pop-up....help

[daytonaman2]

need help with pop-ups please

[flashh4]

Howdy Daytonaman2 and welcome to BestTechie !!!  

My name is flashh4 (Chuck) and i will be assisting you with the cleaning of your computer.

Run these 1 at a time & post each log as you get it ! Work them as your time permits you to !!

If you don't understand something, please don't hesitate to ask for clarification before proceeding !!! You can PM me if you need to !!
Do Not Remove anything or run any tools/programs until advised to do so !

Perform all actions in the order given.

Please stay with us until we give you the "All Clean Speech"! Just because the problem has stopped it may still need some clean-up !  

Please note that all instructions given are customized for this computer only, the tools used may cause damage if used on a computer with different infections.  

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.  


===================================
 

 

    Please download Junkware Removal Tool and save to your desk top.

    Shut down your protection software now to avoid potential conflicts.

    * Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    * The tool will open and start scanning your system.
    * Please be patient as this can take a while to complete depending on your system's specifications.
    * On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    * Post the contents of JRT.txt into your next reply !

Re-Boot your computer now !!


 

 

NEXT
 

 

 

AdwCleaner
       
Please download adwcleaner by Xplode onto your desktop.
Double click on AdwCleaner.exe to run the tool again.
       Windows XP : Double click on the icon to run it.

       Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

    *Click on the Scan button.
    *AdwCleaner will begin to scan your computer like it did before.
    *After the scan has finished .......
    
    This time, click on the Clean button.
    
    *Press OK when asked to close all programs and follow the onscreen prompts.
    *Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    *After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
    *Copy and paste the contents of that logfile in your next reply.
    *A copy of that logfile will also be saved in the C:\AdwCleaner folder.
 

 

Post me the logs of those 2 programs !

 

Thanks Chuck

[flashh4]

Posted for Daytonaman2:

 

# AdwCleaner v3.309 - Report created 06/09/2014 at 14:05:56
# Updated 02/09/2014 by Xplode # Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Jerry - JERRY-B8A2121FB # Running from : C:\Documents and Settings\Jerry\My Documents\Downloads\adwcleaner_3.309(4).exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled Tasks ] *****
 ***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702 -\\ Mozilla Firefox v31.0 (x86 en-US)
[ File : C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\wu51wc57.default-1363971810444\prefs.js ]
Line Deleted : user_pref("extensions.a5c8764929678437cbd90994a5a82ac863d978ade40948f4c7f15bb3c4com61799.61799.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.co[...] -\\ Google Chrome v [
File : C:\Documents and Settings\Jerry\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [27842 octets] - [05/09/2014 21:02:30] AdwCleaner[R1].txt - [1850 octets] - [05/09/2014 21:19:13] AdwCleaner[
R2].txt - [1910 octets] - [05/09/2014 21:49:11] AdwCleaner[R3].txt - [1654 octets] - [06/09/2014 09:08:51] AdwCleaner[
R4].txt - [1774 octets] - [06/09/2014 14:03:49] AdwCleaner[s0].txt - [27711 octets] - [05/09/2014 21:08:00] AdwCleaner
[s1].txt - [1711 octets] - [05/09/2014 21:51:15] AdwCleaner[s2].txt - [1623 octets] - [06/09/2014 09:11:25] AdwCleaner
[s3].txt - [1603 octets] - [06/09/2014 14:05:56]
########## EOF - C:\AdwCleaner\AdwCleaner[s3].txt - [1663 octets] ##########

[flashh4]

Hi Daytonaman, after you get me the Adwarecleaner log please run Malwarebytes program/tool next !!

 

Download Malwarebytes' Anti-Malware  to your desktop. Here >>>  http://api.viglink.com/api/click?format=go&jsonp=vglnk_jsonp_141039757243812&key=bf4adfcbb328b51c165afd7f95bfc060&libId=fffff87f-b607-4446-bd1d-cebbcdfa3272&loc=http%3A%2F%2Fforums.whatthetech.com%2Findex.php%3Fshowtopic%3D128609&v=1&out=http%3A%2F%2Fwww.malwarebytes.org%2Fmbam-download.php&ref=http%3A%2F%2Fforums.whatthetech.com%2Findex.php%3Fshowforum%3D27&title=Pop%20up%20ads%2C%20malware%2C%20slow%20pc%20%5BSolved%5D%20-%20Virus%2C%20Spyware%20%26%20Malware%20Removal&txt=%3Cspan%20style%3D%22color%3A%230000FF%3B%22%3E%3Cstrong%3EMalwarebytes%27%20Anti-Malware%3C%2Fstrong%3E%3C%2Fspan%3E
 
    Windows XP : Double click on the icon to run it.


     Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"







   o On the Dashboard click on Update Now  

  o  Go to the Setting Tab  

   o Under Setting go to Detection and Protection  

   o Under PUP and PUM   make sure both are set to show Treat Detections as Malware  

  o  Go to  Advanced setting and make sure  Automatically Quarantine Detected Items is checked

   o Then on the Dashboard click on Scan  

   o Make sure to select THREAT SCAN  

   o Then click on Scan  

   o When the scan is finished and the log pops up...select Copy to Clipboard  

    Please paste the log back into this thread for review

    Exit Malwarebytes

 

 

 

Thanks

Chuck

[flashh4]

Here is your Junkware log ! Posted by flashh4 !

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Microsoft Windows XP x86
Ran by Jerry on Thu 09/11/2014 at 15:16:01.37
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Documents and Settings\Jerry\Application Data\mozilla\firefox\profiles\wu51wc57.default-1363971810444\prefs.js

user_pref("extensions.a5c8764929678437cbd90994a5a82ac863d978ade40948f4c7f15bb3c4com61799.61799.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22u
user_pref("extensions.crossrider.bic", "148624d3410ab505022957ecf2f40153");





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 09/11/2014 at 15:25:06.34
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

[flashh4]

Daytonaman, i need you to run thes 2 programs for me !! The Malware bytes program i posted above and the RougeKiller below !!

 

Try posting the logs here, the same way i showed you !!

 

Run RogueKiller

IMPORTANT: Do not reboot your computer if at all possible otherwise the malware will reactivate and you will have to run RogueKiller again

Download RogueKiller to your desktop. >>> http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

    close all running programs
    for Windows Vista/Seven, right click -> run as administrator, for XP simply double-click on RogueKiller.exe
    when the prescan is finished, click on Scan
    click on Report and copy/paste the content in your next post.[/list
    If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt/ log in your next reply.
Also the Malwarebytes log !!

 

Thanks

Chuck

[flashh4]

Ok Daytonaman, try this Rootkiller !!

 

aswMBR Log



Vista and Windows 7 users

1. These tools MUST be run from the executable. (.exe) every time you run them
2. With Admin Rights (Right click, choose "Run as Administrator")


aswMBR was not designed to run in Safe Mode, it was designed to run in Normal Mode.

aswMBR Log


Important! Please do not perform any fix options offered in aswMBR !

 
        * Download aswMBR.exe  from here  and save it to your Desktop.
        * Double click the aswMBR icon to run it.
        * Click the Scan button to start scan.
        * If you are asked to update the Avast Virus database please allow it to do so.
        * When it finishes, press the Save Log button, save the logfile to your desktop and post its contents in your next reply.




I'd like the contents of aswMBR.txt in your next reply, if you'd be so kind.

Thanks
Chuck
 

[flashh4]

From Daytonaman in PM:

 

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software Run date: 2014-09-14 21:30:38 ----------------------------- 21:30:38.500

OS Version: Windows 5.1.2600 Service Pack 3 21:30:38.500

Number of processors: 1 586 0x7F02 21:30:38.500

ComputerName: JERRY-B8A2121FB UserName: Jerry 21:30:41.968 Initialize success 21:30:41.968

VM: initialized successfully 21:30:42.031

VM: Amd CPU virtualization not supported 21:31:46.968

The log file has been saved successfully to "C:\Documents and Settings\Jerry\My Documents\aswMBR.txt" 21:32:10.781

AVAST engine defs: 14091401 21:32:13.875

The log file has been saved successfully to "C:\Documents and Settings\Jerry\Desktop\aswMBR.txt"

aswMBR version 1.0.1.2041 Copyright©

 

2014 AVAST Software Run date: 2014-09-14 21:30:38 ----------------------------- 21:30:38.500

OS Version: Windows 5.1.2600 Service Pack 3 21:30:38.500

Number of processors: 1 586 0x7F02 21:30:38.500 ComputerName: JERRY-B8A2121FB

UserName: Jerry 21:30:41.968 Initialize success 21:30:41.968

VM: initialized successfully 21:30:42.031 VM: Amd CPU virtualization not supported 21:31:46.968 The log file has been saved successfully to "C:\Documents and Settings\Jerry\My Documents\aswMBR.txt"

21:32:10.781 AVAST engine defs: 14091401 21:32:13.875

The log file has been saved successfully to "C:\Documents and Settings\Jerry\Desktop\aswMBR.txt" 21:32:22.250 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5 21:32:22.250

Disk 0 Vendor: ST3160815AS 4.ADA Size: 152587MB BusType: 3 21:32:22.562

Disk 0 MBR read successfully 21:32:22.562 Disk 0 MBR scan 21:32:22.625 Disk 0 Windows XP default MBR code 21:32:22.625 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152586 MB offset 63 21:32:22.656 Disk 0 default boot code 21:32:22.671 Disk 0 scanning sectors +312496380 21:32:23.031 Disk 0 scanning C:\WINDOWS\system32\drivers 21:32:48.390

Service scanning 21:32:51.078 Service BHDrvx86

C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140821.007\BHDrvx86.sys **LOCKED** 5

21:32:51.515 Service ccSet_NIS C:\WINDOWS\system32\drivers\NIS\1505000.013\ccSetx86.sys **LOCKED** 5 21:32:56.515 Service IDSxpx86 C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140912.001\IDSxpx86.sys **LOCKED** 5 21:33:00.843 Service NAVENG

C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140913.021\NAVENG.SYS **LOCKED** 5 21:33:01.359 Service NAVEX15

C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140913.021\NAVEX15.SYS **LOCKED** 5 21:33:13.843 Service SRTSPX C:\WINDOWS\system32\drivers\NIS\1505000.013\SRTSPX.SYS **LOCKED** 5 21:33:14.500 Service SymDS C:\WINDOWS\system32\drivers\NIS\1505000.013\SYMDS.SYS **LOCKED** 5 21:33:14.890 Service SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

 

**LOCKED**

5 21:33:14.953 Service SymIRON C:\WINDOWS\system32\drivers\NIS\1505000.013\Ironx86.SYS **LOCKED** 5 21:33:15.093 Service SYMTDI

 

C:\WINDOWS\System32\Drivers\NIS\1505000.013\SYMTDI.SYS **LOCKED** 5 21:33:19.781 Modules scanning 21:33:45.484 Disk 0 trace - called modules: 21:33:45.500 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys 21:33:45.500 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a455ab8] 21:33:45.500 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\0000006c[0x8a4a6f18] 21:33:45.500 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-5[0x8a54c940] 21:33:46.500 AVAST engine scan C:\WINDOWS 21:34:14.765

 

AVAST engine scan C:\WINDOWS\system32 21:39:41.875 AVAST engine scan C:\WINDOWS\system32\drivers 21:40:18.640 AVAST engine scan

 

C:\Documents and Settings\Jerry 21:45:27.265 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Jerry\Desktop\MBR.dat" 21:45:27.265

The log file has been saved successfully to "C:\Documents and Settings\Jerry\Desktop\aswMBR.txt"

[flashh4]

That looks clean Daytonaman !

 

You can delete/remove any programs/files/folders that are on your desk top !!

 

 

 
Congratulation you are clean !!!

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

This is my standard "All Clean Speech." You may have some already installed, these are just recommendations !

Here are some tips to reduce the potential for spyware infection in the future:

Here are some tips to reduce the potential for spyware/malware infection in the future:
 
1. Make your Internet Explorer more secure - This can be done by following these simple instructions:

    From within Internet Explorer click on the Tools menu and then click onOptions.
    Click once on theSecurity tab
    Click once on the Internet icon so it becomes highlighted.
    Click once on the Custom Level button.
    Change the Download signed ActiveX controls to Prompt
    Change the Download unsigned ActiveX controls to Disable
    Change the Initialize and script ActiveX controls not marked as safe to Disable
    Change the Installation of desktop items to Prompt
    Change the Launching programs and files in an IFRAME to Prompt
    Change the Navigate sub-frames across different domains to Prompt
    When all these settings have been made, click on the OK button.
    If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.

2. FireFox  If you use Firefox, I recommend installing the following add-ons to help make your Firefox browser more secure.
NoScript

adblock plus

 
3. Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis.  With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.
 
4. Firewall Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly.   **There are firewalls that could be downloaded and used but I would personally only recommend using one of the following below:
Online Armor Free
Agnitum Outpost Firewall Free
Comodo Firewall Free
 
5. Make sure you keep your Windows OS current. And regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems.  Without these you are leaving the back door open.
 
6.WOT(Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites.  WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.
 
7. Finally, I strongly recommend that you read Miekiemoes' great advice How to prevent malware .

 
It may run a tad slow until a few normal re-boots, but according to all logs you are clean !!

Thanks
Chuck

[flashh4]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

 

If you need this topic re-opened please contact me or any mod !

 

 

Thanks

Chuck