Pop up ads

Hello, Atlantic44

Do you have your machine setup to use a proxy?

Did you have MalwareBytes' fix these entries? If not re-run it and do so.

Please download OTM by Old Timer and save it to your Desktop.

• Run OTM.exe by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).
• Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
  (or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
  the code box

Code:

:Files
C:\Program Files (x86)\Optimizer Pro
C:\Windows\TEMP\*.*
C:\Users\dan\AppData\Local\Temp\*.*
:Reg
[-HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimizer Pro Schedule]
[-HKLM\SOFTWARE\Wow6432Node\{1146AC44-2F03-4431-B4FD-889BC837521F}]
[-HKLM\SOFTWARE\Wow6432Node\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}]
[-HKLM\SOFTWARE\Wow6432Node\{6791A2F3-FC80-475C-A002-C014AF797E9C}]
[-HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}]
[-HKU\S-1-5-18\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}]
[-HKU\S-1-5-21-4091695568-2235160215-3058254366-1000\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}]
[-HKU\S-1-5-21-4091695568-2235160215-3058254366-1000\Software\Optimizer Pro]
[-HKU\S-1-5-21-4091695568-2235160215-3058254366-1000\Software\TNT2]
:Commands
[purity]
[EmptyTemp]
[start explorer]
[Reboot]

• Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose "Paste".
• Now click the large button.
• If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
• Close OTM.

Now navigate to the C:\_OTM\MovedFiles folder (assuming your Windows drive is C). This is where your log will be saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach this log file to your next message.

Next download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8 users right-click and select Run As Administrator
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• When it's done you'll see: Pending: Please uncheck elements you don't want removed.
• Now click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
• Look over the log especially under Files/Folders for any program you want to save.
• If there's a program you may want to save, just uncheck it from AdwCleaner.
• If you're not sure, post the log for review. (all items found are either adware/spyware/foistware)
• If you're ready to clean it all up.....click the Clean button.
• After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
• Attach that logfile to your next next reply.
• A copy of all logfiles are saved in the C:\AdwCleaner folder which are created when running the tool.

Now please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Note: That JRT may reset your home page to a google default so you will need to restore your home page setting if this happens.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Attach JRT.txt to your next message.

Then attach the below logs:

• the C:\_OTM\MovedFiles log
• the JRT.TXT log
• AdwCleaner[S0].txt

Make sure you tell me how things are working now!

 

Click what?

You can try this >> Reset Firefox to Defaults

Please re run a scan with Hitman Pro and attach the updated log.

Then download Farbar Recovery Scan Tool (FRST) and save it to your Desktop.
For 32-bit (x86) systems download Farbar Recovery Scan Tool
For 64-bit (x64) systems download Farbar Recovery Scan Tool x64

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press the Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run from.
• The first time the tool is run, it also makes another log (Addition.txt).
• Attach both logfiles to your next reply. (See: How to attach)

Logs to attach:

• updated Hitman Pro log.txt
• FRST.txt and Addition.txt

 

*You forgot to attach the requested Hitman Pro log.txt.

Are you using a Ad Blocker/Pop-up Blocker for your browsers?

We need to use OTM.exe again.

• Run OTM.exe by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).
• Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
  (or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
  the code box

Code:

:Files
C:\Users\dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake 
C:\Users\dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf 
C:\Users\dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
C:\Users\dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
C:\Users\dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Users\dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
C:\Users\dan\AppData\Local\Google\Chrome\User Data\Default
C:\ProgramData\Setup.exe
:Commands
[purity]
[EmptyTemp]
[start explorer]
[Reboot]

• Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose "Paste".
• Now click the large button.
• If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
• Close OTM.

Now navigate to the C:\_OTM\MovedFiles folder (assuming your Windows drive is C). This is where your log will be saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach this log file to your next message.

Reset Internet Explorer 9, 10, and 11 to Defaults

Now run the following online scan -
Using ESET's Online Scanner

Please attach:

• ESET Scan.txt log
• the C:\_OTM\MovedFiles log
• updated Hitman Pro.log as requested

 

What's with the below strange Russian like type extensions?

Code:

CHR Extension: (Документы Google) - C:\Users\dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-29]
CHR Extension: (Диск Google) - C:\Users\dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-29]
CHR Extension: (Поиск Google) - C:\Users\dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-29]
CHR Extension: (Google Кошелек) - C:\Users\dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-29]

Maybe you should remove the Extensions too and not just the files. Use FRST or scan with OTL to see if it picks them up and then remove with OTL.

 

Almost forgot Dr. M, Did you remove the Proxy yet? I suggest removing it.

Also what is the below????

2014-09-10 19:48 - 2014-09-10 19:48 - 00154112 _____ () C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe

 

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Please review these instructions... and Quarantine All - everything that's detected.
Using Malwarebytes Anti-Malware

Download the attached fixlist.txt to the same folder as FRST.exe/FRST64.exe.
Run FRST.exe/FRST64.exe and after the Scan is complete, click Fix only once and wait.
The tool will create a log (Fixlog.txt) in that folder, please attach it to your reply.

Please download OTL by OldTimer.

• Save it to your desktop.
• Double-click on the OTL icon on your desktopto run it. (Note: if using Vista, Win7 or Win8 use right-click and select Run as Administrator)
• Check the "Scan All Users" checkbox.
• Set the "Output" to "Minimum Output".
• Change the setting of "Drivers" and "Services" to "Use Safelist"
• Copy the text in the code box below and paste it into the text-field.
  
  Code:

  activex
  netsvcs
  msconfig
  drives
  

• Now click the button.
• One report will be created:
  • OTL.txt <-- Will be opened
• Attach OTL.txt to your next message. (How to attach)

Attach the updated MalwareBytes log.txt, OTL.txt, and Fixlog.txt logs to your next reply!

 

Good! It picked up that Diagnostics stuff I questioned. I had a feeling it was junk.

 

Your logs look lots better. How's the machine running now?

 

You're welcome!

My choice for protection is Comodo Internet Security 7.0.317799.4142 Final

*Make sure that you use the offical AVG Remover - an regular uninstall is known to leave remnants behind.

AVG Utilities

_____________________________

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase it, it provide no protection. It do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. Go back to step 6 of the READ ME and re-enable your Disk Emulation software with Defogger if you had disabled it.
3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
4. If running Vista, Win 7/8 - it is time to make sure you have re-enabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
5. Go to add/remove programs and uninstall HijackThis.
6. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
7. If you are running Win 7/8, Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures pointed to by step 7 of the READ ME
     for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
8. After doing the above, you should work through the below link:
   • How to Protect yourself from malware!

Safe surfing!