#1  
Old 01-31-2014, 11:53 AM
Penny's Avatar
Penny Penny is offline
HI Y'ALL
 
Join Date: Oct 2003
Location: Oklahoma
Posts: 7,658
MYSearchDial

When I open Firefox, instead of opening to my two tabs, only one tab opens, and it is MySearch Dial

IE opens and runs as usual.

I ran CCleaner. I ran Malwarebytes, and then ran DDS

Here are the results of scans....

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 314374
Time elapsed: 31 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 7
HKCR\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCU\Software\mysearchdial.com (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCU\Software\Google\Chrome\Extensions\pflphaooapb gpeakohlggbpidpppgdff (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapb gpeakohlggbpidpppgdff (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0A2O0R1R1H2Z1S1G0H1F -> Quarantined and deleted successfully.

Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.MySearchDial.A) -> Bad: (http://start.mysearchdial.com/?f=1&a...=331551619&ir=) Good: (http://www.google.com) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.MySearchDial.A) -> Bad: (http://start.mysearchdial.com/?f=1&a...=331551619&ir=) Good: (http://www.google.com) -> Quarantined and repaired successfully.

Folders Detected: 2
C:\Users\Penny\AppData\Roaming\mysearchdial (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Users\Penny\AppData\Roaming\mysearchdial\icons_ 2.2.15.1631 (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.

Files Detected: 8
C:\Users\Penny\AppData\Local\Temp\is530454878\3124 22053_stp.EXE (PUP.Optional.SafeInstall.A) -> Quarantined and deleted successfully.
C:\Users\Penny\AppData\Local\Temp\is530454878\3125 71332_stp.EXE (PUP.Optional.SafeInstall.A) -> Quarantined and deleted successfully.
C:\Users\Penny\Desktop\Downloads\CandyInstaller [1].exe (PUP.Optional.SafeInstall.A) -> Quarantined and deleted successfully.
C:\Users\Penny\AppData\Local\mysearchdial-speeddial.crx (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Users\Penny\Desktop\MySearchDial.url (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Users\Penny\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.local storage (PUP.Optional.FunMoods.A) -> Quarantined and deleted successfully.
C:\Users\Penny\AppData\Roaming\mysearchdial\icons_ 2.2.15.1631\62.ico (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Users\Penny\AppData\Roaming\mysearchdial\icons_ 2.2.15.1631\80.ico (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.

(end)

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16720 BrowserJavaVersion: 10.25.2
Run by Penny at 11:18:52 on 2014-01-31
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.2029 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\Pres entationFontCache.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Soluto\SolutoLauncherService.exe
C:\Program Files\Soluto\SolutoService.exe
c:\program files\soluto\soluto.exe
C:\windows\system32\Dwm.exe
C:\windows\system32\taskhost.exe
C:\windows\Explorer.EXE
C:\Windows\System32\igfxpers.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Lenovo\FanSpeedControl\LenovoFSC.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\igfxtray.exe
C:\windows\system32\hkcmd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\Macromed\Flash\FlashUtil64_12_ 0_0_38_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\splwow64.exe
C:\windows\SysWOW64\NOTEPAD.EXE
C:\windows\System32\MsSpellCheckingFacility.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [LenovoFSC] C:\Program Files (x86)\Lenovo\FanSpeedControl\LenovoFSC.exe
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{7CD12A6C-59A0-465B-AA4D-C01CC32D681D} : DHCPNameServer = 192.168.0.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://start.mysearchdial.com/?f=1&a=irmsd0103&cd=2XzuyEtN2Y1L1QzuyEyEtAyB0EyCyE 0B0E0AyByDtAyBtByBtN0D0Tzu0SyByCtCtN1L2XzutBtFtBtF tCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=331551619&ir =
x64-mWinlogon: Userinit = C:\windows\System32\userinit.exe,c:\program files\soluto\soluto.exe /userinit
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Penny\AppData\Roaming\Mozilla\Firefox\Pro files\zsf2ug64.default\
FF - prefs.js: browser.search.selectedEngine - Mysearchdial
FF - prefs.js: browser.startup.homepage - hxxp://start.mysearchdial.com/?f=1&a=irmsd0103&cd=2XzuyEtN2Y1L1QzuyEyEtAyB0EyCyE 0B0E0AyByDtAyBtByBtN0D0Tzu0SyByCtCtN1L2XzutBtFtBtF tCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=331551619&ir =
FF - prefs.js: keyword.URL -
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\SumatraPDF\npPdfViewer.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw_1202122 .dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_ 43.dll
FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc -
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
FF - user.js: extensions.mysearchdial.hmpg - true
FF - user.js: extensions.mysearchdial.hmpgUrl - hxxp://start.mysearchdial.com/?f=1&a=irmsd0103&cd=2XzuyEtN2Y1L1QzuyEyEtAyB0EyCyE 0B0E0AyByDtAyBtByBtN0D0Tzu0SyByCtCtN1L2XzutBtFtBtF tCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=331551619&ir =
FF - user.js: extensions.mysearchdial.dfltSrch - true
FF - user.js: extensions.mysearchdial.srchPrvdr - Mysearchdial
FF - user.js: extensions.mysearchdial.dnsErr - true
FF - user.js: extensions.mysearchdial_i.newTab - false
FF - user.js: extensions.mysearchdial.newTabUrl - hxxp://start.mysearchdial.com/?f=2&a=irmsd0103&cd=2XzuyEtN2Y1L1QzuyEyEtAyB0EyCyE 0B0E0AyByDtAyBtByBtN0D0Tzu0SyByCtCtN1L2XzutBtFtBtF tCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=331551619&ir =
FF - user.js: extensions.mysearchdial.tlbrSrchUrl - hxxp://start.mysearchdial.com/?f=3&a=irmsd0103&cd=2XzuyEtN2Y1L1QzuyEyEtAyB0EyCyE 0B0E0AyByDtAyBtByBtN0D0Tzu0SyByCtCtN1L2XzutBtFtBtF tCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=331551619&ir =&q=
FF - user.js: extensions.mysearchdial.id - 4437E64BEA753727
FF - user.js: extensions.mysearchdial.instlDay - 16100
FF - user.js: extensions.mysearchdial.vrsn - 1.8.21.0
FF - user.js: extensions.mysearchdial.vrsni - 1.8.21.0
FF - user.js: extensions.mysearchdial_i.vrsnTs - 1.8.21.013:25:41
FF - user.js: extensions.mysearchdial.prtnrId - mysearchdial
FF - user.js: extensions.mysearchdial.prdct - mysearchdial
FF - user.js: extensions.mysearchdial.aflt - irmsd0103
FF - user.js: extensions.mysearchdial_i.smplGrp - none
FF - user.js: extensions.mysearchdial.tlbrId - base
FF - user.js: extensions.mysearchdial.instlRef -
FF - user.js: extensions.mysearchdial.dfltLng -
FF - user.js: extensions.mysearchdial.appId - {CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
FF - user.js: extensions.mysearchdial.excTlbr - false
FF - user.js: extensions.mysearchdial_i.hmpg - true
FF - user.js: extensions.mysearchdial.cr - 331551619
FF - user.js: extensions.mysearchdial.cd - 2XzuyEtN2Y1L1QzuyEyEtAyB0EyCyE0B0E0AyByDtAyBtByBtN 0D0Tzu0SyByCtCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1C zutBtAtDtC1N1R
FF - user.js: extensions.mysearchdial.AL - 2
FF - user.js: extensions.irmysearch.aflt - irmsd0103
FF - user.js: extensions.irmysearch.instlRef -
FF - user.js: extensions.irmysearch.cr - 331551619
FF - user.js: extensions.irmysearch.cd - 2XzuyEtN2Y1L1QzuyEyEtAyB0EyCyE0B0E0AyByDtAyBtByBtN 0D0Tzu0SyByCtCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1C zutBtAtDtC1N1R
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\windows\System32\drivers\aswRvrt.sys [2013-3-6 65776]
R0 aswVmm;avast! VM Monitor;C:\windows\System32\drivers\aswVmm.sys [2013-3-6 207904]
R0 Soluto;Soluto;C:\windows\System32\drivers\Soluto.s ys [2013-2-3 54728]
R1 aswSnx;aswSnx;C:\windows\System32\drivers\aswSnx.s ys [2011-9-27 1038072]
R1 aswSP;aswSP;C:\windows\System32\drivers\aswsp.sys [2011-9-27 421704]
R2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\as wMonFlt.sys [2011-9-27 78648]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-1-30 50344]
R2 SolutoLauncherService;Soluto Launcher Service;C:\Program Files\Soluto\SolutoLauncherService.exe [2013-1-27 183264]
R2 SolutoService;Soluto PCGenome Core Service;C:\Program Files\Soluto\SolutoService.exe [2013-1-27 553440]
R3 aswStm;aswStm;C:\windows\System32\drivers\aswstm.s ys [2014-1-9 80184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-6-10 247400]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-6-10 215040]
R3 SuperIO;Lenovo ASD HWM Driver;C:\windows\System32\drivers\spio.sys [2009-6-5 11848]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;C:\windows\System32\drivers\Rtnic64.sys [2009-6-10 51712]
S3 SolutoRemoteService;Soluto Remote Service;C:\Program Files\Soluto\SolutoRemoteService.exe [2013-1-27 1239552]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUs bFlt.sys [2011-9-28 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-9-27 1255736]
S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
Continued...next post
=================
__________________
Life isn't about waiting for the storm to pass...it's learning to dance in the rain.
- idk_


LENOVA IDEA CENTRE H-420; 4 gbs memory; Windows 7 HP 64 bit;
Firefox 29.1, Avast Free, Spybot, SpywareBlaster, MBA-M, Windows Firewall
Reply With Quote
  #2  
Old 01-31-2014, 11:55 AM
Penny's Avatar
Penny Penny is offline
HI Y'ALL
 
Join Date: Oct 2003
Location: Oklahoma
Posts: 7,658
Continued

=============== Created Last 30 ================
.
2014-01-30 19:28:53 -------- d-----w- C:\Program Files (x86)\AB-Tools.com
2014-01-10 02:46:08 80184 ----a-w- C:\windows\System32\drivers\aswstm.sys
.
==================== Find3M ====================
.
2014-01-30 21:13:08 78648 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys
2014-01-30 21:13:08 1038072 ----a-w- C:\windows\System32\drivers\aswSnx.sys
2014-01-30 21:13:07 43152 ----a-w- C:\windows\avastSS.scr
2014-01-18 16:15:49 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-18 16:15:49 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-01-10 02:46:05 207904 ----a-w- C:\windows\System32\drivers\aswVmm.sys
2013-11-09 04:19:21 92544 ----a-w- C:\windows\System32\drivers\aswRdr2.sys
2013-11-09 04:19:21 65776 ----a-w- C:\windows\System32\drivers\aswRvrt.sys
.
============= FINISH: 11:19:10.19 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 9/27/2011 1:01:52 AM
System Uptime: 1/30/2014 3:14:38 PM (20 hours ago)
.
Motherboard: LENOVO | | To be filled by O.E.M.
Processor: Pentium(R) Dual-Core CPU E5800 @ 3.20GHz | CPU 1 | 1185/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 906 GiB total, 789.804 GiB free.
D: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP138: 9/13/2013 6:00:57 PM - Windows Update
RP139: 9/21/2013 - Scheduled Checkpoint
RP140: 9/28/2013 12:00:01 AM - Scheduled Checkpoint
RP141: 10/6/2013 - Scheduled Checkpoint
RP142: 10/10/2013 7:09:12 PM - Windows Update
RP143: 10/10/2013 7:23:13 PM - Windows Update
RP144: 10/18/2013 12:00:02 AM - Scheduled Checkpoint
RP145: 10/26/2013 12:00:01 AM - Scheduled Checkpoint
RP146: 11/2/2013 12:00:01 AM - Scheduled Checkpoint
RP147: 11/8/2013 10:17:08 PM - avast! antivirus system restore point
RP148: 11/16/2013 12:00:10 AM - Scheduled Checkpoint
RP149: 11/24/2013 12:00:01 AM - Scheduled Checkpoint
RP150: 12/2/2013 12:00:03 AM - Scheduled Checkpoint
RP151: 12/9/2013 10:36:41 AM - Scheduled Checkpoint
RP152: 12/16/2013 11:28:00 PM - Scheduled Checkpoint
RP153: 12/24/2013 - Scheduled Checkpoint
RP154: 12/31/2013 12:00:01 AM - Scheduled Checkpoint
RP155: 1/9/2014 1:49:18 AM - Scheduled Checkpoint
RP156: 1/9/2014 8:44:26 PM - avast! antivirus system restore point
RP157: 1/17/2014 2:44:51 PM - Scheduled Checkpoint
RP158: 1/25/2014 12:00:04 AM - Scheduled Checkpoint
RP159: 1/30/2014 3:12:14 PM - avast! antivirus system restore point
.
==== Installed Programs ======================
.
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Shockwave Player 12.0
Apple Application Support
Apple Software Update
Ashampoo Burning Studio Elements 10.0.9
avast! Free Antivirus
Best Buy pc app
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon IJ Network Scanner Selector EX
Canon IJ Network Tool
Canon MP Navigator EX 5.1
Canon MX430 series MP Drivers
Canon MX430 series On-screen Manual
Canon MX430 series User Registration
Canon My Printer
Canon Solution Menu EX
Canon Speed Dial Utility
CCleaner
CodeStuff Starter
Coupon Printer for Windows
D3DX10
FanSpeedControl
FastStone Capture 5.3
Intel(R) Graphics Media Accelerator Driver
Java 7 Update 25
Java 7 Update 25 (64-bit)
Java Auto Updater
Junk Mail filter update
Lenovo Driver and Application Installation
Lenovo Rescue System
Lenovo Tinian Fn PS/2 Keyboard Driver
LVT
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Microsoft Application Error Reporting
Microsoft PowerPoint Viewer
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
QuickTime
Realtek 8136 8168 8169 Ethernet Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Revo Uninstaller 1.94
Soluto
Spybot - Search & Destroy
SpywareBlaster 5.0
SumatraPDF
swMSM
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== End Of File ==========
__________________
Life isn't about waiting for the storm to pass...it's learning to dance in the rain.
- idk_


LENOVA IDEA CENTRE H-420; 4 gbs memory; Windows 7 HP 64 bit;
Firefox 29.1, Avast Free, Spybot, SpywareBlaster, MBA-M, Windows Firewall
Reply With Quote
  #3  
Old 01-31-2014, 05:17 PM
jholland1964's Avatar
jholland1964 jholland1964 is offline
Almost Really Old Member
 
Join Date: Feb 2004
Location: The Middle
Posts: 30,775
Sorry I missed this Penny. Lots of junk there for sure. Run this too next:

Download AdwCleaner by Xplode from this link:
http://www.bleepingcomputer.com/download/adwcleaner/
Save it to your desktop.
PLEASE NOTE: THIS IS A SPECIALIZED TOOL RUN ONLY WHEN DIRECTED TO DO SO WHEN SPECIFIC TYPES OF MALWARE ARE ALREADY SHOWN via a DDS Scan Logs and/or other tool logs to be on the computer.
IT SHOULD BE RUN ONLY ONE TIME.
THERE ARE TWO STEPS REQUIRED BUT RUN THE TOOL ITSELF ONCE ONLY. IF RUN MORE THAN ONCE THEN ORIGINAL REMOVALS DONE WILL NOT BE ABLE TO BE SEEN

CLOSE ALL other programs you have running....browsers, email programs. Letting those run while clean up tools to run slows the clean up immensely AND may not allow full clean up because many, if not most tools, cannot clean an open program. So close all that. Only open browser window AFTER the a tool has been run and used to clean and produces a log. Then open the one window and come back here and post the logs required.
Double click AdwCleaner to open it.
1. Hit the Scan button to have AdwCleaner to search your computer for unwanted programs and then display a log showing the various files, folders, and registry entries used by these programs. Once this search is complete you will be shown a list of unwanted programs on the computer and you may be given the option of NOT choosing to have something Cleaned from the computer....you DO want to Clean EVERYTHING found so just move on to step 2.

2. NEXT Click on the Clean button, which will cause AdwCleaner to reboot your computer and remove the files and registry entries associated with the various adware that you are removing. On reboot, AdwCleaner will display a log showing the files, folders, and registry entries that were removed.

Please NOTE there are TWO steps so sure to absolutely BOTH steps before you come back here and post the log.
After seeing the log I will give you the next steps.
Attached Images
File Type: jpg AdwCleaner Download.jpg (70.3 KB, 16 views)
File Type: jpg AdwareCleaner Icon.JPG (9.9 KB, 14 views)
File Type: jpg AdwareCleaner Scan .jpg (46.8 KB, 16 views)
File Type: jpg AdwCleaner Clean.jpg (73.0 KB, 19 views)
__________________

1. Dell Inspiron N5040;
Windows 7 64bit SP1
Firefox v.32.0.2, IE11;WLM2012; Avira Free, Windows Firewall, MBAM, SpywareBlaster, SUPERAntispyware

2.Dell Inspiron N7010; Windows 7 64bit SP1
*same programs as computer 1 above*


Help Us To Help You

System Restore

Stick with the Clean up
Reply With Quote
  #4  
Old 01-31-2014, 06:11 PM
Penny's Avatar
Penny Penny is offline
HI Y'ALL
 
Join Date: Oct 2003
Location: Oklahoma
Posts: 7,658
I think I did it right....

Here is the log....

# AdwCleaner v3.018 - Report created 31/01/2014 at 17:57:37
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Penny - PENNY-PC
# Running from : C:\Users\Penny\Desktop\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : C:\Users\Penny\AppData\Roaming\Mozilla\Firefox\Pro files\zsf2ug64.default\searchplugins\Mysearchdial. xml
File Deleted : C:\Users\Penny\AppData\Roaming\Mozilla\Firefox\Pro files\zsf2ug64.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapb gpeakohlggbpidpppgdff
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Penny\AppData\Roaming\Mozilla\Firefox\Pro files\zsf2ug64.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultenginename", "Mysearchdial");
Line Deleted : user_pref("browser.search.order.1", "Mysearchdial");
Line Deleted : user_pref("browser.search.selectedEngine", "Mysearchdial");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://start.mysearchdial.com/?f=1&a=irmsd0103&cd=2XzuyEtN2Y1L1QzuyEyEtAyB0EyCyE 0B0E0AyByDtAyBtByBtN0D0Tzu0SyByCtCtN1L2XzutBtFtBtF tCyDtFtCyCtAtCtN1L1CzutBtAtDtC1[...]
Line Deleted : user_pref("extensions.mysearchdial.AL", 2);
Line Deleted : user_pref("extensions.mysearchdial.aflt", "irmsd0103");
Line Deleted : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Line Deleted : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzuyEyEtAyB0EyCyE0B0E0AyByDtAyBtByBt N0D0Tzu0SyByCtCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1 CzutBtAtDtC1N1R");
Line Deleted : user_pref("extensions.mysearchdial.cntry", "US");
Line Deleted : user_pref("extensions.mysearchdial.cr", "331551619");
Line Deleted : user_pref("extensions.mysearchdial.dfltLng", "");
Line Deleted : user_pref("extensions.mysearchdial.dfltSrch", true);
Line Deleted : user_pref("extensions.mysearchdial.dnsErr", true);
Line Deleted : user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,189513 0307,603719297,4288797614,3754950497,426401714,304 6281807,752626116,1657571787,3224935090,2597085128 ,18285[...]
Line Deleted : user_pref("extensions.mysearchdial.excTlbr", false);
Line Deleted : user_pref("extensions.mysearchdial.hdrMd5", "C7FE4F11528A5F048A81FE49CA672DBB");
Line Deleted : user_pref("extensions.mysearchdial.hmpg", true);
Line Deleted : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=irmsd0103&cd=2XzuyEtN2Y1L1QzuyEyEtAyB0EyCyE 0B0E0AyByDtAyBtByBtN0D0Tzu0SyByCtCtN1L2XzutBtFtBtF tCyDtFtCyCtAtCtN1L1CzutB[...]
Line Deleted : user_pref("extensions.mysearchdial.id", "4437E64BEA753727");
Line Deleted : user_pref("extensions.mysearchdial.instlDay", "16100");
Line Deleted : user_pref("extensions.mysearchdial.instlRef", "");
Line Deleted : user_pref("extensions.mysearchdial.lastB", "hxxp://start.mysearchdial.com/?f=1&a=irmsd0103&cd=2XzuyEtN2Y1L1QzuyEyEtAyB0EyCyE 0B0E0AyByDtAyBtByBtN0D0Tzu0SyByCtCtN1L2XzutBtFtBtF tCyDtFtCyCtAtCtN1L1CzutBtA[...]
Line Deleted : user_pref("extensions.mysearchdial.lastVrsnTs", "1.8.21.013:25:41");
Line Deleted : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=irmsd0103&cd=2XzuyEtN2Y1L1QzuyEyEtAyB0EyCyE 0B0E0AyByDtAyBtByBtN0D0Tzu0SyByCtCtN1L2XzutBtFtBtF tCyDtFtCyCtAtCtN1L1Czu[...]
Line Deleted : user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"90\",\"lastVrsn\":\"90\",\"vrsnLoa d\":\"\",\"showMsg\":\"false\",\"showSilent\":\"fa lse\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
Line Deleted : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.sg", "none");
Line Deleted : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.tlbrId", "base");
Line Deleted : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=irmsd0103&cd=2XzuyEtN2Y1L1QzuyEyEtAyB0EyCyE 0B0E0AyByDtAyBtByBtN0D0Tzu0SyByCtCtN1L2XzutBtFtBtF tCyDtFtCyCtAtCtN1L1C[...]
Line Deleted : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
Line Deleted : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
Line Deleted : user_pref("extensions.mysearchdial_i.hmpg", true);
Line Deleted : user_pref("extensions.mysearchdial_i.newTab", false);
Line Deleted : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Line Deleted : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.013:25:41");
Line Deleted : user_pref("extensions.nosquint.sites", "worldstart.com=130,1391211931794,1982,115,0,0,fal se,0,0,false microsoft.com=120,1391016622541,150,150,0,0,false, 0,0,false webmd.com=0,1384356153953,36,135,0,0,f[...]

-\\ Google Chrome v

[ File : C:\Users\Penny\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [6224 octets] - [31/01/2014 17:55:57]
AdwCleaner[S0].txt - [5752 octets] - [31/01/2014 17:57:37]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5812 octets] ##########
__________________
Life isn't about waiting for the storm to pass...it's learning to dance in the rain.
- idk_


LENOVA IDEA CENTRE H-420; 4 gbs memory; Windows 7 HP 64 bit;
Firefox 29.1, Avast Free, Spybot, SpywareBlaster, MBA-M, Windows Firewall
Reply With Quote
  #5  
Old 01-31-2014, 06:15 PM
jholland1964's Avatar
jholland1964 jholland1964 is offline
Almost Really Old Member
 
Join Date: Feb 2004
Location: The Middle
Posts: 30,775
Ok now first you need to remove AdwCleaner so open it again and this time hit the Uninstall button, it will uninstall itself.

After that then do this:

Download Junkware Removal Tool by thisisu
http://www.bleepingcomputer.com/down...-removal-tool/
PLEASE NOTE: THIS IS A SPECIALIZED TOOL RUN ONLY WHEN DIRECTED TO DO SO WHEN SPECIFIC TYPES OF MALWARE ARE ALREADY SHOWN via a DDS Scan Logs and/or other tool logs to be on the computer.
IT SHOULD BE RUN ONLY ONE TIME.


Disable your Antivirus while the program runs, just to avoid conflicts
Double click on the new icon to start the program
Vista or Win7 users Right click and select Run as Administrator
Follow the directions in the Black box and the program will run
Be aware that during the scan your Desktop may disappear and a Windows Explorer window may open. These actions are Normal, DONíT PANIC.
Your computer will not be rebooted, but a logfile will be produced
Please post it back here Ė
Attached Images
File Type: jpg JRT Download Page.jpg (66.3 KB, 15 views)
File Type: jpg JRT.jpg (21.8 KB, 14 views)
File Type: jpg Junkware Removal Tool Icon.jpg (3.3 KB, 13 views)
File Type: jpg Junkware Removal Tool Running.jpg (58.5 KB, 15 views)
__________________

1. Dell Inspiron N5040;
Windows 7 64bit SP1
Firefox v.32.0.2, IE11;WLM2012; Avira Free, Windows Firewall, MBAM, SpywareBlaster, SUPERAntispyware

2.Dell Inspiron N7010; Windows 7 64bit SP1
*same programs as computer 1 above*


Help Us To Help You

System Restore

Stick with the Clean up
Reply With Quote
  #6  
Old 01-31-2014, 06:45 PM
Penny's Avatar
Penny Penny is offline
HI Y'ALL
 
Join Date: Oct 2003
Location: Oklahoma
Posts: 7,658
JRT Log.....

Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Home Premium x64
Ran by Penny on Fri 01/31/2014 at 18:30:15.83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\caphyon



~~~ Files

Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npmozcouponprinter.dll"
Successfully deleted: [File] "C:\users\default user\start menu\programs\startup\best buy pc app.lnk"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\best buy pc app"
Successfully deleted: [Folder] "C:\Users\Penny\appdata\local\best buy pc app"
Successfully deleted: [Folder] "C:\Users\Penny\appdata\local\filetypeassistan t"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"



~~~ FireFox

Emptied folder: C:\Users\Penny\AppData\Roaming\mozilla\firefox\pro files\zsf2ug64.default\minidumps [58 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~
Scan was completed on Fri 01/31/2014 at 18:35:38.87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~
__________________
Life isn't about waiting for the storm to pass...it's learning to dance in the rain.
- idk_


LENOVA IDEA CENTRE H-420; 4 gbs memory; Windows 7 HP 64 bit;
Firefox 29.1, Avast Free, Spybot, SpywareBlaster, MBA-M, Windows Firewall
Reply With Quote
  #7  
Old 01-31-2014, 06:54 PM
jholland1964's Avatar
jholland1964 jholland1964 is offline
Almost Really Old Member
 
Join Date: Feb 2004
Location: The Middle
Posts: 30,775
Now, UPDATE MBA-M and do another Full Scan with it. Of course "you know the drill" have it remove everything found and come back with that new log.
__________________

1. Dell Inspiron N5040;
Windows 7 64bit SP1
Firefox v.32.0.2, IE11;WLM2012; Avira Free, Windows Firewall, MBAM, SpywareBlaster, SUPERAntispyware

2.Dell Inspiron N7010; Windows 7 64bit SP1
*same programs as computer 1 above*


Help Us To Help You

System Restore

Stick with the Clean up
Reply With Quote
  #8  
Old 01-31-2014, 07:48 PM
Penny's Avatar
Penny Penny is offline
HI Y'ALL
 
Join Date: Oct 2003
Location: Oklahoma
Posts: 7,658
Before I post the log, I have to tell you that...after running the scan....I emptied my recycle bin....

www.malwarebytes.org

Database version: v2014.01.31.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Penny :: PENNY-PC [administrator]

1/31/2014 7:00:43 PM
mbam-log-2014-01-31 (19-00-43).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 318610
Time elapsed: 33 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\$Recycle.Bin\S-1-5-21-189050293-3428461594-1074615758-1001\$R7UXA0U.exe (PUP.Optional.Installcore) -> No action taken.

(end)
__________________
Life isn't about waiting for the storm to pass...it's learning to dance in the rain.
- idk_


LENOVA IDEA CENTRE H-420; 4 gbs memory; Windows 7 HP 64 bit;
Firefox 29.1, Avast Free, Spybot, SpywareBlaster, MBA-M, Windows Firewall
Reply With Quote
  #9  
Old 01-31-2014, 08:12 PM
jholland1964's Avatar
jholland1964 jholland1964 is offline
Almost Really Old Member
 
Join Date: Feb 2004
Location: The Middle
Posts: 30,775
Uh-oh...
Quote:
C:\$Recycle.Bin\S-1-5-21-189050293-3428461594-1074615758-1001\$R7UXA0U.exe (PUP.Optional.Installcore) -> No action taken.
You didn't have it clean Penny.
__________________

1. Dell Inspiron N5040;
Windows 7 64bit SP1
Firefox v.32.0.2, IE11;WLM2012; Avira Free, Windows Firewall, MBAM, SpywareBlaster, SUPERAntispyware

2.Dell Inspiron N7010; Windows 7 64bit SP1
*same programs as computer 1 above*


Help Us To Help You

System Restore

Stick with the Clean up
Reply With Quote
  #10  
Old 01-31-2014, 09:21 PM
Penny's Avatar
Penny Penny is offline
HI Y'ALL
 
Join Date: Oct 2003
Location: Oklahoma
Posts: 7,658
Quote:
Originally Posted by jholland1964 View Post
Uh-oh...

You didn't have it clean Penny.
Oh NO!!!!! Ok, well, I am quiting for tonight. Please tell me what to do next.

Maybe you want to quit now too; then, come back tomorrow and tell me what to do next.

Thanks for all your help, Judy!!

PS I forgot tomorow is Saturday.....and maybe you won't be available to help.
__________________
Life isn't about waiting for the storm to pass...it's learning to dance in the rain.
- idk_


LENOVA IDEA CENTRE H-420; 4 gbs memory; Windows 7 HP 64 bit;
Firefox 29.1, Avast Free, Spybot, SpywareBlaster, MBA-M, Windows Firewall
Reply With Quote
  #11  
Old 01-31-2014, 09:36 PM
jholland1964's Avatar
jholland1964 jholland1964 is offline
Almost Really Old Member
 
Join Date: Feb 2004
Location: The Middle
Posts: 30,775
Quote:
Originally Posted by Penny View Post
Oh NO!!!!! Ok, well, I am quiting for tonight. Please tell me what to do next.

Maybe you want to quit now too; then, come back tomorrow and tell me what to do next.

Thanks for all your help, Judy!!

PS I forgot tomorow is Saturday.....and maybe you won't be available to help.
No, I have no place to go, looks like until spring, it is snowing again right now.
Run MBA-M again and then run this online scan:
Next you need to do this Online Scan. Follow the directions exactly:

ESET Online Scanner

http://www.eset.com/us/online-scanner/

Hit the small blue button on the left side of the page which says Run ESET Online Scanner.

* You can use Internet Explorer to complete this scan and you will need to allow an Active X to be installed or you may use Firefox

* You will need to temporarily Disable your current Anti-virus program.

* Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.

* When you have completed that scan, a scanlog ought to have been created and located at Next you need to do this Online Scan. Follow the directions exactly:

ESET Online Scanner

http://www.eset.com/us/online-scanner/

Hit the small blue button on the left side of the page which says Run ESET Online Scanner.

* You can use Internet Explorer to complete this scan and you will need to allow an Active X to be installed or you may use Firefox

* You will need to temporarily Disable your current Anti-virus program.

* Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.

* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt"

Post back with that log.
__________________

1. Dell Inspiron N5040;
Windows 7 64bit SP1
Firefox v.32.0.2, IE11;WLM2012; Avira Free, Windows Firewall, MBAM, SpywareBlaster, SUPERAntispyware

2.Dell Inspiron N7010; Windows 7 64bit SP1
*same programs as computer 1 above*


Help Us To Help You

System Restore

Stick with the Clean up
Reply With Quote
  #12  
Old 02-01-2014, 11:23 AM
Penny's Avatar
Penny Penny is offline
HI Y'ALL
 
Join Date: Oct 2003
Location: Oklahoma
Posts: 7,658
Judy...
I am just getting ready to scan with Eset. There is no "unwanted applications" choice, but there is "scan archives" choice. Should I check it?
__________________
Life isn't about waiting for the storm to pass...it's learning to dance in the rain.
- idk_


LENOVA IDEA CENTRE H-420; 4 gbs memory; Windows 7 HP 64 bit;
Firefox 29.1, Avast Free, Spybot, SpywareBlaster, MBA-M, Windows Firewall
Reply With Quote
  #13  
Old 02-01-2014, 11:32 AM
jholland1964's Avatar
jholland1964 jholland1964 is offline
Almost Really Old Member
 
Join Date: Feb 2004
Location: The Middle
Posts: 30,775
Quote:
Originally Posted by Penny View Post
Judy...
I am just getting ready to scan with Eset. There is no "unwanted applications" choice, but there is "scan archives" choice. Should I check it?
Penny, click on Advanced Settings and you should see that choice
Attached Images
File Type: jpg ESET Online Scanner.JPG (49.2 KB, 12 views)
File Type: jpg ESET Online Scanner options.jpg (69.1 KB, 12 views)
__________________

1. Dell Inspiron N5040;
Windows 7 64bit SP1
Firefox v.32.0.2, IE11;WLM2012; Avira Free, Windows Firewall, MBAM, SpywareBlaster, SUPERAntispyware

2.Dell Inspiron N7010; Windows 7 64bit SP1
*same programs as computer 1 above*


Help Us To Help You

System Restore

Stick with the Clean up
Reply With Quote
  #14  
Old 02-01-2014, 12:24 PM
Penny's Avatar
Penny Penny is offline
HI Y'ALL
 
Join Date: Oct 2003
Location: Oklahoma
Posts: 7,658
Both scans were clean.....

I am posting the Malwarebytes scan, but haven't..as yet... figured out how to post the Eset Scan.

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.31.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Penny :: PENNY-PC [administrator]

2/1/2014 9:59:50 AM
mbam-log-2014-02-01 (09-59-50).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 318961
Time elapsed: 32 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
__________________
Life isn't about waiting for the storm to pass...it's learning to dance in the rain.
- idk_


LENOVA IDEA CENTRE H-420; 4 gbs memory; Windows 7 HP 64 bit;
Firefox 29.1, Avast Free, Spybot, SpywareBlaster, MBA-M, Windows Firewall
Reply With Quote
  #15  
Old 02-01-2014, 12:28 PM
jholland1964's Avatar
jholland1964 jholland1964 is offline
Almost Really Old Member
 
Join Date: Feb 2004
Location: The Middle
Posts: 30,775
If you are 100% certain that ESET was clean then there is no reason to post it.

Is your Firefox still "hijacked"?
__________________

1. Dell Inspiron N5040;
Windows 7 64bit SP1
Firefox v.32.0.2, IE11;WLM2012; Avira Free, Windows Firewall, MBAM, SpywareBlaster, SUPERAntispyware

2.Dell Inspiron N7010; Windows 7 64bit SP1
*same programs as computer 1 above*


Help Us To Help You

System Restore

Stick with the Clean up
Reply With Quote
  #16  
Old 02-01-2014, 12:30 PM
MickeyS
Guest
 
Posts: n/a
Quote:
Originally Posted by Penny View Post
Both scans were clean.....

I am posting the Malwarebytes scan, but haven't..as yet... figured out how to post the Eset Scan.

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.31.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Penny :: PENNY-PC [administrator]

2/1/2014 9:59:50 AM
mbam-log-2014-02-01 (09-59-50).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 318961
Time elapsed: 32 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
The log file that is created is in the Eset Program Files folder. Text file like the Malwarebytes log.
Reply With Quote
  #17  
Old 02-01-2014, 12:36 PM
Penny's Avatar
Penny Penny is offline
HI Y'ALL
 
Join Date: Oct 2003
Location: Oklahoma
Posts: 7,658
Quote:
Originally Posted by jholland1964 View Post
If you are 100% certain that ESET was clean then there is no reason to post it.

Is your Firefox still "hijacked"?
Nope....I am posting using FF right now.
__________________
Life isn't about waiting for the storm to pass...it's learning to dance in the rain.
- idk_


LENOVA IDEA CENTRE H-420; 4 gbs memory; Windows 7 HP 64 bit;
Firefox 29.1, Avast Free, Spybot, SpywareBlaster, MBA-M, Windows Firewall
Reply With Quote
  #18  
Old 02-01-2014, 12:50 PM
jholland1964's Avatar
jholland1964 jholland1964 is offline
Almost Really Old Member
 
Join Date: Feb 2004
Location: The Middle
Posts: 30,775
Quote:
Originally Posted by Penny View Post
Nope....I am posting using FF right now.
Excellent!
Now several things I see that you don't have or I didn't see them anyway;
WOT - Web Of Trust. You need to add this to all of your browsers.

Visit this page with each browser, there is a different one for each, and add it to all of them. The WOT web site explains it all so be sure to read through it all.

https://www.mywot.com/

Do you have AdBlockPlus? If not that also needs to be added to all browsers.

This blocks all ads on web pages so you don't see them AND helps avoid "errant" clicking of the wrong thing,

Visit this page using each browser to install on each. Each one has its own version.

https://adblockplus.org/

I see you are using Soluto. I used to use it also but have since removed it. Honestly didn't find it that useful. Choice of course is yours.

You also have Revo Uninstaller Free. But you are running a 64bit system.
While it Can be used, the Free version does NOT scan for or even see 64bit files and some programs have both. So if you use it to remove a program it IS going to leave behind any 64bit files from that program because it cannot see them. Your choice of course also.

You can and should Delete both DDS scanner and Junkware Removal Tool, they should not be used again. If you would ever need them again then new copies should be used. Just Right Click Delete, neither of them is installed, they are stand alone programs.

Any other questions?
__________________

1. Dell Inspiron N5040;
Windows 7 64bit SP1
Firefox v.32.0.2, IE11;WLM2012; Avira Free, Windows Firewall, MBAM, SpywareBlaster, SUPERAntispyware

2.Dell Inspiron N7010; Windows 7 64bit SP1
*same programs as computer 1 above*


Help Us To Help You

System Restore

Stick with the Clean up
Reply With Quote
  #19  
Old 02-01-2014, 01:24 PM
Penny's Avatar
Penny Penny is offline
HI Y'ALL
 
Join Date: Oct 2003
Location: Oklahoma
Posts: 7,658
Quote:
Originally Posted by MickeyS View Post
The log file that is created is in the Eset Program Files folder. Text file like the Malwarebytes log.
Sorry for not replying sooner, but I somehow missed seeing your post. Thanks for trying to help. As I am sure you have seen...since you are following this thread... that Judy later said I did not need to post that log.

I see that you are fairly new to Worldstart.....Welcome....and I hope you enjoy your stay here. IMO it's the best help board on the Internet.

BTW....I love your signiture!!!
__________________
Life isn't about waiting for the storm to pass...it's learning to dance in the rain.
- idk_


LENOVA IDEA CENTRE H-420; 4 gbs memory; Windows 7 HP 64 bit;
Firefox 29.1, Avast Free, Spybot, SpywareBlaster, MBA-M, Windows Firewall
Reply With Quote
  #20  
Old 02-01-2014, 01:36 PM
Penny's Avatar
Penny Penny is offline
HI Y'ALL
 
Join Date: Oct 2003
Location: Oklahoma
Posts: 7,658
Quote:
Originally Posted by jholland1964 View Post
Excellent!
Now several things I see that you don't have or I didn't see them anyway;
WOT - Web Of Trust. You need to add this to all of your browsers.

Visit this page with each browser, there is a different one for each, and add it to all of them. The WOT web site explains it all so be sure to read through it all.

https://www.mywot.com/

Do you have AdBlockPlus? If not that also needs to be added to all browsers.

This blocks all ads on web pages so you don't see them AND helps avoid "errant" clicking of the wrong thing,

Visit this page using each browser to install on each. Each one has its own version.

https://adblockplus.org/

I see you are using Soluto. I used to use it also but have since removed it. Honestly didn't find it that useful. Choice of course is yours.

You also have Revo Uninstaller Free. But you are running a 64bit system.
While it Can be used, the Free version does NOT scan for or even see 64bit files and some programs have both. So if you use it to remove a program it IS going to leave behind any 64bit files from that program because it cannot see them. Your choice of course also.

You can and should Delete both DDS scanner and Junkware Removal Tool, they should not be used again. If you would ever need them again then new copies should be used. Just Right Click Delete, neither of them is installed, they are stand alone programs.

Any other questions?
I have had WOT and Adblock Plus for so long I can't remember when I got them.

Revo Uninstaller is now history.

I have deleted both the DDS scanner and the Junkware Removal Tool.

Hmmm!! I kinda like Soluto, so I just may keep it.

Thanks sooooooo much for your help.
__________________
Life isn't about waiting for the storm to pass...it's learning to dance in the rain.
- idk_


LENOVA IDEA CENTRE H-420; 4 gbs memory; Windows 7 HP 64 bit;
Firefox 29.1, Avast Free, Spybot, SpywareBlaster, MBA-M, Windows Firewall
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 01:19 AM.


Powered by vBulletin® Version 3.8.1
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Copyright 2000-2011 WorldStart, Inc