Firefox, internet explorer problems,ccleaner won't work

Discussion in 'Malware Help (A Specialist Will Reply)' started by cada33, Jul 25, 2013.

  1. cada33

    cada33 Private E-2

    I am having trouble with this computer. I have been having problems for the last couple months with the computer getting slower. Last week I downloaded a newer version of firefox and since then Internet explorer wouldn't open. I was also experiencing problems with an ask toolbar I couldn't get rid of, and everytime I changed my homepage the ask toolbar would change it back to the other page(I can't remember the name of the page). Also I was having popup tabs I didn't request when I would complete a search from this "ask" webpage. The url was not to the normal ask page.

    I completed the steps in the malware removal/cleaning. I attached the logs of the scans that completed. CCleaner couldn't get past the temporary folders, running through the same folder over and over, I checked the size of the folder and it said size was 2.71MB, but size on disk is 1.2GB, I don't think this is normal so I figured I would mention it. Malwarebytes stopped responding during scanning.

    After running mgtools Internet explorer would finally open and I thought it might be ok. I could change the homepage, and I did, as well as disable the ask toolbar. Then after things seemed ok, I ran CCleaner again and it got hung up on temp files again. I am sure something is still wrong. I didn't try malwarebytes again because it's still not right and didn't want to violate the forum rules of repeating the steps until told to do so. Please help
     

    Attached Files:

    cada33, Jul 25, 2013
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Yes and no wonder! You appear to be what we commonly call a toolbar/junkware collector. ;) You are allowing lots of junk to be installed on your PC that you should never be installing.

    Let's get started with the below. This may take a few iterations because you have so much junk installed. We run some uninstalls and then rerun a couple scans to see what remains afterwards.

    Start by uninstall ALL of the below. If you do not find any or they do not uninstall, just tell me later but keep on going:
    ArcadeSafari
    Ask Toolbar
    BrowserProtect
    Claro Chrome Toolbar
    Claro toolbar
    DefaultTab
    Dogpile Bundle Toolbar
    GetSavin
    LessTabs
    My Web Search
    Search Protect by conduit
    Sendori
    Shop To Win
    SocialSearchBar_App Toolbar
    Software Version Updater
    Unfriend Checker
    UnfriendApp
    Wajam
    WhiteSmoke New Toolbar
    ZD Manager


    Now please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Note: That JRT may reset your home page to a google default so you will need to restore your home page setting if this happens.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Attach JRT.txt to your next message.
    Now please rerun a scan with Hitman Pro and save a new log to attach.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).


    Then attach the below logs:
    • the JRT.TXTlog
    • the newJRHitman Prolog
    • C:\MGlogs.zip
     
    chaslang, Jul 25, 2013
    #2
  3. cada33

    cada33 Private E-2

    Ok, removal and scans are done. Here are the logs you requested.
     

    Attached Files:

    cada33, Jul 26, 2013
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay that fixed quite a lot but there is still a whole lot more to remove.

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O2 - BHO: CasualGaming - {2e9331d0-b42b-42b7-9824-a6545d0ceaa6} - C:\Program Files (x86)\CasualGaming\prxtbCasu.dll
    O2 - BHO: Define - {B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} - C:\Users\Bumbl-B-649\AppData\Local\DefineExt\temp.dat
    O3 - Toolbar: CasualGaming Toolbar - {2e9331d0-b42b-42b7-9824-a6545d0ceaa6} - C:\Program Files (x86)\CasualGaming\prxtbCasu.dll
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab

    After clicking Fix, exit HJT.

    Now uninstall the below programs:
    CasualGaming Toolbar
    Java(TM) 6 Update 15 (64-bit)
    Java(TM) SE Development Kit 6 Update 15 (64-bit)

    Please download OTM by Old Timer and save it to your Desktop.
    • Run OTM.exe by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).
    • Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
      (or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
      the code box
    Code:
    :Processes
explorer.exe
 
:Files
C:\Program Files (x86)\CasualGaming
C:\Users\Bumbl-B-649\AppData\Roaming\Mozilla\Firefox\Profiles\xnks7916.default\extensions\textlinks@arcadeweb.com
C:\Users\Bumbl-B-649\Downloads\Firefox_Setup(1).exe
C:\Users\Bumbl-B-649\Downloads\IWON.exe
C:\Users\Bumbl-B-649\Downloads\SetupArcadeWeb.exe
C:\Users\Bumbl-B-649\Downloads\SetupLivingPlay.exe
C:\Users\Bumbl-B-649\Downloads\SetupPlayPickle.exe
C:\Users\Bumbl-B-649\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
C:\Users\Bumbl-B-649\AppData\Roaming\SearchProtect
C:\Program Files (x86)\SearchProtect
C:\Program Files (x86)\Sendori
C:\PROGRA~2\MYWEBS~1
c:\progra~3\browse~1  
C:\Windows\tasks\AmiUpdXp.job
C:\Windows\tasks\Arcadesafari.job
C:\Windows\TEMP\*.*
C:\Users\Bumbl-B-649\AppData\Local\Temp\*.*

:Reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MyWebSearch Email Plugin"=-
"SearchProtect"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run]
"MyWebSearch Email Plugin"=-
"My Web Search Bar Search Scope Monitor"=-
"ApnUpdater"=-
"ApnTBMon"=-
"Sendori Tray"=-"
"SearchProtectAll"=-
[HKEY_LOCAL_MACHINE\software\Wow6432Node\microsoft\windows\currentVersion\Run]
"MyWebSearch Email Plugin"=-
"My Web Search Bar Search Scope Monitor"==-
"ApnUpdater"=-
"Sendori Tray"=-
"SearchProtectAll"=-
[HKEY_USERS\S-1-5-21-677252158-724705972-1112214294-1001\Software\Microsoft\Windows\CurrentVersion\run]
"MyWebSearch Email Plugin"=-
"SearchProtect"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""
[-HKEY_USERS\S-1-5-21-677252158-724705972-1112214294-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\Bumbl-B-649\Downloads\IWON.exe]
[-HKEY_USERS\S-1-5-21-677252158-724705972-1112214294-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\Bumbl-B-649\Downloads\SetupPlayPickle.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\ExplorerPlugin.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{E89A07B5-BD7A-43F9-BDA4-0DAA48AC4FA5}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ExplorerPlugin.Extension.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ExplorerPlugin.Extension]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7473D298-B7BB-4F24-AE82-7E2CE94BB6A9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AAA9C380-E19A-4436-88F6-02942C31CC9E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AAA9C381-E19A-4436-88F6-02942C31CC9E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\ExplorerPlugin.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{E89A07B5-BD7A-43F9-BDA4-0DAA48AC4FA5}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\FocusInteractive]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Fun Web Products]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}]
[-HKEY_USERS\S-1-5-21-677252158-724705972-1112214294-1001\Software\AppDataLow\ArcadeWeb]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{16466D47-74A8-4928-B8B2-07CD79ABFC9F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{26D5CC0A-7A46-4D86-AF45-2EFA320B0C54}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2D13AC8F-037E-40C5-ADA6-231BA74EA2F4}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{322EDCF5-9E7D-4021-8C67-F3FFE4961A38}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3E254398-828F-4D51-A39E-3F6B6D96A12C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{442DAF0C-7EAD-48D9-ABEA-E0036470D6D5}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{58EB187D-24F8-4423-BD6C-655CE4C416BD}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6BEB066C-A791-4A21-B934-7783533FE888}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A07612DF-B1DD-484F-A1C3-36CA4CE919D2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A76F97B2-2C56-456A-A29E-72741595C2E8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B19D9D96-E59C-4936-B283-8A831CDB3A53}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DC8AAABA-3F8B-4866-8B3A-D9368133A478}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E15519AE-99BE-42DD-BE60-FFC3C183F443}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DataMngr]
[-HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}]
[-HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}]
[-HKEY_USERS\S-1-5-21-677252158-724705972-1112214294-1001\Software\DataMngr]
[-HKEY_USERS\S-1-5-21-677252158-724705972-1112214294-1001\Software\DataMngr_Toolbar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2e9331d0-b42b-42b7-9824-a6545d0ceaa6}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{7E9BFADB-5981-4192-9297-9807EEFBF3C4}"
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{7679A379-AA39-4238-8BBD-5483F8F7A324}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{7E9BFADB-5981-4192-9297-9807EEFBF3C4}"
"bProtectorDefaultScope"=-
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{7679A379-AA39-4238-8BBD-5483F8F7A324}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{889C4195-822D-4873-8E5A-7FE381C19E98}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B030D797-2ADF-49E4-B12A-9B7E8395CF8D}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B7091133-1FB7-48B1-BF68-7D4CD7394DDD}]
:Commands
[purity]
[EmptyTemp]
[start explorer]
[Reboot]
    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar
      ) and choose Paste.
    • Now click the large http://forums.majorgeeks.com/chaslang/images/MoveIt!.png button.
    • If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
    • Close OTM.
    Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be
    saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach
    this log file to your next message.

    Now please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Note: That JRT may reset your home page to a google default so you will need to restore your home page setting if this happens.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Attach JRT.txt to your next message.
    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:
    • the C:\_OTM\MovedFiles log
    • the JRT.TXTlog
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Jul 26, 2013
    #4
  5. cada33

    cada33 Private E-2

    Here are the results:
    1. Hijack This ran without any issues.

    2. When I tried to uninstall the Java's both uninstalled without a problem. When I tried to uninstall the CasualGaming Toolbar nothing would happen. I was in then uninstall a program, and with this casual gaming toolbar selected i selected the option for uninstall/change and nothing happened, no error, clicking did absolutely nothing.

    3. OTM had a problem and stopped responding, as a result I don't have a log for you, none was created. After it had the problem I left it on for a bit to make sure it wasn't going to continue. I did a screen capture with the error up so you could see what I saw, it is labeled OTMError.jpg if that even matters.

    4. Junkware removal tool completed, the log is attached.

    5. I ran the getlogs.bat. That ran without a problem, the log is attached.

    About how the computer is running. It is running a ton better. It is much faster, and has been since I followed your first set of instructions. I am also able to open control panel(I may have forgot to mention that earler). Before windows would keep trying to no avail to load control panel. To open something like the uninstall a program or power options I would have to go to the start menu, type what i wanted to open in the search programs or files text box and then open from those options. That problem has been fixed too.

    I will say this, and I don't know why this happened. But as I was typing in this forum I just saw a command prompt window open and close really quick. I don't know what it was, but I don't think that is normal and figured I would mention it.

    Thanks for all the help so far.
     

    Attached Files:

    cada33, Jul 27, 2013
    #5
  6. cada33

    cada33 Private E-2

    Here are my results:
    1. Hijack This: ran without a problem

    2. Uninstall: Casual gaming toolbar would not uninstall. I clicked uninstall from the uninstall a program tool off the control panel, and nothing happened. It seemed to have no effect. The Java files uninstalled without a problem.

    3. OTM stopped working in the middle of the procedure. It said that the program stopped responding. I left it going for a bit but it didn't start responding again. As a result no log was created

    4. Junkware removal tool executed. The log is attached.

    5. Getlogs ran without a problem and the logs are attached.

    As for how the computer is running. It is running much better since I followed the first set of instructions that you gave. I can open all web browsers and everything is loading much faster. I may have forgot to mention earlier that I could not load control panel before your help, I had to go to the start menu, and type what i wanted to open in the search box.

    One thing I do want to mention is that while i was typing my reply I did see a command prompt type window open and close really quickly. I am not sure why that happened and was not able to read anything that may have been in the window.

    Thanks for all the help so far.
     
    cada33, Jul 27, 2013
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome.

    It ran well enough to remove what we wanted to remove. I can see the results in MGlogs.zip. Your logs are clean.

    Likely just the follow up from OTM which had set itself up to run after reboot to finish the cleanup.

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
    3. Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
    4. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
    5. If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    6. Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    8. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    9. If you are running Win 8, Win 7, Vista, Windows XP or Windows ME, do the below to flush restore points:
      • Refer to the instructions for your WIndows version in this link: Disable And Enable System Restore
      • What we want you to do is to first disable System Restore to flush restore points some of which could be infected.
      • Then we want you to Enable System Restore to create a new clean Restore Point.
    10. After doing the above, you should work thru the below link:
     
    chaslang, Jul 27, 2013
    #7
  8. cada33

    cada33 Private E-2

    Thank You for all the help. I am forever grateful.
     
    cada33, Jul 27, 2013
    #8
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. Surf safely!
     
    chaslang, Jul 27, 2013
    #9
  10. cada33

    cada33 Private E-2

    Hello again. I thought I had everything working correctly. I was going through the final steps and I reenabled UAC. After a restart I am unable to open Internet Explorer unless I choose to run as an administrator. If I don't run as admin. it says "Internet Explorer has stopped working...a problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available." Is this more of the same problem or is there a way to fix it with settings?
     
    cada33, Jul 27, 2013
    #10
  11. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay let's make sure that nothing was able to sneak back in.


    Now download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

    Run MGtools.exe ( Note: If using Vista, Win7, or Win8, make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )

    Now attach the below logs:
    • C:\MGlogs.zip
     
    chaslang, Jul 30, 2013
    #11
  12. cada33

    cada33 Private E-2

    Here is the log. Also when I just did a search for major geeks on yahoo, I clicked the link and believe I was redirected. Now I am questioning myself though because I have tried it 3 more times and the link sent me here as it was supposed to. Maybe I am paranoid though.
     

    Attached Files:

    cada33, Aug 1, 2013
    #12
  13. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    There are no signs of problems.

    Are you still having a problem? If yes, is it with Internet Explorer?
     
    chaslang, Aug 2, 2013
    #13
  14. cada33

    cada33 Private E-2

    Yes. Just getting internet explorer to run. I have to right click and choose run as administrator. If I don't do that I get an error and it shuts down. I know that is more of a software thing but that started when I was having the other problems. Funny enough it didn't happen when UAC was turned off.
     
    cada33, Aug 2, 2013
    #14
  15. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Sounds like a permissions issue. Try the below to see if it can fix it. If not, you should post in the Software Forum.


    Be patient while doing the below. The fixes can sometimes take quite awhile to run. Especially the permissions repairs. It may be best to kick it off and goto bed or do something else. It is better not to run anything while the repairs are going on.


    Download Windows Repair by Tweaking.com and unzip the contents into a newly created folder on your desktop.
    • Now run Repair_Windows.exe by double clicking on it ( if you are running Vista or Win 7, use right click and select Run As Administrator)
    • Now select the Start Repairs tab.
    • The click the Start button.
    • Create a System Restore point if prompted.
    • On the next screen, click the Unselect All button to first deselect all repairs.
    • Now select the following repair options:
      • Reset Registry Permissions
      • Reset File Permissions
      • Register System Files
      • Repair WMI
      • Remove Policies Set By Infections
      • Repair Winsock & DNS Cache
      • Repair Proxy Settings
      • Repair Windows Updates
      • Set Windows Services To Default Startup
    • Now on the lower right side check the box to Restart/Shutdown System When Finished
    • Then make sure the Restart System radio button is enabled.
    • Shutdown any other programs that you are running now before continuing.
    • Now click the Start button.
    • Be patient while the tool repairs the selected items.
    • It should reboot automatically when finished.
     
    chaslang, Aug 2, 2013
    #15
  16. cada33

    cada33 Private E-2

    That last bit seems to have done it. My computer is working better than when it was new. Thanks again.
     
    cada33, Aug 3, 2013
    #16
  17. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. Okay now complete those final instructions given back in message number 7. I expect you need to pick back up at step # 4.
     
    chaslang, Aug 4, 2013
    #17

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds