Page 1 of 6 123 ... LastLast
Results 1 to 10 of 51
  1. #1
    Member
    Join Date
    Jan 2014
    Posts
    29
    Points
    0

    Default Helping Cleaning up Computer needed...thx!

    We started seeing pop-up ads and the Omnibox search engine in Chrome was changed and will not switch back to Google upon start up even though I switched it back in the settings.

    I tried installing Super Anti Spyware, Malwarebytes, and Avast but none will install...I get a message saying either that they are not compatible or that the files are corrupted, OR nothing happens when I click the file to install it. I tried saving the Malwarebytes file as another name but it still would not install.

    I was able to install and run HijackThis...my logfile is below. It said that my computer denied access to the hosts file.

    Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 10:31:11 AM, on 1/22/2014
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v11.0 (11.00.9600.16428)

    FIREFOX: 26.0 (en-US)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\OpenDownloaderManager\ODM.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\CyberLink\Shared Files\brs.exe
    C:\Program Files (x86)\Corel\Corel MediaOne\CorelIOMonitor.exe
    C:\Windows\SysWOW64\Ctxfihlp.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Winamp\winampa.exe
    C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe
    C:\Program Files (x86)\Common Files\aol\1234971831\ee\aolsoftware.exe
    C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Windows\SysWOW64\CTXFISPI.EXE
    C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Users\Anonymous\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
    C:\Users\Anonymous\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Mysearchdial Search
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Mysearchdial Search
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [BDRegion] "C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe"
    O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files (x86)\Corel\Corel MediaOne\CorelIOMonitor.exe
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [InstantBurn] C:\PROGRA~2\CYBERL~1\INSTAN~1\Win2K\IBurn.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files (x86)\Common Files\AOL\1234971831\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
    O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Anonymous\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Open Download Manager] C:\Program Files (x86)\OpenDownloaderManager\odm.exe -autorun
    O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    O4 - HKCU\..\Run: [NextLive] C:\Windows\SysWOW64\rundll32.exe "C:\Users\Anonymous\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
    O4 - HKCU\..\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
    O8 - Extra context menu item: Download all with Open Download Manager - file://C:\Program Files (x86)\OpenDownloaderManager\dlall.htm
    O8 - Extra context menu item: Download selected with Open Download Manager - file://C:\Program Files (x86)\OpenDownloaderManager\dlselected.htm
    O8 - Extra context menu item: Download video with Open Download Manager - file://C:\Program Files (x86)\OpenDownloaderManager\dlfvideo.htm
    O8 - Extra context menu item: Download with Open Download Manager - file://C:\Program Files (x86)\OpenDownloaderManager\dllink.htm
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} (Auctiva Image Uploader Control) - http://www.auctiva.com/Aurigma/ImageUploader57.cab
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlcdnet.asus.com/pub/ASUS/mis...ex-2.2.5.0.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/soft...5112/CTPID.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs:
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    O23 - Service: AODService - Unknown owner - C:\Program.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
    O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: GorillaPrice - Unknown owner - C:\Program Files (x86)\GorillaPrice\GorillaPrice.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\SysWOW64\PSIService.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: WatGorp - Unknown owner - C:\ProgramData\GorillaPrice\WatGorp.exe
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 14146 bytes

  2. #2
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Download AdwCleaner
    • Double click on AdwCleaner.exe to run the tool.
      ***Note: Windows Vista and Windows 7 users:
      Right click in the adwCleaner.exe and select
      "Run as administrator"
    • Click the Scan button.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your next reply.
    • Or you can find the logfile at C:\AdwCleaner[R1].txt.



    2.
    • Download RogueKiller on the desktop
    • Close all the running processes
    • Under Vista/Seven, right click -> Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • When prompted, Click Scan
    • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  3. The Following User Says Thank You to fireman4it For This Useful Post:


  4. #3
    Member
    Join Date
    Jan 2014
    Posts
    29
    Points
    0

    Default

    # AdwCleaner v3.017 - Report created 22/01/2014 at 20:33:09
    # Updated 12/01/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Anonymous - TROUBLE
    # Running from : C:\Users\Anonymous\Downloads\adwcleaner (1).exe
    # Option : Scan

    ***** [ Services ] *****

    Service Found : hlnfd

    ***** [ Files / Folders ] *****

    File Found : C:\Users\Anonymous\AppData\Local\mysearchdial-speeddial.crx
    File Found : C:\Users\Anonymous\AppData\Roaming\Mozilla\Firefox\Profiles\p97ehxce.default\invalidprefs.js
    File Found : C:\Users\Anonymous\AppData\Roaming\Mozilla\Firefox\Profiles\p97ehxce.default\searchplugins\bingp.xml
    File Found : C:\Users\Anonymous\AppData\Roaming\Mozilla\Firefox\Profiles\p97ehxce.default\searchplugins\conduit-search.xml
    File Found : C:\Users\Anonymous\AppData\Roaming\Mozilla\Firefox\Profiles\p97ehxce.default\searchplugins\Mysearchdial.xml
    File Found : C:\Users\Anonymous\AppData\Roaming\Mozilla\Firefox\Profiles\p97ehxce.default\user.js
    Folder Found C:\Program Files (x86)\optimizer pro
    Folder Found C:\Program Files (x86)\Viewpoint
    Folder Found C:\ProgramData\boost_interprocess
    Folder Found C:\ProgramData\Viewpoint
    Folder Found C:\Users\Anonymous\AppData\Local\FilesFrog Update Checker
    Folder Found C:\Users\Anonymous\AppData\Local\genienext
    Folder Found C:\Users\Anonymous\AppData\Local\Mobogenie
    Folder Found C:\Users\Anonymous\AppData\LocalLow\Mysearchdial
    Folder Found C:\Users\Anonymous\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
    Folder Found C:\Users\Anonymous\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
    Folder Found C:\Users\Anonymous\AppData\Roaming\newnext.me
    Folder Found C:\Users\Anonymous\Documents\Mobogenie
    Folder Found C:\Users\Anonymous\Documents\optimizer pro

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Found : HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
    Key Found : HKCU\Software\InstallCore
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
    Key Found : HKCU\Software\mysearchdial.com
    Key Found : HKCU\Software\Somoto
    Key Found : HKCU\Software\wecarereminder
    Key Found : [x64] HKCU\Software\InstallCore
    Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
    Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
    Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
    Key Found : [x64] HKCU\Software\mysearchdial.com
    Key Found : [x64] HKCU\Software\Somoto
    Key Found : [x64] HKCU\Software\wecarereminder
    Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Found : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
    Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
    Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
    Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
    Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
    Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
    Key Found : HKLM\Software\DeviceVM
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
    Key Found : HKLM\Software\MetaStream
    Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
    Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
    Key Found : HKLM\Software\Viewpoint
    Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
    Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
    Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
    Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
    Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [gethighlightly@gethighlightly.com]

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.16428

    Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://start.mysearchdial.com/?f=1&a=irmsd0101&cd=2XzuyEtN2Y1L1QzutDtDtBtAyDyE0E0FzyyByB0DyBzztCtDtN0D0Tzu0SyByEyEtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T&cr=1696467964&ir=
    Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://start.mysearchdial.com/?f=1&a=irmsd0101&cd=2XzuyEtN2Y1L1QzutDtDtBtAyDyE0E0FzyyByB0DyBzztCtDtN0D0Tzu0SyByEyEtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T&cr=1696467964&ir=
    Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] - hxxp://start.mysearchdial.com/?f=2&a=irmsd0101&cd=2XzuyEtN2Y1L1QzutDtDtBtAyDyE0E0FzyyByB0DyBzztCtDtN0D0Tzu0SyByEyEtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T&cr=1696467964&ir=
    Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://start.mysearchdial.com/?f=1&a=irmsd0101&cd=2XzuyEtN2Y1L1QzutDtDtBtAyDyE0E0FzyyByB0DyBzztCtDtN0D0Tzu0SyByEyEtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T&cr=1696467964&ir=

    -\\ Mozilla Firefox v26.0 (en-US)

    [ File : C:\Users\Anonymous\AppData\Roaming\Mozilla\Firefox\Profiles\p97ehxce.default\prefs.js ]

    Line Found : user_pref("extensions.mysearchdial.AL", 2);
    Line Found : user_pref("extensions.mysearchdial.aflt", "irmsd0101");
    Line Found : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
    Line Found : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutDtDtBtAyDyE0E0FzyyByB0DyBzztCtDtN0D0Tzu0SyByEyEtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T");
    Line Found : user_pref("extensions.mysearchdial.cr", "1696467964");
    Line Found : user_pref("extensions.mysearchdial.dfltLng", "");
    Line Found : user_pref("extensions.mysearchdial.dfltSrch", true);
    Line Found : user_pref("extensions.mysearchdial.dnsErr", true);
    Line Found : user_pref("extensions.mysearchdial.excTlbr", false);
    Line Found : user_pref("extensions.mysearchdial.hmpg", true);
    Line Found : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=irmsd0101&cd=2XzuyEtN2Y1L1QzutDtDtBtAyDyE0E0FzyyByB0DyBzztCtDtN0D0Tzu0SyByEyEtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutD[...]
    Line Found : user_pref("extensions.mysearchdial.id", "002354EF977D7810");
    Line Found : user_pref("extensions.mysearchdial.instlDay", "16083");
    Line Found : user_pref("extensions.mysearchdial.instlRef", "");
    Line Found : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=irmsd0101&cd=2XzuyEtN2Y1L1QzutDtDtBtAyDyE0E0FzyyByB0DyBzztCtDtN0D0Tzu0SyByEyEtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1Czu[...]
    Line Found : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
    Line Found : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
    Line Found : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
    Line Found : user_pref("extensions.mysearchdial.tlbrId", "base");
    Line Found : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=irmsd0101&cd=2XzuyEtN2Y1L1QzutDtDtBtAyDyE0E0FzyyByB0DyBzztCtDtN0D0Tzu0SyByEyEtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1C[...]
    Line Found : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
    Line Found : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
    Line Found : user_pref("extensions.mysearchdial_i.hmpg", true);
    Line Found : user_pref("extensions.mysearchdial_i.newTab", false);
    Line Found : user_pref("extensions.mysearchdial_i.smplGrp", "none");
    Line Found : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.023:8:0");

    -\\ Google Chrome v32.0.1700.76

    [ File : C:\Users\Anonymous\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Found : homepage

    *************************

    AdwCleaner[R0].txt - [9900 octets] - [22/01/2014 20:32:02]
    AdwCleaner[R1].txt - [9776 octets] - [22/01/2014 20:33:09]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [9836 octets] ##########

    Rogue log:

    RogueKiller V8.8.2 [Jan 17 2014] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : Forum
    Website : RogueKiller download
    Blog : Adlice Software | malware analysis

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Anonymous [Admin rights]
    Mode : Scan -- Date : 01/22/2014 20:39:47
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 3 ¤¤¤
    [SUSP PATH] WatGorp.exe -- C:\ProgramData\GorillaPrice\WatGorp.exe [-] -> KILLED [TermProc]
    [SUSP PATH][DLL] rundll32.exe -- C:\Users\Anonymous\AppData\Roaming\newnext.me\nengine.dll [-] -> rundll32.exe KILLED [TermProc]
    [SUSP PATH] update_checker.exe -- C:\Users\Anonymous\AppData\Local\FilesFrog Update Checker\update_checker.exe [7] -> KILLED [TermProc]

    ¤¤¤ Registry Entries : 8 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : NextLive (C:\Windows\SysWOW64\rundll32.exe "C:\Users\Anonymous\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l [7][-][x]) -> FOUND
    [RUN][SUSP PATH] HKUS\S-1-5-21-1941112271-3427443385-1742374429-1014\[...]\Run : NextLive (C:\Windows\SysWOW64\rundll32.exe "C:\Users\Anonymous\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l [7][-][x]) -> FOUND
    [SHELL][HJNAME] HKLM\[...]\Winlogon : shell (explorer.exe [7]) -> FOUND
    [SHELL][HJNAME] HKLM\[...]\Wow6432Node\[...]\Winlogon : shell (explorer.exe [7]) -> FOUND
    [PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (hxxp=127.0.0.1:8080 [Country: (Private Address) (XX), City: (Private Address)]) -> FOUND
    [PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyEnable (1) -> FOUND
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Scheduled tasks : 1 ¤¤¤
    [V2][SUSP PATH] SomotoUpdateCheckerAutoStart : C:\Users\Anonymous\AppData\Local\FilesFrog Update Checker\update_checker.exe - /auto [7] -> FOUND

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Browser Addons : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts


    127.0.0.1 localhost
    ::1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) AMD 2+0 Stripe/RAID0 SCSI Disk Device +++++
    --- User ---
    [MBR] 2eb247bb5bf2a4178769ba554c870f00
    [BSP] 45140c934d38ad8d2bbe1afa0dae9be2 : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953672 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR! ([0x1] Incorrect function. )

    Finished : << RKreport[0]_S_01222014_203947.txt >>

  5. #4
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    1.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Clean.
    • Confirm each time with Ok.
    • You will be prompted to restart your computer. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.



    2.
    • Re-Run RogueKiller
    • Close all the running processes
    • Under Vista/Seven, right click -> Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • When prompted, Click Delete
    • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again



    Things to include in your next reply::
    AdwCleaner log
    Roguekiller log
    How is your machine running now?
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  6. #5
    Member
    Join Date
    Jan 2014
    Posts
    29
    Points
    0

    Default

    # AdwCleaner v3.017 - Report created 23/01/2014 at 23:04:24
    # Updated 12/01/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Anonymous - TROUBLE
    # Running from : C:\Users\Anonymous\Desktop\adwcleaner (1).exe
    # Option : Clean

    ***** [ Services ] *****

    [#] Service Deleted : hlnfd

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\boost_interprocess
    Folder Deleted : C:\ProgramData\Viewpoint
    Folder Deleted : C:\Program Files (x86)\optimizer pro
    Folder Deleted : C:\Program Files (x86)\Viewpoint
    Folder Deleted : C:\Users\Anonymous\AppData\Local\FilesFrog Update Checker
    Folder Deleted : C:\Users\Anonymous\AppData\Local\genienext
    Folder Deleted : C:\Users\Anonymous\AppData\Local\Mobogenie
    Folder Deleted : C:\Users\Anonymous\AppData\LocalLow\Mysearchdial
    Folder Deleted : C:\Users\Anonymous\AppData\Roaming\newnext.me
    Folder Deleted : C:\Users\Anonymous\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
    Folder Deleted : C:\Users\Anonymous\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
    Folder Deleted : C:\Users\Anonymous\Documents\Mobogenie
    Folder Deleted : C:\Users\Anonymous\Documents\optimizer pro
    File Deleted : C:\Users\Anonymous\AppData\Local\mysearchdial-speeddial.crx
    File Deleted : C:\Users\Anonymous\AppData\Roaming\Mozilla\Firefox\Profiles\p97ehxce.default\invalidprefs.js
    File Deleted : C:\Users\Anonymous\AppData\Roaming\Mozilla\Firefox\Profiles\p97ehxce.default\searchplugins\bingp.xml
    File Deleted : C:\Users\Anonymous\AppData\Roaming\Mozilla\Firefox\Profiles\p97ehxce.default\searchplugins\conduit-search.xml
    File Deleted : C:\Users\Anonymous\AppData\Roaming\Mozilla\Firefox\Profiles\p97ehxce.default\searchplugins\Mysearchdial.xml
    File Deleted : C:\Users\Anonymous\AppData\Roaming\Mozilla\Firefox\Profiles\p97ehxce.default\user.js

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [gethighlightly@gethighlightly.com]
    Key Deleted : HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
    Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
    Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
    Key Deleted : HKCU\Software\InstallCore
    Key Deleted : HKCU\Software\mysearchdial.com
    Key Deleted : HKCU\Software\Somoto
    Key Deleted : HKCU\Software\wecarereminder
    Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
    Key Deleted : HKLM\Software\DeviceVM
    Key Deleted : HKLM\Software\MetaStream
    Key Deleted : HKLM\Software\Viewpoint
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.16428

    Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
    Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
    Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
    Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

    -\\ Mozilla Firefox v26.0 (en-US)

    [ File : C:\Users\Anonymous\AppData\Roaming\Mozilla\Firefox\Profiles\p97ehxce.default\prefs.js ]

    Line Deleted : user_pref("extensions.mysearchdial.AL", 2);
    Line Deleted : user_pref("extensions.mysearchdial.aflt", "irmsd0101");
    Line Deleted : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
    Line Deleted : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutDtDtBtAyDyE0E0FzyyByB0DyBzztCtDtN0D0Tzu0SyByEyEtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T");
    Line Deleted : user_pref("extensions.mysearchdial.cr", "1696467964");
    Line Deleted : user_pref("extensions.mysearchdial.dfltLng", "");
    Line Deleted : user_pref("extensions.mysearchdial.dfltSrch", true);
    Line Deleted : user_pref("extensions.mysearchdial.dnsErr", true);
    Line Deleted : user_pref("extensions.mysearchdial.excTlbr", false);
    Line Deleted : user_pref("extensions.mysearchdial.hmpg", true);
    Line Deleted : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=irmsd0101&cd=2XzuyEtN2Y1L1QzutDtDtBtAyDyE0E0FzyyByB0DyBzztCtDtN0D0Tzu0SyByEyEtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutD[...]
    Line Deleted : user_pref("extensions.mysearchdial.id", "002354EF977D7810");
    Line Deleted : user_pref("extensions.mysearchdial.instlDay", "16083");
    Line Deleted : user_pref("extensions.mysearchdial.instlRef", "");
    Line Deleted : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=irmsd0101&cd=2XzuyEtN2Y1L1QzutDtDtBtAyDyE0E0FzyyByB0DyBzztCtDtN0D0Tzu0SyByEyEtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1Czu[...]
    Line Deleted : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
    Line Deleted : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
    Line Deleted : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
    Line Deleted : user_pref("extensions.mysearchdial.tlbrId", "base");
    Line Deleted : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=irmsd0101&cd=2XzuyEtN2Y1L1QzutDtDtBtAyDyE0E0FzyyByB0DyBzztCtDtN0D0Tzu0SyByEyEtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1C[...]
    Line Deleted : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
    Line Deleted : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
    Line Deleted : user_pref("extensions.mysearchdial_i.hmpg", true);
    Line Deleted : user_pref("extensions.mysearchdial_i.newTab", false);
    Line Deleted : user_pref("extensions.mysearchdial_i.smplGrp", "none");
    Line Deleted : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.023:8:0");

    -\\ Google Chrome v32.0.1700.76

    [ File : C:\Users\Anonymous\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Deleted : homepage

    *************************

    AdwCleaner[R0].txt - [9900 octets] - [22/01/2014 20:32:02]
    AdwCleaner[R1].txt - [9960 octets] - [22/01/2014 20:33:09]
    AdwCleaner[R2].txt - [10018 octets] - [23/01/2014 22:58:51]
    AdwCleaner[S0].txt - [8888 octets] - [23/01/2014 23:04:24]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8948 octets] ##########




    RogueKiller V8.8.2 [Jan 17 2014] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : Forum
    Website : RogueKiller download
    Blog : Adlice Software | malware analysis

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Anonymous [Admin rights]
    Mode : Remove -- Date : 01/23/2014 23:13:45
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 2 ¤¤¤
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Scheduled tasks : 1 ¤¤¤
    [V2][SUSP PATH] SomotoUpdateCheckerAutoStart : C:\Users\Anonymous\AppData\Local\FilesFrog Update Checker\update_checker.exe - /auto [x] -> DELETED

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Browser Addons : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts


    127.0.0.1 localhost
    ::1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) AMD 2+0 Stripe/RAID0 SCSI Disk Device +++++
    --- User ---
    [MBR] 2eb247bb5bf2a4178769ba554c870f00
    [BSP] 45140c934d38ad8d2bbe1afa0dae9be2 : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953672 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR! ([0x1] Incorrect function. )

    Finished : << RKreport[0]_D_01232014_231345.txt >>
    RKreport[0]_S_01222014_203947.txt;RKreport[0]_S_01232014_230938.txt;RKreport[0]_S_01232014_231248.txt

  7. #6
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    How is your machine running now?
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  8. #7
    Member
    Join Date
    Jan 2014
    Posts
    29
    Points
    0

    Default

    No pop-ups, and the Chrome omnibox search engine is once again Google.

    Should I install Super-antispyware, Malwarebytes, and Avast?

  9. #8
    Member
    Join Date
    Jan 2014
    Posts
    29
    Points
    0

    Default

    Actually, I spoke too soon. MySearchDial is still the omnibox search engine in Chrome, even though in the settings it is not even one of the search engines listed for that...it is set to Google in the settings.

  10. #9
    Member
    Join Date
    Jan 2014
    Posts
    29
    Points
    0

    Default

    Also, I still cannot install Super-antispyware, Malwarebytes, and Avast....

  11. #10
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    1.
    Please delete your copy of TDSSKiller and download the latest version from here and save it to your Desktop.

    • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.


    • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.


    • Click the Start Scan button.


    • If a suspicious object is detected, the default action will be Skip, click on Continue.


    • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
      Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.



      Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
    • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.



    2.
    Install Recovery Console and Run ComboFix

    This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

    Download Combofix from any of the links below, and save it to your desktop.

    Link 1
    Link 2
    • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
    • Close any open windows, including this one.
    • Double click on ComboFix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • If you did not have it installed, you will see the prompt below. Choose YES.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
    should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    • Click on Yes, to continue scanning for malware.
    • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
    Leave your computer alone while ComboFix is running.
    ComboFix will restart your computer if malware is found; allow it to do so.


    Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




Page 1 of 6 123 ... LastLast