- Please double-click OTL.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
- Copy the lines in the quote below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
:Reg
[-HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}]
[-HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}]
[-HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}]
:files
C:\$Recycle.Bin\S-1-5-21-3521784995-195745528-205782139-1000\$9123964c69cb32f9d53e5faba7fd5f0e\o.
C:\windows\assembly\Desktop.ini
:OTL
O2 - BHO: (no name) - {878B8524-AED5-4870-9A96-A515440DAC75} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [jpcjvzo] "C:\Users\Jessica\AppData\Roaming\Microsoft\Nhtjhmv\nhtjhmv.exe" File not found
O4 - HKCU..\Run: [OfficeSyncProcess] "C:\Users\Jessica\AppData\Roaming\Microsoft\Nhtjhmv\nhtjhmv.exe" /c "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
:Commands
[EMPTYTEMP]
[RESETHOSTS]
[EMPTYJAVA]
[REBOOT] - Return to OTL, right click in the "Custom Scans/Fixes" window and choose Paste.
- Click the red Run Fix button.
- The computer will restart
- A report will be produced and saved in the C:\_OTL\MovedFiles folder. Open that report and post its contents in a reply.
Google redirects issue
Started by
jessicalmccann
, Jun 30 2013 05:14 PM
-
This topic is locked
#16
Posted 11 July 2013 - 10:08 AM
JSntgRvr
-
- Global Moderator
-
- 11,579 posts
Global Moderator
#17
Posted 11 July 2013 - 12:41 PM
jessicalmccann
- Topic Starter
-
- Member
-
- 38 posts
Member
When the computer first rebooted, it was asking me if I wanted to Run OTL - I hit no/cancel.
All processes killed
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\ not found.
Registry key HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\ not found.
Registry key HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\ not found.
========== FILES ==========
File\Folder C:\$Recycle.Bin\S-1-5-21-3521784995-195745528-205782139-1000\$9123964c69cb32f9d53e5faba7fd5f0e\o. not found.
C:\windows\assembly\Desktop.ini moved successfully.
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{878B8524-AED5-4870-9A96-A515440DAC75}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{878B8524-AED5-4870-9A96-A515440DAC75}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\jpcjvzo deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\OfficeSyncProcess deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Jessica
->Temp folder emptied: 112409041 bytes
->Temporary Internet Files folder emptied: 74611212 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 177814699 bytes
->Flash cache emptied: 2234 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 72279572 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 11540598 bytes
Total Files Cleaned = 428.00 mb
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYJAVA]
User: All Users
User: Default
User: Default User
User: Jessica
->Java cache emptied: 0 bytes
User: Public
Total Java Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 07112013_143533
All processes killed
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\ not found.
Registry key HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\ not found.
Registry key HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\ not found.
========== FILES ==========
File\Folder C:\$Recycle.Bin\S-1-5-21-3521784995-195745528-205782139-1000\$9123964c69cb32f9d53e5faba7fd5f0e\o. not found.
C:\windows\assembly\Desktop.ini moved successfully.
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{878B8524-AED5-4870-9A96-A515440DAC75}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{878B8524-AED5-4870-9A96-A515440DAC75}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\jpcjvzo deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\OfficeSyncProcess deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Jessica
->Temp folder emptied: 112409041 bytes
->Temporary Internet Files folder emptied: 74611212 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 177814699 bytes
->Flash cache emptied: 2234 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 72279572 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 11540598 bytes
Total Files Cleaned = 428.00 mb
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYJAVA]
User: All Users
User: Default
User: Default User
User: Jessica
->Java cache emptied: 0 bytes
User: Public
Total Java Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 07112013_143533
#18
Posted 11 July 2013 - 03:42 PM
JSntgRvr
-
- Global Moderator
-
- 11,579 posts
Global Moderator
Download the enclosed file.
Save it next to FRST, overwriting the existing one.
Run FRST as you did before, except that this time around click on the Fix button and wait.
The tool will make a log in the flashdrive (Fixlog.txt) please post it to your reply.
Restart in Normal Mode.
Let me know of any improvement.
Save it next to FRST, overwriting the existing one.
Run FRST as you did before, except that this time around click on the Fix button and wait.
The tool will make a log in the flashdrive (Fixlog.txt) please post it to your reply.
Restart in Normal Mode.
Let me know of any improvement.
#19
Posted 11 July 2013 - 07:36 PM
jessicalmccann
- Topic Starter
-
- Member
-
- 38 posts
Member
Thanks again. Here's the log - and I'll keep an eye on things over the next couple days and let you know how it goes.
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-07-2013 01
Ran by Jessica at 2013-07-11 21:32:27 Run:2
Running from C:\FRST
Boot Mode: Normal
==============================================
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{06B91B63-8FD4-42FB-BDC8-D4923E0B388D} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{06B91B63-8FD4-42FB-BDC8-D4923E0B388D} => Key deleted successfully.
C:\Windows\System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B13CC8E8-7B79-4F59-972A-C89232509DDA} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B13CC8E8-7B79-4F59-972A-C89232509DDA} => Key deleted successfully.
C:\Windows\System32\Tasks\mxsnhtjhmvupd => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\mxsnhtjhmvupd => Key deleted successfully.
==== End of Fixlog ====
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-07-2013 01
Ran by Jessica at 2013-07-11 21:32:27 Run:2
Running from C:\FRST
Boot Mode: Normal
==============================================
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{06B91B63-8FD4-42FB-BDC8-D4923E0B388D} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{06B91B63-8FD4-42FB-BDC8-D4923E0B388D} => Key deleted successfully.
C:\Windows\System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B13CC8E8-7B79-4F59-972A-C89232509DDA} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B13CC8E8-7B79-4F59-972A-C89232509DDA} => Key deleted successfully.
C:\Windows\System32\Tasks\mxsnhtjhmvupd => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\mxsnhtjhmvupd => Key deleted successfully.
==== End of Fixlog ====
#20
Posted 11 July 2013 - 08:33 PM
JSntgRvr
-
- Global Moderator
-
- 11,579 posts
Global Moderator
Thanks again. Here's the log - and I'll keep an eye on things over the next couple days and let you know how it goes.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
