howlz123 Posted August 16, 2013 ID:715725 Share Posted August 16, 2013 Hello, I just joined this forum and I hope I am posting this in the right forum, please forgive me if it's not. For a while now I've been hearing random ads play in the background especially when youtube is open and whenever I click on a site it keeps popping up random links. It's really annoying. I don't know if I have a malware or spyware or adware e.t.c but here is my log. Please help me from this nightmare, thank you. dds.txt Link to post Share on other sites More sharing options...
MrCharlie Posted August 16, 2013 ID:715729 Share Posted August 16, 2013 Welcome to the forum, can you post the attach.txt and also......Please download and run RogueKiller 32 Bit to your desktop.RogueKiller 64 Bit <---use this one for 64 bit systemsQuit all running programs.For Windows XP, double-click to start.For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.Click Scan to scan the system.When the scan completes > Close out the program > Don't Fix anything!Don't run any other options, they're not all bad!!!!!!!Post back the report which should be located on your desktop.(please don't put logs in code or quotes)P2P/Piracy Warning:1. If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.2. If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.Failure to remove such software will result in your topic being closed and no further assistance being provided.MrCNote:Please read all of my instructions completely including these.Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to InstantlyRemoving malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.<+>The removal of malware isn't instantaneous, please be patient.<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.------->Your topic will be closed if you haven't replied within 3 days!<--------(If I don't respond within 24 hours, please send me a PM) Link to post Share on other sites More sharing options...
howlz123 Posted August 16, 2013 Author ID:715762 Share Posted August 16, 2013 Wow, that was a quick reply. Quick notice; I have vuze installed and I really don't want to have to uninstall it (I will if you say I need to). So I ran task manager and ended the vuze background process, does this count as "completely disabled". Anyways here's my attach and report. Thank you.RKreport0_S_08152013_211921.txtattach.txt Link to post Share on other sites More sharing options...
MrCharlie Posted August 16, 2013 ID:715765 Share Posted August 16, 2013 You're loaded with adware.Please uninstall these from your add/remove programs:BrowserDefenderDownloadTermsWebCake 3.00Then........Please download AdwCleaner from here and save it on your Desktop. AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.AdwCleaner is a tool that deletes :· Adwares (software ads)· PUP/LPI (Potentially Undesirable Program)· Toolbars· Hijacker (Hijack of the browser's homepage)It works with a Search and Deletion method. It can be easily uninstalled using the "Uninstall" mode.Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.Now click on the Search tab.Please post the contents of the log-file created in your next post.Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.Note:Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.Please note that Antivir Webguard uses ASK Toolbar as part of its web security. If you remove ASK by using Adwcleaner, Antivir Webguard will no longer work properly. Therefore, if you use this program please use the instructions below to access the options screen where you should enable /DisableAskDetections before using AdwCleaner.You can click on the question mark (?) in the upper left corner of the program and then click on Options. You will then be presented with a dialog where you can disable various detections. These options are described below:/DisableAskDetection - This option disables Ask Toolbar detection.MrC Link to post Share on other sites More sharing options...
MrCharlie Posted August 16, 2013 ID:715768 Share Posted August 16, 2013 I'll be back in the AM. If there's nothing in the log you want to keep......you can continue: Lots of adware found....lets clear it out.....Please re-run AdwCleanerClick on Delete button.Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number. Then...... Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message.Last......... Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal. Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report. Make sure that everything is checked, and click Remove Selected. Please let me know how computer is running now, MrC Link to post Share on other sites More sharing options...
howlz123 Posted August 16, 2013 Author ID:715779 Share Posted August 16, 2013 Thanks a lot, these are all the logs as requested.JRT.txtMBAM-log-2013-08-15 (22-51-36).txtAdwCleanerS1.txt Link to post Share on other sites More sharing options...
MrCharlie Posted August 16, 2013 ID:715938 Share Posted August 16, 2013 Your Malwarebytes shows -------> No action taken <--------I hope you deleted everything. Let me know how it is now, MrC Link to post Share on other sites More sharing options...
howlz123 Posted August 16, 2013 Author ID:716080 Share Posted August 16, 2013 I have deleted everything and so far no random ads have been playing in the background. Thank you so much for your time, I will recommend this site to my friends. Here are my logs;MBAM-log-2013-08-15 (22-51-36).txt Link to post Share on other sites More sharing options...
MrCharlie Posted August 16, 2013 ID:716097 Share Posted August 16, 2013 Good....... Lets check your computers security before you go and we have a little cleanup to do also: Download Security Check by screen317 from HERE or HERE.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.If you get "Unsupported operating system. Aborting now", just reboot and try again.A Notepad document should open automatically called checkup.txt.Please Post the contents of that document.Do Not Attach It!!!MrC Link to post Share on other sites More sharing options...
howlz123 Posted August 19, 2013 Author ID:717401 Share Posted August 19, 2013 Sorry it took so long for my reply but here is what you requested: Results of screen317's Security Check version 0.99.72 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! McAfee Anti-Virus and Anti-Spyware avast! Antivirus Windows Defender Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 21 Java version out of Date! Adobe Flash Player 11.7.700.169 Google Chrome 28.0.1500.72 Google Chrome 28.0.1500.95 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe AVAST Software Avast AvastUI.exe AVAST Software Avast AvastSvc.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` Link to post Share on other sites More sharing options...
MrCharlie Posted August 19, 2013 ID:717433 Share Posted August 19, 2013 Out dated programs on the system are vulnerable to malware.Please update or uninstall them:~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Java 7 Update 21 <---please update, should be Update 25Java version out of Date! <--------Go to control panel > Java > Update Tab > Update NowUncheck the box to install the Ask toolbar!!! and any other free "stuff".If there's no update tab in Java, uninstall it and Download and install the latest version from HereUncheck the box to install the Ask toolbar!!! and any other free "stuff".------------------------------------------Google Chrome 28.0.1500.72 <-----OLDGoogle Chrome 28.0.1500.95 <-----OKYou have old versions of Google Chrome on the system.Please download and run OldChromeRemover.@Windows Vista/Windows 7-8 users must use “Run As Administrator.”-------------------------------------------------A little clean up to do....Please Uninstall ComboFix: (if you used it)Press the Windows logo key + R to bring up the "run box"Copy and paste next command in the field:ComboFix /uninstallMake sure there's a space between Combofix and /Then hit enter.This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)---------------------------------If you used FRST:Download the fixlist.txt to the same folder as FRST.Run FRST and click Fix only once and waitThat will delete the quarantine folder created by FRST.-----------------------------If you used DeFogger to disable your CD Emulation drivers, please re-enable them.-------------------------------Please download OTC to your desktop.http://oldtimer.geekstogo.com/OTC.exeDouble-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")Click on the CleanUp! button and follow the prompts.(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)You will be asked to reboot the machine to finish the Cleanup process, choose Yes.After the reboot all the tools we used should be gone.Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.Any other programs or logs you can manually delete.IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.-------------------------------Any questions...please post back.If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.Take a look at My Preventive Maintenance to avoid being infected again.Good Luck and Thanks for using the forum, MrC Link to post Share on other sites More sharing options...
LDTate Posted August 20, 2013 ID:717705 Share Posted August 20, 2013 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts