Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

When starting pc adf.ly link pop-ups [FRST logs included other log files too]


  • Please log in to reply
20 replies to this topic

#16 nasdaq

nasdaq

  • Malware Response Team
  • 38,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:11 AM

Posted 20 April 2018 - 06:41 AM

Hi,

Let see what we can find with this tool.

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======

BC AdBot (Login to Remove)

 


#17 Beckran

Beckran
  • Topic Starter

  • Members
  • 22 posts
  • ONLINE
  •  
  • Local time:04:11 PM

Posted 21 April 2018 - 02:43 PM

Hi again,

 

Can I delete the other detections too ?

 

 

 

RogueKiller V12.12.13.0 (x64) [Apr 16 2018] (Free) by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : adam [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 04/21/2018 21:13:24 (Duration : 00:24:48)
Switches : -refid
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 6 ¤¤¤
[Adw.EnjoyWifi] (X64) HKEY_USERS\S-1-5-21-1663746634-567950608-3139407904-1000\Software\enjoyWifi -> Found
[Adw.EnjoyWifi] (X86) HKEY_USERS\S-1-5-21-1663746634-567950608-3139407904-1000\Software\enjoyWifi -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{C21EF9E7-E3F2-43A5-AF9D-451E3CE7BEE1}C:\programdata\oracle\java\javapath_target_1435786\java.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\programdata\oracle\java\javapath_target_1435786\java.exe|Name=Java™ Platform SE binary|Desc=Java™ Platform SE binary|Defer=User| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{F554ECC0-4C99-4868-BFF4-1E6920DFB2CB}C:\programdata\oracle\java\javapath_target_1435786\java.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\programdata\oracle\java\javapath_target_1435786\java.exe|Name=Java™ Platform SE binary|Desc=Java™ Platform SE binary|Defer=User| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{C21EF9E7-E3F2-43A5-AF9D-451E3CE7BEE1}C:\programdata\oracle\java\javapath_target_1435786\java.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\programdata\oracle\java\javapath_target_1435786\java.exe|Name=Java™ Platform SE binary|Desc=Java™ Platform SE binary|Defer=User| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{F554ECC0-4C99-4868-BFF4-1E6920DFB2CB}C:\programdata\oracle\java\javapath_target_1435786\java.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\programdata\oracle\java\javapath_target_1435786\java.exe|Name=Java™ Platform SE binary|Desc=Java™ Platform SE binary|Defer=User| [x] -> Found
 
¤¤¤ Tasks : 2 ¤¤¤
[PUP.Slimware] \AVG Driver Updater Scan -- C:\Program Files (x86)\AVG Driver Updater\AVG Driver Updater.exe (scheduled) -> Found
[PUP.Slimware] \AVG Driver Updater Startup -- C:\Program Files (x86)\AVG Driver Updater\AVG Driver Updater.exe (-boot) -> Found
 
¤¤¤ Files : 2 ¤¤¤
[PUP.uTorrentAds][File] C:\Users\adam\AppData\Roaming\uTorrent\updates\3.5.1_44332\utorrentie.exe -> Found
[PUP.Slimware][Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Driver Updater -> Found
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10EZEX-60M2NA0 ATA Device +++++
--- User ---
[MBR] 6c59862b92be5a5c6b777f155cd924bd
[BSP] 9c13d033240af973c3156475d9d79682 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: SAMSUNG HD160JJ ATA Device +++++
--- User ---
[MBR] 9624025713b4d1cf98b87b0f7dcbdad2
[BSP] 29b706d8e5f5e124fc36725a8d27d663 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 152625 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
 
PS: Sorry for the late replies but I sometimes don't look on email.


#18 nasdaq

nasdaq

  • Malware Response Team
  • 38,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:11 AM

Posted 22 April 2018 - 06:49 AM

Hi,

Run the RogueKiller tool and delete everything.

If required the operating system default setting will be used.

Keep me posted.

#19 Beckran

Beckran
  • Topic Starter

  • Members
  • 22 posts
  • ONLINE
  •  
  • Local time:04:11 PM

Posted 23 April 2018 - 12:19 PM

Hi,

 

 

Still got the problem.

 

Any other solutions ?


Edited by Beckran, 23 April 2018 - 12:19 PM.


#20 nasdaq

nasdaq

  • Malware Response Team
  • 38,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:11 AM

Posted 24 April 2018 - 06:42 AM

Hi,

:step1: Remove Chrome from your Computer and reinstall a fresh copy later.

:step2: Before you remove Chrome Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

How To: http://ccm.net/faq/31791-how-to-backup-your-google-chrome-bookmarks

:step3: If you sync you account you must remove it before you save your bookmarks etc...
Delete Your Google Chrome Browser Sync Data if you sync with other defices.
https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/


:step4: Clear your Chrome cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en


:step5: Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

:step6: Re-install Chrome and the Bookmarks.
====

If the problem persists in other browsers let me know which one.

#21 Beckran

Beckran
  • Topic Starter

  • Members
  • 22 posts
  • ONLINE
  •  
  • Local time:04:11 PM

Posted Today, 09:06 AM

Hi, 

 

I have followed your steps and it still pop-ups on startup






1 user(s) are reading this topic

1 members, 0 guests, 0 anonymous users


    Beckran