hi. I tried to full scan my laptop using Avast Internet Security and scan using malwarebytes software but still the random popups happened.
here I attached OTL file.
please help me.
hi. I tried to full scan my laptop using Avast Internet Security and scan using malwarebytes software but still the random popups happened.
here I attached OTL file.
please help me.
Hi.
Please download Farbar Recovery Scan Tool (
http://www.mcshield.net/personal/magna86/Images/FRST_canned.png
) by Farbar and save it to your desktop.
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
[*]Double-click to run it. When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
can this software run on windows 8?
Of course.
sorry for my late reply. here are the files requested.
1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
Start
BrowseToSave (HKLM\...\{FF6C0463-4A20-4700-A5EB-0202248F2695}) (Version: 1.0 - ) <==== ATTENTION
Delta Chrome Toolbar (HKLM-x32\...\Delta Chrome Toolbar) (Version: - Delta) <==== ATTENTION
SelectionLinks (HKLM-x32\...\sl-dlc) (Version: 1.0 - SelectionLinks) <==== ATTENTION
Task: {4B76DE48-7B70-40B8-B11A-E44E0031F8B7} - System32\Tasks\BitGuard => Sc.exe start BitGuard <==== ATTENTION
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-2701482308-3642543452-1738847194-1003\...\MountPoints2: {21531061-be5d-11e2-beaf-20689dd0beba} - "F:\Autorun.exe"
HKU\S-1-5-21-2701482308-3642543452-1738847194-1003\...\MountPoints2: {d519beef-5331-11e3-bed0-20689dd0beba} - "G:\Windows\CHECK\DriveNavigator.exe"
AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll => c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll File Not Found
SearchScopes: HKCU - DefaultScope {0388404D-6072-4CEB-B521-8F090FEAEE57} URL = http://klit.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name=yahoo&provider_code=&partner_id=693&product_id=741&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.4.0&install_country=US&install_date=20130218&user_guid=D40063A7FC9349D5B4C339F42AB32972&machine_id=85b7a42b9d45e4838ed83a1ccbc580e6&browser=IE&os=win&os_version=6.2-x64-SP0&iesrc={referrer:source}
SearchScopes: HKCU - DefaultScope {0388404D-6072-4CEB-B521-8F090FEAEE57} URL = http://klit.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name=yahoo&provider_code=&partner_id=693&product_id=741&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.4.0&install_country=US&install_date=20130218&user_guid=D40063A7FC9349D5B4C339F42AB32972&machine_id=85b7a42b9d45e4838ed83a1ccbc580e6&browser=IE&os=win&os_version=6.2-x64-SP0&iesrc={referrer:source}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKCU - {0388404D-6072-4CEB-B521-8F090FEAEE57} URL = http://klit.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name=yahoo&provider_code=&partner_id=693&product_id=741&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.4.0&install_country=US&install_date=20130218&user_guid=D40063A7FC9349D5B4C339F42AB32972&machine_id=85b7a42b9d45e4838ed83a1ccbc580e6&browser=IE&os=win&os_version=6.2-x64-SP0&iesrc={referrer:source}
SearchScopes: HKCU - {07B5132F-F94F-4BFE-B59B-09118D9E1571} URL = http://www.mysearchresults.com/search?c=2402&t=15&q={searchTerms}
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
BHO: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO-x32: No Name - {C37D4656-83FB-B8DB-9C1E-35421F95A085} - No File
CHR Extension: (No Name) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aicancafipiklohohmoognddncljhkio [2014-01-30]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR Extension: (Select Links App) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjabpkflkebalikeegdknohnglfjen [2013-06-15]
CHR Extension: (BBrroWse2seaveo) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngfmibkhjfpfpkejankchdofkgjjkeng [2013-03-06]
2014-03-28 22:28 - 2014-01-30 22:39 - 00000000 ____D () C:\ProgramData\Conduit
C:\ProgramData\hash.dat
C:\ProgramData\patch.dll
C:\Users\lenovo\AppData\Local\Temp\1381228536_Cloud_Backup_Setup.exe
C:\Users\lenovo\AppData\Local\Temp\BackupSetup.exe
C:\Users\lenovo\AppData\Local\Temp\bitool.dll
C:\Users\lenovo\AppData\Local\Temp\COMAP.EXE
C:\Users\lenovo\AppData\Local\Temp\drm_dyndata_7380009.dll
C:\Users\lenovo\AppData\Local\Temp\ExPromo.exe
C:\Users\lenovo\AppData\Local\Temp\GomAudDnInstaller.exe
C:\Users\lenovo\AppData\Local\Temp\Uninstall.exe
C:\Users\lenovo\AppData\Local\Temp\uttE27F.tmp.exe
C:\Users\lenovo\AppData\Local\Temp\vcredist_x64.exe
C:\Users\lenovo\AppData\Local\Temp\wget.exe
End
2. Save notepad as fixlist.txt to your Desktop.
NOTE: => Itās important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.
do I copy FRST.txt from the tool directory to the desktop as my fixlist.txt is on desktop as well or should I copy fixlist.txt to the toolās directory since FRST.txt is there?
NOTE: => It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
The program Farbar (FRST) is running to C:\Users\lenovo[b]Downloads\Programs[/b] and not from the desktop.
Please download Farbar Recovery Scan Tool () by Farbar and save it to your desktop.
You have downloaded in the download folder.
here it is
What is the situation now?
seems quiet now. looks like alright already. letās see how it goes in the next few hours. I will update back if the problem persist.
anyway, thanks for all the guide so far!
Okay, Iāll be here.
the pop-ups are still active after I restarted my laptop.
Download TDSSKiller and save it to your desktop
Execute TDSSKiller.exe by doubleclicking on it.
Confirm āEnd user Licence Agreementā and āKSN Statementā dialog box by clicking on Accept button.
[*] Press Start Scan
[*] If Suspicious object is detected, the default action will be Skip, click on Continue.
[*] If Malicious objects are found, select Cure.
Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt
Please post the contents of that log in your next reply.
no threats found
hereās the log file
Please download zoek.zip or zoek.rar by smeenk (
http://www.mcshield.net/personal/magna86/Images/Zoek_icon.png
) from here or here and save it to your Desktop.
Unpack the archiveā¦
[*]Close any open browsers
[*] Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.
[*]Double click on zoek.exe to run the tool .
Please wait while the tool does not startā¦
[*]Copy the text present inside the code box below and paste it into the large window in the zoek tool:
filesrcm;
startupall;
skipfix-iedefaults;
firefoxlook;
chromelook;
autoclean;
[*] Click on
http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png
button.
Please wait until a logreport will open (this can be after reboot)
[*]Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named āzoek-results.logā
next log. problem still persist though
[*]Close any open browsers
[*] Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.
[*]Double click on zoek.exe to run the tool .
Please wait while the tool does not startā¦
[*]Copy the text present inside the code box below and paste it into the large window in the zoek tool:
C:\Users\lenovo\AppData\Local\html.html;f
C:\Users\lenovo\AppData\Local\web.html;f
C:\Users\lenovo\AppData\Local\Links.go;f
C:\Users\lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RunTime.exe;f
C:\Users\lenovo\AppData\Roaming\IDM\idmmzcc5;fs
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions];r
"mozilla_cc@internetdownloadmanager.com"=-;r
nigdidofhcdnbmhagmpnahimkphfjgha;chr
nmmhkkegccagdldgiimedpiccmgmieda;chr
emptyalltemp;
autoclean;
emptyclsid;
ipconfig /flushdns >> %temp%\log.txt;b
[*] Click on
http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png
button.
Please wait until a logreport will open (this can be after reboot)
[*]Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named āzoek-results.logā
the new one
The situation now?