Guidance please

Discussion in 'Malware Help (A Specialist Will Reply)' started by MackenZ, Oct 20, 2013.

  1. MackenZ

    MackenZ Private E-2

    Hello... I started with the read & read me first.

    I went and did all the steps for fixing hijacking.

    Now I'm at how to view hidden system files and folders.

    My problem is I can't find instructions for Windows 8 and I don't know what to do from here. Can someone help?

    Thank you!
     
    MackenZ, Oct 20, 2013
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Don't worry about them for now. Just keep going. When you run MGtools, it will attempt to configure the settings itself.

    Note when you return with your logs, you should describe exactly what problems you are having and if it is browser/search page hijacking, make sure you tell us which browsers it occurs with. Make sure you test all that are installed including Internet Explorer. Do not just say I don't use Internet Explorer. Your operating system uses it even if you do not think you are.
     
    chaslang, Oct 20, 2013
    #2
  3. MackenZ

    MackenZ Private E-2

    Hi Chaslang, thanks so much.

    I have not used this computer much, this is one the kids use for homeschooling and for playing games and social networking. I've been down with some serious health problems the last couple of months so my husband (who usually does the scans and virus checks every couple of weeks) has not gotten to it because things have crazy at home. I don't know when these problems started as the kids neglected to tell us about it and ignored it.

    The problem is I'm being invaded by ads: pop ups, redirecting, text links everywhere, etc. It's also going very very slow.

    I checked and it is happening on all browsers: Firefox, Google Chrome & also IE (I just checked to be sure).

    I went through the guide step by step and am going to attempt to attach my logs now.

    I could not find a TDSS log but it also didn't detect anything when I ran it, so maybe it doesn't leave one?

    Thanks!
     

    Attached Files:

    MackenZ, Oct 20, 2013
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. The TDSSkiller log is right where the procedure said it would be ( in your root folder ) but don't worry about it. MGtools found it and stuck in the MGlogs.zip file. You forgot to attach the log from Malwarebytes which can be found in the below location.

    C:\Users\griffin\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2013-10-20 (18-57-49).txt

    Apparently it found a lot of problem since it is very large. Please attach it.


    Uninstall the below programs. If you do not find them or they will not uninstall, just keep going.
    Ask Toolbar
    BitGuard
    Dll-Files Fixer
    osu!
    Supreme Savings Plugin
    Viewpoint Media Player


    Please download OTM by Old Timer and save it to your Desktop.
    • Run OTM.exe by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).
    • Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
      (or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
      the code box
    Code:
    :Processes
explorer.exe
 
:Files
C:\Program Files (x86)\Ask.com
C:\Program Files (x86)\Conduit
C:\Program Files (x86)\Delta
C:\Program Files (x86)\InternetHelper3.1
C:\Program Files (x86)\MyPC Backup
C:\Program Files (x86)\osu!
C:\Program Files (x86)\SearchProtect
C:\Program Files (x86)\Supreme Savings Plugin
C:\Program Files\PC Optimizer Pro
C:\ProgramData\PC Optimizer Pro
C:\ProgramData\Babylon
C:\ProgramData\BitGuard
C:\ProgramData\WinClon
C:\Users\griffin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
C:\ProgramData\Conduit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Optimizer Pro
C:\Users\griffin\AppData\Local\Conduit
C:\Users\griffin\AppData\LocalLow\Conduit
C:\Users\griffin\AppData\LocalLow\InternetHelper3.1
C:\Users\griffin\AppData\Local\Wajam
C:\Users\griffin\AppData\LocalLow\AskToolbar
C:\Users\griffin\AppData\LocalLow\Delta
C:\Users\griffin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
C:\Users\griffin\AppData\Roaming\Mozilla\Firefox\Profiles\wxpypgfd.default\bProtector_extensions.sqlite
C:\Users\griffin\AppData\Roaming\Mozilla\Firefox\Profiles\wxpypgfd.default\bprotector_prefs.js
C:\Users\griffin\AppData\Roaming\Mozilla\Firefox\Profiles\wxpypgfd.default\extensions\ffxtlbr@delta.com
C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
C:\Users\griffin\AppData\Roaming\BabSolution
C:\Users\griffin\AppData\Roaming\SearchProtect
C:\Users\griffin\AppData\Local\Updater32912
C:\windows\tasks\DLL-Files.Com Fixer_MONTHLY.job
C:\windows\tasks\DLL-Files.Com Fixer_Updates.job
C:\Users\griffin\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\*.data
C:\Users\griffin\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\*.quar
C:\windows\TEMP\*.*
C:\Users\griffin\AppData\Local\Temp\*.*
 
 
:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-HKEY_USERS\S-1-5-21-275444049-347170542-1178166326-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-HKEY_USERS\S-1-5-21-275444049-347170542-1178166326-1001\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{00000000-6E41-4FD3-8538-502F5495E5FC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\GenericAskToolbar.ToolbarWnd]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_USERS\S-1-5-21-275444049-347170542-1178166326-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-HKEY_USERS\S-1-5-21-275444049-347170542-1178166326-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BackgroundContainer]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\escort.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\escortApp.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\escortEng.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\escorTlbr.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\esrv.EXE]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Prod.cap]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\escort.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\escortApp.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\escortEng.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\escorTlbr.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\esrv.EXE]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{39CB8175-E224-4446-8746-00566302DF8D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{57C91446-8D81-4156-A70E-624551442DE9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\DomaIQ]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DataMngr]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Delta]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Delta\delta]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{D4027C7F-154A-4066-A1AD-4243D8127440} (AskBar)
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}]
[-HKEY_USERS\S-1-5-21-275444049-347170542-1178166326-1001\Software\AppDataLow\Software\SmartBar]
[-HKEY_USERS\S-1-5-21-275444049-347170542-1178166326-1001\Software\Ask.com]
[-HKEY_USERS\S-1-5-21-275444049-347170542-1178166326-1001\Software\BabSolution]
[-HKEY_USERS\S-1-5-21-275444049-347170542-1178166326-1001\Software\Conduit]
[-HKEY_USERS\S-1-5-21-275444049-347170542-1178166326-1001\Software\delta LTD]
[-HKEY_USERS\S-1-5-21-275444049-347170542-1178166326-1001\Software\Delta]
[-HKEY_USERS\S-1-5-21-275444049-347170542-1178166326-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975}]
[-HKEY_USERS\S-1-5-21-275444049-347170542-1178166326-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}]
[-HKEY_USERS\S-1-5-21-275444049-347170542-1178166326-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07cbf788-1359-421b-a4e3-5a8d041b90a3}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{C77145DE-CA90-4D2C-B1BB-8634685865A3}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{C77145DE-CA90-4D2C-B1BB-8634685865A3}"
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{04FAE6FD-1CA7-40D1-B9AF-A295CC9EECF4}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0547C77C-D6B0-44BA-878E-A070163ED502}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D816F3B8-82A6-4500-93D2-8762A70611A1}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run]
"ApnUpdater"=-
[HKEY_LOCAL_MACHINE\software\Wow6432Node\microsoft\windows\currentVersion\Run]
"ApnUpdater"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"SearchProtect"=-
[HKEY_USERS\S-1-5-21-275444049-347170542-1178166326-1001\Software\Microsoft\Windows\CurrentVersion\run]
"BackgroundContainer"=-
:Commands
[purity]
[EmptyTemp]
[start explorer]

[Reboot]
    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar
      ) and choose Paste.
    • Now click the large http://forums.majorgeeks.com/chaslang/images/MoveIt!.png button.
    • If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
    • Close OTM.
    Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be
    saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach
    this log file to your next message.


    Now please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Note: That JRT may reset your home page to a google default so you will need to restore your home page setting if this happens.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Attach JRT.txt to your next message.
    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).


    Then attach the below logs:
    • the C:\_OTM\MovedFiles log
    • the JRT.TXTlog
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Oct 20, 2013
    #4
  5. MackenZ

    MackenZ Private E-2

    Hello again! Okay, I am attaching logs for:
    mbam
    jrt

    I am having problems with (getting these messages):
    10202013_231750.log:
    Your file of 508.8 KB bytes exceeds the forum's limit of 375.0 KB for this filetype.

    MGlogs.zip:
    You have already attached this file in thread : Guidance please

    So far IE and Chrome haven't gotten any ads when I got on them but I am still getting ads on Firefox.

    Thanks!
     

    Attached Files:

    MackenZ, Oct 21, 2013
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome.
    You can either split the log into two parts or you can simply compress it into a ZIP file and attach that.

    That means you did not run C:\MGtools\GetLogs.bat as requested which creates a new log.

    Then try the below procedure.

    Reset Firefox to Defaults
     
    chaslang, Oct 21, 2013
    #6
  7. MackenZ

    MackenZ Private E-2

    Hi Chaslang, thanks again for your help again tonight! Hope you're having a good evening!

    As for the file, I'm attaching it in 2 parts.

    As or the C:\MGtools\GetLogs.bat, I thought I did run it. I'm sorry, I must have gotten confused. I ran it now and I am attaching the log.

    I tried the reset Firefox and so far so good.

    I hope I got that right tonight, I really don't mean to waste your time I just really struggle with understanding this. I appreciate your patience so much.

    ~Mac
     

    Attached Files:

    MackenZ, Oct 21, 2013
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. Okay before we get to final instructions, I have to ask about the osu! folder that I had you delete with OTM. This looked like malware but per the logs I see lots of songs, AVI, image files...etc. Is this something you installed and use? If so will will have to restore it.

    Similiar question about what WinClon is ?
     
    chaslang, Oct 21, 2013
    #8
  9. MackenZ

    MackenZ Private E-2

    I can ask the kids tomorrow if that's okay... I have no idea, but they have music & games and stuff on here because I won't let them use mine lol. I have no idea which programs they use for that stuff.

    But it's after midnight here and they're in bed right now, so I will have to check in the morning. No rush getting back to me, whenever is convenient...

    Thanks! Good night!
     
    MackenZ, Oct 22, 2013
    #9
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay just let me know when you can.
     
    chaslang, Oct 23, 2013
    #10
  11. MackenZ

    MackenZ Private E-2

    Okay hello again! Sorry I didn't get back last night, I got home late and crashed.

    Okay, I checked with the kids. Osu is a game. No one knows what WinClon is. We looked it up, it seems to be some kind of free program that does one thing that no one here understands and we don't think we use it or need it.

    Thanks again for your help with this matter! I will check now and again tonight for further instructions.

    ~Mac
     
    MackenZ, Oct 23, 2013
    #11
  12. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay. So let me ask if you know how to copy folders from one location to another using Windows Explorer. If you do then you can just copy the below folder and all contents:

    C:\_OTM\MovedFiles\10202013_231750\C_Program Files (x86)\osu!

    Back to

    C:\Program Files (x86)\osu!

    Basically you could also just move the osu! folder from the C:\_OTM subfolder back to where is belongs in C:\Program Files (x86)

    The below may be of some help

    http://www.dummies.com/how-to/content/copy-or-move-files-and-folders-in-windows-8.html
     
    chaslang, Oct 24, 2013
    #12
  13. MackenZ

    MackenZ Private E-2



    Okay, I did it! LOL. I think. It looks like I did.

    ~Mac
     
    MackenZ, Oct 24, 2013
    #13
  14. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    OKay just make sure it is back and okay before doing the below because during these final instructions, the OTM quarantine will be deleted.



    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
    3. Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
    4. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
    5. If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    6. Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    8. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    9. If you are running Win 8, Win 7, Vista, Windows XP or Windows ME, do the below to flush restore points:
      • Refer to the instructions for your WIndows version in this link: Disable And Enable System Restore
      • What we want you to do is to first disable System Restore to flush restore points some of which could be infected.
      • Then we want you to Enable System Restore to create a new clean Restore Point.
    10. After doing the above, you should work thru the below link:
     
    chaslang, Oct 24, 2013
    #14
  15. MackenZ

    MackenZ Private E-2


    Okay, it seems to be working great now! I can't thank you enough Chaslang, you're a prince! I don't even know what to say, I appreciate all your time helping me work on this problem.
     
    MackenZ, Oct 24, 2013
    #15
  16. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. Surf safely!
     
    chaslang, Oct 25, 2013
    #16

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds