Jump to content

Ads Keep Appearing In The Corner Of My Computer!


Recommended Posts

  • Staff

I've just consulted with a colleague who encountered a similar issue with a hosts file hijack that refused to fix and he found it to be a permission issue,

so before you run the script with OTL please run Grant Perms on the hosts file, then the OTL script (above) should be able to reset it

Please do the following:

  • please download GrantPerms64.zip and save it to your desktop.
  • Unzip the file and run GrantPerms.exe
  • Copy and paste the following in the edit box:

C:\Windows\System32\Drivers\etc\hosts

  • Click Unlock. When it is done click "OK".
  • Now click List Permissions and post the result (Perms.txt) that pops up.
  • A copy of Perms.txt will be saved in the same directory the tool is run.

Link to post
Share on other sites

  • Replies 102
  • Created
  • Last Reply

Top Posters In This Topic

I believe this one worked :)

All processes killed

========== COMMANDS ==========

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: DELL

->Temp folder emptied: 83551 bytes

->Temporary Internet Files folder emptied: 61404510 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 1098 bytes

User: Public

->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 2468 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 59.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 01302013_213233

Files\Folders moved on Reboot...

C:\Users\DELL\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Users\DELL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.

C:\Users\DELL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QBX7N2IV\aclk[1].htm moved successfully.

C:\Users\DELL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QBX7N2IV\ads[10].htm moved successfully.

C:\Users\DELL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QBX7N2IV\ads[11].htm moved successfully.

C:\Users\DELL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QBX7N2IV\fastbutton[1].htm moved successfully.

C:\Users\DELL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QBX7N2IV\index[2].htm moved successfully.

C:\Users\DELL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QBX7N2IV\index[3].htm moved successfully.

C:\Users\DELL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QBX7N2IV\like[1].htm moved successfully.

C:\Users\DELL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QBX7N2IV\search[1].htm moved successfully.

C:\Users\DELL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QBX7N2IV\videoplayback[5] moved successfully.

C:\Users\DELL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QBX7N2IV\xd_arbiter[2].htm moved successfully.

C:\Users\DELL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QBX7N2IV\xd_arbiter[3].htm moved successfully.

C:\Users\DELL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIYL1NU7\ddc[1].htm moved successfully.

C:\Users\DELL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIYL1NU7\ddc[2].htm moved successfully.

C:\Users\DELL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIYL1NU7\EFpQQyG9GqCrobXxL-KRMWzklk6MJbhg7BmBP42CjCQ[1].eot moved successfully.

C:\Users\DELL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIYL1NU7\fastbutton[1].htm moved successfully.

C:\Users\DELL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIYL1NU7\gagadaily_com[1].htm moved successfully.

C:\Users\DELL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIYL1NU7\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot moved successfully.

C:\Users\DELL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\96G1AU61\ads[6].htm moved successfully.

C:\Users\DELL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\96G1AU61\ads[7].htm moved successfully.

C:\Users\DELL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\96G1AU61\ads[8].htm moved successfully.

C:\Users\DELL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\96G1AU61\bv[1].htm moved successfully.

C:\Users\DELL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\96G1AU61\follow_button.1359159993[1].htm moved successfully.

C:\Users\DELL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\96G1AU61\google_com[1].htm moved successfully.

C:\Users\DELL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\867L008R\bv[2].htm moved successfully.

C:\Users\DELL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\867L008R\ext[2].htm moved successfully.

C:\Users\DELL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\867L008R\frame[1].htm moved successfully.

C:\Users\DELL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\867L008R\xd_arbiter[2].htm moved successfully.

C:\Users\DELL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\867L008R\xd_arbiter[3].htm moved successfully.

C:\Users\DELL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\867L008R\zrt_lookup[1].htm moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Link to post
Share on other sites

  • Staff

thanks for hanging in there with me, I knew there would be an answer out there

please clean up ComboFix and OTL

Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Press the WinKey +R to open a run box
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Combofix_uninstall_image.jpg

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

You should now be good to go

Link to post
Share on other sites

  • Staff

please do the following:

  1. Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
  2. Restart your computer (very important).
  3. Download and run this utility.
  4. It will ask to restart your computer (please allow it to).
  5. After the computer restarts, install the latest version from here.

let me know if that resolves the issue

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.