constantly freezing when update install page displayed

Uninstall the below:

• Delta Chrome Toolbar
  [*]Delta toolbar
  [*]Snap.Do
  [*]BrowserProtect
  [*]iLivid
  [*]PriceGong 2.6.4
  [*]Supreme Savings
  [*]PriceGong 2.6.4

Rerun Hitman and have it delete Malware remnants and Potential Unwanted Programs


Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

• R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/?publisher=Tuguu&dpid=Tuguu&co=GB&userid=3beb23d7-be24-4f7a-8270-51876ee10985&searchtype=ds&q={searchTerms}&installDate=24/04/2013
• R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=Tuguu&dpid=Tuguu&co=GB&userid=3beb23d7-be24-4f7a-8270-51876ee10985&searchtype=ds&q={searchTerms}&installDate=24/04/2013
• R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=120518&babsrc=HP_ss_bay2g&mntrId=F8CB68A3C4C0269D
• R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/?publisher=Tuguu&dpid=Tuguu&co=GB&userid=3beb23d7-be24-4f7a-8270-51876ee10985&searchtype=ds&q={searchTerms}&installDate=24/04/2013
• R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/?publisher=Tuguu&dpid=Tuguu&co=GB&userid=3beb23d7-be24-4f7a-8270-51876ee10985&searchtype=ds&q={searchTerms}&installDate=24/04/2013
• O2 - BHO: CrossriderApp0019962 - {11111111-1111-1111-1111-110111991162} - C:\Program Files (x86)\Supreme Savings\Supreme Savings.dll
• O2 - BHO: Snap.DoEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - mscoree.dll (file missing)
• O2 - BHO: Game Master 2.1 B - {7af17f7c-093f-4ea0-bf10-db50d9016e4f} - (no file)
• O2 - BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.16.16\bh\delta.dll
• O3 - Toolbar: (no name) - {8dcb7100-df86-4384-8842-8fa844297b3f} - (no file)
• O3 - Toolbar: Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.16.16\deltaTlbr.dll
• O3 - Toolbar: Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll (file missing)
• O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE
• O4 - HKLM\..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
• O4 - HKLM\..\Run: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe
• O4 - HKLM\..\Run: [ErrorTeck] C:\Program Files (x86)\ErrorTeck\ErrorTeck.exe /scan
• O4 - HKCU\..\Run: [SearchProtect] C:\Users\Daniel\AppData\Roaming\SearchProtect\bin\cltmng.exe
• O4 - HKCU\..\Run: [Browser Infrastructure Helper] C:\Users\Daniel\AppData\Local\Smartbar\Application\SnapDo.exe startup
• O20 - AppInit_DLLs: c:\progra~3\browse~1\261125~1.80\{c16c1~1\browse~1.dll
• O23 - Service: BrowserProtect - Unknown owner - C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
• O23 - Service: Search Protect by Conduit Updater (CltMngSvc) - Unknown owner - C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe (file missing)

NOTE: HJT may popup an error about the AppInit_DLLs line. Ignore it and click OK to continue.

After clicking Fix exit HJT.




http://img805.imageshack.us/img805/9659/rktigzy.gif Fix items using RogueKiller.

Double-click RogueKiller.exe to run. (Vista/7 right-click and select Run as Administrator)
When it opens, press the Scan button
Now click the Registry tab and locate these 3 detections:

• [RUN][SUSP PATH] HKCU\[...]\Run : SearchProtect (C:\Users\Daniel\AppData\Roaming\SearchProtect\bin\cltmng.exe) [x] -> FOUND
• [RUN][SUSP PATH] HKCU\[...]\Run : Browser Infrastructure Helper (C:\Users\Daniel\AppData\Local\Smartbar\Application\SnapDo.exe startup) [7] -> FOUND
• [RUN][SUSP PATH] HKUS\S-1-5-21-2340198905-4109501097-2381567618-1006[...]\Run : SearchProtect (C:\Users\Daniel\AppData\Roaming\SearchProtect\bin\cltmng.exe) [x] -> FOUND
• [RUN][SUSP PATH] HKUS\S-1-5-21-2340198905-4109501097-2381567618-1006[...]\Run : Browser Infrastructure Helper (C:\Users\Daniel\AppData\Local\Smartbar\Application\SnapDo.exe startup) [7] -> FOUND
• [Services][BLACKLIST] HKLM\[...]\ControlSet001\Services\BrowserProtect (C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe) [7] -> FOUND
• [Services][BLACKLIST] HKLM\[...]\ControlSet002\Services\BrowserProtect (C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe) [7] -> FOUND
• [TASK][SUSP PATH] EPUpdater : C:\Users\Daniel\AppData\Roaming\BabSolution\Shared\BabMaint.exe [7] -> FOUND
• [TASK][SUSP PATH] Updater19962.exe : C:\Users\Daniel\AppData\Local\Updater19962\Updater19962.exe /extensionid=19962 /extensionname="Supreme Savings" /chromeid=ihkeoookbpemkdccdccdmacnidhooohk [7] -> FOUND

Place a checkmark each of these items, leave the others unchecked.
Now press the Delete button.
When it is finished, there will be a log on your desktop called: RKreport[2].txt
Attach RKreport[2].txt to your next message. (How to attach)
Reboot the machine.


Download and run OTM.

Download OTM by Old Timer and save it to your Desktop.

• Right-click OTM.exe And select " Run as administrator " to run it.
• Paste the following code under the http://farm3.static.flickr.com/2455/4173556815_a721a91733_o.png area. Do not include the word Code.

Code:

:Files
C:\ProgramData\ParetoLogic
C:\Users\Daniel\AppData\Roaming\SearchProtect
C:\ProgramData\BrowserProtect
C:\Users\Daniel\AppData\Local\Smartbar
C:\PROGRA~2\IMESHA~1
C:\Program Files (x86)\SearchProtect
C:\Program Files (x86)\Delta
c:\progra~3\browse~1
C:\ProgramData\BrowserProtect
C:\Program Files (x86)\1ClickDownload
C:\Program Files (x86)\Delta
C:\Program Files (x86)\iLivid
C:\Program Files (x86)\Supreme Savings
C:\Program Files (x86)\Common Files\ParetoLogic
C:\Users\Daniel\AppData\Roaming\BabMaint.exe

:Commands
[emptytemp]
[Reboot]

• Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
• Push the large http://farm3.static.flickr.com/2782/4174320048_f01c448b32_o.png button.
• OTM may ask to reboot the machine. Please do so if asked.
• Copy everything in the Results window (under the green bar), and paste it in your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and attach the contents of that document back here in your next post.



Download Cleano 0.61

Download it to your desktop, Right click the cleano.exe file and run as admin > and place check marks in the boxes as follows (click on link below to see image)

View attachment 148092
Click clean now and exit the program.


Now rerun both RogueKiller and Hitman and attach logs from each for me to check.

Run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista or Windows7) Then attach the new C:\MGlogs.zip file that will be created by running this.

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

 

Re run Hitman Pro and have it delete Potential Unwanted Programs


Uninstall the below.

• iLivid
  [*]Windows iLivid Toolbar
  [*]Snap.Do

Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.


Now run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista or Windows7) Then attach the new C:\MGlogs.zip file that will be created by running this.

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

 

Hitman, according to your latest log is showing Potential Unwanted Programs to remove. Did you delete all that? When you run it now does it not find anything at all?

Use Revo Uninstaller to uninstall the below:

• iLivid
• Windows iLivid Toolbar
• Snap.Do

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista or Windows7) Then attach the new C:\MGlogs.zip file that will be created by running this.

 

Shredder error is not topic for the malware forum. You can ask about that in the software forum. In the meantime, back to what we are focussing on...

You have Ccleaner installed, open it up > Go to Tools > and Uninstall. See if Ilivid shows there and let me know.

 

Now download Registry Search (see the link titled RegSearch Download Link )

• Extract the files from Regsearch.zip into a folder.
• Doubleclick regsearch.exe to start the program.
• See the top 3 boxes under the Enter search strings (case independent) and click Ok... option, enter the below bold string (use copy and paste)

• Ilivid

• Then click "OK".
• Notepad will be opened with text in it (the file named RegSearch.txt will be saved in the program's folder as well).
• Attach this RegSearch.txt file.

 

My apologies.

http://imageshack.us/a/img841/7292/thisisujrt.gif Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Attach JRT.txt to your next message.

 

Explain how things are running.

 

Not sure we will be able to fix your issue with Windows update but let's try the below.


Be patient while doing the below. The fixes can sometimes take quite awhile to run. Especially the permissions repairs. It may be best to kick it off and goto bed or do something else. It is better not to run anything while the repairs are going on.

Download Windows Repair by Tweaking.com and unzip the contents into a newly created folder on your desktop.

• Now run Repair_Windows.exe by double clicking on it ( if you are running Vista or Win 7, use right click and select Run As Administrator)
• Now select the Start Repairs tab.
• The click the Start button.
• Create a System Restore point if prompted.
• On the next screen, click the Unselect All button to first deselect all repairs.
• Now select the following repair options:
  • Reset Registry Permissions
  • Reset File Permissions
  • Register System Files
  • Repair WMI
  • Remove Policies Set By Infections
  • Repair Proxy Settings
  • Repair Windows Updates
  • Set Windows Services To Default Startup
• Now on the lower right side check the box to Restart/Shutdown System When Finished
• Then make sure the Restart System radio button is enabled.
• Shutdown any other programs that you are running now before continuing.
• Now click the Start button.
• Be patient while the tool repairs the selected items.
• It should reboot automatically when finished.

Make sure your PC is physically connected to the internet now ( your cables are plugged in and you have not blocked internet access in any form ).

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

Yes that would be best.



If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
3. Go back to step 4 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
4. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
5. If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
6. Goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
7. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others) and running MGclean.bat did not remove, you can delete these files now.
8. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures pointed to by step 6 of the READ ME
     for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!