Solved Yahoo/Spigot browser Hijack (Chrome)

[halp_me]

So about four days ago I started experiencing problems with my Chrome browser. Every time I opened Chrome, the Yahoo webpage would load and if I went to search something, it would direct me to yahoo instead of my preferred google search engine. I went to my control panel and uninstalled a program called Spigot or something like that and it seemed like everything was fine. Today, I did a scan using Norton Security Suite and after that, I began experiencing the same issues with Chrome.

 

[TwinHeadedEagle]

Hi,

Before we begin, I want you to have this in mind:

• At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
• Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
• Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
• Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  
• All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
• If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
• I visit forum several times at day, making sure to respond to everyone's topic as fast as possible. But bear in mind that I have private life like everyone and I cannot be here 24/7. So please be patient with me. Also, some infections require less, and some more time to be removed completely, so bear this in mind and be patient.
• Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. If you solved your problem yourself, set aside two minutes to let me know.
  
• Please attach all report using
  
  button below. Doing this, you make it easier for me to analyze and fix your problem.

First, go to Control Panel and uninstall following (skip lines that cannot be uninstalled):
- 1ClickDownloader
- Adobe Reader 9.2
- Java(TM) 6 Update 13
- Java(TM) 6 Update 3
- Java(TM) SE Runtime Environment 6

Latest versions of Java and Adobe Reader available here --> http://www.java.com/en/ and here http://get.adobe.com/uk/reader/
Make sure to uncheck optional offers.

***** NEXT *****​

Download attached fixlist.txt on the same location as FRST (otherwise the fix won't work)
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Open FRST, and click Fix. Attach me that report after it is finished.

***** NEXT *****​

1. Please download ComboFix by sUBs from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully.
Note: ComboFix must be downloaded to your Desktop.

--------------------------------------------------------------------
2. Temporarily disable your AntiVirus program, usually via a right click on the System Tray icon. They may interfere with Combofix.
If you are unsure how to do this please read this or this Instruction.

--------------------------------------------------------------------
3. Run ComboFix. Click on I Agree!

- ComboFix will display DISCLAIMER of warranty on software.
By clicking I Agree ComboFix shall continue.
- ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
-If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
- ComboFix will scan your computer in stages, total of 50 stages.
Do not mouse-click around while ComboFix is running.
Note:If you see a message like "Illegal operation attempted on a registry key that has been marked for deletion" just restart your computer.

--------------------------------------------------------------------
4. When the tool is finished, it will produce a log report for you. (typical location: C:\ComboFix.txt )
Attach log reports ( ComboFix.txt) back to topic.

 

[halp_me]

I hope I did everything right haha

 

[TwinHeadedEagle]

I need other ComboFix report. Located at C:\

 

[halp_me]

It wouldn't let me attach it so I just pasted it:

ComboFix 14-06-19.01 - Alex Breezy 06/20/2014 13:26:08.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2938.1067 [GMT -7:00]
Running from: c:\users\Alex Breezy\Desktop\CLEANUP\Downloads\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton Security Suite *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton Security Suite *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Brand Affinity Technologies
c:\program files\Brand Affinity Technologies\Fantapper Player\ChromeInstaller.dll
c:\program files\Brand Affinity Technologies\Fantapper Player\ChromeInstaller.InstallState
c:\program files\Brand Affinity Technologies\Fantapper Player\Fantapper.xpi
c:\program files\Brand Affinity Technologies\Fantapper Player\FirefoxInstaller.dll
c:\program files\Brand Affinity Technologies\Fantapper Player\FirefoxInstaller.InstallState
c:\program files\Brand Affinity Technologies\Fantapper Player\FT_Enabled.ico
c:\program files\Brand Affinity Technologies\Fantapper Player\FT_Plugin_Installer.jpg
c:\program files\Brand Affinity Technologies\Fantapper Player\IEInstaller.dll
c:\program files\Brand Affinity Technologies\Fantapper Player\OpenIE.dll
c:\program files\Brand Affinity Technologies\Fantapper Player\OpenIE.InstallState
c:\program files\Brand Affinity Technologies\Fantapper Updater\FantapperArbitraryInstaller.exe
c:\program files\Brand Affinity Technologies\Fantapper Updater\FantapperUpdater.exe
c:\program files\Brand Affinity Technologies\Fantapper Updater\FantapperUpdater.InstallState
c:\program files\Brand Affinity Technologies\Fantapper Updater\FT_Enabled.ico
c:\program files\Brand Affinity Technologies\Fantapper Updater\FT_Plugin_Installer.jpg
c:\programdata\3768234786
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
c:\users\Alex Breezy\AppData\Roaming\Microsoft\engine_ag.dll
c:\users\Alex Breezy\AppData\Roaming\SearchProtect
c:\users\Alex Breezy\AppData\Roaming\SearchProtect\Res\SPSetup.exe
c:\users\Alex Breezy\Documents\~WRL2611.tmp
c:\users\Alex Breezy\karplayer.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_FTSvc
-------\Service_FTSvc
.
.
((((((((((((((((((((((((( Files Created from 2014-05-20 to 2014-06-20 )))))))))))))))))))))))))))))))
.
.
2014-06-20 20:36 . 2014-06-20 20:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-06-20 19:24 . 2014-06-20 19:24 -------- d-----w- c:\program files\Common Files\Adobe
2014-06-20 19:20 . 2014-06-20 19:20 -------- d-----w- c:\users\Alex Breezy\AppData\Roaming\Oracle
2014-06-20 19:19 . 2014-06-20 19:20 -------- d-----w- c:\programdata\Oracle
2014-06-20 19:19 . 2014-06-20 19:19 -------- d-----w- c:\program files\Common Files\Java
2014-06-20 19:18 . 2014-06-20 19:18 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-06-20 17:51 . 2014-06-20 19:41 -------- d-----w- C:\FRST
2014-06-11 11:04 . 2014-06-11 11:04 -------- d-----w- c:\users\Alex Breezy\AppData\Roaming\Apowersoft
2014-06-11 11:02 . 2014-06-11 11:02 -------- d-----w- c:\users\Alex Breezy\www.apowersoft.com
2014-06-04 23:23 . 2014-06-04 23:24 -------- d-----w- c:\program files\Google
2014-06-04 22:55 . 2014-06-17 22:58 -------- d-----w- c:\windows\system32\drivers\N360\1503000.00C
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-14 00:14 . 2012-10-23 23:15 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-05-14 00:14 . 2012-02-22 22:27 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-01 05:46 . 2014-04-01 05:46 130712 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2014-04-01 05:46 . 2014-04-01 05:46 1070232 ----a-w- c:\windows\system32\MSCOMCTL.OCX
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AOLOverlayIcon]
@="{AB0C8BE3-041C-47d6-8195-E089D32B38DD}"
[HKEY_CLASSES_ROOT\CLSID\{AB0C8BE3-041C-47d6-8195-E089D32B38DD}]
2008-06-14 00:07 303104 ------w- c:\ddi\OverIcon.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-04 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-04 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-04 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6295552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-04 317280]
"SmartWiHelper"="c:\program files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe" [2008-06-27 77824]
"VAIOMyMemCenter"="c:\program files\Sony\VAIO My Memory Center\VAIO MyMemCenter.exe" [2008-02-29 679936]
"VAIORegistration"="c:\program files\Sony\First Experience\WelcomeLauncher.exe" [2007-10-17 20480]
"VAIOSurvey"="c:\program files\Sony\VAIO Survey\VAIO Sat Survey.exe" [2008-07-25 385024]
"VWLASU"="c:\program files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe" [2008-05-20 24576]
"PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-11 323584]
"Skytel"="Skytel.exe" [2008-07-03 1826816]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-05-07 256896]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoWinKeys"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-07-16 01:04 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-11 21:35 1091912 ----a-w- c:\program files\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-06-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-23 00:14]
.
2014-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-06-04 23:23]
.
2014-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-06-04 23:23]
.
2014-06-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1174959718-3467187954-1045871324-1000Core.job
- c:\users\Alex Breezy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-30 22:34]
.
2014-06-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1174959718-3467187954-1045871324-1000UA.job
- c:\users\Alex Breezy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-30 22:34]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:8592
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
FF - ProfilePath - c:\users\Alex Breezy\AppData\Roaming\Mozilla\Firefox\Profiles\qle0662w.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&CUI=UN32935333951698119&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxps://search.yahoo.com/?type=903578&fr=spigot-yhp-ff
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=52d9d47000000000000000215d825d9a&q=
FF - user.js: extensions.BabylonToolbar.id - 52d9d47000000000000000215d825d9a
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15682
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.4.9
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.4.9
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.4.917:08
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar_i.excTlbr - false
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110803&tt=4912_6
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar.rvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
HKCU-Run-Paladin Antivirus - c:\users\Alex Breezy\AppData\Roaming\Paladin Antivirus\pav.exe
HKCU-Run-Drujihufehori - c:\users\Alex Breezy\AppData\Local\eduqinoq.dll
HKLM-Run-Wondershare Helper Compact.exe - c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe /Startup
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-1ClickDownload - c:\program files\1ClickDownload\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-06-20 13:42
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\21.3.0.12\N360.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\21.3.0.12\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\N360\1503000.00C\SYMTDIV.SYS"
"TrustedImagePaths"="c:\program files\Norton Security Suite\Engine\21.3.0.12"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2880)
c:\ddi\overicon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\RtkAudioService.exe
c:\windows\system32\WLANExt.exe
c:\program files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Sony\VAIO Care\VCsystray.exe
c:\program files\Sony\VAIO Update 4\VAIOUpdt.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
c:\program files\Norton Security Suite\Engine\21.3.0.12\N360.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\system32\java.exe
c:\program files\Norton Security Suite\Engine\21.3.0.12\N360.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Sony\VAIO Power Management\SPMService.exe
c:\windows\system32\DllHost.exe
c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Sony\VAIO Power Management\SPMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\windows\system32\DllHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2014-06-20 13:47:14 - machine was rebooted
ComboFix-quarantined-files.txt 2014-06-20 20:47
.
Pre-Run: 97,834,319,872 bytes free
Post-Run: 97,622,806,528 bytes free
.
- - End Of File - - BE3297F5F70BE561532332905521B529
5C616939100B85E558DA92B899A0FC36

 

[TwinHeadedEagle]

Ok, let's run one more scan. Also tell me how is computer now?


Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.

• Click on the Scan button.
• After the scan has finished click on the Clean button.

Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.

• After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
• Post logfile will also be saved in the C:\AdwCleaner folder.

 

[halp_me]

My computer is working alright, the yahoo page isn't popping up anymore. But my laptop touch pad was not scrolling before I used AdwCleaner and now it is so it seems like things are getting better

 

[TwinHeadedEagle]

Very good

Any other problem?

 

[halp_me]

No thank you so much for helping me out!

 

[TwinHeadedEagle]

For future protection I can recommend you:
- Adblock --> https://adblockplus.org/en/chrome
- Unchecky --> http://unchecky.com/



• The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;

Remove disinfection tools

Create registry backup

Purge System Restore
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.