Slow browsing, and browser hijack. Suspected malware.

http://img805.imageshack.us/img805/9659/rktigzy.gif Fix items using RogueKiller.

Double-click RogueKiller.exe to run. (Vista/7 right-click and select Run as Administrator)
When it opens, press the Scan button
Now click the Registry tab and locate these 3 detections:

• [RUN][SUSP PATH] HKCU\[...]\Run : SearchProtect (C:\Users\Dell\AppData\Roaming\SearchProtect\bin\cltmng.exe [7]) -> FOUND
• [RUN][SUSP PATH] HKCU\[...]\Run : BackgroundContainer ("C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Dell\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun [7][7][x]) -> FOUND
• [RUN][SUSP PATH] HKUS\S-1-5-21-1429905150-4230708046-3960260400-1000\[...]\Run : SearchProtect (C:\Users\Dell\AppData\Roaming\SearchProtect\bin\cltmng.exe [7]) -> FOUND
• [RUN][SUSP PATH] HKUS\S-1-5-21-1429905150-4230708046-3960260400-1000\[...]\Run : BackgroundContainer ("C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Dell\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun [7][7][x]) -> FOUND
• [V2][SUSP PATH] BackgroundContainer Startup Task : "C:\Windows\SysWOW64\Rundll32.exe" - "C:\Users\Dell\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun [7][7][x] -> FOUND

Place a checkmark each of these items, leave the others unchecked.
Now press the Delete button.
When it is finished, there will be a log on your desktop called: RKreport[2].txt
Attach RKreport[2].txt to your next message. (How to attach)
Reboot the machine.



Re run Hitman and have it delete Potential Unwanted Programs.


http://imageshack.us/a/img841/7292/thisisujrt.gif Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Attach JRT.txt to your next message.

Which browser is being affected by redirection?

MGTools did not run to completion, please try again, ensuring UAC is disabled, and that you are indeed running as admin.

Then attach the new MGlogs.zip.

 

You need to re run Hitman again and have it delete all of the Potential Unwanted Programs. Conduit related items mostly, even if Hitman by default has them on ignore, you do need to delete them.

You also need to have it fix all it shows on the repairs tab.

Once done, re run Hitman and attach the new log.

With regards to Superantispyware, I think you just need to right click on it's icon in the task tray, open the program up, and in preferences, it will give you an option to choose whether it starts or not when windows boots.

Same with Hotspot shield, there should be a setting within it's program, if not you could use ccleaner to control it's start up, in the "tools > start up" section"

So, just to clarify, your browsers are no longer redirecting? :confused (answer this only after getting stuff gone with Hitman)

 

I think our Hitman fix included some parts of HSS and broke it. Yes, a reinstall will have to take place.

Does changing the home page not correct it?


Download OTL to your desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Vista and Windows 7 users Right-click OTL and choose Run as Administrator)
• When the window appears, underneath Output at the top change it to Minimal Output.
• Check the boxes beside LOP Check and Purity Check.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Attach both of these logs into your next reply.

 

Ready for final steps?

 

Sir? I'm female. No offence taken....

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
2. Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
3. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
4. If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
5. Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
   
6. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
   
   
7. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!

 

Chaslang's the boss! LOL

No, I wouldn't do a system restore. We're good now. I think the last steps I gave you covered everything.

 

Most welcome, Raphee, take care.