[gringo_pr]

Hello mindydee113

I would like you to run this custom script for me now and when it is complete please give me the report and a status update for the computer.

Run OTL Script

• Double-click OTL.exe to start the program.
• Copy and Paste the following code into the text box.
  

  :OTL
  FF - user.js - File not found
  O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
  O3 - HKU\S-1-5-21-3246103424-1494908511-529397987-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
  O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
  @Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:E51234A9
  @Alternate Data Stream - 175 bytes -> C:\ProgramData\TEMP:F01E7F17
  @Alternate Data Stream - 165 bytes -> C:\ProgramData\TEMP:7C60A173
  @Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:1960DAF2
  @Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:85FDC444
  @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:ABCD2B94
  @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:3C75E5BE
  @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:8C885EDD
  @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:5311B0B8
  @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:B310C233
  @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:69B9AAE7
  @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:954B00C4
  @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:E23BF4AD
  @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:3020A7D7
  @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:9B7E8561
  @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:2FAFBD6A
  @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:54CB420C
  @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:872B86AD
  @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:2A0793CA
  @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:8BB2EC84
  @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:48C1DDAA
  @Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:188C91D2
  @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:E26A1EF1
  @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:03DF2E8E
  @Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:7C3E753C  
     
  :Files
  ipconfig /flushdns /c
  
  :Commands
  [PURITY]
  [emptyjava]
  [EMPTYFLASH]
  [reboot]
  

• Then click the Run Fix button at the top.
• Click .
• OTL may ask to reboot the machine. Please do so if asked.
• The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.
  
  Note** if the report does not popup after the computer reboots you can find it here in this folder - C:\_OTL\MovedFiles
  
  It will be named - mmddyyyy_hhmmss.log
  
  Where mmddyyyy_hhmmss - are numbers representing the date and time the fix was run.

Let me know How things are doing

Gringo

[Advertisements]

once again, i am a bit delayed in my reply, but better late than never. here is the latest log for OTL ....

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_USERS\S-1-5-21-3246103424-1494908511-529397987-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ deleted successfully.
ADS C:\ProgramData\TEMP:E51234A9 deleted successfully.
ADS C:\ProgramData\TEMP:F01E7F17 deleted successfully.
ADS C:\ProgramData\TEMP:7C60A173 deleted successfully.
ADS C:\ProgramData\TEMP:1960DAF2 deleted successfully.
ADS C:\ProgramData\TEMP:85FDC444 deleted successfully.
ADS C:\ProgramData\TEMP:ABCD2B94 deleted successfully.
ADS C:\ProgramData\TEMP:3C75E5BE deleted successfully.
ADS C:\ProgramData\TEMP:8C885EDD deleted successfully.
ADS C:\ProgramData\TEMP:5311B0B8 deleted successfully.
ADS C:\ProgramData\TEMP:B310C233 deleted successfully.
ADS C:\ProgramData\TEMP:69B9AAE7 deleted successfully.
ADS C:\ProgramData\TEMP:954B00C4 deleted successfully.
ADS C:\ProgramData\TEMP:E23BF4AD deleted successfully.
ADS C:\ProgramData\TEMP:3020A7D7 deleted successfully.
ADS C:\ProgramData\TEMP:9B7E8561 deleted successfully.
ADS C:\ProgramData\TEMP:2FAFBD6A deleted successfully.
ADS C:\ProgramData\TEMP:54CB420C deleted successfully.
ADS C:\ProgramData\TEMP:872B86AD deleted successfully.
ADS C:\ProgramData\TEMP:2A0793CA deleted successfully.
ADS C:\ProgramData\TEMP:8BB2EC84 deleted successfully.
ADS C:\ProgramData\TEMP:48C1DDAA deleted successfully.
ADS C:\ProgramData\TEMP:188C91D2 deleted successfully.
ADS C:\ProgramData\TEMP:E26A1EF1 deleted successfully.
ADS C:\ProgramData\TEMP:03DF2E8E deleted successfully.
ADS C:\ProgramData\TEMP:7C3E753C deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Sheila\Downloads\cmd.bat deleted successfully.
C:\Users\Sheila\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: Administrator

User: All Users

User: Default

User: Default User

User: Public

User: Sheila
->Java cache emptied: 12648858 bytes

Total Java Files Cleaned = 12.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default
->Flash cache emptied: 56475 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Sheila
->Flash cache emptied: 6787 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 05162013_222758


at this point, i am still getting re-directed to linkbucks, but not nearly as frequently as it had been when i first contacted you. now the re-directs seem few & far in between, but still pop up on me every once in awhile. in the beginning it was just constant.

[mindydee113]

once again, i am a bit delayed in my reply, but better late than never. here is the latest log for OTL ....

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_USERS\S-1-5-21-3246103424-1494908511-529397987-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ deleted successfully.
ADS C:\ProgramData\TEMP:E51234A9 deleted successfully.
ADS C:\ProgramData\TEMP:F01E7F17 deleted successfully.
ADS C:\ProgramData\TEMP:7C60A173 deleted successfully.
ADS C:\ProgramData\TEMP:1960DAF2 deleted successfully.
ADS C:\ProgramData\TEMP:85FDC444 deleted successfully.
ADS C:\ProgramData\TEMP:ABCD2B94 deleted successfully.
ADS C:\ProgramData\TEMP:3C75E5BE deleted successfully.
ADS C:\ProgramData\TEMP:8C885EDD deleted successfully.
ADS C:\ProgramData\TEMP:5311B0B8 deleted successfully.
ADS C:\ProgramData\TEMP:B310C233 deleted successfully.
ADS C:\ProgramData\TEMP:69B9AAE7 deleted successfully.
ADS C:\ProgramData\TEMP:954B00C4 deleted successfully.
ADS C:\ProgramData\TEMP:E23BF4AD deleted successfully.
ADS C:\ProgramData\TEMP:3020A7D7 deleted successfully.
ADS C:\ProgramData\TEMP:9B7E8561 deleted successfully.
ADS C:\ProgramData\TEMP:2FAFBD6A deleted successfully.
ADS C:\ProgramData\TEMP:54CB420C deleted successfully.
ADS C:\ProgramData\TEMP:872B86AD deleted successfully.
ADS C:\ProgramData\TEMP:2A0793CA deleted successfully.
ADS C:\ProgramData\TEMP:8BB2EC84 deleted successfully.
ADS C:\ProgramData\TEMP:48C1DDAA deleted successfully.
ADS C:\ProgramData\TEMP:188C91D2 deleted successfully.
ADS C:\ProgramData\TEMP:E26A1EF1 deleted successfully.
ADS C:\ProgramData\TEMP:03DF2E8E deleted successfully.
ADS C:\ProgramData\TEMP:7C3E753C deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Sheila\Downloads\cmd.bat deleted successfully.
C:\Users\Sheila\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: Administrator

User: All Users

User: Default

User: Default User

User: Public

User: Sheila
->Java cache emptied: 12648858 bytes

Total Java Files Cleaned = 12.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default
->Flash cache emptied: 56475 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Sheila
->Flash cache emptied: 6787 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 05162013_222758


at this point, i am still getting re-directed to linkbucks, but not nearly as frequently as it had been when i first contacted you. now the re-directs seem few & far in between, but still pop up on me every once in awhile. in the beginning it was just constant.

[gringo_pr]

in which browser does it happen?

[mindydee113]

I always use firefox but i tried opening chrome to see if it made a difference & i got the re-direct in chrome as well.

[gringo_pr]

Hello mindydee113

I want you to reset firefox back to defaults, this will remove everything from Firefox

I will let you keep your bookmarks so to do that you can go here - Export BookMarks

Now to reset firefox do the following.

• At the top of the Firefox window, click the "Firefox" button,
• go over to the "Help" sub-menu
  
  • (on Windows XP, click the Help menu at the top of the Firefox window) and select "Troubleshooting Information".
• Click the "Reset Firefox" button in the upper-right corner of the Troubleshooting Information page.
• click "Reset Firefox" in the confirmation window that opens.
• Firefox will close and be reset. When it's done. Click "Finish" and Firefox will open.

restart the computer and check firefox for me now

Gringo

[mindydee113]

I re-set firefox like you asked me to & i think that may have done the trick. So far so good. I was away from my computer for the weekend, so I am just getting back to it. I re-set firefox on Friday. Immediately after, I was clicking around and the linkbucks re-direct never came up. Today is now Monday. I have once again been clicking around on different news sites & have yet to be re-directed! Firefox has changed a little & I have to re-do all my add on's, but that is a small price to pay to get rid of that re-direct. It was a pain in the behind! At this point I guess I should just say thank you for all your help & keep my fingers crossed that we have foiled the problem. If it rears it's ugly head again, I guess I will be back. Other than that, thank you Gringo! You have been a huge help & God bless you!

[gringo_pr]

Hello mindydee113

I would like to see a report that combofix makes.

extra combofix report

• push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
• please copy and past the following into the box

C:\Qoobox\Add-Remove Programs.txt

• click ok

copy and paste the report into this topic for me to review

Gringo

[gringo_pr]

Hello

48 Hour bump

It has been more than 48 hours since my last post.

• do you still need help with this?
• do you need more time?
• are you having problems following my instructions?
  
• if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo

[gringo_pr]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.