jayt Posted July 20, 2013 ID:705250 Share Posted July 20, 2013 Hi There,Please help! I stupidly downloaded a program from a "trusted" source and it has installed malware on my computer.Specifically mysearchdial redirect toolbar that reinstalls despite the fact I have removed it from my computer.I think it must be hiding inside another program but I can't work out which one (although there is an icon called Online Games that I swear I've never seen before.)I have used kapersky tdsskiller but it didn't detect anything.Also please note that the redirect only happens on start-up and after that I can use the browser normally. I'm using chrome and iexplorer and running Windows 7. Link to post Share on other sites More sharing options...
MrCharlie Posted July 20, 2013 ID:705256 Share Posted July 20, 2013 Welcome to the forum, please start HERE Post back the 2 logs here.....DDS.txt and Attach.txt (please don't put logs in code or quotes) P2P/Piracy Warning: 1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here. Failure to remove or disable such software will result in your topic being closed and no further assistance being provided. 2. If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy. <====><====><====><====><====><====><====><====> Next................ Please download and run RogueKiller 32 bit to your desktop. RogueKiller<---use this one for 64 bit systems Quit all running programs. For Windows XP, double-click to start. For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run. Click Scan to scan the system. When the scan completes > Close out the program > Don't Fix anything! Don't run any other options, they're not all bad!!!!!!! Post back the report which should be located on your desktop. (please don't put logs in code or quotes) MrC Note: Please read all of my instructions completely including these. Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive <+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you. <+>The removal of malware isn't instantaneous, please be patient. <+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. ------->Your topic will be closed if you haven't replied within 3 days!<-------- (If I don't respond within 24 hours, please send me a PM) Link to post Share on other sites More sharing options...
jayt Posted July 21, 2013 Author ID:705423 Share Posted July 21, 2013 Hi MrCharlie, Thanks for replying. I have downloaded malware bytes and the result is that it can't find any malicious software. I only have one .txt log though....its called mbam-log- (plus date etc).txt Malwarebytes Anti-Malware (Trial) 1.75.0.1300www.malwarebytes.org Database version: v2013.07.21.01 Windows 7 Service Pack 1 x86 NTFSInternet Explorer 10.0.9200.16635Dave :: DAVE-PC [administrator] Protection: Enabled 21/07/2013 10:34:47 AMmbam-log-2013-07-21 (10-34-47).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 223128Time elapsed: 11 minute(s), 3 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end) Cheers,jayt Link to post Share on other sites More sharing options...
jayt Posted July 21, 2013 Author ID:705424 Share Posted July 21, 2013 Hi Again,So I ran RogueKiller and this is its report:RogueKiller V8.6.3 [Jul 17 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits versionStarted in : Normal modeUser : Dave [Admin rights]Mode : Scan -- Date : 07/21/2013 11:05:30| ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 2 ¤¤¤[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HDS721050CLA362 +++++--- User ---[MBR] 9234d0c68c0cb4dc4bd51a1596c33f17[bSP] 8087af9cf4be01c5d2c0c5b6515fa32a : Windows Vista/7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 467860 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 958384128 | Size: 8978 MoUser = LL1 ... OK!User = LL2 ... OK! Finished : << RKreport[0]_S_07212013_110530.txt >> Thanks, Julia Link to post Share on other sites More sharing options...
MrCharlie Posted July 21, 2013 ID:705427 Share Posted July 21, 2013 I need you to run DDS and post the logs: Download DDS and save it to your desktop from one of the three links below: http://download.bleepingcomputer.com/sUBs/dds.scr http://download.bleepingcomputer.com/sUBs/dds.com http://www.forospyware.com/sUBs/dds Disable any script blocker, and then double click dds.scr to run the tool. When done, DDS will open two (2) logs DDS.txt Attach.txt Save both reports to your desktop and post them back here. MrC Link to post Share on other sites More sharing options...
jayt Posted July 21, 2013 Author ID:705428 Share Posted July 21, 2013 Ok here is dds.txtDDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 10.0.9200.16635Run by Dave at 11:27:26 on 2013-07-21Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.2013.786 [GMT 10:00].AV: Kaspersky Internet Security *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Kaspersky Internet Security *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}FW: Kaspersky Internet Security *Enabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}.============== Running Processes ================.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\System32\spoolsv.exeC:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files\Realtek\Audio\HDA\AERTSrv.EXEC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exeC:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exeC:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exeC:\windows\System32\hkcmd.exeC:\windows\System32\igfxpers.exeC:\Program Files\hp\HP Software Update\hpwuschd2.exeC:\Windows\system32\igfxsrvc.exeC:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exeC:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exeC:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exeC:\Users\Dave\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exeC:\Program Files\Nokia\Nokia Suite\NokiaSuite.exeC:\Program Files\Sony\Sony PC Companion\PCCompanion.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exeC:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exeC:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exeC:\Program Files\PC Connectivity Solution\ServiceLayer.exeC:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exeC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\taskeng.exec:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exeC:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exeC:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exeC:\Users\Dave\Downloads\RogueKiller (1).exeC:\Users\Dave\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Dave\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Dave\AppData\Local\Google\Chrome\Application\chrome.exeC:\Windows\system32\notepad.exeC:\Users\Dave\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Dave\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Dave\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Dave\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Dave\AppData\Local\Google\Chrome\Application\chrome.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\conhost.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation.============== Pseudo HJT Report ===============.uSearch Bar = Preserve f=1&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzu0CzztD0A0AzyyB0D0CyEtByD0FtA0F0EtN0D0Tzu0CyDyCyBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=117511503&ir=BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\contentblocker \ie_content_blocker_plugin.dllBHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard \ie_virtual_keyboard_plugin.dllBHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dllBHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\onlinebanking \online_banking_bho.dllBHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dllBHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLLBHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor \klwtbbho.dllTB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dllTB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dllTB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dlluRun: [HPADVISOR] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe view=DOCKVIEWuRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /backgrounduRun: [Google Update] "c:\users\dave\appdata\local\google\update\GoogleUpdate.exe" /cuRun: [Octoshape Streaming Services] "c:\users\dave\appdata\roaming\octoshape\octoshape streaming services\OctoshapeClient.exe" -inv:bootrunuRun: [NokiaSuite.exe] c:\program files\nokia\nokia suite\NokiaSuite.exe -trayuRun: [sony PC Companion] "c:\program files\sony\sony pc companion\PCCompanion.exe" /BackgrounduRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrunuRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hiddenmRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -smRun: [hpsysdrv] c:\program files\hewlett-packard\hp odometer\hpsysdrv.exemRun: [igfxTray] c:\windows\system32\igfxtray.exemRun: [HotKeysCmds] c:\windows\system32\hkcmd.exemRun: [Persistence] c:\windows\system32\igfxpers.exemRun: [PC-Doctor for Windows localizer] c:\program files\pc-doctor for windows\localizer.exemRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exemRun: [HPCam_Menu] "c:\program files\hewlett-packard\media\webcam\muitransfer\muistartmenu.exe" "c:\program files\hewlett-packard\media\webcam" updatewithcreateonce "software\hewlett-packard\media\Webcam"mRun: [smartMenu] c:\program files\hewlett-packard\hp mediasmart\SmartMenu.exe /backgroundmRun: [HP Remote Solution] c:\program files\hewlett-packard\hp remote solution\HP_Remote_Solution.exemRun: [bATINDICATOR] c:\program files\hewlett-packard\hp mainstream keyboard\BATINDICATOR.exemRun: [LaunchHPOSIAPP] c:\program files\hewlett-packard\hp mainstream keyboard\LaunchApp.exemRun: [NortonOnlineBackupReminder] "c:\program files\symantec\norton online backup\activation\NobuActivation.exe" UNATTENDEDmRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottimemRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe"mRunOnce: [b Register c:\program files\divx\divx plus web player\ie\divxhtml5\divxhtml5.dll] "c:\windows\system32\rundll32.exe" "c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll",DllRegisterServermRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silentdRunOnce: [sPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601StartupFolder: c:\users\dave\appdata\roaming\micros~1\windows\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\pmbcore \SPUVolumeWatcher.exeuPolicies-Explorer: HideSCAHealth = dword:1mPolicies-Explorer: NoDriveTypeAutoRun = dword:28mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext \virtualkeyboard\ie_virtual_keyboard_plugin.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllIE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext \urladvisor\klwtbbho.dllTCP: NameServer = 211.29.132.12 198.142.0.51 198.142.235.14TCP: Interfaces\{08E58D29-68D0-42EB-9453-79C7B1ECFCDF} : DHCPNameServer = 211.29.132.12 198.142.0.51 198.142.235.14Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLLHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dllNotify: igfxcui - igfxdev.dllSSODL: WebCheck - <orphaned>mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe".============= SERVICES / DRIVERS ===============.R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2012-8-2 24408]R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [2012-6-8 44000]R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [2012-8-13 145040]R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2010-3-9 87968]R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2010-10-14 92216]R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2010-3-9 127600]R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [2012-5-25 25944]R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2012-7-25 25944]R3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\drivers\netr28.sys [2010-3-9 649216]R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-3-9 189440]S2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe [2012-8-17 356376]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-7-21 418376]S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-7-21 701512]S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384]S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2012-12-8 12400]S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-3-9 125696]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-7-21 22856]S3 Sony PC Companion;Sony PC Companion;c:\program files\sony\sony pc companion\PCCService.exe [2012-12-8 155824]S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-8 52224]S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-8-27 1343400].=============== Created Last 30 ================.2013-07-21 01:03:06 15616 ----a-w- c:\windows\system32\TrueSight.sys2013-07-21 00:32:56 -------- d-----w- c:\users\dave\appdata\roaming\Malwarebytes2013-07-21 00:32:46 -------- d-----w- c:\programdata\Malwarebytes2013-07-21 00:32:45 22856 ----a-w- c:\windows\system32\drivers\mbam.sys2013-07-21 00:32:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2013-07-21 00:31:55 -------- d-----w- c:\users\dave\appdata\local\Programs2013-07-20 12:59:02 -------- d-----w- c:\users\dave\appdata\roaming\mysearchdial2013-07-20 11:37:39 -------- d-----w- c:\users\dave\appdata\local\Nero_AG2013-07-20 11:35:11 -------- d-----w- c:\users\dave\appdata\local\Nero2013-07-20 11:27:34 -------- d-----w- c:\programdata\Nero2013-07-20 11:23:02 248672 ----a-w- c:\windows\system32\d3dx11_43.dll2013-07-20 11:22:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll2013-07-20 11:22:21 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll2013-07-20 11:22:00 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll2013-07-20 11:21:20 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll2013-07-09 22:01:26 509440 ----a-w- c:\windows\system32\qedit.dll2013-07-09 22:01:25 1620480 ----a-w- c:\windows\system32\WMVDECOD.DLL2013-07-09 22:01:23 1247744 ----a-w- c:\windows\system32\DWrite.dll2013-07-09 22:01:21 2347520 ----a-w- c:\windows\system32\win32k.sys2013-07-09 22:01:19 988672 ----a-w- c:\program files\windows journal\JNTFiltr.dll2013-07-09 22:01:19 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll2013-07-09 22:01:19 936448 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll2013-07-09 22:01:19 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL2013-07-09 22:01:11 680960 ----a-w- c:\program files\windows defender\MpSvc.dll2013-07-09 22:01:11 392704 ----a-w- c:\program files\windows defender\MpClient.dll2013-07-09 22:01:11 224768 ----a-w- c:\program files\windows defender\MpCommu.dll2013-06-29 11:43:22 -------- d--h--w- c:\windows\AxInstSV2013-06-29 02:23:12 -------- d-----w- c:\users\dave\Podcasts2013-06-29 02:22:20 -------- d-----w- c:\users\dave\appdata\local\Sony2013-06-29 02:22:17 -------- d-----w- c:\programdata\Sony Corporation2013-06-29 02:22:17 -------- d-----w- c:\program files\common files\Sony Shared2013-06-29 02:21:20 -------- d-----w- c:\users\dave\appdata\local\Downloaded Installations2013-06-29 02:20:45 -------- d-----w- c:\program files\Sony Media Go Install2013-06-25 21:58:07 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll2013-06-25 16:20:50 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll.==================== Find3M ====================.2013-06-25 16:20:50 906240 ----a-w- c:\windows\system32\FntCache.dll2013-06-19 07:49:05 44000 ----a-w- c:\windows\system32\drivers\kltdi.sys2013-06-15 23:50:12 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-06-15 23:50:12 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe2013-06-15 23:50:08 8610696 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe2013-06-11 23:43:37 1767936 ----a-w- c:\windows\system32\wininet.dll2013-06-11 23:43:00 2877440 ----a-w- c:\windows\system32\jscript9.dll2013-06-11 23:42:58 61440 ----a-w- c:\windows\system32\iesetup.dll2013-06-11 23:42:58 109056 ----a-w- c:\windows\system32\iesysprep.dll2013-06-11 22:51:45 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe2013-06-07 02:37:52 2706432 ----a-w- c:\windows\system32\mshtml.tlb2013-05-13 04:45:55 140288 ----a-w- c:\windows\system32\cryptsvc.dll2013-05-13 04:45:55 1160192 ----a-w- c:\windows\system32\crypt32.dll2013-05-13 04:45:55 103936 ----a-w- c:\windows\system32\cryptnet.dll2013-05-13 03:08:10 903168 ----a-w- c:\windows\system32\certutil.exe2013-05-13 03:08:06 43008 ----a-w- c:\windows\system32\certenc.dll2013-05-10 03:20:54 24576 ----a-w- c:\windows\system32\cryptdlg.dll2013-05-08 05:38:00 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys2013-05-06 05:06:47 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe2013-05-06 05:06:47 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe2013-04-26 04:55:21 492544 ----a-w- c:\windows\system32\win32spl.dll2013-04-25 23:30:32 1505280 ----a-w- c:\windows\system32\d3d11.dll2013-04-24 10:04:07 145040 ----a-w- c:\windows\system32\drivers\kneps.sys2013-04-24 10:04:06 74848 ----a-w- c:\windows\system32\drivers\klflt.sys.============= FINISH: 11:28:42.22 =============== and here is attach.txt .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1Install Date: 25/08/2010 10:42:54 PMSystem Uptime: 21/07/2013 5:39:39 AM (6 hours ago).Motherboard: Hewlett-Packard | | BomaProcessor: Pentium® Dual-Core CPU E5400 @ 2.70GHz | CPU 1 | 2700/200mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 457 GiB total, 338.726 GiB free.D: is FIXED (NTFS) - 9 GiB total, 1.06 GiB free.E: is CDROM ().==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP259: 7/07/2013 10:12:32 AM - Scheduled CheckpointRP260: 10/07/2013 8:26:44 AM - Windows UpdateRP261: 16/07/2013 4:32:58 PM - Sony PC CompanionRP263: 20/07/2013 9:20:48 PM - Installed DirectXRP265: 20/07/2013 9:21:49 PM - Installed DirectXRP267: 20/07/2013 9:22:10 PM - Installed DirectXRP269: 20/07/2013 9:22:32 PM - Installed DirectXRP271: 20/07/2013 9:22:51 PM - Installed DirectXRP272: 20/07/2013 9:27:20 PM - Installed Nero 12.RP273: 20/07/2013 10:01:51 PM - Removed Nero 12.RP274: 20/07/2013 10:02:53 PM - Removed Nero 12.RP276: 20/07/2013 10:11:27 PM - Configured PowerStarterRP278: 20/07/2013 10:17:34 PM - Configured PowerStarterRP279: 20/07/2013 11:00:31 PM - Device Driver Package Install: MagicISO, Inc. Storage controllers.==== Installed Programs ======================.ABBYY FineReader 6.0 SprintActiveCheck component for HP Active Support LibraryAdobe AIRAdobe Flash Player 11 ActiveXAdobe Reader X (10.1.7)Apple Application SupportApple Mobile Device SupportApple Software UpdateBonjourCeltx (2.9.1)Compatibility Pack for the 2007 Office systemDefinition Update for Microsoft Office 2010 (KB982726) 32-Bit EditionDVD Menu Pack for HP MediaSmart VideoEpson Easy Photo Print 2EPSON ScanEPSON Stylus SX100_TX100 ManualGoogle ChromeGoogle Toolbar for Internet ExplorerGoogle Update HelperHardware Diagnostic ToolsHP AdvisorHP Customer Experience EnhancementsHP GamesHP MAINSTREAM KEYBOARDHP MediaSmart DVDHP MediaSmart Music/Photo/VideoHP MediaSmart SmartMenuHP MediaSmart WebcamHP OdometerHP Remote SolutionHP SetupHP Support AssistantHP Support InformationHP UpdateHPAsset component for HP Active Support LibraryIntel® Control CenterIntel® Graphics Media Accelerator DriveriTunesJMicron Flash Media Controller DriverKaspersky Internet Security 2013LabelPrintLightScribe System SoftwareMalwarebytes Anti-Malware version 1.75.0.1300Media GoMedia Go Video Playback Engine 1.116.107.02030Microsoft .NET Framework 4 Client ProfileMicrosoft Office 2010 Service Pack 1 (SP1)Microsoft Office Access MUI (English) 2010Microsoft Office Access Setup Metadata MUI (English) 2010Microsoft Office Excel MUI (English) 2010Microsoft Office Home and Student 2010Microsoft Office OneNote MUI (English) 2010Microsoft Office Outlook MUI (English) 2010Microsoft Office PowerPoint MUI (English) 2010Microsoft Office PowerPoint Viewer 2007 (English)Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2010Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Single Image 2010Microsoft Office Word MUI (English) 2010Microsoft SilverlightMicrosoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft WorksMicrosoft_VC100_CRT_SP1_x86Movie Theme Pack for HP MediaSmart VideoMSVC80_x86_v2MSVC90_x86MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)neroxmlNokia Connectivity Cable DriverNokia SuiteNorton Internet SecurityNorton Online BackupOctoshape Streaming ServicesPC Connectivity SolutionPicture Package Music TransferPlayReady PC Runtime x86PlayStation®StorePower2GoPowerDirectorQuickTimeRealtek High Definition Audio DriverRecovery ManagerSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit EditionSecurity Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit EditionSecurity Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553091)Security Update for Microsoft Office 2010 (KB2553096)Security Update for Microsoft Office 2010 (KB2553371) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553447) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2589320) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2598243) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687276) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687501) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687510) 32-Bit EditionSecurity Update for Microsoft OneNote 2010 (KB2760600) 32-Bit EditionSecurity Update for Microsoft Publisher 2010 (KB2553147) 32-Bit EditionSecurity Update for Microsoft Visio 2010 (KB2810068) 32-Bit EditionSecurity Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit EditionSecurity Update for Microsoft Word 2010 (KB2760410) 32-Bit EditionSkype ToolbarsSkype™ 6.3Sony Ericsson Update EngineSony PC Companion 2.10.165Sony Picture UtilityUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Client Profile (KB2836939)Update for Microsoft Office 2010 (KB2553065)Update for Microsoft Office 2010 (KB2553181) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553267) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553310) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553378) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2566458)Update for Microsoft Office 2010 (KB2596964) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2598242) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2687503) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2687509) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2760631) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2767886) 32-Bit EditionUpdate for Microsoft OneNote 2010 (KB2553290) 32-Bit EditionUpdate for Microsoft Outlook 2010 (KB2597090) 32-Bit EditionUpdate for Microsoft Outlook 2010 (KB2687623) 32-Bit EditionUpdate for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit EditionUpdate for Microsoft PowerPoint 2010 (KB2598240) 32-Bit EditionVC80CRTRedist - 8.0.50727.6195Windows Driver Package - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0)Windows Live Sign-in AssistantWindows Live SyncWindows Live Upload Tool.==== Event Viewer Messages From Past Week ========.20/07/2013 9:56:27 PM, Error: Microsoft-Windows-SharedAccess_NAT [30009] - The DHCP allocator encountered a network error while attempting to reply on IP address 0.0.0.0 to a request from a client. The data is the error code.20/07/2013 10:31:50 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period..==== End Of File =========================== Link to post Share on other sites More sharing options...
MrCharlie Posted July 21, 2013 ID:705429 Share Posted July 21, 2013 Please download AdwCleaner from here and save it on your Desktop. AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs. AdwCleaner is a tool that deletes : · Adwares (software ads) · PUP/LPI (Potentially Undesirable Program) · Toolbars · Hijacker (Hijack of the browser's homepage) It works with a Search and Deletion method. It can be easily uninstalled using the "Uninstall" mode.Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.Now click on the Search tab.Please post the contents of the log-file created in your next post.Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1. Note: Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system. If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it. Please note that Antivir Webguard uses ASK Toolbar as part of its web security. If you remove ASK by using Adwcleaner, Antivir Webguard will no longer work properly. Therefore, if you use this program please use the instructions below to access the options screen where you should enable /DisableAskDetections before using AdwCleaner. You can click on the question mark (?) in the upper left corner of the program and then click on Options. You will then be presented with a dialog where you can disable various detections. These options are described below: /DisableAskDetection - This option disables Ask Toolbar detection. MrC Link to post Share on other sites More sharing options...
jayt Posted July 21, 2013 Author ID:705431 Share Posted July 21, 2013 It doesn't give me the option to run as administrator - im on windows 7 - run anyway? Link to post Share on other sites More sharing options...
jayt Posted July 21, 2013 Author ID:705433 Share Posted July 21, 2013 Ok figured it out, here is the log file:# AdwCleaner v2.306 - Logfile created 07/21/2013 at 11:51:25# Updated 19/07/2013 by Xplode# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)# User : Dave - DAVE-PC# Boot Mode : Normal# Running from : C:\Users\Dave\Downloads\adwcleaner.exe# Option [search] ***** [services] ***** ***** [Files / Folders] ***** File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnkFile Found : C:\Users\Public\Desktop\eBay.lnkFile Found : C:\Users\Public\Desktop\MySearchDial.urlFolder Found : C:\Users\Dave\AppData\Local\Temp\boost_interprocessFolder Found : C:\Users\Dave\AppData\Roaming\Mysearchdial ***** [Registry] ***** Key Found : HKCU\Software\InstallCoreKey Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKCU\Software\mysearchdialKey Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXEKey Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKLM\SOFTWARE\Classes\esrv.mysearchdialESrvcKey Found : HKLM\SOFTWARE\Classes\esrv.mysearchdialESrvc.1Key Found : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}Key Found : HKLM\Software\InstallCoreKey Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}Key Found : HKLM\SOFTWARE\Software ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16635 -\\ Google Chrome v28.0.1500.72 File : C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Preferences ************************* AdwCleaner[R1].txt - [3449 octets] - [21/07/2013 11:50:12]AdwCleaner[R2].txt - [3380 octets] - [21/07/2013 11:51:25] ########## EOF - C:\AdwCleaner[R2].txt - [3440 octets] ########## Link to post Share on other sites More sharing options...
MrCharlie Posted July 21, 2013 ID:705434 Share Posted July 21, 2013 Lots of adware found....lets clear it out.....Please re-run AdwCleanerClick on Delete button.Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number. Then...... Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message.MrC Link to post Share on other sites More sharing options...
jayt Posted July 21, 2013 Author ID:705436 Share Posted July 21, 2013 OKay here is what it deleted: # AdwCleaner v2.306 - Logfile created 07/21/2013 at 12:05:39# Updated 19/07/2013 by Xplode# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)# User : Dave - DAVE-PC# Boot Mode : Normal# Running from : C:\Users\Dave\Downloads\adwcleaner.exe# Option [Delete] going on to next step.... ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnkFile Deleted : C:\Users\Public\Desktop\eBay.lnkFile Deleted : C:\Users\Public\Desktop\MySearchDial.urlFolder Deleted : C:\Users\Dave\AppData\Local\Temp\boost_interprocessFolder Deleted : C:\Users\Dave\AppData\Roaming\Mysearchdial ***** [Registry] ***** Key Deleted : HKCU\Software\InstallCoreKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\mysearchdialKey Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXEKey Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialESrvcKey Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialESrvc.1Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}Key Deleted : HKLM\Software\InstallCoreKey Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}Key Deleted : HKLM\SOFTWARE\Software ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16635 -\\ Google Chrome v28.0.1500.72 File : C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Preferences ************************* AdwCleaner[R1].txt - [3449 octets] - [21/07/2013 11:50:12]AdwCleaner[R2].txt - [3509 octets] - [21/07/2013 11:51:25]AdwCleaner[R3].txt - [3569 octets] - [21/07/2013 12:05:28]AdwCleaner[s1].txt - [3512 octets] - [21/07/2013 12:05:39] ########## EOF - C:\AdwCleaner[s1].txt - [3572 octets] ########## Link to post Share on other sites More sharing options...
jayt Posted July 21, 2013 Author ID:705437 Share Posted July 21, 2013 Hi MrC, Here is the log from Junkware Removal Tool: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 5.1.8 (07.20.2013:2)OS: Windows 7 Home Premium x86Ran by Dave on Sun 21/07/2013 at 12:11:12.06~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-226791018-3719644318-1160780637-1000\Software\Microsoft\Internet Explorer\Main\\Start Page ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Sun 21/07/2013 at 12:12:45.88End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Link to post Share on other sites More sharing options...
MrCharlie Posted July 21, 2013 ID:705438 Share Posted July 21, 2013 OK, any difference?? MrC Link to post Share on other sites More sharing options...
jayt Posted July 21, 2013 Author ID:705439 Share Posted July 21, 2013 Yes,When I start up explorer the search engine doesnt show up, I still had to manually delete the mysearchdial from google's extension list, but it still wasn't allowed to start, just showed an error message saying it couldnt start my preferred search engine.Also the online games file I mentioned earlier no longer has an image on the icon on my desktop.Is there anything else I need to do? Also can you recommend an adware blocker I can install alongside kapersky which doesnt seem to pick much up? Link to post Share on other sites More sharing options...
MrCharlie Posted July 21, 2013 ID:705440 Share Posted July 21, 2013 AV: Kaspersky Internet Security *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Kaspersky Internet Security *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}FW: Kaspersky Internet Security *Enabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D} BTW: You have Defender enabled, you shouldn't have that enabled..you have Kaspersky running. Having 2 AVs running only causes conflicts and spotty protection. Please permanently disable it:http://www.howtogeek.com/howto/15788/how-to-uninstall-disable-and-remove-windows-defender.-also-how-turn-it-off/Is there anything else I need to do?We'll just your systems securityAlso can you recommend an adware blocker I can install alongside kapersky which doesnt seem to pick much up? You want to stop it from being installed??What browser do you use?------------------------------------------------------------------------------------Lets check your computers security before you go and we have a little cleanup to do also:Download Security Check by screen317 from HERE or HERE.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt.Please Post the contents of that document.Do Not Attach It!!!MrC Link to post Share on other sites More sharing options...
jayt Posted July 21, 2013 Author ID:705445 Share Posted July 21, 2013 When I go into Defender there is a notification saying " A problem caused this program's service to stop. To start the service, click the Start now button or restart your computer." if hit start now that there is another error message. I can't use the tools bar at all.is that ok? Link to post Share on other sites More sharing options...
jayt Posted July 21, 2013 Author ID:705449 Share Posted July 21, 2013 Also I use internet explorer and chrome. partner uses one i use the other. here are the checkup results: Results of screen317's Security Check version 0.99.70 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! Windows Firewall Disabled! Kaspersky Internet Security Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Adobe Reader 10.1.7 Adobe Reader out of Date! Google Chrome 28.0.1500.71 Google Chrome 28.0.1500.72 ````````Process Check: objlist.exe by Laurent```````` Kaspersky Lab Kaspersky Internet Security 2013 avp.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log`````````````````````` Link to post Share on other sites More sharing options...
MrCharlie Posted July 21, 2013 ID:705526 Share Posted July 21, 2013 Leave Defender alone then. To stop ads from appearing, you can use a programs like Adblock:https://chrome.google.com/webstore/detail/adblock/gighmmpiobklfepjocnamgkkbiglidom?hl=enhttps://adblockplus.org/en/internet-explorer To stop adware from being installed on your computer is really up to you, some reading:http://www.ciscopress.com/articles/article.asp?p=662902&seqNum=2also take a look at my Preventive Maintenance ------------------------------------------------------------------------------------------------------------- Out dated programs on the system are vulnerable to malware.Please update or uninstall them: --------------------------------- Adobe Reader 10.1.7 Adobe Reader out of Date! <---please check for an update if available or uninstall and download and install Foxit Reader which is less vulnerable to malware and much better than Adobe. Don't install any toolbars that may come with it (ASK Toolbar). ----------------------------- Google Chrome 28.0.1500.71 <-----OLDGoogle Chrome 28.0.1500.72 <-----OK You have old versions of Google Chrome on the system.Please download and run OldChromeRemover.@Windows Vista/Windows 7-8 users must use “Run As Administrator.” ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ A little clean up to do.... Please Uninstall ComboFix: (if you used it) Press the Windows logo key + R to bring up the "run box" Copy and paste next command in the field: ComboFix /uninstall Make sure there's a space between Combofix and / Then hit enter.This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point (If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller) --------------------------------- If you used DeFogger to disable your CD Emulation drivers, please re-enable them. ------------------------------- Please download OTC to your desktop.http://oldtimer.geekstogo.com/OTC.exe Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")Click on the CleanUp! button and follow the prompts.(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)You will be asked to reboot the machine to finish the Cleanup process, choose Yes.After the reboot all the tools we used should be gone.Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind. Any other programs or logs you can manually delete.IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall. ------------------------------- Any questions...please post back. If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed. Take a look at My Preventive Maintenance to avoid being infected again. Good Luck and Thanks for using the forum, MrC Link to post Share on other sites More sharing options...
jayt Posted July 21, 2013 Author ID:705694 Share Posted July 21, 2013 Thanks so much MrC,Very helpful! I will post on your profile and donate.Cheers,jayt Link to post Share on other sites More sharing options...
MrCharlie Posted July 21, 2013 ID:705700 Share Posted July 21, 2013 OK...Take Care MrC Link to post Share on other sites More sharing options...
LDTate Posted July 22, 2013 ID:705851 Share Posted July 22, 2013 Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you. Link to post Share on other sites More sharing options...
Recommended Posts