Malware, inline ads

[Alba37]

I have inline ads everywhere, on forums, websites etc. Please see attached screenshot

I am sorry I have been trying to fix this and ran hitman previously before reading the steps for help and advice. I just can't find a solution so any help would be much appreciated.

Thanks

[Alba37]

Ops, forgot the screenshot!

[thisisu]

Your logs are clean. Does this only occur when you use Google Chrome to browse the web? Do the same problems occur with Internet Explorer?

__

From Programs and Features (via Control Panel), please uninstall the below:

• Java(TM) 6 Update 26 (outdated)

I want you to read and follow these instructions: TDSSKiller - How to run

__

Please download OTL by OldTimer.

• Save it to your desktop.
• Right mouse click on the OTL icon on your desktop and select Run as Administrator
• Check the "Scan All Users" checkbox.
• Check the "Standard Output".
• Change the setting of "Drivers" and "Services" to "All"
• Copy the text in the code box below and paste it into the text-field.
  
  Code:

  activex
  netsvcs
  %windir%\system32\drivers\*.sys /lockedfiles

• Now click the button.
• One report will be created:
  • OTL.txt <-- Will be opened
• Attach OTL.txt to your next message. (How to attach)

[Alba37]

Thanks very much for your help. I can't beleive I have got myself in to bother so fast! I just inherited this computer from my son as mine was chugging along on its last legs!

After taking a while to find IE, (as my son had told me it wasn't installed on the computer and I had believed him at first!) I have checked it and it's fine, so it is a Chrome specific issue. It started around the time I installed utorrent. Which I have since uninstalled again.

Please see attachments as requested, thanks again

[Alba37]

Good news, I uninstalled the following extensions in Chrome and the problem has gone. I think there was another couple I uninstalled too, GPU something? and another Ad one. So I don't know what caused it but it seems to have gone! Thanks!

Adblock Plus (Beta)
AVG Do Not Track
AVG Safe Search
MonitorTab
Click 2 Save

[thisisu]

From Programs and Features (via Control Panel), please uninstall the below:

• Java(TM) 6 Update 26
• BitComet 1.29 64-bit
• CleanUp!

Fix items using OTL by OldTimer

Double-click OTL.exe to run. (Vista/7 right-click and select Run as Administrator)
Shut down your protection software now (antivirus, antispyware...etc) to avoid possible conflicts.
Copy the text in the code box below and paste it into the text-field.

Code:

:otl
SRV - [2012/07/12 18:32:22 | 001,239,952 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
DRV:64bit: - [2009/07/14 02:47:48 | 000,530,496 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\elxstor.sys -- (elxstor)
IE - HKU\S-1-5-21-1252602699-2952633354-2283345369-1001\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKU\S-1-5-21-1252602699-2952633354-2283345369-1001\..\SearchScopes\{F08CBE59-0BBD-4E81-B857-9B4B0737B6B1}: "URL" = http://services.zinio.com/search?s={searchTerms}&rf=sonyslices
IE - HKU\S-1-5-21-1252602699-2952633354-2283345369-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
CHR - Extension: Click 2 Save = C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoinkcpnahjmnkkdkognlihmmebhejhd\1.1_0\
CHR - Extension: The Camelizer = C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghnomdcacenbmilgjigehppbamfndblo\1.5_0\
O3 - HKU\S-1-5-21-1252602699-2952633354-2283345369-1001\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit:] - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
[2012/07/20 21:16:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
[2012/07/20 18:44:08 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Ad-Aware Antivirus
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Marc\Desktop\*.tmp files -> C:\Users\Marc\Desktop\*.tmp -> ]
[2012/07/21 03:50:15 | 000,027,520 | ---- | C] () -- C:\Users\Marc\AppData\Local\dt.dat
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0B4227B4
:services 
BITCOMET_HELPER_SERVICE
:files
C:\Program Files (x86)\Ad-Aware Antivirus /d
:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BitComet"=-
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F08CBE59-0BBD-4E81-B857-9B4B0737B6B1}]
:commands
[clearallrestorepoints]
[emptytemp]

Now click the button.
If the fix needed a reboot please do it.
Click the OK button (upon reboot).
When OTL is finished, Notepad will open. Close Notepad.
A log file will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
Attach this log to your next message. (How to attach)

__

Now run C:\MGtools\GetLogs.bat by right-mouse clicking it and then selecting Run as Administrator
This updates all of the logs inside MGlogs.zip.
When it is finished, attach C:\MGlogs.zip to your next message. (How to attach)

[thisisu]

Oh good
Check above as I was planning on removing the "Click 2 Save" addon
You don't have to complete the above set of instructions if everything is OK now

[Alba37]

Quote:

Originally Posted by thisisu

Oh good
Check above as I was planning on removing the "Click 2 Save" addon
You don't have to complete the above set of instructions if everything is OK now

Thanks a million for your help. Sorry for not getting back sooner, have been under the weather. I really appreciated your help. Thanks again

[thisisu]

You're welcome.
Be safe