View Full Version : identifying/removing traffic.outbrain.com in browser/computor
while going over my firefox browser history i came across several instances of traffic.outbrain.com, not recognizing it i googled it and it is mentioned as a rather malicious example of malware. im not sure of the source or if it is a legitimate site or not.for all i know i was reading an example of someones "scareware" who wanted their software on my machine also. im basically an analog based person who is very suspicious of software i don't know. any info or help you can give me would be of great help. this is my first time posting on a forum so im trying to get the protocol down, im not sure what a DDS or aswmbr are but im working on figuring that out. thanks for your time and i will be looking forward to hearing back.
:snwelcome:
FYI
http://www.systemlookup.com/search.php?type=name&search=traffic.outbrain&s=
Its hard to help you with no information about your operating system , if your running Windows 8 DDS may not run but it will for Win 7, Vista and XP
Download DDS from one of the links below to your desktop
Link 1 (http://download.bleepingcomputer.com/sUBs/dds.scr)
Link 2 (http://download.bleepingcomputer.com/sUBs/dds.com)
Double click the tool to run it.
A black Screen will open, just read the contents and do nothing.
When the tool finishes, it will open 2 reports, DDS.txt and attach.txt
Copy/Paste the contents of 'DDS.txt' into your post.
'attach.txt' should be zipped using Windows native zip utility and attached to your post. Compress and uncompress files (zip files) (http://windows.microsoft.com/en-us/windows-vista/Compress-and-uncompress-files-zip-files)
http://i.imgur.com/1QYkxTZ.jpg Please download aswMBR (http://public.avast.com/~gmerek/aswMBR.exe) to your desktop.
Double click the aswMBR icon to run it.
Click the Scan button to start scan.
If you are asked to update the Avast Virus database please allow it to do so.
When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.
With aswMBR I just want to see the log...PLEASE DO NOT FIX ANYTHING
while going over my firefox browser history i came across several instances of traffic.outbrain.com, not recognizing it i googled it and it is mentioned as a rather malicious example of malware. im not sure of the source or if it is a legitimate site or not.for all i know i was reading an example of someones "scareware" who wanted their software on my machine also. im basically an analog based person who is very suspicious of software i don't know. any info or help you can give me would be of great help. this is my first time posting on a forum so im trying to get the protocol down, im not sure what a DDS or aswmbr are but im working on figuring that out. thanks for your time and i will be looking forward to hearing back.
hope this is what you needed, if not please contact me through this forum or my email. thank you again for your help and patience.
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17041 BrowserJavaVersion: 10.60.2
Run by momco at 15:44:19 on 2014-06-07
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7667.5421 [GMT -6:00]
.
AV: Norton Internet Security *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton Internet Security *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Norton Internet Security *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\Norton Zone\Engine\2.0.95.6\NZ.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Norton Zone\Engine\2.0.95.6\NZ.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\SysWOW64\RunDll32.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\coieplg.dll
BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - c:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\ips\ipsbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\coieplg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
uRun: [Sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [Conime] C:\Windows\System32\conime.exe
mRun: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
mRun: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: [InstallSpybotUpdate_bdcore.dll] C:\Program Files (x86)\Spybot - Search & Destroy 2\av\bdcore.dll
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.0.1 205.171.202.166
TCP: Interfaces\{55413D78-CD7E-4950-B146-D6844710622E} : DHCPNameServer = 192.168.0.1 205.171.202.166
TCP: Interfaces\{58B4B753-D6D0-4676-83A5-C9D920784D2A} : DHCPNameServer = 192.168.0.1 205.171.202.166
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.3.0.12\coieplg.dll
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - c:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.3.0.12\coieplg.dll
x64-TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {B34A07DD-C6F7-414A-AE63-01019482EAF0} - msiexec /fu {B34A07DD-C6F7-414A-AE63-01019482EAF0} /qn
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\momco\AppData\Roaming\Mozilla\Firefox\Profiles\liw05v8s.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2013-3-31 82600]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2013-3-31 42664]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1503000.00C\symds64.sys [2014-5-17 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1503000.00C\symefa64.sys [2014-5-17 1148120]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\BASHDefs\20140510.001\BHDrvx64.sys [2014-5-9 1530160]
R1 ccSet_NIS;NIS Settings Manager;C:\Windows\System32\drivers\NISx64\1503000.00C\ccsetx64.sys [2014-5-17 162392]
R1 ccSet_NZ;Norton Zone Settings Manager;C:\Windows\System32\drivers\NZx64\02005F0.006\ccsetx64.sys [2014-4-14 162392]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\IPSDefs\20140606.002\IDSviA64.sys [2014-6-6 525016]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1503000.00C\ironx64.sys [2014-5-17 264280]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1503000.00C\symnets.sys [2014-5-17 593112]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-2-13 204288]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-4-11 1390720]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-4-11 1764992]
R2 CalendarSynchService;CalendarSynchService;C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2011-8-16 16384]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2013-3-15 395640]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2013-1-15 780152]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\nis.exe [2014-5-17 276376]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 NZ;Norton Zone;C:\Program Files (x86)\Norton Zone\Engine\2.0.95.6\nz.exe [2014-4-14 522592]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2012-2-13 1128952]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-2-1 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-2-1 1042272]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-2-1 171416]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE [2014-3-11 247968]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-2-13 533096]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-2-13 47232]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE [2014-3-11 193696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 BTWAMPFL;BTWAMPFL;C:\Windows\System32\drivers\btwampfl.sys [2012-2-13 349736]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-2-13 39464]
S3 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2014-4-24 227904]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2014-4-24 203344]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-12 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-2-1 19456]
S3 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2014-2-8 155824]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-4-7 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-2-1 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2013-3-18 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-2-1 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-06-02 23:37:12 -------- d-----w- C:\Program Files\iPod
2014-06-02 23:37:08 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-02 23:37:08 -------- d-----w- C:\Program Files\iTunes
2014-06-02 23:37:08 -------- d-----w- C:\Program Files (x86)\iTunes
2014-06-02 07:36:55 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-05-23 00:34:12 -------- d-----w- C:\ProgramData\BlueStacks
2014-05-17 17:58:10 875736 ----a-r- C:\Windows\System32\drivers\NISx64\1503000.00C\srtsp64.sys
2014-05-17 17:58:10 593112 ----a-r- C:\Windows\System32\drivers\NISx64\1503000.00C\symnets.sys
2014-05-17 17:58:10 493656 ----a-r- C:\Windows\System32\drivers\NISx64\1503000.00C\symds64.sys
2014-05-17 17:58:10 36952 ----a-r- C:\Windows\System32\drivers\NISx64\1503000.00C\srtspx64.sys
2014-05-17 17:58:10 23568 ----a-r- C:\Windows\System32\drivers\NISx64\1503000.00C\symelam.sys
2014-05-17 17:58:10 1148120 ----a-r- C:\Windows\System32\drivers\NISx64\1503000.00C\symefa64.sys
2014-05-17 17:58:09 264280 ----a-r- C:\Windows\System32\drivers\NISx64\1503000.00C\ironx64.sys
2014-05-17 17:58:09 162392 ----a-r- C:\Windows\System32\drivers\NISx64\1503000.00C\ccsetx64.sys
2014-05-17 17:57:55 -------- d-----w- C:\Windows\System32\drivers\NISx64\1503000.00C
2014-05-15 19:52:58 162392 ----a-r- C:\Windows\System32\drivers\NZx64\0200610.00C\ccsetx64.sys
2014-05-15 19:52:48 -------- d-----w- C:\Windows\System32\drivers\NZx64\0200610.00C
2014-05-14 08:48:45 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-14 08:48:45 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-09 20:01:58 93808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
.
==================== Find3M ====================
.
2014-05-14 03:54:31 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 03:54:31 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-09 06:14:03 477184 ----a-w- C:\Windows\System32\aepdu.dll
2014-05-09 06:11:23 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-04-04 07:05:12 177752 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2014-03-19 21:23:16 862664 ----a-w- C:\Windows\SysWow64\msvcr110.dll
2014-03-19 21:23:16 828872 ----a-w- C:\Windows\System32\msvcr110.dll
2014-03-19 21:23:16 661448 ----a-w- C:\Windows\System32\msvcp110.dll
2014-03-19 21:23:16 534480 ----a-w- C:\Windows\SysWow64\msvcp110.dll
2014-03-19 21:23:16 354264 ----a-w- C:\Windows\System32\vccorlib110.dll
2014-03-19 21:23:16 251864 ----a-w- C:\Windows\SysWow64\vccorlib110.dll
2014-03-19 21:23:14 50896 ----a-w- C:\Windows\System32\drivers\point64.sys
.
============= FINISH: 15:45:08.53 ===============
Hi,
Just so you know we don't fix things through emails, just on the forum so when I post just reply back to this thread by using the SUBMIT REPLY and please do not start any new topics. Also , as far as the logs we ask for please just copy and paste them in in lew of attaching them ....except for the extra DDS log
Not looking at anything earth shattering on any of your logs, aswMBR checks for a rootkit and the log is fine and nothing I can see bad going on on your DDS log
http://i.imgur.com/GUZVCQN.jpg Please download Malwarebytes Anti-Malware (http://www.malwarebytes.org/mbam-download.php) to your desktop.
http://i24.photobucket.com/albums/c30/ken545/MBAM_zps65e8300e.jpg (http://s24.photobucket.com/user/ken545/media/MBAM_zps65e8300e.jpg.html)
http://i24.photobucket.com/albums/c30/ken545/MBAM2_zpsabeea657.jpg (http://s24.photobucket.com/user/ken545/media/MBAM2_zpsabeea657.jpg.html)
Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
Launch Malwarebytes Anti-Malware
A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish.
On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.
After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.
hope this is what you need to see.
Not seeing anything, did your copy and paste the log into this thread or attach it
Not seeing anything, did your copy and paste the log into this thread or attach it
sorry trying to get the hang of this stuff. i have attached two zipped folders one is the malware scan with admin. the other without. my search dial has been a problem from my grandson trying to download a trial version of minecraft. thought i had taken care of it some time ago. seems the malbytes is a pretty good scanner i ran it on my laptop also and was impressed with the results. do you know of any conflicts between my norton internet security malwarebytes and spybot being on the system at the same time? i will check the thread regularly to see if i got the attachments on here this time. again i thank you for your patience.
Morning,
I think Norton, Malwarebytes and Spybot will all get along.
Lets check for leftovers
OTL by OldTimer
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
Morning,
I think Norton, Malwarebytes and Spybot will all get along.
Lets check for leftovers
OTL by OldTimer
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
hi ken just when i think im getting the hang of this i begin to wonder if im doing it wrong hope this is working like it's supposed to. when i ran OTL i used the settings you wanted with the exception of time frame default was 30 days and i went with last 180 days as thats more in the time frame problems would have happened.
Some leftovers from ASK and also 2 entries related to your host file that needs to be fixed.
Also I would stay away from Popcap games, it can add adware to your system. I would uninstall it if you can
Open OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:OTL
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
IE - HKU\S-1-5-21-1052855104-1268557068-1444297151-1001\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
[2014/02/03 10:54:21 | 000,450,709 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140223-224811.backup
[2014/02/01 22:49:41 | 000,450,709 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140203-095421.backup
:Services
:Reg
:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[EMPTYJAVA]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces
hi ken, here is the log. getting rid of popcap was no loss thanks for the advice. i also came across a program named XM asia pacific ltd. and another named K-NFB reading tech.that i dont recall downloading i dumped them also figuring if they were needed they would reinstall at the time needed. what is your opinion of wild tangent i know it is a game client for HP but i have heard rumors it may have security issues also. couldn't help noticing the thread just posted about traffic outbrain on this site, i am curious what this is and will watch closely in the future to see if it pops up again, seems to me what you have done has resolved that issue and then some' can't tell you how much i value the advice.
Your fix log wont open, its best just to copy and paste the logs we ask for directly into the this thread.
Willd Tangent is in the same category as PopCap so getting rid of it would be a good move
Not seeing anything in your logs for traffic out brain , why dont your run a new scan with Spybot and let me see where its located
All processes killed
Error: Unable to interpret <Code:> in the current context!
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_USERS\S-1-5-21-1052855104-1268557068-1444297151-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
C:\Windows\SysNative\drivers\etc\hosts.20140223-224811.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20140203-095421.backup moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\momco\Downloads\cmd.bat deleted successfully.
C:\Users\momco\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYJAVA]
User: All Users
User: Default
User: Default User
User: dub_cm_auto
User: momco
->Java cache emptied: 297828 bytes
User: Public
User: the other account
->Java cache emptied: 990106 bytes
Total Java Files Cleaned = 1.00 mb
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: dub_cm_auto
User: momco
->Temp folder emptied: 272054185 bytes
->Temporary Internet Files folder emptied: 49587707 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 38894873 bytes
->Google Chrome cache emptied: 353120797 bytes
->Flash cache emptied: 57838 bytes
User: Public
User: the other account
->Temp folder emptied: 84305329 bytes
->Temporary Internet Files folder emptied: 199963150 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 394162595 bytes
->Google Chrome cache emptied: 397859324 bytes
->Flash cache emptied: 62400 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 43307610 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33298 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1,749.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 06112014_132518
Files\Folders moved on Reboot...
C:\Users\momco\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\momco\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\Low\SkypeClickToCall\Logs\AutoUpdateSvc.log scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
hello ken, i hope this is the what you need to see. i got in the habit of saving everything to documents and i guess that caused an issue with being able to open the folder i sent earlier. the info i have posted was found in OTL's files on the c drive. sometimes i feel like this years poster child for the digitally handicapped. but by reading instructions and a little common sense i manage to make it work. anyway to keep things in order i will put the spy-bot scans in another post.
When you copy and paste the fix into OTL, :OTL <-- has to be in the included in the fix as the first entry or sometimes the fix wont work, but it looked like it did
Don't worry about making mistakes, when your new to running all these different scanners and saving logs most times it can be confusing. Lets see what Spybot comes up with
hello again ken, i have a habit of watching the addresses flash by in the lower left corner of my browser as i'm loading a site, so after thinking about it i remembered seeing traffic outbrain as a site was loading. since i only use this machine for browsing news, email and playing diablo 3 on battlenet it wasnt too hard to find traff. outbrain on the BBC news site and possibly telegraph i'm beginning to suspect its just another info-mining outfit. so in keeping with that line of thought i ran two scans the first (-0811) was run after first starting up today, the second scan (0853) was run right after the first but after visiting CNN BBC and the telegraph news sites. let me know if there is a problem with the attachments, i know i can copy and paste them but zipping and attaching files is something new to me and i'm kind of using this as practice so in the future i can at least pretend to know what i'm doing. thanks again
I dont see anything related to traffic.outbrain
You will need the 64bit version of this program
Download and Run SystemLook
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)
64 Bit Version (http://jpshortstuff.247Fixes.com/SystemLook_x64.exe)
Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
:folderfind
Traffic.outbrain
:filefind
Traffic.outbrain
:regfind
Traffic.outbrain
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
SystemLook 30.07.11 by jpshortstuff
Log created at 12:09 on 12/06/2014 by momco
Administrator - Elevation successful
========== folderfind ==========
Searching for "Traffic.outbrain"
No folders found.
========== filefind ==========
Searching for "Traffic.outbrain"
No files found.
========== regfind ==========
Searching for "Traffic.outbrain"
No data found.
-= EOF =-
hello again, well it looks like nothing is on my machine, if i have windows do a search all i find is crosstown traffic by by jimmy h, i think i'll keep that file. at any rate this has been an education for me and i finally got rid of the rest of my search dial and pop cap/tangent. can't tell you how much i value good advice. wouldn't mind starting a new thread in the future on cleaning up my laptop, thats the one my wife and grandkids are on all the time, its bound to be a mess. please let me know what your thoughts are on traffic outbrain, the only place i saw it was a couple times on the browser history but it made me wonder why my browser was going there. thanks again.
Let me know how this went
Internet Explorer
Open Internet Explorer
Click on Tools up on the top right
Click on Manage Add Ons
Click on Search Providers
Highlite Traffic.outbrain and select Delete
Firefox
Open Firefox
Up on the Top Right in the Search Box , click on the down arrow and select Manage Search Engines
Highlite Traffic.outbrain and select Delete
Chrome
Open Chrome
Click the Chrome menu http://i24.photobucket.com/albums/c30/ken545/Clipboard01_zps2e55f676.jpgon the browser toolbar.
Click on Settings
Then Manage Search Engines
Highlite Traffic.outbrain and select Delete
hi again, none of the browsers showed traffic outbrain but i did manage to dump various search providers i will never use. im thinking if traf. out. was ever installed one of the scans must have taken care of it. one thing i would like to ask about is my uninstall of wild tangent seemed to go according to plan and i cant find any trace of it except in my games folder it still offers a lot of wild tangent games do you think these are just links to wild t. and they are not on the computer untill i try and open one?
Found these on your OTL extras log
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App for HP
I dont think I would worry about it, just stay away from using it
thanks for the advice, it seems you have taken care of my problems answered my questions and then some. good advice is hard to come by online without giving a credit card # first and even then it's not always that good of advice. i am wondering if i open this thread on my laptop will the links to the tools you have given me work to install them on that computer? we don't need to get into that one right now as i would have to make an appointment with my wife to get it away from her long enough to look at it, just wondering. it's an HP running vista with a win.7 upgrade. on the subject of the computer we have been working on i think we can call it a success. again thanks for your help.
There is so many different forms of malware and also the tools we use to remove them...what one tool may fix on one computer can damage another, we as helpers are updated quite often on the tools we use as far as any updates and them causing any issues and the public is not , so I think it would be best to start a new thread for your wifes computer, provide the DDS and aswMBR logs and we can go from there.
My pleasure helping you :)
Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups, any programs that where not removed you can just drag to the trash.
Malwarebytes is the free version and yours to keep and will not be removed
How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/index.php?showtopic=57817)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)
Safe Surfn
Ken