Two Plus Two Publishing LLC Two Plus Two Publishing LLC
 

Go Back   Two Plus Two Poker Forums > Other Topics > Computer Technical Help

Notices

Computer Technical Help Post your questions about computer hardware and software and configuring same here.

Reply
 
Thread Tools Display Modes
Old 03-17-2014, 11:59 AM   #1
stranger
 
Join Date: Mar 2014
Posts: 4
I cant remove Start savin extension Spyware

Hey guys, some sort of advertising virus called startsavin has somehow been installed on my computer. It keeps bringing up random pop-ups and adverts on various websites. I've tried going to control panel and uninstalling it but a pop-up appears saying NSIS error - failed to launch installer. Norton keeps saying it has blocked threats but the programme remains on my computer. Every time I try to uninstall it I get this pop-up preventing me Any help would be much appreciated. Thanks.

I saw Gabethebabe Malware Jedi helped another person resolved this issue asking for her OTL logs and manually fixing it. Here is mines



OTL logfile created on: 3/17/2014 11:43:54 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Home\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.96 Gb Available Physical Memory | 48.31% Memory free
3.98 Gb Paging File | 2.32 Gb Available in Paging File | 58.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148.95 Gb Total Space | 122.01 Gb Free Space | 81.91% Space Free | Partition Type: NTFS

Computer Name: HOME-PC | User Name: Home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/03/17 11:40:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Downloads\OTL.com
PRC - [2014/02/21 12:42:20 | 000,060,416 | ---- | M] () -- C:\Program Files\Bench\Wd\wd.exe
PRC - [2014/02/21 12:42:20 | 000,049,664 | ---- | M] () -- C:\Program Files\Bench\BService\bservice.exe
PRC - [2014/02/19 17:56:10 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.ex e
PRC - [2013/12/21 12:33:52 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/10/08 08:05:13 | 000,264,360 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\21.1.0.18\N360.exe
PRC - [2013/09/15 19:36:00 | 000,366,728 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
PRC - [2012/10/16 15:19:02 | 000,369,152 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\pcCMService.exe
PRC - [2012/03/02 17:49:00 | 000,797,296 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe
PRC - [2012/03/02 17:48:30 | 000,494,192 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/05/21 23:19:54 | 000,598,696 | ---- | M] ( ) -- C:\Windows\System32\dleacoms.exe
PRC - [2009/07/13 21:14:24 | 000,157,184 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Windows Defender\MpCmdRun.exe
PRC - [2008/01/17 08:22:20 | 004,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/05 07:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe


========== Modules (No Company Name) ==========

MOD - [2014/02/21 12:42:20 | 000,060,416 | ---- | M] () -- C:\Program Files\Bench\Wd\wd.exe
MOD - [2014/02/21 12:42:20 | 000,049,664 | ---- | M] () -- C:\Program Files\Bench\BService\bservice.exe
MOD - [2014/02/21 12:42:20 | 000,049,664 | ---- | M] () -- C:\Program Files\Bench\BService\bhelper.dll


========== Services (SafeList) ==========

SRV - [2014/03/11 22:06:22 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpda teService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/28 23:38:23 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2013/12/22 04:11:04 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/08 08:05:13 | 000,264,360 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\21.1.0.18\N360.exe -- (N360)
SRV - [2013/09/15 19:36:00 | 000,366,728 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe -- (cpextender)
SRV - [2013/05/27 00:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/10/16 15:19:02 | 000,369,152 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\Common Files\Motive\pcCMService.exe -- (pcCMService)
SRV - [2012/03/02 17:49:00 | 000,797,296 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe -- (wsnm_usbctrl)
SRV - [2012/03/02 17:48:30 | 000,494,192 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe -- (wsnm)
SRV - [2010/05/21 23:19:54 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dleacoms.exe -- (dlea_device)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2007/12/05 07:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - [2014/03/17 10:40:20 | 000,098,392 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SMR410.SYS -- (SMR410)
DRV - [2014/03/08 12:45:16 | 001,612,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\201 40317.004\NAVEX15.SYS -- (NAVEX15)
DRV - [2014/03/08 12:45:16 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\201 40317.004\NAVENG.SYS -- (NAVENG)
DRV - [2014/03/06 14:32:01 | 000,376,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2014/03/05 23:43:31 | 000,395,992 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140 314.001\IDSvix86.sys -- (IDSVix86)
DRV - [2014/01/20 14:13:39 | 000,142,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2014/01/20 06:52:56 | 000,108,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2014/01/14 18:42:14 | 000,034,640 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ISWKLP.sys -- (ISWKLP)
DRV - [2014/01/09 22:48:04 | 001,098,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\2014 0214.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/10/01 20:42:31 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2013/09/26 23:18:30 | 000,935,512 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\1501000.012\SymEF A.sys -- (SymEFA)
DRV - [2013/09/26 22:45:56 | 000,206,936 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1501000.012\Ironx 86.sys -- (SymIRON)
DRV - [2013/09/26 22:26:03 | 000,651,352 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\N360\1501000.012\srtsp .sys -- (SRTSP)
DRV - [2013/09/25 23:28:00 | 000,446,552 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1501000.012\symne ts.sys -- (SymNetS)
DRV - [2013/09/25 22:50:25 | 000,127,064 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1501000.012\ccSet x86.sys -- (ccSet_N360)
DRV - [2013/09/09 22:47:26 | 000,367,704 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\1501000.012\SymDS .sys -- (SymDS)
DRV - [2013/09/09 21:49:48 | 000,032,344 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1501000.012\srtsp x.sys -- (SRTSPX)
DRV - [2013/01/20 17:28:40 | 000,129,304 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vna.sys -- (VNA)
DRV - [2012/10/16 15:18:54 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2012/10/16 15:18:54 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2012/08/23 10:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 10:41:34 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2012/03/02 17:49:00 | 000,040,048 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmwvusb.sys -- (vmwvusb)
DRV - [2010/11/20 17:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 18:02:50 | 000,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2008/07/26 16:26:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/07/26 16:25:48 | 000,627,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/07/26 16:22:34 | 002,570,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI)
DRV - [2008/07/26 16:22:22 | 000,013,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lv302af.sys -- (pepifilter)
DRV - [2008/03/05 01:00:40 | 000,034,128 | ---- | M] (DemoForge, LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dfmirage.sys -- (dfmirage)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?ctid=ct33...fce1b35f&sspv=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 12 EB 57 DA 93 FD CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.conduit.com/Results.aspx?ctid=CT3321727&octid=EB_ORIGINAL_CTID &SearchSource=58&CUI=&UM=4&UP=SP925D01DF-E968-4AE8-8465-3731FCE1B35F&q={searchTerms}&SSPV=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1207148 .dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014/01/20 14:13:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ [2014/03/17 10:42:15 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ }{googleriginalQueryForSuggestion}{google:assist edQueryStats}{google:searchFieldtrialParameter}{go ogle:bookmarkBarPinned}{google:searchClient}{googl e:sourceId}{google:instantExtendedEnabledParameter }{googlemniboxStartMarginParameter}ie={inputEnco ding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldt rialParameter}client={google:suggestClient}&gs_ri= {google:suggestRid}&xssi=t&q={searchTerms}&{google :cursorPosition}{google:currentPageUrl}{googleag eClassification}sugkey={google:suggestAPIKeyParame ter},
CHR - homepage: http://www.google.com/
CHR - plugin: Error reading preferences file
CHR - Extension: Google Drive = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf\0.0.0.20_0\
CHR - Extension: Start Savin = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\imfpmncmbojnbdhnogcegojoca bhpbnh\1.0_0\
CHR - Extension: Norton Identity Protection = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmn jhmcmk\2014.6.4.11_0\
CHR - Extension: Google Wallet = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia\7_0\

O1 HOSTS File: ([2014/03/15 00:47:05 | 000,000,872 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 54.225.95.126 imfpmncmbojnbdhnogcegojocabhpbnh
O2 - BHO: (Start Savin BHO) - {181F2C09-56DD-4F98-86D7-59BA2BC59B5A} - C:\Program Files\Start Savin\FrameworkBHO.dll File not found
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\21.1.0.18\IPS\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Value Apps plugin) - {F63AAEDC-3602-49EF-AA45-262380A98980} - C:\Users\Home\AppData\Roaming\ValueApps\IE\MonPrx. dll File not found
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [BService] C:\Program Files\Bench\BService\bservice.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Wd] C:\Program Files\Bench\Wd\wd.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: gotoworkbooth.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: workbooth.com ([portal1] https in Trusted sites)
O15 - HKCU\..Trusted Domains: workbooth.com ([usden-portal2-b2] https in Trusted sites)
O15 - HKCU\..Trusted Domains: workbooth.com ([usphx-portal2-b1] https in Trusted sites)
O15 - HKCU\..Trusted Domains: workbooth.com ([usphx-portal2-b2] https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {414FB93D-DEDD-4FEF-AD7F-167992EBDB52} https://usphx-portal2-b1.workbooth.c...L/extender.cab (SlimClient Class)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/W...g/ieatgpc1.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{5C32D60B-7904-42AE-889D-0579FB826673}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.ex e (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (wsauth) - C:\Windows\System32\wsauth.dll (VMware, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/17 11:14:26 | 000,106,928 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2014/03/17 11:14:10 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NBRTWizard
[2014/03/17 11:14:10 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NBRTWizard\0600000.04A
[2014/03/17 11:14:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Bootable Recovery Tool Wizard
[2014/03/17 11:14:09 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Bootable Recovery Tool Wizard
[2014/03/17 10:40:20 | 000,098,392 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SMR410.SYS
[2014/03/17 10:40:12 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\NPE
[2014/03/15 01:57:46 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\TuneUp Software
[2014/03/15 01:57:23 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
[2014/03/15 01:54:06 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2014/03/15 01:54:06 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\MFAData
[2014/03/15 01:54:06 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2014/03/13 06:35:51 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2014/03/13 06:35:50 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2014/03/13 06:35:50 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2014/03/13 06:35:50 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2014/03/13 06:35:50 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2014/03/13 06:35:50 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2014/03/13 06:35:50 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/03/13 06:35:50 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014/03/13 06:35:50 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2014/03/13 06:35:49 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/03/13 06:35:48 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/03/13 06:35:47 | 004,244,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/03/13 06:35:45 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml****b
[2014/03/13 06:35:45 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/03/13 06:35:44 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/03/13 06:35:44 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014/03/13 06:35:44 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2014/03/13 06:35:44 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014/03/13 06:35:16 | 002,349,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014/03/13 06:35:15 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2014/03/06 19:50:50 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2014/03/06 18:42:36 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\Microsoft Help
[2014/03/06 18:42:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2014/03/05 12:49:08 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\com.prezi.PreziDeskt op
[2014/03/05 12:47:14 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\BenchUpdater
[2014/03/05 12:47:02 | 000,000,000 | ---D | C] -- C:\Program Files\Bench
[2014/03/05 12:46:58 | 000,000,000 | ---D | C] -- C:\temp
[2014/03/05 12:45:11 | 000,000,000 | ---D | C] -- C:\Program Files\pcreg
[2014/03/01 16:30:51 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\MOVAVI
[2014/02/23 04:03:53 | 000,000,000 | ---D | C] -- C:\Program Files\Dell
[2014/02/23 04:03:36 | 000,000,000 | ---D | C] -- C:\ProgramData\dl_Cats
[2014/02/23 04:03:06 | 000,000,000 | ---D | C] -- C:\Program Files\Dell V310-V510 Series
[2014/02/20 15:59:45 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbGDCoInstaller.dll
[2014/02/20 15:59:42 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyCon trol.exe
[2014/02/20 15:59:41 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbFlt.sys
[2014/02/20 15:59:39 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdvidcrl.dll
[2014/02/20 15:59:39 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprt.exe
[2014/02/20 15:59:39 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWbPrxy.exe
[2014/02/20 15:59:39 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2014/02/20 15:59:39 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsRdpWebAccess.dll
[2014/02/20 15:59:39 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprtPS.dll
[2014/02/20 15:59:39 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyExt ension.dll
[2014/02/20 15:59:08 | 000,792,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWorkspace.dll
[2014/02/19 10:55:20 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2014/02/19 10:55:07 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2014/02/19 10:55:07 | 001,987,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2014/02/19 10:55:04 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2014/02/19 10:55:04 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2014/02/19 10:55:04 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2014/02/19 10:55:03 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2014/02/19 10:55:03 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2014/02/19 10:55:03 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2014/02/19 10:55:03 | 000,390,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2014/02/19 10:55:03 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2014/02/19 10:55:03 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[6 C:\Users\Home\AppData\Local\*.tmp files -> C:\Users\Home\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/03/17 11:18:22 | 000,661,656 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/03/17 11:18:22 | 000,121,524 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/03/17 11:12:46 | 000,001,358 | ---- | M] () -- C:\Users\Home\Desktop\Norton Installation Files.lnk
[2014/03/17 11:06:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/03/17 11:01:38 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/17 10:49:23 | 000,021,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/17 10:49:23 | 000,021,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/17 10:42:04 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/17 10:41:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/17 10:41:49 | 1602,097,152 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/17 10:40:20 | 000,098,392 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SMR410.SYS
[2014/03/16 23:51:02 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\bench-S-1-5-21-3546785434-3741336333-652664292-1000.job
[2014/03/16 20:18:00 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\bench-sys.job
[2014/03/16 14:54:41 | 000,001,832 | ---- | M] () -- C:\Users\Home\AppData\Local\SLC_Home.prx
[2014/03/15 07:08:06 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/03/14 15:48:06 | 000,410,824 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/03/11 22:06:10 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/03/11 22:06:10 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/03/05 12:47:08 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/03/04 16:47:50 | 000,000,189 | ---- | M] () -- C:\Users\Home\Desktop\Go To Work - @Home WorkBooth 2.0.url
[2014/03/01 16:30:35 | 000,004,896 | ---- | M] () -- C:\ProgramData\uxxadbmu.rlu
[2014/03/01 00:11:20 | 002,724,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml****b
[2014/03/01 00:10:48 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2014/02/28 23:52:43 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014/02/28 23:51:53 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2014/02/28 23:43:55 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/02/28 23:43:28 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014/02/28 23:40:17 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/02/28 23:38:26 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/02/28 23:38:23 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2014/02/28 23:37:35 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2014/02/28 23:31:30 | 000,646,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2014/02/28 23:25:29 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014/02/28 23:16:09 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2014/02/28 23:14:15 | 004,244,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/02/28 23:03:49 | 000,524,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/02/28 23:00:08 | 001,964,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/02/28 22:25:42 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2014/02/23 04:03:36 | 000,000,142 | ---- | M] () -- C:\Windows\System32\LexFiles.ulf
[6 C:\Users\Home\AppData\Local\*.tmp files -> C:\Users\Home\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/03/17 11:14:10 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NBRTWizard\0600000.04A \isolate.ini
[2014/03/05 12:47:08 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/03/05 12:47:04 | 000,000,330 | ---- | C] () -- C:\Windows\tasks\bench-sys.job
[2014/03/05 12:47:04 | 000,000,330 | ---- | C] () -- C:\Windows\tasks\bench-S-1-5-21-3546785434-3741336333-652664292-1000.job
[2014/03/04 16:47:50 | 000,000,189 | ---- | C] () -- C:\Users\Home\Desktop\Go To Work - @Home WorkBooth 2.0.url
[2014/03/01 16:30:35 | 000,004,896 | ---- | C] () -- C:\ProgramData\uxxadbmu.rlu
[2014/02/23 04:03:36 | 000,000,142 | ---- | C] () -- C:\Windows\System32\LexFiles.ulf
[2014/02/07 19:00:15 | 000,001,832 | ---- | C] () -- C:\Users\Home\AppData\Local\SLC_Home.prx
[2013/12/22 05:38:17 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll

========== ZeroAccess Check ==========

[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc8 7-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA 9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 17:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CD B-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
Janiece1987 is offline   Reply With Quote
Old 03-19-2014, 05:23 PM   #2
Malware Jedi
 
Gabethebabe's Avatar
 
Join Date: Oct 2007
Location: In front of my monitor
Posts: 18,617
Re: I cant remove Start savin extension Spyware

Please rerun OTL.EXE and copy/paste in the custom scans/fixes field the following:

Code:
:otl
PRC - [2014/02/21 12:42:20 | 000,060,416 | ---- | M] () -- C:\Program Files\Bench\Wd\wd.exe
PRC - [2014/02/21 12:42:20 | 000,049,664 | ---- | M] () -- C:\Program Files\Bench\BService\bservice.exe
O2 - BHO: (Start Savin BHO) - {181F2C09-56DD-4F98-86D7-59BA2BC59B5A} - C:\Program Files\Start Savin\FrameworkBHO.dll File not found
O2 - BHO: (Value Apps plugin) - {F63AAEDC-3602-49EF-AA45-262380A98980} - C:\Users\Home\AppData\Roaming\ValueApps\IE\MonPrx. dll File not found
O4 - HKLM..\Run: [BService] C:\Program Files\Bench\BService\bservice.exe ()
O4 - HKLM..\Run: [Wd] C:\Program Files\Bench\Wd\wd.exe ()
O15 - HKCU\..Trusted Domains: gotoworkbooth.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: workbooth.com ([portal1] https in Trusted sites)
O15 - HKCU\..Trusted Domains: workbooth.com ([usden-portal2-b2] https in Trusted sites)
O15 - HKCU\..Trusted Domains: workbooth.com ([usphx-portal2-b1] https in Trusted sites)
O15 - HKCU\..Trusted Domains: workbooth.com ([usphx-portal2-b2] https in Trusted sites)

:files
C:\Program Files\Bench
C:\Program Files\Start Savin

:services
MRENDIS5
MREMPR5
After that click the Run Fix button, not the Run Scan!

Post the log back here.
Gabethebabe is offline   Reply With Quote
Old 03-20-2014, 01:09 AM   #3
stranger
 
Join Date: Mar 2014
Posts: 4
Re:

========== OTL ==========
Process wd.exe killed successfully!
No active process named bservice.exe was found!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{181F2C09-56DD-4F98-86D7-59BA2BC59B5A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{181F2C0 9-56DD-4F98-86D7-59BA2BC59B5A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{F63AAEDC-3602-49EF-AA45-262380A98980}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F63AAED C-3602-49EF-AA45-262380A98980}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run\\BService not found.
File C:\Program Files\Bench\BService\bservice.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run\\Wd deleted successfully.
C:\Program Files\Bench\Wd\wd.exe moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Internet Settings\ZoneMap\Domains\gotoworkbooth.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Internet Settings\ZoneMap\Domains\workbooth.com\portal1\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Internet Settings\ZoneMap\Domains\workbooth.com\usden-portal2-b2\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Internet Settings\ZoneMap\Domains\workbooth.com\usphx-portal2-b1\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Internet Settings\ZoneMap\Domains\workbooth.com\usphx-portal2-b2\ deleted successfully.
========== FILES ==========
C:\Program Files\Bench\Wd folder moved successfully.
C:\Program Files\Bench\Updater\1.7.0.0 folder moved successfully.
C:\Program Files\Bench\Updater folder moved successfully.
C:\Program Files\Bench\NmHost\data\installer folder moved successfully.
C:\Program Files\Bench\NmHost\data folder moved successfully.
C:\Program Files\Bench\NmHost folder moved successfully.
C:\Program Files\Bench\BService folder moved successfully.
C:\Program Files\Bench folder moved successfully.
File\Folder C:\Program Files\Start Savin not found.
========== SERVICES/DRIVERS ==========
Service MRENDIS5 stopped successfully!
Service MRENDIS5 deleted successfully!
Service MREMPR5 stopped successfully!
Service MREMPR5 deleted successfully!

OTL by OldTimer - Version 3.2.69.0 log created on 03202014_010759
Janiece1987 is offline   Reply With Quote
Old 03-20-2014, 05:42 AM   #4
Malware Jedi
 
Gabethebabe's Avatar
 
Join Date: Oct 2007
Location: In front of my monitor
Posts: 18,617
Re: I cant remove Start savin extension Spyware

So that went well

But did it also improve anything?
Gabethebabe is offline   Reply With Quote
Old 03-20-2014, 09:17 AM   #5
stranger
 
Join Date: Mar 2014
Posts: 4
Re: I cant remove Start savin extension Spyware

Yes it have. My computer is running faster. And that start saving exe is gone. no more ads!!Thank you so much. You save me money.
Janiece1987 is offline   Reply With Quote

Reply
      

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -4. The time now is 02:04 PM.


Powered by vBulletin®
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.6.0 ©2011, Crawlability, Inc.
Copyright 2008-2010, Two Plus Two Interactive