Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Supreme Savings Adware problem on my Windows 7 Toshiba laptop [Closed]


  • This topic is locked This topic is locked

#16
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,163 posts
You didnt answer my question about your past anti virus programs.
Also, please paste in any logs and don't attach them, it makes it much easier for me. I inserted your logs in your previous post.
  • 0

Advertisements


#17
anon0mouse

anon0mouse

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Sorry, I didn't see actual questions. I must've missed it.
My laptop was given to me by my daughter and there were 2 user accounts. Hers and Mine.
I deleted her as a user right before I ran OTL and Malwarebytes fix again.
She may have had Kaspersky and vipre on the computer, I did not install them as far as I know. I had been using AVG free, then I switched to Avast but it slowed my laptop so much that I uninstalled Avast and reinstalled AVG free.
I also have Zone alarm security but only the firewall and data identity protection. I did not activate their virus protection.
I removed Lavasoft.
I removed Bittorrent.
I verified and updated Java.
I changed settings in Chrome.
Since malwarebytes was 1.6 or higher,I removed it before doing the OTL fix.
I ram MBAM

I hope this is what you need.
Thank you for your help again, I do appreciate your time and expertise.




Posted Yesterday, 10:47 PM
Here you go, computer is acting fine.
thanks again...

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Service gfibto stopped successfully!
Service gfibto deleted successfully!
C:\Windows\SysNative\drivers\gfibto.sys moved successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected] deleted successfully.
File C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected] not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected] deleted successfully.
File C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected] not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtection deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\Sidebar deleted successfully.
File move failed. C:\Program Files (x86)\Windows Sidebar\sidebar.exe scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\Sidebar deleted successfully.
File move failed. C:\Program Files (x86)\Windows Sidebar\sidebar.exe scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-21-4025698951-3597766224-2063219151-1004\Software\Microsoft\Windows\CurrentVersion\RunOnce\\FlashPlayerUpdate not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Anna

User: Cheryl
->Temp folder emptied: 24069397 bytes
->Temporary Internet Files folder emptied: 499744493 bytes
->Java cache emptied: 1880895 bytes
->FireFox cache emptied: 23354 bytes
->Google Chrome cache emptied: 305346844 bytes
->Flash cache emptied: 59515 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mike

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 174056 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 316452784 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 78240 bytes
RecycleBin emptied: 1156820000 bytes

Total Files Cleaned = 2,198.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 05152013_224455

Files\Folders moved on Reboot...
File move failed. C:\Program Files (x86)\Windows Sidebar\sidebar.exe scheduled to be moved on reboot.
C:\Users\Cheryl\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Cheryl\AppData\Local\Temp\~DFEE2B9757F59C619E.TMP moved successfully.
File move failed. C:\Users\Cheryl\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.
C:\windows\temp\ZLT05091.TMP moved successfully.
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.16.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
Cheryl :: ANNA-PC [administrator]

5/15/2013 11:09:47 PM
mbam-log-2013-05-15 (23-09-47).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 247930
Time elapsed: 4 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
Attached File(s)
OTL 5.14 05152013_224455.txt (10.74K)
Number of downloads: 3 mbam-log-2013-05-15 (23-09-47).txt (1.82K)
Number of downloads: 2
  • 0

#18
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,163 posts
Ok, looking good so far.
Thanks for the anti virus info, we will clean up any of the old ones, that may give you some better performance.
Also, I would like to have another look with one more tool, if that looks good, then we can clean up and send you on your way.



Step 1
Let's run some antivirus removal tools: (you will want to right click each of these and select Run as administrator)
Kaspersky - follow the instructions here - please select Remove all known products when you get to that part.

Vipre - please download the uninstall utility from here

Avast! - Please download the tool from here - follow the instructions on the page.

Step 2

  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan

Posted Image

  • Wait for the end of the scan.
  • The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

In your next reply I would like to see:
  • Were you successful in running the anti virus removal programs?
  • Roguekiller log

  • 0

#19
anon0mouse

anon0mouse

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Good evening Crowbar,
I was successful in removing all the anti virus programs.
Here is the log from the Rogue killer (I did not delete any of the scanned "found" items, I hope this was the correct thing to do. Thanks again for your help on all of this. I really appreciate it.

Here is the log:

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Cheryl [Admin rights]
Mode : Scan -- Date : 05/20/2013 22:46:30
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : ROC_ROC_APR2013_AV (C:\Users\Cheryl\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 1c366f26e1ff47d385d8d16f2a203bbb-346b299148d44860c5159de3eb809358438aa83d --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013) [x] -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-4025698951-3597766224-2063219151-1004[...]\Run : ROC_ROC_APR2013_AV (C:\Users\Cheryl\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 1c366f26e1ff47d385d8d16f2a203bbb-346b299148d44860c5159de3eb809358438aa83d --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013) [x] -> FOUND
[STARTUP][SUSP PATH] Best Buy pc app.lnk @Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe [7] -> FOUND
[STARTUP][SUSP PATH] Best Buy pc app.lnk @Default User : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe [7] -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK3265GSXN +++++
--- User ---
[MBR] 4fff5b3862252c29d752c3bfaf06b7ff
[BSP] 5a3b51cd842a45ee386ba1fab6702ce9 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 292298 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 601700352 | Size: 11446 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_05202013_02d2246.txt >>
RKreport[1]_S_05202013_02d2246.txt
  • 0

#20
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,163 posts
Hi again,
good call not deleting the entries with Roguekiller, none of that stuff is bad. I use that program mostly to look at the MBR, which looks clear.:cool:

Let's continue with a sweep for remnants with the ESET online virus scanner, and address some of your out of date programs.

I was successful in removing all the anti virus programs

I do hope you are referring to the OLD anti-virus programs, right? Do you still have AVG installed?
I don't want you to be out there without any AV protection!
Step 1
Note: You can use either Internet Explorer or Mozilla FireFox for this Scan.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here then click on: Posted Image
You will however need to disable your current installed Anti-Virus, how to do so can be read here.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the following instructions work with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


Step 2
Upgrade Java
Your Java is out of date. Java is one of the most exploited programs out there right now. If you don't need it, I encourage you to uninstall it completely.
If you do need it, it's best to keep it updated. These days it will try to update itself, in the future when you see that it wants to do an update, please let it do so right away.
Let's update it manually now:
Please go to Java.com
click on the link Do I have Java?
Next click on the button Verify Java Version
This will test your install and tell you that you are out of date.
Follow the instructions on that screen to install the newest version.

Update Adobe Reader
This is another program exploited by the bad guys frequently
You can uninstall it and opt for the newest release, found here
make sure to choose Win 7 and Adobe 11

Update Firefox
Firefox should update itself - let's make sure it's set to do so.
Click on the Firefox menu, and then select Options
Click on the Advanced icon
Click on the Update tab
Verify that the Automatically install updates option is selected.

In your next reply I would like to see:
  • ESET log - be careful, it's easy to miss this one.
  • is the computer still running ok?
  • Did you remove AVG? (hopefully not, but if you did, let me know and we can install something else)

  • 0

#21
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,163 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP