Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Adware with false hyperlinks and popups [Solved]

Started by buice , Mar 06 2014 09:00 PM

  • This topic is locked This topic is locked

#1
buice
Posted 06 March 2014 - 09:00 PM

buice

    Member

  • Member
  • PipPip
  • 84 posts
Hello,

My computer recently was infected with malware/adware that is showing up as:
1) False hyperlinks on webpages. For example in this page from geekstogo (http://imgur.com/jhWn22C) if I were to click on "forum" or "donate" I would be taken to an ad.
2) Popups. I'm not certain what the trigger is, but I will randomly get popups pretending to be ads for software to remove malware and linking to webpages like this one (do not click): http://activeris.net...nter/?x=18&d=m.

I'm not certain whether these are related or separate problems, but they both just appeared today. Please let me know what additional information you need. My OTL log is below.

Thanks in advance!

----------------------------------------------------------------------------------

OTL logfile created on: 3/6/2014 9:46:32 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Stamppot\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.87 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 46.40% Memory free
7.74 Gb Paging File | 5.36 Gb Available in Paging File | 69.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.68 Gb Total Space | 225.79 Gb Free Space | 78.49% Space Free | Partition Type: NTFS
Drive D: | 6.34 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: STAMPPOT-PC | User Name: Stamppot | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/03/06 21:45:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Stamppot\Downloads\OTL.exe
PRC - [2014/01/03 01:32:12 | 001,363,616 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2014/01/03 01:32:04 | 001,748,640 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2013/11/30 23:00:31 | 000,132,504 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe
PRC - [2013/10/15 19:00:09 | 000,584,864 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Online Armor\OAcat.exe
PRC - [2013/10/02 12:36:40 | 003,264,544 | R--- | M] (Fitbit, Inc.) -- C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
PRC - [2013/10/02 12:36:38 | 001,384,992 | R--- | M] (Fitbit, Inc.) -- C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
PRC - [2013/09/16 05:20:03 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2013/08/14 14:19:24 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/05/12 14:02:32 | 000,134,456 | ---- | M] (Cisco WebEx LLC) -- C:\Windows\SysWOW64\atashost.exe
PRC - [2010/09/29 06:00:24 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
PRC - [2010/09/29 06:00:16 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
PRC - [2010/09/29 05:59:56 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe
PRC - [2009/08/24 17:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
PRC - [2003/08/29 21:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files (x86)\SpywareGuard\sgmain.exe
PRC - [2003/08/29 13:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\SpywareGuard\sgbhp.exe


========== Modules (No Company Name) ==========

MOD - [2014/03/01 21:35:25 | 000,394,568 | ---- | M] () -- C:\Users\Stamppot\AppData\Local\Google\Chrome\Application\33.0.1750.146\ppgooglenaclpluginchrome.dll
MOD - [2014/03/01 21:35:24 | 013,632,840 | ---- | M] () -- C:\Users\Stamppot\AppData\Local\Google\Chrome\Application\33.0.1750.146\PepperFlash\pepflashplayer.dll
MOD - [2014/03/01 21:35:23 | 004,061,000 | ---- | M] () -- C:\Users\Stamppot\AppData\Local\Google\Chrome\Application\33.0.1750.146\pdf.dll
MOD - [2014/03/01 21:35:20 | 000,716,616 | ---- | M] () -- C:\Users\Stamppot\AppData\Local\Google\Chrome\Application\33.0.1750.146\libglesv2.dll
MOD - [2014/03/01 21:35:19 | 000,100,168 | ---- | M] () -- C:\Users\Stamppot\AppData\Local\Google\Chrome\Application\33.0.1750.146\libegl.dll
MOD - [2014/03/01 21:35:17 | 001,647,432 | ---- | M] () -- C:\Users\Stamppot\AppData\Local\Google\Chrome\Application\33.0.1750.146\ffmpegsumo.dll
MOD - [2014/03/01 21:35:15 | 000,051,016 | ---- | M] () -- C:\Users\Stamppot\AppData\Local\Google\Chrome\Application\33.0.1750.146\chrome_elf.dll
MOD - [2014/02/13 06:33:38 | 005,464,064 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/02/13 06:32:41 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/13 06:32:23 | 011,499,520 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2013/09/07 20:59:58 | 002,928,464 | -HS- | M] () -- \\?\C:\ProgramData\Microsoft\PlayReady\Cache\S-1-5-21-3766221614-456536743-877849824-1000\MSPRindiv01.key
MOD - [2003/08/29 21:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files (x86)\SpywareGuard\sgmain.exe
MOD - [2003/08/29 13:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\SpywareGuard\sgbhp.exe


========== Services (SafeList) ==========

SRV:64bit: - [2014/02/06 05:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/01/27 15:45:12 | 000,710,976 | ---- | M] () [Auto | Running] -- C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe -- (Level Quality Watcher)
SRV:64bit: - [2013/10/23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/10/23 17:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/05 19:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/11/06 00:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/07/28 17:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2014/02/20 22:14:28 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/01/05 20:31:58 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/01/03 01:32:12 | 001,363,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2014/01/03 01:32:04 | 001,748,640 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2013/11/30 23:00:31 | 000,132,504 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2013/10/15 19:00:32 | 004,457,688 | ---- | M] (Emsisoft GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Online Armor\OAsrv.exe -- (SvcOnlineArmor)
SRV - [2013/10/15 19:00:09 | 000,584,864 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files (x86)\Online Armor\OAcat.exe -- (OAcat)
SRV - [2013/10/02 12:36:38 | 001,384,992 | R--- | M] (Fitbit, Inc.) [Auto | Running] -- C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe -- (Fitbit Connect)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/08/14 14:19:24 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/05/12 14:02:32 | 000,134,456 | ---- | M] (Cisco WebEx LLC) [Auto | Running] -- C:\Windows\SysWOW64\atashost.exe -- (atashost)
SRV - [2011/02/11 12:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/10/22 16:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/09/29 06:00:24 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm)
SRV - [2010/09/29 06:00:16 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm)
SRV - [2010/09/01 17:51:28 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
SRV - [2009/12/03 21:30:18 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/08/24 17:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/10/15 19:00:51 | 000,035,368 | ---- | M] (Emsisoft) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OAnet.sys -- (OAnet)
DRV:64bit: - [2013/09/27 09:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/04/20 09:24:56 | 000,169,584 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/09/23 02:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/03/10 20:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/02/20 11:24:34 | 010,300,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/02/01 12:29:48 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/01/18 19:45:50 | 000,717,368 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/11/06 14:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/08/07 07:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/30 22:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/07 10:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/22 19:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/04/16 13:49:34 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2013/10/15 19:00:51 | 000,064,720 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\OADriver.sys -- (OADevice)
DRV - [2013/10/15 19:00:51 | 000,052,360 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\OAmon.sys -- (OAmon)
DRV - [2013/10/15 19:00:17 | 000,062,008 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\oahlp64.sys -- (oahlpXX)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {AF58695A-3854-4A4C-BFA9-D6AE61862BAF}
IE:64bit: - HKLM\..\SearchScopes\{AF58695A-3854-4A4C-BFA9-D6AE61862BAF}: "URL" = http://www.google.co...ng}&rlz=1I7TSNA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {A040139A-9FF0-49C2-A31C-8ABECE589042}
IE - HKLM\..\SearchScopes\{A040139A-9FF0-49C2-A31C-8ABECE589042}: "URL" = http://www.google.co...ng}&rlz=1I7TSNA

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.91: C:\Program Files (x86)\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Stamppot\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Stamppot\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101710.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/14 13:18:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/09/16 05:23:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/01/05 20:31:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/01/05 20:31:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/14 13:18:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/01/05 20:31:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/01/05 20:31:35 | 000,000,000 | ---D | M]

[2010/10/11 23:49:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stamppot\AppData\Roaming\Mozilla\Extensions
[2014/03/04 20:06:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stamppot\AppData\Roaming\Mozilla\Firefox\Profiles\n77l31s2.default-1393587891482\extensions
[2014/03/04 20:06:08 | 000,000,000 | ---D | M] (SavingsBull) -- C:\Users\Stamppot\AppData\Roaming\Mozilla\Firefox\Profiles\n77l31s2.default-1393587891482\extensions\SavingsBull@jetpack
[2014/02/13 06:21:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/02/13 06:21:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/01/05 20:31:59 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/09/16 05:20:15 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2010/10/24 14:27:20 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Stamppot\AppData\Local\Google\Chrome\Application\33.0.1750.146\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Stamppot\AppData\Local\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Stamppot\AppData\Local\Google\Chrome\Application\33.0.1750.146\pdf.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Stamppot\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.5.0.11422_0\npSkypeChromePlugin.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: getPlusPlus for Adobe 16291 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101710.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Stamppot\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Google Drive = C:\Users\Stamppot\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Stamppot\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Cast = C:\Users\Stamppot\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\14.123.1.5_0\
CHR - Extension: Google Cast = C:\Users\Stamppot\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\14.218.0.5_0\
CHR - Extension: Google Search = C:\Users\Stamppot\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Reddit Enhancement Suite = C:\Users\Stamppot\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.3.1.2_0\
CHR - Extension: SavingsBull = C:\Users\Stamppot\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngaeinfoeljecnggcbonnohnjpepenmb\5.0_0\
CHR - Extension: Google Wallet = C:\Users\Stamppot\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Stamppot\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/05/03 06:22:58 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
O2 - BHO: (IEOptimizer) - {10AD2C61-0898-4348-8600-14A342F22AC3} - C:\Program Files (x86)\SavingsBull\IEOptimizer.dll ()
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files (x86)\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Fitbit Connect] C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe (Fitbit, Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe (Toshiba)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKLM..\Run: [VERIZONDM] C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [Fitbit Connect] C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe (Fitbit, Inc.)
O4 - Startup: C:\Users\Stamppot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files (x86)\SpywareGuard\sgmain.exe ()
O4 - Startup: C:\Users\Stamppot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_32887918.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.we...rt/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E895CAFD-2B11-4838-B24E-C30C87F23C0B}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files (x86)\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/03 22:59:46 | 000,000,000 | ---D | C] -- C:\Program Files\SavingsBull
[2014/02/28 06:44:54 | 000,000,000 | ---D | C] -- C:\Users\Stamppot\Desktop\Old Firefox Data
[2014/02/28 06:31:37 | 000,000,000 | ---D | C] -- C:\temp
[2014/02/28 06:31:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SavingsBull
[2014/02/28 06:31:35 | 000,000,000 | ---D | C] -- C:\Program Files\Level Quality Watcher
[2014/02/08 12:31:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/02/06 22:33:58 | 000,000,000 | ---D | C] -- C:\Users\Stamppot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromecast
[1 C:\Users\Stamppot\Desktop\*.tmp files -> C:\Users\Stamppot\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/03/06 21:49:29 | 000,032,930 | ---- | M] () -- C:\Users\Stamppot\Desktop\Adware.jpg
[2014/03/06 21:49:00 | 000,000,920 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3766221614-456536743-877849824-1000UA.job
[2014/03/06 21:14:26 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/06 21:14:26 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/06 21:14:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/03/06 21:09:28 | 000,000,868 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3766221614-456536743-877849824-1000Core.job
[2014/03/06 20:58:56 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/03/06 06:22:51 | 3117,391,872 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/28 06:45:14 | 000,002,055 | ---- | M] () -- C:\Users\Stamppot\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/02/13 19:20:32 | 006,668,726 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/02/13 19:20:32 | 002,219,162 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/02/13 19:20:32 | 000,006,226 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[1 C:\Users\Stamppot\Desktop\*.tmp files -> C:\Users\Stamppot\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/03/06 21:49:29 | 000,032,930 | ---- | C] () -- C:\Users\Stamppot\Desktop\Adware.jpg
[2013/09/20 22:19:25 | 000,064,720 | ---- | C] () -- C:\windows\SysWow64\drivers\OADriver.sys
[2013/09/20 22:19:25 | 000,062,008 | ---- | C] () -- C:\windows\SysWow64\drivers\oahlp64.sys
[2012/10/07 11:53:17 | 000,000,574 | ---- | C] () -- C:\windows\hpomdl46.dat.temp
[2012/05/03 06:05:22 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/05/03 06:05:22 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/05/03 06:05:22 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/05/03 06:05:22 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/05/03 06:05:22 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2010/11/06 13:53:33 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/08/27 19:03:45 | 000,000,000 | ---D | M] -- C:\Users\Stamppot\AppData\Roaming\Amazon
[2012/06/23 16:21:44 | 000,000,000 | ---D | M] -- C:\Users\Stamppot\AppData\Roaming\com.amazon.music.uploader
[2013/09/20 22:21:17 | 000,000,000 | ---D | M] -- C:\Users\Stamppot\AppData\Roaming\OnlineArmor
[2012/03/24 13:06:30 | 000,000,000 | ---D | M] -- C:\Users\Stamppot\AppData\Roaming\Opera
[2014/02/14 19:09:07 | 000,000,000 | ---D | M] -- C:\Users\Stamppot\AppData\Roaming\PamFax Office Integrations
[2012/06/25 18:35:22 | 000,000,000 | ---D | M] -- C:\Users\Stamppot\AppData\Roaming\PCCUStubInstaller
[2010/12/18 16:56:47 | 000,000,000 | ---D | M] -- C:\Users\Stamppot\AppData\Roaming\Scendix Software
[2010/12/18 16:56:18 | 000,000,000 | ---D | M] -- C:\Users\Stamppot\AppData\Roaming\Softland
[2013/07/21 14:59:14 | 000,000,000 | ---D | M] -- C:\Users\Stamppot\AppData\Roaming\SumatraPDF
[2010/10/30 12:28:40 | 000,000,000 | ---D | M] -- C:\Users\Stamppot\AppData\Roaming\Tific
[2012/02/29 07:11:07 | 000,000,000 | ---D | M] -- C:\Users\Stamppot\AppData\Roaming\Toshiba
[2010/10/11 23:01:29 | 000,000,000 | ---D | M] -- C:\Users\Stamppot\AppData\Roaming\WinBatch
[2011/01/19 10:25:47 | 000,000,000 | ---D | M] -- C:\Users\Stamppot\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
buice
Posted 07 March 2014 - 05:39 AM

buice

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
Looking through my firewall history, I see that "Level Quality Watcher" is allowed access. I am not familiar with that program and do not recall granting it access. After a couple quick google searches it appears to be adware. Do you think this could be the issue? Or at least part of the issue?

Edit: Oops, I just noticed the guidance against replying to your own post. My apologies, and I hope this doesn't jeopardize my chances of getting a response.

Edited by buice, 07 March 2014 - 05:45 AM.

  • 0

#3
Dakeyras
Posted 07 March 2014 - 07:13 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.

Hi and welcome back to Geeks to Go. :)

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

SpywareGuard Advice:

Apart form the fact this software is not truly Windows 7 64 Bit compatible it will hinder the actual malware removal process.

So please uninstall it via the Control Panel >> Uninstall a program or Programs and Features.

Custom OTL Script:

  • Right-click OTL.exe and select Run as Administrator to start the program.
  • Copy the lines from the quote-box(do not copy the word quote) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:Commands
[CreateRestorePoint]

:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {AF58695A-3854-4A4C-BFA9-D6AE61862BAF}
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
[2014/03/04 20:06:08 | 000,000,000 | ---D | M] (SavingsBull) -- C:\Users\Stamppot\AppData\Roaming\Mozilla\Firefox\Profiles\n77l31s2.default-1393587891482\extensions\SavingsBull@jetpack
O2 - BHO: (IEOptimizer) - {10AD2C61-0898-4348-8600-14A342F22AC3} - C:\Program Files (x86)\SavingsBull\IEOptimizer.dll ()
O4 - Startup: C:\Users\Stamppot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_32887918.lnk = File not found
[2014/03/03 22:59:46 | 000,000,000 | ---D | C] -- C:\Program Files\SavingsBull
[2014/02/28 06:31:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SavingsBull
[2014/02/28 06:31:35 | 000,000,000 | ---D | C] -- C:\Program Files\Level Quality Watcher
[2012/05/03 06:05:22 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/05/03 06:05:22 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/05/03 06:05:22 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/05/03 06:05:22 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/05/03 06:05:22 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe

:Files
ipconfig /flushdns /c
C:\Users\Stamppot\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngaeinfoeljecnggcbonnohnjpepenmb
netsh advfirewall reset /c
netsh advfirewall set allprofiles state off /c

:Commands
[ResetHosts]
[EmptyTemp]

  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered.
  • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Note: The log file can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Scan with AdwCleaner:

Please download adwcleaner from here and save to your desktop.

Alternate downloads are here or here.

  • Right-click on adwcleaner.exe and select Run as Administrator to launch the application.
  • Now click on the Scan tab >> once the scan is complete click on the Clean tab and follow the prompts.
  • Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
Note: The log can also be located at C: >> AdwCleaner >> AdwCleaner[S0].txt

Next:

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered ?
  • OTL Log from the Custom Script.
  • AdwCleaner Log.

  • 0

#4
buice
Posted 09 March 2014 - 05:09 PM

buice

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
Thank you for your reply! I ran the procedures, and so far I haven't seen the ads in my browser. Here are the logs you requested:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
C:\Users\Stamppot\AppData\Roaming\Mozilla\Firefox\Profiles\n77l31s2.default-1393587891482\extensions\SavingsBull@jetpack\resources\SavingsBull\tests folder moved successfully.
C:\Users\Stamppot\AppData\Roaming\Mozilla\Firefox\Profiles\n77l31s2.default-1393587891482\extensions\SavingsBull@jetpack\resources\SavingsBull\lib folder moved successfully.
C:\Users\Stamppot\AppData\Roaming\Mozilla\Firefox\Profiles\n77l31s2.default-1393587891482\extensions\SavingsBull@jetpack\resources\SavingsBull\data folder moved successfully.
C:\Users\Stamppot\AppData\Roaming\Mozilla\Firefox\Profiles\n77l31s2.default-1393587891482\extensions\SavingsBull@jetpack\resources\SavingsBull folder moved successfully.
C:\Users\Stamppot\AppData\Roaming\Mozilla\Firefox\Profiles\n77l31s2.default-1393587891482\extensions\SavingsBull@jetpack\resources\api-utils\lib\windows folder moved successfully.
C:\Users\Stamppot\AppData\Roaming\Mozilla\Firefox\Profiles\n77l31s2.default-1393587891482\extensions\SavingsBull@jetpack\resources\api-utils\lib\window folder moved successfully.
C:\Users\Stamppot\AppData\Roaming\Mozilla\Firefox\Profiles\n77l31s2.default-1393587891482\extensions\SavingsBull@jetpack\resources\api-utils\lib\utils folder moved successfully.
C:\Users\Stamppot\AppData\Roaming\Mozilla\Firefox\Profiles\n77l31s2.default-1393587891482\extensions\SavingsBull@jetpack\resources\api-utils\lib\traits folder moved successfully.
C:\Users\Stamppot\AppData\Roaming\Mozilla\Firefox\Profiles\n77l31s2.default-1393587891482\extensions\SavingsBull@jetpack\resources\api-utils\lib\tabs folder moved successfully.
C:\Users\Stamppot\AppData\Roaming\Mozilla\Firefox\Profiles\n77l31s2.default-1393587891482\extensions\SavingsBull@jetpack\resources\api-utils\lib\system folder moved successfully.
C:\Users\Stamppot\AppData\Roaming\Mozilla\Firefox\Profiles\n77l31s2.default-1393587891482\extensions\SavingsBull@jetpack\resources\api-utils\lib\private-browsing folder moved successfully.
C:\Users\Stamppot\AppData\Roaming\Mozilla\Firefox\Profiles\n77l31s2.default-1393587891482\extensions\SavingsBull@jetpack\resources\api-utils\lib\l10n folder moved successfully.
C:\Users\Stamppot\AppData\Roaming\Mozilla\Firefox\Profiles\n77l31s2.default-1393587891482\extensions\SavingsBull@jetpack\resources\api-utils\lib\events folder moved successfully.
C:\Users\Stamppot\AppData\Roaming\Mozilla\Firefox\Profiles\n77l31s2.default-1393587891482\extensions\SavingsBull@jetpack\resources\api-utils\lib\event folder moved successfully.
C:\Users\Stamppot\AppData\Roaming\Mozilla\Firefox\Profiles\n77l31s2.default-1393587891482\extensions\SavingsBull@jetpack\resources\api-utils\lib\dom folder moved successfully.
C:\Users\Stamppot\AppData\Roaming\Mozilla\Firefox\Profiles\n77l31s2.default-1393587891482\extensions\SavingsBull@jetpack\resources\api-utils\lib\content folder moved successfully.
C:\Users\Stamppot\AppData\Roaming\Mozilla\Firefox\Profiles\n77l31s2.default-1393587891482\extensions\SavingsBull@jetpack\resources\api-utils\lib\addon folder moved successfully.
C:\Users\Stamppot\AppData\Roaming\Mozilla\Firefox\Profiles\n77l31s2.default-1393587891482\extensions\SavingsBull@jetpack\resources\api-utils\lib folder moved successfully.
C:\Users\Stamppot\AppData\Roaming\Mozilla\Firefox\Profiles\n77l31s2.default-1393587891482\extensions\SavingsBull@jetpack\resources\api-utils\data folder moved successfully.
C:\Users\Stamppot\AppData\Roaming\Mozilla\Firefox\Profiles\n77l31s2.default-1393587891482\extensions\SavingsBull@jetpack\resources\api-utils folder moved successfully.
C:\Users\Stamppot\AppData\Roaming\Mozilla\Firefox\Profiles\n77l31s2.default-1393587891482\extensions\SavingsBull@jetpack\resources\addon-kit\lib folder moved successfully.
C:\Users\Stamppot\AppData\Roaming\Mozilla\Firefox\Profiles\n77l31s2.default-1393587891482\extensions\SavingsBull@jetpack\resources\addon-kit\data folder moved successfully.
C:\Users\Stamppot\AppData\Roaming\Mozilla\Firefox\Profiles\n77l31s2.default-1393587891482\extensions\SavingsBull@jetpack\resources\addon-kit folder moved successfully.
C:\Users\Stamppot\AppData\Roaming\Mozilla\Firefox\Profiles\n77l31s2.default-1393587891482\extensions\SavingsBull@jetpack\resources folder moved successfully.
C:\Users\Stamppot\AppData\Roaming\Mozilla\Firefox\Profiles\n77l31s2.default-1393587891482\extensions\SavingsBull@jetpack\locale folder moved successfully.
C:\Users\Stamppot\AppData\Roaming\Mozilla\Firefox\Profiles\n77l31s2.default-1393587891482\extensions\SavingsBull@jetpack\defaults\preferences folder moved successfully.
C:\Users\Stamppot\AppData\Roaming\Mozilla\Firefox\Profiles\n77l31s2.default-1393587891482\extensions\SavingsBull@jetpack\defaults folder moved successfully.
C:\Users\Stamppot\AppData\Roaming\Mozilla\Firefox\Profiles\n77l31s2.default-1393587891482\extensions\SavingsBull@jetpack folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10AD2C61-0898-4348-8600-14A342F22AC3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3}\ deleted successfully.
C:\Program Files (x86)\SavingsBull\IEOptimizer.dll moved successfully.
C:\Users\Stamppot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_32887918.lnk moved successfully.
C:\Program Files\SavingsBull folder moved successfully.
C:\Program Files (x86)\SavingsBull folder moved successfully.
C:\Program Files\Level Quality Watcher\v1.01 folder moved successfully.
C:\Program Files\Level Quality Watcher folder moved successfully.
C:\Windows\PEV.exe moved successfully.
C:\Windows\MBR.exe moved successfully.
C:\Windows\sed.exe moved successfully.
C:\Windows\grep.exe moved successfully.
C:\Windows\zip.exe moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Stamppot\Downloads\cmd.bat deleted successfully.
C:\Users\Stamppot\Downloads\cmd.txt deleted successfully.
C:\Users\Stamppot\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngaeinfoeljecnggcbonnohnjpepenmb\5.0_0 folder moved successfully.
C:\Users\Stamppot\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngaeinfoeljecnggcbonnohnjpepenmb folder moved successfully.
< netsh advfirewall reset /c >
Ok.
C:\Users\Stamppot\Downloads\cmd.bat deleted successfully.
C:\Users\Stamppot\Downloads\cmd.txt deleted successfully.
< netsh advfirewall set allprofiles state off /c >
Ok.
C:\Users\Stamppot\Downloads\cmd.bat deleted successfully.
C:\Users\Stamppot\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56478 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Stamppot
->Temp folder emptied: 332529527 bytes
->Temporary Internet Files folder emptied: 23819545 bytes
->Java cache emptied: 22239877 bytes
->FireFox cache emptied: 16183994 bytes
->Google Chrome cache emptied: 371033846 bytes
->Opera cache emptied: 511585 bytes
->Flash cache emptied: 57106 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 505976842 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 94423 bytes
RecycleBin emptied: 3150062 bytes

Total Files Cleaned = 1,217.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 03092014_185158

Files\Folders moved on Reboot...
C:\Users\Stamppot\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Stamppot\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\windows\temp\Low\SkypeClickToCall\Logs\AutoUpdateSvc.log scheduled to be moved on reboot.
C:\windows\temp\wbxtra_03072014_064851.wbt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

# AdwCleaner v3.020 - Report created 09/03/2014 at 19:04:59
# Updated 27/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Stamppot - STAMPPOT-PC
# Running from : C:\Users\Stamppot\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : Level Quality Watcher

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Users\Stamppot\AppData\Roaming\pccustubinstaller
File Deleted : C:\Users\Stamppot\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Users\Stamppot\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Stamppot\AppData\Roaming\Mozilla\Firefox\Profiles\n77l31s2.default-1393587891482\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Stamppot\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2445 octets] - [09/03/2014 19:02:48]
AdwCleaner[S0].txt - [2400 octets] - [09/03/2014 19:04:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2460 octets] ##########
  • 0

#5
Dakeyras
Posted 10 March 2014 - 03:59 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

Thank you for your reply!

You're welcome!

I ran the procedures, and so far I haven't seen the ads in my browser.

Good, lets proceed as follows shall we...

Scan with JRT:

Please download Junkware Removal Tool to your desktop.

Note: Temp' disable/shut down your protection software now to avoid potential conflicts, how to do so can be read here.

  • Right-click on on JRT.exe and select Run as Administrator to launch the application >> follow the on-screen prompt.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Note: Reboot your machine and ensure all disabled security software is now enabled etc.

Security Application Check:

Please download and save SecurityCheck.exe to your desktop from one of the links below.

Link 1
Link 2

  • Right-click SecurityCheck.exe and select Run as Administrator then follow the on-screen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt once the scan is complete.
  • Please post the contents of that document in your next reply.
Next:

When completed the above, please post back the following in the order asked for:

  • Junkware Removal Tool Log.
  • SecurityCheck Log.

  • 0

#6
buice
Posted 10 March 2014 - 03:52 PM

buice

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
Thanks again for the reply. Here are the logs you requested:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by Stamppot on Mon 03/10/2014 at 16:44:18.59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3766221614-456536743-877849824-1000\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Stamppot\appdata\local\{190ADBA3-4C52-47E2-BA7D-00712216D487}
Successfully deleted: [Empty Folder] C:\Users\Stamppot\appdata\local\{1D10AF8E-7952-4424-9EFE-062590D0C7DC}
Successfully deleted: [Empty Folder] C:\Users\Stamppot\appdata\local\{4C2D2745-CB9F-4801-BF70-85BC03FCDD82}
Successfully deleted: [Empty Folder] C:\Users\Stamppot\appdata\local\{4C3E3065-25E1-4EB3-BD0F-7366A00D831A}
Successfully deleted: [Empty Folder] C:\Users\Stamppot\appdata\local\{4F0886FD-99A6-428B-BC7F-A391A80C06A8}
Successfully deleted: [Empty Folder] C:\Users\Stamppot\appdata\local\{526DEC6F-D627-4A16-BDE9-DE5C10BBBEFE}
Successfully deleted: [Empty Folder] C:\Users\Stamppot\appdata\local\{679A288E-783D-4711-92D2-6FF7E3FF9480}
Successfully deleted: [Empty Folder] C:\Users\Stamppot\appdata\local\{756138F0-0980-4DAF-9E18-BB98DC118492}
Successfully deleted: [Empty Folder] C:\Users\Stamppot\appdata\local\{75D2438B-0B80-4DB8-813F-6FB49409D257}
Successfully deleted: [Empty Folder] C:\Users\Stamppot\appdata\local\{8B993626-EDF5-437D-A248-3172739541A0}
Successfully deleted: [Empty Folder] C:\Users\Stamppot\appdata\local\{A3B2FEB1-AF84-4B36-AC6A-C0A742470B9D}
Successfully deleted: [Empty Folder] C:\Users\Stamppot\appdata\local\{ACC6F600-18C7-426B-9DCB-D0860B7797E5}
Successfully deleted: [Empty Folder] C:\Users\Stamppot\appdata\local\{B8CCE964-991D-4EF1-AA53-1C5569AB74BD}
Successfully deleted: [Empty Folder] C:\Users\Stamppot\appdata\local\{BF3ABF6C-13DC-4BC3-90E5-82FE5CC62CF3}
Successfully deleted: [Empty Folder] C:\Users\Stamppot\appdata\local\{C4B62FB1-BC12-4426-B870-05B898F1FE5E}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 03/10/2014 at 17:40:08.21
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Results of screen317's Security Check version 0.99.80
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 4.4
Java 7 Update 51
Adobe Flash Player 12.0.0.70
Mozilla Firefox (26.0)
Google Chrome 33.0.1750.117
Google Chrome 33.0.1750.146
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Tall Emu Online Armor OAcat.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
  • 0

#7
Dakeyras
Posted 11 March 2014 - 05:49 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

Can you confirm for myself that Online Armor is actually installed or not please ?

TFC(Temp File Cleaner):

  • Please download TFC to the desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Right-click on TFC.exe and select Run as Administrator to run the program.
  • Click the Start button in the bottom left of the GUI(graphical user interface)'
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.

Malwarebytes Anti-Malware:

Please download the installer for Malwarebytes' Anti-Malware to your desktop.

Note: The installer will be randomaly named, say for example something like 549od2jqai.exe

  • Right-click on the randomaly named exe file and select Run as Administrator, then follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
When the program loads, Decline the Malwarebytes' Anti-Malware Trial (You can activate this when we've finished, if you so wish)
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post that log in your next reply.
The log can also be found here:

  • Launch Malwarebytes' Anti-Malware
  • Click on the Logs radio tab.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
  • 0

#8
buice
Posted 11 March 2014 - 06:36 AM

buice

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
Hello,

1) Online Armor: Yes, this is installed on my machine. Do you think it isn't working effectively? Is there another firewall that you recommend?

2) TFC: Complete. No Log requested.

3) MBAM: Log below.

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.11.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Stamppot :: STAMPPOT-PC [administrator]

3/11/2014 8:24:53 AM
mbam-log-2014-03-11 (08-24-53).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 223612
Time elapsed: 7 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 4
HKCU\Software\SavingsBull (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
HKCU\Software\AppDataLow\Software\Savings Bull (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
HKCU\Software\AppDataLow\Software\SavingsBull (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\SavingsbullFilter (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Stamppot\Downloads\SweetPDF_TSV15VPOH.exe (PUP.Optional.Conduit) -> Quarantined and deleted successfully.

(end)
  • 0

#9
Dakeyras
Posted 11 March 2014 - 12:09 PM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

Online Armor: Yes, this is installed on my machine. Do you think it isn't working effectively? Is there another firewall that you recommend?

Thank you for the clarification. I was merely double checking as Security Check did not report it as part of the Security Center which in itself is not a cause for concern and I can see it has a active running process. As a third party software firewall it is fine to use and no further action is required.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Windows 7 users: You will need to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan...

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then right click on it and select Run as Administrator to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is Not checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the log-file first!
  • Now click on: Posted Image
  • Use notepad to open the log-file located at C:\Program Files (x86)\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

My friendly advice is you consider keeping the online scanner installed after I give the all clear. Then run it say once per month as a extra check. A quick easy way to do so would be via:-

Click on Start(Windows 7 Orb) >> Computer >> C: >> Program Files (x86) >> ESET >> ESET Online Scanner >> then right click on OnlineScannerApp and select Run as Administrator.
  • 0

#10
Dakeyras
Posted 15 March 2014 - 03:48 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

Advertisements

#11
Dakeyras
Posted 15 March 2014 - 02:28 PM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Topic re-opened per OP's request...
  • 0

#12
buice
Posted 16 March 2014 - 06:59 AM

buice

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
Hooray! Thanks. A log never appeared after running the procedures, and there was not a file in the directory mentioned above. However, I did copy the results (pasted below). Hopefully this will give you enough to work with. If not, please let me know.

C:\temp\t.msi Win32/AdWare.Adpeak.B application
C:\Users\Stamppot\Downloads\cbsidlm-cbsi183-Free_Video_to_GIF_Converter-ORG-75628588.exe a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Windows\Installer\cf1afc6.msi Win32/AdWare.Adpeak.B application
C:\_OTL\MovedFiles\03092014_185158\C_Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe a variant of Win32/AdWare.Adpeak.D application
C:\_OTL\MovedFiles\03092014_185158\C_Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe a variant of Win64/Adware.Adpeak.C application
C:\_OTL\MovedFiles\03092014_185158\C_Users\Stamppot\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngaeinfoeljecnggcbonnohnjpepenmb\5.0_0\bootstrap.js Win32/AdWare.Adpeak.B application
  • 0

#13
Dakeyras
Posted 16 March 2014 - 09:07 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

Hooray! Thanks

You're welcome!

A log never appeared after running the procedures, and there was not a file in the directory mentioned above. However, I did copy the results (pasted below). Hopefully this will give you enough to work with. If not, please let me know.

Fair play and it is enough information etc...

Custom OTL Script:

  • Right-click OTL.exe and select Run as Administrator to start the program.
  • Copy the lines from the quote box(do not copy the word quote) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:Commands
[CreateRestorePoint]

:Files
C:\temp\t.msi
C:\Users\Stamppot\Downloads\cbsidlm-cbsi183-Free_Video_to_GIF_Converter-ORG-75628588.exe
C:\Windows\Installer\cf1afc6.msi

:Commands
[EmptyTemp]

  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered.
  • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Note: The log file can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Next:

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • OTL Log from the Custom Script.

  • 0

#14
buice
Posted 16 March 2014 - 08:42 PM

buice

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
My computer seems to be running great now, thanks again for all of your help - very much appreciated.

Here is the log you requested:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
C:\temp\t.msi moved successfully.
C:\Users\Stamppot\Downloads\cbsidlm-cbsi183-Free_Video_to_GIF_Converter-ORG-75628588.exe moved successfully.
C:\Windows\Installer\cf1afc6.msi moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Stamppot
->Temp folder emptied: 486261 bytes
->Temporary Internet Files folder emptied: 2125091 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 22578009 bytes
->Google Chrome cache emptied: 392003048 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 726 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11942814 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 106711 bytes

Total Files Cleaned = 409.00 mb


OTL by OldTimer - Version 3.2.42.1 log created on 03162014_223817

Files\Folders moved on Reboot...
C:\Users\Stamppot\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Stamppot\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\windows\temp\Low\SkypeClickToCall\Logs\AutoUpdateSvc.log scheduled to be moved on reboot.
C:\windows\temp\wbxtra_03162014_085429.wbt moved successfully.

Registry entries deleted on Reboot...
  • 0

#15
Dakeyras
Posted 17 March 2014 - 04:27 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

My computer seems to be running great now, thanks again for all of your help - very much appreciated.

Good and you're most welcome!

Congratulations your computer appears to be malware free!

Clean-Up with DelFix:

Please download DelFix to your desktop

  • Right-click on delfix.exe and select Run as Administrator to launch the application.
  • Referring to the image below, select all availble options:
Posted Image

  • Then click on Run.
  • Once it has finished processing, a notepad file named DelFix.txt will open. Post the contents in your next reply for my review.
  • The log can also be located at the root of the system drive, C:\DelFix.txt.
  • After you have posted the aforementioned DelFix.txt, delete it and empty the Recycle Bin.
Now some advice for on-line safety:

The below is worth reading/bookmarking for future reference:

Computer Security - a short guide to staying safer online

Next:

Post the requested DelFix log...

Any questions? Feel free to ask, if not stay safe!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP