Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

start.mysearchdial.com hijacker


  • Please log in to reply
15 replies to this topic

#1 Avalonjxn2

Avalonjxn2

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 12 March 2014 - 09:52 AM

What is the best way to remove this web browser hijacker?  I've tried malwarebytes and spybot. 



BC AdBot (Login to Remove)

 


#2 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:45 AM

Posted 12 March 2014 - 09:58 AM

Download Minitoolbox - http://www.bleepingcomputer.com/download/minitoolbox/

Start the application.Set ticks everywhere.Click GO button.After scan is done a log will appear.Save and attach it here.



#3 Avalonjxn2

Avalonjxn2
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 12 March 2014 - 10:02 AM

What does Set ticks everywhere mean?



#4 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:45 AM

Posted 12 March 2014 - 10:05 AM

Ashampoo_Snap_2014.03.12_17h04m05s_001_.



#5 Avalonjxn2

Avalonjxn2
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 12 March 2014 - 10:44 AM

Here you go....

 

 

Ran by Mainenance (administrator) on 12-03-2014 at 10:27:40

Running from "E:\"

Microsoft Windows 7 Home Premium  Service Pack 1 (X64)

Boot Mode: Normal

***************************************************************************

 

========================= Flush DNS: ===================================

 

Windows IP Configuration

 

Successfully flushed the DNS Resolver Cache.

 

========================= IE Proxy Settings: ==============================

 

Proxy is not enabled.

No Proxy Server is set.

 

"Reset IE Proxy Settings": IE Proxy Settings were reset.

 

========================= FF Proxy Settings: ==============================

 

 

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

 

========================= Hosts content: =================================

 

 

 

========================= IP Configuration: ================================

 

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)

 

 

# ----------------------------------

# IPv4 Configuration

# ----------------------------------

pushd interface ipv4

 

reset

set global icmpredirects=enabled

 

 

popd

# End of IPv4 configuration

 

 

 

Windows IP Configuration

 

   Host Name . . . . . . . . . . . . : Mainenance-PC

   Primary Dns Suffix  . . . . . . . :

   Node Type . . . . . . . . . . . . : Hybrid

   IP Routing Enabled. . . . . . . . : No

   WINS Proxy Enabled. . . . . . . . : No

   DNS Suffix Search List. . . . . . : att.net

 

Ethernet adapter Local Area Connection:

 

   Connection-specific DNS Suffix  . : att.net

   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller

   Physical Address. . . . . . . . . : A4-1F-72-57-A2-5C

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes

   Link-local IPv6 Address . . . . . : fe80::1ca3:f3a7:ae07:acd4%11(Preferred)

   IPv4 Address. . . . . . . . . . . : 192.168.1.65(Preferred)

   Subnet Mask . . . . . . . . . . . : 255.255.255.0

   Lease Obtained. . . . . . . . . . : Wednesday, March 12, 2014 10:23:02 AM

   Lease Expires . . . . . . . . . . : Wednesday, March 12, 2014 10:28:02 AM

   Default Gateway . . . . . . . . . : 192.168.1.254

   DHCP Server . . . . . . . . . . . : 192.168.1.254

   DHCPv6 IAID . . . . . . . . . . . : 245636978

   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-DB-CD-01-A4-1F-72-57-A2-5C

   DNS Servers . . . . . . . . . . . : 192.168.1.254

   NetBIOS over Tcpip. . . . . . . . : Enabled

 

Tunnel adapter isatap.att.net:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . : att.net

   Description . . . . . . . . . . . : Microsoft ISATAP Adapter

   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

 

Tunnel adapter Local Area Connection* 9:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : Microsoft 6to4 Adapter

   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

 

Tunnel adapter Teredo Tunneling Pseudo-Interface:

 

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:1c4d:37af:930d:63f3(Preferred)

   Link-local IPv6 Address . . . . . : fe80::1c4d:37af:930d:63f3%13(Preferred)

   Default Gateway . . . . . . . . . : ::

   NetBIOS over Tcpip. . . . . . . . : Disabled

Server:  dsldevice.att.net

Address:  192.168.1.254

 

Name:    google.com

Addresses:  2607:f8b0:4002:c06::66

                  74.125.21.139

                  74.125.21.100

                  74.125.21.102

                  74.125.21.113

                  74.125.21.138

                  74.125.21.101

 

 

Pinging google.com [74.125.196.102] with 32 bytes of data:

Reply from 74.125.196.102: bytes=32 time=37ms TTL=44

Reply from 74.125.196.102: bytes=32 time=37ms TTL=44

 

Ping statistics for 74.125.196.102:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 37ms, Maximum = 37ms, Average = 37ms

Server:  dsldevice.att.net

Address:  192.168.1.254

 

Name:    yahoo.com

Addresses:  98.139.183.24

                  206.190.36.45

                  98.138.253.109

 

 

Pinging yahoo.com [206.190.36.45] with 32 bytes of data:

Reply from 206.190.36.45: bytes=32 time=173ms TTL=48

Reply from 206.190.36.45: bytes=32 time=93ms TTL=48

 

Ping statistics for 206.190.36.45:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 93ms, Maximum = 173ms, Average = 133ms

 

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time=4ms TTL=128

Reply from 127.0.0.1: bytes=32 time=2ms TTL=128

 

Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 2ms, Maximum = 4ms, Average = 3ms

===========================================================================

Interface List

11...a4 1f 72 57 a2 5c ......Realtek PCIe GBE Family Controller

  1...........................Software Loopback Interface 1

14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter

12...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter

13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface

===========================================================================

 

IPv4 Route Table

===========================================================================

Active Routes:

Network Destination        Netmask          Gateway       Interface  Metric

          0.0.0.0          0.0.0.0    192.168.1.254     192.168.1.65     20

        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306

        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306

  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306

      192.168.1.0    255.255.255.0         On-link      192.168.1.65    276

     192.168.1.65  255.255.255.255         On-link      192.168.1.65    276

    192.168.1.255  255.255.255.255         On-link      192.168.1.65    276

        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306

        224.0.0.0        240.0.0.0         On-link      192.168.1.65    276

  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306

  255.255.255.255  255.255.255.255         On-link      192.168.1.65    276

===========================================================================

Persistent Routes:

  None

 

IPv6 Route Table

===========================================================================

Active Routes:

If Metric Network Destination      Gateway

13     58 ::/0                     On-link

  1    306 ::1/128                  On-link

13     58 2001::/32                On-link

13    306 2001:0:9d38:6abd:1c4d:37af:930d:63f3/128

                                    On-link

11    276 fe80::/64                On-link

13    306 fe80::/64                On-link

13    306 fe80::1c4d:37af:930d:63f3/128

                                    On-link

11    276 fe80::1ca3:f3a7:ae07:acd4/128

                                    On-link

  1    306 ff00::/8                 On-link

13    306 ff00::/8                 On-link

11    276 ff00::/8                 On-link

===========================================================================

Persistent Routes:

  None

========================= Winsock entries =====================================

 

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)

Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)

Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)

Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)

Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)

Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)

Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)

x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)

x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)

x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)

x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)

x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)

x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

 

========================= Event log errors: ===============================

 

Application errors:

==================

Error: (03/11/2014 05:12:46 PM) (Source: ConvertFilesforFree) (User: )

Description: Can't parse JSON update object

 

Error: (03/11/2014 04:55:29 PM) (Source: ConvertFilesforFree) (User: )

Description: Can't parse JSON update object

 

Error: (03/11/2014 04:40:17 PM) (Source: ConvertFilesforFree) (User: )

Description: Can't parse JSON update object

 

Error: (03/11/2014 04:25:04 PM) (Source: ConvertFilesforFree) (User: )

Description: Can't parse JSON update object

 

Error: (03/11/2014 00:04:22 PM) (Source: ConvertFilesforFree) (User: )

Description: Can't parse JSON update object

 

Error: (03/11/2014 11:49:24 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (03/11/2014 11:49:09 AM) (Source: ConvertFilesforFree) (User: )

Description: Can't parse JSON update object

 

Error: (03/11/2014 11:49:09 AM) (Source: ConvertFilesforFree) (User: )

Description: Can't query a value of the remote_log registry value, code: 2

 

Error: (03/11/2014 11:49:09 AM) (Source: ConvertFilesforFree) (User: )

Description: Can't query a buffer size for the remote_log registry value, code: 2

 

Error: (03/11/2014 11:49:09 AM) (Source: ConvertFilesforFree) (User: )

Description: Can't query a value of the remote_log registry value, code: 2

 

 

System errors:

=============

Error: (03/11/2014 11:49:09 AM) (Source: Service Control Manager) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Optimizer Pro Crash Monitor service to connect.

 

Error: (03/10/2014 03:00:00 PM) (Source: Service Control Manager) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Optimizer Pro Crash Monitor service to connect.

 

Error: (03/10/2014 02:17:47 PM) (Source: Service Control Manager) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Optimizer Pro Crash Monitor service to connect.

 

Error: (03/10/2014 01:38:12 PM) (Source: Service Control Manager) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Optimizer Pro Crash Monitor service to connect.

 

Error: (03/10/2014 08:30:14 AM) (Source: DCOM) (User: )

Description: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

 

Error: (03/10/2014 08:29:46 AM) (Source: Service Control Manager) (User: )

Description: The Google Update Service (gupdate) service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (03/06/2014 04:14:25 PM) (Source: WMPNetworkSvc) (User: )

Description: WMPNetworkSvc0x80004005

 

Error: (03/06/2014 04:13:27 PM) (Source: Service Control Manager) (User: )

Description: The Computer Backup (MyPC Backup) service failed to start due to the following error:

%%1053

 

Error: (03/06/2014 04:13:27 PM) (Source: Service Control Manager) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect.

 

Error: (03/06/2014 04:05:07 PM) (Source: WMPNetworkSvc) (User: )

Description: WMPNetworkSvc0x80004005

 

 

Microsoft Office Sessions:

=========================

Error: (03/11/2014 05:12:46 PM) (Source: ConvertFilesforFree)(User: )

Description: Can't parse JSON update object

 

Error: (03/11/2014 04:55:29 PM) (Source: ConvertFilesforFree)(User: )

Description: Can't parse JSON update object

 

Error: (03/11/2014 04:40:17 PM) (Source: ConvertFilesforFree)(User: )

Description: Can't parse JSON update object

 

Error: (03/11/2014 04:25:04 PM) (Source: ConvertFilesforFree)(User: )

Description: Can't parse JSON update object

 

Error: (03/11/2014 00:04:22 PM) (Source: ConvertFilesforFree)(User: )

Description: Can't parse JSON update object

 

Error: (03/11/2014 11:49:24 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (03/11/2014 11:49:09 AM) (Source: ConvertFilesforFree)(User: )

Description: Can't parse JSON update object

 

Error: (03/11/2014 11:49:09 AM) (Source: ConvertFilesforFree)(User: )

Description: Can't query a value of the remote_log registry value, code: 2

 

Error: (03/11/2014 11:49:09 AM) (Source: ConvertFilesforFree)(User: )

Description: Can't query a buffer size for the remote_log registry value, code: 2

 

Error: (03/11/2014 11:49:09 AM) (Source: ConvertFilesforFree)(User: )

Description: Can't query a value of the remote_log registry value, code: 2

 

 

=========================== Installed Programs ============================

 

Adobe Flash Player 12 ActiveX (Version: 12.0.0.77)

Adobe Flash Player 12 Plugin (Version: 12.0.0.77)

Conexant Audio Filter Agent (Version: 1.7.36.0)

Conexant HD Audio (Version: 8.50.5.51)

Conexant SmartAudio (Version: 6.0.109.0)

Dell Edoc Viewer (Version: 1.0.0)

Intel® Rapid Storage Technology (Version: 12.7.1.1000)

Intel® Trusted Connect Service Client (Version: 1.24.388.1)

Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)

Microsoft Application Error Reporting (Version: 12.0.6015.5000)

Microsoft Office Home and Business 2013 - en-us (Version: 15.0.4551.1512)

Microsoft Security Client (Version: 4.4.0304.0)

Microsoft Security Essentials (Version: 4.4.304.0)

Microsoft Silverlight (Version: 5.1.20913.0)

Microsoft SkyDrive (Version: 16.4.6012.0828)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)

Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1512)

Spybot - Search & Destroy (Version: 2.2.25)

Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)

Windows Live Language Selector (Version: 15.4.3508.1109)

Windows Live MIME IFilter (Version: 15.4.3502.0922)

Windows Live Remote Client (Version: 15.4.5722.2)

Windows Live Remote Client Resources (Version: 15.4.5722.2)

Windows Live Remote Service (Version: 15.4.5722.2)

Windows Live Remote Service Resources (Version: 15.4.5722.2)

Zip Extractor Packages

 

========================= Devices: ================================

 

 

========================= Memory info: ===================================

 

Percentage of memory in use: 29%

Total physical RAM: 3998.07 MB

Available physical RAM: 2819.89 MB

Total Pagefile: 7994.33 MB

Available Pagefile: 5919.7 MB

Total Virtual: 4095.88 MB

Available Virtual: 3966.5 MB

 

========================= Partitions: =====================================

 

1 Drive c: (OS) (Fixed) (Total:232.11 GB) (Free:191.96 GB) NTFS

3 Drive e: (MARYMARTHA) (Removable) (Total:1.86 GB) (Free:1.84 GB) FAT

 

========================= Users: ========================================

 

User accounts for \\MAINENANCE-PC

 

Administrator            Administrator1           Guest                   

Mainenance              

 

========================= Minidump Files ==================================

 

No minidump file found

 

========================= Restore Points ==================================

 

19-02-2014 18:47:34 Windows Update

24-02-2014 19:42:55 Windows Update

25-02-2014 14:56:13 Windows Update

27-02-2014 09:00:21 Windows Update

03-03-2014 17:07:36 Windows Update

05-03-2014 17:10:10 Installed Java 7 Update 51

06-03-2014 20:08:40 Windows Update

06-03-2014 20:53:35 Uniblue SpeedUpMyPC installation

07-03-2014 19:52:57 Windows Update

07-03-2014 23:16:19 C

07-03-2014 23:20:31 C

10-03-2014 18:34:58 C

11-03-2014 15:32:41 Windows Update

 

**** End of log ****



#6 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:45 AM

Posted 12 March 2014 - 11:25 AM

Dont`t use this - Uniblue SpeedUpMyPC

Download AdwCleaner - http://www.bleepingcomputer.com/download/adwcleaner/

Start the application.Click Scan button.It will be short.After scan is done click Clean button.The application will ask for reboot.Do it and after restart a log will appear on your desktop.Save and attach it here.



#7 Avalonjxn2

Avalonjxn2
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 12 March 2014 - 12:59 PM

Here it is....

 

# AdwCleaner v3.021 - Report created 12/03/2014 at 12:53:31
# Updated 10/03/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Mainenance - MAINENANCE-PC
# Running from : E:\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : 70e6ca8c

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\AnyProtectEx
Folder Deleted : C:\Program Files (x86)\File Type Helper
Folder Deleted : C:\Program Files (x86)\NewPlayer
Folder Deleted : C:\Program Files (x86)\openit
Folder Deleted : C:\Program Files (x86)\Optimizer Pro
Folder Deleted : C:\Users\Mainenance\AppData\Local\NewPlayer
Folder Deleted : C:\Users\Mainenance\AppData\Roaming\DigitalSites
Folder Deleted : C:\Users\Mainenance\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Mainenance\AppData\Roaming\Mozilla\Firefox\Profiles\9s9brj9f.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\Mainenance\AppData\Roaming\Mozilla\Firefox\Profiles\9s9brj9f.default\searchplugins\conduit-search.xml
File Deleted : C:\Users\Mainenance\AppData\Roaming\Mozilla\Firefox\Profiles\9s9brj9f.default\searchplugins\Mysearchdial.xml
File Deleted : C:\Users\Mainenance\AppData\Roaming\Mozilla\Firefox\Profiles\9s9brj9f.default\user.js
File Deleted : C:\Windows\Tasks\MySearchDial.job
File Deleted : C:\Windows\System32\Tasks\MySearchDial

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422412250}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522282200}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466416650}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566286600}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422412250}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522282200}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466416650}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566286600}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\Uniblue
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\Mainenance\AppData\Roaming\Mozilla\Firefox\Profiles\9s9brj9f.default\prefs.js ]

Line Deleted : user_pref("browser.newtab.url", "hxxp://search.conduit.com/?ctid=CT3324316&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=4&UP=SP2288EE9C-9BAA-414D-BAC9-2BF7C0A46A2A");
Line Deleted : user_pref("browser.search.defaultenginename", "Mysearchdial");
Line Deleted : user_pref("browser.search.order.1", "Mysearchdial");
Line Deleted : user_pref("browser.search.selectedEngine", "Mysearchdial");
Line Deleted : user_pref("extensions.crossrider.bic", "144992d89fcb8661fa0b9765a64187be");
Line Deleted : user_pref("extensions.mysearchdial.AL", 2);
Line Deleted : user_pref("extensions.mysearchdial.aflt", "ir_14_10_FF");
Line Deleted : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Line Deleted : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1Qzu0AyEtC0FyBtByDyB0AtByD0C0DzyyD0DtN0D0Tzu0SyBzyyCtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StB0AtCyByCyEyE0CtG0DtCtC0[...]
Line Deleted : user_pref("extensions.mysearchdial.cntry", "US");
Line Deleted : user_pref("extensions.mysearchdial.cr", "901871871");
Line Deleted : user_pref("extensions.mysearchdial.dfltLng", "");
Line Deleted : user_pref("extensions.mysearchdial.dfltSrch", true);
Line Deleted : user_pref("extensions.mysearchdial.dnsErr", true);
Line Deleted : user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,18285[...]
Line Deleted : user_pref("extensions.mysearchdial.excTlbr", false);
Line Deleted : user_pref("extensions.mysearchdial.hdrMd5", "CC092CF70BDA949497B384D30DE78E6C");
Line Deleted : user_pref("extensions.mysearchdial.hmpg", true);
Line Deleted : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=ir_14_10_FF&cd=2XzuyEtN2Y1L1Qzu0AyEtC0FyBtByDyB0AtByD0C0DzyyD0DtN0D0Tzu0SyBzyyCtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtD[...]
Line Deleted : user_pref("extensions.mysearchdial.id", "A41F7257A25CD95D");
Line Deleted : user_pref("extensions.mysearchdial.instlDay", "16135");
Line Deleted : user_pref("extensions.mysearchdial.instlRef", "140305_b");
Line Deleted : user_pref("extensions.mysearchdial.lastB", "hxxp://start.mysearchdial.com/?f=1&a=dsites&cd=2XzuyEtN2Y1L1Qzu0AyEtC0FyBtByDyB0AtByD0C0DzyyD0DtN0D0Tzu0SyBzyyCtN1L2XzutBtFtCyBtFtDtFtBtN1L1CzutDtBtCtC1V1Rt[...]
Line Deleted : user_pref("extensions.mysearchdial.lastVrsnTs", "1.8.29.014:59:46");
Line Deleted : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=ir_14_10_FF&cd=2XzuyEtN2Y1L1Qzu0AyEtC0FyBtByDyB0AtByD0C0DzyyD0DtN0D0Tzu0SyBzyyCtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyE[...]
Line Deleted : user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"90\",\"lastVrsn\":\"90\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
Line Deleted : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.sg", "none");
Line Deleted : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.tlbrId", "base");
Line Deleted : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=ir_14_10_FF&cd=2XzuyEtN2Y1L1Qzu0AyEtC0FyBtByDyB0AtByD0C0DzyyD0DtN0D0Tzu0SyBzyyCtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutC[...]
Line Deleted : user_pref("extensions.mysearchdial.vrsn", "1.8.29.0");
Line Deleted : user_pref("extensions.mysearchdial.vrsni", "1.8.29.0");
Line Deleted : user_pref("extensions.mysearchdial_i.hmpg", true);
Line Deleted : user_pref("extensions.mysearchdial_i.newTab", false);
Line Deleted : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Line Deleted : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.29.014:59:46");

-\\ Google Chrome v33.0.1750.146

[ File : C:\Users\Mainenance\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage

*************************

AdwCleaner[R0].txt - [9823 octets] - [12/03/2014 12:52:46]
AdwCleaner[S0].txt - [8844 octets] - [12/03/2014 12:53:31]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8904 octets] ##########
 



#8 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:45 AM

Posted 12 March 2014 - 01:23 PM

Start AdwCleaner again.Click uninstall and it will dissapear.Download JRT - http://www.bleepingcomputer.com/download/junkware-removal-tool/

Turn off your antivirus.Start the application.Press any key to continue.The application will check your system.After is done a log will appear.Save and attach it here.



#9 Avalonjxn2

Avalonjxn2
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 12 March 2014 - 02:07 PM

Here this one is...

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by Mainenance on Wed 03/12/2014 at 14:00:23.25
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Failed to stop: [Service] qknfd



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4EA03543-F616-45BC-B02D-45160830EFF8}



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Mainenance\AppData\Roaming\mozilla\firefox\profiles\9s9brj9f.default\minidumps [7 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 03/12/2014 at 14:05:05.22
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#10 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:45 AM

Posted 12 March 2014 - 02:13 PM

Ok.Now do you have still problems?



#11 Avalonjxn2

Avalonjxn2
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 12 March 2014 - 02:35 PM

Yes.  It doesn't seem to be as bad as it was initially but it's still pretty bad.  I was actually able to post the last two logs from the computer that is infected but it still opens multiple windows. :-(

Thanks for all of you help!!  What about Combofix?  Would that be an option?

 

Traci



#12 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:45 AM

Posted 12 March 2014 - 02:41 PM

Uninstall this - Spybot - Search & Destroy (Version: 2.2.25)

Download Superantispyware - http://www.bleepingcomputer.com/download/superantispyware/

Install the program.Update it from below and after that above choose complete scan.Next and select all you drives/C,D,E/.Next and do a full scan.



#13 Avalonjxn2

Avalonjxn2
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 12 March 2014 - 03:37 PM

Superantispyware found 33 tracking cookies..  I deleted them and restarted the computer.  Still infected.

 

Traci



#14 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:45 AM

Posted 12 March 2014 - 03:49 PM

Did Superantispyware ask for reboot or you have done this?



#15 Avalonjxn2

Avalonjxn2
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 12 March 2014 - 03:58 PM

Superantispyware did not ask for a reboot.  But with most of these scans for any changes to take effect you have to reboot.  I don't think the tracking cookies were the problem.  There is some weird program in the Control Panel> Programs that I tried to uninstall and it wouldn't let me.  I'm not in the building where the infected computer is and probably will not be back over there today.  If you have any other recommendations please post here and I'll try them tomorrow. Again, thanks for all of your help! 

 

Traci






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users