Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

can not delete soso (Tencent QQ) search engine in IE *


  • This topic is locked This topic is locked
4 replies to this topic

#1 hgrahamprc

hgrahamprc

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 15 September 2012 - 03:45 AM

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.7.2
Run by lula at 15:16:19 on 2012-09-15
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2046.467 [GMT 8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Zentimo\ZentimoService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Future Systems Solutions\Services\CASPERABSVC.EXE
C:\Program Files\DS Clock\dsetime.exe
C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe
C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\DS Clock\dsclock.exe
C:\Program Files (x86)\BitTorrent\BitTorrent.exe
C:\Program Files\Microsoft Reference\Bookshelf 98\Bookshelf 98\qshelf98.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Windows\system32\spool\DRIVERS\x64\3\HP1006MC.EXE
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\system32\inetsrv\w3wp.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Users\lula\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\lula\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\lula\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\lula\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\lula\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\lula\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\lula\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\lula\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\lula\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\lula\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\lula\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\lula\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\lula\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\lula\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\lula\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\lula\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\lula\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\explorer.exe
C:\Users\lula\My Documents\My Downloads\ARecent\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mStart Page = hxxp://www.bigseekpro.com/burn4free/{88D0F262-343A-4E82-96DC-FAA8DCDDCE9D}
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
{776b71e2-b4cc-4c94-bc7c-09103aa690b6}
BHO: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [DS Clock] "C:\Program Files\DS Clock\DSClock.exe"
uRun: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED
uRun: [Google Update] "C:\Users\lula\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\lula\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~2.LNK - C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Qshelf.lnk - C:\Program Files\Microsoft Reference\Bookshelf 98\Bookshelf 98\qshelf98.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-00107-0002-0007-ABCDEFFEDCBC}
Trusted Zone: qq.com\cache.tv
Trusted Zone: qq.com\qqlivecaption
Trusted Zone: qq.com\qqlivehabit
Trusted Zone: qq.com\qqlivesearch
Trusted Zone: qq.com\video_1
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C6640389-0F87-45A3-A14C-14D7621843F9} : DhcpNameServer = 10.10.0.1
TCP: Interfaces\{F3680A4A-9BA7-47A9-853C-7EC1A1391D56} : DhcpNameServer = 192.168.1.1
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No File
BHO-X64: AMD SteadyVideo BHO - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\lula\AppData\Roaming\Mozilla\Firefox\Profiles\pt0xbwhp.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.wunderground.com/cgi-bin/findweather/getForecast?query=zmw:00000.1.56778
FF - prefs.js: browser.startup.homepage - hxxp://www.mystart.com/?pr=vmn&id=toolbarcleaner&v=1_1
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=vmn&type=vmn-toolbarcleaner-1_1-ya-bs-rp&q=
.
============= SERVICES / DRIVERS ===============
.
R0 EUBAKUP;EUBAKUP;C:\Windows\system32\drivers\eubakup.sys --> C:\Windows\system32\drivers\eubakup.sys [?]
R0 EUBKMON;EUBKMON;C:\Windows\system32\drivers\EUBKMON.sys --> C:\Windows\system32\drivers\EUBKMON.sys [?]
R0 hotcore3;hc3ServiceName;C:\Windows\system32\DRIVERS\hotcore3.sys --> C:\Windows\system32\DRIVERS\hotcore3.sys [?]
R0 kavbootc;kavbootc;C:\Windows\system32\drivers\kavbootc64.sys --> C:\Windows\system32\drivers\kavbootc64.sys [?]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 vididr;Acronis Virtual Disk;C:\Windows\system32\DRIVERS\vididr.sys --> C:\Windows\system32\DRIVERS\vididr.sys [?]
R0 vidsflt53;Acronis Disk Storage Filter (53);C:\Windows\system32\DRIVERS\vsflt53.sys --> C:\Windows\system32\DRIVERS\vsflt53.sys [?]
R1 EUDSKACS;EUDSKACS;\??\C:\Windows\system32\drivers\eudskacs.sys --> C:\Windows\system32\drivers\eudskacs.sys [?]
R1 EUFDDISK;EUFDDISK;\??\C:\Windows\system32\drivers\EuFdDisk.sys --> C:\Windows\system32\drivers\EuFdDisk.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-28 63960]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-8-6 361984]
R2 casperhpb;Casper SmartSense;C:\Program Files\Common Files\Future Systems Solutions\Services\CASPERABSVC.EXE [2011-6-5 419592]
R2 DSClockSyncTime;DS Clock Synchronization Service www.dualitysoft.com;C:\Program Files\DS Clock\dsetime.exe [2011-3-16 62264]
R2 EaseUS Agent;EaseUS Agent;C:\Program Files (x86)\EASEUS\Todo Backup\bin\Agent.exe [2011-12-22 60552]
R2 Guard Agent;Guard Agent;C:\Program Files (x86)\EASEUS\Todo Backup\bin\GuardAgent.exe [2011-12-22 23176]
R2 kisknl;kisknl;\??\C:\Windows\system32\drivers\kisknl.sys --> C:\Windows\system32\drivers\kisknl.sys [?]
R2 SgtSch2Svc;Seagate Scheduler2 Service;C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [2011-6-30 1191408]
R2 SSPORT;SSPORT;\??\C:\Windows\system32\Drivers\SSPORT.sys --> C:\Windows\system32\Drivers\SSPORT.sys [?]
R2 ZentimoService;Zentimo Assistant;C:\Program Files (x86)\Zentimo\ZentimoService.exe [2011-12-12 555844]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;C:\Windows\system32\DRIVERS\Rtnic64.sys --> C:\Windows\system32\DRIVERS\Rtnic64.sys [?]
S1 KDHacker;KDHacker;C:\Windows\system32\drivers\KDHacker.sys --> C:\Windows\system32\drivers\KDHacker.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-19 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-19 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-3 136176]
S2 WiseBootAssistant;Wise Boot Assistant;C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [2012-7-21 580648]
S3 DigiartyVirtualCDBus;Digiarty Virtual Driver;C:\Windows\system32\drivers\DigiartyVirtualCDBus.sys --> C:\Windows\system32\drivers\DigiartyVirtualCDBus.sys [?]
S3 DrmRAudio;DrmRAudio;C:\Windows\system32\drivers\DrmRAudio.sys --> C:\Windows\system32\drivers\DrmRAudio.sys [?]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2011-3-10 14216]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2011-3-10 8456]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-3 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-27 113120]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 rsvcdwdr;rsvcdwdr;C:\Windows\system32\DRIVERS\rsvcdwdr.sys --> C:\Windows\system32\DRIVERS\rsvcdwdr.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys [?]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys [?]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys [?]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys [?]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys [?]
S4 DfSdkS;Defragmentation-Service;C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control\DfSdkS.exe [2011-9-8 544768]
S4 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2010-9-17 1251840]
.
=============== Created Last 30 ================
.
2012-09-14 17:51:12 9310152 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1BCB7BDC-C640-4980-835F-0D8CB0F74642}\mpengine.dll
2012-09-14 08:23:40 9310152 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-14 07:57:52 -------- d-----w- C:\Users\lula\AppData\Local\SpyZooka
2012-09-13 08:53:46 -------- d-----w- C:\Program Files (x86)\Panda Security
2012-09-13 08:46:55 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-13 08:15:09 148992 ----a-w- C:\Windows\System32\lagarith.dll
2012-09-13 08:15:08 206336 ----a-w- C:\Windows\System32\unrar.dll
2012-09-13 08:15:06 127488 ----a-w- C:\Windows\System32\ff_vfw.dll
2012-09-13 08:15:04 -------- d-----w- C:\Program Files\K-Lite Codec Pack x64
2012-09-13 08:11:03 650752 ----a-w- C:\Windows\SysWow64\xvidcore.dll
2012-09-13 08:11:03 243200 ----a-w- C:\Windows\SysWow64\xvidvfw.dll
2012-09-13 08:11:03 216064 ----a-w- C:\Windows\SysWow64\lagarith.dll
2012-09-13 08:11:00 151552 ----a-w- C:\Windows\SysWow64\ac3acm.acm
2012-09-13 08:10:55 112640 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
2012-09-13 07:40:25 -------- d-----w- C:\$RECYCLE.BIN
2012-09-13 07:09:43 98816 ----a-w- C:\Windows\sed.exe
2012-09-13 07:09:43 518144 ----a-w- C:\Windows\SWREG.exe
2012-09-13 07:09:43 256000 ----a-w- C:\Windows\PEV.exe
2012-09-13 07:09:43 208896 ----a-w- C:\Windows\MBR.exe
2012-09-13 07:04:48 -------- d-----w- C:\Users\lula\AppData\Roaming\Ad-Aware Antivirus
2012-09-12 09:35:00 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-09-12 05:34:28 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-09-12 05:34:28 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-12 05:34:28 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-09-12 05:17:25 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-09-12 05:17:24 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2012-09-12 05:13:30 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-09-12 05:13:29 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-11 03:56:56 -------- d-----w- C:\Users\lula\AppData\Roaming\RealNetworks
2012-09-11 02:00:14 -------- d-----w- C:\Program Files\WinDjView
2012-09-01 13:24:22 3993600 ----a-w- C:\Program Files (x86)\GUT2995.tmp
2012-09-01 13:24:22 -------- d-----w- C:\Program Files (x86)\GUM2994.tmp
2012-08-30 20:36:33 609792 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-30 20:36:33 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-29 03:11:02 -------- d-----w- C:\Program Files (x86)\XnViewMP
2012-08-29 03:08:57 -------- d-----w- C:\Users\lula\AppData\Roaming\XnViewMP
2012-08-20 10:11:26 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-08-20 09:53:44 -------- d-----w- C:\Users\lula\AppData\Roaming\Malwarebytes
2012-08-20 09:53:16 -------- d-----w- C:\ProgramData\Malwarebytes
2012-08-20 09:53:14 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-20 09:53:14 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-20 09:10:03 503808 ----a-w- C:\Windows\System32\srcore.dll
2012-08-20 09:10:03 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2012-08-20 09:09:54 751104 ----a-w- C:\Windows\System32\win32spl.dll
2012-08-20 09:09:54 67072 ----a-w- C:\Windows\splwow64.exe
2012-08-20 09:09:54 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2012-08-20 09:09:54 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-08-20 09:09:52 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-08-20 09:09:52 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-08-20 09:09:52 136704 ----a-w- C:\Windows\System32\browser.dll
2012-08-20 09:09:50 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-08-20 09:09:48 956928 ----a-w- C:\Windows\System32\localspl.dll
2012-08-20 08:06:28 -------- d-----w- C:\Program Files\CCleaner
2012-08-19 01:39:32 -------- d-----w- C:\ProgramData\eMule
2012-08-19 01:32:16 -------- d-----w- C:\ProgramData\101F4
2012-08-19 01:28:12 -------- d-----w- C:\Users\lula\AppData\Roaming\MusicNet
2012-08-19 01:28:06 -------- d-----w- C:\My Downloads
2012-08-18 14:28:46 -------- d-----w- C:\ProgramData\boost_interprocess
2012-08-18 14:26:56 -------- d-----w- C:\Users\lula\AppData\Local\PackageAware
2012-08-18 09:48:00 -------- d-----w- C:\Users\lula\AppData\Local\FileTypeAssistant
.
==================== Find3M ====================
.
2012-09-14 09:36:51 129 ----a-w- C:\Windows\SysWow64\91207717.sys
2012-09-13 08:46:44 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-08-28 12:24:56 477168 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-08-09 06:28:52 971360 ----a-w- C:\Windows\System32\drivers\timntr.sys
2012-08-09 06:28:47 141920 ----a-w- C:\Windows\System32\drivers\vsflt53.sys
2012-08-09 06:23:26 210016 ----a-w- C:\Windows\System32\drivers\vididr.sys
2012-08-09 06:23:22 275552 ----a-w- C:\Windows\System32\drivers\snapman.sys
2012-07-28 04:09:20 5538984 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-07-28 04:07:44 10278912 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-07-28 03:43:12 70144 ----a-w- C:\Windows\System32\coinst_8.982.dll
2012-07-28 03:19:34 24935424 ----a-w- C:\Windows\System32\atio6axx.dll
2012-07-28 02:50:10 20546560 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-07-28 02:15:50 163840 ----a-w- C:\Windows\System32\atiapfxx.exe
2012-07-28 02:15:42 931328 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-07-28 02:13:56 1100288 ----a-w- C:\Windows\System32\aticfx64.dll
2012-07-28 02:10:40 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2012-07-28 02:10:34 534528 ----a-w- C:\Windows\System32\atieclxx.exe
2012-07-28 02:09:44 239616 ----a-w- C:\Windows\System32\atiesrxx.exe
2012-07-28 02:08:20 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-07-28 02:08:04 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-07-28 02:07:58 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-07-28 02:07:52 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-07-28 02:07:10 6430208 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-07-28 01:51:12 7052288 ----a-w- C:\Windows\System32\atidxx64.dll
2012-07-28 01:41:32 4266496 ----a-w- C:\Windows\System32\atiumd6a.dll
2012-07-28 01:35:10 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-07-28 01:35:08 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-07-28 01:35:02 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2012-07-28 01:35:00 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-07-28 01:34:48 16034304 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-07-28 01:32:32 4751872 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-07-28 01:30:10 13605888 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-07-28 01:25:52 6676480 ----a-w- C:\Windows\System32\atiumd64.dll
2012-07-28 01:15:32 540160 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-07-28 01:15:22 368640 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-07-28 01:15:12 17920 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-07-28 01:15:08 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-07-28 01:15:08 14848 ----a-w- C:\Windows\System32\atiglpxx.dll
2012-07-28 01:15:04 41984 ----a-w- C:\Windows\System32\atig6txx.dll
2012-07-28 01:14:56 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-07-28 01:14:46 368640 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2012-07-28 01:13:54 129536 ----a-w- C:\Windows\System32\atiuxp64.dll
2012-07-28 01:13:48 109568 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-07-28 01:13:40 103936 ----a-w- C:\Windows\System32\atiu9p64.dll
2012-07-28 01:13:32 83456 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-07-28 01:12:54 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2012-07-28 01:08:42 56320 ----a-w- C:\Windows\System32\atimpc64.dll
2012-07-28 01:08:42 56320 ----a-w- C:\Windows\System32\amdpcom64.dll
2012-07-28 01:08:36 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-07-28 01:08:36 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2012-07-27 14:47:40 187392 ----a-w- C:\Windows\System32\clinfo.exe
2012-07-27 14:47:24 75776 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-07-27 14:47:16 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-07-27 14:47:10 63488 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-07-27 14:47:06 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-07-27 14:46:56 16464896 ----a-w- C:\Windows\System32\amdocl64.dll
2012-07-27 14:46:06 13013504 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-06-27 07:06:53 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-06-27 05:53:07 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-27 04:53:10 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-27 04:10:55 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-25 08:04:24 1394248 ----a-w- C:\Windows\SysWow64\msxml4.dll
.
============= FINISH: 15:17:25.20 ===============

I have followed the previous posts and tried the following:
changed from IE 9 to IE 8 but the soso search engine followed
reset IE 8 to defaults but the soso search engine followed
scanned with Panda Cloud, Combo Fix and Malwarebytes but the soso search engine followed
deleted tencent directory in Program Files (86)/ common files but the soso search engine followed
deleted all files with tencent soso or QQ but the soso search engine followed
searched the regestry with regedit and manually deleted all enteries with tencent QQ and soso but the soso search engine followed
scaned with tdsskiller.exe and found nothing but the soso search engine followed
scaned with OTL using input

:otl
FF - prefs.js..browser.search.defaultenginename: "鐧惧害"
FF - prefs.js..browser.search.selectedEngine: "鐧惧害"
FF - prefs.js..keyword.URL: "http://www.baidu.com/baidu?tn=dealio_dg&wd="
FF - user.js..browser.search.defaultenginename: "鐧惧害"
FF - user.js..browser.search.selectedEngine: "鐧惧害"
FF - user.js..keyword.URL: "http://www.baidu.com/baidu?tn=dealio_dg&wd="
[2011/09/26 16:48:52 | 000,003,958 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\baidu.xml

:commands
[emptytemp]

received OTL report

All processes killed
========== OTL ==========
Prefs.js: "鐧惧害" removed from browser.search.defaultenginename
Prefs.js: "鐧惧害" removed from browser.search.selectedEngine
Prefs.js: "http://www.baidu.com/baidu?tn=dealio_dg&wd=" removed from keyword.URL
File C:\Program Files\mozilla firefox\searchplugins\baidu.xml not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56502 bytes

User: lula
->Temp folder emptied: 840957 bytes
->Temporary Internet Files folder emptied: 16006907 bytes
->Java cache emptied: 282305 bytes
->FireFox cache emptied: 49168632 bytes
->Google Chrome cache emptied: 122226276 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 34853 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 180.00 mb


OTL by OldTimer - Version 3.2.61.4 log created on 09152012_154847

Files\Folders moved on Reboot...
C:\Users\lula\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Still the soso search engine followed

I would really like to get rid of this soso search engine. I should mention that I live in China.

BC AdBot (Login to Remove)

 


#2 hgrahamprc

hgrahamprc
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 16 September 2012 - 04:14 AM

I finally fixed the problem.
with regedit I searched for
搜搜
and found this entry containing 搜搜

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{1FF7973D-AB0A-496d-82C1-4EADBBA11E7B}

I deleted this entry. When I loaded IE8 the soso search engine was gone but I still could not add to or modify my search engines. I installed Internet Explorer 9 and on loading it I got the message 'A program on your computer has corrupted your default search provider setting for IE. It then directed me to the add or modify search engine page which still did not work. I then deleted all the entries under HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\ and got the same results. Using regedit I then deleted all registry entries under HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\ I then reinstalled IE 9 using the install program BOIE9_ENUS_BO0085_WIN764.EXE which I had previously saved to install IE9.
One problem with IE is that when you reinstall or upgrade IE brings along all of your old settings. In my case the settings had been corrupted by the soso search engine installation so that I could not modify, add or delete the search engines. Perhaps there is some way to make a clean install with IE, I don't know. Exactly what modifications soso made to corrupt my registry I do not know.
I suggest that everyone stay away from QQ SOSO search QQ music and Tencent. It is not always easy to do that in China as QQ is the most popular email program.
Howard

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:51 PM

Posted 16 September 2012 - 10:37 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html


Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please download AdwCleaner by Xplode onto your Desktop.

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

Please post the logs for my review.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:51 PM

Posted 22 September 2012 - 08:40 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:51 PM

Posted 22 September 2012 - 08:40 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users