I am an instructor at GeekstoGo Malware school, but it is only right that you should know who is asking you to run programmes on your system
Ok this run with OTL will remove the active search bars etc.. that are not considered to be effective or useful as they will only send you where they want as opposed to where you really want to go
I will also remove some redundant elements.
I will also empty all the temporary files/folders on the computer
Prior to all of this OTL will create a restore point for you.
From the logs posted there is no apparent malware just the advertising stuff which will slow down your computer.
Warning This fix is only relevant for this system and no other, using on another computer may cause problems Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:Commands
[CREATERESTOREPOINT]
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/howfytdl/{3547C6A4-562D-4EA9-B769-7DAD07F1971C}
IE - HKLM\..\SearchScopes,DefaultScope = {7F4EFF06-7032-458e-AE16-1C1D8255C28A}
IE - HKLM\..\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}: "URL" = http://search.speedbit.com/search.aspx?s=CAUe0&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com/?s=CAUe0
IE - HKLM\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = http://search.imgag.com/?appid=egtb&c=&sbs=2&sc=2&f=web&vernum=3.2&uid=&did=%7bee129ccc-e08f-4afb-a60c-3691dd268bb8%7d&component=&q={searchTerms}
IE - HKCU\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = http://search.imgag.com/?appid=egtb&c=&sbs=2&sc=2&f=web&vernum=3.2&uid=&did=%7bee129ccc-e08f-4afb-a60c-3691dd268bb8%7d&component=&q={searchTerms}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=113480&tt=060612_5_&babsrc=SP_ss&mntrId=0c02ff50000000000000001aa072ac13
IE - HKCU\..\SearchScopes\{271DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://jixey.com/?q={searchTerms}&id={8C4D5522-344D-4970-9F3A-48B060C913A8}&src=chr&ver=2.2.5
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}: "URL" = http://search.speedbit.com/search.aspx?s=CAUe0&q={searchTerms}
IE - HKCU\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://www.bigseekpro.com/search/browser/howfytdl/{3547C6A4-562D-4EA9-B769-7DAD07F1971C}?q={searchTerms}
FF - prefs.js..browser.search.defaultenginename: "Speedbit Search"
FF - prefs.js..browser.search.defaulturl: "http://search.speedbit.com/search.aspx?s=CAUe0&q="
FF - prefs.js..browser.search.order.1: "Speedbit Search"
FF - prefs.js..keyword.URL: "http://search.speedbit.com/search.aspx?s=CAUe0&q="
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\searchpredict@speedbit.com:
[2011/08/07 18:40:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Clint\AppData\Roaming\Mozilla\Firefox\Profiles\f146a7vj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
[2012/06/18 22:55:15 | 000,000,000 | ---D | M] (Babylon) -- C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@babylon.com
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7792546F-70AE-4ABC-B2B6-BE68E9410002} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CF745ACA-6FA6-45ED-AB49-E10A0D1870C5} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [Wisdom-soft ScreenHunter 5.1 Free] 0 File not found
O4 - HKCU..\Run: [Wisdom-soft ScreenHunter 6.0 Free] 0 File not found
[2012/10/30 00:01:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeedBit
[2012/10/30 00:01:37 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Speedbit
[2012/10/30 00:01:29 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedBit
[2012/10/30 00:01:28 | 000,172,032 | ---- | C] (Jin Hui E-mail: jinhui@jcomsoft.com Web: http://www.jcomsoft.com) -- C:\Windows\System32\AniGIF.ocx
:Commands
[resethosts]
[emptytemp]
[Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.