even OTL.
From OTL you could cleanup most of them. Just click on "Cleanup" button. Once that done remove the OTL as well.
From OTL you could cleanup most of them. Just click on "Cleanup" button. Once that done remove the OTL as well.
ASKER
okay, thank you. that's clear enough!
ASKER
i ran cclean and fixed everything (files and registry). i uninstalled the programs through the control panel's programs and features. then i removed apps on my desktop. i can't seem to get rid of the maleware software, it keeps telling me that it is running even though I've uninstalled it. i removed as many of the files in the folder that i could, rebooted, and now i don't see it running in my processes any more, but it will won't allow me to delete the folder, either.
i haven't removed cclean yet.
i haven't removed cclean yet.
Maleware software? Do you mean Malwarebytes?
Or do you mean seachqu is still there?
Here is a link for Malwarebytes uninstall process- HERE
Or do you mean seachqu is still there?
Here is a link for Malwarebytes uninstall process- HERE
ASKER
yes i meant malwarebytes, sorry for that confusion.
i used windows programs and features to uninstall all the apps noted in the previous thread, so the damage is done. there is no malewarebyes application in the apps list to option to uninstall, just remnants of a folder with a few files that can't be deleted.
ugh! any other recommendations? start the computer in safe mode and try deleting that way?
i used windows programs and features to uninstall all the apps noted in the previous thread, so the damage is done. there is no malewarebyes application in the apps list to option to uninstall, just remnants of a folder with a few files that can't be deleted.
ugh! any other recommendations? start the computer in safe mode and try deleting that way?
ASKER
safe mode and a delete worked.
any last recommendations before i sign off?
would you mind if i accepted both your solutions, as you were both very helpful?
any last recommendations before i sign off?
would you mind if i accepted both your solutions, as you were both very helpful?
ASKER
Thank you again for responsive and thorough solutions, Ben_b3n and SSharma.
Hi Joi!
Sorry- I have come down with a sickness and didn't have laptop.
I was going to suggest- Revo Uninstaller to fully delete the hard stuff.
Last recommendation- Keep Anti Virus up to date and let us know if you need any more help :)
I don't mind at all- I'm just happy everything worked smoothly for you.
Take Care
Sorry- I have come down with a sickness and didn't have laptop.
I was going to suggest- Revo Uninstaller to fully delete the hard stuff.
Last recommendation- Keep Anti Virus up to date and let us know if you need any more help :)
I don't mind at all- I'm just happy everything worked smoothly for you.
Take Care
ASKER
McAfee is still running at 19%.
SpyBot is running
Will allow these processes to complete and follow up with this help thread as soon as possible.
Thank you for your ultra quick response.
I still have an open ticket with McAfee (they could not resolve the initial reason for my call). So when they follow up with me, I'm going to ask for anti-virus free software for life.
mbam-log-2012-08-23--15-08-32-.txt
protection-log-2012-08-23.txt
Rkill.txt
rogue-kill-screen-capture.JPG