MajorGeeks Support Forums

Go Back   MajorGeeks Support Forums > ----------= PC, Desktop and Laptop Support =---------- > Malware Removal
Register FAQ Members List Calendar Casino Mark Forums Read

Malware Removal Malware removal forum. Please see the READ ME FIRST thread before you post. Forum is staffed by a small number of volunteers, please be patient.


Reply
 
Thread Tools Display Modes
  #1  
Old 08-12-13, 17:18
thekops thekops is offline
Private First Class
 
Join Date: Oct 2004
Location: Michigan
Posts: 39
Thanks: 13
Thanked 0 Times in 0 Posts
Default Max Performa and other jumk

I am helping a friend clean her computer after she started seeing "Max Performa Optimizer" messages and warnings. I successfully followed the README steps with the following results:
1. I had a hard time downloading, so I downloaded everything on another computer and copied to hers using a CD-Rom.
2. All of her data IS backed up.
3. After logging on, she no longer sees the "Max Performa" messages, but I still see it under Add/Remove Programs; along with a lot of other junk toolbars, programs, and old JAVA. Her SYSTRAY still has some strange items like "PC Fix Speed System Optimizer".
4. Both of her browsers (Internet Explorer 10 and Google Chrome 27) have some strange search re-directs and sidebars.

She has a Dell Inspiron N5110 laptop with Winows 7 Home Premium, SP1, 64bit.

Could you look at my attached logs and make some suggestions?

Thanks for all the wonderful help you provide in this forum.
Attached Files
File Type: txt RKreport[0]_S_08122013_163404.txt (3.4 KB, 3 views)
File Type: txt TDSSKiller.2.8.16.0_12.08.2013_17.04.43_log.txt (144.4 KB, 1 views)
File Type: log HitmanPro_20130812_1715.log (102.6 KB, 1 views)
File Type: zip MGlogs.zip (297.0 KB, 1 views)
Reply With Quote
Sponsored links
  #2  
Old 08-12-13, 17:23
thekops thekops is offline
Private First Class
 
Join Date: Oct 2004
Location: Michigan
Posts: 39
Thanks: 13
Thanked 0 Times in 0 Posts
Default Re: Max Performa and other jumk

I could not attach the Malwarebytes file because it is 415KB and exceeds your 375 limit. When it ran, it did find 1,408 entries to be taken care of.
Reply With Quote
  #3  
Old 08-13-13, 01:50
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,160
Thanks: 61
Thanked 7,580 Times in 4,078 Posts
Default Re: Max Performa and other jumk

Quote:
Originally Posted by thekops View Post
I could not attach the Malwarebytes file because it is 415KB and exceeds your 375 limit.
Please compress it into a ZIP file and attach the ZIP. The reason the log is so large is that your friend is a malware/junkware collector. As you will see from the size of the below fix even after the full cleaning procedure was fun.

Please delete the below folder and do not put any of the files we ask you to download in folders like this. They can be detected as malware when you do this and do not follow our instructions for where to save them. Also they will not be automatically cleaned up by our final cleanup instructions:

C:\CleaningToolsMCfromJMK\

I will be deleting the below shortcut to IE because it is infected. You should just recreate a shortcut to Internet Explorer here later when we finish.
C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Note, short cuts to any other browsers used may also be infected.

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com/?publisher=Qu...ate=04/06/2013
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com/?publisher=Qu...ate=04/06/2013
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?ctid=CT32...5-65643F4C42CA
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.com/?publisher=Qu...ate=04/06/2013
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.com/?publisher=Qu...ate=04/06/2013
O2 - BHO: InternetHelper3.1 - {07cbf788-1359-421b-a4e3-5a8d041b90a3} - C:\Program Files (x86)\InternetHelper3.1\prxtbInt0.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.7.2.0\bh\BabylonToolbar.dll
O2 - BHO: MixiDJ V34 - {55b95864-3251-45e9-bb30-1a82589aaff1} - C:\Program Files (x86)\MixiDJ_V34\prxtbMixi.dll
O2 - BHO: SafeSearch - {e27d5867-80de-4449-9c03-71707c0db05b} - C:\Program Files\SafeSearch\ie\adxloader.dll
O2 - BHO: FCTBPos00Pos - {E5C2A1FE-86DB-87B4-11F0-1AA2579E81DD} - C:\Program Files (x86)\Bucksbee Loyalty Plugin - 100815\BucksBee Loyalty Plugin.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.7.2.0\BabylonToolbarTlbr.dll
O3 - Toolbar: SafeSearch Toolbar - {fc0c0170-4eb0-430d-a7f3-939ee7ea1a25} - C:\Program Files\SafeSearch\ie\adxloader.dll
O3 - Toolbar: MixiDJ V34 Toolbar - {55b95864-3251-45e9-bb30-1a82589aaff1} - C:\Program Files (x86)\MixiDJ_V34\prxtbMixi.dll
O3 - Toolbar: InternetHelper3.1 Toolbar - {07cbf788-1359-421b-a4e3-5a8d041b90a3} - C:\Program Files (x86)\InternetHelper3.1\prxtbInt0.dll
O3 - Toolbar: QuickShare Widget - {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [SMessaging] "C:\Users\Mary\AppData\Local\Strongvault Online Backup\SMessaging.exe"
O4 - HKLM\..\Run: [PCFixSpeed] "C:\Program Files (x86)\PCFixSpeed\PCFixTray.exe" /startup
O4 - HKLM\..\Run: [24x7HELP] "C:\Program Files (x86)\24x7Help\App24x7Help.exe" /STARTUP
O4 - HKCU\..\Run: [MPOptimizer] "C:\Program Files\MaxPerforma Optimizer\MaxPerforma.exe" /scan
O4 - HKCU\..\Run: [BackupAgent] C:\Program Files (x86)\Strongvault Online Backup\BackupAgent.exe
O23 - Service: 24x7HelpService (24x7HelpSvc) - PCRx.com, LLC - C:\Program Files (x86)\24x7Help\App24x7Svc.exe

After clicking Fix, exit HJT.

Now uninstall the below programs! If you do not find any of them or they do not uninstall, just keep going and tell me later.
24x7 Help
Babylon toolbar on IE
BabylonObjectInstaller
Bucksbee Loyalty Plugin - 100815
DefaultTab
Internet Explorer Toolbar 4.8 by SweetPacks
InternetHelper3.1 Toolbar
Java(TM) 6 Update 39
Strongvault Online Backup
SweetPacks Updater Service

Please download OTM by Old Timer and save it to your Desktop.
  • Run OTM.exe by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).
  • Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
    (or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
    the code box
Code:
:Processes
explorer.exe

:Services
IBUpdaterService
24x7HelpSvc
 
:Files
C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
C:\Users\Mary\AppData\Roaming\SearchProtect
C:\Users\Mary\AppData\Local\Strongvault Online Backup
C:\Windows\System32\dmwu.exe
C:\Program Files (x86)\BabylonToolbar
C:\Program Files (x86)\Conduit
C:\Program Files (x86)\Yontoo
C:\ProgramData\Babylon
C:\Users\Mary\AppData\Local\Conduit
C:\Users\Mary\AppData\Local\Wajam
C:\Users\Mary\AppData\LocalLow\Conduit
C:\Users\Mary\AppData\Roaming\BabylonToolbar
C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
C:\Program Files (x86)\24x7Help
C:\Program Files (x86)\InternetHelper3.1
C:\Program Files (x86)\LyricsSpeaker
C:\Program Files (x86)\MixiDJ_V34
C:\Program Files (x86)\OApps
C:\Program Files (x86)\PCFixSpeed
C:\Program Files (x86)\SearchProtect
C:\Program Files (x86)\Strongvault Online Backup
C:\Program Files (x86)\SweetIM
C:\ProgramData\Iminent
C:\ProgramData\PCFixSpeed
C:\ProgramData\Strongvault Online Backup
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\24x7 Help
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Fix Speed
C:\windows\tasks\SystemToolsDailyTest.job
C:\Users\Mary\AppData\Local\Temp\*.*
:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\YontooIEClient.Layers.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\YontooIEClient.Layers]
[-HKEY_USERS\S-1-5-21-375019172-2249419551-3463452589-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\escort.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\escortApp.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\escortEng.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\escorTlbr.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\esrv.EXE]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\priam_bho.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\YontooIEClient.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\b]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Babylon.dskBnd.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Babylon.dskBnd]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylnApp.appCore.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylnApp.appCore]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\escort.escortIEPane.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\escort.escortIEPane]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.BabylonESrvc.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.BabylonESrvc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Prod.cap]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\wajam.WajamDownloader.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\wajam.WajamDownloader]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\escort.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\escortApp.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\escortEng.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\escorTlbr.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\esrv.EXE]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\priam_bho.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\YontooIEClient.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{291BCCC1-6890-484a-89D3-318C928DAC1B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{97F2FF5B-260C-4ccf-834A-2DDA4E29E39E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FE9271F2-6EFD-44b0-A826-84C829536E93}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Api.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Api]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Layers.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Layers]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B2468513CA2D6943A1A233CD3F88CE7]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Components\{8D8654CD-7FBC-4C7E-84E9-371BFA8DB04E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Components\{9307081B-7444-494C-8CF6-2FA7C0E92BFB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Components\{9D9785E5-3424-40B6-A287-BA143AD53109}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Components\{B6783DFA-B8C8-4CB6-AB9F-EF1A1F7F7AE8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Products\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Babylon]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BabylonToolbar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Wajam]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\WajamUpdater]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\eventlog\Application\WajamUpdater]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\WajamUpdater]
[-HKEY_USERS\S-1-5-21-375019172-2249419551-3463452589-1001\Software\AppDataLow\Software\SmartBar]
[-HKEY_USERS\S-1-5-21-375019172-2249419551-3463452589-1001\Software\BabylonToolbar]
[-HKEY_USERS\S-1-5-21-375019172-2249419551-3463452589-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_USERS\S-1-5-21-375019172-2249419551-3463452589-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_USERS\S-1-5-21-375019172-2249419551-3463452589-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}]
[-HKEY_USERS\S-1-5-21-375019172-2249419551-3463452589-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
[-HKEY_USERS\S-1-5-21-375019172-2249419551-3463452589-1001\Software\Smartbar]
[-HKEY_USERS\S-1-5-21-375019172-2249419551-3463452589-1001\Software\Wajam]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MPOptimizer"=-
"BackupAgent"=-
"GoogleChromeAutoLaunch_F1202FEEC9EAEB77B053C1DC4089370E"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run]
"SMessaging"=-
"PCFixSpeed"=-
"24x7HELP"=-
[HKEY_LOCAL_MACHINE\software\Wow6432Node\microsoft\windows\currentVersion\Run]
"SMessaging"=-
"PCFixSpeed"=-
"24x7HELP"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Bomgar_Cleanup_ZD260988878"=-
[HKEY_USERS\S-1-5-21-375019172-2249419551-3463452589-1001\Software\Microsoft\Windows\CurrentVersion\run]
"MPOptimizer"=-
"BackupAgent"=-
"GoogleChromeAutoLaunch_F1202FEEC9EAEB77B053C1DC4089370E"=-
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{4B51C980-C6B0-11E1-9136-AED16088709B}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{78F78CA9-80F7-44C8-A0AB-E5C77E83F9BF}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{FB7312FA-302B-48D5-A280-C924FDBF46B6}]
:Commands
[purity]
[EmptyTemp]
[start explorer]
[Reboot]
  • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar
    ) and choose Paste.
  • Now click the large button.
  • If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
  • Close OTM.
Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be
saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach
this log file to your next message.

Now please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Note: That JRT may reset your home page to a google default so you will need to restore your home page setting if this happens.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Attach JRT.txt to your next message.
Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).

Then attach the below logs:
  • the C:\_OTM\MovedFiles log
  • the JRT.TXTlog
  • C:\MGlogs.zip
Make sure you tell me how things are working now!
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
  #4  
Old 08-13-13, 21:31
thekops thekops is offline
Private First Class
 
Join Date: Oct 2004
Location: Michigan
Posts: 39
Thanks: 13
Thanked 0 Times in 0 Posts
Default Re: Max Performa and other jumk

Thanks for the quick and detailed response! Attached is my last file, compressed. I figured the size was due to the 1408 items found.

Sorry about my folder naming. After the first download was not working, I downloaded ALL tools on my computer and copied them to her computer. Those that were suppose to run from the desktop were copied and run from the desktop. Probably should have at least tried downloading each tool on her computer? Probably should have corrected my folder name? I will watch those details closer.

I will not be able to get to your listed steps immediately, but will post requested logs and let you know how things are going after completing them. Thanks again.
Attached Files
File Type: zip mbam-log.zip (20.8 KB, 2 views)
Reply With Quote
  #5  
Old 08-13-13, 22:08
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,160
Thanks: 61
Thanked 7,580 Times in 4,078 Posts
Default Re: Max Performa and other jumk

You're welcome.
Quote:
Originally Posted by thekops View Post
I will not be able to get to your listed steps immediately, but will post requested logs and let you know how things are going after completing them.
Okay, just try to avoid waiting too long to avoid having more junk getting downloaded and installed.
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
Sponsored links
  #6  
Old 08-23-13, 11:40
thekops thekops is offline
Private First Class
 
Join Date: Oct 2004
Location: Michigan
Posts: 39
Thanks: 13
Thanked 0 Times in 0 Posts
Default Re: Max Performa and other jumk

I finally got back to this. Sorry I had to wait so long because of my real job. I kept her laptop, but left it shutdown until I got back to it today. Here are my notes after doing your fixing steps:

In running analyse.exe the R0-HKCU\Sotware\Microsoft\Internet Explorer\Main,Start Page had a different URL, but I still selected it.

I could not uninstall the following:

Default Tab - it kept giving the message "Please close Chrome before uninstalling". But I did not even have Google Chrome open.

Internet Explorer Toolbar 4.8 by SweetPacks - gave the message "the feature you are trying to use is on a network resource that is unavailable. Click OK to try again or enter the path to the folder containing the installation package "SweetIESetup.msi". It was looking in C:\Users\Mary\App Data\Local\Temp\{... folder but could not find it (of course).

InternetHelper3.1 Toolbar - did nothing and would not uninstall.

I was able to successfully complete the rest of the fixing steps. Afterwards, saw that there some windows updates ready to install before shutting down, so I did them.

First time starting up, I got the following:

Google Chrome error box: "Your profile could not be opened correctly".

Zoom Downloader error box: "..has encountered a problem.." .

MaxPerforma Optimizer continues to start up showing its "warnings" and wanting me to purchase it.

For Internet Explorer, the task bar icon was still there after the fixing steps. I un-pinned it; could not find a new one under the START button, but was able to recreate the IE shortcut with target: "%programfiles%\internet explorer\iexplore.exe". All seems to be fine with IE 10.

For Google Chrome, it still started up with 'safesearch' as the home page. I can change it, and it will stay my new home page until after a reboot; then it reverts back to the 'safesearch' home page everytime.

After several shutdowns and reboots to test things out, I still get Zoom Downloader error, MaxPerforma starting up, and Google Chrome home page reset. Many of the other annoyances have gone away.

Attached are the 3 logs you requested.
Attached Files
File Type: log 08232013_101825.log (74.5 KB, 2 views)
File Type: txt JRT.txt (19.6 KB, 2 views)
File Type: zip MGlogs.zip (272.4 KB, 2 views)
Reply With Quote
  #7  
Old 08-23-13, 16:04
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,160
Thanks: 61
Thanked 7,580 Times in 4,078 Posts
Default Re: Max Performa and other jumk

OTM and JRT are not properly removing the items we are trying to remove. Let's try another tool but before we do that I want to make sure we are not have permissions issue so let's do the below.


Be patient while doing the below. The fixes can sometimes take quite awhile to run. Especially the permissions repairs. It may be best to kick it off and goto bed or do something else. It is better not to run anything while the repairs are going on.

Download Windows Repair by Tweaking.com and unzip the contents into a newly created folder on your desktop.
  • Now run Repair_Windows.exe by double clicking on it ( if you are running Vista or Win 7, use right click and select Run As Administrator)
  • Now select the Start Repairs tab.
  • The click the Start button.
  • Create a System Restore point if prompted.
  • On the next screen, click the Unselect All button to first deselect all repairs.
  • Now select the following repair options:
    • Reset Registry Permissions
    • Reset File Permissions
    • Register System Files
    • Repair WMI
    • Remove Policies Set By Infections
    • Repair Winsock & DNS Cache
    • Repair Proxy Settings
    • Repair Windows Updates
    • Set Windows Services To Default Startup
  • Now on the lower right side check the box to Restart/Shutdown System When Finished
  • Then make sure the Restart System radio button is enabled.
  • Shutdown any other programs that you are running now before continuing.
  • Now click the Start button.
  • Be patient while the tool repairs the selected items.
  • It should reboot automatically when finished.


Now please download OTL by OldTimer.
  • Save it to your desktop.
  • Double-click on the OTL icon on your desktopto run it. (Note: if using Vista, Win7 or Win8 use right-click and select Run as Administrator)
  • Check the "Scan All Users" checkbox.
  • Check the "Standard Output".
  • Change the setting of "Drivers" and "Services" to "All"
  • Copy the text in the code box below and paste it into the text-field.
    Code:
    activex
    netsvcs
    drives
  • Now click the button.
  • One report will be created:
    • OTL.txt <-- Will be opened
  • Attach OTL.txt to your next message. (How to attach)
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
  #8  
Old 08-26-13, 16:41
thekops thekops is offline
Private First Class
 
Join Date: Oct 2004
Location: Michigan
Posts: 39
Thanks: 13
Thanked 0 Times in 0 Posts
Default Re: Max Performa and other jumk

Here are my notes from running the two fixes:

Windows Repair - none of the "Make New Folder" or "New Folder" buttons were working. So I created one by using the CMD DOS box and MKDIR command to create a new folder on the desktop for extracting into (JMKREP) successfully. When running, it kept prompting me to RUN several times, so I un-checked the "..ask me" box and it continued on thru the 9 repair jobs (I had disabled UAC during the initial README steps, so not sure why I got the prompts). It took only 20 minutes.

OTL by OldTimer - In trying to use Internet Explorer it gave "..not commonly downloaded" message and then "..not a WIN32 application". But I successfully downloaded using Google Chrome and ran it as directed. Attached is the OTL.txt file.

As a followup: I shutdown for the night, but then decided to offer some progress feedback to you: ZoomDownloaded still gives "..encountered a problem", but there is no MaxPerforma showing! The "New Folder" button still does not work.
Attached Files
File Type: txt OTL.Txt (267.3 KB, 2 views)

Last edited by thekops; 08-26-13 at 16:50..
Reply With Quote
  #9  
Old 08-26-13, 23:22
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,160
Thanks: 61
Thanked 7,580 Times in 4,078 Posts
Default Re: Max Performa and other jumk

Quote:
Originally Posted by thekops View Post
When running, it kept prompting me to RUN several times, so I un-checked the "..ask me" box and it continued on thru the 9 repair jobs (I had disabled UAC during the initial README steps, so not sure why I got the prompts).
This will happen if you do not use Run As Administrator as stated in the instructions for running it. This is not the same thing as being logged into a user account with admin priviledges. You must use Run As Administrator to run the programs/fixes I have been giving you.

Quote:
Originally Posted by thekops View Post
The "New Folder" button still does not work.
Not an issue for this forum unless somehow one of our fixes happens to cure it. This is a Windows configuration issue which you will have to work in the Software Forum. Sounds like you may have a bunch of Windows related problems.

We now need to make sure that your protection software is not getting in our way because fixes have not been working. You need to uninstall all of the below right now and keep them uninstalled until we finish.

Avast
Malwarebytes

Also since you keep talking about Zoom Download you should just uninstall it. I thought you installed it. So uninstall Zoom Downloader now. Also uninstall any of the below if they still show as installed.

LyricsSpeaker
MaxPerforma Optimizer
PC Fix Speed 1.2.0.24
SafeSearch



Now shut down your protection software (antivirus, antispyware...etc) to avoid possible conflicts.
  • Double-click OTL.exe to run. (Note: if using Vista, Win7 or Win8 use right-click and select Run as Administrator)
  • Copy the text in the code box below and paste it into the text-field.
Code:
:OTL
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.safesearch.net/search?q={...A65896A59C4C72
IE:64bit: - HKLM\..\SearchScopes\{FC0C0170-4EB0-430D-A7F3-939EE7EA1A25}: "URL" = http://www.safesearch.net/search?q={...A65896A59C4C72
FF - HKCU\Software\MozillaPlugins\avsoftware.org/safesearch: C:\Program Files\SafeSearch\npsafesearch.dll (AVSoftware, Ltd)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\lspeaker@lyricsspeaker.net: C:\Program Files (x86)\LyricsSpeaker\120.xpi
CHR - default_search_provider: SafeSearch (Enabled)
CHR - default_search_provider: search_url = http://www.safesearch.net/search?q={...A65896A59C4C72
CHR - plugin: Babylon ToolBar (Enabled) = C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.8_0\BabylonChromeToolBar.dll
CHR - plugin: SafeSearch (Enabled) = C:\Program Files\SafeSearch\npsafesearch.dll
CHR - Extension: SafeSearch = C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpooidjoepcceohjkoffjgioneogihij\1.11_0\
O2:64bit: - BHO: (Updater By SweetPacks) - {7D4F1959-3F72-49d5-8E59-F02F8AA6815D} - C:\Program Files\Updater By SweetPacks\Extension64.dll File not found
O2:64bit: - BHO: (SafeSearch) - {e27d5867-80de-4449-9c03-71707c0db05b} - C:\Program Files\SafeSearch\ie\adxloader64.dll ()
O3:64bit: - HKLM\..\Toolbar: (SafeSearch Toolbar) - {fc0c0170-4eb0-430d-a7f3-939ee7ea1a25} - C:\Program Files\SafeSearch\ie\adxloader64.dll ()
O3 - HKU\S-1-5-21-375019172-2249419551-3463452589-1001\..\Toolbar\WebBrowser: (no name) - {07CBF788-1359-421B-A4E3-5A8D041B90A3} - No CLSID value found.
O4 - HKU\S-1-5-21-375019172-2249419551-3463452589-1001..\Run: [DownloadManager] C:\Program Files (x86)\Zoom Downloader\DownloadManager.exe (Zoom Downloader)
O4 - HKU\S-1-5-21-375019172-2249419551-3463452589-1001..\Run: [MPOptimizer] C:\Program Files\MaxPerforma Optimizer\MaxPerforma.exe (AVSoftware)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:D346F792
 
:Files
C:\Program Files (x86)\Zoom Downloader
C:\Program Files\MaxPerforma Optimizer
C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
C:\Users\Mary\AppData\Roaming\SearchProtect
C:\Users\Mary\AppData\Local\Strongvault Online Backup
C:\Windows\System32\dmwu.exe
C:\Program Files (x86)\BabylonToolbar
C:\Program Files (x86)\Conduit
C:\Program Files (x86)\Yontoo
C:\ProgramData\Babylon
C:\Users\Mary\AppData\Local\Conduit
C:\Users\Mary\AppData\Local\Wajam
C:\Users\Mary\AppData\LocalLow\Conduit
C:\Users\Mary\AppData\Roaming\BabylonToolbar
C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
C:\Program Files (x86)\24x7Help
C:\Program Files (x86)\InternetHelper3.1
C:\Program Files (x86)\LyricsSpeaker
C:\Program Files (x86)\MixiDJ_V34
C:\Program Files (x86)\OApps
C:\Program Files (x86)\PCFixSpeed
C:\Program Files (x86)\SearchProtect
C:\Program Files (x86)\Strongvault Online Backup
C:\Program Files (x86)\SweetIM
C:\ProgramData\Iminent
C:\ProgramData\PCFixSpeed
C:\ProgramData\Strongvault Online Backup
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\24x7 Help
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Fix Speed
C:\windows\tasks\SystemToolsDailyTest.job
C:\Users\Mary\AppData\Local\Temp\*.*
 
:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\YontooIEClient.Layers.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\YontooIEClient.Layers]
[-HKEY_USERS\S-1-5-21-375019172-2249419551-3463452589-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\escort.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\escortApp.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\escortEng.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\escorTlbr.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\esrv.EXE]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\priam_bho.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\YontooIEClient.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\b]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Babylon.dskBnd.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Babylon.dskBnd]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylnApp.appCore.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylnApp.appCore]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\escort.escortIEPane.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\escort.escortIEPane]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.BabylonESrvc.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.BabylonESrvc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Prod.cap]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\wajam.WajamDownloader.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\wajam.WajamDownloader]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\escort.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\escortApp.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\escortEng.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\escorTlbr.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\esrv.EXE]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\priam_bho.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\YontooIEClient.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{291BCCC1-6890-484a-89D3-318C928DAC1B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{97F2FF5B-260C-4ccf-834A-2DDA4E29E39E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FE9271F2-6EFD-44b0-A826-84C829536E93}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Api.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Api]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Layers.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Layers]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B2468513CA2D6943A1A233CD3F88CE7]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Components\{8D8654CD-7FBC-4C7E-84E9-371BFA8DB04E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Components\{9307081B-7444-494C-8CF6-2FA7C0E92BFB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Components\{9D9785E5-3424-40B6-A287-BA143AD53109}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Components\{B6783DFA-B8C8-4CB6-AB9F-EF1A1F7F7AE8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Products\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Babylon]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BabylonToolbar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Wajam]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\WajamUpdater]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\eventlog\Application\WajamUpdater]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\WajamUpdater]
[-HKEY_USERS\S-1-5-21-375019172-2249419551-3463452589-1001\Software\AppDataLow\Software\SmartBar]
[-HKEY_USERS\S-1-5-21-375019172-2249419551-3463452589-1001\Software\BabylonToolbar]
[-HKEY_USERS\S-1-5-21-375019172-2249419551-3463452589-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_USERS\S-1-5-21-375019172-2249419551-3463452589-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_USERS\S-1-5-21-375019172-2249419551-3463452589-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}]
[-HKEY_USERS\S-1-5-21-375019172-2249419551-3463452589-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
[-HKEY_USERS\S-1-5-21-375019172-2249419551-3463452589-1001\Software\Smartbar]
[-HKEY_USERS\S-1-5-21-375019172-2249419551-3463452589-1001\Software\Wajam]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MPOptimizer"=-
"BackupAgent"=-
"GoogleChromeAutoLaunch_F1202FEEC9EAEB77B053C1DC4089370E"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run]
"DownloadManager"=-
"MPOptimizer"=-
"24x7HELP"=-
[HKEY_LOCAL_MACHINE\software\Wow6432Node\microsoft\windows\currentVersion\Run]
"SMessaging"=-
"PCFixSpeed"=-
"24x7HELP"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Bomgar_Cleanup_ZD260988878"=-
[HKEY_USERS\S-1-5-21-375019172-2249419551-3463452589-1001\Software\Microsoft\Windows\CurrentVersion\run]
"DownloadManager"=-
"MPOptimizer"=-
"GoogleChromeAutoLaunch_F1202FEEC9EAEB77B053C1DC4089370E"=-
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{4B51C980-C6B0-11E1-9136-AED16088709B}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{78F78CA9-80F7-44C8-A0AB-E5C77E83F9BF}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{FB7312FA-302B-48D5-A280-C924FDBF46B6}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{FC0C0170-4EB0-430D-A7F3-939EE7EA1A25}]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DownloadManager"=-
"MPOptimizer"=-
:Commands
[PURITY]
[EMPTYTEMP] 
[EMPTYFLASH]

[REBOOT]
  • Now click the button.
  • If the fix needed a reboot please do it.
  • Click the OK button (upon reboot).
  • When OTL is finished, Notepad will open. Close Notepad.
  • A log file will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
  • Attach this log to your next message. (See: How to attach)
Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).


Then attach the below logs:
  • the log from OTL
  • C:\MGlogs.zip
Make sure you tell me how things are working now!
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
  #10  
Old 08-27-13, 11:33
thekops thekops is offline
Private First Class
 
Join Date: Oct 2004
Location: Michigan
Posts: 39
Thanks: 13
Thanked 0 Times in 0 Posts
Default Re: Max Performa and other jumk

I am so sorry about the RunAs (must have missed that one ). I uninstalled your list of programs and ran the two tools again (correctly) as you instructed (log files are attached):

Zoom Downloader (was not something I installed nor wanted her to have), LyricsSPeaker and PC Fix Speed did not uninstall clean and gave "..an error occurred while trying to uninstall.. It may have already been uninstalled..".. But they seem to be gone now.

Both browsers are working and holding their homepages now. The New Folder button still does not work, but I can take care of that in another forum as you suggest.

When we get done, I do plan to use your sticky "How to Protect yourself from maleware" and get her better protected.

Things are looking, feeling, and running a whole lot better! As always, you guys are great! Let me know specifics you want me to finish with.
Attached Files
File Type: log 08272013_115944.log (81.4 KB, 0 views)
File Type: zip MGlogs.zip (269.7 KB, 4 views)
Reply With Quote
Sponsored links
  #11  
Old 08-27-13, 22:14
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,160
Thanks: 61
Thanked 7,580 Times in 4,078 Posts
Default Re: Max Performa and other jumk

Quote:
Originally Posted by thekops View Post
The New Folder button still does not work, but I can take care of that in another forum as you suggest.
My guess would be that you have a problem with Context Menu settings. Possibly related to the HKEY_CLASSES_ROOT\Folder registry key which needs to be repaired. And or possibly an issue with the default setting in the below key:

HKEY_CLASSES_ROOT\Directory\Background\shellex\ContextMenuHandlers\New

You should do a registry backup before hacking around with these, but again more of a Software Forum topic. You can point them towards my idea though. May save some time.

Your logs are good now.


If you are not having any other malware problems, it is time to do our final steps:
  1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
  2. Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
  3. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
  4. If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
  5. Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
  6. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
  7. If you are running Win 8, Win 7, Vista, Windows XP or Windows ME, do the below to flush restore points:
    • Refer to the instructions for your WIndows version in this link: Disable And Enable System Restore
    • What we want you to do is to first disable System Restore to flush restore points some of which could be infected.
    • Then we want you to Enable System Restore to create a new clean Restore Point.
  8. After doing the above, you should work thru the below link:
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
The Following User Says Thank You to chaslang For This Useful Post:
thekops (08-28-13)
  #12  
Old 08-28-13, 09:20
thekops thekops is offline
Private First Class
 
Join Date: Oct 2004
Location: Michigan
Posts: 39
Thanks: 13
Thanked 0 Times in 0 Posts
Default Re: Max Performa and other jumk

WOW! All is now clean and running well! I even fixed the New Folder trouble as pointed to in the sevensforum. Thanks again and look forward to working with you. You are great!
Reply With Quote
  #13  
Old 08-28-13, 15:27
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,160
Thanks: 61
Thanked 7,580 Times in 4,078 Posts
Default Re: Max Performa and other jumk

You're welcome. Surf safely.
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
The Following User Says Thank You to chaslang For This Useful Post:
thekops (08-29-13)
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 03:19.

MajorGeeks.Com Menu

MajorGeeks.Com \ All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ NEW! PC Games \ System Tools \ Macintosh \ Demonews.Com \ Top Downloads

MajorGeeks.Com \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds


Powered by vBulletin® Version 3.8.4
Copyright © 2009 vBulletin Solutions, Inc. All rights reserved.
Ad Management by RedTyger