26 replies to this topic

[MrCharlie]

Please do this:
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in bold:

:OTL
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-21-2038607408-2014536849-66605718-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O13 - gopher Prefix: missing
O18:64bit: - Protocol\Handler\intu-help-qb5 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

:Commands
[EMPTYJAVA]
[resethosts]
[emptytemp]
[EMPTYFLASH]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
[*]Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

MrC

[InertiaMike]

Here is the OTL log after the reboot:

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2038607408-2014536849-66605718-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\intu-help-qb5\ deleted successfully.
File Protocol\Handler\intu-help-qb5 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\qbwc\ deleted successfully.
File Protocol\Handler\qbwc - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
File delete failed. C:\ProgramData\Z@!-0b60825b-7b0a-4470-a4e0-211078a15d62.tmp scheduled to be deleted on reboot.
File delete failed. C:\ProgramData\Z@S!-4192b036-d3ae-4314-8ee6-09510ad3f3fa.tmp scheduled to be deleted on reboot.
File delete failed. C:\ProgramData\Z@!-0b60825b-7b0a-4470-a4e0-211078a15d62.tmp scheduled to be deleted on reboot.
File delete failed. C:\ProgramData\Z@S!-4192b036-d3ae-4314-8ee6-09510ad3f3fa.tmp scheduled to be deleted on reboot.
C:\Windows\invcol.tmp deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Philip Wooten
->Java cache emptied: 0 bytes

User: Public

User: QBDataServiceUser22

Total Java Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 57616 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Philip Wooten
->Temp folder emptied: 1239628 bytes
->Temporary Internet Files folder emptied: 251279184 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 11393412 bytes
->Google Chrome cache emptied: 73542476 bytes
->Flash cache emptied: 71961 bytes

User: Public
->Temp folder emptied: 0 bytes

User: QBDataServiceUser22
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 18336 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50467 bytes
RecycleBin emptied: 558822 bytes

Total Files Cleaned = 323.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Philip Wooten
->Flash cache emptied: 0 bytes

User: Public

User: QBDataServiceUser22

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 03082013_104621

Files\Folders moved on Reboot...
File\Folder C:\ProgramData\Z@!-0b60825b-7b0a-4470-a4e0-211078a15d62.tmp not found!
File\Folder C:\ProgramData\Z@S!-4192b036-d3ae-4314-8ee6-09510ad3f3fa.tmp not found!
C:\Users\Philip Wooten\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Philip Wooten\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{065B060F-B29A-4E8B-AB98-D7179F148F8E}.tmp not found!
File\Folder C:\Users\Philip Wooten\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{28918E95-BEA3-4CCD-9D18-351F30D041D7}.tmp not found!
File\Folder C:\Users\Philip Wooten\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{58746613-8AA2-4143-AAF1-649E82CD8251}.tmp not found!
File\Folder C:\Users\Philip Wooten\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{9FE2FE5C-5121-47E0-9564-E8A50FD70370}.tmp not found!
File\Folder C:\Users\Philip Wooten\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{ADD8C01D-F490-4810-9D2E-BC8C0906E1C3}.tmp not found!
File\Folder C:\Users\Philip Wooten\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{F3E6BF4C-82A3-49B1-BB88-9CCED5F2318F}.tmp not found!
File\Folder C:\Users\Philip Wooten\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{F3FA5C60-0894-4CD4-9C95-EF581AA5C72C}.tmp not found!
C:\Users\Philip Wooten\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YRX9ADF5\emily[2].html moved successfully.
C:\Users\Philip Wooten\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YRX9ADF5\iframe[1].htm moved successfully.
C:\Users\Philip Wooten\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YRX9ADF5\if[2].htm moved successfully.
C:\Users\Philip Wooten\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WWJZX71E\300x250-topbox[1].htm moved successfully.
C:\Users\Philip Wooten\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WWJZX71E\push[1].htm moved successfully.
C:\Users\Philip Wooten\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VLKXEZD7\fastbutton[1].htm moved successfully.
C:\Users\Philip Wooten\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VLKXEZD7\fastbutton[2].htm moved successfully.
C:\Users\Philip Wooten\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VLKXEZD7\like[1].htm moved successfully.
C:\Users\Philip Wooten\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VLKXEZD7\placement_cookie[1].htm moved successfully.
C:\Users\Philip Wooten\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VD81BOMB\emily[1].html moved successfully.
C:\Users\Philip Wooten\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VD81BOMB\ext[1].html moved successfully.
C:\Users\Philip Wooten\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RY5X7VET\xd_arbiter[1].htm moved successfully.
C:\Users\Philip Wooten\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RY5X7VET\xd_arbiter[2].htm moved successfully.
C:\Users\Philip Wooten\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LOIMLCLE\728x90-topleader[1].htm moved successfully.
C:\Users\Philip Wooten\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LOIMLCLE\ads[4].htm moved successfully.
C:\Users\Philip Wooten\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LOIMLCLE\bv[1].htm moved successfully.
C:\Users\Philip Wooten\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LOIMLCLE\google[1].htm moved successfully.
C:\Users\Philip Wooten\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IBXQU13W\likebox[1].htm moved successfully.
C:\Users\Philip Wooten\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IBXQU13W\worldofsolitaire_com[1].htm moved successfully.
C:\Users\Philip Wooten\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CTFE4A4X\aclk[3].htm moved successfully.
C:\Users\Philip Wooten\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CTFE4A4X\iframe[2].htm moved successfully.
C:\Users\Philip Wooten\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CTFE4A4X\tweet_button.1362636220[2].html moved successfully.
C:\Users\Philip Wooten\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B78INHA0\emily[1].html moved successfully.
C:\Users\Philip Wooten\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B78INHA0\like[1].htm moved successfully.
C:\Users\Philip Wooten\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B78INHA0\push[1].htm moved successfully.
C:\Users\Philip Wooten\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B78INHA0\zrt_lookup[1].html moved successfully.
C:\Users\Philip Wooten\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4HIUFJFK\fastbutton[1].htm moved successfully.
C:\Users\Philip Wooten\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[MrCharlie]

OK, just run another RogueKiller scan to see if the host file is OK now.

Is there any improvement?? MrC

[InertiaMike]

It looks like the OTL fix did the trick, there have not been any popups as of yet. I will continue to monitor it, the host file looks ok. Thank you so much for your help!

[MrCharlie]

OK, let me know.

I would like to check your security and we also have some clean-up to do:


Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt.
  
• Please Post the contents of that document.
  
• Do Not Attach It!!!

MrC

[MrCharlie]

How are we doing??

Do you still need help or can I close this post??

MrC

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!