Hi Suemarie,
Please be sure that you are running all these tools directly from the desktop. If the tool are not located on the desktop the fixes I provide may not work as designed.
Please run this Rootkit Scanner.
Malwarebytes Anti-Rootkit
- Download Malwarebytes Anti-Rootkit
- Once the file has been downloaded, right click on the downloaded file and select the Extract all menu option.
- Follow the instructions to extract the ZIP file to a folder called mbar-versionnumber on your desktop.
- Once the ZIP file has been extracted, open the folder and when that folder opens, double-click on the mbar folder.
- Double-click on the mbar.exe file to launch Malwarebytes Anti-Rootkit.
- After you double-click on the mbar.exe file, you may receive a User Account Control (UAC) message if you are sure you wish to allow the program to run. Please allow to start Malwarebytes Anti-Rootkit correctly.
- Malwarebytes Anti-Rootkit will now install necessary drivers that are required for the program to operate correctly.
- If you receive a DDA driver message like could not load DDA driver, click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer and will start automatically.
- Please click by the introduction screen on the Next button to continue.
- Next you will see the Update Database screen.
- Click on the Update button so Malwarebytes Anti-Rootkit can download the latest definition updates.
- When the update has finished, click on the Next button.
- Next you can select some basic scanning options. Make sure the Drivers, Sectors, and System scan targets are selected before you click on the Scan button.
- Malwarebytes Anti-Rootkit will now start scanning your computer for rootkits. This scan can take some time, so please be patient.
- When the scan with Malwarebytes Anti-Rootkit is finished, the program will display a screen with the results from the scan.
- Make sure everything is selected and that the option to create a restore point is checked.
- Next click on the Cleanup button. Malwarebytes Anti-Rootkit will then prompt you to reboot your computer.
- Click on Yes button to restart your computer.
- There will now be two log files created in the mbar folder called system-log.txt and one that starts with mbar-log.
- The mbar-log file will always start with mbar-log, but the rest will be named using a timestamp indicating the time it was run.
- For example, mbar-log-2012-11-12 (19-13-32).txt corresponds to mbar-log-year-month-day (hour-minute-second).txt.
- The system-log.txt contains information about each time you have run MBAR and contains diagnostic information from the program.
=========================
Disable FireFox plug-in
- At the top of the Firefox window, click on the Firefox button (Tools menu in Windows XP), and then click Add-ons. The Add-ons Manager tab will open.
- In the Add-ons Manager tab, select the Extensions or Appearance panel.
- Select the add-on you wish to disable.
- My Search Dial
- Sweet Tunes
- Click the Disable button.
- Click Restart now if it pops up. Your tabs will be saved and restored after the restart.
=========================
Disable Plug-ins in Google Chrome
- Click the Chrome menu on the browser toolbar.
- Select Settings.
- Scroll down to Show advanced settings...
- Locate the Privacy Section, select Content Settings
- In the pop up window scoll to Plug-Ins, select Disable individual plug-ins...
- Locate the following plug-ins and set them to Disable:
- Exit Chrome settings menu.
=========================
Uninstall via Programs and Features
Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:
=========================
FRST Fix Script
Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt
Code:
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a...1648369585&ir=
SearchScopes: HKLM-x32 - {6d6503c4-6ba9-419a-9657-607ae153f4c4} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3309767&CUI=UN11379035163226023&UM=2
SearchScopes: HKCU - DefaultScope {00683C20-0225-4AF9-B5B0-E79759803B69} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=suma_14_14_ie&cd=2XzuyEtN2Y1L1QzutDtD0F0F0AzytAyBtDzyyBzztBzzyB0EtN0D0Tzu0SzztByBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StDyE0EyD0D0CyD0EtG0FtBtB0BtGtD0C0CtCtGyBzz0A0AtGyD0CzzzyyCtDtA0CtC0CyC0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtDzzzytB0F0FyBtG0F0EyDtBtGzy0BzztDtGzztA0F0BtGyB0F0C0D0Czz0CyDtBtCyByD2Q&cr=1648369585&ir=
SearchScopes: HKCU - {00683C20-0225-4AF9-B5B0-E79759803B69} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=suma_14_14_ie&cd=2XzuyEtN2Y1L1QzutDtD0F0F0AzytAyBtDzyyBzztBzzyB0EtN0D0Tzu0SzztByBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StDyE0EyD0D0CyD0EtG0FtBtB0BtGtD0C0CtCtGyBzz0A0AtGyD0CzzzyyCtDtA0CtC0CyC0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtDzzzytB0F0FyBtG0F0EyDtBtGzy0BzztDtGzztA0F0BtGyB0F0C0D0Czz0CyDtBtCyByD2Q&cr=1648369585&ir=
SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311875&CUI=UN23127794002916819&UM=2
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF SearchPlugin: C:\Users\SueB\AppData\Roaming\Mozilla\Firefox\Profiles\7s6elucx.default\searchplugins\Mysearchdial.xml
FF SearchPlugin: C:\Users\SueB\AppData\Roaming\Mozilla\Firefox\Profiles\7s6elucx.default\searchplugins\sweettunes-customized-web-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\sweettunes_search.xml
CHR StartupUrls: "https://www.google.com/", "hxxp://start.mysearchdial.com/?f=1&a=suma_14_14_ie&cd=2XzuyEtN2Y1L1QzutDtD0F0F0AzytAyBtDzyyBzztBzzyB0EtN0D0Tzu0SzztByBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StDyE0EyD0D0CyD0EtG0FtBtB0BtGtD0C0CtCtGyBzz0A0AtGyD0CzzzyyCtDtA0CtC0CyC0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtDzzzytB0F0FyBtG0F0EyDtBtGzy0BzztDtGzztA0F0BtGyB0F0C0D0Czz0CyDtBtCyByD2Q&cr=1648369585&ir=", "www.google.com"
CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\SueB\AppData\Local\mysearchdial-speeddial.crx [2014-01-24]
Update for Zip Opener (HKCU\...\Digital Sites) (Version: - Update for Zip Opener) <==== ATTENTION
Task: {F7A66014-EB44-41D2-9995-A969CE690FFC} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\SueB\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <==== ATTENTION
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.
=========================
In your next post please provide the following:
- system-log.txt
- mbar-log
- Fixlog.txt