Malware removal

Discussion in 'Malware Help (A Specialist Will Reply)' started by michael.edwards00, May 29, 2013.

  1. michael.edwards00

    michael.edwards00 Private E-2

    I have recently had a virus attack on my computer. The only things that I have noticed was my computer being a lot slower and randomly putting malicious files into external drives that are inserted into the computer.
     

    Attached Files:

    michael.edwards00, May 29, 2013
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&CUI=UN34755072933179217&ctid=CT3274043
    R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    R3 - URLSearchHook: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
    R3 - URLSearchHook: BTControl12DM2 Toolbar - {09110334-1bf2-481d-9ce3-7ac88f9ef9fe} - C:\Program Files\BTControl12DM2\prxtbBTC0.dll
    O2 - BHO: Freecause Shopping BHO - {0095C290-A428-4BDD-B98C-E0A116F1C702} - C:\Program Files\Shop to Win 9\ShoppingBHO.dll
    O2 - BHO: BTControl12DM2 - {09110334-1bf2-481d-9ce3-7ac88f9ef9fe} - C:\Program Files\BTControl12DM2\prxtbBTC0.dll
    O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
    O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
    O2 - BHO: Freecause Shopping BHO - {930D9979-EA79-437D-807F-0FD32573CA75} - C:\Program Files\Shop to Win 7\ShoppingBHO.dll
    O2 - BHO: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll
    O2 - BHO: DCA - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files\Common Files\FreeCause\DCA\dca-bho.dll
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O3 - Toolbar: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll
    O3 - Toolbar: Trillian Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
    O3 - Toolbar: BTControl12DM2 Toolbar - {09110334-1bf2-481d-9ce3-7ac88f9ef9fe} - C:\Program Files\BTControl12DM2\prxtbBTC0.dll
    O4 - HKLM\..\Run: [SearchProtectAll] C:\Program Files\SearchProtect\bin\cltmng.exe
    O4 - HKCU\..\Run: [SearchProtect] C:\Users\Stephen\AppData\Roaming\SearchProtect\bin\cltmng.exe
    O4 - HKUS\S-1-5-21-741989594-3182478639-2422309455-1003\..\Run: [SearchProtect] C:\Users\Michael.Stephen-PC\AppData\Roaming\SearchProtect\bin\cltmng.exe (User 'Michael')

    After clicking Fix, exit HJT.

    Now uninstall the below programs:
    Ask Toolbar
    Babylon toolbar on IE
    BabylonObjectInstaller
    BTControl12DM2 Toolbar
    Java(TM) 6 Update 37
    Search Protect by conduit
    Search Toolbar
    Shop to Win 7
    Shop to Win 9
    Vid-Saver
    Yontoo Layers 1.10.01

    Now install the current version of Sun Java from: Sun Java Runtime Environment

    Please download OTM by Old Timer and save it to your Desktop.
    • Run it by double clicking on it (Note: if using Vista, Win7, or Win8, don't double click, use right click and select Run As Administrator).
    • Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
      (or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
      the code box
    Code:
    :Processes
explorer.exe

:Services
Bandoo Coordinator
IEPro
KService
 
:Files
C:\Users\Stephen\AppData\Roaming\SearchProtect\bin\cltmng.exe
C:\$Recycle.Bin\S-1-5-21-741989594-3182478639-2422309455-1000\$056fa88798dea7523c3a9b214aa0c1b6\n.
C:\$recycle.bin\S-1-5-21-741989594-3182478639-2422309455-1000\$056fa88798dea7523c3a9b214aa0c1b6\@
C:\$recycle.bin\S-1-5-21-741989594-3182478639-2422309455-1000\$056fa88798dea7523c3a9b214aa0c1b6\U
C:\$recycle.bin\S-1-5-21-741989594-3182478639-2422309455-1000\$056fa88798dea7523c3a9b214aa0c1b6\L
C:\$Recycle.Bin\S-1-5-21-741989594-3182478639-2422309455-1000\$056fa88798dea7523c3a9b214aa0c1b6
C:\Users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\asge3ixn.default\extensions\crossriderapp2258@crossrider.com
C:\Program Files\Ask.com
C:\Program Files\BabylonToolbar
C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
C:\Program Files\BTControl12DM2
C:\Program Files\SearchProtect
C:\Program Files\Vid-Saver
C:\ProgramData\Babylon
C:\ProgramData\Tarma Installer
C:\Users\Michael.Stephen-PC\AppData\LocalLow\AskToolbar
C:\Users\Michael.Stephen-PC\AppData\LocalLow\BabylonToolbar
C:\Users\Stephen\AppData\Local\Conduit
C:\Users\Stephen\AppData\Local\Vid-Saver
C:\Users\Stephen\AppData\LocalLow\AskToolbar
C:\Users\Stephen\AppData\LocalLow\BabylonToolbar
C:\Users\Stephen\AppData\Roaming\Babylon
C:\Users\Stephen\AppData\Roaming\BabylonToolbar
C:\Users\Stephen\AppData\Roaming\SearchProtect
C:\Users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\asge3ixn.default\extensions\crossriderapp3491@crossrider.com
C:\Users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\asge3ixn.default\extensions\ffxtlbr@babylon.com
C:\Users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\asge3ixn.default\extensions\plugin@yontoo.com
C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
C:\Windows\Temp\*.*
C:\Users\Stephen\AppData\Local\Temp\*.*

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Babylon]
[-HKEY_LOCAL_MACHINE\SOFTWARE\BabylonToolbar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\escort.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\escortApp.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\escortEng.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\escorTlbr.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\esrv.EXE]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\YontooIEClient.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\b]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Babylon.dskBnd.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Babylon.dskBnd]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylnApp.appCore.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylnApp.appCore]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484a-89D3-318C928DAC1B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4ccf-834A-2DDA4E29E39E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44b0-A826-84C829536E93}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\escort.escortIEPane.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\escort.escortIEPane]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.BabylonESrvc.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.BabylonESrvc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Prod.cap]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\s]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Api.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Api]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Google\chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Google\chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Google\chrome\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011341191}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B2468513CA2D6943A1A233CD3F88CE7]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vid-Saver]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Components\{9307081B-7444-494C-8CF6-2FA7C0E92BFB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Components\{9D9785E5-3424-40B6-A287-BA143AD53109}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Components\{B6783DFA-B8C8-4CB6-AB9F-EF1A1F7F7AE8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Products\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}]
[-HKEY_USERS\S-1-5-21-741989594-3182478639-2422309455-1000\Software\AppDataLow\AskToolbarInfo]
[-HKEY_USERS\S-1-5-21-741989594-3182478639-2422309455-1000\Software\Ask.com]
[-HKEY_USERS\S-1-5-21-741989594-3182478639-2422309455-1000\Software\BabylonToolbar]
[-HKEY_USERS\S-1-5-21-741989594-3182478639-2422309455-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}]
[-HKEY_USERS\S-1-5-21-741989594-3182478639-2422309455-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}]
[-HKEY_USERS\S-1-5-21-741989594-3182478639-2422309455-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_USERS\S-1-5-21-741989594-3182478639-2422309455-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_USERS\S-1-5-21-741989594-3182478639-2422309455-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}]
[-HKEY_USERS\S-1-5-21-741989594-3182478639-2422309455-1000\Software\Softonic]
[-HKEY_USERS\S-1-5-21-741989594-3182478639-2422309455-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_USERS\S-1-5-21-741989594-3182478639-2422309455-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_USERS\S-1-5-21-741989594-3182478639-2422309455-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}]
[-HKEY_USERS\S-1-5-21-741989594-3182478639-2422309455-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SearchProtect"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run]
"SearchProtectAll"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"SearchProtect"=-
[HKEY_USERS\S-1-5-21-741989594-3182478639-2422309455-1003\Software\Microsoft\Windows\CurrentVersion\run]
"SearchProtect"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\ccEvtMgr]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\ccSetMgr]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\LiveUpdate]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\Symantec AntiVirus]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ccApp]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{05727330-12A2-6573-6C66-81489A35331A}"
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}]
:Commands
[purity]
[EmptyTemp]
[start explorer]
[Reboot]
    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar
      ) and choose Paste.
    • Now click the large http://forums.majorgeeks.com/chaslang/images/MoveIt!.png button.
    • If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
    • Close OTM.
    Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be
    saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach
    this log file to your next message.

    Now please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Note: That JRT may reset your home page to a google default so you will need to restore your home page setting if this happens.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Attach JRT.txt to your next message.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:
    • the C:\_OTM\MovedFiles log
    • the JRT.TXTlog
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, May 31, 2013
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds