Author Topic: XP with PUP. Optional.BrowserMark.A, PUP. Optional.MySearchDial.A, etc  (Read 4308 times)

0 Members and 1 Guest are viewing this topic.

Offline Ghost

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 638
    • View Profile
hi all;-),
yup an XP thats infected;-(.
i ran DDS and Security Check then malwarebytes to see what all the infections are:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.06.15.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Jerry Kinsworthy :: JERRYK [administrator]

6/15/2014 2:13:57 PM
mbam-log-2014-06-15 (14-13-57).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 253201
Time elapsed: 18 minute(s), 15 second(s)

Memory Processes Detected: 3
C:\Program Files\BrowseMark\bin\utilBrowseMark.exe (PUP.Optional.BrowseMark.A) -> 1508 -> Delete on reboot.
C:\Program Files\BrowseMark\bin\BrowseMark.PurBrowse.exe (PUP.Optional.BrowseMark) -> 1220 -> Delete on reboot.
C:\Program Files\BrowseMark\bin\BrowseMark.BrowserAdapter.exe (PUP.Optional.BrowseMark.A) -> 652 -> Delete on reboot.

Memory Modules Detected: 1
C:\Program Files\BrowseMark\bin\{b99c8534-7800-48fa-bd71-519a46cdc7e1}.dll (PUP.Optional.BrowseMark.A) -> Delete on reboot.

Registry Keys Detected: 21
HKLM\SYSTEM\CurrentControlSet\Services\Util BrowseMark (PUP.Optional.BrowseMark.A) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\Update BrowseMark (PUP.Optional.BrowseMark.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3004627E-F8E9-4E8B-909D-316753CBA923} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3004627E-F8E9-4E8B-909D-316753CBA923} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowseMark (PUP.Optional.BrowseMark.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52} (PUP.Optional.BrowseMark.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66} (PUP.Optional.BrowseMark.A) -> Quarantined and deleted successfully.
HKCR\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB} (PUP.Optional.BrowseMark.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Digital Sites (PUP.Optional.Updater) -> Quarantined and deleted successfully.
HKCU\Software\BrowseMark (PUP.Optional.BrowseMark.A) -> Quarantined and deleted successfully.
HKCU\Software\mysearchdial (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCU\Software\mysearchdial.com (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
HKCU\Software\InstallCore\mysearchdial (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\InstallCore\mysearchdial (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKLM\Software\BrowseMark (PUP.Optional.BrowseMark.A) -> Quarantined and deleted successfully.
HKLM\Software\InstallIQ (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.

Registry Values Detected: 3
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0I2Z1H1E2V1R0O1O -> Quarantined and deleted successfully.
HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: 11111111 -> Quarantined and deleted successfully.
HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: 11111111 -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs|Tabs (PUP.Optional.MySearchDial.A) -> Bad: (http://start.mysearchdial.com/?f=2&a=dsites04_14_16_ff&cd=2XzuyEtN2Y1L1QzutDtDtCyCyByC0Azyzz0ByEyCyCzz0D0DtN0D0Tzu0SzztAyDtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCzz0EyE0AtC0CtBtGtAtA0FyBtGyCyByB0FtGyC0AtCtAtGyDyEyE0FyBtBzyzz0F0A0D0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0EtA0D0E0E0F0FtG0CyE0E0BtGyByDtAyDtGtCzyyB0FtGtCzyyDtAzyyEzzyC0D0E0DyD2Q&cr=1770052396&ir=) Good: (www.google.com) -> Quarantined and repaired successfully.

Folders Detected: 11
C:\Program Files\BrowseMark (PUP.Optional.BrowseMark.A) -> Delete on reboot.
C:\Program Files\BrowseMark\bin (PUP.Optional.BrowseMark.A) -> Delete on reboot.
C:\Program Files\BrowseMark\bin\plugins (PUP.Optional.BrowseMark.A) -> Quarantined and deleted successfully.
C:\Program Files\BrowseMark\bin\TEMP (PUP.Optional.BrowseMark.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jerry Kinsworthy\Application Data\DigitalSites\UpdateProc (PUP.Optional.Updater) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jerry Kinsworthy\Application Data\mysearchdial (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jerry Kinsworthy\Application Data\mysearchdial\icons_2.20.1.0 (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jerry Kinsworthy\Application Data\mysearchdial\UpdateProc (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Program Files\Mysearchdial (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Program Files\Mysearchdial\1.8.29.0 (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Program Files\Mysearchdial\1.8.29.0\bh (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.

Files Detected: 31
C:\Program Files\BrowseMark\bin\utilBrowseMark.exe (PUP.Optional.BrowseMark.A) -> Delete on reboot.
C:\Program Files\BrowseMark\bin\BrowseMark.PurBrowse.exe (PUP.Optional.BrowseMark) -> Delete on reboot.
C:\Program Files\BrowseMark\updateBrowseMark.exe (PUP.Optional.BrowseMark.A) -> Quarantined and deleted successfully.
C:\Program Files\BrowseMark\BrowseMark.ico (PUP.Optional.BrowseMark.A) -> Quarantined and deleted successfully.
C:\Program Files\BrowseMark\0 (PUP.Optional.BrowseMark.A) -> Quarantined and deleted successfully.
C:\Program Files\BrowseMark\7za.exe (PUP.Optional.BrowseMark.A) -> Quarantined and deleted successfully.
C:\Program Files\BrowseMark\BrowseMarkUninstall.exe (PUP.Optional.BrowseMark.A) -> Quarantined and deleted successfully.
C:\Program Files\BrowseMark\updateBrowseMark.InstallState (PUP.Optional.BrowseMark.A) -> Quarantined and deleted successfully.
C:\Program Files\BrowseMark\bin\7za.exe (PUP.Optional.BrowseMark.A) -> Quarantined and deleted successfully.
C:\Program Files\BrowseMark\bin\BrowseMark.BrowserAdapter.exe (PUP.Optional.BrowseMark.A) -> Delete on reboot.
C:\Program Files\BrowseMark\bin\BrowseMark.PurBrowse.zip (PUP.Optional.BrowseMark.A) -> Quarantined and deleted successfully.
C:\Program Files\BrowseMark\bin\BrowseMarkBAApp.dll (PUP.Optional.BrowseMark.A) -> Quarantined and deleted successfully.
C:\Program Files\BrowseMark\bin\BrowserAdapter.7z (PUP.Optional.BrowseMark.A) -> Quarantined and deleted successfully.
C:\Program Files\BrowseMark\bin\sqlite3.dll (PUP.Optional.BrowseMark.A) -> Quarantined and deleted successfully.
C:\Program Files\BrowseMark\bin\utilBrowseMark.InstallState (PUP.Optional.BrowseMark.A) -> Quarantined and deleted successfully.
C:\Program Files\BrowseMark\bin\{b99c8534-7800-48fa-bd71-519a46cdc7e1}.dll (PUP.Optional.BrowseMark.A) -> Delete on reboot.
C:\Program Files\BrowseMark\bin\plugins\BrowseMark.Bromon.dll (PUP.Optional.BrowseMark.A) -> Quarantined and deleted successfully.
C:\Program Files\BrowseMark\bin\plugins\BrowseMark.BroStats.dll (PUP.Optional.BrowseMark.A) -> Quarantined and deleted successfully.
C:\Program Files\BrowseMark\bin\plugins\BrowseMark.BrowserAdapter.dll (PUP.Optional.BrowseMark.A) -> Quarantined and deleted successfully.
C:\Program Files\BrowseMark\bin\plugins\BrowseMark.CompatibilityChecker.dll (PUP.Optional.BrowseMark.A) -> Quarantined and deleted successfully.
C:\Program Files\BrowseMark\bin\plugins\BrowseMark.PurBrowse.dll (PUP.Optional.BrowseMark.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jerry Kinsworthy\Application Data\DigitalSites\UpdateProc\UpdateTask.exe (PUP.Optional.Updater) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jerry Kinsworthy\Application Data\DigitalSites\UpdateProc\config.dat (PUP.Optional.Updater) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jerry Kinsworthy\Application Data\DigitalSites\UpdateProc\info.dat (PUP.Optional.Updater) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jerry Kinsworthy\Application Data\DigitalSites\UpdateProc\prod.dat (PUP.Optional.Updater) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jerry Kinsworthy\Application Data\DigitalSites\UpdateProc\STTL.DAT (PUP.Optional.Updater) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jerry Kinsworthy\Application Data\DigitalSites\UpdateProc\TTL.DAT (PUP.Optional.Updater) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jerry Kinsworthy\Application Data\mysearchdial\UpdateProc\config.dat (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jerry Kinsworthy\Application Data\mysearchdial\UpdateProc\info.dat (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jerry Kinsworthy\Application Data\mysearchdial\UpdateProc\STTL.DAT (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jerry Kinsworthy\Application Data\mysearchdial\UpdateProc\TTL.DAT (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.

(end)

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Jerry Kinsworthy at 13:51:49 on 2014-06-15
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1022.643 [GMT -4:00]
.
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\BrowseMark\bin\utilBrowseMark.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\BrowseMark\bin\BrowseMark.PurBrowse.exe
C:\Program Files\BrowseMark\bin\BrowseMark.BrowserAdapter.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4A368E80-174F-4872-96B5-0B27DDD11DB2} - c:\program files\spywareguard\dlprotect.dll
BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\jerryk~1\startm~1\programs\startup\spywar~1.lnk - c:\program files\spywareguard\sgmain.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261230894640
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1361648699859
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} - hxxps://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{CF5091D9-5E16-498A-B006-537EF9C4D443} : DHCPNameServer = 192.168.0.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
SEH: SpywareGuard.Handler - {81559C35-8464-49F7-BB0E-07A383BEF910} - c:\program files\spywareguard\spywareguard.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jerry kinsworthy\application data\mozilla\firefox\profiles\chemdn6b.default\
FF - prefs.js: browser.search.selectedEngine - Mysearchdial
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_13_0_0_214.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
---- FIREFOX POLICIES ----
.
user_pref(extensions.autoDisableScopes,14);
FF - user.js: extensions.irmysearch.aflt - dsites04_14_16_ff
FF - user.js: extensions.irmysearch.instlRef - 140305_a
FF - user.js: extensions.irmysearch.cr - 1770052396
FF - user.js: extensions.irmysearch.cd - 2XzuyEtN2Y1L1QzutDtDtCyCyByC0Azyzz0ByEyCyCzz0D0DtN0D0Tzu0SzztAyDtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCzz0EyE0AtC0CtBtGtAtA0FyBtGyCyByB0FtGyC0AtCtAtGyDyEyE0FyBtBzyzz0F0A0D0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0EtA0D0E0E0F0FtG0CyE0E0BtGyByDtAyDtGtCzyyB0FtGtCzyyDtAzyyEzzyC0D0E0DyD2Q
FF - user.js: extensions.mysearchdial.hmpg - true
FF - user.js: extensions.mysearchdial.hmpgUrl - hxxp://start.mysearchdial.com/?f=1&a=dsites04_14_16_ff&cd=2XzuyEtN2Y1L1QzutDtDtCyCyByC0Azyzz0ByEyCyCzz0D0DtN0D0Tzu0SzztAyDtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCzz0EyE0AtC0CtBtGtAtA0FyBtGyCyByB0FtGyC0AtCtAtGyDyEyE0FyBtBzyzz0F0A0D0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0EtA0D0E0E0F0FtG0CyE0E0BtGyByDtAyDtGtCzyyB0FtGtCzyyDtAzyyEzzyC0D0E0DyD2Q&cr=1770052396&ir=
FF - user.js: extensions.mysearchdial.dfltSrch - true
FF - user.js: extensions.mysearchdial.srchPrvdr - Mysearchdial
FF - user.js: extensions.mysearchdial.dnsErr - true
FF - user.js: extensions.mysearchdial_i.newTab - false
FF - user.js: extensions.mysearchdial.newTabUrl - hxxp://start.mysearchdial.com/?f=2&a=dsites04_14_16_ff&cd=2XzuyEtN2Y1L1QzutDtDtCyCyByC0Azyzz0ByEyCyCzz0D0DtN0D0Tzu0SzztAyDtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCzz0EyE0AtC0CtBtGtAtA0FyBtGyCyByB0FtGyC0AtCtAtGyDyEyE0FyBtBzyzz0F0A0D0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0EtA0D0E0E0F0FtG0CyE0E0BtGyByDtAyDtGtCzyyB0FtGtCzyyDtAzyyEzzyC0D0E0DyD2Q&cr=1770052396&ir=
FF - user.js: extensions.mysearchdial.tlbrSrchUrl - hxxp://start.mysearchdial.com/?f=3&a=dsites04_14_16_ff&cd=2XzuyEtN2Y1L1QzutDtDtCyCyByC0Azyzz0ByEyCyCzz0D0DtN0D0Tzu0SzztAyDtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCzz0EyE0AtC0CtBtGtAtA0FyBtGyCyByB0FtGyC0AtCtAtGyDyEyE0FyBtBzyzz0F0A0D0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0EtA0D0E0E0F0FtG0CyE0E0BtGyByDtAyDtGtCzyyB0FtGtCzyyDtAzyyEzzyC0D0E0DyD2Q&cr=1770052396&ir=&q=
FF - user.js: extensions.mysearchdial.id - 001676A98B4668DD
FF - user.js: extensions.mysearchdial.instlDay - 16174
FF - user.js: extensions.mysearchdial.vrsn - 1.8.29.0
FF - user.js: extensions.mysearchdial.vrsni - 1.8.29.0
FF - user.js: extensions.mysearchdial_i.vrsnTs - 1.8.29.011:45:55
FF - user.js: extensions.mysearchdial.prtnrId - mysearchdial
FF - user.js: extensions.mysearchdial.prdct - mysearchdial
FF - user.js: extensions.mysearchdial.aflt - dsites04_14_16_ff
FF - user.js: extensions.mysearchdial_i.smplGrp - none
FF - user.js: extensions.mysearchdial.tlbrId - base
FF - user.js: extensions.mysearchdial.instlRef - 140305_a
FF - user.js: extensions.mysearchdial.dfltLng -
FF - user.js: extensions.mysearchdial.appId - {CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
FF - user.js: extensions.mysearchdial.excTlbr - false
FF - user.js: extensions.mysearchdial.cr - 1770052396
FF - user.js: extensions.mysearchdial.cd - 2XzuyEtN2Y1L1QzutDtDtCyCyByC0Azyzz0ByEyCyCzz0D0DtN0D0Tzu0SzztAyDtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCzz0EyE0AtC0CtBtGtAtA0FyBtGyCyByB0FtGyC0AtCtAtGyDyEyE0FyBtBzyzz0F0A0D0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0EtA0D0E0E0F0FtG0CyE0E0BtGyByDtAyDtGtCzyyB0FtGtCzyyDtAzyyEzzyC0D0E0DyD2Q
FF - user.js: extensions.mysearchdial.AL - 2
.
============= SERVICES / DRIVERS ===============
.
R1 {b99c8534-7800-48fa-bd71-519a46cdc7e1}t;{b99c8534-7800-48fa-bd71-519a46cdc7e1}t;c:\windows\system32\drivers\{b99c8534-7800-48fa-bd71-519a46cdc7e1}t.sys [2014-5-22 55232]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-11-4 37352]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2006-10-10 5632]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2007-2-27 32256]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-11-4 430160]
R2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-11-4 430160]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-11-4 93528]
R2 Util BrowseMark;Util BrowseMark;c:\program files\browsemark\bin\utilBrowseMark.exe [2014-5-5 317728]
S2 Update BrowseMark;Update BrowseMark;c:\program files\browsemark\updateBrowseMark.exe [2014-4-11 317728]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]
.
=============== Created Last 30 ================
.
2014-06-06 13:09:09   --------   d-----w-   c:\documents and settings\jerry kinsworthy\local settings\application data\Deployment
2014-06-02 12:30:03   75376   ----a-w-   c:\program files\mozilla firefox\breakpadinjector.dll
2014-06-02 12:30:03   2106216   ----a-w-   c:\program files\mozilla firefox\D3DCompiler_43.dll
2014-06-02 12:30:03   20080   ----a-w-   c:\program files\mozilla firefox\AccessibleMarshal.dll
2014-06-02 12:30:02   46704   ----a-w-   c:\program files\mozilla firefox\browser\components\browsercomps.dll
2014-05-22 20:05:15   55232   ----a-w-   c:\windows\system32\drivers\{b99c8534-7800-48fa-bd71-519a46cdc7e1}t.sys
.
==================== Find3M  ====================
.
2014-05-27 11:41:22   93528   ----a-w-   c:\windows\system32\drivers\avgntflt.sys
2014-05-13 19:25:47   70832   -c--a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-13 19:25:47   692400   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2014-05-13 19:25:43   17938608   ----a-w-   c:\windows\system32\FlashPlayerInstaller.exe
.
============= FINISH: 13:53:04.90 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 10/22/2006 5:48:08 PM
System Uptime: 6/15/2014 1:00:10 PM (0 hours ago)
.
Motherboard: Dell Computer Corp. |  | 0WF887
Processor:                 Intel(R) Celeron(R) CPU 2.53GHz | Microprocessor | 2527/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 53 GiB total, 22.588 GiB free.
D: is FIXED (NTFS) - 19 GiB total, 18.543 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP614: 5/14/2014 11:00:19 AM - Software Distribution Service 3.0
RP615: 5/14/2014 8:07:17 PM - Software Distribution Service 3.0
RP616: 5/15/2014 11:00:19 AM - Software Distribution Service 3.0
RP617: 5/15/2014 8:58:32 PM - Software Distribution Service 3.0
RP618: 5/16/2014 11:00:17 AM - Software Distribution Service 3.0
RP619: 5/16/2014 8:49:41 PM - Software Distribution Service 3.0
RP620: 5/17/2014 11:00:20 AM - Software Distribution Service 3.0
RP621: 5/17/2014 8:43:00 PM - Software Distribution Service 3.0
RP622: 5/18/2014 8:53:36 AM - Software Distribution Service 3.0
RP623: 5/18/2014 11:00:18 AM - Software Distribution Service 3.0
RP624: 5/18/2014 9:52:13 PM - Software Distribution Service 3.0
RP625: 5/19/2014 8:31:51 AM - Software Distribution Service 3.0
RP626: 5/19/2014 11:00:17 AM - Software Distribution Service 3.0
RP627: 5/19/2014 10:43:26 PM - Software Distribution Service 3.0
RP628: 5/20/2014 7:04:47 AM - Software Distribution Service 3.0
RP629: 5/20/2014 11:00:17 AM - Software Distribution Service 3.0
RP630: 5/20/2014 10:01:36 PM - Software Distribution Service 3.0
RP631: 5/21/2014 11:00:18 AM - Software Distribution Service 3.0
RP632: 5/21/2014 9:26:59 PM - Software Distribution Service 3.0
RP633: 5/22/2014 9:19:53 AM - Software Distribution Service 3.0
RP634: 5/22/2014 11:00:17 AM - Software Distribution Service 3.0
RP635: 5/23/2014 11:00:18 AM - Software Distribution Service 3.0
RP636: 5/23/2014 1:11:58 PM - Software Distribution Service 3.0
RP637: 5/26/2014 11:00:18 AM - Software Distribution Service 3.0
RP638: 5/26/2014 8:55:13 PM - Software Distribution Service 3.0
RP639: 5/27/2014 8:11:07 AM - Software Distribution Service 3.0
RP640: 5/27/2014 11:00:18 AM - Software Distribution Service 3.0
RP641: 5/27/2014 12:44:00 PM - Software Distribution Service 3.0
RP642: 5/27/2014 8:46:34 PM - Software Distribution Service 3.0
RP643: 5/28/2014 11:00:23 AM - Software Distribution Service 3.0
RP644: 5/29/2014 11:00:26 AM - Software Distribution Service 3.0
RP645: 5/29/2014 8:56:22 PM - Software Distribution Service 3.0
RP646: 5/30/2014 11:00:21 AM - Software Distribution Service 3.0
RP647: 5/30/2014 9:38:06 PM - Software Distribution Service 3.0
RP648: 5/31/2014 11:00:18 AM - Software Distribution Service 3.0
RP649: 6/1/2014 10:38:33 AM - Software Distribution Service 3.0
RP650: 6/2/2014 11:00:21 AM - Software Distribution Service 3.0
RP651: 6/2/2014 8:28:40 PM - Software Distribution Service 3.0
RP652: 6/3/2014 11:00:23 AM - Software Distribution Service 3.0
RP653: 6/3/2014 2:13:26 PM - Software Distribution Service 3.0
RP654: 6/4/2014 6:52:51 AM - Software Distribution Service 3.0
RP655: 6/4/2014 11:00:19 AM - Software Distribution Service 3.0
RP656: 6/5/2014 6:22:43 AM - Software Distribution Service 3.0
RP657: 6/5/2014 8:31:53 PM - Software Distribution Service 3.0
RP658: 6/6/2014 8:54:57 AM - Software Distribution Service 3.0
RP659: 6/6/2014 11:00:23 AM - Software Distribution Service 3.0
RP660: 6/6/2014 8:19:38 PM - Software Distribution Service 3.0
RP661: 6/7/2014 11:00:18 AM - Software Distribution Service 3.0
RP662: 6/7/2014 8:35:10 PM - Software Distribution Service 3.0
RP663: 6/8/2014 11:00:19 AM - Software Distribution Service 3.0
RP664: 6/8/2014 7:34:39 PM - Software Distribution Service 3.0
RP665: 6/9/2014 11:00:19 AM - Software Distribution Service 3.0
RP666: 6/9/2014 9:23:22 PM - Software Distribution Service 3.0
RP667: 6/10/2014 11:00:18 AM - Software Distribution Service 3.0
RP668: 6/10/2014 9:19:06 PM - Software Distribution Service 3.0
RP669: 6/11/2014 11:00:24 AM - Software Distribution Service 3.0
RP670: 6/11/2014 8:59:39 PM - Software Distribution Service 3.0
RP671: 6/11/2014 10:59:40 PM - Software Distribution Service 3.0
RP672: 6/12/2014 11:00:21 AM - Software Distribution Service 3.0
RP673: 6/12/2014 8:19:33 PM - Software Distribution Service 3.0
RP674: 6/13/2014 11:00:19 AM - Software Distribution Service 3.0
RP675: 6/13/2014 5:35:12 PM - Software Distribution Service 3.0
RP676: 6/13/2014 8:48:49 PM - Software Distribution Service 3.0
RP677: 6/14/2014 11:00:18 AM - Software Distribution Service 3.0
RP678: 6/14/2014 8:10:30 PM - Software Distribution Service 3.0
RP679: 6/15/2014 11:00:23 AM - Software Distribution Service 3.0
RP680: 6/15/2014 12:28:06 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
7-Zip 4.42
Acrobat.com
Adobe AIR
Adobe Flash Player 13 ActiveX
Adobe Flash Player 13 Plugin
Adobe Reader XI (11.0.07)
AnalogX Capture
ATT-RC Self Support Tool
Avira Free Antivirus
Banctec Service Agreement
BellSouth® Scan and Clean Tool
BrowseMark
CCleaner (remove only)
Conexant D850 56K V.9x DFVc Modem
Critical Update for Windows Media Player 11 (KB959772)
Dell Driver Reset Tool
Dell Support 3.2
Dell System Restore
Digital Content Portal
Digital Line Detect
Documentation & Support Launcher
East-Tec Eraser 2008 Version 8.9
EducateU
ELIcon
Games, Music, & Photos Launcher
HijackThis 1.99.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP OrderReminder
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
Internet Explorer (Enable DEP)
Internet Service Offers Launcher
Karen's WhoIs
LaserJet 1018
Malwarebytes Anti-Malware version 1.75.0.1300
MCU
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Small Business Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Works
Modem Helper
Mozilla Firefox 29.0.1 (x86 en-US)
Mozilla Maintenance Service
MSN
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NirSoft PstPassword
Open It!
OpenOffice.org 3.0
Revo Uninstaller 1.93
Roxio DLA
Roxio RecordNow Copy
Roxio RecordNow Data
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB2888505)
Security Update for Windows Internet Explorer 8 (KB2898785)
Security Update for Windows Internet Explorer 8 (KB2909210)
Security Update for Windows Internet Explorer 8 (KB2909921)
Security Update for Windows Internet Explorer 8 (KB2925418)
Security Update for Windows Internet Explorer 8 (KB2936068)
Security Update for Windows Internet Explorer 8 (KB2964358)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2416400)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2482017)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2497640)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2530548)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2559049)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2586448)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618444)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2893984)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB2914368)
Security Update for Windows XP (KB2916036)
Security Update for Windows XP (KB2922229)
Security Update for Windows XP (KB2929961)
Security Update for Windows XP (KB2930275)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sonic Activation Module
Sonic Update Manager
Spelling Dictionaries Support For Adobe Reader 8
SpywareBlaster 4.6
SpywareGuard v2.2
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB2904266)
Update for Windows XP (KB2934207)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
Update for Zip Opener
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
6/9/2014 7:56:03 AM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the Update BrowseMark service to connect.
6/9/2014 7:56:03 AM, error: Service Control Manager [7000]  - The Update BrowseMark service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
6/9/2014 7:56:03 AM, error: Service Control Manager [7000]  - The helpsvc service failed to start due to the following error:  The system cannot find the file specified.
6/9/2014 2:46:00 PM, error: Schedule [7901]  - The At2.job command failed to start due to the following error:  %%2147942402
6/9/2014 11:02:54 AM, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2833941).
6/15/2014 1:00:38 PM, error: Dhcp [1002]  - The IP address lease 192.168.1.64 for the Network Card with network address 001676A98B46 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================

 Results of screen317's Security Check version 0.99.84 
 Windows XP Service Pack 3 x86   
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````[/u]
 Windows Firewall Enabled! 
 Avira Free Antivirus   
`````````Anti-malware/Other Utilities Check:`````````[/u]
 Out of date HijackThis  installed!
 SpywareBlaster 4.6   
 SpywareGuard v2.2   
 Malwarebytes Anti-Malware version 1.75.0.1300 
 HijackThis 1.99.1   
 CCleaner (remove only)   
 Adobe Flash Player    13.0.0.214 
 Adobe Reader 8 
 Adobe Reader XI 
 Mozilla Firefox (29.0.1)
````````Process Check: objlist.exe by Laurent````````[/u] 
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
`````````````````System Health check`````````````````[/u]
 Total Fragmentation on Drive C:: 24% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````[/u]
 thanks,
Ghost

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 18330
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Hi, Ghost.

Your friend certainly made a mistake not accepting the Windows 7 computer you set up for him.  For someone who uses his computer for email and some light web surfing, he manages to pick up a lot of crud.

Let's start with AdwCleaner and JRT. 

1.  Please download Junkware Removal Tool to your desktop.  <--Note:  The provided link is a direct download link.  Please save it to your desktop!
  • Close all open programs and internet browsers.
  • Run the tool by double-clicking it.  Note:  Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

2.  Please download Adware Cleaner by Xplode to your Desktop.  <--Note:  The provided link is a direct download link.  Please save it to your desktop!
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.  Note:  Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
3.  Please note that there will be no additional security updates for Adobe Reader.  I suggest uninstalling it and install an alternate reader.  Personally, I like Sumatra PDF.  It isn't a target and doesn't include unwanted extras with the install or updates.  (See Replacing Adobe Reader with Sumatra PDF.)  Adobe ReferenceEnd of support | Acrobat and Reader for Windows XP.

4.  Adobe Flash Player is still supported and needs to be updated to the latest versions:

direct download links.

    Non-IE (Opera, Firefox, Etc.):  http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_14_plugin.exe
     
    Windows XP, Vista and 7:  Flash Player For Internet Explorer 7, 8, 9, 10, 11:  http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_14_active_x.exe

5.  The latest update to Firefox to version 30 included a number of security updates.  To get the update now, select "Help" from the Firefox menu at the upper left of the browser window, then pick "About Firefox." 


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Ghost

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 638
    • View Profile
hi corrine;-),
first off JRT will not work. i get the command window and the blinking cursor but after 30 minutes i closed the window;-(.
uninstalled adobe reader and installed Sumatra PDF;-).
flash player for ff and ie are installed.
firefox is updated to version 30.
here is the adwcleaner log:
# AdwCleaner v3.212 - Report created 15/06/2014 at 17:21:33
# Updated 05/06/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Jerry Kinsworthy - JERRYK
# Running from : C:\Documents and Settings\Jerry Kinsworthy\Desktop\adwcleaner_3.212.exe
# Option : Scan

***** [ Services ] *****

Service Found : Update BrowseMark
Service Found : Util BrowseMark

***** [ Files / Folders ] *****

File Found : C:\Documents and Settings\Jerry Kinsworthy\Application Data\Mozilla\Firefox\Profiles\chemdn6b.default\searchplugins\Mysearchdial.xml
File Found : C:\Documents and Settings\Jerry Kinsworthy\Application Data\Mozilla\Firefox\Profiles\chemdn6b.default\user.js
Folder Found : C:\Documents and Settings\All Users\Start Menu\Programs\open it!
Folder Found : C:\Documents and Settings\Jerry Kinsworthy\Application Data\DigitalSites
Folder Found : C:\Documents and Settings\Jerry Kinsworthy\Application Data\Mozilla\Firefox\Profiles\chemdn6b.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
Folder Found : C:\Documents and Settings\Jerry Kinsworthy\Application Data\Mozilla\Firefox\Profiles\chemdn6b.default\Extensions\ffxtlbr@mysearchdial.com
Folder Found : C:\Documents and Settings\Jerry Kinsworthy\Application Data\Systweak
Folder Found : C:\Documents and Settings\Jerry Kinsworthy\Desktop\Inbox
Folder Found : C:\Program Files\BrowseMark
Folder Found : C:\Program Files\openit

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\dsiteproducts
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : HKCU\Software\mysearchdial.com
Key Found : HKCU\Software\Optimizer Pro
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\Software\BrowseMark
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKLM\Software\InstallCore
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\openit open it!
Value Found : HKCU\Software\Microsoft\Internet Explorer\Main [Backup.old.Start Page]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Documents and Settings\Jerry Kinsworthy\Application Data\Mozilla\Firefox\Profiles\chemdn6b.default\prefs.js ]

Line Found : user_pref("browser.search.defaultenginename", "Mysearchdial");
Line Found : user_pref("browser.search.order.1", "Mysearchdial");
Line Found : user_pref("browser.search.selectedEngine", "Mysearchdial");
Line Found : user_pref("extensions.enabledAddons", "ffxtlbr%40mysearchdial.com:1.6.0,%7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.6.7,%7Bad9a41d2-9a49-4fa6-a79e-71a0785364c8%7D:9.5.3,%7BC49B68AC-0D21-40A7-9EE0-7[...]
Line Found : user_pref("extensions.irmysearch.aflt", "dsites04_14_16_ff");
Line Found : user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1QzutDtDtCyCyByC0Azyzz0ByEyCyCzz0D0DtN0D0Tzu0SzztAyDtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCzz0EyE0AtC0CtBtGtAtA0FyBt[...]
Line Found : user_pref("extensions.irmysearch.cr", "1770052396");
Line Found : user_pref("extensions.irmysearch.instlRef", "140305_a");
Line Found : user_pref("extensions.mysearchdial.AL", 2);
Line Found : user_pref("extensions.mysearchdial.aflt", "dsites04_14_16_ff");
Line Found : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Line Found : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutDtDtCyCyByC0Azyzz0ByEyCyCzz0D0DtN0D0Tzu0SzztAyDtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCzz0EyE0AtC0CtBtGtAtA0Fy[...]
Line Found : user_pref("extensions.mysearchdial.cntry", "US");
Line Found : user_pref("extensions.mysearchdial.cr", "1770052396");
Line Found : user_pref("extensions.mysearchdial.dfltLng", "");
Line Found : user_pref("extensions.mysearchdial.dfltSrch", true);
Line Found : user_pref("extensions.mysearchdial.dnsErr", true);
Line Found : user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,18285[...]
Line Found : user_pref("extensions.mysearchdial.excTlbr", false);
Line Found : user_pref("extensions.mysearchdial.hdrMd5", "7EA08CC2C14EF87E4B232A6DB094DA8F");
Line Found : user_pref("extensions.mysearchdial.hmpg", true);
Line Found : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=dsites04_14_16_ff&cd=2XzuyEtN2Y1L1QzutDtDtCyCyByC0Azyzz0ByEyCyCzz0D0DtN0D0Tzu0SzztAyDtN1L2XzutBtFtBtDtFtCtFtDtN1L1Czu[...]
Line Found : user_pref("extensions.mysearchdial.id", "001676A98B4668DD");
Line Found : user_pref("extensions.mysearchdial.instlDay", "16174");
Line Found : user_pref("extensions.mysearchdial.instlRef", "140305_a");
Line Found : user_pref("extensions.mysearchdial.lastB", "hxxp://start.mysearchdial.com/?f=1&a=dsites04_14_16_ff&cd=2XzuyEtN2Y1L1QzutDtDtCyCyByC0Azyzz0ByEyCyCzz0D0DtN0D0Tzu0SzztAyDtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutC[...]
Line Found : user_pref("extensions.mysearchdial.lastVrsnTs", "");
Line Found : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=dsites04_14_16_ff&cd=2XzuyEtN2Y1L1QzutDtDtCyCyByC0Azyzz0ByEyCyCzz0D0DtN0D0Tzu0SzztAyDtN1L2XzutBtFtBtDtFtCtFtDtN1L1C[...]
Line Found : user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"96\",\"lastVrsn\":\"96\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"true\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
Line Found : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Line Found : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Line Found : user_pref("extensions.mysearchdial.sg", "{smplGrp}");
Line Found : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Line Found : user_pref("extensions.mysearchdial.tlbrId", "base");
Line Found : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=dsites04_14_16_ff&cd=2XzuyEtN2Y1L1QzutDtDtCyCyByC0Azyzz0ByEyCyCzz0D0DtN0D0Tzu0SzztAyDtN1L2XzutBtFtBtDtFtCtFtDtN1L[...]
Line Found : user_pref("extensions.mysearchdial.vrsn", "1.8.29.0");
Line Found : user_pref("extensions.mysearchdial.vrsni", "1.8.29.0");
Line Found : user_pref("extensions.mysearchdial_i.newTab", false);
Line Found : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Line Found : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.29.011:45:55");

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [7005 octets] - [15/06/2014 17:21:33]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [7065 octets] ##########

thanks,
Ghost

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 18330
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Ok, let's remove what AdwCleaner found.

Double-click AdwCleaner.exe to run the tool again.
  • Click the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
Note:  Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
  • After the scan has finished,
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
How is his computer now?


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Ghost

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 638
    • View Profile
hi corrine;-),
AdwCleaner log:
# AdwCleaner v3.212 - Report created 15/06/2014 at 19:31:29
# Updated 05/06/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Jerry Kinsworthy - JERRYK
# Running from : C:\Documents and Settings\Jerry Kinsworthy\Desktop\adwcleaner_3.212.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\open it!
Folder Deleted : C:\Program Files\openit
Folder Deleted : C:\Documents and Settings\Jerry Kinsworthy\Application Data\DigitalSites
Folder Deleted : C:\Documents and Settings\Jerry Kinsworthy\Application Data\Systweak
Folder Deleted : C:\Documents and Settings\Jerry Kinsworthy\Desktop\Inbox
Folder Deleted : C:\Documents and Settings\Jerry Kinsworthy\Application Data\Mozilla\Firefox\Profiles\chemdn6b.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
Folder Deleted : C:\Documents and Settings\Jerry Kinsworthy\Application Data\Mozilla\Firefox\Profiles\chemdn6b.default\Extensions\ffxtlbr@mysearchdial.com
File Deleted : C:\Documents and Settings\Jerry Kinsworthy\Application Data\Mozilla\Firefox\Profiles\chemdn6b.default\searchplugins\Mysearchdial.xml
File Deleted : C:\Documents and Settings\Jerry Kinsworthy\Application Data\Mozilla\Firefox\Profiles\chemdn6b.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [Backup.old.Start Page]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\mysearchdial.com
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\InstallCore
Key Deleted : HKLM\Software\SweetIM
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\openit open it!
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\openit open it!

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Documents and Settings\Jerry Kinsworthy\Application Data\Mozilla\Firefox\Profiles\chemdn6b.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultenginename", "Mysearchdial");
Line Deleted : user_pref("browser.search.order.1", "Mysearchdial");
Line Deleted : user_pref("browser.search.selectedEngine", "Mysearchdial");
Line Deleted : user_pref("extensions.enabledAddons", "ffxtlbr%40mysearchdial.com:1.6.0,%7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.6.7,%7Bad9a41d2-9a49-4fa6-a79e-71a0785364c8%7D:9.5.3,%7BC49B68AC-0D21-40A7-9EE0-7[...]
Line Deleted : user_pref("extensions.irmysearch.aflt", "dsites04_14_16_ff");
Line Deleted : user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1QzutDtDtCyCyByC0Azyzz0ByEyCyCzz0D0DtN0D0Tzu0SzztAyDtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCzz0EyE0AtC0CtBtGtAtA0FyBt[...]
Line Deleted : user_pref("extensions.irmysearch.cr", "1770052396");
Line Deleted : user_pref("extensions.irmysearch.instlRef", "140305_a");
Line Deleted : user_pref("extensions.mysearchdial.AL", 2);
Line Deleted : user_pref("extensions.mysearchdial.aflt", "dsites04_14_16_ff");
Line Deleted : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Line Deleted : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutDtDtCyCyByC0Azyzz0ByEyCyCzz0D0DtN0D0Tzu0SzztAyDtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCzz0EyE0AtC0CtBtGtAtA0Fy[...]
Line Deleted : user_pref("extensions.mysearchdial.cntry", "US");
Line Deleted : user_pref("extensions.mysearchdial.cr", "1770052396");
Line Deleted : user_pref("extensions.mysearchdial.dfltLng", "");
Line Deleted : user_pref("extensions.mysearchdial.dfltSrch", true);
Line Deleted : user_pref("extensions.mysearchdial.dnsErr", true);
Line Deleted : user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,18285[...]
Line Deleted : user_pref("extensions.mysearchdial.excTlbr", false);
Line Deleted : user_pref("extensions.mysearchdial.hdrMd5", "7EA08CC2C14EF87E4B232A6DB094DA8F");
Line Deleted : user_pref("extensions.mysearchdial.hmpg", true);
Line Deleted : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=dsites04_14_16_ff&cd=2XzuyEtN2Y1L1QzutDtDtCyCyByC0Azyzz0ByEyCyCzz0D0DtN0D0Tzu0SzztAyDtN1L2XzutBtFtBtDtFtCtFtDtN1L1Czu[...]
Line Deleted : user_pref("extensions.mysearchdial.id", "001676A98B4668DD");
Line Deleted : user_pref("extensions.mysearchdial.instlDay", "16174");
Line Deleted : user_pref("extensions.mysearchdial.instlRef", "140305_a");
Line Deleted : user_pref("extensions.mysearchdial.lastB", "hxxp://start.mysearchdial.com/?f=1&a=dsites04_14_16_ff&cd=2XzuyEtN2Y1L1QzutDtDtCyCyByC0Azyzz0ByEyCyCzz0D0DtN0D0Tzu0SzztAyDtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutC[...]
Line Deleted : user_pref("extensions.mysearchdial.lastVrsnTs", "");
Line Deleted : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=dsites04_14_16_ff&cd=2XzuyEtN2Y1L1QzutDtDtCyCyByC0Azyzz0ByEyCyCzz0D0DtN0D0Tzu0SzztAyDtN1L2XzutBtFtBtDtFtCtFtDtN1L1C[...]
Line Deleted : user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"96\",\"lastVrsn\":\"96\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"true\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
Line Deleted : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.sg", "{smplGrp}");
Line Deleted : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.tlbrId", "base");
Line Deleted : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=dsites04_14_16_ff&cd=2XzuyEtN2Y1L1QzutDtDtCyCyByC0Azyzz0ByEyCyCzz0D0DtN0D0Tzu0SzztAyDtN1L2XzutBtFtBtDtFtCtFtDtN1L[...]
Line Deleted : user_pref("extensions.mysearchdial.vrsn", "1.8.29.0");
Line Deleted : user_pref("extensions.mysearchdial.vrsni", "1.8.29.0");
Line Deleted : user_pref("extensions.mysearchdial_i.newTab", false);
Line Deleted : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Line Deleted : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.29.011:45:55");

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [7145 octets] - [15/06/2014 17:21:33]
AdwCleaner[R1].txt - [6944 octets] - [15/06/2014 19:30:47]
AdwCleaner[S0].txt - [6989 octets] - [15/06/2014 19:31:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7049 octets] ##########

the puter is running much better;-).
i still have to defrag it though. seems its 24% fragmented;-(
thanks,
Ghost

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 18330
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Hi, Ghost.

1.  Since it is not only out of date but also open source not, go ahead and uninstall HijackThis 1.99.1.  While you're at it, since Java isn't installed on the computer, you can remove the following from downloaded program files:

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab

2.  Double-click on AdwCleaner.exe to run the tool again.
  • Click on the Uninstall button.
  • Click Yes when asked are you sure you want to uninstall.
  • Both AdwCleaner.exe, its folder and all logs will be removed.
3.  I also noticed that there aren't any recent System Restore points.  I know you ran Disk Cleanup but let's also set a fresh restore point and clear up the old ones before you defrag since, in addition to helping free up space on the hard disk, it can also be used to clear all but the most recent System Restore point.

First, create a fresh restore point:

1.  Click Start, click All Programs, click Accessories, click System Tools, and then click System Restore.
2.  Click Create a Restore Point, and then click Next.
3.  Name your restore point. (i.e., clean)
4.  Click the Create button.
5.  When the new restore point has been created, click Close.

Now select any additional files to be removed as well as all but the new restore points:
  • Click start-->Run and type cleanmgr into the run box and then click "OK".
  • Select the drive where Windows is installed (if you have more than one drive) and click "OK".
  • When the scan completes, check/uncheck desired boxes.
  • Next, please click the More Options tab at the top.
  • Click the "Clean up..." button under the System Restore section at the bottom.
  • Answer Yes to the question "Are you sure you want to delete all but the most recent restore point?".
  • Click OK and answer Yes[/b] again.
The disk clean up utility will remove the selected items.  When it completes, please restart the computer to properly record the changes made to the hard disk.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Ghost

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 638
    • View Profile
hi Corrine,
i have uninstalled AdwCleaner.
i created a restore point and deleted the others.
i cant find these:
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
thanks,
Ghost
 

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 18330
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
I had been thinking about running ComboFix anyway to see if there were any leftovers.

Please follow these instructions carefully.  Download ComboFix from the following location:  Link 1

!!! IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray. 

    Note:  If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum:  How to disable your security applications.

  • If infections are found, ComboFix will automatically reboot the machine to complete the removal process.  Please ensure all opened windows are closed before proceeding.
  • Double-click ComboFix.exe on your desktop and follow the prompts. 
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, a log will be produced. Please copy C:\ComboFix.txt in your next reply.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Ghost

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 638
    • View Profile
hi Corrine;-),
a very good friend of mine suggested i might try the Malwarebytes Antiexploit software on this pc. think ill try it;-)
i will uninstall HijackThis!
here is the comboFix log:
ComboFix 14-06-16.01 - Jerry Kinsworthy 06/16/2014  20:04:12.6.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1022.710 [GMT -4:00]
Running from: c:\documents and settings\Jerry Kinsworthy\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\RAIDTest
.
.
(((((((((((((((((((((((((   Files Created from 2014-05-17 to 2014-06-17  )))))))))))))))))))))))))))))))
.
.
2014-06-15 22:11 . 2014-06-15 22:11   --------   d-----w-   c:\documents and settings\Jerry Kinsworthy\Application Data\SumatraPDF
2014-06-15 22:10 . 2014-06-15 22:10   --------   d-----w-   c:\program files\SumatraPDF
2014-06-15 21:22 . 2010-08-30 12:34   536576   ----a-w-   c:\windows\system32\sqlite3.dll
2014-06-15 19:07 . 2014-06-15 19:07   --------   d-----w-   c:\documents and settings\All Users\Application Data\Licenses
2014-06-06 13:09 . 2014-06-06 13:09   --------   d-----w-   c:\documents and settings\Jerry Kinsworthy\Local Settings\Application Data\Deployment
2014-05-22 20:05 . 2014-05-13 19:55   55232   ----a-w-   c:\windows\system32\drivers\{b99c8534-7800-48fa-bd71-519a46cdc7e1}t.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-15 22:09 . 2013-02-23 17:36   699056   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2014-06-15 22:09 . 2011-10-09 13:06   71344   -c--a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-27 11:41 . 2012-11-04 22:41   136216   ----a-w-   c:\windows\system32\drivers\avipbb.sys
2014-05-27 11:41 . 2012-11-04 22:41   93528   ----a-w-   c:\windows\system32\drivers\avgntflt.sys
2014-05-13 19:25 . 2014-05-13 19:25   17938608   ----a-w-   c:\windows\system32\FlashPlayerInstaller.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-05-27 737872]
.
c:\documents and settings\Jerry Kinsworthy\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 17:41   294912   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Jerry Kinsworthy^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 09:42   15360   ----a-w-   c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2006-07-17 02:29   389120   -c--a-w-   c:\program files\Dell Support\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-09-08 10:20   122940   -c--a-w-   c:\windows\system32\DLA\DLACTRLW.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
2007-03-22 23:29   39264   -c--a-w-   c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser RiskMonitor]
2008-03-22 20:43   18536   -c--a-w-   c:\program files\East-Tec Eraser 2008\Launch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-09-20 13:32   77824   -c--a-w-   c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-09-20 13:32   77824   -c--a-w-   c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-09-20 13:36   114688   -c--a-w-   c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-09-20 13:35   94208   -c--a-w-   c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 21:50   221184   -c--a-w-   c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 21:50   81920   -c--a-w-   c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2005-09-20 13:36   114688   -c--a-w-   c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-15 00:42   1404928   -c--a-w-   c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
.
R1 {b99c8534-7800-48fa-bd71-519a46cdc7e1}t;{b99c8534-7800-48fa-bd71-519a46cdc7e1}t;c:\windows\system32\drivers\{b99c8534-7800-48fa-bd71-519a46cdc7e1}t.sys [5/22/2014 4:05 PM 55232]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [11/4/2012 6:41 PM 37352]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10/10/2006 1:53 PM 5632]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 12:39 PM 32256]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/4/2012 6:42 PM 430160]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 5:51 PM 4096]
.
Contents of the 'Scheduled Tasks' folder
.
2014-06-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-23 22:09]
.
2014-06-16 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-03-18 01:59]
.
2014-06-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-18 01:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Jerry Kinsworthy\Application Data\Mozilla\Firefox\Profiles\chemdn6b.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe
AddRemove-NirSoft PstPassword - c:\documents and settings\Jerry Kinsworthy\Desktop\PstPassword\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-06-16 20:11
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_125_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_125_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(632)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Completion time: 2014-06-16  20:14:23
ComboFix-quarantined-files.txt  2014-06-17 00:14
ComboFix2.txt  2013-04-20 22:46
.
Pre-Run: 27,334,610,944 bytes free
Post-Run: 27,324,592,128 bytes free
.
- - End Of File - - 56943CD6E4AE71E0C8D362AC4FAA2CD7
5CB90281D1A59B251F6603134774EEC3

Thanks,
Ghost

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 18330
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Hi, Ghost. 

Looks like a remnant of MySearchDial needs to be removed.  Let's see if this takes care of it.

Custom CFScript

Note: The following instructions were created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


  • Please open Notepad (Click Start -> Run -> type notepad in the Open field -> OK).  Copy/Paste all of the text present inside the code box below:
Code: [Select]
DDS::
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab

File::
c:\windows\system32\drivers\{b99c8534-7800-48fa-bd71-519a46cdc7e1}t.sys

Driver::
{b99c8534-7800-48fa-bd71-519a46cdc7e1}t
  • Save this as CFScript.txt and place it on your desktop.
  • Close any open browsers.
  • Close/disable all antivirus and anti-malware programs so they do not interfere with the running of ComboFix.




  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Ghost

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 638
    • View Profile
hi Corrine;-),
i cant uninstall or find hijack this. i ran add/remove programs and its not there. ran revo uninstaller and not there. did xp search for files/folders and its not there?
here is the combofix log:
ComboFix 14-06-16.01 - Jerry Kinsworthy 06/17/2014  17:25:46.7.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1022.731 [GMT -4:00]
Running from: c:\documents and settings\Jerry Kinsworthy\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jerry Kinsworthy\Desktop\CFScript.txt
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
FILE ::
"c:\windows\system32\drivers\{b99c8534-7800-48fa-bd71-519a46cdc7e1}t.sys"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_{B99C8534-7800-48FA-BD71-519A46CDC7E1}T
-------\Service_{b99c8534-7800-48fa-bd71-519a46cdc7e1}t
.
.
(((((((((((((((((((((((((   Files Created from 2014-05-17 to 2014-06-17  )))))))))))))))))))))))))))))))
.
.
2014-06-15 22:11 . 2014-06-15 22:11   --------   d-----w-   c:\documents and settings\Jerry Kinsworthy\Application Data\SumatraPDF
2014-06-15 22:10 . 2014-06-15 22:10   --------   d-----w-   c:\program files\SumatraPDF
2014-06-15 21:22 . 2010-08-30 12:34   536576   ----a-w-   c:\windows\system32\sqlite3.dll
2014-06-15 19:07 . 2014-06-15 19:07   --------   d-----w-   c:\documents and settings\All Users\Application Data\Licenses
2014-06-06 13:09 . 2014-06-06 13:09   --------   d-----w-   c:\documents and settings\Jerry Kinsworthy\Local Settings\Application Data\Deployment
2014-05-22 20:05 . 2014-05-13 19:55   55232   ----a-w-   c:\windows\system32\drivers\{b99c8534-7800-48fa-bd71-519a46cdc7e1}t.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-15 22:09 . 2013-02-23 17:36   699056   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2014-06-15 22:09 . 2011-10-09 13:06   71344   -c--a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-27 11:41 . 2012-11-04 22:41   136216   ----a-w-   c:\windows\system32\drivers\avipbb.sys
2014-05-27 11:41 . 2012-11-04 22:41   93528   ----a-w-   c:\windows\system32\drivers\avgntflt.sys
2014-05-13 19:25 . 2014-05-13 19:25   17938608   ----a-w-   c:\windows\system32\FlashPlayerInstaller.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-05-27 737872]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 17:41   294912   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Jerry Kinsworthy^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Jerry Kinsworthy^Start Menu^Programs^Startup^SpywareGuard.lnk]
path=c:\documents and settings\Jerry Kinsworthy\Start Menu\Programs\Startup\SpywareGuard.lnk
backup=c:\windows\pss\SpywareGuard.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2014-05-27 11:41   737872   ----a-w-   c:\program files\Avira\AntiVir Desktop\avgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 09:42   15360   ----a-w-   c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2006-07-17 02:29   389120   -c--a-w-   c:\program files\Dell Support\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-09-08 10:20   122940   -c--a-w-   c:\windows\system32\DLA\DLACTRLW.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
2007-03-22 23:29   39264   -c--a-w-   c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser RiskMonitor]
2008-03-22 20:43   18536   -c--a-w-   c:\program files\East-Tec Eraser 2008\Launch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-09-20 13:32   77824   -c--a-w-   c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-09-20 13:32   77824   -c--a-w-   c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-09-20 13:36   114688   -c--a-w-   c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-09-20 13:35   94208   -c--a-w-   c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 21:50   221184   -c--a-w-   c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 21:50   81920   -c--a-w-   c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2005-09-20 13:36   114688   -c--a-w-   c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-15 00:42   1404928   -c--a-w-   c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [11/4/2012 6:41 PM 37352]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10/10/2006 1:53 PM 5632]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 12:39 PM 32256]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/4/2012 6:42 PM 430160]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 5:51 PM 4096]
.
Contents of the 'Scheduled Tasks' folder
.
2014-06-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-23 22:09]
.
2014-06-17 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-03-18 01:59]
.
2014-06-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-18 01:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Jerry Kinsworthy\Application Data\Mozilla\Firefox\Profiles\chemdn6b.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-06-17 17:36
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_125_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_125_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(632)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3616)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Avira\AntiVir Desktop\avshadow.exe
.
**************************************************************************
.
Completion time: 2014-06-17  17:44:04 - machine was rebooted
ComboFix-quarantined-files.txt  2014-06-17 21:44
ComboFix2.txt  2014-06-17 00:14
ComboFix3.txt  2013-04-20 22:46
.
Pre-Run: 26,943,848,448 bytes free
Post-Run: 26,847,784,960 bytes free
.
- - End Of File - - 74A2F1391370C4D08CCD202496FE9DAF
5CB90281D1A59B251F6603134774EEC3

thanks,
Ghost

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 18330
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
That's ok, Ghost.  I only mentioned it because it isn't likely your friend will need to use it.  In fact, I strongly suspect it is left over from your many efforts helping him with his computer! 

If all is well now, go ahead and uninstall ComboFix. 

Please do the following to implement cleanup procedures and also to reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall

Note: In the event you wish to contribute to the ongoing development of ComboFix, the developer is accepting donations via PayPal.


Although Malwarebytes Anti-Exploit is an excellent idea, it won't save your friend from himself.  See the FAQ's for additional information:  Frequently Asked Questions.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Ghost

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 638
    • View Profile
hi Corrine;-),
Quote
In fact, I strongly suspect it is left over from your many efforts helping him with his computer!
could be but i dont remember you requesting it to be used in the past but.....
i have uninstalled combofix.
the puter is running very nicely now;-).
thanks for all your help :rose:
Ghost

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 18330
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
You're welcome, as always!


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.