Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspect Malware or Virus Blocking Windows 7


  • Please log in to reply
13 replies to this topic

#1 vid2

vid2

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 25 October 2015 - 08:20 AM

Hi Using a Leveno T420 running Windows 7. Problems started a week and a half ago in which I could not access the internet without being in safe mode. That option is no longer available. None of the Microsoft programs work, no audio, and no home network detection. All drivers are up to date. Screen is very dark in reg mode and no adjustments can be made. Ran the autoruns program on the advice of one of your peers and disabled 3 files that were empty. Posted deets on other forum board /thread and was told to head here. These changes did not make a difference. I guess this is not the correct place for posting log errors, but would like to know if I am infected and what shall I do to fix. Ihave done the sys. scan using the specified program, so if someone would care to look at them and advise me of the next step, that would be great. TIA.

Edited by vid2, 25 October 2015 - 08:32 AM.


BC AdBot (Login to Remove)

 


#2 Peter Hart

Peter Hart

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 25 October 2015 - 08:56 PM

What malware or virus scans have you run on your machine and what results if any have they shown up with?



#3 vid2

vid2
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 26 October 2015 - 12:03 AM

None. My antivirus will not scan at all and internet connectivity has also been disabled. I do not know what to do unless I dl one to the usb upload and try to run it. Is there any that you can recommend for me to try?
Thank you.

#4 Peter Hart

Peter Hart

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 26 October 2015 - 12:38 AM

Strong success with BitDefender Free Edition for home users and Malwarebytes free for the Malware side of the scan. If either of these come up with anything then let us know the results here and we can point you in the right direction for a clean up if these tools do not complete it successfully.



#5 vid2

vid2
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 26 October 2015 - 09:41 AM

Doing that now. If I find anything will post results on this thread. Much appreciated.



#6 RolandJS

RolandJS

  • Members
  • 4,539 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:05:29 PM

Posted 26 October 2015 - 09:58 AM

One thing that might help recapture the ability to operate anti-virus and anti-malware programs:

download and install Windows repair (All in One) [or use the portable version]..  Boot in Safe Mode with Networking, choose only Item Numbers: 10,11,26,27 -- that's all.  When it's done, restart.  That just might give you control over your security software and such so that you can much easier follow the advice of the BC malware team.


"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)


#7 vid2

vid2
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 26 October 2015 - 06:04 PM

This is what it found with the Malwarebytes. I cannot dl the other mentioned program BitDefender. 

 

 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 460510
Time Elapsed: 26 min, 39 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 25
PUP.Optional.MySearchDial, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}, , [717c80b26724043235f1a842dc265ea2], 
PUP.Optional.MySearchDial, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}, , [717c80b26724043235f1a842dc265ea2], 
PUP.Optional.MySearchDial, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, , [7c713cf6c0cba59130f3b6343ac842be], 
PUP.Optional.FlashBeat, HKLM\SOFTWARE\Flashbeat, , [3cb1e1512c5fbb7b304f3665d72dbe42], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\33230, , [cd207db5aedd0432a782672ebd472fd1], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1696F4AF-B244-40C1-B693-DE746AA98152}, , [08e5de548407082e210c692ce81ccd33], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{645C0977-142A-4ADF-8EB4-262EBC21A627}, , [e7061f138407f5415ecddbba14f06e92], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D950BEEF-48CB-4850-A45E-3900B3CC89EE}, , [0be2f2403f4c24127ab2365f48bcba46], 
PUP.Optional.GoForFiles, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\GoforFilesUpdate, , [24c9a68c2962280e8ec79806ef15a45c], 
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\APJKPJCHFBCKHJHOKINLGDBMIBPBBJAK, , [01ec949ee3a82a0cb43d6cc740c3a759], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1696F4AF-B244-40C1-B693-DE746AA98152}, , [a14c6dc5d8b38ea84be2b4e1010343bd], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{645C0977-142A-4ADF-8EB4-262EBC21A627}, , [26c7ba787f0c64d236f5fe972bd9ac54], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D950BEEF-48CB-4850-A45E-3900B3CC89EE}, , [896492a05a314cead854128342c25da3], 
PUP.Optional.DustApps, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{CE9793E8-C305-45AA-AE10-52EE0ADDED4F}_IS1, , [f0fd6fc3028965d168efb5e37094ef11], 
PUP.Optional.DustApps, HKU\S-1-5-18\SOFTWARE\DustApps, , [8c610e24eaa1ca6ced67a1f7fc085aa6], 
PUP.Optional.DustApps, HKU\S-1-5-18\SOFTWARE\DustAppsIE, , [28c5d062771439fd98bc6f29857f0ff1], 
PUP.Optional.SuperOptimizer, HKU\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, , [aa43151d8ffcc86e6f81b40b26dee21e], 
PUP.Optional.DustApps, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\DustApps, , [20cd4de5c6c582b41241c1d78e76de22], 
PUP.Optional.DustApps, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\DustAppsIE, , [46a7ed45117a3cfa0a49fe9a26dec937], 
PUP.Optional.SelectNGo, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\Select-N-Go, , [1fce290957345bdb562ea911798b52ae], 
PUP.Optional.Omniboxes.ShrtCln, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [539a969c404b5bdbd1083147a65e0cf4], 
PUP.Optional.SuperOptimizer, HKU\S-1-5-19\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, , [2ebfc36f98f340f6638de9d67d87e020], 
PUP.Optional.SuperOptimizer, HKU\S-1-5-20\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, , [8568fb372764da5ceb05328dbf45946c], 
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-3913334427-2417261059-329747614-1001\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\APJKPJCHFBCKHJHOKINLGDBMIBPBBJAK, , [bc31d062d7b4fd39b93965cead56af51], 
PUP.Optional.W3i, HKU\S-1-5-21-3913334427-2417261059-329747614-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{DECA3892-BA8F-44B8-A993-A466AD694AE4}, , [87660230513a5fd7084c893d0afa41bf], 
 
Registry Values: 18
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1696f4af-b244-40c1-b693-de746aa98152}|AppName, DustApps-codedownloader.exe, , [08e5de548407082e210c692ce81ccd33]
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{645c0977-142a-4adf-8eb4-262ebc21a627}|AppName, DustApps-bg.exe, , [e7061f138407f5415ecddbba14f06e92]
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{d950beef-48cb-4850-a45e-3900b3cc89ee}|AppName, DustApps-buttonutil.exe, , [0be2f2403f4c24127ab2365f48bcba46]
PUP.Optional.MySearchDial, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}|URL, http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=ir_14_16_ie&cd=2XzuyEtN2Y1L1QzutDzztCtCzyyCtBtBtAzzzy0D0AtC0EyCtN0D0Tzu0SzzyEtDtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StC0B0F0B0DyC0CyEtGzzzy0AtCtG0FtC0CyBtGtCtDyEtBtGtA0BtD0AzytAyEtBzy0AyByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDyEyB0EtC0Bzz0DtG0DtBtAyCtGtA0FyDtBtG0EyC0AtBtGtC0F0CtD0DtC0F0B0FyD0DtA2Q&cr=2073596231&ir=, , [07e6fb37157682b48d64f5b859abe818]
PUP.Optional.MySearchDial, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}|TopResultURLFallback, http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=ir_14_16_ie&cd=2XzuyEtN2Y1L1QzutDzztCtCzyyCtBtBtAzzzy0D0AtC0EyCtN0D0Tzu0SzzyEtDtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StC0B0F0B0DyC0CyEtGzzzy0AtCtG0FtC0CyBtGtCtDyEtBtGtA0BtD0AzytAyEtBzy0AyByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDyEyB0EtC0Bzz0DtG0DtBtAyCtGtA0FyDtBtG0EyC0AtBtGtC0F0CtD0DtC0F0B0FyD0DtA2Q&cr=2073596231&ir=, , [8c6176bc365593a3886938755aaa4db3]
PUP.Optional.MySearchDial, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}|FaviconPath, C:\Program Files (x86)\Mysearchdial\1.8.29.0\FavIcon.ico, , [806d072b3e4d42f451a005a8e2223bc5]
PUP.Optional.MySearchDial, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, Mysearchdial, , [df0e7ab84f3c9d9970817b3259ab9769]
PUP.Optional.MySearchDial, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}|DisplayName, Mysearchdial, , [fcf175bde6a5ca6c8e6315989a6a04fc]
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\apjkpjchfbckhjhokinlgdbmibpbbjak|path, C:\Users\Stephanie\AppData\Local\CRE\apjkpjchfbckhjhokinlgdbmibpbbjak.crx, , [01ec949ee3a82a0cb43d6cc740c3a759]
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1696f4af-b244-40c1-b693-de746aa98152}|AppName, DustApps-codedownloader.exe, , [a14c6dc5d8b38ea84be2b4e1010343bd]
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{645c0977-142a-4adf-8eb4-262ebc21a627}|AppName, DustApps-bg.exe, , [26c7ba787f0c64d236f5fe972bd9ac54]
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{d950beef-48cb-4850-a45e-3900b3cc89ee}|AppName, DustApps-buttonutil.exe, , [896492a05a314cead854128342c25da3]
PUP.Optional.DustApps, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{CE9793E8-C305-45AA-AE10-52EE0ADDED4F}_is1|DisplayName, DustApps version 1.7, , [f0fd6fc3028965d168efb5e37094ef11]
PUP.Optional.Omniboxes.ShrtCln, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, http://www.omniboxes.com/web/?type=ds&ts=1427542011&from=bpr&uid=ST9500420AS_5VJE0CR8XXXX5VJE0CR8&q={searchTerms}, , [539a969c404b5bdbd1083147a65e0cf4]
Trojan.Agent.U, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|DustApps, "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\system32\config\systemprofile\AppData\Local\DustApps\updater.dll",UpdaterEntryPoint /startup, , [3bb2b67c305b3ff791fbc2fa887bce32]
PUP.Optional.DustApps, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|DustApps, "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\system32\config\systemprofile\AppData\Local\DustApps\updater.dll",UpdaterEntryPoint /startup, , [36b773bf6724b0866ce962360afa52ae]
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-3913334427-2417261059-329747614-1001\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\apjkpjchfbckhjhokinlgdbmibpbbjak|path, C:\Users\Stephanie\AppData\Local\CRE\apjkpjchfbckhjhokinlgdbmibpbbjak.crx, , [bc31d062d7b4fd39b93965cead56af51]
PUP.Optional.W3i, HKU\S-1-5-21-3913334427-2417261059-329747614-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{DECA3892-BA8F-44b8-A993-A466AD694AE4}|URL, http://www.search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20120623,17127,0,18,0, , [87660230513a5fd7084c893d0afa41bf]
 
Registry Data: 6
PUP.Optional.Omniboxes.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://www.omniboxes.com/web/?type=ds&ts=1427542011&from=bpr&uid=ST9500420AS_5VJE0CR8XXXX5VJE0CR8&q={searchTerms}, Good: (www.google.com), Bad: (http://www.omniboxes.com/web/?type=ds&ts=1427542011&from=bpr&uid=ST9500420AS_5VJE0CR8XXXX5VJE0CR8&q={searchTerms}),,[5796cb67a4e79f9749828ce814f1ca36]
PUP.Optional.Omniboxes.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.omniboxes.com/?type=hp&ts=1427542011&from=bpr&uid=ST9500420AS_5VJE0CR8XXXX5VJE0CR8, Good: (www.google.com), Bad: (http://www.omniboxes.com/?type=hp&ts=1427542011&from=bpr&uid=ST9500420AS_5VJE0CR8XXXX5VJE0CR8),,[5b92ba7816759f979b30641034d11be5]
PUP.Optional.Omniboxes.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.omniboxes.com/?type=hp&ts=1427542011&from=bpr&uid=ST9500420AS_5VJE0CR8XXXX5VJE0CR8, Good: (www.google.com), Bad: (http://www.omniboxes.com/?type=hp&ts=1427542011&from=bpr&uid=ST9500420AS_5VJE0CR8XXXX5VJE0CR8),,[2cc142f0eaa11422c80334409c696997]
PUP.Optional.Omniboxes.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://www.omniboxes.com/web/?type=ds&ts=1427542011&from=bpr&uid=ST9500420AS_5VJE0CR8XXXX5VJE0CR8&q={searchTerms}, Good: (www.google.com), Bad: (http://www.omniboxes.com/web/?type=ds&ts=1427542011&from=bpr&uid=ST9500420AS_5VJE0CR8XXXX5VJE0CR8&q={searchTerms}),,[6b829b97d3b8b185ffccc8ac897c8779]
PUP.Optional.Omniboxes.ShrtCln, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.omniboxes.com/?type=hp&ts=1427542011&from=bpr&uid=ST9500420AS_5VJE0CR8XXXX5VJE0CR8, Good: (www.google.com), Bad: (http://www.omniboxes.com/?type=hp&ts=1427542011&from=bpr&uid=ST9500420AS_5VJE0CR8XXXX5VJE0CR8),,[826b2a08414af0466d5f6d0713f205fb]
PUP.Optional.Omniboxes.ShrtCln, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.omniboxes.com/?type=hp&ts=1427542011&from=bpr&uid=ST9500420AS_5VJE0CR8XXXX5VJE0CR8, Good: (www.google.com), Bad: (http://www.omniboxes.com/?type=hp&ts=1427542011&from=bpr&uid=ST9500420AS_5VJE0CR8XXXX5VJE0CR8),,[2dc0dc566e1d92a4fad288eca85dab55]
 
Folders: 4
PUP.Optional.UpdaterToolService, C:\Program Files (x86)\Bin\UpdateTool, , [8c61b1812b60270f6f48bb09c341a15f], 
PUP.Optional.UpdaterToolService, C:\Program Files (x86)\Bin, , [8c61b1812b60270f6f48bb09c341a15f], 
PUP.Optional.SearchProtect, C:\Windows\SysWOW64\SearchProtect, , [9e4f6ec4008b3afc7d745ed2a45f7b85], 
PUP.Optional.SearchProtect, C:\Windows\SysWOW64\SearchProtect\Logs, , [9e4f6ec4008b3afc7d745ed2a45f7b85], 
 
Files: 71
PUP.Optional.MindSpark, C:\Users\Stephanie\Downloads\InboxAce.exe, , [4da0d65cdfac72c429322c7f768f9e62], 
PUP.Optional.UpdateService, C:\Windows\Updatesvc.exe, , [7e6f062cb8d374c28c26863a7c85639d], 
PUP.Optional.Winsock.HijackBoot, C:\Windows\Provider.dll, , [2ebf3bf794f7ee48e7b1584c649dab55], 
PUP.Optional.Winsock.HijackBoot, C:\Windows\System32\GambaliOff.ini, , [569790a2bdce6dc9e20d1b1a4fb48a76], 
PUP.Optional.Winsock.HijackBoot, C:\Windows\System32\Gambali64.dll, , [519ca38fff8c2412cb7690e87e86e61a], 
PUP.Optional.GoForFiles, C:\Windows\System32\Tasks\GoforFilesUpdate, , [8667cd65f59658deb1a1207e5fa52cd4], 
PUP.Optional.SearchApp, C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\8yk3jr15.default\extensions\{869eaa8e-27d4-4a31-bc79-773154814090}.xpi, , [64897eb44e3d4ee8bed337814db7b947], 
PUP.Optional.UpdaterToolService, C:\Program Files (x86)\Bin\UpdateTool\Downloader.Core.dll, , [8c61b1812b60270f6f48bb09c341a15f], 
PUP.Optional.UpdaterToolService, C:\Program Files (x86)\Bin\UpdateTool\UpdaterToolService.exe, , [8c61b1812b60270f6f48bb09c341a15f], 
PUP.Optional.MySearchDial, C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\8yk3jr15.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.AL", 2);), ,[b637003219722610e40214990bfaef11]
PUP.Optional.MySearchDial, C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\8yk3jr15.default\prefs.js, Good: (), Bad: (ser Preferences
 
/* Do not edit this file.
 *
 * I), ,[4ba2bc76583387af19cd9f0ee1249c64]
PUP.Optional.MySearchDial, C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\8yk3jr15.default\prefs.js, Good: (), Bad: (nces
 
/* Do not edit this file.
 *
 * If you make changes to this file while the ), ,[ed0052e0355658deba2ca60754b1dd23]
PUP.Optional.MySearchDial, C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\8yk3jr15.default\prefs.js, Good: (), Bad: (e.
 *
 * If you make changes to this file while the application is running,
 * the changes will be overwritten when the application exits.
 *
 * To make ), ,[ad406bc7c3c869cd2bbb3f6eec1903fd]
PUP.Optional.MySearchDial, C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\8yk3jr15.default\prefs.js, Good: (), Bad: (ing,
 * the changes will be overwritten when the), ,[0fde6ac84645dc5a2abc2c815fa66b95]
PUP.Optional.MySearchDial, C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\8yk3jr15.default\prefs.js, Good: (), Bad: (eferences
 
/* Do not edit this file.
 *
 * If you), ,[feef11218ffc3501776f2885df265ca4]
PUP.Optional.MySearchDial, C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\8yk3jr15.default\prefs.js, Good: (), Bad: (ences
 
/* Do not edit this file.
 *
 * If you), ,[34b9b0821378c76fa93d18950cf9ca36]
PUP.Optional.MySearchDial, C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\8yk3jr15.default\prefs.js, Good: (), Bad: (eferences
 
/* Do not edit this file.
 *
 * If yo), ,[6f7ee54d74176ec84a9cfbb231d4728e]
PUP.Optional.MySearchDial, C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\8yk3jr15.default\prefs.js, Good: (), Bad: (rences
 
/* Do not edit this file.
 *
 * If you), ,[feef65cde5a6a1958f57e1cc15f0936d]
PUP.Optional.MySearchDial, C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\8yk3jr15.default\prefs.js, Good: (), Bad: (ferences
 
/* Do not edit this file.
 *
 * If you make changes to this file while the application is running,
 * the changes will be overwritten when the application exits.
 *
 * To make a manual change to preferences, you can visit the URL about:config
 */
 
user_pref("accessibility.typeaheadfind.flashBar", 0);
user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1430842310);
user_pref("app.update.lastUpdateTime.background-update-timer", 1430801882);
user_pref("app.update.lastUpdateTime.blocklist-background-update-timer", 1430801522);
user_pref("app.update.lastUpdateTime.browser-cleanup-thumbna), ,[28c5240e4f3c7eb815d11c91ce37b14f]
PUP.Optional.MySearchDial, C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\8yk3jr15.default\prefs.js, Good: (), Bad: ("app.update.lastUpdateTime.browser-cleanup-thumbnail), ,[816cca680c7fd1654e983974e22320e0]
PUP.Optional.MySearchDial, C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\8yk3jr15.default\prefs.js, Good: (), Bad: (rences
 
/* Do not edit this file.
 *
 * If you make changes to this file whi), ,[cb22b87aacdf38fe22c4affe0203aa56]
PUP.Optional.MySearchDial, C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\8yk3jr15.default\prefs.js, Good: (), Bad: (s file.
 *
 * If you make changes to this file), ,[fcf11919e8a33402cd19446956afa55b]
PUP.Optional.MySearchDial, C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\8yk3jr15.default\prefs.js, Good: (), Bad: (references
 
/* Do not edit this file.
 *
 * If you make changes to this file while the application is running,
 * the changes will be overwritten when the application exits.
 *
 * To make a manual change to preferences, yo), ,[c22b53df4e3d44f246a008a56f96fd03]
PUP.Optional.MySearchDial, C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\8yk3jr15.default\prefs.js, Good: (), Bad: (*
 * To make a manual change to preferences, you can visit ), ,[6588270bf695c076f3f3614c7392de22]
PUP.Optional.MySearchDial, C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\8yk3jr15.default\prefs.js, Good: (), Bad: (
/* Do not edit this file.
 *
 * If you make changes), ,[39b4a78bc8c350e608decae3b15410f0]
PUP.Optional.MySearchDial, C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\8yk3jr15.default\prefs.js, Good: (), Bad: (ces
 
/* Do not edit this file.
 *
 * If you ma), ,[9e4f88aaeba08caa6d79e8c5e0258878]
PUP.Optional.MySearchDial, C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\8yk3jr15.default\prefs.js, Good: (), Bad: (ferences
 
/* Do not edit this file.
 *
 * If you make changes to this file while the application is running,
 * the changes will be overwritten when the application exits.
 *
 * To make a manual change to preferences, yo), ,[d9147fb396f5b3839650dfce18ed6e92]
PUP.Optional.MySearchDial, C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\8yk3jr15.default\prefs.js, Good: (), Bad: (
 *
 * To make a manual change to preferences, you can visit the U), ,[1ecf181a5a3166d05492703de42139c7]
PUP.Optional.MySearchDial, C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\8yk3jr15.default\prefs.js, Good: (), Bad: ( not edit this file.
 *
 * If you make changes to this file while the application is running,
 * the changes will be overwritten when the application exits.
 *
 * To make a manual change to preferences, you can visit the URL a), ,[905d969c1477270f3fa7bdf0c342cc34]
PUP.Optional.MySearchDial, C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\8yk3jr15.default\prefs.js, Good: (), Bad: (
 * To make a manual change to preferences, you can visit the URL about:config
 */
 
user_pref("accessibility.typeaheadfind.flashBar", 0);
user_pref("app.update.lastUpdateTime.addon- B), ,[905dcd65b8d38ea83fa75a532bdaa15f]
PUP.Optional.MySearchDial, C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\8yk3jr15.default\prefs.js, Good: (), Bad: ( overwritten when the application exits.
 *
 * To make a ), ,[d31a9a98711a5bdbfaecbdf0a85d41bf]
PUP.Optional.MySearchDial, C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\8yk3jr15.default\prefs.js, Good: (), Bad: (
 
/* Do not edit this file.
 *
 * If you make changes to t), ,[26c73cf6a0ebca6c9d497f2eff06b34d]
PUP.Optional.MySearchDial, C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\8yk3jr15.default\prefs.js, Good: (), Bad: (
/* Do not edit this file.
 *
 * If you make c), ,[717c969c6922ed4925c1dfce00059070]
PUP.Optional.MySearchDial, C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\8yk3jr15.default\prefs.js, Good: (), Bad: (references
 
/* Do not edit this file.
 *
 * If you make cha), ,[c12cc66cb3d87db9edf9fdb0858004fc]
PUP.Optional.MySearchDial, C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\8yk3jr15.default\prefs.js, Good: (), Bad: (* Do not edit this file.
 *
 * If you make changes), ,[638a2012afdca88e5f87cde07590946c]
PUP.Optional.MySearchDial, C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\8yk3jr15.default\prefs.js, Good: (), Bad: (rences
 
/* Do not edit this file.
 *
 * If you make changes to this file while the application is running,
 * the changes will be overwritten when the application exits.
 *
 * To make a manual change to preferences, you can visit), ,[be2ff939ee9d181ec521d1dc33d202fe]
PUP.Optional.MySearchDial, C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\8yk3jr15.default\prefs.js, Good: (), Bad: (o make a manual change to preferences, you can visit t), ,[529be2502d5e6acc6f77a30ae61f54ac]
PUP.Optional.MySearchDial, C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\8yk3jr15.default\prefs.js, Good: (), Bad: (nces
 
/* Do not edit this file.
 *
 * If you make c), ,[9756c76b8803f3435195d0dd64a106fa]
PUP.Optional.MySearchDial, C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\8yk3jr15.default\prefs.js, Good: (), Bad: (ferences
 
/* Do not edit this file.
 *
 * If you ), ,[26c782b00d7e60d627bf1e8f7d8837c9]
PUP.Optional.MySearchDial, C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\8yk3jr15.default\prefs.js, Good: (), Bad: (ences
 
/* Do not edit this file.
 *
 * If you make ), ,[f4f9cc6656358aaceff71598e322936d]
PUP.Optional.MySearchDial, C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\8yk3jr15.default\prefs.js, Good: (), Bad: (ces
 
/* Do not edit this file.
 *
 * If you make changes to t), ,[529b82b0dcafd95d8462b3fab25314ec]
PUP.Optional.MySearch, C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\8yk3jr15.default\user.js, Good: (), Bad: (user_pref("extensions.irmysearch.aflt", "aw0202ie");), ,[539a82b08ffc84b2b92bc2eb3dc8d42c]
PUP.Optional.MySearch, C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\8yk3jr15.default\user.js, Good: (), Bad: (tocol-handler.warn-external.dnupdate", false);us), ,[b6379c96305b6fc782625954ab5a47b9]
PUP.Optional.MySearch, C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\8yk3jr15.default\user.js, Good: (), Bad: (.protocol-handler.warn-external.dnupdate", false);u), ,[08e588aa6f1c9d999252129bc54022de]
PUP.Optional.MySearch, C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\8yk3jr15.default\user.js, Good: (), Bad: (otocol-handler.warn-external.dnupdate", false);user_pref("network.protocol-handler.warn-external.dnupdate", false);user_pref("yahoo.ytff.general.dontshowhpo), ,[f5f83bf777147abc7371674650b550b0]
PUP.Optional.MySearchDial, C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\8yk3jr15.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.hmpg", true);), ,[c22ba48eb8d368cee00855586b9afd03]
PUP.Optional.MySearchDial, C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\8yk3jr15.default\user.js, Good: (), Bad: (rk.protocol-handler.warn-external.dnupdate", false);user_pref("network.protocol-handler.warn-external.dnupdate", false);user_pref("yahoo.ytff.general.dontshowhpoffer", true);
user_pref("extensions.mysearchdial.hmpg", true);
use), ,[2cc154de2764ee4802e629845ea7f50b]
PUP.Optional.MySearchDial, C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\8yk3jr15.default\user.js, Good: (), Bad: (pref("extensions.mysearchdial.hmpg", true);
user_pr), ,[47a6ae848ffcbf779256406d1de87a86]
PUP.Optional.MySearchDial, C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\8yk3jr15.default\user.js, Good: (), Bad: (rotocol-handler.warn-external.dnupdate", false);user_pref("netw), ,[b538042e5437f442d513b0fd1ce944bc]
PUP.Optional.MySearchDial, C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\8yk3jr15.default\user.js, Good: (), Bad: (dler.warn-external.dnupdate", false);user_pref("ne), ,[c726d65cd0bb360026c2affe1fe6f010]
PUP.Optional.MySearchDial, C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\8yk3jr15.default\user.js, Good: (), Bad: (.protocol-handler.warn-external.dnupdate", false);use), ,[f9f43bf7eba079bdfbed5c5152b360a0]
PUP.Optional.MySearchDial, C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\8yk3jr15.default\user.js, Good: (), Bad: (otocol-handler.warn-external.dnupdate", false);user_pref("network.protocol-handler.warn-external.dnupdate", false);user_pref("yahoo.ytff.general.dontshowhpoffer", true);
user_pref("extensions.mysearchdial.hmpg", true);
user_pref(), ,[c22b0c26a1ea191d2ebac1ecc54021df]
PUP.Optional.MySearchDial, C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\8yk3jr15.default\user.js, Good: (), Bad: (ef("extensions.mysearchdial.hmpg", true);
PUP.Optional.MySearchDial, C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\8yk3jr15.default\user.js, Good: (), Bad: (xtensions.mysearchdial.hmpg", true);
user_pref("extensions.), ,[f3fa4de5fd8e3cfa37b14e5f9174c63a]
PUP.Optional.MySearchDial, C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\8yk3jr15.default\user.js, Good: (), Bad: (handler.warn-external.dnupdate", false);user_pref("netw), ,[c42960d2f19a1a1c4d9bd8d5a2634db3]
PUP.Optional.MySearchDial, C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\8yk3jr15.default\user.js, Good: (), Bad: (ocol-handler.warn-external.dnupdate", false);user_pref), ,[5994f63ca0eb8ea8aa3e634a3bcafb05]
PUP.Optional.MySearchDial, C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\8yk3jr15.default\user.js, Good: (), Bad: (tocol-handler.warn-external.dnupdate", false);user_pref), ,[836a3002018a64d25f892a8318ed5aa6]
PUP.Optional.MySearchDial, C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\8yk3jr15.default\user.js, Good: (), Bad: (ocol-handler.warn-external.dnupdate", false);user_pref("network.p), ,[6588a2907c0f15212abe2c817a8bde22]
PUP.Optional.MySearchDial, C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\8yk3jr15.default\user.js, Good: (), Bad: (er.warn-external.dnupdate", false);user_pref("network.protoco), ,[618cff3306850c2a7771cedf53b2ef11]
PUP.Optional.MySearchDial, C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\8yk3jr15.default\user.js, Good: (), Bad: (andler.warn-external.dnupdate", false);user_pref("network.p), ,[0edf260c1b703600628655589b6a34cc]
PUP.Optional.MySearchDial, C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\8yk3jr15.default\user.js, Good: (), Bad: (-handler.warn-external.dnupdate", false);user_pref("ne), ,[25c875bd236854e264844f5e62a3748c]
PUP.Optional.MySearchDial, C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\8yk3jr15.default\user.js, Good: (), Bad: (ocol-handler.warn-external.dnupdate", false);user_pr), ,[05e8ee44c0cb0b2bf0f85855f015d42c]
PUP.Optional.MySearchDial, C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\8yk3jr15.default\user.js, Good: (), Bad: (rotocol-handler.warn-external.dnupdate", false);us), ,[1dd0072b1a71979f5890505ddd28d22e]
PUP.Optional.MySearchDial, C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\8yk3jr15.default\user.js, Good: (), Bad: (.protocol-handler.warn-external.dnupdate", false)), ,[17d60230137863d3bc2cb7f63fc6d42c]
PUP.Optional.MySearchDial, C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\8yk3jr15.default\user.js, Good: (), Bad: (k.protocol-handler.warn-external.dnupdate", false);user_pref("network.protocol-handle), ,[42ab8da53a51e35390584766d134e41c]
PUP.Optional.MySearchDial, C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\8yk3jr15.default\user.js, Good: (), Bad: (pdate", false);user_pref("network.protocol-handler.w), ,[6c813cf6abe074c23baddcd1a0659967]
PUP.Optional.MySearchDial, C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\8yk3jr15.default\user.js, Good: (), Bad: (otocol-handler.warn-external.dnupdate", false);user_pref("network.protocol-handler.warn-external.dnupdate", false);user_pref("yahoo.ytff.general.dontshowhpoff), ,[84693002d4b75dd9ecfcb4f97e87ce32]
PUP.Optional.MySearchDial, C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\8yk3jr15.default\user.js, Good: (), Bad: (", false);user_pref("yahoo.ytff.general.don), ,[a746d16128632c0a2cbc327bb84d0df3]
PUP.Optional.MySearchDial, C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\8yk3jr15.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.hmpgUrl", "http://start.mysearchdial.com/?f=1&a=aw0202ie&cd=2XzuyEtN2Y1L1QzutDzztCtCzyyCtBtBtAzzzy0D0AtC0EyCtN0D0Tzu0CyByByBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=671282488&ir=");), ,[faf3a989eba07cba8960c2eb7e8728d8]
PUP.Optional.MySearchDial, C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\8yk3jr15.default\user.js, Good: (), Bad: (EyCtN0D0Tzu0CyByByBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=671282488&ir=");
user_pref("extensions.mysearchdial.dfltSrch", true);
user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
user_pref("extensions), ,[45a8949ebad10a2c3cad991425e029d7]
PUP.Optional.MySearchDial, C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\8yk3jr15.default\user.js, Good: (), Bad: (f.general.dontshowhpoffer", true);
user_pref("extensions.mysearchdial.hmpg", true);
user_pref("extensions.mysearchdial.hmpgUrl", "http://start.mysearchdial.com/?f=1&a=aw0202ie&cd=2XzuyEtN2Y1L1QzutDzztCtCzyyCtBtBtAzzzy0D0AtC0EyCtN0D0Tz), ,[5e8f062cf6951e187a6f04a900058c74]
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

Edited by vid2, 26 October 2015 - 06:05 PM.


#8 Peter Hart

Peter Hart

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 27 October 2015 - 08:30 AM

Based on what I am seeing I am assuming you cleaned all the options that appeared. After cleaning those and restarting the machine how is it performing now?



#9 vid2

vid2
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 27 October 2015 - 10:06 AM

No I did not use the program to clean them. I was waiting on the advice of those more experienced than myself. One thing to ask, would it be entirely safe to clean all of the above errors and still have a working system? TIA

#10 SpaceKitty320

SpaceKitty320

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Intranots
  • Local time:06:29 PM

Posted 01 November 2015 - 02:57 PM

Seems to me like a MySearchDial infestation has hit you. Go to your local IT helper, maybe they can help you delete it from the registry. It's the only hope if it goes too far. Maybe reinstalling your browsers may help?


Seems to me like a MySearchDial infestation has hit you. Go to your local IT helper, maybe they can help you delete it from the registry. It's the only hope if it goes too far. Maybe reinstalling your browsers may help?



#11 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Members
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:06:29 PM

Posted 01 November 2015 - 10:42 PM

vid2, do you still need help with this? If so, I can put out a call for someone to help you.

#12 vid2

vid2
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 02 November 2015 - 03:41 PM

I do thank you. I have removed or quarantined the My Search Dial stuff with the Malwarebytes application and have removed the Mozilla browser. However, I am still unable to view homegroup or connect to the internet. Runs in safe mode with a bright enough screen for me to see. Entirely different story in reg mode. When I try to download BitDefender by usb it keeps telling me that I need their installer to get the program to run.

 

 

I think this is what I still need assistance with. Thanks.

 

 

Registry Keys: 25
PUP.Optional.MySearchDial, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}, , [717c80b26724043235f1a842dc265ea2], 
PUP.Optional.MySearchDial, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}, , [717c80b26724043235f1a842dc265ea2], 
PUP.Optional.MySearchDial, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, , [7c713cf6c0cba59130f3b6343ac842be], 
PUP.Optional.FlashBeat, HKLM\SOFTWARE\Flashbeat, , [3cb1e1512c5fbb7b304f3665d72dbe42], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\33230, , [cd207db5aedd0432a782672ebd472fd1], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1696F4AF-B244-40C1-B693-DE746AA98152}, , [08e5de548407082e210c692ce81ccd33], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{645C0977-142A-4ADF-8EB4-262EBC21A627}, , [e7061f138407f5415ecddbba14f06e92], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D950BEEF-48CB-4850-A45E-3900B3CC89EE}, , [0be2f2403f4c24127ab2365f48bcba46], 
PUP.Optional.GoForFiles, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\GoforFilesUpdate, , [24c9a68c2962280e8ec79806ef15a45c], 
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\APJKPJCHFBCKHJHOKINLGDBMIBPBBJAK, , [01ec949ee3a82a0cb43d6cc740c3a759], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1696F4AF-B244-40C1-B693-DE746AA98152}, , [a14c6dc5d8b38ea84be2b4e1010343bd], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{645C0977-142A-4ADF-8EB4-262EBC21A627}, , [26c7ba787f0c64d236f5fe972bd9ac54], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D950BEEF-48CB-4850-A45E-3900B3CC89EE}, , [896492a05a314cead854128342c25da3], 
PUP.Optional.DustApps, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{CE9793E8-C305-45AA-AE10-52EE0ADDED4F}_IS1, , [f0fd6fc3028965d168efb5e37094ef11], 
PUP.Optional.DustApps, HKU\S-1-5-18\SOFTWARE\DustApps, , [8c610e24eaa1ca6ced67a1f7fc085aa6], 
PUP.Optional.DustApps, HKU\S-1-5-18\SOFTWARE\DustAppsIE, , [28c5d062771439fd98bc6f29857f0ff1], 
PUP.Optional.SuperOptimizer, HKU\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, , [aa43151d8ffcc86e6f81b40b26dee21e], 
PUP.Optional.DustApps, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\DustApps, , [20cd4de5c6c582b41241c1d78e76de22], 
PUP.Optional.DustApps, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\DustAppsIE, , [46a7ed45117a3cfa0a49fe9a26dec937], 
PUP.Optional.SelectNGo, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\Select-N-Go, , [1fce290957345bdb562ea911798b52ae], 
PUP.Optional.Omniboxes.ShrtCln, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [539a969c404b5bdbd1083147a65e0cf4], 
PUP.Optional.SuperOptimizer, HKU\S-1-5-19\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, , [2ebfc36f98f340f6638de9d67d87e020], 
PUP.Optional.SuperOptimizer, HKU\S-1-5-20\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, , [8568fb372764da5ceb05328dbf45946c], 
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-3913334427-2417261059-329747614-1001\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\APJKPJCHFBCKHJHOKINLGDBMIBPBBJAK, , [bc31d062d7b4fd39b93965cead56af51], 
PUP.Optional.W3i, HKU\S-1-5-21-3913334427-2417261059-329747614-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{DECA3892-BA8F-44B8-A993-A466AD694AE4}, , [87660230513a5fd7084c893d0afa41bf], 
 
Registry Values: 18
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1696f4af-b244-40c1-b693-de746aa98152}|AppName, DustApps-codedownloader.exe, , [08e5de548407082e210c692ce81ccd33]
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{645c0977-142a-4adf-8eb4-262ebc21a627}|AppName, DustApps-bg.exe, , [e7061f138407f5415ecddbba14f06e92]
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{d950beef-48cb-4850-a45e-3900b3cc89ee}|AppName, DustApps-buttonutil.exe, , [0be2f2403f4c24127ab2365f48bcba46]
PUP.Optional.MySearchDial, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}|URL,http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=ir_14_16_ie&cd=2XzuyEtN2Y1L1QzutDzztCtCzyyCtBtBtAzzzy0D0AtC0EyCtN0D0Tzu0SzzyEtDtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StC0B0F0B0DyC0CyEtGzzzy0AtCtG0FtC0CyBtGtCtDyEtBtGtA0BtD0AzytAyEtBzy0AyByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDyEyB0EtC0Bzz0DtG0DtBtAyCtGtA0FyDtBtG0EyC0AtBtGtC0F0CtD0DtC0F0B0FyD0DtA2Q&cr=2073596231&ir=, , [07e6fb37157682b48d64f5b859abe818]
PUP.Optional.MySearchDial, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}|TopResultURLFallback, http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=ir_14_16_ie&cd=2XzuyEtN2Y1L1QzutDzztCtCzyyCtBtBtAzzzy0D0AtC0EyCtN0D0Tzu0SzzyEtDtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StC0B0F0B0DyC0CyEtGzzzy0AtCtG0FtC0CyBtGtCtDyEtBtGtA0BtD0AzytAyEtBzy0AyByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDyEyB0EtC0Bzz0DtG0DtBtAyCtGtA0FyDtBtG0EyC0AtBtGtC0F0CtD0DtC0F0B0FyD0DtA2Q&cr=2073596231&ir=, , [8c6176bc365593a3886938755aaa4db3]
PUP.Optional.MySearchDial, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}|FaviconPath, C:\Program Files (x86)\Mysearchdial\1.8.29.0\FavIcon.ico, , [806d072b3e4d42f451a005a8e2223bc5]
PUP.Optional.MySearchDial, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, Mysearchdial, , [df0e7ab84f3c9d9970817b3259ab9769]
PUP.Optional.MySearchDial, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}|DisplayName, Mysearchdial, , [fcf175bde6a5ca6c8e6315989a6a04fc]
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\apjkpjchfbckhjhokinlgdbmibpbbjak|path, C:\Users\Stephanie\AppData\Local\CRE\apjkpjchfbckhjhokinlgdbmibpbbjak.crx, , [01ec949ee3a82a0cb43d6cc740c3a759]
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1696f4af-b244-40c1-b693-de746aa98152}|AppName, DustApps-codedownloader.exe, , [a14c6dc5d8b38ea84be2b4e1010343bd]
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{645c0977-142a-4adf-8eb4-262ebc21a627}|AppName, DustApps-bg.exe, , [26c7ba787f0c64d236f5fe972bd9ac54]
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{d950beef-48cb-4850-a45e-3900b3cc89ee}|AppName, DustApps-buttonutil.exe, , [896492a05a314cead854128342c25da3]
PUP.Optional.DustApps, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{CE9793E8-C305-45AA-AE10-52EE0ADDED4F}_is1|DisplayName, DustApps version 1.7, , [f0fd6fc3028965d168efb5e37094ef11]
PUP.Optional.Omniboxes.ShrtCln, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, http://www.omniboxes.com/web/?type=ds&ts=1427542011&from=bpr&uid=ST9500420AS_5VJE0CR8XXXX5VJE0CR8&q={searchTerms}, , [539a969c404b5bdbd1083147a65e0cf4]
Trojan.Agent.U, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|DustApps, "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\system32\config\systemprofile\AppData\Local\DustApps\updater.dll",UpdaterEntryPoint /startup, , [3bb2b67c305b3ff791fbc2fa887bce32]
PUP.Optional.DustApps, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|DustApps, "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\system32\config\systemprofile\AppData\Local\DustApps\updater.dll",UpdaterEntryPoint /startup, , [36b773bf6724b0866ce962360afa52ae]
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-3913334427-2417261059-329747614-1001\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\apjkpjchfbckhjhokinlgdbmibpbbjak|path, C:\Users\Stephanie\AppData\Local\CRE\apjkpjchfbckhjhokinlgdbmibpbbjak.crx, , [bc31d062d7b4fd39b93965cead56af51]
PUP.Optional.W3i, HKU\S-1-5-21-3913334427-2417261059-329747614-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{DECA3892-BA8F-44b8-A993-A466AD694AE4}|URL, http://www.search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20120623,17127,0,18,0, , [87660230513a5fd7084c893d0afa41bf]
 
Registry Data: 6
PUP.Optional.Omniboxes.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://www.omniboxes.com/web/?type=ds&ts=1427542011&from=bpr&uid=ST9500420AS_5VJE0CR8XXXX5VJE0CR8&q={searchTerms}, Good: (www.google.com), Bad: (http://www.omniboxes.com/web/?type=ds&ts=1427542011&from=bpr&uid=ST9500420AS_5VJE0CR8XXXX5VJE0CR8&q={searchTerms}),,[5796cb67a4e79f9749828ce814f1ca36]
PUP.Optional.Omniboxes.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.omniboxes.com/?type=hp&ts=1427542011&from=bpr&uid=ST9500420AS_5VJE0CR8XXXX5VJE0CR8, Good: (www.google.com), Bad: (http://www.omniboxes.com/?type=hp&ts=1427542011&from=bpr&uid=ST9500420AS_5VJE0CR8XXXX5VJE0CR8),,[5b92ba7816759f979b30641034d11be5]
PUP.Optional.Omniboxes.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.omniboxes.com/?type=hp&ts=1427542011&from=bpr&uid=ST9500420AS_5VJE0CR8XXXX5VJE0CR8, Good: (www.google.com), Bad: (http://www.omniboxes.com/?type=hp&ts=1427542011&from=bpr&uid=ST9500420AS_5VJE0CR8XXXX5VJE0CR8),,[2cc142f0eaa11422c80334409c696997]
PUP.Optional.Omniboxes.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://www.omniboxes.com/web/?type=ds&ts=1427542011&from=bpr&uid=ST9500420AS_5VJE0CR8XXXX5VJE0CR8&q={searchTerms}, Good: (www.google.com), Bad: (http://www.omniboxes.com/web/?type=ds&ts=1427542011&from=bpr&uid=ST9500420AS_5VJE0CR8XXXX5VJE0CR8&q={searchTerms}),,[6b829b97d3b8b185ffccc8ac897c8779]
PUP.Optional.Omniboxes.ShrtCln, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.omniboxes.com/?type=hp&ts=1427542011&from=bpr&uid=ST9500420AS_5VJE0CR8XXXX5VJE0CR8, Good: (www.google.com), Bad: (http://www.omniboxes.com/?type=hp&ts=1427542011&from=bpr&uid=ST9500420AS_5VJE0CR8XXXX5VJE0CR8),,[826b2a08414af0466d5f6d0713f205fb]
PUP.Optional.Omniboxes.ShrtCln, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.omniboxes.com/?type=hp&ts=1427542011&from=bpr&uid=ST9500420AS_5VJE0CR8XXXX5VJE0CR8, Good: (www.google.com), Bad: (http://www.omniboxes.com/?type=hp&ts=1427542011&from=bpr&uid=ST9500420AS_5VJE0CR8XXXX5VJE0CR8),,[2dc0dc566e1d92a4fad288eca85dab55]
 
Folders: 4
PUP.Optional.UpdaterToolService, C:\Program Files (x86)\Bin\UpdateTool, , [8c61b1812b60270f6f48bb09c341a15f], 
PUP.Optional.UpdaterToolService, C:\Program Files (x86)\Bin, , [8c61b1812b60270f6f48bb09c341a15f], 
PUP.Optional.SearchProtect, C:\Windows\SysWOW64\SearchProtect, , [9e4f6ec4008b3afc7d745ed2a45f7b85], 
PUP.Optional.SearchProtect, C:\Windows\SysWOW64\SearchProtect\Logs, , [9e4f6ec4008b3afc7d745ed2a45f7b85], 
 
Files: 71
PUP.Optional.MindSpark, C:\Users\Stephanie\Downloads\InboxAce.exe, , [4da0d65cdfac72c429322c7f768f9e62], 
PUP.Optional.UpdateService, C:\Windows\Updatesvc.exe, , [7e6f062cb8d374c28c26863a7c85639d], 
PUP.Optional.Winsock.HijackBoot, C:\Windows\Provider.dll, , [2ebf3bf794f7ee48e7b1584c649dab55], 
PUP.Optional.Winsock.HijackBoot, C:\Windows\System32\GambaliOff.ini, , [569790a2bdce6dc9e20d1b1a4fb48a76], 
PUP.Optional.Winsock.HijackBoot, C:\Windows\System32\Gambali64.dll, , [519ca38fff8c2412cb7690e87e86e61a], 
PUP.Optional.GoForFiles, C:\Windows\System32\Tasks\GoforFilesUpdate, , [8667cd65f59658deb1a1207e5fa52cd4], 
PUP.Optional.SearchApp, C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\8yk3jr15.default\extensions\{869eaa8e-27d4-4a31-bc79-773154814090}.xpi, , [64897eb44e3d4ee8bed337814db7b947], 
PUP.Optional.UpdaterToolService, C:\Program Files (x86)\Bin\UpdateTool\Downloader.Core.dll, , [8c61b1812b60270f6f48bb09c341a15f], 
PUP.Optional.UpdaterToolService, C:\Program Files (x86)\Bin\UpdateTool\UpdaterToolService.exe, , [8c61b1812b60270f6f48bb09c341a15f], 
PUP.Optional.MySearchDial, C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\8yk3jr15.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.AL", 2);), ,[b637003219722610e40214990bfaef11]
PUP.Optional.MySearchDial, C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\8yk3jr15.default\prefs.js, Good: (), Bad: (ser Preferences

Edited by vid2, 02 November 2015 - 03:57 PM.


#13 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Members
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:06:29 PM

Posted 02 November 2015 - 04:34 PM

vid2, I put out a call for someone to help you. Please be patient (I know it's hard to do when you have issues that need to be resolved) while you wait for someone to respond.



#14 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Members
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:06:29 PM

Posted 02 November 2015 - 06:42 PM

vid2, A member of the Malware Response Team looked at the this topic and found something concerning.
 
This is what he had to say:
 

Beside a lot of PUP's the scan shows:
Trojan.Agent.U, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|DustApps, "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\system32\config\systemprofile\AppData\Local\DustApps\updater.dll",UpdaterEntryPoint /startup, , [3bb2b67c305b3ff791fbc2fa887bce32]

PUP.Optional.DustApps, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|DustApps, "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\system32\config\systemprofile\AppData\Local\DustApps\updater.dll",UpdaterEntryPoint /startup, , [36b773bf6724b0866ce962360afa52ae

Looks like pwd stealer trojan

http://www.systemlookup.com/CLSID/53974-updater_dll.html

 
His advice is for you to start a new topic in Malware Removal Logs forum.
 
Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help.

 
After running all the requested tools, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum.

 
Include a description of your issue, and a link to this topic. Also, in this topic, please reply and state that you did post logs in the above forum.

 
After your logs have been posted

 
Please refrain from asking for further help from other members or staff until the Malware Removal Team has checked your posted log. The Malware Removal Team work very hard to investigate a unique solution to your problem and you will receive individual expert assistance. This takes time and effort so we ask you to please be patient while waiting for assistance and NOT to make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member. Any modifications you make on your own can result in system changes which may not show it the log you already posted. Further, following advice outside of that post may cause confusion for the team member assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

 
The Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean. If you followed any other advice already, please ensure you inform the Malware Removal Team Team Helper when they respond to assist you with your log. This will help them know what has been done and they probably will ask for an updated log.

 
Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another Malware Removal Team member is already assisting you and not open the thread to respond.

 
If HelpBot replies to your topic, please follow Step One so it will report your topic to the team members.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users