laptop with all kinds of malware

Discussion in 'Malware Help (A Specialist Will Reply)' started by Lucia, Oct 25, 2013.

  1. Lucia

    Lucia Private E-2

    Hi

    I was using my friend's laptop a couple days ago when an avast popup informed me there were infections on the computer and that a boot scan would be needed. Prior to this the computer had been slow with very little memory, but as its AV software was up to date, she assumed it was due to the tons of music saved on her laptop.

    Once it finished the scan, it found 92 infected files. When it restarted, I did the Avast full scan and found nothing. I was recommended to download malwarebytes, which I did, performed a quick scan which found 5 infected files which it removed.

    I used AFT cleaner to clean the temp folder and java cache. After this the amount of free space on the hard disk dramatically increased from 10 mb to 90 GB.

    I also ran ESET online scanner which found nothing.

    Then I found this site. I completed all steps in the read and run me first thread except #5 as the sound icon is missing from the system tray. In the Vista, Win 7 and Win 8 Malware Removal/Cleaning Procedure, I followed all steps up to 4. (Note: I did not reinstall MBAM, I updated it instead).

    Problems with the machine that I am personally experiencing are the constant error messages saying that Dell Support Center has stopped working and the fact that the sound icon is still missing.

    I've uploaded some of the logs with this post and will have to post again since the attachment maximum is 5 files.

    Thanks in advance for your help,

    Lucia
     

    Attached Files:

    Lucia, Oct 25, 2013
    #1
  2. Lucia

    Lucia Private E-2

    Here are the remaining logs. Thanks again for your help,

    Lucia
     

    Attached Files:

    Lucia, Oct 25, 2013
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    You should not even have Avast installed. You have a full security suite from Symantec installed and also there are signs of AVG. You need to decide which protection program you want to use and tell me.

    You also need to uninstall the below programs:
    Free_Radio_TV Toolbar
    McAfee Security Scan Plus
    My Web Search (Smiley Central)
    Radio_Bar_1 Toolbar

    Then run the below fix to cleanup more junkware.

    Please download OTM by Old Timer and save it to your Desktop.
    • Right-click OTM.exe and select Run as administrator to run it.
    • Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
      (or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
      the code box
    Code:
    :Processes
explorer.exe
 
:Files
C:\Program Files\FunWebProducts
C:\Program Files\MyWebSearch
C:\Program Files\Conduit

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25560540-9571-4D7B-9389-0F166788785A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{799391D3-EB86-4bac-9BD3-CBFEA58A0E15}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunWebProducts.DataControl.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunWebProducts.DataControl]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunWebProducts.HistoryKillerScheduler.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunWebProducts.HistoryKillerScheduler]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunWebProducts.HistorySwatterControlBar.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunWebProducts.HistorySwatterControlBar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunWebProducts.HTMLMenu.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunWebProducts.HTMLMenu.2]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunWebProducts.HTMLMenu]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunWebProducts.IECookiesManager.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunWebProducts.IECookiesManager]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunWebProducts.KillerObjManager.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunWebProducts.KillerObjManager]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunWebProducts.PopSwatterBarButton.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunWebProducts.PopSwatterBarButton]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunWebProducts.PopSwatterSettingsControl.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunWebProducts.PopSwatterSettingsControl]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7473D298-B7BB-4F24-AE82-7E2CE94BB6A9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AAA9C380-E19A-4436-88F6-02942C31CC9E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AAA9C381-E19A-4436-88F6-02942C31CC9E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWebSearch.ChatSessionPlugin.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWebSearch.ChatSessionPlugin]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWebSearch.HTMLPanel.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWebSearch.HTMLPanel]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWebSearch.MultipleButton.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWebSearch.MultipleButton]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWebSearch.OutlookAddin.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWebSearch.OutlookAddin]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWebSearch.PseudoTransparentPlugin.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWebSearch.PseudoTransparentPlugin]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWebSearch.ThirdPartyInstaller.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWebSearch.ThirdPartyInstaller]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWebSearch.UrlAlertButton.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWebSearch.UrlAlertButton]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWebSearchToolBar.SettingsPlugin.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWebSearchToolBar.SettingsPlugin]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWebSearchToolBar.ToolbarPlugin.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWebSearchToolBar.ToolbarPlugin]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ScreenSaverControl.ScreenSaverInstaller.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ScreenSaverControl.ScreenSaverInstaller]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDLl32Policy\f3ScrCtr.dll]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\sources\f3PopularScreensavers]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\FunWebProducts]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\m3ffxtbr@mywebsearch.com]
[-HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mywebsearch.com/Plugin]
[-HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MyWebSearchService]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MyWebSearchService]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\MyWebSearchService]
[-HKEY_USERS\S-1-5-21-2587197949-3601937130-3180497502-1000\Software\FunWebProducts]
[-HKEY_USERS\S-1-5-21-2587197949-3601937130-3180497502-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}]
[-HKEY_USERS\S-1-5-21-2587197949-3601937130-3180497502-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}]
[-HKEY_USERS\S-1-5-21-2587197949-3601937130-3180497502-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}]
[-HKEY_USERS\S-1-5-21-2587197949-3601937130-3180497502-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}]
[-HKEY_USERS\S-1-5-21-2587197949-3601937130-3180497502-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}]
[-HKEY_USERS\S-1-5-21-2587197949-3601937130-3180497502-1000\Software\MyWebSearch]
:Commands
[purity]
[EmptyTemp]
[start explorer]
[Reboot]
    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar
      ) and choose Paste.
    • Now click the large http://forums.majorgeeks.com/chaslang/images/MoveIt!.png button.
    • If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
    • Close OTM.
    Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be
    saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach
    this log file to your next message.
    Now please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Note: That JRT may reset your home page to a google default so you will need to restore your home page setting if this happens.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Attach JRT.txt to your next message.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:
    • the C:\_OTM\MovedFileslog
    • the JRT.txtlog
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!



    Would be too late anyway since you already ran ATFCleaner; however this is not a malware problem. It is just a settings issue. It is not enabled to show. Normally fixed via the Sounds and Audio Devices item in Control Panel. The Software Forum can help you with this if necessary.

    Also a question for the Software Forum or for Dell. Personally, this is junk I uninstall.
     
    chaslang, Oct 25, 2013
    #3
  4. Lucia

    Lucia Private E-2

    Thanks for the welcome Chaslang.

    I apologise for not replying earlier as I did not have access to the computer.

    Out of the antivirus software I would like to keep Avast. Should I uninstall the Norton before following your instructions or vice versa? And what about the "signs of AVG".

    Thanks again for all your help.

    Lucia
     
    Lucia, Oct 28, 2013
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome.
    Yes uninstall all of Norton/Symantec first. We will take care of AVG left overs later.
     
    chaslang, Oct 28, 2013
    #5
  6. Lucia

    Lucia Private E-2

    Hi Chaslang

    I've removed each of those programs with the exception of my websearch. When I click uninstall, a message pops up saying:

    error loading C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsbar.dll

    The specifed module could not be found.


    Should I skip this step or is there an alternative way to remove this?

    Thanks

    Lucia
     
    Lucia, Oct 31, 2013
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome.
    Yes just skip it. We will come back to it if necessary.
     
    chaslang, Oct 31, 2013
    #7
  8. Lucia

    Lucia Private E-2

    Hello Chaslang,

    OK then. I have attached the logs as requested. The computer seems to be running OK, from a user perspective.

    ETA: Is there anything I should look out for?

    Thanks again for your help on this.

    Lucia
     

    Attached Files:

    Lucia, Nov 3, 2013
    #8
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. Just a little more to do and then final steps.

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
    O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

    After clicking Fix, exit HJT.


    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
    3. Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
    4. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
    5. If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    6. Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    8. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    9. If you are running Win 8, Win 7, Vista, Windows XP or Windows ME, do the below to flush restore points:
      • Refer to the instructions for your WIndows version in this link: Disable And Enable System Restore
      • What we want you to do is to first disable System Restore to flush restore points some of which could be infected.
      • Then we want you to Enable System Restore to create a new clean Restore Point.
    10. After doing the above, you should work thru the below link:
     
    chaslang, Nov 3, 2013
    #9
  10. Lucia

    Lucia Private E-2

    Hi Chaslang

    Sorry about the delayed reply; I haven't abandoned the thread! As it is not my computer, my access to it is kind of patchy, so I have to apply the steps, and update on here, as and when I do have access.

    Hopefully, between today and tomorrow I will be able to follow through on your last bits of advice and update the thread.

    Once again, thank you so much for all the help you've given.


    Lucia
     
    Lucia, Nov 9, 2013
    #10
  11. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    On behalf of Chaslang, who is away for a short while, you are most welcome. :)
     
    Kestrel13!, Nov 10, 2013
    #11
  12. Lucia

    Lucia Private E-2

    Hi chaslang and Kestrel13,

    I'm back and just about to implement the last steps chaslang gave. Sorry about the HUGE delay. The owner of the computer went on vacation so my hands have been kinda tied. I'll update on here as soon as I've put everything through. Thanks again for your help, guys.

    Lucia
     
    Lucia, Dec 15, 2013
    #12
  13. Lucia

    Lucia Private E-2

    I've just finished all the steps. Thanks again, chaslang, you too, Kestrel13. Everything seems to be running fine - fingers crossed. I've also put in place some of the steps mentioned in the guide and I'm gonna save a copy of it on here for my friend to hopefully avoid this happening again. If you have any more suggestions, I'm all ears.

    BTW, it's amazing that such a great resource is offered for free! Many, many thanks for all your help.

    Lucia
     
    Lucia, Dec 15, 2013
    #13
  14. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. Surf safely!
     
    chaslang, Dec 15, 2013
    #14

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds