Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Websites redirect and video ads popping up/audio ads run on desktop randomly.


  • This topic is locked This topic is locked
85 replies to this topic

#1 bwise721

bwise721

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:11:10 AM

Posted 24 July 2013 - 05:36 PM

We are running on a Windows Vista Ultimate (pretty old) we got it in 2007, I think.

Processor: Intel Core 2 Quad Q6600 @ 2.40 GHz 2.39 GHz

Ram: 4.00 GB

32-bit OS

(not sure if any of that helps but just in case)

 

We hardly ever shut our computer down, just turn the monitor off. Often times, when I turn the monitor back on, there are pop up ads (sometimes explicit and I have children!) and sometimes there will be an audio ad running but no visual.

 

We use Firefox for online access and 9 times out of 10, the website we type in is not where Firefox takes us.

 

The computer is running super slow as well.

 

Any help is much appreciated!

 

Many thanks!

Barbara



BC AdBot (Login to Remove)

 


#2 jhayz

jhayz

  • BC Advisor
  • 5,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:10 PM

Posted 24 July 2013 - 07:28 PM

Hello and Welcome to Bleeping Computer

 

Let's try to check some information and status from your computer.

 

Try downloading Speccy and then install the program.  To post and publish a snapshot of your PC.
. In the Menu bar, click File -> Publish Snapshot
. Click Yes > then Copy to Clipboard
. On your next reply, right-click on a empty space and click Paste on reply box then click Post.

 

Download SecurityCheck.exe from Here

. Run SecurityCheck and follow the instruction from inside the code box.
. When the scan is finished, a notepad will automatically open as check.txt
   Please copy and paste the contents here on your next reply.
 


Tekken
 


#3 bwise721

bwise721
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:11:10 AM

Posted 25 July 2013 - 05:32 PM

Thank you so much for your help!

 

http://speccy.piriform.com/results/JiwtbQowVXvM1XDTgLY7ZOn

 

 Results of screen317's Security Check version 0.99.71  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Lavasoft Ad-Aware               
Microsoft Security Essentials   
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Ad-Aware
 SUPERAntiSpyware     
 CCleaner     
 JavaFX 2.1.1    
 Java 7 Update 9  
 Java™ SE Runtime Environment 6
 Java™ 6 Update 7  
 Java version out of Date!
 Adobe Flash Player     11.7.700.224  
 Adobe Reader 8 Adobe Reader out of Date!
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox (22.0)
 Google Chrome 28.0.1500.71  
 Google Chrome 28.0.1500.72  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Ad-Aware AAWService.exe is disabled!
 Ad-Aware AAWTray.exe is disabled!
 Ad-Aware Antivirus AdAwareService.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````
 



#4 jhayz

jhayz

  • BC Advisor
  • 5,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:10 PM

Posted 26 July 2013 - 12:22 AM

Please remove Lavasoft Ad-aware by Add or Remove Programs. Remove also old and outdated Java versions and install the latest version from this link.

 

Download Adwcleaner by Xplode : http://www.bleepingcomputer.com/download/adwcleaner/
Click on Adwcleaner and hit the Delete button. Copy and paste the result on your next reply.

 

Scan for Malware using free Malwarebytes
Uncheck or skip the trial Pro version. Install then run a quick scan only after updating to the latest definition. Please post also the result.

 

Download and install freeSuperantispyware- follow the prompts and complete the update then run a quick scan and remove threats. Post the logs after completed.

 

Download JRT by thisisu http://www.bleepingcomputer.com/download/junkware-removal-tool/
Make sure to disable your antivirus real time or protection softwares before running JRT to avoid interferences.
For Vista and Windows 7, right-click and Run as Administrator. In XP, double click JRT icon.
Please be patient and let the program finish scanning.
Once finish, a text document will open then copy-paste it on your next reply.

 

 


Tekken
 


#5 bwise721

bwise721
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:11:10 AM

Posted 26 July 2013 - 06:49 PM

I removed Ad-aware and removed old Java and installed the latest version of Java.

I ran Adwcleaner 3 times already but Malwarebytes keeps crashing my computer so I lost the results for the Adwcleaner. I tried to see if they were saved somewhere but no luck. Unless you know of where to find them.

I will run Superantispyware now and then follow with the instructions for JRT.

Hopefully I'll be at least able to get through those 2 without any issues.

I'll post those results shortly.



#6 jhayz

jhayz

  • BC Advisor
  • 5,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:10 PM

Posted 26 July 2013 - 09:44 PM

Check Local disc C: AdwCleaner text file or log. Did you use the quick scan on Malwarebytes when it crash? Please post the remaining logs next time.


Edited by jhayz, 26 July 2013 - 09:44 PM.

Tekken
 


#7 bwise721

bwise721
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:11:10 AM

Posted 28 July 2013 - 10:10 AM

OK I found the AdwCleaner logs - here's all 3. Malwarebytes crashes a couple of minutes into the quick scan each time. I'm going to run the Superantispyware now.

 

# AdwCleaner v2.306 - Logfile created 07/26/2013 at 18:29:40
# Updated 19/07/2013 by Xplode
# Operating system : Windows Vista ™ Ultimate Service Pack 2 (32 bits)
# User : Velez Family - VELEZFAMILY-PC
# Boot Mode : Normal
# Running from : C:\Users\Velez Family\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\END
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\adawaretb.xml
File Deleted : C:\Windows\Tasks\AmiUpdXp.job
Folder Deleted : C:\Program Files\adawaretb
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Deal Vault
Folder Deleted : C:\Program Files\WhiteSmoke_US_New_E1
Folder Deleted : C:\Program Files\Wondershare
Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
Folder Deleted : C:\ProgramData\search protection
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Users\Velez Family\AppData\Local\APN
Folder Deleted : C:\Users\Velez Family\AppData\Local\Conduit
Folder Deleted : C:\Users\Velez Family\AppData\Local\Deal Vault
Folder Deleted : C:\Users\Velez Family\AppData\Local\OpenCandy
Folder Deleted : C:\Users\Velez Family\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Velez Family\AppData\LocalLow\adawaretb
Folder Deleted : C:\Users\Velez Family\AppData\LocalLow\comcasttb
Folder Deleted : C:\Users\Velez Family\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Velez Family\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Velez Family\AppData\LocalLow\ShopperReports3
Folder Deleted : C:\Users\Velez Family\AppData\LocalLow\WhiteSmoke_US_New_E1
Folder Deleted : C:\Users\Velez Family\AppData\Roaming\Mozilla\Firefox\Profiles\1f9lsogj.default\adawaretb
Folder Deleted : C:\Users\Velez Family\AppData\Roaming\Wondershare

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\adawaretb
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Deal Vault
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\ShopperReports3
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\WhiteSmoke_US_New_E1
Key Deleted : HKCU\Software\AppDataLow\Software\xfin_portal
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\adawaretb
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Deal Vault
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WhiteSmoke_US_New_E1 Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{72A0F495-BA60-4524-827B-B36B8C18587A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{72A0F495-BA60-4524-827B-B36B8C18587A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BB0773C4-1DF3-4521-AFD5-28BF53C9DD74}
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\adawaretb
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{72A0F495-BA60-4524-827B-B36B8C18587A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BB0773C4-1DF3-4521-AFD5-28BF53C9DD74}
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0019866.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0019866.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0019866.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0019866.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060497.FCTB000060497Pos
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060497.FCTB000060497Pos.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060497.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060497.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060497.IEToolbar.3
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060497.JSOptionsImpl
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060497.JSOptionsImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3272810
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A11A6BD-7880-49BD-92D4-6F09D0BD3250}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{68DE31F7-43FF-4EE2-B88B-10665016970D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\FCTB000060497
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3DB852A6-1A1C-4123-A695-27900309C749}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{42D6FF2B-BA8D-4159-8801-78A5E764CBAB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72A0F495-BA60-4524-827B-B36B8C18587A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BB0773C4-1DF3-4521-AFD5-28BF53C9DD74}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adawaretb
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_US_New_E1 Toolbar
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\Software\WhiteSmoke_US_New_E1
Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{72A0F495-BA60-4524-827B-B36B8C18587A}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{72A0F495-BA60-4524-827B-B36B8C18587A}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{72A0F495-BA60-4524-827B-B36B8C18587A}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{72A0F495-BA60-4524-827B-B36B8C18587A}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16496

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&CUI=UN27122741581694178&ctid=CT3272810 --> hxxp://www.google.com

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\Velez Family\AppData\Roaming\Mozilla\Firefox\Profiles\1f9lsogj.default\prefs.js

C:\Users\Velez Family\AppData\Roaming\Mozilla\Firefox\Profiles\1f9lsogj.default\user.js ... Deleted !

[OK] File is clean.

-\\ Google Chrome v28.0.1500.72

File : C:\Users\Velez Family\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [9713 octets] - [26/07/2013 18:29:40]

########## EOF - C:\AdwCleaner[S1].txt - [9773 octets] ##########
 

 

# AdwCleaner v2.306 - Logfile created 07/26/2013 at 19:01:30
# Updated 19/07/2013 by Xplode
# Operating system : Windows Vista ™ Ultimate Service Pack 2 (32 bits)
# User : Velez Family - VELEZFAMILY-PC
# Boot Mode : Normal
# Running from : C:\Users\Velez Family\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16496

[OK] Registry is clean.

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\Velez Family\AppData\Roaming\Mozilla\Firefox\Profiles\1f9lsogj.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v28.0.1500.72

File : C:\Users\Velez Family\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [9842 octets] - [26/07/2013 18:29:40]
AdwCleaner[S2].txt - [909 octets] - [26/07/2013 19:01:30]

########## EOF - C:\AdwCleaner[S2].txt - [968 octets] ##########
 

# AdwCleaner v2.306 - Logfile created 07/26/2013 at 19:36:20
# Updated 19/07/2013 by Xplode
# Operating system : Windows Vista ™ Ultimate Service Pack 2 (32 bits)
# User : Velez Family - VELEZFAMILY-PC
# Boot Mode : Normal
# Running from : C:\Users\Velez Family\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16496

[OK] Registry is clean.

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\Velez Family\AppData\Roaming\Mozilla\Firefox\Profiles\1f9lsogj.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v28.0.1500.72

File : C:\Users\Velez Family\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [9842 octets] - [26/07/2013 18:29:40]
AdwCleaner[S2].txt - [1036 octets] - [26/07/2013 19:01:30]
AdwCleaner[S3].txt - [969 octets] - [26/07/2013 19:36:20]

########## EOF - C:\AdwCleaner[S3].txt - [1028 octets] ##########
 



#8 bwise721

bwise721
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:11:10 AM

Posted 28 July 2013 - 10:54 AM

This is from the Superantispyware:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/28/2013 at 11:44 AM

Application Version : 5.6.1020

Core Rules Database Version : 10644
Trace Rules Database Version: 8456

Scan type       : Quick Scan
Total Scan Time : 00:32:48

Operating System Information
Windows Vista Ultimate 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)

Memory items scanned      : 847
Memory threats detected   : 0
Registry items scanned    : 31102
Registry threats detected : 0
File items scanned        : 12272
File threats detected     : 46

Adware.Tracking Cookie
    C:\Users\Velez Family\AppData\Roaming\Microsoft\Windows\Cookies\R7KDJTVF.txt [ /lfstmedia.com ]
    C:\Users\Velez Family\AppData\Roaming\Microsoft\Windows\Cookies\YAN1SRXI.txt [ /server.cpmstar.com ]
    C:\Users\Velez Family\AppData\Roaming\Microsoft\Windows\Cookies\XR8QY0VP.txt [ /network.realmedia.com ]
    C:\Users\Velez Family\AppData\Roaming\Microsoft\Windows\Cookies\0NWRTVWB.txt [ /casalemedia.com ]
    C:\Users\Velez Family\AppData\Roaming\Microsoft\Windows\Cookies\5SJXAQKX.txt [ /clickfuse.com ]
    C:\Users\Velez Family\AppData\Roaming\Microsoft\Windows\Cookies\67GZNTCK.txt [ /adserver.adtechus.com ]
    C:\Users\Velez Family\AppData\Roaming\Microsoft\Windows\Cookies\B79T7KFX.txt [ /ad.e-kolay.net ]
    C:\Users\Velez Family\AppData\Roaming\Microsoft\Windows\Cookies\ULFFTYIR.txt [ /doubleclick.net ]
    C:\Users\Velez Family\AppData\Roaming\Microsoft\Windows\Cookies\OOXIUT5D.txt [ /filipinofriendfinder.com ]
    C:\Users\Velez Family\AppData\Roaming\Microsoft\Windows\Cookies\XTT1JC05.txt [ /friendfinder.com ]
    C:\Users\Velez Family\AppData\Roaming\Microsoft\Windows\Cookies\HM09RJEJ.txt [ /burstnet.com ]
    C:\Users\Velez Family\AppData\Roaming\Microsoft\Windows\Cookies\WEXOXP2B.txt [ /smartcj.com ]
    C:\Users\Velez Family\AppData\Roaming\Microsoft\Windows\Cookies\J0Z3TT6R.txt [ /accounts.google.com ]
    C:\Users\Velez Family\AppData\Roaming\Microsoft\Windows\Cookies\IRTSU1DH.txt [ /indianfriendfinder.com ]
    C:\Users\Velez Family\AppData\Roaming\Microsoft\Windows\Cookies\RFVEVZ9F.txt [ /koreanfriendfinder.com ]
    C:\Users\Velez Family\AppData\Roaming\Microsoft\Windows\Cookies\W9IHYHWT.txt [ /seniorfriendfinder.com ]
    C:\Users\Velez Family\AppData\Roaming\Microsoft\Windows\Cookies\DCI8BHH2.txt [ /zedo.com ]
    C:\Users\Velez Family\AppData\Roaming\Microsoft\Windows\Cookies\7AF8Y66M.txt [ /tubexxxvid.com ]
    C:\Users\Velez Family\AppData\Roaming\Microsoft\Windows\Cookies\AEXT5U04.txt [ /traveladvertising.com ]
    C:\Users\Velez Family\AppData\Roaming\Microsoft\Windows\Cookies\1LE098VK.txt [ /hardsextube.com ]
    C:\Users\Velez Family\AppData\Roaming\Microsoft\Windows\Cookies\R4ED5PI9.txt [ /germanfriendfinder.com ]
    C:\Users\Velez Family\AppData\Roaming\Microsoft\Windows\Cookies\4UAWGG4M.txt [ /jewishfriendfinder.com ]
    C:\Users\Velez Family\AppData\Roaming\Microsoft\Windows\Cookies\JK95B891.txt [ /ads.crakmedia.com ]
    C:\Users\Velez Family\AppData\Roaming\Microsoft\Windows\Cookies\I5WR9IKR.txt [ /ad.yieldmanager.com ]
    C:\Users\Velez Family\AppData\Roaming\Microsoft\Windows\Cookies\1F4GM1T9.txt [ /realmedia.com ]
    C:\Users\Velez Family\AppData\Roaming\Microsoft\Windows\Cookies\YF0UETJN.txt [ /adultfriendfinder.com ]
    C:\Users\Velez Family\AppData\Roaming\Microsoft\Windows\Cookies\F6IX3FQO.txt [ /asiafriendfinder.com ]
    C:\USERS\VELEZ FAMILY\Cookies\YAN1SRXI.txt [ Cookie:velez [email protected]/ ]
    C:\USERS\VELEZ FAMILY\Cookies\XR8QY0VP.txt [ Cookie:velez [email protected]/ ]
    C:\USERS\VELEZ FAMILY\Cookies\5SJXAQKX.txt [ Cookie:velez [email protected]/ ]
    C:\USERS\VELEZ FAMILY\Cookies\67GZNTCK.txt [ Cookie:velez [email protected]/ ]
    C:\USERS\VELEZ FAMILY\Cookies\HM09RJEJ.txt [ Cookie:velez [email protected]/ ]
    C:\USERS\VELEZ FAMILY\Cookies\WEXOXP2B.txt [ Cookie:velez [email protected]/ ]
    C:\USERS\VELEZ FAMILY\Cookies\J0Z3TT6R.txt [ Cookie:velez [email protected]/ ]
    C:\USERS\VELEZ FAMILY\Cookies\IRTSU1DH.txt [ Cookie:velez [email protected]/ ]
    C:\USERS\VELEZ FAMILY\Cookies\RFVEVZ9F.txt [ Cookie:velez [email protected]/ ]
    C:\USERS\VELEZ FAMILY\Cookies\DCI8BHH2.txt [ Cookie:velez [email protected]/ ]
    C:\USERS\VELEZ FAMILY\Cookies\7AF8Y66M.txt [ Cookie:velez [email protected]/ ]
    C:\USERS\VELEZ FAMILY\Cookies\AEXT5U04.txt [ Cookie:velez [email protected]/ ]
    C:\USERS\VELEZ FAMILY\Cookies\1LE098VK.txt [ Cookie:velez [email protected]/ ]
    C:\USERS\VELEZ FAMILY\Cookies\R4ED5PI9.txt [ Cookie:velez [email protected]/ ]
    C:\USERS\VELEZ FAMILY\Cookies\4UAWGG4M.txt [ Cookie:velez [email protected]/ ]
    C:\USERS\VELEZ FAMILY\Cookies\I5WR9IKR.txt [ Cookie:velez [email protected]/ ]
    C:\USERS\VELEZ FAMILY\Cookies\1F4GM1T9.txt [ Cookie:velez [email protected]/ ]
    C:\USERS\VELEZ FAMILY\Cookies\YF0UETJN.txt [ Cookie:velez [email protected]/ ]
    C:\USERS\VELEZ FAMILY\Cookies\F6IX3FQO.txt [ Cookie:velez [email protected]/ ]
 



#9 jhayz

jhayz

  • BC Advisor
  • 5,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:10 PM

Posted 28 July 2013 - 11:12 AM

How's the computer running? Try running malwarebytes in safemode or reinstalling a newly downloaded exe file. Please post the JRT logs also next time.


Tekken
 


#10 bwise721

bwise721
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:11:10 AM

Posted 28 July 2013 - 01:24 PM

Here's the JRT log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.5 (07.26.2013:2)
OS: Windows Vista ™ Ultimate x86
Ran by Velez Family on Sun 07/28/2013 at 12:31:08.68
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550155985566}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660166986666}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550155985566}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660166986666}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{30750DD1-EADD-4cf1-A485-C736C96936AB}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{311465CA-FC72-40BE-99BB-9FF3B435737B}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{55D52B3A-15DB-41A1-968F-937F79A13878}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6EAD5F52-552B-406D-9A51-5EE1202D6693}



~~~ Files

Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll



~~~ Folders

Successfully deleted: [Folder] C:\Users\Velez Family\AppData\LocalLow\FCTB000060497
Successfully deleted: [Folder] "C:\ProgramData\big fish games"
Successfully deleted: [Folder] "C:\ProgramData\etoolkit"
Successfully deleted: [Folder] "C:\ProgramData\pc1data"
Successfully deleted: [Folder] "C:\Users\Velez Family\AppData\Roaming\big fish games"
Successfully deleted: [Folder] "C:\Users\Velez Family\AppData\Roaming\pc cleaners"
Successfully deleted: [Folder] "C:\Users\Velez Family\AppData\Roaming\pcpro"
Successfully deleted: [Folder] "C:\Users\Velez Family\AppData\Roaming\red kawa"
Successfully deleted: [Folder] "C:\Users\Velez Family\appdata\local\adawarebp"
Successfully deleted: [Folder] "C:\Users\Velez Family\appdata\local\visi_coupon"
Successfully deleted: [Folder] "C:\Program Files\coupons"
Successfully deleted: [Folder] "C:\Program Files\red kawa"
Successfully deleted: [Folder] "C:\Program Files\toolkitservice"
Successfully deleted: [Empty Folder] C:\Users\Velez Family\appdata\local\{AA6589EE-B8E0-46B2-89D2-91BC47076CA6}



~~~ FireFox

Failed to delete: [File] "C:\Program Files\Mozilla Firefox\searchplugins\toolkitsearch.xml"
Successfully deleted: [File] C:\Users\Velez Family\AppData\Roaming\mozilla\firefox\profiles\1f9lsogj.default\extensions\[email protected] [Tracur]
Successfully deleted: [Folder] C:\Users\Velez Family\AppData\Roaming\mozilla\firefox\profiles\1f9lsogj.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
Successfully deleted: [Folder] C:\Users\Velez Family\AppData\Roaming\mozilla\firefox\profiles\1f9lsogj.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}



~~~ Chrome

Dumping contents of C:\Users\Velez Family\appdata\local\Google\Chrome\User Data\Default\Default
C:\Users\Velez Family\appdata\local\Google\Chrome\User Data\Default\Default\aagedidjgdgddbdhgdgedhgedegggbda
C:\Users\Velez Family\appdata\local\Google\Chrome\User Data\Default\Default\aagedidjgdgddbdhgdgedhgedegggbda\background.js
C:\Users\Velez Family\appdata\local\Google\Chrome\User Data\Default\Default\aagedidjgdgddbdhgdgedhgedegggbda\ContentScript.js
C:\Users\Velez Family\appdata\local\Google\Chrome\User Data\Default\Default\aagedidjgdgddbdhgdgedhgedegggbda\manifest.json

Successfully deleted: [Folder] C:\Users\Velez Family\appdata\local\Google\Chrome\User Data\Default\Default [Default Extension 1.0]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 07/28/2013 at 14:22:39.64
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#11 bwise721

bwise721
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:11:10 AM

Posted 28 July 2013 - 01:25 PM

I'm going to attempt to run Malwarebytes in safemode. I'll post the results.



#12 bwise721

bwise721
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:11:10 AM

Posted 28 July 2013 - 02:47 PM

it ran fine in safe mode - here are the results:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.26.06

Windows Vista Service Pack 2 x86 NTFS (Safe Mode)
Internet Explorer 9.0.8112.16421
Velez Family :: VELEZFAMILY-PC [administrator]

7/28/2013 2:32:26 PM
mbam-log-2013-07-28 (14-32-26).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 325331
Time elapsed: 34 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Users\Velez Family\AppData\Local\Temp\Updater.exe (PUP.Optional.Amonetize) -> Quarantined and deleted successfully.
C:\Users\Velez Family\Downloads\amwp - Posh Shop(2).rar (PUP.Downloader.ZYL) -> Quarantined and deleted successfully.
C:\Users\Velez Family\Downloads\amwp - Posh Shop.rar (PUP.Downloader.ZYL) -> Quarantined and deleted successfully.
C:\Users\Velez Family\Downloads\USeeSoft.DVD.Ripper.v1.5.1.6.Cracked-ErES.rar (Backdoor.Generic) -> Quarantined and deleted successfully.

(end)
 



#13 jhayz

jhayz

  • BC Advisor
  • 5,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:10 PM

Posted 28 July 2013 - 07:45 PM

Any improvements?


Tekken
 


#14 bwise721

bwise721
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:11:10 AM

Posted 29 July 2013 - 07:15 AM

Seems the computer and internet are running faster and the no more surprise internet webpages. However, I still have the pop up ads on the desktop.



#15 bwise721

bwise721
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:11:10 AM

Posted 29 July 2013 - 10:35 AM

Just got on the internet and websites are still be redirected and ads are still popping up on the desktop... *sigh* I'm thinking I may have to wipe the entire harddrive but I'm afraid there are viruses installed to where even wiping the harddrive won't matter...






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users