WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

malsign.systweak.44F - keeps coming back? [Solved]

Started by Bally , Jul 30 2014 01:15 PM

This topic is locked

47 replies to this topic

#31 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 06 August 2014 - 07:12 AM

Curt, reopened the thread for you, explain to me whats going on ?

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

Advertisements

Register to Remove

#32 Bally

Authentic Member

Authentic Member
56 posts

Posted 06 August 2014 - 09:00 AM

... hi again Ken, I see you've reopened my orig. thread... thx! There are two (2) problems, as follows;

(1) that nasty little file "PUP.Optional.MySearchDial.A" keeps replicating itself after having deleted it three times with Malwarebytes Anti-Malware;

(2) my computer wants to reboot when shutting down. I have definitely selected the shutdown option (not reboot); and, therefore, am doing a hot shutdown just before it wants to begin rebooting? Strange! Will await your reply here before moving on to your other e-mails, which relates to the Dell cokputer.

Best Regards, Curt

#33 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 06 August 2014 - 09:13 AM

Lets run AdwCleaner again and see what it comes up with, as far as your computer rebooting , it may be a windows thing, lets do them one at a time

With delfix most likely AdwCleaner has been removed so lets do a clean download

-AdwCleaner-by Xplode

Click on this link to download : ADWCleaner

Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisment.

Close all open programs and internet browsers.

Double click on AdwCleaner.exe to run the tool.

Click on Scan.

After the scan is complete click on "Clean"

Confirm each time with Ok.

Your computer will be rebooted automatically. A text file will open after the restart.

Please post the content of that logfile with your next reply.

You can find the logfile at C:\AdwCleaner[S1].txt as well.

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#34 Bally

Authentic Member

Authentic Member
56 posts

Posted 06 August 2014 - 10:21 AM

Ken here is the last AdwCleaner run and picked-up from the C:\drive.

# AdwCleaner v3.302 - Report created 06/08/2014 at 18:12:37

# Updated 30/07/2014 by Xplode

# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

# Username : Richard - TN

# Running from : C:\Documents and Settings\Richard\Skrivbord\AdwCleaner.exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v

[ File : C:\Documents and Settings\IVAB\Application Data\Mozilla\Firefox\Profiles\9xjugkxy.default\prefs.js ]

[ File : C:\Documents and Settings\Richard\Application Data\Mozilla\Firefox\Profiles\t91cmnax.default\prefs.js ]

-\\ Google Chrome v36.0.1985.125

[ File : C:\Documents and Settings\Richard\Lokala inställningar\Application Data\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [22028 octets] - [03/10/2013 16:53:04]

AdwCleaner[R1].txt - [16879 octets] - [03/10/2013 23:08:05]

AdwCleaner[R2].txt - [1260 octets] - [04/10/2013 00:15:05]

AdwCleaner[R3].txt - [2998 octets] - [10/10/2013 21:12:35]

AdwCleaner[R4].txt - [6761 octets] - [01/08/2014 22:56:33]

AdwCleaner[R5].txt - [5604 octets] - [02/08/2014 08:52:15]

AdwCleaner[R6].txt - [2527 octets] - [06/08/2014 17:37:40]

AdwCleaner[R7].txt - [1778 octets] - [06/08/2014 17:53:34]

AdwCleaner[R8].txt - [1898 octets] - [06/08/2014 18:09:24]

AdwCleaner[S0].txt - [16674 octets] - [03/10/2013 23:10:33]

AdwCleaner[S1].txt - [3089 octets] - [10/10/2013 21:17:17]

AdwCleaner[S2].txt - [6597 octets] - [02/08/2014 08:58:36]

AdwCleaner[S3].txt - [2600 octets] - [06/08/2014 17:42:06]

AdwCleaner[S4].txt - [1839 octets] - [06/08/2014 17:59:05]

AdwCleaner[S5].txt - [1819 octets] - [06/08/2014 18:12:37]

########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [1879 octets] ##########

-END-

#35 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 06 August 2014 - 11:20 AM

I dont see MySearchDial listed, where do you see it , is it popping up in your browser, if so which one ?

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#36 Bally

Authentic Member

Authentic Member
56 posts

Posted 06 August 2014 - 01:56 PM

In answer to your last question... the browser is Chrome. After running the AdwCleaner again, believe I provided you with a log. I then ran Malwarebytes again and the pest file "MySearchDial" is still there, I copied this log prior to quarantining again, but if I run it again.... "Its Bacccckkkkkkkk!"

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 8/6/2014

Scan Time: 9:23:37 PM

Logfile: Malwarebytes Log.txt

Administrator: Yes

Version: 2.00.2.1012

Malware Database: v2014.08.06.07

Rootkit Database: v2014.08.04.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

OS: Windows XP Service Pack 3

CPU: x86

File System: NTFS

User: Richard

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 429939

Time Elapsed: 27 min, 41 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 0

(No malicious items detected)

Registry Values: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

Folders: 0

(No malicious items detected)

Files: 1

PUP.Optional.MySearchDial.A, C:\Documents and Settings\Richard\Lokala inställningar\Application Data\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ "http://start.mysearc...r=679293142&ir=" ],), ,[94cb11b2d1aad5613b4a13e2fb09ab55]

Physical Sectors: 0

(No malicious items detected)

(end)

#37 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 06 August 2014 - 02:05 PM

Lets run SystemLook again

Download and Run SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

64 Bit Version

Double-click SystemLook.exe to run it.

Copy the content of the following codebox into the main textfield:

:folderfind
mysearchdial
:filefind
mysearchdial
:regfind
mysearchdial

Click the Look button to start the scan.

When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#38 Bally

Authentic Member

Authentic Member
56 posts

Posted 06 August 2014 - 03:01 PM

Ken... looking at the info from this log, it appears this pesty bug is ducking out being found by programs other than Malwarebytes?

SystemLook 30.07.11 by jpshortstuff

Log created at 23:03 on 06/08/2014 by Richard

Administrator - Elevation successful

========== folderfind ==========

Searching for "mysearchdial"

No folders found.

========== filefind ==========

Searching for "mysearchdial"

No files found.

========== regfind ==========

Searching for "mysearchdial"

No data found.

-= EOF =-

#39 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 06 August 2014 - 03:02 PM

Lets run Combofix and see if it finds and removes it

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

See this Link for programs that need to be disabled and instruction on how to disable them.

Remember to re-enable them when we're done.

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#40 Bally

Authentic Member

Authentic Member
56 posts

Posted 06 August 2014 - 05:29 PM

Ken... the following is the ConboFix log. I had to run the program twice expecting the log file to be in C:\ComboFix, after closing the open file on completing, but it wasn't there! As I recall the first time the pgrm. deleted 1-file + 4-or-5 folders? I had to run it a second time to copy the log file (shown below);

ComboFix 14-08-06.02 - Richard 08/07/2014 1:11.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1053.18.1470.747 [GMT 2:00]

Running from: c:\documents and settings\Richard\Skrivbord\ComboFix.exe

AV: AVG Internet Security 2014 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: AVG Internet Security 2014 *Enabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

* Created a new restore point

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

c:\program\INSTALL.LOG

c:\windows\wininit.ini

((((((((((((((((((((((((( Files Created from 2014-07-06 to 2014-08-06 )))))))))))))))))))))))))))))))

2014-08-04 18:23 . 2008-04-14 19:34 21504 ----a-w- c:\windows\system32\hidserv.dll

2014-08-04 18:23 . 2008-04-14 19:34 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll

2014-08-04 07:12 . 2014-08-04 07:12 2812 ----a-w- c:\windows\Regfix.reg

2014-08-04 07:02 . 2014-08-04 07:02 -------- d-----w- C:\RegBackup

2014-08-04 06:54 . 2014-08-04 06:54 -------- d-----w- c:\program\Tweaking.com

2014-08-02 17:46 . 2014-08-04 07:47 -------- d-----w- C:\FRST

2014-08-02 06:53 . 2010-08-30 06:34 536576 ----a-w- c:\windows\system32\sqlite3.dll

2014-08-01 21:17 . 2014-08-01 21:17 -------- d-----w- c:\program\Malwarebytes Anti-Malware

2014-08-01 21:17 . 2014-05-12 05:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys

2014-07-25 08:08 . 2014-07-25 08:08 -------- d-----w- c:\documents and settings\Richard\Lokala inställningar\Application Data\Skype

2014-07-25 08:08 . 2014-07-25 08:08 -------- d-----w- c:\program\Delade filer\Skype

2014-07-22 12:47 . 2010-02-10 19:20 593920 ------w- c:\windows\system32\ati2sgag.exe

2014-07-22 12:44 . 2014-07-22 12:44 -------- d-----w- C:\ATI

2014-07-22 05:55 . 2014-07-22 05:56 -------- d-----w- C:\f18b8596a63f2776389f

2014-07-22 05:22 . 2014-07-22 08:58 -------- d-----w- C:\0d608be659421094a8274931cdb6

2014-07-21 21:45 . 2014-07-21 21:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple

2014-07-21 20:14 . 2014-07-21 21:01 -------- d-----w- C:\d80b9deb1c60777af7

2014-07-20 22:23 . 2014-07-20 22:23 -------- d-----w- c:\documents and settings\LocalService\Lokala inställningar\Application Data\AVG

2014-07-20 22:23 . 2014-07-20 22:23 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVG

2014-07-20 22:01 . 2014-07-20 22:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Avg_Update_0614t

2014-07-19 22:22 . 2014-07-14 10:26 36152 ----a-w- c:\windows\system32\TURegOpt.exe

2014-07-19 22:21 . 2014-07-19 22:21 -------- d-----w- c:\documents and settings\Richard\Lokala inställningar\Application Data\AVG

2014-07-19 22:21 . 2014-07-19 22:21 -------- d-----w- c:\documents and settings\Richard\Application Data\AVG

2014-07-19 22:17 . 2014-07-19 22:29 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}

2014-07-19 22:17 . 2014-07-19 22:22 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG

2014-07-19 15:54 . 2014-07-19 15:54 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\AVG2014

2014-07-19 15:53 . 2014-07-19 15:53 -------- d-----w- c:\documents and settings\Richard\Application Data\TuneUp Software

2014-07-19 15:53 . 2014-07-19 15:54 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2014

2014-07-19 15:53 . 2014-07-19 15:53 -------- d-----w- C:\$AVG

2014-07-19 15:52 . 2014-07-19 22:21 -------- d-----w- c:\program\AVG

2014-07-19 15:39 . 2014-07-19 19:28 -------- d-----w- c:\documents and settings\Richard\Lokala inställningar\Application Data\Avg2014

2014-07-19 15:39 . 2014-08-06 22:51 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2014-07-19 15:39 . 2014-07-19 15:39 -------- d-----w- c:\documents and settings\Richard\Lokala inställningar\Application Data\MFAData

2014-07-19 01:37 . 2014-07-02 03:11 8217224 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DABB108E-B171-4ACF-B9AB-04B955D4A473}\mpengine.dll

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2014-08-06 22:45 . 2014-01-23 16:25 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys

2014-07-09 11:29 . 2012-04-12 04:55 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2014-07-09 11:29 . 2012-02-01 06:19 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2014-06-30 10:43 . 2014-06-30 10:43 121624 ----a-w- c:\windows\system32\drivers\avgdiskx.sys

2014-06-17 14:22 . 2014-06-17 14:22 188696 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2014-06-17 14:21 . 2014-06-17 14:21 197400 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2014-06-17 14:18 . 2014-06-17 14:18 241944 ----a-w- c:\windows\system32\drivers\avglogx.sys

2014-06-17 14:17 . 2014-06-17 14:17 147736 ----a-w- c:\windows\system32\drivers\avgidshx.sys

2014-06-17 14:17 . 2014-06-17 14:17 190232 ----a-w- c:\windows\system32\drivers\avgidsdriverlx.sys

2014-06-17 14:06 . 2014-06-17 14:06 98584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2014-06-17 14:06 . 2014-06-17 14:06 27416 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2014-06-17 14:06 . 2014-06-17 14:06 21272 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys

2014-05-12 05:26 . 2014-01-23 16:23 53208 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2014-01-02 22:45 . 2014-01-02 22:44 4216840 ----a-w- c:\program\Delade filer\vcredist.exe

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program\Yahoo!\Companion\Installs\cpn0\yt.dll" [2013-08-07 1561880]

[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]

[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]

[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]

[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]