Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Adware?


  • Please log in to reply
5 replies to this topic

#1 ebonienicole

ebonienicole

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 05 October 2013 - 12:39 PM

It looks like I have something on my PC causing random text to be linked. See attachment. Is this Adware? How can I get it off? It's super annoying. I can't decipher between an authentic link and this.

Attached Files


Edited by hamluis, 05 October 2013 - 01:49 PM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:46 PM

Posted 05 October 2013 - 04:45 PM

Hello ebonienicole -

EDIT - Please click on Follow this Topic at top Right side Now -

Important - Close or save all other open work on your desktop -

 

Please start with How To Temporarily Disable Your Anti-virus

Now Please download Junkware Removal Tool by thisisu to your desktop
Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

 

Follow with Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button (Only Once)
  • When the scan has finished click on Clean button (Only Once).
  • NOTE : Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Now make sure all Antivirus is enabled again -

 

Thank You -


Edited by noknojon, 05 October 2013 - 04:48 PM.


#3 ebonienicole

ebonienicole
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 06 October 2013 - 11:50 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.4 (10.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Ebonie on Sun 10/06/2013 at 10:41:13.47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dynconie.dynconieobject
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2830488C-079B-45C2-88B6-AFE4EAA2DF85}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{781CA792-9B6E-400B-B36F-15C097D2CA54}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dsiteproducts
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2513817051-1301348026-1369586563-1004\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\plus-hd-2_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\torch.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\Free Ride Games
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\openit open it!
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\searchprotect
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Users\Public\Desktop\open it!.lnk"
Successfully deleted: [File] "C:\end"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\basicserve"
Successfully deleted: [Folder] "C:\ProgramData\starapp"
Successfully deleted: [Folder] "C:\Program Files (x86)\basicserve"
Successfully deleted: [Folder] "C:\Program Files (x86)\file type helper"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\open it!"
 
 
 
~~~ FireFox
 
Successfully deleted: [Folder] C:\Users\Ebonie\AppData\Roaming\mozilla\firefox\profiles\r73a7ni3.default\extensions\588a2804-b11d-4809-963b-a886d1e8684e@416c8902-1140-4f75-9037-bf86b99379db.com
Successfully deleted: [Folder] C:\Users\Ebonie\AppData\Roaming\mozilla\firefox\profiles\r73a7ni3.default\extensions\9b7182cf-0847-4d17-8a3f-c850f8c4a23e@51bca2a9-a5e9-4d98-8d77-40c0e8212d2a.com
Successfully deleted the following from C:\Users\Ebonie\AppData\Roaming\mozilla\firefox\profiles\r73a7ni3.default\prefs.js
 
user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.js", "\n\nappAPI.ready(function($) {\n\n $('body').bindExtensionEvent('re
user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI
user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.plugins.plugin_102.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.plugins.plugin_104.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.plugins.plugin_119.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.plugins.plugin_120.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.plugins.plugin_123.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.plugins.plugin_13.name", "CrossriderAppUtils");
user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.plugins.plugin_138.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.plugins.plugin_14.name", "CrossriderUtils");
user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.plugins.plugin_155.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBack
user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQu
user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={
user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){va
user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.plugins.plugin_78.name", "CrossriderInfo");
user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.plugins.plugin_9.code", "appAPI.hooks.addHook(\"searchEngine\",(function(
user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.plugins.plugin_91.code", "(function(h){var p=(function(){var R=0;var Z=\"
user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.plugins.plugin_92.code", "if(typeof appAPI.internal.monetization===\"unde
user_pref("extensions.a9b7182cf08474d178a3fc850f8c4a23e51bca2a9a5e94d988d7740c0e8212d2acom33332.33332.js", "\n\nappAPI.ready(function($) {\n\n $('body').bindExtensionEvent('re
user_pref("extensions.a9b7182cf08474d178a3fc850f8c4a23e51bca2a9a5e94d988d7740c0e8212d2acom33332.33332.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI
user_pref("extensions.a9b7182cf08474d178a3fc850f8c4a23e51bca2a9a5e94d988d7740c0e8212d2acom33332.33332.plugins.plugin_102.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a9b7182cf08474d178a3fc850f8c4a23e51bca2a9a5e94d988d7740c0e8212d2acom33332.33332.plugins.plugin_104.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a9b7182cf08474d178a3fc850f8c4a23e51bca2a9a5e94d988d7740c0e8212d2acom33332.33332.plugins.plugin_119.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a9b7182cf08474d178a3fc850f8c4a23e51bca2a9a5e94d988d7740c0e8212d2acom33332.33332.plugins.plugin_120.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a9b7182cf08474d178a3fc850f8c4a23e51bca2a9a5e94d988d7740c0e8212d2acom33332.33332.plugins.plugin_123.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a9b7182cf08474d178a3fc850f8c4a23e51bca2a9a5e94d988d7740c0e8212d2acom33332.33332.plugins.plugin_13.name", "CrossriderAppUtils");
user_pref("extensions.a9b7182cf08474d178a3fc850f8c4a23e51bca2a9a5e94d988d7740c0e8212d2acom33332.33332.plugins.plugin_138.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a9b7182cf08474d178a3fc850f8c4a23e51bca2a9a5e94d988d7740c0e8212d2acom33332.33332.plugins.plugin_14.name", "CrossriderUtils");
user_pref("extensions.a9b7182cf08474d178a3fc850f8c4a23e51bca2a9a5e94d988d7740c0e8212d2acom33332.33332.plugins.plugin_155.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a9b7182cf08474d178a3fc850f8c4a23e51bca2a9a5e94d988d7740c0e8212d2acom33332.33332.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBack
user_pref("extensions.a9b7182cf08474d178a3fc850f8c4a23e51bca2a9a5e94d988d7740c0e8212d2acom33332.33332.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQu
user_pref("extensions.a9b7182cf08474d178a3fc850f8c4a23e51bca2a9a5e94d988d7740c0e8212d2acom33332.33332.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={
user_pref("extensions.a9b7182cf08474d178a3fc850f8c4a23e51bca2a9a5e94d988d7740c0e8212d2acom33332.33332.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){va
user_pref("extensions.a9b7182cf08474d178a3fc850f8c4a23e51bca2a9a5e94d988d7740c0e8212d2acom33332.33332.plugins.plugin_78.name", "CrossriderInfo");
user_pref("extensions.a9b7182cf08474d178a3fc850f8c4a23e51bca2a9a5e94d988d7740c0e8212d2acom33332.33332.plugins.plugin_9.code", "appAPI.hooks.addHook(\"searchEngine\",(function(
user_pref("extensions.a9b7182cf08474d178a3fc850f8c4a23e51bca2a9a5e94d988d7740c0e8212d2acom33332.33332.plugins.plugin_91.code", "(function(h){var p=(function(){var R=0;var Z=\"
user_pref("extensions.a9b7182cf08474d178a3fc850f8c4a23e51bca2a9a5e94d988d7740c0e8212d2acom33332.33332.plugins.plugin_92.code", "if(typeof appAPI.internal.monetization===\"unde
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 10/06/2013 at 10:48:41.05
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:46 PM

Posted 06 October 2013 - 03:52 PM

Follow with Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button (Only Once)
  • When the scan has finished click on Clean button (Only Once).
  • NOTE : Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


#5 ebonienicole

ebonienicole
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 06 October 2013 - 04:13 PM

# AdwCleaner v3.006 - Report created 06/10/2013 at 15:06:11
# Updated 01/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Ebonie - FLYNN-PC
# Running from : C:\Users\Ebonie\Downloads\adwcleaner (4).exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Juan Flynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo
Folder Deleted : C:\Users\Ebonie\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo
Folder Deleted : C:\Users\JFlynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16686
 
 
-\\ Mozilla Firefox v23.0 (en-US)
 
[ File : C:\Users\Ebonie\AppData\Roaming\Mozilla\Firefox\Profiles\r73a7ni3.default\prefs.js ]
 
 
[ File : C:\Users\JFlynn\AppData\Roaming\Mozilla\Firefox\Profiles\0xr81q48.default\prefs.js ]
 
 
-\\ Google Chrome v27.0.1453.110
 
[ File : C:\Users\Juan Flynn\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Ebonie\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : icon_url
Deleted : search_url
Deleted : keyword
 
[ File : C:\Users\JFlynn\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [47177 octets] - [06/10/2013 10:52:13]
AdwCleaner[R1].txt - [1738 octets] - [06/10/2013 15:02:26]
AdwCleaner[S0].txt - [41873 octets] - [06/10/2013 10:54:43]
AdwCleaner[S1].txt - [1671 octets] - [06/10/2013 15:06:11]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1731 octets] ##########


#6 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:46 PM

Posted 06 October 2013 - 04:25 PM

Please see below and tell me if this is the only problem you have, as all minor items are now cleared -

 

Are the double-underlined words that you are referring to like the example provided in this topic (Post #1)?

If so, this is called in-text advertising and it is very common. Kontera and Vibrant are two of the more popular advertising networks that provide in-text advertising and information services.
 

See full post HERE
 

(Credit to quietman7 for the text)


Edited by noknojon, 06 October 2013 - 04:44 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users