Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

[Windows 10][Chrom][Unwanted Redirect/Pop-up Ads]


  • This topic is locked This topic is locked
12 replies to this topic

#1 Alola

Alola

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:53 PM

Posted 10 January 2017 - 06:30 AM

*Topic Trimmed & Proofread, and it should be the last edition now, sorry for any inconvenience *

 

Dear Support

Thanks for taking the time to review my problem. Since I am not a native English speaker, I'd like to thank you first for enduring my not really well-written post. If there's anything you don't understand, please feel free to let me know and I will try to clarify more, thank you very much.

 

Observation

When I first open a web page,

1. On my first mouse, either right or left, click on the web page, can be anywhere, Chrome immediately starts a new tab for a website*

2. On my first click on a hyperlink "b" in the web page "a", Chrome starts the linked website "b" in a new tab and replaces the web page "a" with a website*

3. Some keywords on the web page are supposedly not, but hyperlinked*, will provide screen dump if needed

 

*All of the above redirect link to a website which is random or content-related(e.g. bleepingcomputer>unknown anitivirus promotion website)

 

This founding is just the major thing I've noticed now. I'd be very appreciate to be guided on how to make an proper investigation.

Please let me know what information to provide, what software to run and what log to retrieve, many thanks

 

Best Regards

Roy

 

Update

Dear Support

 

I educate myself and learn a bit on how the forum assistance work. First thanks moderator for the patience to manage my topic and the prompt action to relocate my topic. Second, sorry for any inconvenience caused. Thanks for reading.

 

Since there's no reply yet, I edit and update below for extra infos, sorry for any trouble:

 

Basic info of my computer

Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Current Anti-virus software in use: Avast Antivirus

Processor: Intel® Core™ i5-3337U CPU @ 1.80GHz
Percentage of memory in use: 44%
Total physical RAM: 8073.27 MB
Available physical RAM: 4501.36 MB
Total Virtual: 9978.27 MB
Available Virtual: 6559.3 MB
Drive c: (OS) (Fixed) (Total:918.33 GB) (Free:797.41 GB) NTFS
MBR & Partition Table: Disk: 0 (Size: 931.5 GB) (Disk ID: EE8A508C)   /  Partition: GPT.

 

Some procedures I've done and results
1. CCleaner
-Ran the cleaner using the default setting
-Have Never done anything in Registry category
-Disable (many) Startup, only the "needed" & "Trusted" left
-Disable Every Browser Plug-in that I'm allowed to(1)
2. Revo Uninstaller Pro
-Uninstall many things, using the provided Moderate setting, only the "needed" & "Trusted" left
3. AdwCleaner
-No threat found
4. JRT
-No threat found
5. Emergency Kit Scanner
-No threat found
6. Malwarebytes (MBAM, MBAR)
-No threat found
7. Rkill
-Nothing except found some Windows Service Integrity problem, like Missing Service, ImagePath, Incorrect ImagePath & Incorrect ServiceDLL
8. Avast Free Antivirus
-No threat found
9. Device Manager
-Disabled some device(2),mainly the Display adaptors, to stop BSOD from happening. BSOD is believed to be caused by uninstalling some Drivers
10. Services
-Disabled some services for computer tweaking attempt 
11. Others
-Already backuped my data
-Followed and Done all the steps of [Slow Computer/browser? Check Here First; It May Not Be Malware] in the [Virus, Trojan, Spyware, and Malware Removal Logs] forum
-Followed and Done the steps of [Tweaking & Optimizing Windows] in the [Microsoft Windows Mini-Guides] forum. I stopped following at and after advice [Hack Your BIOS for Faster Startups].in the said post
 
Reference
1. CCleaner/Browser Plug-in
Internet Explorer
No Helper Java™ Plug-In 2 SSV Helper Oracle Corporation C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll
No Helper Java™ Plug-In SSV Helper Oracle Corporation C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll
Google Chrome
None
2. Device Manager/Device disabled
AMD Radeon HD 8730M
Intel® HD Graphics 4000
Intel® Centrino® Wireless-N 2230
PLDS DVD+-RW DU-8A5HH
3. Startup(Windows & Scheduled Task), Services list are too long to list for now
 
Let me know if any log/list required and what else I should do, thanks

 

Best Regards

Roy


Edited by Alola, 11 January 2017 - 12:49 AM.
No logs, moved from MRL to AII - Hamluis.


BC AdBot (Login to Remove)

 


#2 Alola

Alola
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:53 PM

Posted 12 January 2017 - 09:43 AM

Sorry these logs should be needed:

 

Before uninstalling Chrome

CCleaner  logs:

Windows Startups

https://drive.google.com/file/d/0B1PnkdWG90wZTjA1RkNhUVYtRFU/view?usp=sharing

 

Scheduled Tasks.

https://drive.google.com/file/d/0B1PnkdWG90wZV2lEM0RxNmFaX2s/view?usp=sharing

 

Exported from Revo Uninstaller Freeware

list of programs installed

https://drive.google.com/file/d/0B1PnkdWG90wZTUhraFZZcEFRVWc/view?usp=sharing


Edited by Alola, 12 January 2017 - 10:17 PM.


#3 buddy215

buddy215

  • BC Advisor
  • 12,886 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:53 AM

Posted 12 January 2017 - 08:00 PM

Uninstall Google Chrome using Download Revo Uninstaller Freeware

If asked...be sure it removes your Chrome profile, too.

 

Before reinstalling Chrome...do this:

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#4 Alola

Alola
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:53 PM

Posted 12 January 2017 - 08:36 PM

Please delete or ignore


Edited by Alola, 12 January 2017 - 09:30 PM.


#5 Alola

Alola
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:53 PM

Posted 12 January 2017 - 08:48 PM

Please delete and ignore


Edited by Alola, 12 January 2017 - 09:29 PM.


#6 buddy215

buddy215

  • BC Advisor
  • 12,886 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:53 AM

Posted 12 January 2017 - 09:09 PM

Import or export bookmarks - Chrome Help


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#7 Alola

Alola
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:53 PM

Posted 12 January 2017 - 09:18 PM

Please delete or ignore


Edited by Alola, 12 January 2017 - 09:28 PM.


#8 Alola

Alola
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:53 PM

Posted 12 January 2017 - 09:22 PM

Please delete or ignore


Edited by Alola, 12 January 2017 - 09:28 PM.


#9 Alola

Alola
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:53 PM

Posted 12 January 2017 - 09:27 PM

Please delete or ignore


Edited by Alola, 12 January 2017 - 09:58 PM.


#10 Alola

Alola
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:53 PM

Posted 12 January 2017 - 09:58 PM

I AM TERRIBLY SORRY I follow wrongly your instruction now I will provide the logs after uninstall google chrome, (I have no need to reinstall now anyway)

 

After

Uninstall Google Chrome using Download Revo Uninstaller Freeware

 

Done and fyi, whenever Revo asks me, I always choose Moderate Scan then delete everything it then shows

 

Logs:

 

Windows Startups

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKLM:Run APSDaemon  "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Yes HKLM:Run AvastUI.exe AVAST Software "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
No HKLM:Run Malwarebytes TrayApp Malwarebytes C:\PROGRAM FILES/MALWAREBYTES/ANTI-MALWARE\mbamtray.exe
Yes HKLM:Run mcui_exe  "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
Yes HKLM:Run RtHDVBg Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX4
Yes HKLM:Run RTHDVCPL Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
Yes HKLM:Run SunJavaUpdateSched Oracle Corporation "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

 

Scheduled Tasks.

No Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
No Task OneDrive Standalone Update Task  C:\Users\Roy\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
No Task Optimize Start Menu Cache Files-S-1-5-21-2264638366-591198413-1037281341-1001  
No Task PCDDataUploadTask  "uaclauncher.exe" -lloc dataupload --ignoresecondarysplash --runsilently --skipidlewait
Yes Task RtHDVBg_PushButton Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /IM
Yes Task SafeZone scheduled Autoupdate 1483998571 Avast Software C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)
No Task SystemToolsDailyTest  "uaclauncher.exe" -silentenumeration -st SystemToolsDailyTest --ignoresecondarysplash --runsilently
No Task {1194E32D-D06F-468C-B19D-4A8423C4A983} Microsoft Corporation C:\WINDOWS\system32\pcalua.exe -a C:\Users\Roy\AppData\Local\{8097B6CB-A43F-DA73-C9A7-FF9BEDCF0303}\uninstall.exe -c /Uninstall /s /noun /DelSelfDir
No Task {7F90D22E-1CAC-431D-87B8-D3266FDDDA23} Microsoft Corporation C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Hi-Rez Studios\HiRezGamesDiagAndSupport.exe" -c uninstall=all

 

list of programs installed

Adobe Flash Player 24 NPAPI Adobe Systems Incorporated 20/12/2016 19.4 MB 24.0.0.186
Avast Free Antivirus AVAST Software 13/1/2017 607 MB 12.3.2280
Calculator Microsoft Corporation 13/12/2016  10.1612.3341.0
CCleaner Piriform 8/1/2017 19.0 MB 5.25
Dragon Age™: Inquisition Electronic Arts 4/1/2017 27.3 GB 1.0.0.12
Java 8 Update 111 Oracle Corporation 2/1/2017 188 MB 8.0.1110.14
Malwarebytes version 3.0.5.1299 Malwarebytes 9/1/2017 191 MB 3.0.5.1299
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 27/2/2015 2.96 MB 8.0.59193
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 21/5/2013 8.04 MB 8.0.61000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 20/12/2013 1.63 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 14/8/2013 830 KB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 28/6/2013 1.18 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 21/4/2014 1.17 MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 14/8/2013 550 KB 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 Microsoft Corporation 19/8/2013 18.0 MB 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 19/8/2013 14.7 MB 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Corporation 2/10/2016 20.5 MB 11.0.61030.0
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Corporation 2/10/2016 17.3 MB 11.0.61030.0
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 Microsoft Corporation 2/10/2016 20.5 MB 12.0.30501.0
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 Microsoft Corporation 2/10/2016 17.1 MB 12.0.30501.0
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 Microsoft Corporation 5/10/2016 23.5 MB 14.0.24210.0
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 Microsoft Corporation 5/10/2016 19.5 MB 14.0.24210.0
Origin Electronic Arts, Inc. 4/1/2017 309 MB 10.3.5.6379
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 12/1/2017 38.2 MB 6.0.1.7544
Revo Uninstaller Pro 3.1.8 VS Revo Group, Ltd. 8/1/2017 40.1 MB 3.1.8
Steam Valve Corporation 23/5/2013 3.54 MB 1.0.0.0
新聞 Microsoft Corporation 23/12/2016  4.18.41.0

 

 

Observation:
now I used the Internet Explorer and the redirect/pop up occurs, please advise my next step, thanks

 

P.S. I will not post something then edit it from now on, my mistake to rush my reply, sorry for any inconvenience. Thanks for the patience.



#11 buddy215

buddy215

  • BC Advisor
  • 12,886 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:53 AM

Posted 13 January 2017 - 05:59 AM

Suggest Disabling These Startups: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKLM:Run APSDaemon  "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

Yes HKLM:Run mcui_exe  "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey


Disable these Tasks: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes Task SafeZone scheduled Autoupdate 1483998571 Avast Software C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)

 

Check in IE add-ons for Avast's SafeZone or similar like Search protect...if there...Disable

 

Reinstall Google Chrome. Once installed...check for Avast SafeZone or other add-on from Avast and Disable it.

 

After doing the above and rebooting..... the redirection is still happening....then follow the directions below for starting a new topic in the malware removal forum.

 

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.

  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running FRST which will create two logs.

When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can close this one.

 

DO NOT bump your new topic. Wait for a response from one of the Team Members.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#12 Alola

Alola
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:53 PM

Posted 13 January 2017 - 10:26 PM

https://www.bleepingcomputer.com/forums/t/637341/keep-seeing-pop-ups-and-links-are-redirectedalola/

https://www.bleepingcomputer.com/forums/t/637340/keep-seeing-pop-ups-and-links-are-redirectedalola/

https://www.bleepingcomputer.com/forums/t/637339/keep-seeing-pop-ups-and-links-are-redirectedalola/

 

So...you may wonder why there're three links...I have no idea!!Maybe I have, I'm guessing that when I clicked the Post New Topic button, it redirected to another website, then naive me clicked returned. Then I clicked again the  Post New Topic button, it loaded very long and I waited. Until the web page 404 is shown....I was stubborn and returned and tried again. This time it worked.....

But as everyone can witness, three exactly same topic in a row posted.....OMG

 

Anyway, I'll take every responsibility.

 

Back to your advice, I don't see those Avast's add-ons in each browser setteng. But I found them in Avast setting > tab Components where I clicked uninstall to the SafeZone or similar like Search protect.

 

Thanks for everything and advice, much appreciated.

 

P.S. I've sent you a direct message, please check if you have time


Edited by Alola, 13 January 2017 - 10:27 PM.


#13 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 34,546 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:02:53 AM

Posted 13 January 2017 - 10:42 PM

Hello,

Now that you have posted a log here: https://www.bleepingcomputer.com/forums/t/637341/keep-seeing-pop-ups-and-links-are-redirectedalola/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic. Good luck with your log.

P.S.
Someone else deleted two of your duplicate log topics. No harm done. It happens sometimes.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users