Nom.ambitionssparse.com Still Tries To Open

Hi there.

Could you upload the logs regardless of what they found please? I would also like to see the log from Malware Bytes.

 

Which browser(s) is redirecting, is it Internet Explorer? Let me know!


Fix items using RogueKiller.

Double-click RogueKiller.exe to run. (Vista/7/8 right-click and select Run as Administrator)
When it opens, press the Scan button
Now click the Tasks tab and locate these detections:

• [Suspicious.Path] \UpdateAdmin -- C:\Users\Beccys\AppData\Local\UpdateAdmin\UpdateAdmin.exe (/RUN) -> Found

Place a checkmark next to each of these items, leave the others unchecked.
Now press the Delete button.

...and the same for these entries on the Files tab please.

• [PUP][Folder] C:\ProgramData\{ab559773-eb33-4593-ab55-59773eb35dcf} -> Found
• [PUP][Folder] C:\ProgramData\{af163672-5678-5244-af16-63672567d9c9} -> Found
• [PUP][Folder] C:\ProgramData\{EB5F5A55-037A-4E47-806B-2C8AA9374701} -> Found

When it is finished, there will be a log on your desktop called: RKreport[2].txt
Attach RKreport[2].txt to your next message. (How to attach)
Reboot the machine.



Re run Malware Bytes and let it remove anything else it may find.
Re run Hitman Pro, activate/enable the free trial and let it remove what it finds, too.


Download and run OTM.

Download >>> OTM <<<by Old Timer and save it to your Desktop.

• Run OTM.exe by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).
• Paste the following code under the http://farm3.static.flickr.com/2455/4173556815_a721a91733_o.png area. Do not include the word Code.

Code:

:reg
[HKEY_LOCAL_MACHINE\software\Wow6432Node\microsoft\windows\currentVersion\RunOnce]
"Gafagecosor"=-

:Files
C:\Users\Beccys\AppData\Local\6D26EC~1

:Commands
[emptytemp]
[Reboot]

• Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
• Push the large http://farm3.static.flickr.com/2782/4174320048_f01c448b32_o.png button.
• OTM may ask to reboot the machine. Please do so if asked.
• Copy everything in the Results window (under the green bar), and paste it into a text file to ATTACH into your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and attach the contents of that document back here in your next post.

• 
  
• Run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista, Windows7 or Win8) Then attach the new C:\MGlogs.zip file that will be created by running this.
• Let me know of any problems you may have encountered with the above instructions and also let me know how things are running!