I’ve deleted references in my registry and that didn’t work
I ran malwarebytes anti malware and though it isolated and quaranteened many pup.optional.skytech.a files omiga-plus was back hijacking google chrome and opening additional pages when I restarted my computer.
What shall I do now?
Follow instructions and attach Malwarebytes and OTL logs https://forum.avast.com/index.php?topic=53253.0
It is night in europe now, so the malware experts will be online later today…
attach logs as html or txt?
Follow intructions and attach them as txt. How to attach logs see image
Monitoring.
here are my logs
Thanks for the help
@ demetrios3
For some reason the OTL log was saved as Unicode encoding and it is unreadable. Please look for it again and save it as ANSI and attach it again.
Look at this image by Michael:
http://i.imgur.com/LhlCUFT.png
Thanks.
I included both the OTL text and the Extra.txt
Can you re-attach them? I do not see them.
Can you see them now?
Edit: I see the attachments now, I don’t know what I was doing before :o
Thank’s for your patience
Hi,
- [b]Step #1 Uninstall Programs[/b]
I want you to uninstall the following program(s) listed below due to poor reputation we receive about them. To uninstall a program, go to Start > Control Panel > Uninstall a program or Start > Control Panel > Programs and Features. Wait for the list to fill up and double-click on the items I have listed below and follow the on-screen instruction to remove/uninstall them.
[list][li]BitGuard
[/li]
Step #2 Fix with OTL
[li]Re-run [b]OTL[/b] by right clicking and choosing [i]Run as administrator[/i];
- Under the [i]Custom Scans/Fixes[/i] Box copy and paste the following contents inside the [i]code[/i] box.
[/li]
:Commands
[createrestorepoint]
:OTL
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10042&barid={03C9A059-949B-11E2-9DD0-082E5F760EFD}
IE - HKU\S-1-5-21-3509170470-2386849990-1622347940-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{19955611-DF29-AF36-33C4-DDED236A4ACB}: C:\Program Files (x86)\Buzz-it-soft\171.xpi
[2014/01/14 00:03:56 | 000,000,000 | ---D | M] (Free Games 111) -- C:\Users\DMourouzis\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers
[2014/01/14 00:03:45 | 000,000,000 | ---D | M] (Speed Test 127) -- C:\Users\DMourouzis\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [(default)] File not found
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3509170470-2386849990-1622347940-1004\..Trusted Domains: cinemanow.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3509170470-2386849990-1622347940-1004\..Trusted Domains: cinemanow.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-3509170470-2386849990-1622347940-1004\..Trusted Domains: hp.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3509170470-2386849990-1622347940-1004\..Trusted Domains: p2p4u.net ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-3509170470-2386849990-1622347940-1004\..Trusted Domains: qflix.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3509170470-2386849990-1622347940-1004\..Trusted Domains: roxio.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3509170470-2386849990-1622347940-1004\..Trusted Domains: roxio.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-3509170470-2386849990-1622347940-1004\..Trusted Domains: roxionow.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3509170470-2386849990-1622347940-1004\..Trusted Domains: roxionow.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-3509170470-2386849990-1622347940-1004\..Trusted Domains: sonic.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3509170470-2386849990-1622347940-1004\..Trusted Domains: sonic.com ([]https in Trusted sites)
O20:[b]64bit:[/b] - AppInit_DLLs: (C:\PROGRA~2\SupTab\SEARCH~2.DLL) - File not found
[2014/06/07 23:47:44 | 000,061,120 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}Gw64.sys
[2014/06/07 22:52:51 | 000,338,120 | ---- | C] (SecureAssist) -- C:\Windows\SysNative\SecureAssist64.dll
[2014/06/07 22:45:35 | 000,000,000 | ---D | C] -- C:\Users\DMourouzis\AppData\Roaming\systweak
[2014/06/07 22:44:45 | 000,000,000 | ---D | C] -- C:\Users\DMourouzis\AppData\Roaming\SupTab
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2013/03/24 12:12:20 | 000,000,000 | ---D | M] -- C:\Users\DMourouzis\AppData\Roaming\Babylon
[2013/03/16 23:17:15 | 000,000,000 | ---D | M] -- C:\Users\DMourouzis\AppData\Roaming\Conduit
[2014/06/08 08:48:29 | 000,000,000 | ---D | M] -- C:\Users\DMourouzis\AppData\Roaming\SupTab
[2014/06/08 00:20:41 | 000,000,000 | ---D | M] -- C:\Users\DMourouzis\AppData\Roaming\systweak
@Alternate Data Stream - 248 bytes -> C:\ProgramData\Temp:0574215C
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:D95ACC7D
:Files
C:\Program Files (x86)\Buzz-it-soft
C:\PROGRA~2\SupTab
ipconfig /flushdns /c
:Commands
[emptytemp]
[li]Click on [b]"Run Fix"[/b] and let the program run unhindered;
- Your PC will reboot automatically and a log will be opened;
- Please attach it in your next reply.
Step #2 Fix with AdwCleaner
[li]Download [b]AdwCleaner[/b] by [i][b]Xplode[/b][/i] to your [i]Desktop[/i] from the following link.
[list]
[li]Download Link #1
- Download Link #2
[/li]
- Right-click on AdwCleaner.exe and choose Run as administrator;
- Click on Scan and let the program run unhindered;
- When done, click on Clean and allow the system to reboot after it is done;
- A log will be opened automatically after the restart;
- Attach the log in your reply.
[/list][/li]
Step #3 Fix with Junkware Removal Tool
Download Junkware Removal Tool by thisisu to your Desktop from the link below.
Download Link 1
Download Link 2
[li]Disable your anti-virus to avoid potential conflicts. For more information please acknowledge yourself [url=http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/]this[/url] article;
- Run the program either by double-clicking(Windows XP) or Right-clicking and choosing [i]Run as administrator[/i](Windows Vista and above);
- Please be patient as the tool cleans your system;
- After completion of the process a log named [b]JRT.txt[/b] will automatically open and is save to your Desktop;
- Attach the log in your next reply.
[/li]
Required Log(s):
[li]OTL Fix Log
- AdwCleaner Log
- Junkware Removal Log
[/li]
Regards,
Valinorum
I can’t uninstall Bitguard, I’ve given up trying. When I trying to uninstall it in uninstall or change a program Windows 7 pops up a snarky little message box which states: “You do not have sufficient access to uninstall Bitguard. Please contact your system administrator”
Now I am the only user and default administrator on this laptop. How do you suggest I uninstall this?
How do you suggest I uninstall this?have you tried from safe mode?
if no success Valinorum will nuke it for you 
Pondus was faster than me. 
Should that fail, proceed with the other steps.
Bahaha, I need to redi that. Make the “Save as to OTLANSI.txt”
I can’t uninstall it in safe mode either. What is Valinorum?
Oh hi 
Do I need to “Nuke” BitGuard?
uninstalling in safe mode failed, should I ignore that and proceed with the other steps?
Yep.
Thanks!
so here you have recived help for 3 days and not noticed the name of the one helping you :