Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

my search dial. Makware/virus????


  • Please log in to reply
24 replies to this topic

#1 WILD RACING

WILD RACING

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:17 AM

Posted 25 December 2013 - 06:14 PM

I can't seem to get rid of My Search Dial on my kids laptop.  The PC is an IBM thinkpad running XP SP3.

 

I have gone into add/remove programs and deleted it from there but it still shows as her home page on Google Chrome.  I tried to reset the home page but it still comes up.

 

I even ran an AVG scan as well as a MalwareBytes scan and neither got rid of it



BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:10:17 AM

Posted 25 December 2013 - 07:44 PM

Is this a different computer then one listed here: http://www.bleepingcomputer.com/forums/t/517500/svchostexe-running-all-the-time/page-3

#3 WILD RACING

WILD RACING
  • Topic Starter

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:17 AM

Posted 25 December 2013 - 08:13 PM

Yes, a different computer.  I apologize if I didn't make that clear



#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:10:17 AM

Posted 25 December 2013 - 08:18 PM

Run the same scans as in your other thread, and have the popups stopped on that computer?

#5 WILD RACING

WILD RACING
  • Topic Starter

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:17 AM

Posted 25 December 2013 - 08:26 PM

Yes, everything seems fine with the other PC thanks. 

 

I'm working on the scans now and will post the results when finished

 

.

Merry Christmas and thanks for your help



#6 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:10:17 AM

Posted 25 December 2013 - 08:29 PM

Your are welcome.

#7 WILD RACING

WILD RACING
  • Topic Starter

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:17 AM

Posted 25 December 2013 - 08:37 PM

Here's the minitool box log.  Please advise if there are any other scans I should do.

 

MiniToolBox by Farbar  Version: 18-12-2013
Ran by User (administrator) on 25-12-2013 at 20:32:00
Running from "C:\Documents and Settings\User\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

 

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1       localhost

========================= IP Configuration: ================================

Intel® PRO/Wireless 3945ABG Network Connection = Wireless Network Connection (Connected)
Intel® PRO/1000 PL Network Connection = Local Area Connection (Media disconnected)

# ----------------------------------
# Interface IP Configuration        
# ----------------------------------
pushd interface ip

# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

popd
# End of interface IP configuration

 

Windows IP Configuration

 

        Host Name . . . . . . . . . . . . : LENOVO-C453AFAC

        Primary Dns Suffix  . . . . . . . :

        Node Type . . . . . . . . . . . . : Unknown

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No

        DNS Suffix Search List. . . . . . : wowway.com

 

Ethernet adapter Wireless Network Connection:

 

        Connection-specific DNS Suffix  . : wowway.com

        Description . . . . . . . . . . . : Intel® PRO/Wireless 3945ABG Network Connection

        Physical Address. . . . . . . . . : 00-19-D2-04-F1-77

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 192.168.33.110

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . : 192.168.33.1

        DHCP Server . . . . . . . . . . . : 192.168.33.1

        DNS Servers . . . . . . . . . . . : 64.233.214.34

                                            64.233.214.41

                                            192.168.33.1

        Lease Obtained. . . . . . . . . . : Wednesday, December 25, 2013 4:12:19 PM

        Lease Expires . . . . . . . . . . : Thursday, December 26, 2013 4:12:19 PM

 

Ethernet adapter Local Area Connection:

 

        Media State . . . . . . . . . . . : Media disconnected

        Description . . . . . . . . . . . : Intel® PRO/1000 PL Network Connection

        Physical Address. . . . . . . . . : 00-16-41-E1-50-08

Server:  clv11-dns1.clv.wideopenwest.com
Address:  64.233.214.34

Name:    google.com
Addresses:  64.53.251.31, 64.53.251.27, 64.53.251.26, 64.53.251.46
   64.53.251.16, 64.53.251.49, 64.53.251.37, 64.53.251.24, 64.53.251.48
   64.53.251.35, 64.53.251.20, 64.53.251.53, 64.53.251.59, 64.53.251.57
   64.53.251.42, 64.53.251.38

 

Pinging google.com [64.53.251.49] with 32 bytes of data:

 

Reply from 64.53.251.49: bytes=32 time=20ms TTL=60

Reply from 64.53.251.49: bytes=32 time=11ms TTL=60

 

Ping statistics for 64.53.251.49:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 11ms, Maximum = 20ms, Average = 15ms

Server:  clv11-dns1.clv.wideopenwest.com
Address:  64.233.214.34

Name:    yahoo.com
Addresses:  98.138.253.109, 98.139.183.24, 206.190.36.45

 

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:

 

Request timed out.

Reply from 98.139.183.24: bytes=32 time=329ms TTL=48

 

Ping statistics for 98.139.183.24:

    Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),

Approximate round trip times in milli-seconds:

    Minimum = 329ms, Maximum = 329ms, Average = 329ms

 

Pinging 127.0.0.1 with 32 bytes of data:

 

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

 

Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 19 d2 04 f1 77 ...... Intel® PRO/Wireless 3945ABG Network Connection - Packet Scheduler Miniport
0x3 ...00 16 41 e1 50 08 ...... Intel® PRO/1000 PL Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     192.168.33.1  192.168.33.110   25
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1   1
     192.168.33.0    255.255.255.0   192.168.33.110  192.168.33.110   25
   192.168.33.110  255.255.255.255        127.0.0.1       127.0.0.1   25
   192.168.33.255  255.255.255.255   192.168.33.110  192.168.33.110   25
        224.0.0.0        240.0.0.0   192.168.33.110  192.168.33.110   25
  255.255.255.255  255.255.255.255   192.168.33.110               3   1
  255.255.255.255  255.255.255.255   192.168.33.110  192.168.33.110   1
Default Gateway:      192.168.33.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/19/2013 07:53:13 PM) (Source: Application Hang) (User: )
Description: Hanging application chrome.exe, version 31.0.1650.63, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/15/2013 10:27:41 AM) (Source: Application Hang) (User: )
Description: Hanging application Weather.exe, version 6.8.0.9, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/15/2013 10:27:41 AM) (Source: Application Hang) (User: )
Description: Hanging application Weather.exe, version 6.8.0.9, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/15/2013 10:27:41 AM) (Source: Application Hang) (User: )
Description: Hanging application Weather.exe, version 6.8.0.9, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/04/2013 06:14:32 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (12/04/2013 06:14:31 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved

Error: (11/21/2013 05:55:05 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

Error: (11/19/2013 08:30:45 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

Error: (11/19/2013 08:30:45 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

Error: (11/19/2013 08:30:23 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

System errors:
=============
Error: (12/19/2013 05:09:41 PM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 15 minutes.
NtpClient has no source of accurate time.

Error: (12/19/2013 05:09:41 PM) (Source: W32Time) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Error: (12/19/2013 05:09:41 PM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Error: (12/19/2013 05:09:41 PM) (Source: W32Time) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Error: (12/15/2013 11:48:52 AM) (Source: Service Control Manager) (User: )
Description: The IPS Core Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/14/2013 00:41:03 PM) (Source: DCOM) (User: LENOVO-C453AFAC)
Description: The server {66B093B7-B5E3-4CFE-B32B-FEB55F172481} did not register with DCOM within the required timeout.

Error: (12/05/2013 03:49:38 PM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 192.168.33.110 on the
Network Card with network address 0019D204F177.

Error: (11/27/2013 02:46:36 PM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 192.168.33.110 on the
Network Card with network address 0019D204F177.

Error: (09/08/2013 11:42:17 AM) (Source: DCOM) (User: LENOVO-C453AFAC)
Description: The server {A02ED9E9-8D36-473A-98ED-C253A40765DE} did not register with DCOM within the required timeout.

Error: (09/08/2013 11:41:41 AM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 192.168.1.4 on the
Network Card with network address 0019D204F177.

Microsoft Office Sessions:
=========================
Error: (12/19/2013 07:53:13 PM) (Source: Application Hang)(User: )
Description: chrome.exe31.0.1650.63hungapp0.0.0.000000000

Error: (12/15/2013 10:27:41 AM) (Source: Application Hang)(User: )
Description: Weather.exe6.8.0.9hungapp0.0.0.000000000

Error: (12/15/2013 10:27:41 AM) (Source: Application Hang)(User: )
Description: Weather.exe6.8.0.9hungapp0.0.0.000000000

Error: (12/15/2013 10:27:41 AM) (Source: Application Hang)(User: )
Description: Weather.exe6.8.0.9hungapp0.0.0.000000000

Error: (12/04/2013 06:14:32 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (12/04/2013 06:14:31 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe server name or address could not be resolved

Error: (11/21/2013 05:55:05 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (11/19/2013 08:30:45 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (11/19/2013 08:30:45 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (11/19/2013 08:30:23 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

=========================== Installed Programs ============================

Access Help (Version: 1.00)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170)
Adobe Reader 7.0 (Version: 7.0.0)
Adobe Shockwave Player 11.6 (Version: 11.6.3.633)
ATI - Software Uninstall Utility (Version: 6.14.10.1014)
ATI Catalyst Control Center (Version: 1.2.2180.38582)
ATI Display Driver (Version: 8.204-051220a1-029804C-Lenovo)
ATI HYDRAVISION (Version: 3.25.0006)
AVG 2014 (Version: 14.0.3658)
AVG 2014 (Version: 14.0.4259)
AVG 2014 (Version: 2014.0.4259)
CCleaner (Version: 3.02)
Crayons Color and Paint Studio
Diskeeper Lite (Version: 9.0.535)
Google Chrome (Version: 31.0.1650.63)
Google Desktop (Version: -)
Google Desktop (Version: 3.2005.1208.1655)
Google Toolbar for Internet Explorer
Help Center (Version: 1.03)
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
HP Deskjet 3840 (Version: 1.00.0000)
HP Deskjet 3840 Series
IBM 32-bit Runtime Environment for Java 2, v1.4.2 (Version: 1.4.2)
Intel® PRO Network Connections Drivers
Intel® PROSet/Wireless Software
InterVideo WinDVD (Version: 5.0-B11.300)
Java Auto Updater (Version: 2.1.6.0)
Java™ 7 Update 3 (Version: 7.0.30)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
mCore (Version: 5.30.0000)
mDriver (Version: 5.30.0000)
Message Center (Version: 1.03)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Picture It! Photo Premium 9 (Version: 9.0.0.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Word 2002 (Version: 10.0.2627.01)
Microsoft Works (Version: 07.03.0719)
Microsoft Works 2004 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word (Version: 7.0.0.0000)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
mMHouse (Version: 5.30.0000)
Mozilla Firefox (3.6.13) (Version: 3.6.13 (en-US))
mPfMgr (Version: 5.30.0000)
mProSafe (Version: 9.00.0000)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
mWlsSafe (Version: 9.00.0000)
mXML (Version: 5.30.0000)
OpenOffice.org 3.2 (Version: 3.2.9502)
Productivity Center Supplement for ThinkPad (Version: 1.01)
QuickTime (Version: 7.73.80.64)
RecordNow Audio (Version: 2.0.4)
RecordNow Copy (Version: 2.0.4)
RecordNow Data (Version: 2.0.4)
Remove Multimedia Center
Rescue and Recovery - Client Security Solution (Version: 3.01.0037.00)
Software Installer (Version: 3.21.0601)
Sonic DLA (Version: 5.1.0)
Sonic Express Labeler (Version: 2.1.0)
Sonic Update Manager (Version: 3.0.0)
SoundMAX (Version: 5.10.01.4270)
swMSM (Version: 12.0.0.1)
System Migration Assistant (Version: 5.02.0014)
ThinkPad Configuration (Version: 1.51)
ThinkPad EasyEject Utility  (Version: 2.22)
ThinkPad FullScreen Magnifier (Version: 1.16)
ThinkPad Keyboard Customizer Utility (Version: 1.3.22.0)
ThinkPad Modem (Version: 7.39.00.50)
ThinkPad PC Card Power Policy (Version: 1.02)
ThinkPad Power Management Driver (Version: 1.33)
ThinkPad Power Manager (Version: 1.12)
ThinkPad Presentation Director (Version: 2.41b)
ThinkPad UltraNav Driver (Version: 7.5.17.18)
ThinkPad UltraNav Wizard (Version: 3.03)
ThinkVantage Access Connections (Version: 4.12)
ThinkVantage Active Protection System (Version: 1.40)
ThinkVantage Away Manager (Version: 1.0.9.0)
ThinkVantage Fingerprint Software 5.4 (Version: 5.4.0.2659)
ThinkVantage Productivity Center (Version: 1.02)
ThinkVantage System Update (Version: 1.00.120)
ThinkVantage Technologies Welcome Message (Version: 1.12)
TrackPoint Accessibility Features (Version: 1.11.0.0)
Unity Web Player (Version: )
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Update for Windows XP (KB2904266) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1)
Wallpapers (Version: 2.0)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Connect
Windows Media Connect (Version: 1.0.0.0)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3 (Version: 20080414.031525)
XP Themes (Version: 1.00.0000)

========================= Memory info: ===================================

Percentage of memory in use: 48%
Total physical RAM: 2046.36 MB
Available physical RAM: 1047.33 MB
Total Pagefile: 3427.79 MB
Available Pagefile: 2563.81 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.48 MB

========================= Partitions: =====================================

1 Drive c: (IBM_PRELOAD) (Fixed) (Total:50.79 GB) (Free:35.64 GB) NTFS
3 Drive r: (SECUREDRIVE) (Removable) (Total:0.1 GB) (Free:0.1 GB) FAT

========================= Users: ========================================

User accounts for \\LENOVO-C453AFAC

Administrator            ASPNET                   Guest                   
HelpAssistant            SUPPORT_388945a0         User                    

**** End of log ****



#8 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:10:17 AM

Posted 25 December 2013 - 09:17 PM

I would recommend downloading the latest Adobe Reader from http://www.adobe.com and install it. You are using a grossly outdated version, which could lead to exploitation.

#9 WILD RACING

WILD RACING
  • Topic Starter

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:17 AM

Posted 25 December 2013 - 09:30 PM

Done



#10 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:10:17 AM

Posted 25 December 2013 - 09:44 PM

Provide the other scans when you can.

#11 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:17 PM

Posted 25 December 2013 - 09:54 PM

Hello -

Please read theOfficial Remove My Search Dial uninstall pages.

 

Once you read and try this, please follow any / all other steps provided by cryptodan

 

Thank You -



#12 WILD RACING

WILD RACING
  • Topic Starter

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:17 AM

Posted 25 December 2013 - 10:47 PM

I did try the uninstall instructions on that page and tried reseting the browsers home page.  Yet, it still comes up when I open the browser.

 

 

I got an error mesage trying to update Adobe Reader.  said the program was in use and multiple times to redo it all yeild the same results.  Can we come back to that at a later time?

 

tryin the other scans now



#13 WILD RACING

WILD RACING
  • Topic Starter

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:17 AM

Posted 25 December 2013 - 10:57 PM

Ran the scan on  AdwCleaner but can't seem to find the log now



#14 WILD RACING

WILD RACING
  • Topic Starter

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:17 AM

Posted 25 December 2013 - 11:07 PM

Here's the other logs....

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Microsoft Windows XP x86
Ran by User on Wed 12/25/2013 at 22:53:17.06
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

~~~ FireFox

Successfully deleted: [Folder] C:\Documents and Settings\User\Application Data\mozilla\firefox\profiles\gm6mqnj3.default\extensions\staged

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 12/25/2013 at 23:03:02.29
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

Farbar Service Scanner Version: 05-12-2013
Ran by User (administrator) on 25-12-2013 at 22:52:19
Running from "C:\Documents and Settings\User\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Other Services:
==============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(10) Avgtdix(12) Gpc(6) IPSec(4) irda(8) NetBT(5) PSched(7) s24trans(9) Tcpip(3)
0x0C000000040000000100000002000000030000000B0000000C00000005000000060000000700000008000000090000000A000000
IpSec Tag value is correct.

**** End of log ****



#15 WILD RACING

WILD RACING
  • Topic Starter

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:17 AM

Posted 25 December 2013 - 11:12 PM

Found a couple adwcleaner logs.  Both dated today so not sure which one you need.

# AdwCleaner v3.016 - Report created 25/12/2013 at 22:24:33
# Updated 23/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : User - LENOVO-C453AFAC
# Running from : C:\Documents and Settings\User\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\gm6mqnj3.default\searchplugins\Askcom.xml
File Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\gm6mqnj3.default\searchplugins\Mysearchdial.xml
File Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\gm6mqnj3.default\user.js
File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\gm6mqnj3.default\Extensions\{AD9A41D2-9A49-4FA6-A79E-71A0785364C8}
Folder Found C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
Folder Found C:\Documents and Settings\User\Application Data\registry mechanic
Folder Found C:\Documents and Settings\User\Local Settings\Application Data\apn
Folder Found C:\Documents and Settings\User\Local Settings\Application Data\AVG Security Toolbar
Folder Found C:\Documents and Settings\User\Local Settings\Application Data\Mobogenie
Folder Found C:\Program Files\Mobogenie
Folder Found C:\Program Files\registry mechanic

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Freecause
Key Found : HKCU\Software\AVG Security Toolbar
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\DealPly
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{21608B66-026F-4DCB-9244-0DACA328DCED}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C80BDEB2-8735-44C6-BD55-A1CCD555667A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21608B66-026F-4DCB-9244-0DACA328DCED}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C80BDEB2-8735-44C6-BD55-A1CCD555667A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F78BF7A8-CF12-4DE7-A6DA-C463D1B539A7}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PlaySushi
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] - hxxp://start.mysearchdial.com/?f=2&a=irmsd1202&cd=2XzuyEtN2Y1L1QzutDtDtCzy0DtBtDyE0FtCyByByD0A0E0DtN0D0Tzu0SyBtCyDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1917698251&ir=

-\\ Mozilla Firefox v3.6.13 (en-US)

[ File : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\gm6mqnj3.default\prefs.js ]

Line Found : user_pref("browser.search.defaultengine", "Ask.com");
Line Found : user_pref("browser.search.defaultenginename", "Mysearchdial");
Line Found : user_pref("browser.search.order.1", "Ask.com");
Line Found : user_pref("extensions.mysearchdial.aflt", "irmsd1202");
Line Found : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Line Found : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutDtDtCzy0DtBtDyE0FtCyByByD0A0E0DtN0D0Tzu0SyBtCyDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R");
Line Found : user_pref("extensions.mysearchdial.cr", "1917698251");
Line Found : user_pref("extensions.mysearchdial.dfltLng", "");
Line Found : user_pref("extensions.mysearchdial.dfltSrch", true);
Line Found : user_pref("extensions.mysearchdial.dnsErr", true);
Line Found : user_pref("extensions.mysearchdial.excTlbr", false);
Line Found : user_pref("extensions.mysearchdial.hmpg", true);
Line Found : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=irmsd1202&cd=2XzuyEtN2Y1L1QzutDtDtCzy0DtBtDyE0FtCyByByD0A0E0DtN0D0Tzu0SyBtCyDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutC[...]
Line Found : user_pref("extensions.mysearchdial.id", "0019D204F1775AED");
Line Found : user_pref("extensions.mysearchdial.instlDay", "16054");
Line Found : user_pref("extensions.mysearchdial.instlRef", "");
Line Found : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=irmsd1202&cd=2XzuyEtN2Y1L1QzutDtDtCzy0DtBtDyE0FtCyByByD0A0E0DtN0D0Tzu0SyBtCyDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1Czu[...]
Line Found : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Line Found : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Line Found : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Line Found : user_pref("extensions.mysearchdial.tlbrId", "base");
Line Found : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=irmsd1202&cd=2XzuyEtN2Y1L1QzutDtDtCzy0DtBtDyE0FtCyByByD0A0E0DtN0D0Tzu0SyBtCyDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1C[...]
Line Found : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
Line Found : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
Line Found : user_pref("extensions.mysearchdial_i.hmpg", true);
Line Found : user_pref("extensions.mysearchdial_i.newTab", false);
Line Found : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Line Found : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.010:26:8");

-\\ Google Chrome v

[ File : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Found : icon_url
Found : search_url
Found : keyword
Found : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [9506 octets] - [25/12/2013 22:24:33]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [9566 octets] ##########
# AdwCleaner v3.016 - Report created 25/12/2013 at 22:37:48
# Updated 23/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : User - LENOVO-C453AFAC
# Running from : C:\Documents and Settings\User\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\gm6mqnj3.default\searchplugins\Askcom.xml
File Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\gm6mqnj3.default\searchplugins\Mysearchdial.xml
File Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\gm6mqnj3.default\user.js
File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\gm6mqnj3.default\Extensions\{AD9A41D2-9A49-4FA6-A79E-71A0785364C8}
Folder Found C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
Folder Found C:\Documents and Settings\User\Application Data\registry mechanic
Folder Found C:\Documents and Settings\User\Local Settings\Application Data\apn
Folder Found C:\Documents and Settings\User\Local Settings\Application Data\AVG Security Toolbar
Folder Found C:\Documents and Settings\User\Local Settings\Application Data\Mobogenie
Folder Found C:\Program Files\Mobogenie
Folder Found C:\Program Files\registry mechanic

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Freecause
Key Found : HKCU\Software\AVG Security Toolbar
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\DealPly
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{21608B66-026F-4DCB-9244-0DACA328DCED}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C80BDEB2-8735-44C6-BD55-A1CCD555667A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21608B66-026F-4DCB-9244-0DACA328DCED}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C80BDEB2-8735-44C6-BD55-A1CCD555667A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F78BF7A8-CF12-4DE7-A6DA-C463D1B539A7}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PlaySushi
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] - hxxp://start.mysearchdial.com/?f=2&a=irmsd1202&cd=2XzuyEtN2Y1L1QzutDtDtCzy0DtBtDyE0FtCyByByD0A0E0DtN0D0Tzu0SyBtCyDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1917698251&ir=

-\\ Mozilla Firefox v3.6.13 (en-US)

[ File : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\gm6mqnj3.default\prefs.js ]

Line Found : user_pref("browser.search.defaultengine", "Ask.com");
Line Found : user_pref("browser.search.defaultenginename", "Mysearchdial");
Line Found : user_pref("browser.search.order.1", "Ask.com");
Line Found : user_pref("extensions.mysearchdial.aflt", "irmsd1202");
Line Found : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Line Found : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutDtDtCzy0DtBtDyE0FtCyByByD0A0E0DtN0D0Tzu0SyBtCyDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R");
Line Found : user_pref("extensions.mysearchdial.cr", "1917698251");
Line Found : user_pref("extensions.mysearchdial.dfltLng", "");
Line Found : user_pref("extensions.mysearchdial.dfltSrch", true);
Line Found : user_pref("extensions.mysearchdial.dnsErr", true);
Line Found : user_pref("extensions.mysearchdial.excTlbr", false);
Line Found : user_pref("extensions.mysearchdial.hmpg", true);
Line Found : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=irmsd1202&cd=2XzuyEtN2Y1L1QzutDtDtCzy0DtBtDyE0FtCyByByD0A0E0DtN0D0Tzu0SyBtCyDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutC[...]
Line Found : user_pref("extensions.mysearchdial.id", "0019D204F1775AED");
Line Found : user_pref("extensions.mysearchdial.instlDay", "16054");
Line Found : user_pref("extensions.mysearchdial.instlRef", "");
Line Found : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=irmsd1202&cd=2XzuyEtN2Y1L1QzutDtDtCzy0DtBtDyE0FtCyByByD0A0E0DtN0D0Tzu0SyBtCyDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1Czu[...]
Line Found : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Line Found : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Line Found : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Line Found : user_pref("extensions.mysearchdial.tlbrId", "base");
Line Found : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=irmsd1202&cd=2XzuyEtN2Y1L1QzutDtDtCzy0DtBtDyE0FtCyByByD0A0E0DtN0D0Tzu0SyBtCyDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1C[...]
Line Found : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
Line Found : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
Line Found : user_pref("extensions.mysearchdial_i.hmpg", true);
Line Found : user_pref("extensions.mysearchdial_i.newTab", false);
Line Found : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Line Found : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.010:26:8");

-\\ Google Chrome v

[ File : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Found : icon_url
Found : search_url
Found : keyword
Found : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [19152 octets] - [25/12/2013 22:24:33]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [19213 octets] ##########

 

# AdwCleaner v3.016 - Report created 25/12/2013 at 22:38:43
# Updated 23/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : User - LENOVO-C453AFAC
# Running from : C:\Documents and Settings\User\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
Folder Deleted : C:\Program Files\Mobogenie
Folder Deleted : C:\Program Files\registry mechanic
Folder Deleted : C:\Documents and Settings\User\Local Settings\Application Data\apn
Folder Deleted : C:\Documents and Settings\User\Local Settings\Application Data\AVG Security Toolbar
Folder Deleted : C:\Documents and Settings\User\Local Settings\Application Data\Mobogenie
Folder Deleted : C:\Documents and Settings\User\Application Data\registry mechanic
Folder Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\gm6mqnj3.default\Extensions\{AD9A41D2-9A49-4FA6-A79E-71A0785364C8}
File Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\gm6mqnj3.default\searchplugins\Askcom.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\gm6mqnj3.default\searchplugins\Mysearchdial.xml
File Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\gm6mqnj3.default\user.js

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\DealPly
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21608B66-026F-4DCB-9244-0DACA328DCED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C80BDEB2-8735-44C6-BD55-A1CCD555667A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F78BF7A8-CF12-4DE7-A6DA-C463D1B539A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{21608B66-026F-4DCB-9244-0DACA328DCED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C80BDEB2-8735-44C6-BD55-A1CCD555667A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : HKCU\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PlaySushi
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

-\\ Mozilla Firefox v3.6.13 (en-US)

[ File : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\gm6mqnj3.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Line Deleted : user_pref("browser.search.defaultenginename", "Mysearchdial");
Line Deleted : user_pref("browser.search.order.1", "Ask.com");
Line Deleted : user_pref("extensions.mysearchdial.aflt", "irmsd1202");
Line Deleted : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Line Deleted : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutDtDtCzy0DtBtDyE0FtCyByByD0A0E0DtN0D0Tzu0SyBtCyDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R");
Line Deleted : user_pref("extensions.mysearchdial.cr", "1917698251");
Line Deleted : user_pref("extensions.mysearchdial.dfltLng", "");
Line Deleted : user_pref("extensions.mysearchdial.dfltSrch", true);
Line Deleted : user_pref("extensions.mysearchdial.dnsErr", true);
Line Deleted : user_pref("extensions.mysearchdial.excTlbr", false);
Line Deleted : user_pref("extensions.mysearchdial.hmpg", true);
Line Deleted : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=irmsd1202&cd=2XzuyEtN2Y1L1QzutDtDtCzy0DtBtDyE0FtCyByByD0A0E0DtN0D0Tzu0SyBtCyDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutC[...]
Line Deleted : user_pref("extensions.mysearchdial.id", "0019D204F1775AED");
Line Deleted : user_pref("extensions.mysearchdial.instlDay", "16054");
Line Deleted : user_pref("extensions.mysearchdial.instlRef", "");
Line Deleted : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=irmsd1202&cd=2XzuyEtN2Y1L1QzutDtDtCzy0DtBtDyE0FtCyByByD0A0E0DtN0D0Tzu0SyBtCyDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1Czu[...]
Line Deleted : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.tlbrId", "base");
Line Deleted : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=irmsd1202&cd=2XzuyEtN2Y1L1QzutDtDtCzy0DtBtDyE0FtCyByByD0A0E0DtN0D0Tzu0SyBtCyDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1C[...]
Line Deleted : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
Line Deleted : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
Line Deleted : user_pref("extensions.mysearchdial_i.hmpg", true);
Line Deleted : user_pref("extensions.mysearchdial_i.newTab", false);
Line Deleted : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Line Deleted : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.010:26:8");

-\\ Google Chrome v

[ File : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Deleted : icon_url
Deleted : search_url
Deleted : keyword
Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [19294 octets] - [25/12/2013 22:24:33]
AdwCleaner[S0].txt - [9582 octets] - [25/12/2013 22:38:43]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9642 octets] ##########






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users