ToolBar Takeover

Dell Inspiron Windows 7 Home

Had numerous toolbars loaded. A couple trojans and other mal/spyware.
Used Avast!, SuperAntiSpyware, and Malwarebytes to remove everything.
Just want to make sure I got it all.
Ran the following and attached the logs:
ADWcleaner, Malwarebytes,OTL,aswmbr,RogueKiller,FSS, and tdsskiller

other logs

malware removers are notified. it may take hours before one arrive so be patient

Hi,

Re-run OTL.exe.

[*]Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.



:Otl
IE - HKLM\..\SearchScopes\{9230cb90-79de-4945-88a4-762244a25bc8}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^AG0^xdm002^YY^us&ptb=AA8B5FD0-1814-434F-AA57-30AE9095E1C0&ind=2012090111&n=77ee0eff&psa=&st=sb&searchfor={searchTerms}
IE - HKU\S-1-5-21-2684438081-3476323643-1139043554-1001\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-2684438081-3476323643-1139043554-1001\..\URLSearchHook: {cc8ae5b8-005b-4b1a-a27d-307eddffe5c8} - No CLSID value found
IE - HKU\S-1-5-21-2684438081-3476323643-1139043554-1001\..\SearchScopes\{4C0ABD51-5C87-4CA8-B2FA-1A8A07805D21}: "URL" = http://ws.infospace.com/playsushi_tbar/ws/redir?_iceUrl=true& user_id=%userid&tool_id=60231&qkw={searchTerms}
IE - HKU\S-1-5-21-2684438081-3476323643-1139043554-1001\..\SearchScopes\{9230cb90-79de-4945-88a4-762244a25bc8}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^AG0^xdm002^YY^us&ptb=AA8B5FD0-1814-434F-AA57-30AE9095E1C0&ind=2012090111&n=77ee0eff&psa=&st=sb&searchfor={searchTerms}
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {cf51de5b-eb36-4114-bb69-84df63fbadb4} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2684438081-3476323643-1139043554-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

:Commands
[CREATERESTOREPOINT]
[emptytemp]




[*]Then click the Run Fix button at the top.
[*]Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.


Re-run OTL and attach here fresh OTL.txt log.

Please see attached. :slight_smile:

Hi,
Just re-run OTL , click on RunScan and attach here fresh OTL.txt.

Added log below.

Only issue I see now is that I cant install one security update for ms word. Getting error “Please insert MS Works disc 9” ?
EDIT:Appears i need the Office disk to fix this…so no big deal. Just need to locate it.

Also reran Malwarebytes and 3 more PUPS where detected. I removed those. Log attached

;D


Re-run OTL.exe.

[*]Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.



:processes
killallprocesses 


:Files
C:\Program Files (x86)\RecipeHub_2j

:Otl
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\2jffxtbr@RecipeHub_2j.com: C:\Program Files (x86)\RecipeHub_2j\bar\1.bin [2012/12/19 19:49:04 | 000,000,000 | ---D | M]
[2009/12/25 02:20:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brendan\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2009/12/25 02:51:25 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Brendan\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.


[*]Then click the Run Fix button at the top.
[*]Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.


How’s your computer running now? 8)

so far all is running good toher than the ms update disk thing :stuck_out_tongue:

attached OTL

That’s it. Done. 8)

Re-run OTL and click on CleanUp! button.

You will be asked to reboot the machine to finish the cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTL. Feel free to manually delete any tools it leaves behind.

Be safe :wink:

Thanks for your help again MAGNA86 ;D