Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

isearch.com/AVG browser hijacking problem


  • This topic is locked This topic is locked
2 replies to this topic

#1 batlan

batlan

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 16 March 2013 - 07:47 AM

Hi, I am new to this site.  All the sites showing how to 'easily' remove this annoying browser hijacker have provided unsuccessful methods...at least for my system.  I have performed all the usual functions of uninstalling isearch.com/AVG software, changing home pages in internet options, disabling or deleting isearch.com from the 'search' section, deleted three registry codes associated with Isearch.com/AVG, noting that one instantantly replaces itself (line one below) after each scan and deletion process; I have blocked the isearch.com/AVG website.  Still restoration of the browsing hijacked occurs instantaneously...apparently from hidden, residual registry codes.  I just performed a registry scan using RegScanner using the keyword 'isearch' and 105 registry lines surfaced.  I am assuming that one or more of these registry lines is the culprit responsible for promptly restoring the hijacking process.  I seek help as to which lines I should delete and can delete safely to restore control of the Internet Explorer browser.  It is interesting to note how old most of these registry lines are.  It suggests that this isearch.com/AVG software came loaded onto my computer when I received it brandnew from Gateway.  Would appreciate any assistance.  Note: I rarely use I.E. (I use Firefox) so this issue is surfacing now as I have another problem that prompted me to check out I.E. to see if there was a problem.  There was.  Here are the registry lines associated with isearch:

 

HKCU\Software\Microsoft\Internet Explorer\Main    Start Page    REG_SZ    http://isearch.avg.com/?cid={767DE001-70D1-4589-961C-3984ADCDEFD5}&mid=e75aa1a0f51847d0ba97d1599a905be3-24cf6b5ff40dbd02dd751c50b44857cfefa3ead0&lang=en&ds=is015&pr=sa&d=2012-06-30 16:18:51&v=11.1.0.12&sap=hp    3/16/2013 4:43:09 AM    209  

 
HKCU\Software\Microsoft\Search Assistant\ACMru\5603    004    REG_SZ    isearch    3/15/2013 8:12:43 AM    8    
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\isearchtech.com        REG_DWORD    0x00000005 (5)    9/8/2005 6:32:31 PM    4    
HKLM\SOFTWARE\Classes\CLSID\{1F247DC0-902E-11D0-A80C-00A0C906241A}        REG_SZ    Content Index ISearch Creator Object    9/3/2002 1:49:17 PM    37    
HKLM\SOFTWARE\Classes\CLSID\{24A1D7C2-47FD-4F31-B5DB-9FBC1910A2D4}\InprocServer32    InprocServer32    REG_MULTI_SZ    (f'^Vn-}f(YR]eAR6.jiSearchOutlookFiles>2OfoI)vH)A!K[*v%cNur;;    10/24/2002 5:31:54 AM    61    
HKLM\SOFTWARE\Classes\CLSID\{39E4ABC0-0641-4230-9962-CDA8CFF95F22}\InprocServer32    InprocServer32    REG_MULTI_SZ    (f'^Vn-}f(YR]eAR6.jiSearchOutlookFiles>g}=%{%BIb@4w,FzY&9}(;;    10/24/2002 5:31:54 AM    61    
HKLM\SOFTWARE\Classes\CLSID\{433CBF68-A873-4C6D-A211-623281ED930E}\InprocServer32    InprocServer32    REG_MULTI_SZ    (f'^Vn-}f(YR]eAR6.jiSearchOutlookFiles>2OfoI)vH)A!K[*v%cNur;;    10/24/2002 5:31:54 AM    61    
HKLM\SOFTWARE\Classes\CLSID\{D589B847-451E-4DAA-9C87-D2BDCBFDAF14}\InprocServer32    InprocServer32    REG_MULTI_SZ    (f'^Vn-}f(YR]eAR6.jiSearchOutlookFiles>2OfoI)vH)A!K[*v%cNur;;    10/24/2002 5:31:55 AM    61    
HKLM\SOFTWARE\Classes\CLSID\{EA7EEC17-30E3-4C4E-86E7-692B83D0A34E}\InprocServer32    InprocServer32    REG_MULTI_SZ    (f'^Vn-}f(YR]eAR6.jiSearchOutlookFiles>2OfoI)vH)A!K[*v%cNur;;    10/24/2002 5:31:55 AM    61    
HKLM\SOFTWARE\Classes\Interface\{0AF52879-E403-4200-83D1-E5DC329F6B0C}        REG_SZ    ISearchNotesConfig    12/23/2011 8:28:22 PM    19    
HKLM\SOFTWARE\Classes\Interface\{0C061EC1-EB5C-45CF-AD26-E94B40BB2DE9}        REG_SZ    _ISearchAssistantEvents    9/3/2002 1:51:28 PM    24    
HKLM\SOFTWARE\Classes\Interface\{12D263B4-BCEE-4209-BF2B-BE5ECD5096F9}        REG_SZ    ISearchScope    2/18/2007 1:33:08 PM    13    
HKLM\SOFTWARE\Classes\Interface\{1D2EFD50-75CE-11D1-B75A-00A0C90564FE}        REG_SZ    ISearchCommandExt    9/3/2002 1:50:53 PM    18    
HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}        REG_SZ    ISearch    3/15/2013 7:30:40 AM    8    
HKLM\SOFTWARE\Classes\Interface\{47C922A2-3DD5-11D2-BF8B-00C04FB93661}        REG_SZ    ISearches    9/3/2002 1:50:55 PM    10    
HKLM\SOFTWARE\Classes\Interface\{524E5B0F-D593-45A6-9F87-1BAE7D338373}        REG_SZ    ISearchControllerGE    11/17/2011 4:53:16 AM    20    
HKLM\SOFTWARE\Classes\Interface\{63BC1B61-D0F3-4DD1-9427-D2BC780AF9AC}        REG_SZ    ISearchTarget    2/18/2007 1:33:10 PM    14    
HKLM\SOFTWARE\Classes\Interface\{664E1AC2-C097-4D98-AC72-C7BAABD4BB0A}        REG_SZ    ISearchNotesConfigs    12/23/2011 8:28:22 PM    20    
HKLM\SOFTWARE\Classes\Interface\{72423E8F-8011-11D2-BE79-00A0C9A83DA1}        REG_SZ    ISearchAssistantOC    9/3/2002 1:50:55 PM    19    
HKLM\SOFTWARE\Classes\Interface\{72423E8F-8011-11D2-BE79-00A0C9A83DA2}        REG_SZ    ISearchAssistantOC2    9/3/2002 1:50:55 PM    20    
HKLM\SOFTWARE\Classes\Interface\{72423E8F-8011-11D2-BE79-00A0C9A83DA3}        REG_SZ    ISearchAssistantOC3    9/3/2002 1:50:55 PM    20    
HKLM\SOFTWARE\Classes\Interface\{7366EA16-7A1A-4EA2-B042-973D3E9CD99B}        REG_SZ    ISearchJob    8/12/2004 5:10:46 PM    11    
HKLM\SOFTWARE\Classes\Interface\{88AEE058-D4B0-4725-A2F1-814A67AE964C}        REG_SZ    ISearchCompletedCallback    8/12/2004 5:10:46 PM    25    
HKLM\SOFTWARE\Classes\Interface\{9909C81E-3BA4-41DA-A7ED-02EF2F319411}        REG_SZ    ISearchLinks    6/3/2009 10:54:02 PM    13    
HKLM\SOFTWARE\Classes\Interface\{A0FFBC28-5482-4366-BE27-3E81E78E06C2}        REG_SZ    ISearchFolderItemFactory    12/20/2006 8:58:00 AM    25    
HKLM\SOFTWARE\Classes\Interface\{A5FA5F64-B5E6-484C-AE2A-1BCEFCB73F75}        REG_SZ    ISearchScope    12/20/2006 8:58:00 AM    13    
HKLM\SOFTWARE\Classes\Interface\{A700A634-2850-4C47-938A-9E4B6E5AF9A6}        REG_SZ    ISearchCompletedCallbackArgs    8/12/2004 5:10:46 PM    29    
HKLM\SOFTWARE\Classes\Interface\{BA9239A4-3DD5-11D2-BF8B-00C04FB93661}        REG_SZ    ISearch    9/3/2002 1:50:55 PM    8    
HKLM\SOFTWARE\Classes\Interface\{C66ABAC9-96D0-4940-BFBC-8F519CEEEB13}        REG_SZ    ISearchBar    9/3/2002 1:51:28 PM    11    
HKLM\SOFTWARE\Classes\Interface\{C7310556-AC80-11D1-8DF3-00C04FB6EF4F}        REG_SZ    ISearchAccessList    10/24/2002 5:31:59 AM    18    
HKLM\SOFTWARE\Classes\Interface\{C7310585-AC80-11D1-8DF3-00C04FB6EF4F}        REG_SZ    ISearchAdmin    10/24/2002 5:31:59 AM    13    
HKLM\SOFTWARE\Classes\Interface\{C731058B-AC80-11D1-8DF3-00C04FB6EF4F}        REG_SZ    ISearchServer    10/24/2002 5:31:59 AM    14    
HKLM\SOFTWARE\Classes\Interface\{C731058C-AC80-11D1-8DF3-00C04FB6EF4F}        REG_SZ    ISearchCatalogs    10/24/2002 5:31:59 AM    16    
HKLM\SOFTWARE\Classes\Interface\{C731058D-AC80-11D1-8DF3-00C04FB6EF4F}        REG_SZ    ISearchCatalog    10/24/2002 5:31:59 AM    15    
HKLM\SOFTWARE\Classes\Interface\{C73105CA-AC80-11D1-8DF3-00C04FB6EF4F}        REG_SZ    ISearchHelp    10/24/2002 5:31:59 AM    12    
HKLM\SOFTWARE\Classes\Interface\{C73105CD-AC80-11D1-8DF3-00C04FB6EF4F}        REG_SZ    ISearchSchema    10/24/2002 5:31:59 AM    14    
HKLM\SOFTWARE\Classes\Interface\{C73105F5-AC80-11D1-8DF3-00C04FB6EF4F}        REG_SZ    ISearchOleDbAdmin    10/24/2002 5:31:59 AM    18    
HKLM\SOFTWARE\Classes\Interface\{C73105FA-AC80-11D1-8DF3-00C04FB6EF4F}        REG_SZ    ISearchCatalog2    10/24/2002 5:31:59 AM    16    
HKLM\SOFTWARE\Classes\Interface\{C731061D-AC80-11D1-8DF3-00C04FB6EF4F}        REG_SZ    ISearchOleDbConfigs    10/24/2002 5:32:00 AM    20    
HKLM\SOFTWARE\Classes\Interface\{C731061E-AC80-11D1-8DF3-00C04FB6EF4F}        REG_SZ    ISearchOleDbConfig    10/24/2002 5:32:00 AM    19    
HKLM\SOFTWARE\Classes\Interface\{C7310635-AC80-11D1-8DF3-00C04FB6EF4F}        REG_SZ    ISearchColumnList    10/24/2002 5:32:00 AM    18    
HKLM\SOFTWARE\Classes\Interface\{C7310636-AC80-11D1-8DF3-00C04FB6EF4F}        REG_SZ    ISearchColumnObj    10/24/2002 5:32:00 AM    17    
HKLM\SOFTWARE\Classes\Interface\{C7310637-AC80-11D1-8DF3-00C04FB6EF4F}        REG_SZ    ISearchDatabases    10/24/2002 5:32:00 AM    17    
HKLM\SOFTWARE\Classes\Interface\{C7310638-AC80-11D1-8DF3-00C04FB6EF4F}        REG_SZ    ISearchDatabase    10/24/2002 5:32:00 AM    16    
HKLM\SOFTWARE\Classes\Interface\{C7310643-AC80-11D1-8DF3-00C04FB6EF4F}        REG_SZ    ISearchAdmin2    10/24/2002 5:32:00 AM    14    
HKLM\SOFTWARE\Classes\Interface\{C7310644-AC80-11D1-8DF3-00C04FB6EF4F}        REG_SZ    ISearchService    10/24/2002 5:32:00 AM    15    
HKLM\SOFTWARE\Classes\Interface\{C7310649-AC80-11D1-8DF3-00C04FB6EF4F}        REG_SZ    ISearchNotesAdmin    12/23/2011 8:28:22 PM    18    
HKLM\SOFTWARE\Classes\Interface\{C731064D-AC80-11D1-8DF3-00C04FB6EF4F}        REG_SZ    ISearchNameList    10/24/2002 5:32:00 AM    16    
HKLM\SOFTWARE\Classes\Interface\{C731064E-AC80-11D1-8DF3-00C04FB6EF4F}        REG_SZ    ISearchNameAndDescriptionList    10/24/2002 5:32:00 AM    30    
HKLM\SOFTWARE\Classes\Interface\{C731064F-AC80-11D1-8DF3-00C04FB6EF4F}        REG_SZ    ISearchNameObj    10/24/2002 5:32:00 AM    15    
HKLM\SOFTWARE\Classes\Interface\{C7310650-AC80-11D1-8DF3-00C04FB6EF4F}        REG_SZ    ISearchNameAndDescriptionObj    10/24/2002 5:32:00 AM    29    
HKLM\SOFTWARE\Classes\Interface\{C731072A-AC80-11D1-8DF3-00C04FB6EF4F}        REG_SZ    ISearchAdmin3    10/24/2002 5:32:00 AM    14    
HKLM\SOFTWARE\Classes\Interface\{D40CFF62-E08C-4498-941A-01E25F0FD33C}        REG_SZ    ISearchResult    8/12/2004 5:10:46 PM    14    
HKLM\SOFTWARE\Classes\Interface\{DB5CEF35-BEC6-4762-A1BD-253F5BF67C72}        REG_SZ    ISearchCompanionInfo    9/3/2002 1:50:55 PM    21    
HKLM\SOFTWARE\Classes\Interface\{F74F2E3B-CEF7-4856-A170-8258A35CE375}        REG_SZ    ISearchAssistant    9/3/2002 1:51:28 PM    17    
HKLM\SOFTWARE\Classes\Interface\{FE40A429-A149-4E2F-8B29-5601BF648A0A}        REG_SZ    ISearchTarget    12/20/2006 8:58:00 AM    14    
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\isearchtech.com        REG_DWORD    0x00000005 (5)    9/8/2005 6:32:31 PM    4    
HKLM\SYSTEM\ControlSet001\Services\ISAPISearch\Linkage    Bind    REG_SZ    \Dummy    8/30/2008 1:15:04 AM    7    
HKLM\SYSTEM\ControlSet001\Services\ISAPISearch\Linkage    Export    REG_SZ    \Dummy    8/30/2008 1:15:04 AM    7    
HKLM\SYSTEM\ControlSet001\Services\ISAPISearch\Linkage    Route    REG_SZ    \Dummy    8/30/2008 1:15:04 AM    7    
HKLM\SYSTEM\ControlSet001\Services\ISAPISearch\Performance    Close    REG_SZ    DoneCIISAPIPerformanceData    1/9/2013 5:27:26 AM    27    
HKLM\SYSTEM\ControlSet001\Services\ISAPISearch\Performance    Collect    REG_SZ    CollectCIISAPIPerformanceData    1/9/2013 5:27:26 AM    30    
HKLM\SYSTEM\ControlSet001\Services\ISAPISearch\Performance    Open    REG_SZ    InitializeCIISAPIPerformanceData    1/9/2013 5:27:26 AM    33    
HKLM\SYSTEM\ControlSet001\Services\ISAPISearch\Performance    Library    REG_EXPAND_SZ    %SystemRoot%\System32\query.dll    1/9/2013 5:27:26 AM    32    
HKLM\SYSTEM\ControlSet001\Services\ISAPISearch\Performance    WbemAdapFileSignature    REG_BINARY    43 E4 75 89 53 F4 54 09 0C AD 65 C3 03 79 6E D5    1/9/2013 5:27:26 AM    16    
HKLM\SYSTEM\ControlSet001\Services\ISAPISearch\Performance    WbemAdapFileTime    REG_BINARY    00 88 AB CA C9 E7 A8 01    1/9/2013 5:27:26 AM    8    
HKLM\SYSTEM\ControlSet001\Services\ISAPISearch\Performance    WbemAdapFileSize    REG_DWORD    0x0015e800 (1435648)    1/9/2013 5:27:26 AM    4    
HKLM\SYSTEM\ControlSet001\Services\ISAPISearch\Performance    WbemAdapStatus    REG_DWORD    0x00000000 (0)    1/9/2013 5:27:26 AM    4    
HKLM\SYSTEM\ControlSet001\Services\ISAPISearch\Performance    Last Counter    REG_DWORD    0x00000a26 (2598)    1/9/2013 5:27:26 AM    4    
HKLM\SYSTEM\ControlSet001\Services\ISAPISearch\Performance    Last Help    REG_DWORD    0x00000a27 (2599)    1/9/2013 5:27:26 AM    4    
HKLM\SYSTEM\ControlSet001\Services\ISAPISearch\Performance    First Counter    REG_DWORD    0x00000a12 (2578)    1/9/2013 5:27:26 AM    4    
HKLM\SYSTEM\ControlSet001\Services\ISAPISearch\Performance    First Help    REG_DWORD    0x00000a13 (2579)    1/9/2013 5:27:26 AM    4    
HKLM\SYSTEM\ControlSet001\Services\ISAPISearch\Performance    Object List    REG_SZ    2578    1/9/2013 5:27:26 AM    5    
HKLM\SYSTEM\ControlSet003\Services\ISAPISearch\Linkage    Bind    REG_SZ    \Dummy    8/30/2008 1:15:04 AM    7    
HKLM\SYSTEM\ControlSet003\Services\ISAPISearch\Linkage    Export    REG_SZ    \Dummy    8/30/2008 1:15:04 AM    7    
HKLM\SYSTEM\ControlSet003\Services\ISAPISearch\Linkage    Route    REG_SZ    \Dummy    8/30/2008 1:15:04 AM    7    
HKLM\SYSTEM\ControlSet003\Services\ISAPISearch\Performance    Close    REG_SZ    DoneCIISAPIPerformanceData    1/9/2013 5:27:26 AM    27    
HKLM\SYSTEM\ControlSet003\Services\ISAPISearch\Performance    Collect    REG_SZ    CollectCIISAPIPerformanceData    1/9/2013 5:27:26 AM    30    
HKLM\SYSTEM\ControlSet003\Services\ISAPISearch\Performance    Open    REG_SZ    InitializeCIISAPIPerformanceData    1/9/2013 5:27:26 AM    33    
HKLM\SYSTEM\ControlSet003\Services\ISAPISearch\Performance    Library    REG_EXPAND_SZ    %SystemRoot%\System32\query.dll    1/9/2013 5:27:26 AM    32    
HKLM\SYSTEM\ControlSet003\Services\ISAPISearch\Performance    WbemAdapFileSignature    REG_BINARY    43 E4 75 89 53 F4 54 09 0C AD 65 C3 03 79 6E D5    1/9/2013 5:27:26 AM    16    
HKLM\SYSTEM\ControlSet003\Services\ISAPISearch\Performance    WbemAdapFileTime    REG_BINARY    00 88 AB CA C9 E7 A8 01    1/9/2013 5:27:26 AM    8    
HKLM\SYSTEM\ControlSet003\Services\ISAPISearch\Performance    WbemAdapFileSize    REG_DWORD    0x0015e800 (1435648)    1/9/2013 5:27:26 AM    4    
HKLM\SYSTEM\ControlSet003\Services\ISAPISearch\Performance    WbemAdapStatus    REG_DWORD    0x00000000 (0)    1/9/2013 5:27:26 AM    4    
HKLM\SYSTEM\ControlSet003\Services\ISAPISearch\Performance    Last Counter    REG_DWORD    0x00000a26 (2598)    1/9/2013 5:27:26 AM    4    
HKLM\SYSTEM\ControlSet003\Services\ISAPISearch\Performance    Last Help    REG_DWORD    0x00000a27 (2599)    1/9/2013 5:27:26 AM    4    
HKLM\SYSTEM\ControlSet003\Services\ISAPISearch\Performance    First Counter    REG_DWORD    0x00000a12 (2578)    1/9/2013 5:27:26 AM    4    
HKLM\SYSTEM\ControlSet003\Services\ISAPISearch\Performance    First Help    REG_DWORD    0x00000a13 (2579)    1/9/2013 5:27:26 AM    4    
HKLM\SYSTEM\ControlSet003\Services\ISAPISearch\Performance    Object List    REG_SZ    2578    1/9/2013 5:27:26 AM    5    
HKLM\SYSTEM\CurrentControlSet\Services\ISAPISearch\Linkage    Bind    REG_SZ    \Dummy    8/30/2008 1:15:04 AM    7    
HKLM\SYSTEM\CurrentControlSet\Services\ISAPISearch\Linkage    Export    REG_SZ    \Dummy    8/30/2008 1:15:04 AM    7    
HKLM\SYSTEM\CurrentControlSet\Services\ISAPISearch\Linkage    Route    REG_SZ    \Dummy    8/30/2008 1:15:04 AM    7    
HKLM\SYSTEM\CurrentControlSet\Services\ISAPISearch\Performance    Close    REG_SZ    DoneCIISAPIPerformanceData    1/9/2013 5:27:26 AM    27    
HKLM\SYSTEM\CurrentControlSet\Services\ISAPISearch\Performance    Collect    REG_SZ    CollectCIISAPIPerformanceData    1/9/2013 5:27:26 AM    30    
HKLM\SYSTEM\CurrentControlSet\Services\ISAPISearch\Performance    Open    REG_SZ    InitializeCIISAPIPerformanceData    1/9/2013 5:27:26 AM    33    
HKLM\SYSTEM\CurrentControlSet\Services\ISAPISearch\Performance    Library    REG_EXPAND_SZ    %SystemRoot%\System32\query.dll    1/9/2013 5:27:26 AM    32    
HKLM\SYSTEM\CurrentControlSet\Services\ISAPISearch\Performance    WbemAdapFileSignature    REG_BINARY    43 E4 75 89 53 F4 54 09 0C AD 65 C3 03 79 6E D5    1/9/2013 5:27:26 AM    16    
HKLM\SYSTEM\CurrentControlSet\Services\ISAPISearch\Performance    WbemAdapFileTime    REG_BINARY    00 88 AB CA C9 E7 A8 01    1/9/2013 5:27:26 AM    8    
HKLM\SYSTEM\CurrentControlSet\Services\ISAPISearch\Performance    WbemAdapFileSize    REG_DWORD    0x0015e800 (1435648)    1/9/2013 5:27:26 AM    4    
HKLM\SYSTEM\CurrentControlSet\Services\ISAPISearch\Performance    WbemAdapStatus    REG_DWORD    0x00000000 (0)    1/9/2013 5:27:26 AM    4    
HKLM\SYSTEM\CurrentControlSet\Services\ISAPISearch\Performance    Last Counter    REG_DWORD    0x00000a26 (2598)    1/9/2013 5:27:26 AM    4    
HKLM\SYSTEM\CurrentControlSet\Services\ISAPISearch\Performance    Last Help    REG_DWORD    0x00000a27 (2599)    1/9/2013 5:27:26 AM    4    
HKLM\SYSTEM\CurrentControlSet\Services\ISAPISearch\Performance    First Counter    REG_DWORD    0x00000a12 (2578)    1/9/2013 5:27:26 AM    4    
HKLM\SYSTEM\CurrentControlSet\Services\ISAPISearch\Performance    First Help    REG_DWORD    0x00000a13 (2579)    1/9/2013 5:27:26 AM    4    
HKLM\SYSTEM\CurrentControlSet\Services\ISAPISearch\Performance    Object List    REG_SZ    2578    1/9/2013 5:27:26 AM    5    
 



BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:53 AM

Posted 16 March 2013 - 07:35 PM

Hello, batlan.
My name is etavares and I will be helping you with this log.
 
Here are some guidelines to ensure we are able to get your machine back under your control.
 
  • Please do not run any unsupervised scans, fixes, etc.  We can work against each other and end up in a worse place.
  • Please subscribe to this topic if you have not already done so.  Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned.  Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • When in doubt, please stop and ask first.  There's no harm in asking questions!
  •  
     
     
    Step 1
     
    Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.
  •  
     
     
    Step 2
     
    We need to create an OTL report,
  • (If that link doesn't work, try this alternate link
  • Save it to your desktop.
  • Double click on the otlDesktopIcon.png icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Select "Use Safelist" under "Extra Registry"
  • Under the Custom Scan box paste this in:
  • netsvcs
    msconfig
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.sys /90
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\*
    %USERPROFILE%\..|smtmp;true;true;true /FP 
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
     
     
  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.  If they are too big to paste in one reply, please split them into separate posts.
  •  
    etavares


    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     


    #3 etavares

    etavares

      Bleepin' Remover


    • Malware Response Team
    • 15,514 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:02:53 AM

    Posted 13 April 2013 - 06:07 AM

    Due to the lack of feedback, this topic is now closed.

    In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

    Please include a link to your topic in the Private Message. Thank you.


    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     





    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users