Had numerous toolbars loaded. A couple trojans and other mal/spyware.
Used Avast!, SuperAntiSpyware, and Malwarebytes to remove everything.
Just want to make sure I got it all.
Ran the following and attached the logs:
ADWcleaner, Malwarebytes,OTL,aswmbr,RogueKiller,FSS, and tdsskiller
[*]Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.
:Otl
IE - HKLM\..\SearchScopes\{9230cb90-79de-4945-88a4-762244a25bc8}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^AG0^xdm002^YY^us&ptb=AA8B5FD0-1814-434F-AA57-30AE9095E1C0&ind=2012090111&n=77ee0eff&psa=&st=sb&searchfor={searchTerms}
IE - HKU\S-1-5-21-2684438081-3476323643-1139043554-1001\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-2684438081-3476323643-1139043554-1001\..\URLSearchHook: {cc8ae5b8-005b-4b1a-a27d-307eddffe5c8} - No CLSID value found
IE - HKU\S-1-5-21-2684438081-3476323643-1139043554-1001\..\SearchScopes\{4C0ABD51-5C87-4CA8-B2FA-1A8A07805D21}: "URL" = http://ws.infospace.com/playsushi_tbar/ws/redir?_iceUrl=true& user_id=%userid&tool_id=60231&qkw={searchTerms}
IE - HKU\S-1-5-21-2684438081-3476323643-1139043554-1001\..\SearchScopes\{9230cb90-79de-4945-88a4-762244a25bc8}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^AG0^xdm002^YY^us&ptb=AA8B5FD0-1814-434F-AA57-30AE9095E1C0&ind=2012090111&n=77ee0eff&psa=&st=sb&searchfor={searchTerms}
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {cf51de5b-eb36-4114-bb69-84df63fbadb4} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2684438081-3476323643-1139043554-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
:Commands
[CREATERESTOREPOINT]
[emptytemp]
[*]Then click the Run Fix button at the top.
[*]Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.
Only issue I see now is that I cant install one security update for ms word. Getting error “Please insert MS Works disc 9” ?
EDIT:Appears i need the Office disk to fix this…so no big deal. Just need to locate it.
[*]Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.
:processes
killallprocesses
:Files
C:\Program Files (x86)\RecipeHub_2j
:Otl
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\2jffxtbr@RecipeHub_2j.com: C:\Program Files (x86)\RecipeHub_2j\bar\1.bin [2012/12/19 19:49:04 | 000,000,000 | ---D | M]
[2009/12/25 02:20:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brendan\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2009/12/25 02:51:25 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Brendan\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
[*]Then click the Run Fix button at the top.
[*]Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.
You will be asked to reboot the machine to finish the cleanup process, choose Yes.
After the reboot all the tools we used should be gone. Note: Some more recently created tools may not yet be removed by OTL. Feel free to manually delete any tools it leaves behind.