[Phlegmbot]

Hi, all!

In AOL (yes, I use AOL, I like it's e-mail organization, dang it -- Outlook and Mozilla suck), I've been getting the pop-ups seen in the attached file.

I've had both Avira and Super-Anti-Spyware do full scans -- yet, there it is.

I found this very recent post on the subject, but the person indicates they're not a pro, and I've never heard of the software he recommends:
http://www.system-ti...-com-popup-ads/

Thoughts?

Edited by Phlegmbot, 12 September 2013 - 09:53 AM.

[Advertisements]

Hello Phlegmbot

My name is Nutloaf, and I will be helping you with Malware Removal.

I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts.

Please read all instructions and fixes thoroughly.

• I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode and access to the GeeksToGo website will be unavailable.
• Any fixes provided by myself are for this log file only and cannot be used on any other systems.
• Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
• You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened if you still require assitance.
• Please feel free to ask any questions, especially if you are having problems with my instructions.

Finally before we start:

Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean.

I strongly recommend you backup your personal files and folders.


Crack on with these for me and we shall have a looksee

1. DOWNLOAD OTL

• Using this link Download OTL and save it to your Desktop
• If saved to another location, right click the OTL icon and Select Cut then right click on Desktop and select Paste
• Right click the OTL icon and select Run as Administrator. XP users double click the OTL icon.
• Make sure the following boxes are checked:
• Scan All Users
• Use Company-Name WhiteList
• Skip Microsoft Files
• Use No-Company-Name WhiteList
• LOP Check
• Purity Check
• In the Extra Registry box select Use Safe List
• Copy and paste the following into the Custom Scans\Fixes box without the word Quote.
  

  %SYSTEMDRIVE%\*.exe
  /md5start
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  dir C:\ /S /A:L /C
  

• Now Click Run Scan
• OTL will now scan your computer and produce 2 log files. OTL.txt and Extras.txt.
• Post both in your next reply

2. ASWmbr

• Using this link download aswMBR.exe to your desktop.
• Right click aswMBR.exe (XP users double click) and Run as Administrator select No for AVAST virus definitions.
• Click the Scan button to start.
• When the scan ends click Save Log and save it to your desktop
• Post this log in your next reply

3. Run ADWcleaner

• Using this link Download ADWcleaner and save to Desktop.
• Right click ADWcleaner (XP users double click) and Run as Administrator then select Scan
• When the search is complete click Report. Please post this report in your next reply.

2. Security Check

Download Security Check from here or here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Things I want to see in your next post.

The following 5 log files.

• OTL.txt
• Extras.txt
• ASWmbr log
• ADWcleaner report.
• Checkup.txt

[Nutloaf]

Hello Phlegmbot

My name is Nutloaf, and I will be helping you with Malware Removal.

I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts.

Please read all instructions and fixes thoroughly.

• I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode and access to the GeeksToGo website will be unavailable.
• Any fixes provided by myself are for this log file only and cannot be used on any other systems.
• Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
• You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened if you still require assitance.
• Please feel free to ask any questions, especially if you are having problems with my instructions.

Finally before we start:

Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean.

I strongly recommend you backup your personal files and folders.


Crack on with these for me and we shall have a looksee

1. DOWNLOAD OTL

• Using this link Download OTL and save it to your Desktop
• If saved to another location, right click the OTL icon and Select Cut then right click on Desktop and select Paste
• Right click the OTL icon and select Run as Administrator. XP users double click the OTL icon.
• Make sure the following boxes are checked:
• Scan All Users
• Use Company-Name WhiteList
• Skip Microsoft Files
• Use No-Company-Name WhiteList
• LOP Check
• Purity Check
• In the Extra Registry box select Use Safe List
• Copy and paste the following into the Custom Scans\Fixes box without the word Quote.
  

  %SYSTEMDRIVE%\*.exe
  /md5start
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  dir C:\ /S /A:L /C
  

• Now Click Run Scan
• OTL will now scan your computer and produce 2 log files. OTL.txt and Extras.txt.
• Post both in your next reply

2. ASWmbr

• Using this link download aswMBR.exe to your desktop.
• Right click aswMBR.exe (XP users double click) and Run as Administrator select No for AVAST virus definitions.
• Click the Scan button to start.
• When the scan ends click Save Log and save it to your desktop
• Post this log in your next reply

3. Run ADWcleaner

• Using this link Download ADWcleaner and save to Desktop.
• Right click ADWcleaner (XP users double click) and Run as Administrator then select Scan
• When the search is complete click Report. Please post this report in your next reply.

2. Security Check

Download Security Check from here or here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Things I want to see in your next post.

The following 5 log files.

• OTL.txt
• Extras.txt
• ASWmbr log
• ADWcleaner report.
• Checkup.txt

[Phlegmbot]

Hey, Nutloaf!

Congrats on your post here on GeekstoGo.com!

Before I go through all of that, and before we go into auto-pilot mode and just do what's "supposed" to be done, I'd like to be certain that all of that is necessary for this particular issue.

Not sure if you did an Internet search, but the few of things I found online (one of those things mentioned in my above post), seem to indicate this is a bit easier to remove.

Please let me know your thoughts.

THX!!

[Nutloaf]

No problem

I feel that it is necessary. I very much doubt that ad.yield manager will be the only thing present. I also need an overview of the machine, OTL and Security Check will give me this. ASWmbr and ADWcleaner are looking for Malware as does OTL. Also the worst types of malware have to start somewhere and these types of infections are an ideal entrance

P.S I won't be visiting that site any time soon or using the tool

[Phlegmbot]

Gotcha!

Thx!

[Nutloaf]

It was a good question.

[Phlegmbot]

Hey there, Nutloaf!

OK, everything's attached. Right after running Security Check, my computer crashed w/a BSOD. Who Crashed analysis below. Files attached per your request.

BTW, CCC is my AMD Catalyst Control Center -- in case you don't recognize it. You don't have to look it up.

============
CRASH ANALYSIS:
On Fri 9/13/2013 1:37:01 AM GMT your computer crashed
crash dump file: C:\Windows\Minidump\091213-26286-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x75B80)
Bugcheck code: 0x109 (0xA3A039D89F28761A, 0xB3B7465EF1A6B0BC, 0xFFFFF80000B95080, 0x2)
Error: CRITICAL_STRUCTURE_CORRUPTION
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that the kernel has detected critical kernel code or data corruption.
This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.



On Fri 9/13/2013 1:37:01 AM GMT your computer crashed
crash dump file: C:\Windows\memory.dmp
This was probably caused by the following module: ntkrnlmp.exe (nt!KeBugCheckEx+0x0)
Bugcheck code: 0x109 (0xA3A039D89F28761A, 0xB3B7465EF1A6B0BC, 0xFFFFF80000B95080, 0x2)
Error: CRITICAL_STRUCTURE_CORRUPTION
Bug check description: This indicates that the kernel has detected critical kernel code or data corruption.
This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.

========

Thx!!

Attached Files

•  OTL.Txt   145.98KB   127 downloads
•  checkup.txt   855bytes   123 downloads
•  Extras.Txt   75.38KB   171 downloads
•  aswMBR.txt   1.3KB   108 downloads
•  AdwCleanerR0.txt   11.26KB   126 downloads

Edited by Phlegmbot, 12 September 2013 - 08:07 PM.

[Nutloaf]

Hi there, apologies for the delay manic day today. I am currently working on your fix.

Are you able to boot normally now?

[Phlegmbot]

Heya!

No worries on the minor delay.

I never had trouble booting.

As said in the first posting:
In AOL (yes, I use AOL, I like it's e-mail organization, dang it -- Outlook and Mozilla suck), I've been getting the pop-ups seen in the attached file.

[Nutloaf]

O.K let's crack on then

I will get to AOL in my next post, sometimes BSOD means an unbootable machine so I needed that info before posting the following

P2P WARNING
The following programs are installed on your machine:

• uTorrent
• BitLord

Cease all P2P programs and downloads until declared clean. Although the programs themselves are legal, many of the torrent files infringe copyright laws, contain spyware and viruses which can have a detromental effect on your system. We strongly advise that you uninstall all P2P programs.



The following programs I would like you to uninstall for the following reasons:

ASK and Viewpoint I consider as bundled installs that have questionable behaviour. Avira toolbar is bundled with ASK.

Divx update is causing problems so uninstall DivX completely we will install after we clean.

Quintessential Media Player has compatibility issues in Windows 7

Peerblock Can cause Bluscreen errors, uninstall and see if this resolves the issue.

1. Uninstall

• Click Start then select Control Panel
• In control panel click Uninstall a Program or Programs and Features and uninstall the following:
• Ask Toolbar
• Avira SearchFree Toolbar plus Web Protection Updater
• ViewpointMediaPlayer
• DivX
• Peerblock
• Quintessential Media Player
• BitLord
• utorrent

2. OTL Fix

• Right click the OTL icon and select Run as Administrator.
• Copy the entire text in the Quote box below, do not include the word QUOTE and Paste into the Custom Scans/Fixes box in OTL.
  

  :COMMANDS
  [CREATERESTOREPOINT]
  
  :OTL
  FF - prefs.js..extensions.enabledAddons: toolbar%40ask.com:3.15.26.100015
  FF - prefs.js..browser.search.defaultengine: "Ask.com"
  FF - prefs.js..browser.search.order.1: "Ask.com"
  FF - prefs.js..extensions.asktb.browser.search.defaultenginename: "Ask.com"
  FF - prefs.js..network.proxy.ftp: "67.17.36.165"
  FF - prefs.js..network.proxy.ftp_port: 3128
  FF - prefs.js..network.proxy.socks: "67.17.36.165"
  FF - prefs.js..network.proxy.socks_port: 3128
  FF - prefs.js..network.proxy.ssl: "67.17.36.165"
  FF - prefs.js..network.proxy.ssl_port: 3128
  FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
  FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013/08/01 04:56:47 | 000,000,000 | ---D | M]
  [2013/06/21 04:26:17 | 000,002,585 | ---- | M] () -- C:\Users\K-OK\AppData\Roaming\Mozilla\Firefox\Profiles\u48qi8ht.default\searchplugins\askcom.xml
  [2013/09/07 04:03:23 | 000,007,919 | ---- | M] () (No name found) -- C:\Users\K-OK\AppData\Roaming\Mozilla\Firefox\Profiles\u48qi8ht.default\extensions\[email protected]\chrome\content\Abine\chrome\content\ff\view_expiry.js
  O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
  O3 - HKU\S-1-5-21-325864831-4140286064-2431685227-1000\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
  O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
  O4 - HKLM..\Run: [] File not found
  O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
  O4 - HKLM..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll] C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll ()
  O4 - HKLM..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDevicePanePlugin.dll] C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDevicePanePlugin.dll ()
  O4 - HKLM..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll] C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll ()
  O4 - HKLM..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXLibraryPanePlugin.dll] C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXLibraryPanePlugin.dll ()
  O4 - HKLM..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll ()
  O4 - HKLM..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlaybackServicesPlugin.dll] C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlaybackServicesPlugin.dll ()
  O4 - HKLM..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll ()
  O4 - HKLM..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\Direct3DVideoOutput.dll] C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\Direct3DVideoOutput.dll ()
  O4 - HKLM..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DMFContainer.dll] C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DMFContainer.dll ()
  O4 - HKLM..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DSE_Control.dll] C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DSE_Control.dll ()
  O4 - HKU\.DEFAULT..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft....?LinkID=122915" /build:7601 File not found
  O4 - HKU\S-1-5-18..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft....?LinkID=122915" /build:7601 File not found
  O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
  O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
  O15 - HKU\S-1-5-21-325864831-4140286064-2431685227-1000\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
  O15 - HKU\S-1-5-21-325864831-4140286064-2431685227-1000\..Trusted Domains: dell.com ([]* in Trusted sites)
  [2013/08/18 23:49:42 | 000,000,000 | ---- | M] () -- C:\END
  [2013/07/15 17:30:39 | 000,000,025 | -H-- | C] () -- C:\ProgramData\.119889580931711767808769176
  [2013/07/15 17:28:57 | 000,000,021 | -H-- | C] () -- C:\ProgramData\.24554863501262644635642126105
  [2013/06/08 08:11:48 | 000,039,896 | ---- | C] () -- C:\Windows\SysWow64\DiscHandler.exe
  
  :FILES
  C:\Program Files (x86)\Ask.com
  C:\Program Files (x86)\Viewpoint
  
  :COMMANDS
  [RESETHOSTS]
  [EMPTYTEMP]
  

• Then click Run Fix
• Click O.K if asked to Reboot.
• An OTL fix log will be saved in the following location: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log - Where mmddyyy _hhmmss is the date and time of fix.
• Copy and Paste the Fix Log in your next reply.

3. Run ADWcleaner

• Right click ADWcleaner and Run as Administrator then select Scan
• Once the scan is complete click Clean
• A reboot will be asked for click O.K
• On reboot a log will be produced, please post in your next reply.

4. Junkware Removal Tool

1. Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Right-mouse click JRT.exe and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Things I want to see in your next post.

• OTL fix.txt
• ADWcleaner report
• JRT.txt

[Phlegmbot]

Hey, Nutloaf.

I'm about to be a pain in the [bleep]. =]

A few things before I ask a question at end:

Ask Toolbar - Avira SearchFree Toolbar plus Web Protection Updater - the Avira toolbar IS the Ask toolbar (it runs via Ask), and I have it only in FF, the issue only occurs in AOL. To my surprise, this toolbar has been quite helpful in blocking tracking companies.
Divx - not certain why you suspect Divx.
Peerblock Ditto.
Quintessential Media Player - Had this for 2 years. This isn't the cause.
BitLord - It's not this, I mainly DL comics from sources I know
utorrent DL'd one comic book via magnet link with this, but I can delete it if you suspect something in the DL'ing of UTorrent itself. I just DL'd it (via FF, not AOL, if that matters).

However, this: ViewpointMediaPlayer - this has been removed at least once before. So this could be the culprit!

With that said, can I just delete Viewpoint (and uTorrent if you feel it best) to start, run the 3 cleaners again which you mention above? And, in so doing, will pasting that code in OTL be OK still?

Edited by Phlegmbot, 14 September 2013 - 02:11 PM.

[Nutloaf]

I'm about to be a pain in the [bleep]. =]

No problem, it's your machine at the end of the day so ask away

Divx - not certain why you suspect Divx.
Peerblock Ditto.
Quintessential Media Player - Had this for 2 years. This isn't the cause.

DivX because I see there are Divx update issues in Error events. The easiest way to solve this is to uninstall and reinstall Divx.

Peerblock is known to cause BSOD's. Is this the first time you've had a blue screen?

Quintessential Media Player is known to have compatibility issues.

Error - 8/6/2013 5:11:37 AM | Computer Name = K-OK_Pfft | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\Quintessential Media Player\cdrpdacc has
been blocked from loading due to incompatibility with this system. Please contact
your software vendor for a compatible version of the driver.

If this has been rectified the it's O.K.

However, this: ViewpointMediaPlayer - this has been removed at least once before. So this could be the culprit!

AOL instant messenger install and reinstalls this. It is Adware and will collect data to target you with Adverts. I have provided instruction on how to remove this.

ASK is the same it is considered adware and has privacy issues. I would personally uninstall ASK and AVIRA and install AVAST instead If you decide to install Avast then run a scan and post me the results


To answer your questions on the fix. I have edited the OTL.fix but please do not run ADWcleaner unless you have uninstalled AVIRA. ADWcleaner will remove ASK so you would have to deselect all the ASK entries. I can help you with this. It's funny because AVIRA antivirus has installed adware.

1. Uninstall

• Click Start then select Control Panel
• In control panel click Uninstall a Program or Programs and Features and uninstall the following:
• ViewpointMediaPlayer
• Now click Start and in the search box type Viewpoint and from the list right click Viewpoint and select Open file location and delete any Viewpoint folders. This should prevent a reinstall.

2. OTL Fix

• Right click the OTL icon and select Run as Administrator.
• Copy the entire text in the Quote box below, do not include the word QUOTE and Paste into the Custom Scans/Fixes box in OTL.
  

  :COMMANDS
  [CREATERESTOREPOINT]
  
  :OTL
  FF - prefs.js..network.proxy.ftp: "67.17.36.165"
  FF - prefs.js..network.proxy.ftp_port: 3128
  FF - prefs.js..network.proxy.socks: "67.17.36.165"
  FF - prefs.js..network.proxy.socks_port: 3128
  FF - prefs.js..network.proxy.ssl: "67.17.36.165"
  FF - prefs.js..network.proxy.ssl_port: 3128
  FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
  FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013/08/01 04:56:47 | 000,000,000 | ---D | M]
  O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
  O4 - HKLM..\Run: [] File not found
  O4 - HKLM..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll] C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll ()
  O4 - HKLM..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDevicePanePlugin.dll] C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDevicePanePlugin.dll ()
  O4 - HKLM..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll] C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll ()
  O4 - HKLM..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXLibraryPanePlugin.dll] C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXLibraryPanePlugin.dll ()
  O4 - HKLM..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll ()
  O4 - HKLM..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlaybackServicesPlugin.dll] C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlaybackServicesPlugin.dll ()
  O4 - HKLM..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll ()
  O4 - HKLM..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\Direct3DVideoOutput.dll] C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\Direct3DVideoOutput.dll ()
  O4 - HKLM..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DMFContainer.dll] C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DMFContainer.dll ()
  O4 - HKLM..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DSE_Control.dll] C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DSE_Control.dll ()
  O4 - HKU\.DEFAULT..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft....?LinkID=122915" /build:7601 File not found
  O4 - HKU\S-1-5-18..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft....?LinkID=122915" /build:7601 File not found
  O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
  O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
  O15 - HKU\S-1-5-21-325864831-4140286064-2431685227-1000\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
  O15 - HKU\S-1-5-21-325864831-4140286064-2431685227-1000\..Trusted Domains: dell.com ([]* in Trusted sites)
  [2013/08/18 23:49:42 | 000,000,000 | ---- | M] () -- C:\END
  [2013/07/15 17:30:39 | 000,000,025 | -H-- | C] () -- C:\ProgramData\.119889580931711767808769176
  [2013/07/15 17:28:57 | 000,000,021 | -H-- | C] () -- C:\ProgramData\.24554863501262644635642126105
  [2013/06/08 08:11:48 | 000,039,896 | ---- | C] () -- C:\Windows\SysWow64\DiscHandler.exe
  
  :FILE
  C:\Program Files (x86)\Viewpoint
  
  :COMMANDS
  [RESETHOSTS]
  [EMPTYTEMP]
  

• Then click Run Fix
• Click O.K if asked to Reboot.
• An OTL fix log will be saved in the following location: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log - Where mmddyyy _hhmmss is the date and time of fix.
• Copy and Paste the Fix Log in your next reply.

3. Run ADWcleaner

• Right click ADWcleaner and Run as Administrator then select Scan
• Once the scan is complete click Clean
• A reboot will be asked for click O.K
• On reboot a log will be produced, please post in your next reply.

4. Junkware Removal Tool

1. Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Right-mouse click JRT.exe and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Things I want to see in your next post.

• OTL fix.txt
• ADWcleaner report
• JRT.txt

[Phlegmbot]

[DivX because I see there are Divx update issues in Error events. The easiest way to solve this is to uninstall and reinstall Divx.]
OK. Done.

[Peerblock is known to cause BSOD's. Is this the first time you've had a blue screen?]
Well, no, but it's the first time since GeekstoGo.com fixed some Windows updating issues I was having previously -- the team helped me out a couple of mos. back, and I've not had a BSOD since.

[Quintessential Media Player is known to have compatibility issues. ]
Hm. OK. I saw the error message you posted, but I've not had any problems with it. Even that error you posted, I don't know when/where that came from.

Re: AVAST/AVIRA:

OK, I remember a few years back Avast was THE anti-virus software to have. Then it was Avira. Are you saying Avast is best again?

The Avira toolbar does allow me to stop Google, FB, etc. from tracking me, so is there something else i can use for that? Also, I only have it in FF, not in IE or in AOL in any way (I never browse in AOL, nor do I use IE).

I've not seen Ad Yield Manager since we ran the programs you had me DL. With only DivX player removed at this point, should I run the OTL fix above? And should I run JRT?

THANK YOU SO MUCH!

[Nutloaf]

Hi there, I like you. You keep me on my toes

The BSOD message is linked to a Kernel driver not RAM. The Peerblock driver is a kernel driver, so it is a possible cause.

Even that error you posted, I don't know when/where that came from

If you look at the OTL Extras scan and scroll to the bottom, the last entries are entitled - Last 20 Event Log Errors it's the 5th and 6th event from the bottom. A driver issue here also. This and Peerblock should be taken into consideration with regards to BSOD.

OK, I remember a few years back Avast was THE anti-virus software to have. Then it was Avira. Are you saying Avast is best again?

It's not really about being the best, it's about running programs that don't install questionable software. I'm not doubting the Avira scanner it's their partnership with ASK I find hard to swallow. An Adware removal tools scan has to be edited to leave some Adware on your machine.

The AV I have been using (paying for) has recently partnered with Blekko.....bye, bye AV. I have been using MSE since then (8 months). Today I will install Avast as their updates are better.

The Avira toolbar does allow me to stop Google, FB, etc. from tracking me, so is there something else i can use for that?

Yes, we will discuss this after the clean. Let's get rid of the bad guys spying on your data right now first!

I've not seen Ad Yield Manager since we ran the programs you had me DL

I haven't removed anything yet


My advice to you:

• 1. Uninstall Avira as they have installed ASK, and install Avast instead. You will see during the install a screen about privacy. They do collect data from you but it is not passed on.
  
• 2. Uninstall AOL. They have forced a media player on you that reinstalls itself. Viewpoint isn't spyware but does collesct data that is passed over or sold to 3rd parties. Can you not log in to your Emails via AOL search if necessary?
  
• 3. Run the fixes from This Post
  
• 4. OR Keep Avira and AOL and I will work around ASK and remove Viewpoint. Do not run the OTL fix, ADW or JRT and I will post new instructions. The Viewpoint uninstall is a little more involved than I first though so I would have to give you new instructions for this.

Let me know what you wish to do

[Phlegmbot]

What I like about AOL is its Personal Filing Cabinet. If I uninstall it, it causes a HOST of annoyances and problems.

I'll go ahead and remove Avira and the Ask bar later tonight. THANKS AS ALWAYS!

And, btw, weird that nothing's been removed yet - no ad.yield.manager at all.