-
Posts
21 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by johnstac
-
No further issues. Thanks.
-
Don't think it was an install issue. A guy named daledoc1 sent me a message telling me that I would need to quarantine or otherwise remove the scanned items before an update could be done. I'm proceeding now with your earlier instructions.
-
Okay, hoping it's not an issue but I do seem to be having another issue. I use Malwarebytyes Anti-Malware Premium. It displayed a message that my database is out of date but the update now is grayed out and when I click it, nothing happens. The database version I have is v2014.06.28.02 Any suggestions on what to do to fix this so I can continue with your suggestions?
-
OMG! It's back! Everything was clear and then Malwarebytes ran an automated threat scan today and found this: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 6/29/2014 Scan Time: 12:12:04 AM Logfile: Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.06.28.02 Rootkit Database: v2014.06.23.02 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: JJE Scan Type: Threat Scan Result: Completed Objects Scanned: 284561 Time Elapsed: 4 min, 3 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Warn PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 2 PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, , [99391865295248eed906f6b5867cb050], PUP.Optional.MySearchDial.A, HKU\S-1-5-21-4162722641-2444669028-1401190998-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, , [a82a6419d4a790a65d8352595ba71be5], Registry Values: 2 PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Mysearchdial, , [99391865295248eed906f6b5867cb050] PUP.Optional.MySearchDial.A, HKU\S-1-5-21-4162722641-2444669028-1401190998-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Mysearchdial, , [a82a6419d4a790a65d8352595ba71be5] Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)
-
-
Results of screen317's Security Check version 0.99.85 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 55 Java version out of Date! Adobe Flash Player 14.0.0.125 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox (7.0.1) Mozilla Thunderbird (9.0.1) Google Chrome 35.0.1916.114 Google Chrome 35.0.1916.153 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 10% ````````````````````End of Log``````````````````````
-
The good news...... The original issue has been resolved. MySearchDial is gone. The bad news..... There are a bunch of new entries from Chrome. I don't use Chrome and so I'm not sure if it's an issue or not. Maybe you can take a look and let me know what you think. Thanks. Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 6/23/2014 Scan Time: 1:14:27 PM Logfile: malbyteslog.txt Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.06.23.12 Rootkit Database: v2014.06.20.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: JJE Scan Type: Threat Scan Result: Completed Objects Scanned: 281585 Time Elapsed: 3 min, 34 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 28 PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\backgroundScripts, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\contentScripts, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\images, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\ca, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\cn, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\de, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\en, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\es, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\fr, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\it, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\ja, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\jp, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\uk, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\us, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\zh, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\_locales, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\_locales\de, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\_locales\en, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\_locales\en_GB, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\_locales\es, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\_locales\fr, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\_locales\it, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\_locales\ja, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\_locales\zh, , [5296f88391ea7abce663ffa86999e917], Files: 72 PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\background.html, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\expander.html, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\linktemplate.html, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\manifest.json, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\pushdown.html, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\backgroundScripts\background.js, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\backgroundScripts\browserSpecific.js, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\backgroundScripts\injectBookmarkletWrapper.js, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\backgroundScripts\install.js, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\backgroundScripts\localeTools.js, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\backgroundScripts\settingsHandler.js, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\backgroundScripts\stringProcessor.js, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\backgroundScripts\strings.js, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\contentScripts\inject_bookmarklet.js, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\contentScripts\isProduct.js, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\contentScripts\pushdownContent.js, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\contentScripts\pushDownRun.js, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\contentScripts\runIsProduct.js, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\contentScripts\tests.js, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\images\action.png, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\images\close.png, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\images\demo.png, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\images\glow.png, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\images\icon128.png, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\images\icon16.png, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\images\icon32.png, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\images\icon48.png, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\images\icon64.png, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\images\shims_pushdown.png, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\settings.css, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\settings.html, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\settings.js, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\ca\amazon.png, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\ca\footer.gif, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\cn\amazon.png, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\cn\footer.gif, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\de\amazon.png, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\de\footer.gif, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\de\save.png, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\de\wishlist.png, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\en\save.png, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\en\wishlist.png, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\es\amazon.png, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\es\footer.gif, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\es\save.png, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\es\wishlist.png, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\fr\amazon.png, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\fr\footer.gif, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\fr\save.png, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\fr\wishlist.png, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\it\amazon.png, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\it\footer.gif, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\it\save.png, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\it\wishlist.png, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\ja\save.png, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\ja\wishlist.png, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\jp\amazon.png, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\jp\footer.gif, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\uk\amazon.png, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\uk\footer.gif, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\us\amazon.png, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\us\footer.gif, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\zh\save.png, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\settings\images\zh\wishlist.png, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\_locales\de\messages.json, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\_locales\en\messages.json, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\_locales\en_GB\messages.json, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\_locales\es\messages.json, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\_locales\fr\messages.json, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\_locales\it\messages.json, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\_locales\ja\messages.json, , [5296f88391ea7abce663ffa86999e917], PUP.Optional.SavingSmart.A, C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\_locales\zh\messages.json, , [5296f88391ea7abce663ffa86999e917], Physical Sectors: 0 (No malicious items detected) (end)
-
Results of AdwCleaner: # AdwCleaner v3.213 - Report created 23/06/2014 at 12:53:00 # Updated 23/06/2014 by Xplode # Operating System : Windows 7 Professional Service Pack 1 (64 bits) # Username : JJE - JJE-FRACTAL-PC # Running from : C:\Users\JJE\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** Service Deleted : SCBackService ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\AVG Security Toolbar Folder Deleted : C:\ProgramData\DeviceVM Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar Folder Deleted : C:\Program Files (x86)\DeviceVM Folder Deleted : C:\Users\JJE\AppData\Local\AVG Secure Search Folder Deleted : C:\Users\JJE\AppData\Roaming\DeviceVM Folder Deleted : C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgpdioedihjhncjafcpgbbjdpbbkikmi File Deleted : C:\Users\Public\Desktop\iLivid.lnk File Deleted : C:\Users\JJE\AppData\Roaming\Mozilla\Firefox\Profiles\atkpjxrh.default\user.js ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook Key Deleted : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook.1 Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe Key Deleted : HKLM\SOFTWARE\Classes\STC.FBServiceAPPEventsSink Key Deleted : HKLM\SOFTWARE\Classes\STC.FBServiceAPPEventsSink.1 Key Deleted : HKLM\SOFTWARE\Classes\STC.OptionMenu Key Deleted : HKLM\SOFTWARE\Classes\STC.OptionMenu.1 Key Deleted : HKLM\SOFTWARE\Classes\STC.Protocol Key Deleted : HKLM\SOFTWARE\Classes\STC.Protocol.1 Key Deleted : HKLM\SOFTWARE\Classes\STC.VisualBookmark Key Deleted : HKLM\SOFTWARE\Classes\STC.VisualBookmark.1 Key Deleted : HKLM\SOFTWARE\Classes\STC.WebObject Key Deleted : HKLM\SOFTWARE\Classes\STC.WebObject.1 Key Deleted : HKLM\SOFTWARE\Classes\STCHelper.BHOHelper Key Deleted : HKLM\SOFTWARE\Classes\STCHelper.BHOHelper.1 Key Deleted : HKLM\SOFTWARE\Classes\STCHelper.FBServiceAPP Key Deleted : HKLM\SOFTWARE\Classes\STCHelper.FBServiceAPP.1 Key Deleted : HKLM\SOFTWARE\Classes\STCHelper.Protocol Key Deleted : HKLM\SOFTWARE\Classes\STCHelper.Protocol.1 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{82A5CE4D-AF0C-45B6-8AF8-75625BE6A08D} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B2B7E0CD-E169-43B3-A233-E129610EE314} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0DEC13F0-5C8C-4147-8329-6CDFAD9755B7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0E5680D1-BF44-4929-94AF-FD30D784AD1D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0F3DC9E0-C459-4A40-BCF8-747BD9322E10} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E97F0FA-3B44-4634-A87E-8B0D5CFD6365} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{951F5841-FD1E-4F1D-8607-67B174DBD753} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D1CCB0CC-DA45-4797-93D3-DEE7A13F8177} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DCE24E28-D8EF-49BE-BC01-A1DD3B58FCE3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E4F7F1A5-490E-4884-A9E3-CBD6A25749E1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFE66D00-A56A-4F7F-81D7-4A28C5816D6C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E8E0178-00EF-413D-9324-E7B3E31572E3} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A1A533A8-E106-422B-AE29-D0025269AF83} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B1759D04-0EF9-472A-B5C3-C774997B5321} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E5680D1-BF44-4929-94AF-FD30D784AD1D} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E5680D1-BF44-4929-94AF-FD30D784AD1D} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFE66D00-A56A-4F7F-81D7-4A28C5816D6C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E5680D1-BF44-4929-94AF-FD30D784AD1D} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80ED3EBC-CC05-4336-ABCC-295798855718} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0F3DC9E0-C459-4A40-BCF8-747BD9322E10}] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} Key Deleted : HKCU\Software\OCS Key Deleted : HKLM\Software\Freeze.com ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17126 -\\ Mozilla Firefox v7.0.1 (en-US) [ File : C:\Users\JJE\AppData\Roaming\Mozilla\Firefox\Profiles\atkpjxrh.default\prefs.js ] Line Deleted : user_pref("extensions.irmysearch.aflt", "suma_14_12_ff"); Line Deleted : user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1QzutDtDtByDtBtB0E0BtCzytB0AtCtBtC0DtN0D0Tzu0SzztCtCtN1L2XzutBtFtCzztFyBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StBtC0DtAyEtDtA0EtGtBtDyBtCt[...] Line Deleted : user_pref("extensions.irmysearch.cr", "1457772844"); Line Deleted : user_pref("extensions.irmysearch.instlRef", "140305_a"); Line Deleted : user_pref("extensions.mysearchdial.AL", 2); Line Deleted : user_pref("extensions.mysearchdial.aflt", "suma_14_12_ff"); Line Deleted : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}"); Line Deleted : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutDtDtByDtBtB0E0BtCzytB0AtCtBtC0DtN0D0Tzu0SzztCtCtN1L2XzutBtFtCzztFyBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StBtC0DtAyEtDtA0EtGtBtDyBt[...] Line Deleted : user_pref("extensions.mysearchdial.cr", "1457772844"); Line Deleted : user_pref("extensions.mysearchdial.dfltLng", ""); Line Deleted : user_pref("extensions.mysearchdial.dfltSrch", true); Line Deleted : user_pref("extensions.mysearchdial.dnsErr", true); Line Deleted : user_pref("extensions.mysearchdial.excTlbr", false); Line Deleted : user_pref("extensions.mysearchdial.hmpg", true); Line Deleted : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=suma_14_12_ff&cd=2XzuyEtN2Y1L1QzutDtDtByDtBtB0E0BtCzytB0AtCtBtC0DtN0D0Tzu0SzztCtCtN1L2XzutBtFtCzztFyBtFtDtN1L1CzutCyE[...] Line Deleted : user_pref("extensions.mysearchdial.id", "002522EB192A121D"); Line Deleted : user_pref("extensions.mysearchdial.instlDay", "16150"); Line Deleted : user_pref("extensions.mysearchdial.instlRef", "140305_a"); Line Deleted : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=suma_14_12_ff&cd=2XzuyEtN2Y1L1QzutDtDtByDtBtB0E0BtCzytB0AtCtBtC0DtN0D0Tzu0SzztCtCtN1L2XzutBtFtCzztFyBtFtDtN1L1CzutC[...] Line Deleted : user_pref("extensions.mysearchdial.prdct", "mysearchdial"); Line Deleted : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial"); Line Deleted : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial"); Line Deleted : user_pref("extensions.mysearchdial.tlbrId", "base"); Line Deleted : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=suma_14_12_ff&cd=2XzuyEtN2Y1L1QzutDtDtByDtBtB0E0BtCzytB0AtCtBtC0DtN0D0Tzu0SzztCtCtN1L2XzutBtFtCzztFyBtFtDtN1L1Czu[...] Line Deleted : user_pref("extensions.mysearchdial.vrsn", "1.8.29.0"); Line Deleted : user_pref("extensions.mysearchdial.vrsni", "1.8.29.0"); Line Deleted : user_pref("extensions.mysearchdial_i.newTab", false); Line Deleted : user_pref("extensions.mysearchdial_i.smplGrp", "none"); Line Deleted : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.29.020:22:58"); -\\ Google Chrome v35.0.1916.153 [ File : C:\Users\JJE\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted [search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms} Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms} Deleted [Extension] : dgpdioedihjhncjafcpgbbjdpbbkikmi Deleted [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof ************************* AdwCleaner[R0].txt - [10243 octets] - [23/06/2014 12:48:18] AdwCleaner[s0].txt - [10227 octets] - [23/06/2014 12:53:00] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [10288 octets] ########## Results of JRT ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows 7 Professional x64 Ran by JJE on Mon 06/23/2014 at 13:01:17.97 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services Successfully stopped: [service] wcuservice_stc_ie Successfully deleted: [service] wcuservice_stc_ie ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Program Files (x86)\coupons" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Mon 06/23/2014 at 13:05:04.53 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Will now be starting Malwarebytes Threat scan
-
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-06-2014 Ran by JJE at 2014-06-23 12:26:26 Run:1 Running from C:\Users\JJE\Desktop\FRST Boot Mode: Normal ============================================== Content of fixlist: ***************** C:\Users\JJE\AppData\Roaming\0S1F1O2Z0S2Y1H1T C:\Users\JJE\Application Data\0S1F1O2Z0S2Y1H1T ***************** C:\Users\JJE\AppData\Roaming\0S1F1O2Z0S2Y1H1T => Moved successfully. "C:\Users\JJE\Application Data\0S1F1O2Z0S2Y1H1T" => File/Directory not found. ==== End of Fixlog ====
-
Okay, restarted computer and was able to delete the CCleaner Pacages folder. I still did not find the other entry. Please confirm that I can disregard that entry and continue with this process.
-
Okay, so could these two entries be the same entry? I did go into folders and clicked to show hidden folders. then I went to the AppData folder and found the 0S1F1O2Z0S2Y1H1T. Inside it was another folder called CCleaner Packages. I tried to delete this folder but it denied me and said it was in use. I then used FileAssassin to delete the file uninstaller.exe inside the CCleaner Packages folder. After I deleted uninstaller.exe, I tried to delete the CCleaner Packages folder but even though it was empty it is still reporting that the folder or a file in it is open in another program. Not sure how that can be when the folder is empty. Still working on this. As far as the other entry, I cannot find a folder called Application Data.
-
SystemLook 30.07.11 by jpshortstuff Log created at 10:45 on 23/06/2014 by JJE Administrator - Elevation successful ========== Folderfind ========== Searching for "CCleaner Packages" C:\Users\JJE\AppData\Roaming\0S1F1O2Z0S2Y1H1T\CCleaner Packages d------ [03:22 22/03/2014] C:\Users\JJE\Application Data\0S1F1O2Z0S2Y1H1T\CCleaner Packages d------ [03:22 22/03/2014] -= EOF =-
-
Edit post above. I originally tried to uninstall the program from the Windows pane but after highlighting and clicking "Uninstall/Change" from the top of Windows, a Windows warning came up asking if I wanted to allow uninstaller.exe from an unknown publisher to execute. I selected no and then the window called uninstall manager popped up. I then tried using the actual CCleaner program to uninstall the CCleaner Pakages but that did not work either. Im just not sure whether to allow unistaller.exe to execute. Is this a Windows program? It said unknown publisher so I was hesitant. Please advise.
-
-
Per your instructions please find the attached 2 files. Thanks. Addition.txt FRST.txt
-
So is there any problem if I uninstall the adobe programs and then when we are done, I can just reinstall them?
-
Hmmm, I'm not okay with that. The programs I have installed, for example Adobe Dreamweaver are legitimately purchased software that I hold licenses to. So what should I do?
-
Apologies for my ignorance but I'm only marginally computer competent. I have no idea what those are or what they are doing in my host file. For that matter, I don't know what a host file really is. Sorry. Some years ago I purchased an adobe program. The one that lets you make pdf files. Anyway, Because the software was so cheap and the instructions were strange, I think that maybe this could have something to do with it. Could this code prevent a compromised legitimate piece of software from actually making contact with the true company? That would be my guess. That software is no longer being used so it can be removed.
-
By the way, after completing your instructions, my malwarybtes program popped up after running another scan and the same MySearchDial items were listed again.
-
I ran Malwarebytes 2.0 and quarantined items as directed. Downloaded and ran RogueKiller. I did not find the report on my desktop so I clicked on "report" and that is what I am pasting below: RogueKiller V9.0.3.0 (x64) [Jun 17 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : JJE [Admin rights] Mode : Scan -- Date : 06/22/2014 02:14:54 ¤¤¤ Bad processes : 2 ¤¤¤ [suspicious.Path] EvernoteClipper.exe -- D:\Users\JJE\AppData\Local\Apps\Evernote\Evernote\EvernoteClipper.exe[7] -> KILLED [TermProc] [suspicious.Path] (SVC) ALSysIO -- \??\C:\Users\JJE\AppData\Local\Temp\ALSysIO64.sys[x] -> STOPPED ¤¤¤ Registry Entries : 12 ¤¤¤ [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ALSysIO -> FOUND [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ALSysIO -> FOUND [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ALSysIO -> FOUND [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6F960E35-229E-4F11-BE97-40A1A85B02B5} | DhcpNameServer : 10.0.1.1 -> FOUND [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6F960E35-229E-4F11-BE97-40A1A85B02B5} | DhcpNameServer : 10.0.1.1 -> FOUND [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{6F960E35-229E-4F11-BE97-40A1A85B02B5} | DhcpNameServer : 10.0.1.1 -> FOUND [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-4162722641-2444669028-1401190998-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> FOUND [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-4162722641-2444669028-1401190998-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> FOUND [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Files : 1 ¤¤¤ [suspicious.Path][File] EvernoteClipper.lnk -- C:\Users\JJE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [LNK@] D:\Users\JJE\AppData\Local\Apps\Evernote\Evernote\EVERNO~2.EXE -> FOUND ¤¤¤ HOSTS File : 15 ¤¤¤ [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 activate.adobe.com [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 practivate.adobe.com [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ereg.adobe.com [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 activate.wip3.adobe.com [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 wip3.adobe.com [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 3dns-3.adobe.com [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 3dns-2.adobe.com [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 adobe-dns.adobe.com [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 adobe-dns-2.adobe.com [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 adobe-dns-3.adobe.com [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ereg.wip3.adobe.com [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 activate-sea.adobe.com [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 wwis-dubc1-vip60.adobe.com [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 activate-sjc0.adobe.com [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 wwis-dubc1-vip60.adobe.com ¤¤¤ Antirootkit : 0 ¤¤¤ ¤¤¤ Web browsers : 1 ¤¤¤ [PUP][CHROME:Addon] Default : Speed Dial [dgpdioedihjhncjafcpgbbjdpbbkikmi] -> FOUND ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: JohnsRaid +++++ --- User --- [MBR] 6709a49941390cb5df87914fef893ff7 [bSP] 37b2e3b86d006ac0d156385bbaf4c079 : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 1907631 MB User = LL1 ... OK Error reading LL2 MBR! ([57] The parameter is incorrect. ) +++++ PhysicalDrive1: SAMSUNG HD103SJ +++++ --- User --- [MBR] 327270d7b1af85e870533ccdf39cd4d2 [bSP] 44d840294c9e34c7f18eafc614b2e4df : Windows Vista/7/8 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive2: SAMSUNG HD103SJ +++++ --- User --- [MBR] 884cf37416ccd27b413e4debabc75565 [bSP] bfc2b048cee0843a02975ee481037c7f : Windows Vista/7/8 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive3: INTEL SSDSC2MH120A2 +++++ --- User --- [MBR] 1820a293500fa3dcf44b9d2a18a344c1 [bSP] 47906bf8d093541efb9247b52d995896 : Windows Vista/7/8 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 114471 MB User = LL1 ... OK User = LL2 ... OK
-
I recently purchased Malwarebytes Anti-Malware and after running it for the first time, it did find some items. I chose to quarantine all. Since then I have run the scan again and the some of the same files are coming up. All of them are: PUP.Optional.MySearchDial.A I was going to post them but upon submission, it stated they were too long. I have attached them instead. FRST.txt Addition.txt