Jump to content


Photo
- - - - -

browser toolbar "mysearchdial" reinstalling on startup

malware toolbar startup

  • This topic is locked This topic is locked
20 replies to this topic

#1 jayt

jayt

    New Member

  • Members
  • Pip
  • 12 posts

Posted 20 July 2013 - 10:21 AM

Hi There,

Please help! I stupidly downloaded a program from a "trusted" source and it has installed malware on my computer.

Specifically mysearchdial redirect toolbar that reinstalls despite the fact I have removed it from my computer.

I think it must be hiding inside another program but I can't work out which one (although there is an icon called Online Games that I swear I've never seen before.)

I have used kapersky tdsskiller but it didn't detect anything.

Also please note that the redirect only happens on start-up and after that I can use the browser normally. I'm using chrome and iexplorer and running Windows 7.



#2 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,155 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 20 July 2013 - 10:55 AM

Welcome to the forum, please start HERE
Post back the 2 logs here.....DDS.txt and Attach.txt
(please don't put logs in code or quotes)

P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
2. If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.


<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.


Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes)
MrC


Note:
Please read all of my instructions completely including these.

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly


Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive


<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.


<+>The removal of malware isn't instantaneous, please be patient.


<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.


------->Your topic will be closed if you haven't replied within 3 days!<--------
(If I don't respond within 24 hours, please send me a PM)


Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#3 jayt

jayt

    New Member

  • Members
  • Pip
  • 12 posts

Posted 20 July 2013 - 08:00 PM

Hi MrCharlie,

 

Thanks for replying. I have downloaded malware bytes and the result is that it can't find any malicious software.

 
I only have one .txt log though....its called mbam-log- (plus date etc).txt
 
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.07.21.01
 
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16635
Dave :: DAVE-PC [administrator]
 
Protection: Enabled
 
21/07/2013 10:34:47 AM
mbam-log-2013-07-21 (10-34-47).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 223128
Time elapsed: 11 minute(s), 3 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
 
Cheers,
jayt


#4 jayt

jayt

    New Member

  • Members
  • Pip
  • 12 posts

Posted 20 July 2013 - 08:08 PM

Hi Again,

So I ran RogueKiller and this is its report:

RogueKiller V8.6.3 [Jul 17 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Dave [Admin rights]
Mode : Scan -- Date : 07/21/2013 11:05:30
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [LOADED] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: Hitachi HDS721050CLA362 +++++
--- User ---
[MBR] 9234d0c68c0cb4dc4bd51a1596c33f17
[BSP] 8087af9cf4be01c5d2c0c5b6515fa32a : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 467860 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 958384128 | Size: 8978 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_07212013_110530.txt >>
 
Thanks,
 
Julia


#5 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,155 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 20 July 2013 - 08:24 PM

I need you to run DDS and post the logs:

Download DDS and save it to your desktop from one of the three links below:

http://download.blee...om/sUBs/dds.scr
http://download.blee...om/sUBs/dds.com
http://www.forospyware.com/sUBs/dds


Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs
DDS.txt
Attach.txt
Save both reports to your desktop and post them back here.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#6 jayt

jayt

    New Member

  • Members
  • Pip
  • 12 posts

Posted 20 July 2013 - 08:30 PM

Ok here is dds.txt

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 10.0.9200.16635
Run by Dave at 11:27:26 on 2013-07-21
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.61.1033.18.2013.786 [GMT 10:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Internet Security *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
FW: Kaspersky Internet Security *Enabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSrv.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\windows\System32\hkcmd.exe
C:\windows\System32\igfxpers.exe
C:\Program Files\hp\HP Software Update\hpwuschd2.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Users\Dave\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Users\Dave\Downloads\RogueKiller (1).exe
C:\Users\Dave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\notepad.exe
C:\Users\Dave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
 
f=1&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzu0CzztD0A0AzyyB0D0CyEtByD0FtA0F0EtN0D0Tzu0CyDyCyBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=117511503&ir=
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\contentblocker
 
\ie_content_blocker_plugin.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard
 
\ie_virtual_keyboard_plugin.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\onlinebanking
 
\online_banking_bho.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor
 
\klwtbbho.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [HPADVISOR] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Google Update] "c:\users\dave\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Octoshape Streaming Services] "c:\users\dave\appdata\roaming\octoshape\octoshape streaming services\OctoshapeClient.exe" -inv:bootrun
uRun: [NokiaSuite.exe] c:\program files\nokia\nokia suite\NokiaSuite.exe -tray
uRun: [Sony PC Companion] "c:\program files\sony\sony pc companion\PCCompanion.exe" /Background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [hpsysdrv] c:\program files\hewlett-packard\hp odometer\hpsysdrv.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PC-Doctor for Windows localizer] c:\program files\pc-doctor for windows\localizer.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HPCam_Menu] "c:\program files\hewlett-packard\media\webcam\muitransfer\muistartmenu.exe" "c:\program files\hewlett-packard\media\webcam" 
 
updatewithcreateonce "software\hewlett-packard\media\Webcam"
mRun: [SmartMenu] c:\program files\hewlett-packard\hp mediasmart\SmartMenu.exe /background
mRun: [HP Remote Solution] c:\program files\hewlett-packard\hp remote solution\HP_Remote_Solution.exe
mRun: [BATINDICATOR] c:\program files\hewlett-packard\hp mainstream keyboard\BATINDICATOR.exe
mRun: [LaunchHPOSIAPP] c:\program files\hewlett-packard\hp mainstream keyboard\LaunchApp.exe
mRun: [NortonOnlineBackupReminder] "c:\program files\symantec\norton online backup\activation\NobuActivation.exe" UNATTENDED
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe"
mRunOnce: [B Register c:\program files\divx\divx plus web player\ie\divxhtml5\divxhtml5.dll] "c:\windows\system32\rundll32.exe" "c:\program files\divx\divx 
 
plus web player\ie\divxhtml5\DivXHTML5.dll",DllRegisterServer
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRunOnce: [SPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft..../?LinkID=122915" /build:7601
StartupFolder: c:\users\dave\appdata\roaming\micros~1\windows\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\pmbcore
 
\SPUVolumeWatcher.exe
uPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext
 
\virtualkeyboard\ie_virtual_keyboard_plugin.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext
 
\urladvisor\klwtbbho.dll
TCP: NameServer = 211.29.132.12 198.142.0.51 198.142.235.14
TCP: Interfaces\{08E58D29-68D0-42EB-9453-79C7B1ECFCDF} : DHCPNameServer = 211.29.132.12 198.142.0.51 198.142.235.14
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
============= SERVICES / DRIVERS ===============
.
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2012-8-2 24408]
R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [2012-6-8 44000]
R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [2012-8-13 145040]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2010-3-9 87968]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2010-10-14 92216]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2010-3-9 127600]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [2012-5-25 25944]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2012-7-25 25944]
R3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\drivers\netr28.sys [2010-3-9 649216]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-3-9 189440]
S2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe [2012-8-17 356376]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-7-21 418376]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-7-21 701512]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2012-12-8 12400]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-3-9 125696]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-7-21 22856]
S3 Sony PC Companion;Sony PC Companion;c:\program files\sony\sony pc companion\PCCService.exe [2012-12-8 155824]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-8 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-8-27 1343400]
.
=============== Created Last 30 ================
.
2013-07-21 01:03:06 15616 ----a-w- c:\windows\system32\TrueSight.sys
2013-07-21 00:32:56 -------- d-----w- c:\users\dave\appdata\roaming\Malwarebytes
2013-07-21 00:32:46 -------- d-----w- c:\programdata\Malwarebytes
2013-07-21 00:32:45 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-07-21 00:32:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-07-21 00:31:55 -------- d-----w- c:\users\dave\appdata\local\Programs
2013-07-20 12:59:02 -------- d-----w- c:\users\dave\appdata\roaming\mysearchdial
2013-07-20 11:37:39 -------- d-----w- c:\users\dave\appdata\local\Nero_AG
2013-07-20 11:35:11 -------- d-----w- c:\users\dave\appdata\local\Nero
2013-07-20 11:27:34 -------- d-----w- c:\programdata\Nero
2013-07-20 11:23:02 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2013-07-20 11:22:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2013-07-20 11:22:21 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2013-07-20 11:22:00 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2013-07-20 11:21:20 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2013-07-09 22:01:26 509440 ----a-w- c:\windows\system32\qedit.dll
2013-07-09 22:01:25 1620480 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-09 22:01:23 1247744 ----a-w- c:\windows\system32\DWrite.dll
2013-07-09 22:01:21 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-07-09 22:01:19 988672 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2013-07-09 22:01:19 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll
2013-07-09 22:01:19 936448 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2013-07-09 22:01:19 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL
2013-07-09 22:01:11 680960 ----a-w- c:\program files\windows defender\MpSvc.dll
2013-07-09 22:01:11 392704 ----a-w- c:\program files\windows defender\MpClient.dll
2013-07-09 22:01:11 224768 ----a-w- c:\program files\windows defender\MpCommu.dll
2013-06-29 11:43:22 -------- d--h--w- c:\windows\AxInstSV
2013-06-29 02:23:12 -------- d-----w- c:\users\dave\Podcasts
2013-06-29 02:22:20 -------- d-----w- c:\users\dave\appdata\local\Sony
2013-06-29 02:22:17 -------- d-----w- c:\programdata\Sony Corporation
2013-06-29 02:22:17 -------- d-----w- c:\program files\common files\Sony Shared
2013-06-29 02:21:20 -------- d-----w- c:\users\dave\appdata\local\Downloaded Installations
2013-06-29 02:20:45 -------- d-----w- c:\program files\Sony Media Go Install
2013-06-25 21:58:07 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-06-25 16:20:50 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
.
==================== Find3M  ====================
.
2013-06-25 16:20:50 906240 ----a-w- c:\windows\system32\FntCache.dll
2013-06-19 07:49:05 44000 ----a-w- c:\windows\system32\drivers\kltdi.sys
2013-06-15 23:50:12 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-15 23:50:12 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-15 23:50:08 8610696 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-06-11 23:43:37 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- c:\windows\system32\jscript9.dll
2013-06-11 23:42:58 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-06-11 23:42:58 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-06-11 22:51:45 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-06-07 02:37:52 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-13 04:45:55 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 03:08:10 903168 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- c:\windows\system32\certenc.dll
2013-05-10 03:20:54 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-05-08 05:38:00 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-06 05:06:47 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-05-06 05:06:47 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-26 04:55:21 492544 ----a-w- c:\windows\system32\win32spl.dll
2013-04-25 23:30:32 1505280 ----a-w- c:\windows\system32\d3d11.dll
2013-04-24 10:04:07 145040 ----a-w- c:\windows\system32\drivers\kneps.sys
2013-04-24 10:04:06 74848 ----a-w- c:\windows\system32\drivers\klflt.sys
.
============= FINISH: 11:28:42.22 ===============
 
 
and here is attach.txt
 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 25/08/2010 10:42:54 PM
System Uptime: 21/07/2013 5:39:39 AM (6 hours ago)
.
Motherboard: Hewlett-Packard |  | Boma
Processor: Pentium® Dual-Core  CPU      E5400  @ 2.70GHz | CPU 1 | 2700/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 457 GiB total, 338.726 GiB free.
D: is FIXED (NTFS) - 9 GiB total, 1.06 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP259: 7/07/2013 10:12:32 AM - Scheduled Checkpoint
RP260: 10/07/2013 8:26:44 AM - Windows Update
RP261: 16/07/2013 4:32:58 PM - Sony PC Companion
RP263: 20/07/2013 9:20:48 PM - Installed DirectX
RP265: 20/07/2013 9:21:49 PM - Installed DirectX
RP267: 20/07/2013 9:22:10 PM - Installed DirectX
RP269: 20/07/2013 9:22:32 PM - Installed DirectX
RP271: 20/07/2013 9:22:51 PM - Installed DirectX
RP272: 20/07/2013 9:27:20 PM - Installed Nero 12.
RP273: 20/07/2013 10:01:51 PM - Removed Nero 12.
RP274: 20/07/2013 10:02:53 PM - Removed Nero 12.
RP276: 20/07/2013 10:11:27 PM - Configured PowerStarter
RP278: 20/07/2013 10:17:34 PM - Configured PowerStarter
RP279: 20/07/2013 11:00:31 PM - Device Driver Package Install: MagicISO, Inc. Storage controllers
.
==== Installed Programs ======================
.
ABBYY FineReader 6.0 Sprint
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.7)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Celtx (2.9.1)
Compatibility Pack for the 2007 Office system
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DVD Menu Pack for HP MediaSmart Video
Epson Easy Photo Print 2
EPSON Scan
EPSON Stylus SX100_TX100 Manual
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hardware Diagnostic Tools
HP Advisor
HP Customer Experience Enhancements
HP Games
HP MAINSTREAM KEYBOARD
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP MediaSmart SmartMenu
HP MediaSmart Webcam
HP Odometer
HP Remote Solution
HP Setup
HP Support Assistant
HP Support Information
HP Update
HPAsset component for HP Active Support Library
Intel® Control Center
Intel® Graphics Media Accelerator Driver
iTunes
JMicron Flash Media Controller Driver
Kaspersky Internet Security 2013
LabelPrint
LightScribe System Software
Malwarebytes Anti-Malware version 1.75.0.1300
Media Go
Media Go Video Playback Engine 1.116.107.02030
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Works
Microsoft_VC100_CRT_SP1_x86
Movie Theme Pack for HP MediaSmart Video
MSVC80_x86_v2
MSVC90_x86
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
neroxml
Nokia Connectivity Cable Driver
Nokia Suite
Norton Internet Security
Norton Online Backup
Octoshape Streaming Services
PC Connectivity Solution
Picture Package Music Transfer
PlayReady PC Runtime x86
PlayStation®Store
Power2Go
PowerDirector
QuickTime
Realtek High Definition Audio Driver
Recovery Manager
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Skype Toolbars
Skype™ 6.3
Sony Ericsson Update Engine
Sony PC Companion 2.10.165
Sony Picture Utility
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
VC80CRTRedist - 8.0.50727.6195
Windows Driver Package - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0)
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
.
==== Event Viewer Messages From Past Week ========
.
20/07/2013 9:56:27 PM, Error: Microsoft-Windows-SharedAccess_NAT [30009]  - The DHCP allocator encountered a network error while attempting to reply on IP 
 
address 0.0.0.0 to a request from a client. The data is the error code.
20/07/2013 10:31:50 PM, Error: iaStor [9]  - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
.
==== End Of File ===========================
 


#7 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,155 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 20 July 2013 - 08:35 PM

Please download AdwCleaner from here and save it on your Desktop.

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.

AdwCleaner is a tool that deletes :
· Adwares (software ads)
· PUP/LPI (Potentially Undesirable Program)
· Toolbars
· Hijacker (Hijack of the browser's homepage)

It works with a Search and Deletion method. It can be easily uninstalled using the "Uninstall" mode.

  • Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
  • Now click on the Search tab.
  • Please post the contents of the log-file created in your next post.
Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Note:
Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.
If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

Please note that Antivir Webguard uses ASK Toolbar as part of its web security. If you remove ASK by using Adwcleaner, Antivir Webguard will no longer work properly. Therefore, if you use this program please use the instructions below to access the options screen where you should enable /DisableAskDetections before using AdwCleaner.

You can click on the question mark (?) in the upper left corner of the program and then click on Options. You will then be presented with a dialog where you can disable various detections. These options are described below:

/DisableAskDetection - This option disables Ask Toolbar detection.


MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#8 jayt

jayt

    New Member

  • Members
  • Pip
  • 12 posts

Posted 20 July 2013 - 08:41 PM

It doesn't give me the option to run as administrator - im on windows 7 - run anyway?



#9 jayt

jayt

    New Member

  • Members
  • Pip
  • 12 posts

Posted 20 July 2013 - 08:51 PM

Ok figured it out, here is the log file:

# AdwCleaner v2.306 - Logfile created 07/21/2013 at 11:51:25
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Dave - DAVE-PC
# Boot Mode : Normal
# Running from : C:\Users\Dave\Downloads\adwcleaner.exe
# Option [Search]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Found : C:\Users\Public\Desktop\eBay.lnk
File Found : C:\Users\Public\Desktop\MySearchDial.url
Folder Found : C:\Users\Dave\AppData\Local\Temp\boost_interprocess
Folder Found : C:\Users\Dave\AppData\Roaming\Mysearchdial
 
***** [Registry] *****
 
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\mysearchdial
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\esrv.mysearchdialESrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.mysearchdialESrvc.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Found : HKLM\Software\InstallCore
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Found : HKLM\SOFTWARE\Software
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v10.0.9200.16635
 
 
-\\ Google Chrome v28.0.1500.72
 
File : C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
 
*************************
 
AdwCleaner[R1].txt - [3449 octets] - [21/07/2013 11:50:12]
AdwCleaner[R2].txt - [3380 octets] - [21/07/2013 11:51:25]
 
########## EOF - C:\AdwCleaner[R2].txt - [3440 octets] ##########


#10 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,155 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 20 July 2013 - 09:01 PM

Lots of adware found....lets clear it out.....
  • Please re-run AdwCleaner
  • Click on Delete button.
  • Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.
Note: You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

Then......

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#11 jayt

jayt

    New Member

  • Members
  • Pip
  • 12 posts

Posted 20 July 2013 - 09:09 PM

OKay here is what it deleted:

 

# AdwCleaner v2.306 - Logfile created 07/21/2013 at 12:05:39
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Dave - DAVE-PC
# Boot Mode : Normal
# Running from : C:\Users\Dave\Downloads\adwcleaner.exe
# Option [Delete]
 
going on to next step....
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\Users\Public\Desktop\MySearchDial.url
Folder Deleted : C:\Users\Dave\AppData\Local\Temp\boost_interprocess
Folder Deleted : C:\Users\Dave\AppData\Roaming\Mysearchdial
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\mysearchdial
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\Software\InstallCore
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Deleted : HKLM\SOFTWARE\Software
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v10.0.9200.16635
 
 
-\\ Google Chrome v28.0.1500.72
 
File : C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
 
*************************
 
AdwCleaner[R1].txt - [3449 octets] - [21/07/2013 11:50:12]
AdwCleaner[R2].txt - [3509 octets] - [21/07/2013 11:51:25]
AdwCleaner[R3].txt - [3569 octets] - [21/07/2013 12:05:28]
AdwCleaner[S1].txt - [3512 octets] - [21/07/2013 12:05:39]
 
########## EOF - C:\AdwCleaner[S1].txt - [3572 octets] ##########


#12 jayt

jayt

    New Member

  • Members
  • Pip
  • 12 posts

Posted 20 July 2013 - 09:19 PM

Hi MrC,

 

Here is the log from Junkware Removal Tool:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.1.8 (07.20.2013:2)
OS: Windows 7 Home Premium x86
Ran by Dave on Sun 21/07/2013 at 12:11:12.06
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-226791018-3719644318-1160780637-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 21/07/2013 at 12:12:45.88
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#13 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,155 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 20 July 2013 - 09:28 PM

OK, any difference??

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#14 jayt

jayt

    New Member

  • Members
  • Pip
  • 12 posts

Posted 20 July 2013 - 09:35 PM

Yes,

When I start up explorer the search engine doesnt show up, I still had to manually delete the mysearchdial from google's extension list, but it still wasn't allowed to start, just showed an error message saying it couldnt start my preferred search engine.

Also the online games file I mentioned earlier no longer has an image on the icon on my desktop.

Is there anything else I need to do? Also can you recommend an adware blocker I can install alongside kapersky which doesnt seem to pick much up?



#15 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,155 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 20 July 2013 - 09:52 PM

AV: Kaspersky Internet Security *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Internet Security *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
FW: Kaspersky Internet Security *Enabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}

 


BTW: You have Defender enabled, you shouldn't have that enabled..you have Kaspersky running. Having 2 AVs running only causes conflicts and spotty protection. Please permanently disable it:
http://www.howtogeek...ow-turn-it-off/


Is there anything else I need to do?

We'll just your systems security

Also can you recommend an adware blocker I can install alongside kapersky which doesnt seem to pick much up?

 

You want to stop it from being installed??
What browser do you use?

------------------------------------------------------------------------------------

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!

MrC


Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#16 jayt

jayt

    New Member

  • Members
  • Pip
  • 12 posts

Posted 20 July 2013 - 10:02 PM

When I go into Defender there is a notification saying " A problem caused this program's service to stop. To start the service, click the Start now button or restart your computer." if hit start now that there is another error message. I can't use the tools bar at all.

is that ok?



#17 jayt

jayt

    New Member

  • Members
  • Pip
  • 12 posts

Posted 20 July 2013 - 10:13 PM

Also I use internet explorer and chrome. partner uses one i use the other.

 

here are the checkup results:

 

 Results of screen317's Security Check version 0.99.70  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
 Windows Firewall Disabled!  
Kaspersky Internet Security   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Reader 10.1.7 Adobe Reader out of Date!  
 Google Chrome 28.0.1500.71  
 Google Chrome 28.0.1500.72  
````````Process Check: objlist.exe by Laurent````````  
 Kaspersky Lab Kaspersky Internet Security 2013 avp.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 1% 
````````````````````End of Log`````````````````````` 


#18 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,155 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 21 July 2013 - 08:15 AM

Leave Defender alone then.
 
To stop ads from appearing, you can use a programs like Adblock:
https://chrome.googl...kbiglidom?hl=en
https://adblockplus....ternet-explorer
 
To stop adware from being installed on your computer is really up to you, some reading:
http://www.ciscopres...662902&seqNum=2
also take a look at my  Preventive Maintenance
 
-------------------------------------------------------------------------------------------------------------
 
Out dated programs on the system are vulnerable to malware.
Please update or uninstall them:
 
---------------------------------
 
Adobe Reader 10.1.7 Adobe Reader out of Date!  <---please check for an update if available or uninstall and download and install Foxit Reader which is less vulnerable to malware and much better than Adobe. Don't install any toolbars that may come with it (ASK Toolbar).
 
-----------------------------
 
Google Chrome 28.0.1500.71 <-----OLD
Google Chrome 28.0.1500.72 <-----OK
 
You have old versions of Google Chrome on the system.
Please download and run OldChromeRemover.
@Windows Vista/Windows 7-8 users must use “Run As Administrator.”
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
A little clean up to do....
 
Please Uninstall ComboFix: (if you used it)
 
Press the Windows logo key + R to bring up the "run box"
 
Copy and paste next command in the field:
 
ComboFix /uninstall
 
Make sure there's a space between Combofix and /
 
cf2.jpg
 
Then hit enter.
This will uninstall Combofix, delete its related folders and files,  hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point
 
(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)
 
---------------------------------
 
If you used DeFogger to disable your CD Emulation drivers, please re-enable them.
 
-------------------------------
 
Please download OTC to your desktop.
http://oldtimer.geekstogo.com/OTC.exe
 
Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")
Click on the CleanUp! button and follow the prompts.
(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)
You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.
 
Any other programs or logs you can manually delete.
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.
 
-------------------------------
 
Any questions...please post back.
 
If you think I've helped you, please leave a comment > click on my  avatar picture > click Profile Feed.
 
Take a look at My Preventive Maintenance to avoid being infected again.
 
Good Luck and Thanks for using the forum,  MrC


Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#19 jayt

jayt

    New Member

  • Members
  • Pip
  • 12 posts

Posted 21 July 2013 - 05:09 PM

Thanks so much MrC,

Very helpful! I will post on your profile and donate.

Cheers,

jayt



#20 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,155 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 21 July 2013 - 06:39 PM

OK...Take Care :) MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users