Help
I have a Dell Studio PC, use Windows Vista and use Firefox.
Thanks
David
This post has been edited by Professorbed: 07 July 2011 - 11:44 AM
Page 1 of 1
- You cannot start a new topic
-
This topic is locked
Searchqu. Am i infected?
#1
- Member
-
- Group: Members
- Posts: 57
- Joined: 21-February 10
- Gender:Male
- Location:Bournemouth, England
Posted 07 July 2011 - 11:25 AM
Today i have been getting as my home page a site for Searchqu only. Fortuntely this is blocked by my Malwarebytes. I have tried putting in all my usual home page tabs e.g. BBC & wikipedia and applying and OK'ing but it still reverts to Searchqu. Please can i have some help in getting rid of this 'incovenience'
I have a Dell Studio PC, use Windows Vista and use Firefox.
Thanks
David
I have a Dell Studio PC, use Windows Vista and use Firefox.
Thanks
David
Back to top
#2
- The Coolest BC Computer
-
- Group: BC Advisor
- Posts: 22,167
- Joined: 01-February 08
- Gender:Male
- Location:Daly City, CA
Posted 07 July 2011 - 10:30 PM
Download Security Check from HERE, and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
=============================================================================
Please download MiniToolBox and run it.
Checkmark following boxes:
Click Go and post the result.
=============================================================================
Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.
Be sure to restart the computer.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
=============================================================================
Please download GMER from one of the following locations and save it to your desktop:
IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
=============================================================================
Please download MiniToolBox and run it.
Checkmark following boxes:
- Report IE Proxy Settings
- List content of Hosts
- List IP configuration
- List last 10 Event Viewer log
- List Users, Partitions and Memory size
Click Go and post the result.
=============================================================================
Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.
Be sure to restart the computer.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
=============================================================================
Please download GMER from one of the following locations and save it to your desktop:
- Main Mirror
This version will download a randomly named file (Recommended) - Zipped Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
- Disconnect from the Internet and close all running programs.
- Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
- Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
- Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
- GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
- If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
- Now click the Scan button. If you see a rootkit warning window, click OK.
- When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
- Click the Copy button and paste the results into your next reply.
- Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.
#3
- Member
-
- Group: Members
- Posts: 57
- Joined: 21-February 10
- Gender:Male
- Location:Bournemouth, England
Posted 08 July 2011 - 05:22 PM
Thank you very much for your time and your reply. Much appreciated.
checkup.txt
Results of screen317's Security Check version 0.99.7
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
McAfee Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Adobe Flash Player 10.3.181.26
Adobe Reader X (10.1.0)
Mozilla Firefox (x86 en-GB..) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
``````````End of Log````````````
MiniToolBox by Farbar
Ran by David (administrator) on 08-07-2011 at 18:03:35
Windows Vista ™ Home Premium Service Pack 2 (X86)
***************************************************************************
========================= IE Proxy Settings: ==============================
Proxy is not enabled.
No Proxy Server is set.
========================= End of IE Proxy Settings ========================
=============== Hosts content: ============================================
# Copyright © 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
::1 localhost
=============== End of Hosts ==============================================
================= IP Configuration: =======================================
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
reset
set global icmpredirects=enabled
popd
# End of IPv4 configuration
Windows IP Configuration
Host Name . . . . . . . . . . . . : David-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Belkin F6D4050 Enhanced Wireless USB Adapter
Physical Address. . . . . . . . . : 00-22-75-54-1C-52
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::f985:6c56:6451:e8c8%9(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 08 July 2011 17:53:02
Lease Expires . . . . . . . . . . : 09 July 2011 17:57:45
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 151003765
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-9D-23-BC-00-21-70-57-AE-00
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 00-21-70-57-AE-00
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 7:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{00798267-DCA9-4021-B757-5A4F4DCF6C91}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 9:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:3498:2a56:3f57:fffd(Preferred)
Link-local IPv6 Address . . . . . : fe80::3498:2a56:3f57:fffd%10(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Tunnel adapter Local Area Connection* 6:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : isatap.home
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: myrouter.home
Address: 192.168.0.1
Name: google.com
Addresses: 209.85.143.99
209.85.143.104
Pinging google.com [209.85.143.104] with 32 bytes of data:
Reply from 209.85.143.104: bytes=32 time=46ms TTL=54
Reply from 209.85.143.104: bytes=32 time=42ms TTL=54
Ping statistics for 209.85.143.104:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 42ms, Maximum = 46ms, Average = 44ms
Server: myrouter.home
Address: 192.168.0.1
Name: yahoo.com
Addresses: 69.147.125.65
72.30.2.43
98.137.149.56
209.191.122.70
67.195.160.76
Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=148ms TTL=48
Reply from 209.191.122.70: bytes=32 time=151ms TTL=48
Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 148ms, Maximum = 151ms, Average = 149ms
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=3ms TTL=128
Reply from 127.0.0.1: bytes=32 time=1ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 3ms, Average = 2ms
===========================================================================
Interface List
9 ...00 22 75 54 1c 52 ...... Belkin F6D4050 Enhanced Wireless USB Adapter
8 ...00 21 70 57 ae 00 ...... Realtek PCIe GBE Family Controller
1 ........................... Software Loopback Interface 1
13 ...00 00 00 00 00 00 00 e0 isatap.{00798267-DCA9-4021-B757-5A4F4DCF6C91}
10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
14 ...00 00 00 00 00 00 00 e0 isatap.home
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.2 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.2 281
192.168.0.2 255.255.255.255 On-link 192.168.0.2 281
192.168.0.255 255.255.255.255 On-link 192.168.0.2 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.2 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.2 281
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
10 18 ::/0 On-link
1 306 ::1/128 On-link
10 18 2001::/32 On-link
10 266 2001:0:5ef5:79fb:3498:2a56:3f57:fffd/128
On-link
9 281 fe80::/64 On-link
10 266 fe80::/64 On-link
10 266 fe80::3498:2a56:3f57:fffd/128
On-link
9 281 fe80::f985:6c56:6451:e8c8/128
On-link
1 306 ff00::/8 On-link
10 266 ff00::/8 On-link
9 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
================= End of IP Configuration =================================
========================= Event log errors: ===============================
Application errors:
==================
Error: (07/08/2011 05:57:40 PM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft Visual C++ 2005 Redistributable -- Error 1606.Could not access network location %APPDATA%\.
Error: (07/08/2011 05:57:40 PM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft Visual C++ 2005 Redistributable -- Error 1606.Could not access network location %APPDATA%\.
Error: (07/07/2011 05:46:01 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\DAVID\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\R6AOXEVP.DEFAULT\CACHE\9> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Error: (07/07/2011 05:46:01 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\DAVID\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\R6AOXEVP.DEFAULT\CACHE\9> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Error: (07/07/2011 05:46:00 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\DAVID\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\R6AOXEVP.DEFAULT\CACHE\8> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Error: (07/07/2011 05:46:00 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\DAVID\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\R6AOXEVP.DEFAULT\CACHE\8> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Error: (07/07/2011 05:46:00 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\DAVID\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\R6AOXEVP.DEFAULT\CACHE\7> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Error: (07/07/2011 05:46:00 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\DAVID\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\R6AOXEVP.DEFAULT\CACHE\7> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Error: (07/07/2011 05:46:00 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\DAVID\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\R6AOXEVP.DEFAULT\CACHE\6> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Error: (07/07/2011 05:46:00 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\DAVID\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\R6AOXEVP.DEFAULT\CACHE\6> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
System errors:
=============
Error: (07/08/2011 05:52:59 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.0.2 for the Network Card with network address 002275541C52 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
Error: (07/06/2011 11:30:00 PM) (Source: cdrom) (User: )
Description: The device, \Device\CdRom0, has a bad block.
Error: (07/06/2011 11:30:00 PM) (Source: cdrom) (User: )
Description: The device, \Device\CdRom0, has a bad block.
Error: (07/06/2011 03:16:27 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.0.3 for the Network Card with network address 002275541C52 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
Error: (07/04/2011 04:21:48 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.0.3 for the Network Card with network address 002275541C52 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
Error: (07/03/2011 09:58:51 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.0.3 for the Network Card with network address 002275541C52 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
Error: (07/02/2011 11:37:28 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.0.3 for the Network Card with network address 002275541C52 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
Error: (07/02/2011 09:14:08 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.0.3 for the Network Card with network address 002275541C52 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
Error: (06/30/2011 04:20:48 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.0.3 for the Network Card with network address 002275541C52 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
Error: (06/29/2011 04:15:01 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.0.2 for the Network Card with network address 002275541C52 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
Microsoft Office Sessions:
=========================
Error: (07/08/2011 05:57:40 PM) (Source: MsiInstaller)(User: SYSTEM)SYSTEM
Description: Product: Microsoft Visual C++ 2005 Redistributable -- Error 1606.Could not access network location %APPDATA%\.(NULL)(NULL)(NULL)(NULL)
Error: (07/08/2011 05:57:40 PM) (Source: MsiInstaller)(User: SYSTEM)SYSTEM
Description: Product: Microsoft Visual C++ 2005 Redistributable -- Error 1606.Could not access network location %APPDATA%\.(NULL)(NULL)(NULL)(NULL)
Error: (07/07/2011 05:46:01 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\DAVID\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\R6AOXEVP.DEFAULT\CACHE\9
Error: (07/07/2011 05:46:01 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\DAVID\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\R6AOXEVP.DEFAULT\CACHE\9
Error: (07/07/2011 05:46:00 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\DAVID\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\R6AOXEVP.DEFAULT\CACHE\8
Error: (07/07/2011 05:46:00 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\DAVID\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\R6AOXEVP.DEFAULT\CACHE\8
Error: (07/07/2011 05:46:00 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\DAVID\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\R6AOXEVP.DEFAULT\CACHE\7
Error: (07/07/2011 05:46:00 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\DAVID\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\R6AOXEVP.DEFAULT\CACHE\7
Error: (07/07/2011 05:46:00 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\DAVID\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\R6AOXEVP.DEFAULT\CACHE\6
Error: (07/07/2011 05:46:00 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\DAVID\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\R6AOXEVP.DEFAULT\CACHE\6
========================= End of Event log errors =========================
========================= Memory info: ====================================
Percentage of memory in use: 40%
Total physical RAM: 3292.26 MB
Available physical RAM: 1959.73 MB
Total Pagefile: 6786.53 MB
Available Pagefile: 5143.52 MB
Total Virtual: 2047.88 MB
Available Virtual: 1959.09 MB
======================= Partitions: =======================================
1 Drive c: () (Fixed) (Total:931.51 GB) (Free:733.53 GB) NTFS
================= Users: ==================================================
User accounts for \\DAVID-PC
-------------------------------------------------------------------------------
Administrator David Guest
The command completed successfully.
================= End of Users ============================================
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Database version: 7044
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421
08/07/2011 18:10:47
mbam-log-2011-07-08 (18-10-47).txt
Scan type: Quick scan
Objects scanned: 152135
Time elapsed: 4 minute(s), 29 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
GMER 1.0.15.15640 - http://www.gmer.net
Rootkit quick scan 2011-07-08 23:14:24
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD103SJ rev.1AJ10001
Running: 41ijvid5.exe; Driver: C:\Users\David\AppData\Local\Temp\pgloapod.sys
---- System - GMER 1.0.15 ----
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x82A411E8]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x82A41212]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x82A411FE]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x82A411D4]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Tcp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
---- EOF - GMER 1.0.15 ----
Just to report the searchqu is still appearing when i use Firefox. It does get blocked by malwarebytes. It also appears if i use Google Chrome. It does NOT appear if i use Internet Explorer or Safari. I believe i got it when trying to download a couple of e-books off a site called iLivid (i thought it was safe having done a quick check off google). It wanted me to download extra bits which i declined, but it still did anyway. Hope all this helps. David
checkup.txt
Results of screen317's Security Check version 0.99.7
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
McAfee Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Adobe Flash Player 10.3.181.26
Adobe Reader X (10.1.0)
Mozilla Firefox (x86 en-GB..) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
``````````End of Log````````````
MiniToolBox by Farbar
Ran by David (administrator) on 08-07-2011 at 18:03:35
Windows Vista ™ Home Premium Service Pack 2 (X86)
***************************************************************************
========================= IE Proxy Settings: ==============================
Proxy is not enabled.
No Proxy Server is set.
========================= End of IE Proxy Settings ========================
=============== Hosts content: ============================================
# Copyright © 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
::1 localhost
=============== End of Hosts ==============================================
================= IP Configuration: =======================================
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
reset
set global icmpredirects=enabled
popd
# End of IPv4 configuration
Windows IP Configuration
Host Name . . . . . . . . . . . . : David-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Belkin F6D4050 Enhanced Wireless USB Adapter
Physical Address. . . . . . . . . : 00-22-75-54-1C-52
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::f985:6c56:6451:e8c8%9(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 08 July 2011 17:53:02
Lease Expires . . . . . . . . . . : 09 July 2011 17:57:45
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 151003765
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-9D-23-BC-00-21-70-57-AE-00
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 00-21-70-57-AE-00
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 7:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{00798267-DCA9-4021-B757-5A4F4DCF6C91}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 9:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:3498:2a56:3f57:fffd(Preferred)
Link-local IPv6 Address . . . . . : fe80::3498:2a56:3f57:fffd%10(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Tunnel adapter Local Area Connection* 6:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : isatap.home
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: myrouter.home
Address: 192.168.0.1
Name: google.com
Addresses: 209.85.143.99
209.85.143.104
Pinging google.com [209.85.143.104] with 32 bytes of data:
Reply from 209.85.143.104: bytes=32 time=46ms TTL=54
Reply from 209.85.143.104: bytes=32 time=42ms TTL=54
Ping statistics for 209.85.143.104:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 42ms, Maximum = 46ms, Average = 44ms
Server: myrouter.home
Address: 192.168.0.1
Name: yahoo.com
Addresses: 69.147.125.65
72.30.2.43
98.137.149.56
209.191.122.70
67.195.160.76
Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=148ms TTL=48
Reply from 209.191.122.70: bytes=32 time=151ms TTL=48
Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 148ms, Maximum = 151ms, Average = 149ms
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=3ms TTL=128
Reply from 127.0.0.1: bytes=32 time=1ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 3ms, Average = 2ms
===========================================================================
Interface List
9 ...00 22 75 54 1c 52 ...... Belkin F6D4050 Enhanced Wireless USB Adapter
8 ...00 21 70 57 ae 00 ...... Realtek PCIe GBE Family Controller
1 ........................... Software Loopback Interface 1
13 ...00 00 00 00 00 00 00 e0 isatap.{00798267-DCA9-4021-B757-5A4F4DCF6C91}
10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
14 ...00 00 00 00 00 00 00 e0 isatap.home
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.2 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.2 281
192.168.0.2 255.255.255.255 On-link 192.168.0.2 281
192.168.0.255 255.255.255.255 On-link 192.168.0.2 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.2 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.2 281
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
10 18 ::/0 On-link
1 306 ::1/128 On-link
10 18 2001::/32 On-link
10 266 2001:0:5ef5:79fb:3498:2a56:3f57:fffd/128
On-link
9 281 fe80::/64 On-link
10 266 fe80::/64 On-link
10 266 fe80::3498:2a56:3f57:fffd/128
On-link
9 281 fe80::f985:6c56:6451:e8c8/128
On-link
1 306 ff00::/8 On-link
10 266 ff00::/8 On-link
9 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
================= End of IP Configuration =================================
========================= Event log errors: ===============================
Application errors:
==================
Error: (07/08/2011 05:57:40 PM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft Visual C++ 2005 Redistributable -- Error 1606.Could not access network location %APPDATA%\.
Error: (07/08/2011 05:57:40 PM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft Visual C++ 2005 Redistributable -- Error 1606.Could not access network location %APPDATA%\.
Error: (07/07/2011 05:46:01 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\DAVID\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\R6AOXEVP.DEFAULT\CACHE\9> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Error: (07/07/2011 05:46:01 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\DAVID\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\R6AOXEVP.DEFAULT\CACHE\9> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Error: (07/07/2011 05:46:00 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\DAVID\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\R6AOXEVP.DEFAULT\CACHE\8> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Error: (07/07/2011 05:46:00 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\DAVID\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\R6AOXEVP.DEFAULT\CACHE\8> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Error: (07/07/2011 05:46:00 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\DAVID\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\R6AOXEVP.DEFAULT\CACHE\7> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Error: (07/07/2011 05:46:00 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\DAVID\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\R6AOXEVP.DEFAULT\CACHE\7> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Error: (07/07/2011 05:46:00 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\DAVID\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\R6AOXEVP.DEFAULT\CACHE\6> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Error: (07/07/2011 05:46:00 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\DAVID\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\R6AOXEVP.DEFAULT\CACHE\6> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
System errors:
=============
Error: (07/08/2011 05:52:59 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.0.2 for the Network Card with network address 002275541C52 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
Error: (07/06/2011 11:30:00 PM) (Source: cdrom) (User: )
Description: The device, \Device\CdRom0, has a bad block.
Error: (07/06/2011 11:30:00 PM) (Source: cdrom) (User: )
Description: The device, \Device\CdRom0, has a bad block.
Error: (07/06/2011 03:16:27 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.0.3 for the Network Card with network address 002275541C52 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
Error: (07/04/2011 04:21:48 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.0.3 for the Network Card with network address 002275541C52 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
Error: (07/03/2011 09:58:51 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.0.3 for the Network Card with network address 002275541C52 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
Error: (07/02/2011 11:37:28 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.0.3 for the Network Card with network address 002275541C52 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
Error: (07/02/2011 09:14:08 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.0.3 for the Network Card with network address 002275541C52 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
Error: (06/30/2011 04:20:48 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.0.3 for the Network Card with network address 002275541C52 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
Error: (06/29/2011 04:15:01 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.0.2 for the Network Card with network address 002275541C52 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
Microsoft Office Sessions:
=========================
Error: (07/08/2011 05:57:40 PM) (Source: MsiInstaller)(User: SYSTEM)SYSTEM
Description: Product: Microsoft Visual C++ 2005 Redistributable -- Error 1606.Could not access network location %APPDATA%\.(NULL)(NULL)(NULL)(NULL)
Error: (07/08/2011 05:57:40 PM) (Source: MsiInstaller)(User: SYSTEM)SYSTEM
Description: Product: Microsoft Visual C++ 2005 Redistributable -- Error 1606.Could not access network location %APPDATA%\.(NULL)(NULL)(NULL)(NULL)
Error: (07/07/2011 05:46:01 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\DAVID\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\R6AOXEVP.DEFAULT\CACHE\9
Error: (07/07/2011 05:46:01 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\DAVID\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\R6AOXEVP.DEFAULT\CACHE\9
Error: (07/07/2011 05:46:00 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\DAVID\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\R6AOXEVP.DEFAULT\CACHE\8
Error: (07/07/2011 05:46:00 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\DAVID\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\R6AOXEVP.DEFAULT\CACHE\8
Error: (07/07/2011 05:46:00 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\DAVID\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\R6AOXEVP.DEFAULT\CACHE\7
Error: (07/07/2011 05:46:00 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\DAVID\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\R6AOXEVP.DEFAULT\CACHE\7
Error: (07/07/2011 05:46:00 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\DAVID\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\R6AOXEVP.DEFAULT\CACHE\6
Error: (07/07/2011 05:46:00 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\DAVID\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\R6AOXEVP.DEFAULT\CACHE\6
========================= End of Event log errors =========================
========================= Memory info: ====================================
Percentage of memory in use: 40%
Total physical RAM: 3292.26 MB
Available physical RAM: 1959.73 MB
Total Pagefile: 6786.53 MB
Available Pagefile: 5143.52 MB
Total Virtual: 2047.88 MB
Available Virtual: 1959.09 MB
======================= Partitions: =======================================
1 Drive c: () (Fixed) (Total:931.51 GB) (Free:733.53 GB) NTFS
================= Users: ==================================================
User accounts for \\DAVID-PC
-------------------------------------------------------------------------------
Administrator David Guest
The command completed successfully.
================= End of Users ============================================
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Database version: 7044
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421
08/07/2011 18:10:47
mbam-log-2011-07-08 (18-10-47).txt
Scan type: Quick scan
Objects scanned: 152135
Time elapsed: 4 minute(s), 29 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
GMER 1.0.15.15640 - http://www.gmer.net
Rootkit quick scan 2011-07-08 23:14:24
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD103SJ rev.1AJ10001
Running: 41ijvid5.exe; Driver: C:\Users\David\AppData\Local\Temp\pgloapod.sys
---- System - GMER 1.0.15 ----
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x82A411E8]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x82A41212]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x82A411FE]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x82A411D4]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Tcp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
---- EOF - GMER 1.0.15 ----
Just to report the searchqu is still appearing when i use Firefox. It does get blocked by malwarebytes. It also appears if i use Google Chrome. It does NOT appear if i use Internet Explorer or Safari. I believe i got it when trying to download a couple of e-books off a site called iLivid (i thought it was safe having done a quick check off google). It wanted me to download extra bits which i declined, but it still did anyway. Hope all this helps. David
#4
- The Coolest BC Computer
-
- Group: BC Advisor
- Posts: 22,167
- Joined: 01-February 08
- Gender:Male
- Location:Daly City, CA
Posted 08 July 2011 - 05:40 PM
Is Searchqu Toolbar listed in Firefox>Tools>Add-ons?
#5
- Member
-
- Group: Members
- Posts: 57
- Joined: 21-February 10
- Gender:Male
- Location:Bournemouth, England
Posted 08 July 2011 - 05:52 PM
No. I checked every tab, no sign of it there.
#6
- The Coolest BC Computer
-
- Group: BC Advisor
- Posts: 22,167
- Joined: 01-February 08
- Gender:Male
- Location:Daly City, CA
Posted 08 July 2011 - 06:00 PM
We'll need to employ some more sophisticated tools, not allowed in this forum.
With the information you have provided I believe you will need help from the malware removal team. I would like you to start a new thread and post a DDS log HERE and include a link to this thread. Please make sure that you read the information about getting started before you start your thread.
It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient. Help is on the way!
With the information you have provided I believe you will need help from the malware removal team. I would like you to start a new thread and post a DDS log HERE and include a link to this thread. Please make sure that you read the information about getting started before you start your thread.
It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient. Help is on the way!
#7
- Member
-
- Group: Members
- Posts: 57
- Joined: 21-February 10
- Gender:Male
- Location:Bournemouth, England
Posted 08 July 2011 - 06:20 PM
Many thanks. Have now posted a new topic to the other forum and included a link back to this one and included a DDS log.
#8
- The Coolest BC Computer
-
- Group: BC Advisor
- Posts: 22,167
- Joined: 01-February 08
- Gender:Male
- Location:Daly City, CA
Posted 08 July 2011 - 06:23 PM
Thank you 
#9
- Forum Addict
-
- Group: Moderator
- Posts: 31,449
- Joined: 03-September 05
- Gender:Male
- Location:Killeen, TX
Posted 08 July 2011 - 06:31 PM
Reference: http://www.bleepingcomputer.com/forums/topic408498.html/page__p__2326322#entry2326322
Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the logs you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.
From this point on, the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.
Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Now that your log is posted and you are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another Malware Removal Team member is already assisting you and not open the thread to respond.
To avoid confusion, I am closing this topic.
Louis
Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the logs you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.
From this point on, the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.
Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Now that your log is posted and you are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another Malware Removal Team member is already assisting you and not open the thread to respond.
To avoid confusion, I am closing this topic.
Louis
Share this topic:
Page 1 of 1
- You cannot start a new topic
-
This topic is locked