Hello,
I have a Dell Inspiron running on Windows Vista. I inadvertently downloaded Zip opener packages, which downloaded a number of files including mysearchdial. I uninstalled the files, and it seemed to work, accept mysearchdial is still appearing in Firefox and IE. I tried a System Restore, but it didn't remove the files. I also tried running Spybot, Malware Bytes, and AVG with no luck. Any help would be greatly appreciated.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:22:21 PM, on 12/6/2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16520)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
C:\Users\Mardi\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: JL Edwardian Advent Calendar.lnk = C:\Program Files\JL Edwardian Advent Calendar\JL Edwardian Advent Calendar.exe
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgwdsvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
--
End of file - 4951 bytes
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16520 BrowserJavaVersion: 10.7.2
Run by Mardi at 21:25:17 on 2013-12-06
Microsoft® Windows Vista Home Premium 6.0.6002.2.1252.1.1033.18.984.78 [GMT -7:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ================
.
C:\PROGRA~1\AVG\AVG2014\avgrsx.exe
C:\Program Files\AVG\AVG2014\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\AVG\AVG2014\avgidsagent.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG2014\avgwdsvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\AVG\AVG2014\avgnsx.exe
C:\Program Files\AVG\AVG2014\avgemcx.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uWindow Title = Internet Explorer, optimized for Bing and MSN
mStart Page = hxxp://www.google.com
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY
StartupFolder: c:\users\mardi\appdata\roaming\micros~1\windows\startm~1\programs\startup\j ledwa~1.lnk - c:\program files\jl edwardian advent calendar\JL Edwardian Advent Calendar.exe
StartupFolder: c:\users\mardi\appdata\roaming\micros~1\windows\startm~1\programs\startup\o penof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: NameServer = 192.168.0.1 205.171.2.25
TCP: Interfaces\{A4704449-32C9-403C-8469-D1D465D5C4CE} : DHCPNameServer = 192.168.0.1 205.171.2.25
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mardi\appdata\roaming\mozilla\firefox\profiles\z5gehq01.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_152.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2013-12-06 17:40; {ad9a41d2-9a49-4fa6-a79e-71a0785364c8}; c:\users\mardi\appdata\roaming\mozilla\firefox\profiles\z5gehq01.default\ex tensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.mysearchdial.hmpg - true
FF - user.js: extensions.mysearchdial.hmpgUrl - hxxp://start.mysearchdial.com/?f=1&a=dsites&cd=2XzuyEtN2Y1L1QzuyBtDtC0AtDyEtCyC0A0BtB0AtA0A0E0CtN0D0Tzu0S yBtDyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=127138290&ir=
FF - user.js: extensions.mysearchdial.dfltSrch - true
FF - user.js: extensions.mysearchdial.srchPrvdr - Mysearchdial
FF - user.js: extensions.mysearchdial.dnsErr - true
FF - user.js: extensions.mysearchdial_i.newTab - false
FF - user.js: extensions.mysearchdial.newTabUrl - hxxp://start.mysearchdial.com/?f=2&a=dsites&cd=2XzuyEtN2Y1L1QzuyBtDtC0AtDyEtCyC0A0BtB0AtA0A0E0CtN0D0Tzu0S yBtDyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=127138290&ir=
FF - user.js: extensions.mysearchdial.tlbrSrchUrl - hxxp://start.mysearchdial.com/?f=3&a=dsites&cd=2XzuyEtN2Y1L1QzuyBtDtC0AtDyEtCyC0A0BtB0AtA0A0E0CtN0D0Tzu0S yBtDyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=127138290&ir=&q=
FF - user.js: extensions.mysearchdial.id - 701A0416AB2A3AEC
FF - user.js: extensions.mysearchdial.instlDay - 16045
FF - user.js: extensions.mysearchdial.vrsn - 1.8.21.0
FF - user.js: extensions.mysearchdial.vrsni - 1.8.21.0
FF - user.js: extensions.mysearchdial_i.vrsnTs - 1.8.21.017:39:35
FF - user.js: extensions.mysearchdial.prtnrId - mysearchdial
FF - user.js: extensions.mysearchdial.prdct - mysearchdial
FF - user.js: extensions.mysearchdial.aflt - dsites
FF - user.js: extensions.mysearchdial_i.smplGrp - none
FF - user.js: extensions.mysearchdial.tlbrId - base
FF - user.js: extensions.mysearchdial.instlRef -
FF - user.js: extensions.mysearchdial.dfltLng -
FF - user.js: extensions.mysearchdial.appId - {CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
FF - user.js: extensions.mysearchdial.excTlbr - false
FF - user.js: extensions.mysearchdial_i.hmpg - true
FF - user.js: extensions.mysearchdial.cr - 127138290
FF - user.js: extensions.mysearchdial.cd - 2XzuyEtN2Y1L1QzuyBtDtC0AtDyEtCyC0A0BtB0AtA0A0E0CtN0D0Tzu0SyBtDyCtN1L2XzutBt FtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R
FF - user.js: extensions.irmysearch.aflt - dsites
FF - user.js: extensions.irmysearch.instlRef -
FF - user.js: extensions.irmysearch.cr - 127138290
FF - user.js: extensions.irmysearch.cd - 2XzuyEtN2Y1L1QzuyBtDtC0AtDyEtCyC0A0BtB0AtA0A0E0CtN0D0Tzu0SyBtDyCtN1L2XzutBt FtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R
.
.
.
.
.
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-10-24 147768]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-10-31 222520]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-10-1 102712]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-9-10 27448]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2013-11-5 120600]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-11-4 209176]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-9-17 22840]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-10-31 176952]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-8-1 193848]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2013-11-11 3478544]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2014\avgwdsvc.exe [2013-9-24 348008]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v040 0.exe [2013-7-20 754856]
.
=============== Created Last 30 ================
.
2013-12-07 02:23:46 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2013-12-07 02:23:32 -------- d-----w- c:\program files\Reason
2013-12-07 00:41:59 -------- d-----w- c:\program files\BrowseSmart
2013-12-05 04:29:26 -------- d-----w- c:\users\mardi\appdata\roaming\JLAdventCalendarEdwardian2013
2013-12-05 02:40:59 -------- d-----w- c:\program files\JL Edwardian Advent Calendar
2013-11-14 01:25:37 596480 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-11-14 01:25:37 444928 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-11-14 01:25:35 297984 ----a-w- c:\windows\system32\gdi32.dll
2013-11-14 01:25:29 993792 ----a-w- c:\windows\system32\crypt32.dll
.
==================== Find3M ====================
.
2013-11-22 01:30:30 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-22 01:30:29 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-06 04:50:48 120600 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2013-11-05 04:57:30 209176 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-11-01 06:00:28 176952 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-11-01 05:30:08 222520 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-10-25 05:28:32 147768 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-10-13 09:48:06 1806848 ----a-w- c:\windows\system32\jscript9.dll
2013-10-13 09:35:52 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-10-13 09:35:38 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-10-13 09:30:14 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-10-13 09:29:02 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-10-13 09:25:39 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-09-17 07:57:26 22840 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-09-10 07:43:20 27448 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
.
============= FINISH: 21:26:37.35 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 9/27/2011 2:44:48 PM
System Uptime: 12/6/2013 8:18:06 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0G848F
Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz | Microprocessor | 1600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 171.356 GiB free.
D: is CDROM (CDFS)
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP213: 10/10/2013 6:30:11 PM - Windows Update
RP214: 10/13/2013 5:41:41 PM - Scheduled Checkpoint
RP215: 10/21/2013 8:45:05 PM - Scheduled Checkpoint
RP216: 10/27/2013 7:23:36 PM - Scheduled Checkpoint
RP217: 10/28/2013 8:22:10 PM - Scheduled Checkpoint
RP218: 11/2/2013 9:54:33 AM - Scheduled Checkpoint
RP219: 11/4/2013 7:56:03 PM - Scheduled Checkpoint
RP220: 11/9/2013 11:44:15 AM - Scheduled Checkpoint
RP221: 11/10/2013 7:49:46 PM - Scheduled Checkpoint
RP222: 11/11/2013 7:35:29 PM - Scheduled Checkpoint
RP223: 11/14/2013 7:12:15 PM - Windows Update
RP224: 11/18/2013 7:49:04 PM - Scheduled Checkpoint
RP225: 11/22/2013 7:47:30 PM - Scheduled Checkpoint
RP226: 11/24/2013 7:57:36 PM - Scheduled Checkpoint
RP227: 11/25/2013 12:59:45 PM - Scheduled Checkpoint
RP228: 11/26/2013 3:42:56 PM - Scheduled Checkpoint
RP229: 11/27/2013 9:18:27 AM - Scheduled Checkpoint
RP230: 11/29/2013 4:25:11 PM - Scheduled Checkpoint
RP231: 12/1/2013 5:18:39 PM - Scheduled Checkpoint
RP232: 12/3/2013 7:13:07 AM - Scheduled Checkpoint
RP233: 12/4/2013 8:52:13 PM - Scheduled Checkpoint
RP234: 12/5/2013 8:51:30 PM - Scheduled Checkpoint
RP235: 12/6/2013 5:45:37 PM - Restore Operation
RP236: 12/6/2013 5:57:19 PM - Restore Operation
RP237: 12/6/2013 6:08:56 PM - 12/4/2013 9:00:00 pm
RP238: 12/6/2013 6:12:41 PM - Restore Operation
RP239: 12/6/2013 6:42:13 PM - Restore Operation
RP240: 12/6/2013 7:22:28 PM - Installed Should I Remove It
RP241: 12/6/2013 8:14:45 PM - Restore Operation
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.5)
AVG 2014
CCleaner
Dell Wireless 1515 Driver Installation
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Jacquie Lawson Edwardian Advent Calendar
Java 7 Update 7
Java Auto Updater
Java(TM) 6 Update 20
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 25.0.1 (x86 en-US)
Mozilla Maintenance Service
OpenOffice.org 3.2
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Should I Remove It
Spybot - Search & Destroy
SUPERAntiSpyware
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Visual Studio 2012 x86 Redistributables
VLC media player 1.1.8
.
==== Event Viewer Messages From Past Week ========
.
12/6/2013 8:20:07 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
12/6/2013 6:24:47 PM, Error: Service Control Manager [7031] - The Update BrowseSmart service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
12/6/2013 5:57:06 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Eventlog service.
12/3/2013 6:28:14 AM, Error: EventLog [6008] - The previous system shutdown at 1:53:43 AM on 12/3/2013 was unexpected.
12/3/2013 1:52:32 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
12/1/2013 8:26:34 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
12/1/2013 3:14:26 PM, Error: EventLog [6008] - The previous system shutdown at 6:59:25 PM on 11/30/2013 was unexpected.
.
==== End Of File ===========================
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-12-06 21:49:57
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK2555GSX rev.FG000D 232.89GB
Running: vp0iipc8.exe; Driver: C:\Users\Mardi\AppData\Local\Temp\pgloypob.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0x8AEB1690]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0x8AEB17B0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0x8AEB1010]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenThread [0x8AEB1490]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendProcess [0x8AEB12D0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendThread [0x8AEB13B0]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0x8ABE7640]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0x8AEB11F0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0x8AEB1590]
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!KeSetEvent + 3BD 81CC2A08 8 Bytes [90, 16, EB, 8A, B0, 17, EB, ...] {NOP ; PUSH SS; JMP 0xffffff8e; MOV AL, 0x17; JMP 0xffffff92}
.text ntkrnlpa.exe!KeSetEvent + 3F1 81CC2A3C 4 Bytes [10, 10, EB, 8A] {ADC [EAX], DL; JMP 0xffffff8e}
.text ntkrnlpa.exe!KeSetEvent + 40D 81CC2A58 4 Bytes [90, 14, EB, 8A]
.text ntkrnlpa.exe!KeSetEvent + 611 81CC2C5C 8 Bytes [D0, 12, EB, 8A, B0, 13, EB, ...] {RCL BYTE [EDX], 0x1; JMP 0xffffff8e; MOV AL, 0x13; JMP 0xffffff92}
.text ntkrnlpa.exe!KeSetEvent + 621 81CC2C6C 8 Bytes [40, 76, BE, 8A, F0, 11, EB, ...]
.text ...
? C:\Users\Mardi\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[1992] ntdll.dll!LdrLoadDll 77149378 5 Bytes JMP 63B8E210 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1992] kernel32.dll!HeapSetInformation + 26 7522A8B0 7 Bytes JMP 63B92C10 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1992] kernel32.dll!LockResource + C 75246ACB 7 Bytes JMP 643522AA C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1992] kernel32.dll!VirtualAllocEx + 54 7524AF50 7 Bytes JMP 643522CD C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1992] USER32.dll!GetWindowInfo 752F428E 5 Bytes JMP 6426F425 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1992] GDI32.dll!SetStretchBltMode + 256 74DF745C 7 Bytes JMP 6435222B C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2200] USER32.dll!EnableWindow 752ECD8B 5 Bytes JMP 6D4F9ECC C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2200] USER32.dll!DialogBoxParamW 753110B0 5 Bytes JMP 6D45189B C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2200] USER32.dll!DialogBoxIndirectParamW 75312EF5 5 Bytes JMP 6D649266 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2200] USER32.dll!DialogBoxParamA 75328152 5 Bytes JMP 6D649201 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2200] USER32.dll!DialogBoxIndirectParamA 7532847D 5 Bytes JMP 6D6492CB C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2200] USER32.dll!MessageBoxIndirectA 7533D4D9 5 Bytes JMP 6D649188 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2200] USER32.dll!MessageBoxIndirectW 7533D5D3 5 Bytes JMP 6D64910F C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2200] USER32.dll!MessageBoxExA 7533D639 5 Bytes JMP 6D6490AB C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2200] USER32.dll!MessageBoxExW 7533D65D 5 Bytes JMP 6D649047 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] kernel32.dll!CreateThread 7524CB0E 5 Bytes JMP 6D4B75DB C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] USER32.dll!CreateDialogParamW 752E72A2 5 Bytes JMP 6D6495D0 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] USER32.dll!GetAsyncKeyState 752E863C 5 Bytes JMP 6D49DECD C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] USER32.dll!SetWindowsHookExW 752E87AD 5 Bytes JMP 6D4F25C4 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] USER32.dll!CallNextHookEx 752E8E3B 5 Bytes JMP 6D517FFF C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] USER32.dll!UnhookWindowsHookEx 752E98DB 5 Bytes JMP 6D53ED20 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] USER32.dll!EnableWindow 752ECD8B 5 Bytes JMP 6D4F9ECC C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] USER32.dll!DefWindowProcA 752EDB88 7 Bytes JMP 6D4B9805 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] USER32.dll!CreateWindowExA 752EDC2A 5 Bytes JMP 6D4C363B C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] USER32.dll!CreateWindowExW 752F1305 5 Bytes JMP 6D5203EF C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] USER32.dll!GetKeyState 752F8CB1 5 Bytes JMP 6D49DDA7 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] USER32.dll!DefWindowProcW 753003B4 7 Bytes JMP 6D518062 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] USER32.dll!IsDialogMessageW 75300745 5 Bytes JMP 6D649D2A C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] USER32.dll!CreateDialogParamA 753017AA 5 Bytes JMP 6D649598 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] USER32.dll!IsDialogMessage 75301847 5 Bytes JMP 6D649D02 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] USER32.dll!CreateDialogIndirectParamA 753026F1 5 Bytes JMP 6D649608 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] USER32.dll!CreateDialogIndirectParamW 75309A62 5 Bytes JMP 6D649640 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] USER32.dll!SetKeyboardState 75310987 5 Bytes JMP 6D64A5F1 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] USER32.dll!DialogBoxParamW 753110B0 5 Bytes JMP 6D45189B C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] USER32.dll!DialogBoxIndirectParamW 75312EF5 5 Bytes JMP 6D649266 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] USER32.dll!SendInput 75312F75 5 Bytes JMP 6D64A599 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] USER32.dll!EndDialog 7531326E 5 Bytes JMP 6D649FD6 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] USER32.dll!SetCursorPos 75326FB2 5 Bytes JMP 6D64A672 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] USER32.dll!DialogBoxParamA 75328152 5 Bytes JMP 6D649201 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] USER32.dll!DialogBoxIndirectParamA 7532847D 5 Bytes JMP 6D6492CB C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] USER32.dll!MessageBoxIndirectA 7533D4D9 5 Bytes JMP 6D649188 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] USER32.dll!MessageBoxIndirectW 7533D5D3 5 Bytes JMP 6D64910F C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] USER32.dll!MessageBoxExA 7533D639 5 Bytes JMP 6D6490AB C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] USER32.dll!MessageBoxExW 7533D65D 5 Bytes JMP 6D649047 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] USER32.dll!keybd_event 7533D972 5 Bytes JMP 6D64A556 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] SHELL32.dll!SHRestricted + D95 758889A8 4 Bytes [CF, 01, 4D, 6A] {IRET ; ADD [EBP+0x6a], ECX}
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] SHELL32.dll!SHRestricted + D9D 758889B0 8 Bytes [E0, 61, 4C, 6A, 79, F7, 4C, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] ole32.dll!OleLoadFromStream 750D1E80 5 Bytes JMP 6D649A34 C:\Windows\system32\IEFRAME.dll
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
(I got just so far on this scan before I got an error message reading "There is no disk in the drive. Please insert a disk into drive \Device\Harddisk1\DR1. I cant get past the error message.)
I have a Dell Inspiron running on Windows Vista. I inadvertently downloaded Zip opener packages, which downloaded a number of files including mysearchdial. I uninstalled the files, and it seemed to work, accept mysearchdial is still appearing in Firefox and IE. I tried a System Restore, but it didn't remove the files. I also tried running Spybot, Malware Bytes, and AVG with no luck. Any help would be greatly appreciated.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:22:21 PM, on 12/6/2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16520)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
C:\Users\Mardi\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: JL Edwardian Advent Calendar.lnk = C:\Program Files\JL Edwardian Advent Calendar\JL Edwardian Advent Calendar.exe
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgwdsvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
--
End of file - 4951 bytes
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16520 BrowserJavaVersion: 10.7.2
Run by Mardi at 21:25:17 on 2013-12-06
Microsoft® Windows Vista Home Premium 6.0.6002.2.1252.1.1033.18.984.78 [GMT -7:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ================
.
C:\PROGRA~1\AVG\AVG2014\avgrsx.exe
C:\Program Files\AVG\AVG2014\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\AVG\AVG2014\avgidsagent.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG2014\avgwdsvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\AVG\AVG2014\avgnsx.exe
C:\Program Files\AVG\AVG2014\avgemcx.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uWindow Title = Internet Explorer, optimized for Bing and MSN
mStart Page = hxxp://www.google.com
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY
StartupFolder: c:\users\mardi\appdata\roaming\micros~1\windows\startm~1\programs\startup\j ledwa~1.lnk - c:\program files\jl edwardian advent calendar\JL Edwardian Advent Calendar.exe
StartupFolder: c:\users\mardi\appdata\roaming\micros~1\windows\startm~1\programs\startup\o penof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: NameServer = 192.168.0.1 205.171.2.25
TCP: Interfaces\{A4704449-32C9-403C-8469-D1D465D5C4CE} : DHCPNameServer = 192.168.0.1 205.171.2.25
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mardi\appdata\roaming\mozilla\firefox\profiles\z5gehq01.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_152.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2013-12-06 17:40; {ad9a41d2-9a49-4fa6-a79e-71a0785364c8}; c:\users\mardi\appdata\roaming\mozilla\firefox\profiles\z5gehq01.default\ex tensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.mysearchdial.hmpg - true
FF - user.js: extensions.mysearchdial.hmpgUrl - hxxp://start.mysearchdial.com/?f=1&a=dsites&cd=2XzuyEtN2Y1L1QzuyBtDtC0AtDyEtCyC0A0BtB0AtA0A0E0CtN0D0Tzu0S yBtDyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=127138290&ir=
FF - user.js: extensions.mysearchdial.dfltSrch - true
FF - user.js: extensions.mysearchdial.srchPrvdr - Mysearchdial
FF - user.js: extensions.mysearchdial.dnsErr - true
FF - user.js: extensions.mysearchdial_i.newTab - false
FF - user.js: extensions.mysearchdial.newTabUrl - hxxp://start.mysearchdial.com/?f=2&a=dsites&cd=2XzuyEtN2Y1L1QzuyBtDtC0AtDyEtCyC0A0BtB0AtA0A0E0CtN0D0Tzu0S yBtDyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=127138290&ir=
FF - user.js: extensions.mysearchdial.tlbrSrchUrl - hxxp://start.mysearchdial.com/?f=3&a=dsites&cd=2XzuyEtN2Y1L1QzuyBtDtC0AtDyEtCyC0A0BtB0AtA0A0E0CtN0D0Tzu0S yBtDyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=127138290&ir=&q=
FF - user.js: extensions.mysearchdial.id - 701A0416AB2A3AEC
FF - user.js: extensions.mysearchdial.instlDay - 16045
FF - user.js: extensions.mysearchdial.vrsn - 1.8.21.0
FF - user.js: extensions.mysearchdial.vrsni - 1.8.21.0
FF - user.js: extensions.mysearchdial_i.vrsnTs - 1.8.21.017:39:35
FF - user.js: extensions.mysearchdial.prtnrId - mysearchdial
FF - user.js: extensions.mysearchdial.prdct - mysearchdial
FF - user.js: extensions.mysearchdial.aflt - dsites
FF - user.js: extensions.mysearchdial_i.smplGrp - none
FF - user.js: extensions.mysearchdial.tlbrId - base
FF - user.js: extensions.mysearchdial.instlRef -
FF - user.js: extensions.mysearchdial.dfltLng -
FF - user.js: extensions.mysearchdial.appId - {CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
FF - user.js: extensions.mysearchdial.excTlbr - false
FF - user.js: extensions.mysearchdial_i.hmpg - true
FF - user.js: extensions.mysearchdial.cr - 127138290
FF - user.js: extensions.mysearchdial.cd - 2XzuyEtN2Y1L1QzuyBtDtC0AtDyEtCyC0A0BtB0AtA0A0E0CtN0D0Tzu0SyBtDyCtN1L2XzutBt FtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R
FF - user.js: extensions.irmysearch.aflt - dsites
FF - user.js: extensions.irmysearch.instlRef -
FF - user.js: extensions.irmysearch.cr - 127138290
FF - user.js: extensions.irmysearch.cd - 2XzuyEtN2Y1L1QzuyBtDtC0AtDyEtCyC0A0BtB0AtA0A0E0CtN0D0Tzu0SyBtDyCtN1L2XzutBt FtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R
.
.
.
.
.
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-10-24 147768]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-10-31 222520]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-10-1 102712]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-9-10 27448]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2013-11-5 120600]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-11-4 209176]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-9-17 22840]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-10-31 176952]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-8-1 193848]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2013-11-11 3478544]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2014\avgwdsvc.exe [2013-9-24 348008]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v040 0.exe [2013-7-20 754856]
.
=============== Created Last 30 ================
.
2013-12-07 02:23:46 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2013-12-07 02:23:32 -------- d-----w- c:\program files\Reason
2013-12-07 00:41:59 -------- d-----w- c:\program files\BrowseSmart
2013-12-05 04:29:26 -------- d-----w- c:\users\mardi\appdata\roaming\JLAdventCalendarEdwardian2013
2013-12-05 02:40:59 -------- d-----w- c:\program files\JL Edwardian Advent Calendar
2013-11-14 01:25:37 596480 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-11-14 01:25:37 444928 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-11-14 01:25:35 297984 ----a-w- c:\windows\system32\gdi32.dll
2013-11-14 01:25:29 993792 ----a-w- c:\windows\system32\crypt32.dll
.
==================== Find3M ====================
.
2013-11-22 01:30:30 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-22 01:30:29 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-06 04:50:48 120600 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2013-11-05 04:57:30 209176 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-11-01 06:00:28 176952 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-11-01 05:30:08 222520 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-10-25 05:28:32 147768 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-10-13 09:48:06 1806848 ----a-w- c:\windows\system32\jscript9.dll
2013-10-13 09:35:52 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-10-13 09:35:38 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-10-13 09:30:14 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-10-13 09:29:02 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-10-13 09:25:39 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-09-17 07:57:26 22840 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-09-10 07:43:20 27448 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
.
============= FINISH: 21:26:37.35 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 9/27/2011 2:44:48 PM
System Uptime: 12/6/2013 8:18:06 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0G848F
Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz | Microprocessor | 1600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 171.356 GiB free.
D: is CDROM (CDFS)
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP213: 10/10/2013 6:30:11 PM - Windows Update
RP214: 10/13/2013 5:41:41 PM - Scheduled Checkpoint
RP215: 10/21/2013 8:45:05 PM - Scheduled Checkpoint
RP216: 10/27/2013 7:23:36 PM - Scheduled Checkpoint
RP217: 10/28/2013 8:22:10 PM - Scheduled Checkpoint
RP218: 11/2/2013 9:54:33 AM - Scheduled Checkpoint
RP219: 11/4/2013 7:56:03 PM - Scheduled Checkpoint
RP220: 11/9/2013 11:44:15 AM - Scheduled Checkpoint
RP221: 11/10/2013 7:49:46 PM - Scheduled Checkpoint
RP222: 11/11/2013 7:35:29 PM - Scheduled Checkpoint
RP223: 11/14/2013 7:12:15 PM - Windows Update
RP224: 11/18/2013 7:49:04 PM - Scheduled Checkpoint
RP225: 11/22/2013 7:47:30 PM - Scheduled Checkpoint
RP226: 11/24/2013 7:57:36 PM - Scheduled Checkpoint
RP227: 11/25/2013 12:59:45 PM - Scheduled Checkpoint
RP228: 11/26/2013 3:42:56 PM - Scheduled Checkpoint
RP229: 11/27/2013 9:18:27 AM - Scheduled Checkpoint
RP230: 11/29/2013 4:25:11 PM - Scheduled Checkpoint
RP231: 12/1/2013 5:18:39 PM - Scheduled Checkpoint
RP232: 12/3/2013 7:13:07 AM - Scheduled Checkpoint
RP233: 12/4/2013 8:52:13 PM - Scheduled Checkpoint
RP234: 12/5/2013 8:51:30 PM - Scheduled Checkpoint
RP235: 12/6/2013 5:45:37 PM - Restore Operation
RP236: 12/6/2013 5:57:19 PM - Restore Operation
RP237: 12/6/2013 6:08:56 PM - 12/4/2013 9:00:00 pm
RP238: 12/6/2013 6:12:41 PM - Restore Operation
RP239: 12/6/2013 6:42:13 PM - Restore Operation
RP240: 12/6/2013 7:22:28 PM - Installed Should I Remove It
RP241: 12/6/2013 8:14:45 PM - Restore Operation
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.5)
AVG 2014
CCleaner
Dell Wireless 1515 Driver Installation
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Jacquie Lawson Edwardian Advent Calendar
Java 7 Update 7
Java Auto Updater
Java(TM) 6 Update 20
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 25.0.1 (x86 en-US)
Mozilla Maintenance Service
OpenOffice.org 3.2
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Should I Remove It
Spybot - Search & Destroy
SUPERAntiSpyware
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Visual Studio 2012 x86 Redistributables
VLC media player 1.1.8
.
==== Event Viewer Messages From Past Week ========
.
12/6/2013 8:20:07 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
12/6/2013 6:24:47 PM, Error: Service Control Manager [7031] - The Update BrowseSmart service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
12/6/2013 5:57:06 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Eventlog service.
12/3/2013 6:28:14 AM, Error: EventLog [6008] - The previous system shutdown at 1:53:43 AM on 12/3/2013 was unexpected.
12/3/2013 1:52:32 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
12/1/2013 8:26:34 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
12/1/2013 3:14:26 PM, Error: EventLog [6008] - The previous system shutdown at 6:59:25 PM on 11/30/2013 was unexpected.
.
==== End Of File ===========================
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-12-06 21:49:57
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK2555GSX rev.FG000D 232.89GB
Running: vp0iipc8.exe; Driver: C:\Users\Mardi\AppData\Local\Temp\pgloypob.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0x8AEB1690]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0x8AEB17B0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0x8AEB1010]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenThread [0x8AEB1490]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendProcess [0x8AEB12D0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendThread [0x8AEB13B0]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0x8ABE7640]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0x8AEB11F0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0x8AEB1590]
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!KeSetEvent + 3BD 81CC2A08 8 Bytes [90, 16, EB, 8A, B0, 17, EB, ...] {NOP ; PUSH SS; JMP 0xffffff8e; MOV AL, 0x17; JMP 0xffffff92}
.text ntkrnlpa.exe!KeSetEvent + 3F1 81CC2A3C 4 Bytes [10, 10, EB, 8A] {ADC [EAX], DL; JMP 0xffffff8e}
.text ntkrnlpa.exe!KeSetEvent + 40D 81CC2A58 4 Bytes [90, 14, EB, 8A]
.text ntkrnlpa.exe!KeSetEvent + 611 81CC2C5C 8 Bytes [D0, 12, EB, 8A, B0, 13, EB, ...] {RCL BYTE [EDX], 0x1; JMP 0xffffff8e; MOV AL, 0x13; JMP 0xffffff92}
.text ntkrnlpa.exe!KeSetEvent + 621 81CC2C6C 8 Bytes [40, 76, BE, 8A, F0, 11, EB, ...]
.text ...
? C:\Users\Mardi\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[1992] ntdll.dll!LdrLoadDll 77149378 5 Bytes JMP 63B8E210 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1992] kernel32.dll!HeapSetInformation + 26 7522A8B0 7 Bytes JMP 63B92C10 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1992] kernel32.dll!LockResource + C 75246ACB 7 Bytes JMP 643522AA C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1992] kernel32.dll!VirtualAllocEx + 54 7524AF50 7 Bytes JMP 643522CD C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1992] USER32.dll!GetWindowInfo 752F428E 5 Bytes JMP 6426F425 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1992] GDI32.dll!SetStretchBltMode + 256 74DF745C 7 Bytes JMP 6435222B C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2200] USER32.dll!EnableWindow 752ECD8B 5 Bytes JMP 6D4F9ECC C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2200] USER32.dll!DialogBoxParamW 753110B0 5 Bytes JMP 6D45189B C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2200] USER32.dll!DialogBoxIndirectParamW 75312EF5 5 Bytes JMP 6D649266 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2200] USER32.dll!DialogBoxParamA 75328152 5 Bytes JMP 6D649201 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2200] USER32.dll!DialogBoxIndirectParamA 7532847D 5 Bytes JMP 6D6492CB C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2200] USER32.dll!MessageBoxIndirectA 7533D4D9 5 Bytes JMP 6D649188 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2200] USER32.dll!MessageBoxIndirectW 7533D5D3 5 Bytes JMP 6D64910F C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2200] USER32.dll!MessageBoxExA 7533D639 5 Bytes JMP 6D6490AB C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2200] USER32.dll!MessageBoxExW 7533D65D 5 Bytes JMP 6D649047 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] kernel32.dll!CreateThread 7524CB0E 5 Bytes JMP 6D4B75DB C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] USER32.dll!CreateDialogParamW 752E72A2 5 Bytes JMP 6D6495D0 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] USER32.dll!GetAsyncKeyState 752E863C 5 Bytes JMP 6D49DECD C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] USER32.dll!SetWindowsHookExW 752E87AD 5 Bytes JMP 6D4F25C4 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] USER32.dll!CallNextHookEx 752E8E3B 5 Bytes JMP 6D517FFF C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] USER32.dll!UnhookWindowsHookEx 752E98DB 5 Bytes JMP 6D53ED20 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] USER32.dll!EnableWindow 752ECD8B 5 Bytes JMP 6D4F9ECC C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] USER32.dll!DefWindowProcA 752EDB88 7 Bytes JMP 6D4B9805 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] USER32.dll!CreateWindowExA 752EDC2A 5 Bytes JMP 6D4C363B C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] USER32.dll!CreateWindowExW 752F1305 5 Bytes JMP 6D5203EF C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] USER32.dll!GetKeyState 752F8CB1 5 Bytes JMP 6D49DDA7 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] USER32.dll!DefWindowProcW 753003B4 7 Bytes JMP 6D518062 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] USER32.dll!IsDialogMessageW 75300745 5 Bytes JMP 6D649D2A C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] USER32.dll!CreateDialogParamA 753017AA 5 Bytes JMP 6D649598 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] USER32.dll!IsDialogMessage 75301847 5 Bytes JMP 6D649D02 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] USER32.dll!CreateDialogIndirectParamA 753026F1 5 Bytes JMP 6D649608 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] USER32.dll!CreateDialogIndirectParamW 75309A62 5 Bytes JMP 6D649640 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] USER32.dll!SetKeyboardState 75310987 5 Bytes JMP 6D64A5F1 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] USER32.dll!DialogBoxParamW 753110B0 5 Bytes JMP 6D45189B C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] USER32.dll!DialogBoxIndirectParamW 75312EF5 5 Bytes JMP 6D649266 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] USER32.dll!SendInput 75312F75 5 Bytes JMP 6D64A599 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] USER32.dll!EndDialog 7531326E 5 Bytes JMP 6D649FD6 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] USER32.dll!SetCursorPos 75326FB2 5 Bytes JMP 6D64A672 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] USER32.dll!DialogBoxParamA 75328152 5 Bytes JMP 6D649201 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] USER32.dll!DialogBoxIndirectParamA 7532847D 5 Bytes JMP 6D6492CB C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] USER32.dll!MessageBoxIndirectA 7533D4D9 5 Bytes JMP 6D649188 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] USER32.dll!MessageBoxIndirectW 7533D5D3 5 Bytes JMP 6D64910F C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] USER32.dll!MessageBoxExA 7533D639 5 Bytes JMP 6D6490AB C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] USER32.dll!MessageBoxExW 7533D65D 5 Bytes JMP 6D649047 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] USER32.dll!keybd_event 7533D972 5 Bytes JMP 6D64A556 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] SHELL32.dll!SHRestricted + D95 758889A8 4 Bytes [CF, 01, 4D, 6A] {IRET ; ADD [EBP+0x6a], ECX}
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] SHELL32.dll!SHRestricted + D9D 758889B0 8 Bytes [E0, 61, 4C, 6A, 79, F7, 4C, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] ole32.dll!OleLoadFromStream 750D1E80 5 Bytes JMP 6D649A34 C:\Windows\system32\IEFRAME.dll
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
(I got just so far on this scan before I got an error message reading "There is no disk in the drive. Please insert a disk into drive \Device\Harddisk1\DR1. I cant get past the error message.)