Jump to content
bobalu4u

do search has hijacked my home pages

Recommended Posts

Hi,

II ran malwarebytes- antimalware and I have a log of it as well as hijackthis log. I followed the directions and ran dds.text and attach.text. It's below. If you need the ant imalwarebytes or hijack this log I'll send it on.

I sincerely hope someone can help me. Thanks.

Bob

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 2/15/2006 2:00:13 AM
System Uptime: 11/9/2013 5:48:39 PM (1 hours ago)
.
Motherboard: Dell Inc.           |  | 0WG261
Processor:               Intel® Pentium® 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 228 GiB total, 200.085 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP2005: 9/28/2013 10:09:10 PM - Software Distribution Service 3.0
RP2006: 9/30/2013 12:10:07 PM - Software Distribution Service 3.0
RP2007: 10/1/2013 2:35:33 PM - Software Distribution Service 3.0
RP2008: 10/2/2013 11:08:04 PM - Software Distribution Service 3.0
RP2009: 10/4/2013 12:07:16 AM - Software Distribution Service 3.0
RP2010: 10/5/2013 1:17:23 AM - Software Distribution Service 3.0
RP2011: 10/5/2013 2:16:58 AM - Installed Nitro Reader 3
RP2012: 10/5/2013 2:34:18 AM - Revo Uninstaller's restore point - DriverAgent by eSupport.com
RP2013: 10/5/2013 2:50:42 AM - Revo Uninstaller's restore point - McAfee Security Scan Plus
RP2014: 10/6/2013 3:58:51 PM - Software Distribution Service 3.0
RP2015: 10/8/2013 12:18:50 AM - Software Distribution Service 3.0
RP2016: 10/9/2013 12:24:22 PM - Software Distribution Service 3.0
RP2017: 10/10/2013 12:47:17 AM - Software Distribution Service 3.0
RP2018: 10/10/2013 3:33:07 PM - Software Distribution Service 3.0
RP2019: 10/12/2013 4:15:00 PM - Software Distribution Service 3.0
RP2020: 10/13/2013 1:47:31 PM - Software Distribution Service 3.0
RP2021: 10/14/2013 1:20:03 PM - Software Distribution Service 3.0
RP2022: 10/15/2013 10:15:21 PM - Software Distribution Service 3.0
RP2023: 10/15/2013 10:26:51 PM - Software Distribution Service 3.0
RP2024: 10/17/2013 7:04:55 AM - Software Distribution Service 3.0
RP2025: 10/18/2013 4:27:42 PM - Software Distribution Service 3.0
RP2026: 10/19/2013 4:48:04 PM - Software Distribution Service 3.0
RP2027: 10/21/2013 6:17:49 PM - Software Distribution Service 3.0
RP2028: 10/22/2013 10:42:59 PM - Software Distribution Service 3.0
RP2029: 10/24/2013 11:48:58 AM - Software Distribution Service 3.0
RP2030: 10/25/2013 9:31:23 PM - Software Distribution Service 3.0
RP2031: 10/27/2013 9:59:59 PM - Software Distribution Service 3.0
RP2032: 10/30/2013 9:49:37 PM - Software Distribution Service 3.0
RP2033: 11/1/2013 7:33:32 PM - Software Distribution Service 3.0
RP2034: 11/2/2013 11:54:15 PM - Software Distribution Service 3.0
RP2035: 11/4/2013 3:42:40 PM - Software Distribution Service 3.0
RP2036: 11/5/2013 5:37:07 PM - Software Distribution Service 3.0
RP2037: 11/6/2013 8:59:50 PM - Software Distribution Service 3.0
RP2038: 11/7/2013 11:23:58 PM - Software Distribution Service 3.0
RP2039: 11/8/2013 1:52:47 PM - Revo Uninstaller's restore point - VideoPlayer v2.0.6
RP2040: 11/8/2013 4:36:25 PM - Installed HiJackThis
RP2041: 11/9/2013 1:35:18 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
ACDSee Classic
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Shockwave Player 11.6
AI RoboForm
AirPort
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AusLogics Disk Defrag
Belarc Advisor 7.2
Bonjour
Bonjour Print Services
CCleaner
Comodo BackUp
COMODO Firewall Pro
Corel Business Applications
Corel Photo Album 6
Creative Audio Console
Creative MediaSource
Critical Update for Windows Media Player 11 (KB959772)
Dell Driver Download Manager
Dell Driver Reset Tool
Dell Support 3.2.1
Dell Support Center (Support Software)
Dell System Restore
DellConnect
DeviceDiscovery
DFX for Windows Media Player
Dropbox
ELIcon
EMET (Tech Preview)
ERUNT 1.1j
Final Draft 5
Final Draft 7
Google Chrome
Google Update Helper
GoToAssist 8.0.0.514
GPBaseService2
HD Tune 2.54
Hewlett-Packard ACLM.NET v1.1.0.0
High Definition Audio Driver Package - KB835221
HiJackThis
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP FWUpdateEDO2
HP Photo Creations
HP Photosmart 5510 series Basic Device Software
HP Photosmart 5510 series Help
HP Photosmart 5510 series Product Improvement Study
HP Product Detection
HP Update
HPDiagnosticAlert
HPProductAssistant
HPSSupply
IE New Window Maximizer 2.4
Image Resizer Powertoy for Windows XP
Intel® 537EP V9x DF PCI Modem
Intel® PRO Network Connections Drivers
Intel® PROSet for Wired Connections
Internet Explorer (Enable DEP)
iPhone Configuration Utility
iTunes
Java 7 Update 40
Java Auto Updater
jv16 PowerTools 1.3
Logitech Updater
Logitech Vid
Logitech Webcam Software
Logitech Webcam Software Driver Package
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.0 Security Update (KB2698035)
Microsoft .NET Framework 1.0 Security Update (KB2742607)
Microsoft .NET Framework 1.0 Security Update (KB2833951)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Automated Troubleshooting Services Shim
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Baseline Security Analyzer 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Fix it Center
Microsoft IntelliPoint 4.1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Windows XP Video Decoder Checkup Utility
MobileMe Control Panel
Modem Event Monitor
Modem Helper
Modem On Hold
Move Networks Media Player for Internet Explorer
Movie Magic Screenwriter Demo
Mozilla Firefox 24.0 (x86 en-US)
Mozilla Maintenance Service
MSN
MSVCSetup
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Nitro Reader 3
NTREGOPT 1.1j
Octoshape add-in for Adobe Flash Player
Olympus Digital Wave Player
overland
PDF Download for Internet Explorer
Photo Loader 2.3E
PowerDVD 5.9
Qualxserve Service Agreement
QuickTime
Recuva (remove only)
RegSupreme 1.3
Revo Uninstaller 1.89
SanDiskSecureAccess_Manager.exe
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Skype™ 5.8
SmartWebPrinting
SolutionCenter
Sonic Audio module
Sonic DLA
Sonic Encoders
Sonic RecordNow Data
Sonic RecordNow!
Sound Blaster for Media Center
Sound Blaster X-Fi
SpeedFan (remove only)
Status
swMSM
System Requirements Lab for Intel
TrayApp
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2362765)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows Internet Explorer 8 (KB982664)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
User Profile Hive Cleanup Service
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VoptXP v7.22
WebCyberCoach 3.2 Dell
WebFldrs XP
Webshots Desktop
Windows 7 Upgrade Advisor
Windows Backup Utility
Windows Defender Signatures
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [see EmeraldQFE2 for more information]
Windows Media Player 11
Windows Presentation Foundation
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinPatrol 2007
WinPcap 4.1.2
WinZip
WordWeb
XML Paper Specification Shared Components Pack 1.0
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
11/9/2013 1:24:32 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  SASDIFSV SASKUTIL
11/9/2013 1:24:09 AM, error: Service Control Manager [7000]  - The SSPORT service failed to start due to the following error:  The system cannot find the file specified.
11/9/2013 1:24:09 AM, error: Service Control Manager [7000]  - The Secure II Driver service failed to start due to the following error:  The system cannot find the file specified.
11/9/2013 1:24:09 AM, error: Service Control Manager [7000]  - The Lexar Secure II service failed to start due to the following error:  The system cannot find the file specified.
11/9/2013 1:24:09 AM, error: Service Control Manager [7000]  - The DgiVecp service failed to start due to the following error:  The system cannot find the device specified.
.
==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.40.2
Run by bob at 18:07:55 on 2013-11-09
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2046.1474 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: COMODO Firewall Pro *Disabled*
.
============== Running Processes ================
.
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe
C:\WINDOWS\system32\locator.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboFormWatcher.exe
C:\Program Files\IE New Window Maximizer\iemaximizer.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.








uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: NitroPDFBHO Class: {CF070CB8-F02F-4af4-A7B7-8D45CAD4BB54} - c:\program files\nitro pdf\pdf download\NitroPDF.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: &RoboForm: {724D43A0-0D85-11D4-9908-00400523E39A} - c:\program files\siber systems\ai roboform\RoboForm.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboForm.dll
EB: {555D4D79-4BD2-4094-A395-CFC534424A05} - <orphaned>
EB: {555D4D79-4BD2-4094-A395-CFC534424A05} - <orphaned>
uRun: [RoboForm] c:\program files\siber systems\ai roboform\RoboFormWatcher.exe
uRun: [iE New Window Maximizer] c:\program files\ie new window maximizer\iemaximizer.exe
mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [intelMeM] "c:\program files\intel\modem event monitor\IntelMEM.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [COMODO Firewall Pro] "c:\program files\comodo\firewall\cfp.exe" -h
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [WUAppSetup] c:\program files\common files\logishrd\WUApp32.exe -v 0x046d -p 0x09a1 -f video -m logitech -d 11.70.1196.0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Save Page As PDF ... - c:\program files\nitro pdf\pdf download\nitroweb.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll
IE: {96538116-AB8C-4879-9F21-BD2BFE22A414} - {DC6169B9-3397-4D01-8639-07F1A34BAF99} - <orphaned>
IE: {AD9E6088-E00B-42f9-9F0C-8480525D234E} - {FF5073C0-28A0-4223-9BDF-59FF020FE77C} - c:\program files\nitro pdf\pdf download\NitroPDF.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.

















TCP: NameServer = 10.0.1.1
TCP: Interfaces\{37CBB603-8C91-41A5-9BB6-27AE01755D02} : DHCPNameServer = 10.0.1.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - <orphaned>
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: GoToAssist - <no file>
AppInit_DLLs= c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\bob\application data\mozilla\firefox\profiles\7cf71jjz.default\
FF - prefs.js: browser.startup.homepage - about:home

FF - plugin: c:\program files\google\update\1.3.21.124\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\nitro\reader 3\npdf.dll
FF - plugin: c:\program files\nitro\reader 3\npnitroie.dll
FF - plugin: c:\program files\nitro\reader 3\npnitromozilla.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1168638.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 211560]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2010-6-10 87056]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-6-10 24208]
R2 cmdAgent;COMODO Firewall Pro Helper Service;c:\program files\comodo\firewall\cmdagent.exe [2010-6-10 519936]
R2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;c:\program files\nitro\reader 3\NitroPDFReaderDriverService3.exe [2013-3-26 196624]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2011-2-11 35088]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\bob\locals~1\temp\sas_selfextract\sasdifsv.sys --> c:\docume~1\bob\locals~1\temp\sas_selfextract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\bob\locals~1\temp\sas_selfextract\saskutil.sys --> c:\docume~1\bob\locals~1\temp\sas_selfextract\SASKUTIL.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 LxrSII1d;Secure II Driver;\??\c:\windows\system32\drivers\lxrsii1d.sys --> c:\windows\system32\drivers\LxrSII1d.sys [?]
S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2010-11-16 267568]
S3 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S3 SASENUM;SASENUM;\??\c:\docume~1\bob\locals~1\temp\sas_selfextract\sasenum.sys --> c:\docume~1\bob\locals~1\temp\sas_selfextract\SASENUM.SYS [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2005-8-16 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 ComodoBackupService;ComodoBackupService;c:\program files\comodo\backup\CmdBkSvc.exe [2010-6-10 1023488]
S4 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files\freemake\capturelib\CaptureLibService.exe [2012-3-2 8704]
.
=============== Created Last 30 ================
.
2013-11-09 09:35:25 7796464 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8373f820-680e-4844-9fe7-aa773ab5b2fc}\mpengine.dll
2013-11-09 01:59:30 -------- d-----w- c:\documents and settings\bob\application data\Malwarebytes
2013-11-09 01:58:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-11-09 00:36:30 388096 ----a-r- c:\documents and settings\bob\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2013-11-09 00:36:27 -------- d-----w- c:\program files\Trend Micro
2013-11-08 21:26:45 -------- d-----w- c:\program files\Uninstaller
2013-11-08 07:24:03 7796464 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
.
==================== Find3M  ====================
.
2013-10-09 21:10:38 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-09 21:10:38 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-23 18:33:58 920064 ----a-w- c:\windows\system32\wininet.dll
2013-09-23 18:33:57 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-09-23 18:33:57 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-09-23 18:33:56 18944 ----a-w- c:\windows\system32\corpol.dll
2013-09-23 18:06:48 385024 ----a-w- c:\windows\system32\html.iec
2013-09-11 00:25:24 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-09-11 00:25:20 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-09-11 00:25:19 868264 -c--a-w- c:\windows\system32\npdeployJava1.dll
2013-09-11 00:25:19 790440 -c--a-w- c:\windows\system32\deployJava1.dll
2013-08-29 01:31:44 1878656 ----a-w- c:\windows\system32\win32k.sys
2006-11-01 21:07:34 3623736 -c--a-w- c:\program files\procexp.exe
2004-02-25 17:45:00 2226922 -c--a-w- c:\program files\jv16pt_setup1.3.0.195.exe
.
============= FINISH: 18:09:54.46 ===============
 

 

Share this post


Link to post
Share on other sites

Hello bobalu4u and welcome to Malwarebytes forums.

 

Would you please specifically tell us, which internet browser or browsers are having the "search hijacking" issue ?

 

I would strongly suggest that you reset each of your browsers to standard defaults.  And to look closely at each, and remove the search hijacker, which I will refer to below as "the rogue".

 

Reset your internet browsers:
For Internet Explorer:
1.Close all Internet Explorer and Explorer windows that are currently open.

Note If you are running Windows 8, start Internet Explorer for the desktop. Changing your settings will affect both Internet Explorer and Internet Explorer for the desktop.
2.Start Internet Explorer for a fresh start.

From the IE menu, select Tools ( ALT+T) > Internet Options> General
on the General Tab, look at the Home Page box.  If it has "the rogue" listed there, select it and remove it.
You can press either of the buttons "use default" or "use blank" then press Appy and OK buttons.

3.On the Tools menu, tap or click Internet options. If you don't see the Tools menu, press Alt.

4.In the Internet Options window, tap or click the Advanced tab.

5.Tap or click Reset. If you're using Windows Internet Explorer 6, click Restore Default.

6.In the Reset Internet Explorer Settings dialog box, tap or click Reset.

Select the Delete personal settings check box if you also want to remove browsing history, search providers, Accelerators, home pages, Tracking Protection, and ActiveX Filtering data.
Tip: For optimal results, enable the Delete personal settings option.

7. When Internet Explorer finishes applying default settings,
press "Shift+CTRL+Delete keys" and delete temporary internet cache files.

 tap or click Close, and then tap or click OK.

8.Exit and then start Internet Explorer.

9. Using Internet Explorer browser, run the Microsoft Fix-It on the following MS page
http://support.microsoft.com/mats/ie_performance_and_safety

For Google Chrome:
1. Start Chrome. Go to Chrome menu > then  Tools  ( ALT+T )> then select Extensions .
If it has "the rogue" listed there, select it and uncheck the box "enabled".
Find and remove any related extensions of the rogue from the list.

2. Click Chrome menu > tools>Settings>On startup >Set pages>
mouse-over to where you see "the rogue" and click the X symbol to remove it and add your preferred domain and set it as your homepage.

3. Click on Settings>Appearance>Change.
Remove "the rogue" from Startup pages by clicking the X symbol(you can also choose to add a new page by entering its URL).

4. Click Chrome menu> Settings>Search>Manage search engines…>
Choose to set another preferred one as the default search engine by clicking Make default and remove "the rogue" from the list.

For Mozilla Firefox:
Start Firefox
1. Reset homepage by
Selecting from menu bar Tools> Options> and press the "General" tab (icon)
Remove "the rogue" from the Homepage box and put in your own choice. Or you can press "Restore to Default".
and press OK.

2 Reset settings
From the menu bar, select Help(on Windows XP, click the Help menu)> then select Troubleshooting Information.
Then click the button marked "Reset Firefox" at the top-right of screen.

3. Apply the changes and exit.

NOTE: If Firefox is especially hard to cure of the rogue, you can do this
in Firefox, use ALT+H keys and then click on "Restart with Add-ons Disabled"  and then do steps 1 thru 3 here again.

~  ~
NEXT

Start your MBAM MalwareBytes' Anti-Malware.
Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.  < =

look down the screen to Action for potentially unwanted programs  PUP  &
look down the screen to Action for potentially unwanted modifications PUM &
Action for peer-to-peer software  P2P

For each one of the 3
 select "Show in  results list and check for removal"  from the drop down (arrow) selections.   < = =

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.
Do a QUICK  Scan.   

When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

When all done, ATTACH the MBAM scan log into a new reply for my review.

IF this is Windows XP, the log would be under this folder
C:\Documents and Settings\(Your Profile Name)\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs

IF this is Windows Vista or  Win7 or Win8:
C:\Users\<USERNAME>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs

I need the most current one that starts with the name mbam-log-2013    ( with the latest time & Date stamp)



Maurice Naggar
Product Support

Malwarebytes Corporation
Crushes malware. Restores confidence.

Share this post


Link to post
Share on other sites

I have followed your directions in IE 8 and didn't on Chrome and Firefox because I figured if it didn't work on IE it wouldn't on my other two browsers, but yes, they are all hijacked. What should the next step be? Thanks.

Share this post


Link to post
Share on other sites

Okay, I followed your directions on the other two browsers, chrome and firefox. I ran the antimalware scan which I'm pasting below. The first scan I ran yesterday quarantined 10 pups, today's shows nothing. That's the good news. The bad is that when I open any of the three browsers my homepages are still hijacked by "do searches." What do I do next? Thanx again.

Share this post


Link to post
Share on other sites

I posted on Nov 11 and haven't yet received any help with my problem. Can someone help me, please! Thank you.

Share this post


Link to post
Share on other sites

Sorry for the delay.  I've sent a message to Maurice letting him know that you're still looking for help.

He is in another time zone so he may not get that till later tonight though.  

 

Thank you

Share this post


Link to post
Share on other sites

Hello Bobalu4u,

 

I must apologize for the lateness in getting back to you.  My bad oversight.

 

I still need the log from the MBAM scan run.

ATTACH the MBAM scan log into a new reply for my review. IF this is Windows XP, the log would be under this folder
C:\Documents and Settings\(Your Profile Name)\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs

IF this is Windows Vista or  Win7 or Win8:
C:\Users\<USERNAME>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs

I need the most current one that starts with the name mbam-log-2013    ( with the latest time & Date stamp)

 

Note: If any or each of your browsers has a homepage set by some pest ......

First, insure you do not have something like Tea Timer from Spybot as active.  If you have Tea Timer, turn it off.

For the browser homepage, you still have to hone in and go thru each browser and reset your preferences.

 

[ # 2 ]

Download OTL by OldTimer & Save it  to your desktop:
http://oldtimer.geekstogo.com/OTL.exe

 

Please close any of your open windows/programs and exit; saving any open work you have.
I'd like to have you do a special run of OTL to generate some searches & a new log-report.

  • Please double-click OTL.exe otlDesktopIcon.png to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    *****************************************************************
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs
    HKEY_USERS\S-1-5-19\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs
    HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs
    HKEY_USERS\S-1-5-20\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs
    HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs
    HKEY_CLASSES_ROOT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|{33BB0A4E-99AF-4226-BDF6-49120163DE86} /rs
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} /rs


    *****************************************************************
  • Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
     
  • Close any browser(s) windows that may be open.
     
  • Using your mouse, click on Run Scan.
     
  • The scan won't take long.
    When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    These are saved in the same location as OTL.
  • Please attach the log-report  OTL.txt into your reply.

 

Share this post


Link to post
Share on other sites

Maurice,

I've lost the ability to copy & paste anything into this website. Is it possible that whatever is infecting my system is doing that? I'll try running firefox and see if it works with that, but I doubt it. This is a real problem I'm faced with.

Share this post


Link to post
Share on other sites

Hurrah! I finally got the paste to work on firefox. So here it is. Thanks.

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.08.10

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
bob :: BOBALU [administrator]

11/8/2013 6:06:07 PM
MBAM-log-2013-11-08 (18-20-38).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 256161
Time elapsed: 8 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 10
HKCR\CLSID\{D0C21091-FF8E-432C-9006-0540E81BA9D7} (PUP.Optional.GreatArcadeHits.A) -> No action taken.
HKCR\TypeLib\{5530C971-3D8F-471B-AC49-4CC23FA955E2} (PUP.Optional.GreatArcadeHits.A) -> No action taken.
HKCR\Interface\{7FBC7ADD-4D75-4685-9BD4-30D3FBDD3AB4} (PUP.Optional.GreatArcadeHits.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} (PUP.Optional.InboxToolBar.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} (PUP.Optional.InboxToolBar.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> No action taken.
HKLM\SOFTWARE\dosearchesSoftware (PUP.Optional.DoSearches.A) -> No action taken.
HKLM\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo (PUP.Optional.Elex.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{856AD396-519D-4C7A-BED6-6785F64924BC} (PUP.Optional.GreatArcadeHits.A) -> No action taken.

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D7E97865-918F-41E4-9CD0-25AB1C574CE8} (PUP.Optional.InboxToolBar.A) -> Data: exéבäAœÐ%«WLè -> No action taken.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} (PUP.Optional.InboxToolBar.A) -> Data:  -> No action taken.

Registry Data Items Detected: 4
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Page_URL (PUP.Optional.DoSearches) -> Bad: (http://www.dosearches.com/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=hp&from=tugs&uid=WDCXWD2500JS-75NCB1_WD-WCANK189356893568&ts=1383945983) Good: (http://www.google.com) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Page_URL (PUP.Optional.DoSearches) -> Bad: (http://www.dosearches.com/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=hp&from=tugs&uid=WDCXWD2500JS-75NCB1_WD-WCANK189356893568&ts=1383945983) Good: (http://www.google.com) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.DoSearches) -> Bad: (http://www.dosearches.com/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=hp&from=tugs&uid=WDCXWD2500JS-75NCB1_WD-WCANK189356893568&ts=1383945983) Good: (http://www.google.com) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|DefaultScope (PUP.Optional.Qone8) -> Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}) Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}) -> No action taken.

Folders Detected: 2
C:\Documents and Settings\bob\Start Menu\Programs\GreatArcadeHits (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Documents and Settings\bob\Local Settings\Application Data\GreatArcadeHits (PUP.Optional.GreatArcadeHits.A) -> No action taken.

Files Detected: 13
C:\Documents and Settings\bob\Local Settings\Application Data\GreatArcadeHits\GreatArcadeHitsIE.dll (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\RECYCLER\S-1-5-21-1182905458-139579374-4073466077-1005\Dc1.exe (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Documents and Settings\bob\Start Menu\Programs\GreatArcadeHits\Play Games online on GreatArcadeHits.com.url (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Documents and Settings\bob\Start Menu\Programs\GreatArcadeHits\Uninstall GreatArcadeHits.lnk (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Program Files\Mozilla Firefox\browser\searchplugins\dosearches.xml (PUP.Optional.DoSearches.A) -> No action taken.
C:\Documents and Settings\bob\Local Settings\Application Data\GreatArcadeHits\application.ico (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Documents and Settings\bob\Local Settings\Application Data\GreatArcadeHits\cookies.js (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Documents and Settings\bob\Local Settings\Application Data\GreatArcadeHits\gahff.xpi (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Documents and Settings\bob\Local Settings\Application Data\GreatArcadeHits\GAHUninstaller.exe (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Documents and Settings\bob\Local Settings\Application Data\GreatArcadeHits\GAHUpdate.exe (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Documents and Settings\bob\Local Settings\Application Data\GreatArcadeHits\Play Games online on GreatArcadeHits.com.url (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Documents and Settings\bob\Local Settings\Application Data\GreatArcadeHits\premium.pem (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Documents and Settings\bob\Local Settings\Application Data\GreatArcadeHits\static.js (PUP.Optional.GreatArcadeHits.A) -> No action taken.

(end)

--------------------------------------------------

MiniToolBox by Farbar  Version: 13-07-2013
Ran by bob (administrator) on 19-11-2013 at 13:12:33
Running from "C:\Documents and Settings\bob\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1       localhost
127.0.0.1    babe.the-killer.bz
127.0.0.1    www.babe.the-killer.bz
127.0.0.1    babe.k-lined.com
127.0.0.1    www.babe.k-lined.com
127.0.0.1    did.i-used.cc
127.0.0.1    www.did.i-used.cc
127.0.0.1    coolwwwsearch.com
127.0.0.1    www.coolwwwsearch.com
127.0.0.1    coolwebsearch.com
127.0.0.1    www.coolwebsearch.com
127.0.0.1    hi.studioaperto.net
127.0.0.1    www.hi.studioaperto.net
127.0.0.1    wazzupnet.com
127.0.0.1    www.wazzupnet.com
127.0.0.1    gueb.com
127.0.0.1    www.gueb.com
127.0.0.1    kabex.com
127.0.0.1    www.kabex.com

There are 15058 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Intel® PRO/100 VE Network Connection = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration         
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=NONE
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



        Host Name . . . . . . . . . . . . : bobalu

        Primary Dns Suffix  . . . . . . . :

        Node Type . . . . . . . . . . . . : Hybrid

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No

        DNS Suffix Search List. . . . . . : dslextreme.com



Ethernet adapter Local Area Connection:



        Connection-specific DNS Suffix  . : dslextreme.com

        Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

        Physical Address. . . . . . . . . : 00-12-3F-BC-83-01

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 10.0.1.2

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . : 10.0.1.1

        DHCP Server . . . . . . . . . . . : 10.0.1.1

        DNS Servers . . . . . . . . . . . : 10.0.1.1

        Lease Obtained. . . . . . . . . . : Tuesday, November 19, 2013 12:49:29 PM

        Lease Expires . . . . . . . . . . : Wednesday, November 20, 2013 12:49:29 PM

Server:  UnKnown
Address:  10.0.1.1

Name:    google.com
Addresses:  74.125.224.78, 74.125.224.64, 74.125.224.65, 74.125.224.66
      74.125.224.67, 74.125.224.68, 74.125.224.69, 74.125.224.70, 74.125.224.71
      74.125.224.72, 74.125.224.73



Pinging google.com [74.125.224.78] with 32 bytes of data:



Reply from 74.125.224.78: bytes=32 time=47ms TTL=58

Reply from 74.125.224.78: bytes=32 time=11ms TTL=58



Ping statistics for 74.125.224.78:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 11ms, Maximum = 47ms, Average = 29ms

Server:  UnKnown
Address:  10.0.1.1

Name:    yahoo.com
Addresses:  206.190.36.45, 98.138.253.109, 98.139.183.24



Pinging yahoo.com [206.190.36.45] with 32 bytes of data:



Reply from 206.190.36.45: bytes=32 time=121ms TTL=50

Reply from 206.190.36.45: bytes=32 time=171ms TTL=50



Ping statistics for 206.190.36.45:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 121ms, Maximum = 171ms, Average = 146ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Reply from 127.0.0.1: bytes=32 time<1ms TTL=64



Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 12 3f bc 83 01 ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         10.0.1.1        10.0.1.2      30
         10.0.1.0    255.255.255.0         10.0.1.2        10.0.1.2      30
         10.0.1.2  255.255.255.255        127.0.0.1       127.0.0.1      30
   10.255.255.255  255.255.255.255         10.0.1.2        10.0.1.2      30
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1      1
        224.0.0.0        240.0.0.0         10.0.1.2        10.0.1.2      30
  255.255.255.255  255.255.255.255         10.0.1.2        10.0.1.2      1
Default Gateway:          10.0.1.1
===========================================================================
Persistent Routes:
  None

========================= Event log errors: ===============================

Application errors:
==================

System errors:
=============
Error: (11/19/2013 01:00:31 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.161.2244.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.4.0304.00

    Source Path: 4.4.0304.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (11/19/2013 01:00:31 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.161.2244.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.4.0304.00

    Source Path: 4.4.0304.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (11/19/2013 01:00:31 PM) (Source: Service Control Manager) (User: )
Description: The @%SystemRoot%\system32\qmgr.dll,-1000 service failed to start due to the following error:
%%1290

Error: (11/19/2013 01:00:31 PM) (Source: Service Control Manager) (User: )
Description: The @%SystemRoot%\system32\qmgr.dll,-1000 service failed to start due to the following error:
%%1290

Error: (11/19/2013 01:00:31 PM) (Source: Service Control Manager) (User: )
Description: The @%SystemRoot%\system32\qmgr.dll,-1000 service failed to start due to the following error:
%%1290

Error: (11/19/2013 01:00:31 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1290" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}

Error: (11/19/2013 01:00:31 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1290" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}

Error: (11/19/2013 01:00:31 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1290" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}

Error: (11/19/2013 00:49:42 PM) (Source: Service Control Manager) (User: )
Description: The @%SystemRoot%\system32\qmgr.dll,-1000 service failed to start due to the following error:
%%1290

Error: (11/19/2013 00:49:42 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SASDIFSV
SASKUTIL


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 7.1.8)
ACDSee Classic
Adobe Flash Player 11 ActiveX (Version: 11.9.900.152)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Shockwave Player 11.6 (Version: 11.6.8.638)
AI RoboForm
AirPort (Version: 5.5.3.2)
Apple Application Support (Version: 2.3)
Apple Mobile Device Support (Version: 3.3.0.69)
Apple Software Update (Version: 2.1.3.127)
ATI - Software Uninstall Utility (Version: 6.14.10.1014)
ATI Control Panel (Version: 6.14.10.5183)
ATI Display Driver (Version: 8.23-060209a1-030546C-Dell)
AusLogics Disk Defrag (Version: version 1.4)
Belarc Advisor 7.2
Bonjour (Version: 2.0.5.0)
Bonjour Print Services (Version: 2.0.2.0)
CCleaner (Version: 3.27)
Comodo BackUp (Version: 1.0.4.337)
COMODO Firewall Pro (Version: 3.0.25.378)
Corel Business Applications
Corel Photo Album 6 (Version: 6.31)
Creative Audio Console
Creative MediaSource (Version: 3.00)
Critical Update for Windows Media Player 11 (KB959772)
Dell Driver Download Manager (Version: 3.0.0.0)
Dell Driver Reset Tool (Version: 1.02.0000)
Dell Support 3.2.1 (Version: 5.5.2094)
Dell Support Center (Support Software) (Version: 2.2.08100)
Dell System Restore (Version: 2.00.0000)
DellConnect (Version: 1.00.522)
DeviceDiscovery (Version: 120.0.194.000)
DFX for Windows Media Player (Version: 8.501.0.0)
DMUninstaller
Dropbox (Version: 2.0.22)
ELIcon (Version: 1.00.0000)
EMET (Tech Preview) (Version: 3.5.0)
ERUNT 1.1j
Final Draft 5
Final Draft 7 (Version: 7.1.1.19)
Google Chrome (Version: 24.0.1312.57)
Google Update Helper (Version: 1.3.21.123)
GoToAssist 8.0.0.514
GPBaseService2 (Version: 130.0.371.000)
HD Tune 2.54
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000)
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
HiJackThis (Version: 1.0.0)
HP FWUpdateEDO2 (Version: 1.2.0.0)
HP Photo Creations (Version: 1.0.0.5192)
HP Photosmart 5510 series Basic Device Software (Version: 25.0.621.0)
HP Photosmart 5510 series Help (Version: 140.0.2.2)
HP Photosmart 5510 series Product Improvement Study (Version: 25.0.621.0)
HP Product Detection (Version: 11.14.0001)
HP Update (Version: 5.003.001.001)
HPDiagnosticAlert (Version: 1.00.0000)
HPProductAssistant (Version: 130.0.371.000)
HPSSupply (Version: 120.0.194.000)
IE New Window Maximizer 2.4
Image Resizer Powertoy for Windows XP (Version: 1.00.0001)
Intel® 537EP V9x DF PCI Modem
Intel® PRO Network Connections Drivers
Intel® PROSet for Wired Connections (Version: 9.20.0000)
Internet Explorer (Enable DEP)
iPhone Configuration Utility (Version: 2.1.0.163)
iTunes (Version: 10.1.1.4)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
jv16 PowerTools 1.3
Logitech Updater (Version: 1.70)
Logitech Vid (Version: 1.10.1009)
Logitech Webcam Software (Version: 12.10.1113)
Logitech Webcam Software Driver Package (Version: 12.10.1110)
MarketResearch (Version: 120.0.226.000)
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.0 Security Update (KB2698035)
Microsoft .NET Framework 1.0 Security Update (KB2742607)
Microsoft .NET Framework 1.0 Security Update (KB2833951)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Automated Troubleshooting Services Shim
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Baseline Security Analyzer 2.0 (Version: 2.0.5029.2)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Fix it Center (Version: 1.0.0090)
Microsoft IntelliPoint 4.1 (Version: 4.10.0851)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Security Client (Version: 4.4.0304.0)
Microsoft Security Essentials (Version: 4.4.304.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Windows XP Video Decoder Checkup Utility
MobileMe Control Panel (Version: 2.6.0.29)
Modem Event Monitor
Modem Helper (Version: 2.40)
Modem On Hold (Version: 1.12)
Move Networks Media Player for Internet Explorer
Movie Magic Screenwriter Demo (Version: 4.6.05)
Mozilla Firefox 25.0.1 (x86 en-US) (Version: 25.0.1)
Mozilla Maintenance Service (Version: 25.0.1)
MSN
MSVCSetup (Version: 1.00.0000)
MSXML 4.0 SP2 (KB925672) (Version: 4.20.9839.0)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)
Nitro Reader 3 (Version: 3.5.2.10)
NTREGOPT 1.1j
Octoshape add-in for Adobe Flash Player
Olympus Digital Wave Player
overland (Version: 2.1.5)
PDF Download for Internet Explorer (Version: 3.0.0)
Photo Loader 2.3E
PowerDVD 5.9
Qualxserve Service Agreement (Version: 1.11.0000)
QuickTime (Version: 7.73.80.64)
Recuva (remove only)
RegSupreme 1.3
Revo Uninstaller 1.89 (Version: 1.89)
SanDiskSecureAccess_Manager.exe (Version: 1.1.19269)
Skype™ 5.8 (Version: 5.8.156)
SmartWebPrinting (Version: 140.0.186.000)
SolutionCenter (Version: 130.0.373.000)
Sonic Audio module (Version: 2.0.0.1)
Sonic DLA (Version: 4.98)
Sonic Encoders (Version: 1.00)
Sonic RecordNow Data (Version: 2.0.0.1)
Sonic RecordNow! (Version: 7.3)
Sound Blaster for Media Center
Sound Blaster X-Fi (Version: 1.0)
SpeedFan (remove only)
Spybot - Search & Destroy (Version: 1.6.2)
Status (Version: 120.0.194.000)
swMSM (Version: 12.0.0.1)
System Requirements Lab for Intel (Version: 4.3.13.0)
TrayApp (Version: 120.0.194.000)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2362765) (Version: 1)
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows Internet Explorer 8 (KB973874) (Version: 1)
Update for Windows Internet Explorer 8 (KB975364) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB978506) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows Internet Explorer 8 (KB980302) (Version: 1)
Update for Windows Internet Explorer 8 (KB982632) (Version: 1)
Update for Windows Internet Explorer 8 (KB982664) (Version: 1)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676-v2) (Version: 2)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update Rollup 2 for Windows XP Media Center Edition 2005
User Profile Hive Cleanup Service (Version: 1.6.36)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
VoptXP v7.22
WebCyberCoach 3.2 Dell
WebFldrs XP (Version: 9.50.7523)
Webshots Desktop
Windows 7 Upgrade Advisor (Version: 2.0.5000.0)
Windows Backup Utility (Version: 5.1)
Windows Defender Signatures (Version: 1.20.0.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.7.0017.0)
Windows Genuine Advantage v1.3.0254.0 (Version: 1.3.0254.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Imaging Component (Version: 3.0.0.0)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 10 (Version: 9.00.3636)
Windows Media Player 10 Hotfix [see EmeraldQFE2 for more information]
Windows Presentation Foundation (Version: 3.0.6920.0)
Windows Rights Management Client Backwards Compatibility SP2 (Version: 5.2.95)
Windows Rights Management Client with Service Pack 2 (Version: 5.2.95)
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3 (Version: 20080414.031525)
WinPatrol 2007 (Version: 14.0.2007.1)
WinPcap 4.1.2 (Version: 4.1.0.2001)
WinZip (Version:  9.0 SR-1 (6224))
WordWeb (Version: 6)
XML Paper Specification Shared Components Pack 1.0
Yahoo! Toolbar

========================= Memory info: ===================================

Percentage of memory in use: 25%
Total physical RAM: 2046.07 MB
Available physical RAM: 1521.59 MB
Total Pagefile: 3938.81 MB
Available Pagefile: 3486.4 MB
Total Virtual: 2047.88 MB
Available Virtual: 1973.65 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:227.87 GB) (Free:202.09 GB) NTFS

========================= Users: ========================================

User accounts for \\BOBALU

Administrator            bob                      Guest                    
HelpAssistant            marie                    SUPPORT_388945a0         

========================= Minidump Files ==================================

No minidump file found


**** End of log ****
 

Share this post


Link to post
Share on other sites

Hello

Copying and Pasting is a basic thing that I am sure you know how to do.  Why did you not paste and do the OTL FIX  that I layed out for you before ?

Now, then, also, did you read all of the MBAM scan log and study it?
Did you see all the lines that had "No action taken"?
such as these  as some examples

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Page_URL (PUP.Optional.DoSearches) -> Bad: (http://www.dosearche...8&ts=1383945983) Good: (http://www.google.com) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Page_URL (PUP.Optional.DoSearches) -> Bad: (http://www.dosearche...8&ts=1383945983) Good: (http://www.google.com) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.DoSearches) -> Bad: (http://www.dosearche...8&ts=1383945983) Good: (http://www.google.com) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|DefaultScope (PUP.Optional.Qone8) -> Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}) Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}) -> No action taken.

a) you needed to select ALL lines listed by MBAM so that it would have deleted all items that it tagged.
While these are PUP items
these are the very pests Dosearche that you reported as your base issue.

PUP detections are Potentially Unwanted Programs. These are programs our researchers have found are sometimes added to a system without the user's knowledge or approval.

The default action for PUP detections is 'Show in results list and do not check for removal."

If you want Malwarebytes Anti-Malware to remove PUP detections, each item must be checked.
To do so quickly, you can highlight one of the detections by left clicking on it. Then, right click on the highlighted detection, and select 'Check all items'. Next, click Remove Selected.

That should address the PUP entries.

Thus, do a complete new run of MBAM and select ALL items for Removal.

First, Close all internet browsers at this point.  If need be print out this section for your offline easy reference.

Start your MBAM MalwareBytes' Anti-Malware.
Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.
Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

look down the screen to Action for potentially unwanted programs  PUP  &    <<__Very Important
look down the screen to Action for potentially unwanted modifications PUM &
Action for peer-to-peer software  P2P

For each one of the 3  ( do one at a time for Each one )
 select "Show in  results list and check for removal"  from the drop down (arrow) selections.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.
Do a QUICK Scan.   

When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

When all done, ATTACH the MBAM scan log into a new reply for my review.

Your IE browser had at least 2 PUP.Optional.DoSearches  --- these are search hijackers
a) DoSearch
b) Qone8

Hopefully these will be gone after the new MBAM run.
But I still would like for you to go back, re-review the OTL FIX part  and do that part.

Share this post


Link to post
Share on other sites

Hello Maurice,

I did the Mbam and got rid of the pups. I ran OTL and there are do searches on it. I wanted you to check out the log and tell me which ones I should remove, HOWEVER, what makes this so damn difficult is that no matter how many different ways I try to copy/paste the logs into my replies - and no matter which browser I use - it doesn't work! As I said before, it's strange because I can copy/paste within my OS. Is there a way I can send the logs to you as an attachment?

Or better yet if you have a solution to my paste problem with notepad..Thanx for your patience.

Share this post


Link to post
Share on other sites

Hello Bobalu,

The default uploader allows you to upload attachments one at a time.

To begin, once your browser is position to this topic, Scroll Down to find the ‘Reply to this topic’ section.

Click on the [More Reply Options] button at bottom right of screen.

more-reply-options-please-dont-leech.jpg

A blank page will appear where you can add your text comment and remarks.

At the bottom you will find the [Choose Files] button.

choose-files1-please-dont-leech.jpg?w=61

Click on the [Choose Files] button.

A dialog/navigation window will appear for you to select the file on your computer that you want to attach.

Navigate to the location of the file, Select the file you want ( by clicking it once in the Windows dialog) to upload as an attachment.

and press Open button .

Review your text message-reply, and insure the file is attached  ( should have a paper-clip icon ).

When all set, Click on the [Add Reply] button.

add-reply.jpg?resize=271%2C62

Share this post


Link to post
Share on other sites

Hi Maurice,

Well that works. Thank you. I noticed that "dosearches" is still in my IE 8 browser also saw a registry key in Firefox call "Great Arcade" that was removed by MBAM an earlier time. I assume that shouldn't be there either. I'm guessing there are other items that need to go as well. Thanks again for your patience..it's been a bit of an ordeal. Look forward to hearing from you.

Bobalu

mbam-log-2013-11-24 (17-19-01).txt

OTL.Txt

Share this post


Link to post
Share on other sites

Hello Bobalu,

I am confident you do know how to use NOTEPAD and to do basic Copy .... Paste....

but just in case...Instructions to copy and paste:

http://www.bleepingcomputer.com/tutorials/tutorial95.html

You will want to print out or copy the following instructions to Notepad for offline reference!

Temporarily disable your antivirus program and close any programs that you started.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

http://www.bleepingcomputer.com/forums/index.php?showtopic=114351

Download the attached file BobOTL.txt and SAVE to your DESKTOP

Start NOTEPAD

Check and make sure "word wrap" is off.

From Notepad main menu bar, Select F (format) and make sure Word Wrap is NOT checked.

IF it -is- checkmarked, click that one time so that it is un-checked.

Open the BobOTL.txt that you saved.

Copy ALL the lines to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

Please double-click OTL.exe to run it. (Note: If you are running on Windows 7/8 or Vista, right-click on the file and choose Run As Administrator).

Right click in the Custom fix block box (under the aqua-blue bar) and choose Paste.

Close any browser(s) windows that may be open.

Using your mouse, click on the red-lettered button RUN FIX

Once you see a message box "Fix complete! Click OK to open the fix log."

Click the OK button

The log will open in Notepad (your default text editor).

Save the log. Attach that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and ATTACH that document back here in your next post.

Next, then, if and only if there are shortcuts ( .LNK file) to Internet Explorer or say, Chrome / Firefox then delete the .LNK files .

After the OTL Fix run ( as above ) your Internet Explorer should be all clear of the "Dosearches" pest.

Do provide a new status update after all the above is done.

Share this post


Link to post
Share on other sites

Maurice,

Well this is interesting. I don't have clipboard anymore on my system. It used to be in accessories, but it's gone. I did a "search" and it doesn't show up. Could that be the reason I can't paste?

Share this post


Link to post
Share on other sites

Maurice,

Here is the log from OTL. Unfortunately, IE8 and Chrome still have dosearches as my homepage. Should I run hijack This?

All processes killed

========== OTL ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found.

File E:\setup.exe not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: bob

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 0 bytes

User: marie

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService

->Temp folder emptied: 3188 bytes

->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 9601 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 103760 bytes

Total Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: bob

->Flash cache emptied: 0 bytes

User: Default User

User: LocalService

->Flash cache emptied: 0 bytes

User: marie

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: Administrator

User: All Users

User: bob

->Java cache emptied: 0 bytes

User: Default User

User: LocalService

User: marie

User: NetworkService

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 11262013_135957

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Share this post


Link to post
Share on other sites

I just ran HijackThis and the log is below. When I click anylize this on the first 5 registry items it indicates that there is still a problem even though dosearches is named in the registry items. What should I do? Thanks

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 2:49:03 PM, on 11/26/2013

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\COMODO\Firewall\cmdagent.exe

C:\Program Files\Java\jre7\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\UPHClean\uphclean.exe

C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe

C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

C:\Program Files\COMODO\Firewall\cfp.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Siber Systems\AI RoboForm\RoboFormWatcher.exe

C:\Program Files\IE New Window Maximizer\iemaximizer.exe

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dslextreme.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: NitroPDFBHO Class - {CF070CB8-F02F-4af4-A7B7-8D45CAD4BB54} - C:\Program Files\Nitro PDF\PDF Download\NitroPDF.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll

O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"

O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot

O4 - HKLM\..\Run: [intelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h

O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKCU\..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboFormWatcher.exe

O4 - HKCU\..\Run: [iE New Window Maximizer] C:\Program Files\IE New Window Maximizer\iemaximizer.exe

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x09a1 -f video -m logitech -d 11.70.1196.0 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x09a1 -f video -m logitech -d 11.70.1196.0 (User 'Default user')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll

O9 - Extra button: (no name) - {96538116-AB8C-4879-9F21-BD2BFE22A414} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Enable/Disable PDF Download for this site - {96538116-AB8C-4879-9F21-BD2BFE22A414} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: (no name) - {AD9E6088-E00B-42f9-9F0C-8480525D234E} - C:\Program Files\Nitro PDF\PDF Download\NitroPDF.dll

O9 - Extra 'Tools' menuitem: PDF Download - Options - {AD9E6088-E00B-42f9-9F0C-8480525D234E} - C:\Program Files\Nitro PDF\PDF Download\NitroPDF.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\WINDOWS\system32\shdocvw.dll (HKCU)

O9 - Extra button: PDF Download - {F1C0FD6C-A6A0-49a7-A932-71A56461867F} - C:\Program Files\Nitro PDF\PDF Download\NitroPDF.dll (HKCU)

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - https://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB

O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1351542115015

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab

O16 - DPF: {682C59F5-478C-4421-9070-AD170D143B77} (Launcher Class) - http://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1351498381057

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab

O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.13.0.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll

O20 - Winlogon Notify: GoToAssist - Invalid registry found

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe

O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe

O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - LxrSII1s.exe (file missing)

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: NitroPDFReaderDriverCreatorReadSpool3 (NitroReaderDriverReadSpool3) - Nitro PDF Software - C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe

O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: User Profile Hive Cleanup (UPHClean) - Windows ® Codename Longhorn DDK provider - C:\Program Files\UPHClean\uphclean.exe

--

End of file - 9165 bytes

Share this post


Link to post
Share on other sites

Hello,

A) Hijackthis is rarely used anymore, these days. "which" " first 5 registry items" are you referring to?

b)

Download and SAVE Shortcut Cleaner to your Desktop from http://www.bleepingcomputer.com/download/shortcut-cleaner/

On Windows 7 / 8 / Vista, do a Right-click on it and select Run as Administrator.

On Windows XP, double-click to start.

When all done, Copy & Paste the contents of "sc-cleaner.txt"into a reply.

c) The do-search pest should be gone now. If there are any remains of it, they would be minimal to non-effective.

Next, a new run of OTL

Locate the OTL.exe on your Desktop

Double-click OTL.exe otlDesktopIcon.png to start it.

Look at the upper left of window. Press the pink color Quick Scan button.

Have patience while it runs.

It will produce a new log. Save it.

Attach the new OTL.txt in your reply

Share this post


Link to post
Share on other sites

Hi Maurice,

Well, it seems I've finally gotten rid of the "dosearches' browser hijacker. Thank you for your patience.

Share this post


Link to post
Share on other sites

Hello Bobalu,

Very good. I just need for you to do this cleanup step to remove some tools I had you use.

First, close any open work documents & any open work apps.

Download & Save OTC to your desktop and then run it

http://oldtimer.geekstogo.com/OTC.exe

Click "Yes" to beginning the Cleanup process and remove these components, including this application.

You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

NOTES:

Suggestions that you should follow:

Get and put in place our beta Anti-Exploit

http://www.malwarebytes.org/products/antiexploit/

Safer practices & malware prevention

Have a hardware router between the incoming internet-modem and your computer.

Use a Standard user account rather than an administrator-rights account when "surfing" the web.

See more info on Corrine's SecurityGarden Blog http://securitygarden.blogspot.com/p/blog-page_7.html

Configure your Antivirus software to check for updates daily, at a time in which you are sure the computer will be on.

Check in at http://windowsupdate.microsoft.com]Windows Update and install any Important Updates offered.

Make certain that Automatic Updates is enabled.

How to configure and use Automatic Updates in Windows

http://support.microsoft.com/kb/306525

Pay close attention when installing 3rd-party programs. It is important that you pay attention to the license agreements and installation screens when installing anything off of the Internet. If an installation screen offers you Custom or Advanced installation options, it is a good idea to select these as they will typically disclose what other 3rd party software will also be installed. Furthermore, If the license agreement or installation screens state that they are going to install a toolbar or other unwanted adware, it is advised that you cancel the install and not use the free software.

Check on other update issues as well, by getting, installing and using Secunia Personal Software Inspector (PSI) on a monthly basis.

See How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector

http://www.bleepingcomputer.com/tutorials/tutorial174.html

Download, install, and keep updated Spyware Blaster (free): http://www.brightfort.com/spywareblaster.html

(all Protections should be enabled at all times)

Tutorial for Spywareblaster: Using SpywareBlaster to protect your computer from Spyware, Hijackers, and Malware

http://www.bleepingcomputer.com/tutorials/use-spywareblaster-to-protect-your-computer/

I'd recommend that you get and use MVP Mike Burgess' custom hosts file http://mvps.org/winhelp2002/hosts.htm

See the FAQ page http://mvps.org/winhelp2002/hostsfaq.htm

That would help to keep your browser away from known spyware/malware sites.

Get notified when the MVPS HOSTS file is updated

http://winhelp2002.mvps.org/updates.htm

Make regular backups of your system to removable media: DVD, USB external hard drive, etc.

Having a total image backup of your system stored on DVD/CD is highly important.

Get and make use of imaging-backup utilities and save them to offline media. That way you have something to fall back to if a disaster hits.

Consider using Web of Trust WOT add-on for your browser(s)

http://www.mywot.com/en/download

http://www.mywot.com/en/faq/add-on

Take extreme care if you share USB-flash/thumb drives from other people {even from friends, roommates, relatives}

Don't plug in an unknown flash/thumb drive into your PC.

IF you must do so, hold down the SHIFT-key when you insert the drive.

Scan any file with your Antivirus prior to opening or using.

I wish you well.

Regards,

Maurice Naggar

Product Support

Malwarebytes Corporation

Crushes malware. Restores confidence.

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.