Jump to content

chrisking73

Members
  • Posts

    11
  • Joined

  • Last visited

Everything posted by chrisking73

  1. Wow thanks so much for your help. I have been trying to get ready of mysearchdial for ages! I really appreciate all your help.
  2. Results of screen317's Security Check version 0.99.79 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 6 Update 39 Java 7 Update 51 Adobe Flash Player 11.9.900.170 Adobe Reader XI Mozilla Firefox (26.0) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 19% Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log``````````````````````
  3. # AdwCleaner v3.018 - Report created 13/02/2014 at 19:45:31 # Updated 28/01/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Chris - CHRIS-PC # Running from : C:\Users\Chris\Downloads\adwcleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\open it! Folder Deleted : C:\Program Files (x86)\Ilivid Folder Deleted : C:\Program Files (x86)\openit Folder Deleted : C:\Users\Chris\AppData\Local\Ilivid Player Folder Deleted : C:\Users\Chris\AppData\Local\PackageAware Folder Deleted : C:\Users\Chris\AppData\LocalLow\AskToolbar Folder Deleted : C:\Users\Chris\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z Folder Deleted : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\7ntl7an2.default\Extensions\{AD9A41D2-9A49-4FA6-A79E-71A0785364C8} File Deleted : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\7ntl7an2.default\searchplugins\Mysearchdial.xml File Deleted : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\7ntl7an2.default\user.js ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\ilivid Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1(1)_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1(1)_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_windows-live-messenger_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_windows-live-messenger_RASMANCS Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} Key Deleted : HKCU\Software\dsiteproducts Key Deleted : HKCU\Software\ilivid Key Deleted : HKCU\Software\Softonic Key Deleted : HKLM\Software\AVG Secure Search Key Deleted : HKLM\Software\ilivid Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Opener Packages Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OpenIt Open It! ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.16428 Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page] -\\ Mozilla Firefox v26.0 (en-US) [ File : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\7ntl7an2.default\prefs.js ] Line Deleted : user_pref("browser.search.defaultengine", "Ask.com"); Line Deleted : user_pref("browser.search.order.1", "Mysearchdial"); Line Deleted : user_pref("extensions.mysearchdial.AL", 2); Line Deleted : user_pref("extensions.mysearchdial.aflt", "dsites0103"); Line Deleted : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}"); Line Deleted : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1Qzu0C0C0A0FyBzztD0A0D0DyEtC0Dzz0FyBtN0D0Tzu0SyByCyDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R"); Line Deleted : user_pref("extensions.mysearchdial.cntry", ""); Line Deleted : user_pref("extensions.mysearchdial.cr", "1211063153"); Line Deleted : user_pref("extensions.mysearchdial.dfltLng", ""); Line Deleted : user_pref("extensions.mysearchdial.dfltSrch", true); Line Deleted : user_pref("extensions.mysearchdial.dnsErr", true); Line Deleted : user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,18285[...] Line Deleted : user_pref("extensions.mysearchdial.dspFFXOld", ""); Line Deleted : user_pref("extensions.mysearchdial.excTlbr", false); Line Deleted : user_pref("extensions.mysearchdial.hdrMd5", "75450F821C54A4B01AAC253AF03CD17A"); Line Deleted : user_pref("extensions.mysearchdial.hmpg", true); Line Deleted : user_pref("extensions.mysearchdial.id", "CCAF780ADD41D8F7"); Line Deleted : user_pref("extensions.mysearchdial.instlDay", "16104"); Line Deleted : user_pref("extensions.mysearchdial.instlRef", ""); Line Deleted : user_pref("extensions.mysearchdial.lastVrsnTs", "1.8.21.019:55:7"); Line Deleted : user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"90\",\"lastVrsn\":\"90\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}"); Line Deleted : user_pref("extensions.mysearchdial.prdct", "mysearchdial"); Line Deleted : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial"); Line Deleted : user_pref("extensions.mysearchdial.sg", "none"); Line Deleted : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial"); Line Deleted : user_pref("extensions.mysearchdial.tlbrId", "base"); Line Deleted : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0"); Line Deleted : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0"); Line Deleted : user_pref("extensions.mysearchdial_i.hmpg", true); Line Deleted : user_pref("extensions.mysearchdial_i.newTab", false); Line Deleted : user_pref("extensions.mysearchdial_i.smplGrp", "none"); Line Deleted : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.019:55:7"); ************************* AdwCleaner[R0].txt - [8412 octets] - [13/02/2014 19:28:31] AdwCleaner[s0].txt - [7807 octets] - [13/02/2014 19:45:31] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [7867 octets] ##########
  4. A friend told me to run OTL a while ago. I have just run the Malwarebytes Anti-Rootkit and it has detected nothing.
  5. Hello, I am really sorry but I have messed up. I did not untick the 'remove found threats' on ESET scanner. C:\Users\Chris\AppData\Local\{7bcea926-9caa-4e9a-30c2-0caddaa13026}\U\00000004.@ Win64/Conedex.C trojan cleaned by deleting - quarantined C:\Users\Chris\AppData\Local\{7bcea926-9caa-4e9a-30c2-0caddaa13026}\U\80000032.@ a variant of Win32/Sirefef.FV trojan cleaned by deleting - quarantined C:\Users\Chris\AppData\Local\{7bcea926-9caa-4e9a-30c2-0caddaa13026}\U\80000064.@ Win64/Sirefef.AN trojan cleaned by deleting - quarantined C:\_OTL\MovedFiles\07262012_134900\C_Windows\Installer\{7bcea926-9caa-4e9a-30c2-0caddaa13026}\U\00000004.@ Win64/Conedex.C trojan cleaned by deleting - quarantined C:\_OTL\MovedFiles\07262012_134900\C_Windows\Installer\{7bcea926-9caa-4e9a-30c2-0caddaa13026}\U\00000008.@ Win64/Agent.BA trojan cleaned by deleting - quarantined C:\_OTL\MovedFiles\07262012_134900\C_Windows\Installer\{7bcea926-9caa-4e9a-30c2-0caddaa13026}\U\000000cb.@ Win64/Conedex.B trojan cleaned by deleting - quarantined C:\_OTL\MovedFiles\07262012_134900\C_Windows\Installer\{7bcea926-9caa-4e9a-30c2-0caddaa13026}\U\80000000.@ Win64/Sirefef.AP trojan cleaned by deleting - quarantined C:\_OTL\MovedFiles\07262012_134900\C_Windows\Installer\{7bcea926-9caa-4e9a-30c2-0caddaa13026}\U\80000032.@ a variant of Win32/Sirefef.FV trojan cleaned by deleting - quarantined C:\_OTL\MovedFiles\07262012_134900\C_Windows\Installer\{7bcea926-9caa-4e9a-30c2-0caddaa13026}\U\80000064.@ Win64/Sirefef.AN trojan cleaned by deleting - quarantined Sorry for doing it wrong.
  6. TDSSKiller.3.0.0.22_10.02.2014_17.43.50_log.txt aswMBR.txt Thank you for your time.
  7. Good afternoon. Thank you for taking the time to look through my logs. My sysmtpons are as follows: My facebook account has been compromised (private messages have been sent and password was changed) My email account has been coimpromised (password changed) I have recovered the accounts and changed passwords using an iPad. Passwords were different and complex. dds.txt attach.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.