I.P. blocks 2080.hit.buy-targeted-traffic.com + file133desktop.info & adsparkmedia.net &others

[nayanwaghmare]

These tabs ALWAYS open in Chrome, possibly because it is my default browser.

 

The websites that open are:

 

http://2080.hit.buy-targeted-traffic.com/load/hit_1.php?source_id=2080&sub_id=&source_mk=1d0d9744

http://oziris.zerohorizon.net/(This opens most of the time)

http://tracki112.com/search/click.php?cid=f915C348t445G692H577K495&r=2&idfrm=e852N152b430N670&fw=1&fh=1&pw=0&ph=0&sw=1366&sh=768&if=1&fp=1

ptp24.com/promote.php?id=fb9a9b909e237b49be76aaa30d95d33a

orion.zerohorizon.net  (This opens most of the time)

 

I have attached the logs in this reply. I was out all day on 16/10/15 so never even turned my laptop on, therefore there is no protection log for that date.

protection-log-2015-10-17.xml

protection-log-2015-10-15.xml

protection-log-2015-10-14.xml

Addition.txt

FRST.txt

Shortcut.txt

[Maurice Naggar]

Hello,

As one on-going request  ( and I should have pointed this out way at the start), please be sure that no "torrents" are being active or in use while this case is on-going.  So that would include any torrent, uTorrent, bittorrent.   Thanks.

 

One more added thing, before running the next task ( below) please be sure to close out any of your opened programs, especially the browser windows.

Whatever is going on in this case is still murky.   And if it cant be figured out or cured, you may well need to reconsider removing Chrome and only using a different browser.

 

At this point, I have two suggested next steps.

 

I am sending a Fix script which is going to be used by the FRST64 tool. They will both work together as a pair.

Save the attached file Fixlist.txt    to the same location where you have FRST64.exe   -    the  Downloads\Software   folder  - that's important for the Fix to work.

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite an existing one please allow)

Run FRST64 again but this time press the *"Fix"* button just once and wait.

When finished, it will make a log ( *fixlog.txt* ) next to FRST64.
Please attach the *Fixlog.txt*  into a reply.    <<---- that will be the file I need from you

 

NEXT

Close any open work documents, if any, saving your work.
Make sure to close any other programs that you started before.

Please download Junkware Removal Tool by Thisisu to your Desktop
http://downloads.malwarebytes.org/file/jrt


Run the tool by double-clicking it. If you are using Windows Vista or 7 or 8, right-mouse click JRT.exe and select Run as administrator.
The tool will open and display information and disclaimer in a Command prompt window.

I'd suggest you close all internet browsers at this point.

 Press a key on keyboard to start scanning your system.

Please be very patient as this will take several minutes to complete, depending on your system's specifications.
There are approximatly 12 phases or so in this tool.  You will see each phase listed in the Command prompt window.
On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.  And the command prompt will have been closed.

Please attach JRT.txt into a new reply.

 

 

Fixlist.txt

[nayanwaghmare]

Here are the logs.

Fixlog.txt

JRT.txt

[Maurice Naggar]

That was a very worthwhile fix run of FRST.   As a side benefit, 24.5 GB of space was regaining by emptying temporary files.

 

I had noticed that this system also has installed BitDefender & Hitman Pro.   I suppose that those 2 have not made headway in curing what "haunts" the Chrome browser.

 

Let me ask you about those handful of sites you say "show up" as Chrome tab pages:

are they still happening ?

are those ads ?

 

I would like for you to keep a track of exactly how you "start" Chrome browser, such as

is it by click on shortcut link on Desktop?

or

the quick launch shortcut off the Taskbar ?

or

off some other shortcut ?

or

some other link ?

 

In addition, how do you normally go to websites that you normally use.   Do you make it a practice to only use Bookmark links that you made & know to be safe ?

Bookmarks are a good practice.

 

or do you hand-type the website address and allow the browser to start to offer you "suggested links"  ?

 

I suggest a couple of other things at this time.

Please download  AdwCleaner  and save it to your desktop.
https://toolslib.net/downloads/finish/1/

ATTENTION: After you click the Download Now button, another page will open - DO NOT CLICK any additional 'download now' buttons as they are sponsored advertisements.
Please wait and look toward the top or bottom of your browser for the option to Run or Save. Click Save to save the file.


Now Close all browsers, all open apps.

This is a two step process.

First run you use Scan
Second run you use Clean

Run AdwCleaner  and click on scan
After the scan has completed I want you to click on "clean"
Once done it will ask to reboot, allow the reboot
On reboot a log will be produced, please attach the log to your next reply
Note: You can find the logfile at C:\AdwCleaner[s0].txt

 

 

NEXT

This next tool is for the purpose of getting a diagnostic report.

 

Download RogueKiller from one of the following links and save it to your desktop:
http://www.bleepingcomputer.com/download/roguekiller/dl/121/
http://www.geekstogo.com/forum/files/file/413-roguekiller/

        Close all programs and disconnect any USB or external drives before running the tool.

 

 

Right-click on  RogueKiller.exe  and select Run As Administrator  and reply YES & alloow  to run the tool .
Once the Prescan has finished, click Scan.

Once the Status box shows "Scan Finished", click the "Report" button to show the log, and then close the program. <--Don't fix anything!
Attach the report-file  that opens into your next reply.

The log can also be found in the following location: C:\ProgramData\RogueKiller\Logs\RKreport_SCN_mmddyyyy_hhmmss.log

 

When done, close the app.   and IF you continue to get ad-pages see if you could get screen-image-captures.

 http://www.wikihow.com/Take-a-Screenshot-in-Microsoft-Windows
          

[nayanwaghmare]

Wow didn't notice the fix had cleaned up so much space! Thanks very much for that.

 

Unfortunately the tabs still do keep opening and most pages that do open seem to be ads or something similar.

 

The way I open chrome when I first turn my laptop on is by clicking on the task bar as it is pinned in my case. I normally browse websites from the 'new tab', tab as it contains all my recent and most visited websites there. This is similar to bookmarking and yes I do make bookmarks and occasionally use them but there is not a lot of need for them as most of my visited and trusted websites are on the 'new tab' tab when I first start up chrome.

 

I had already to run AdwCleaner a few times to try and resolve this issue but it hasn't helped at all. However as you have asked for the log, I will be running it soon after this reply along with your other tools and will feedback with the logs.

 

Thank you.

[Maurice Naggar]

Ok.  And the Roguekiller report is also one I want to review.

 

Try starting Google manually instead of using the quick-ink on the Taskbar.  Lets see if it makes a difference.

 

Use Start >> Run option or in Windows 10, press Windows key + R key  Then copy into   RUN box

  COPY & PASTE  in

 

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

and tap Enter-key.   That is a geeky direct way of starting Chrome.

[nayanwaghmare]

Here are the logs.

RogueKiller Log.txt

AdwCleanerC3.txt

AdwCleanerS3.txt

[Maurice Naggar]

The adwcleaner only found some minimal ( inert ) remains.   And the Riguekiller report is fine.  No signs of rogues.

 

I expect that starting the Edge browser or Internet Explorer browser would involve no problem.

I was hoping you would do a test of starting the Chrome browser ( manually, directly)   just like I listed before.

 

Using the Windows RUN option, do a test of each browser. Chrome, Internet Explorer, Windows 10 EDGE

The command line to Copy >  Paste into the Run box

 

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

 

IEXPLORE.EXE

 

microsoft-edge:

[nayanwaghmare]

I have opened it in the way you've wanted me to but the tabs still keep opening.

[Maurice Naggar]

Specificity helps.   Which browser ?  is the one(s) that are having the issue.

 

You did not say whether or not you started each of the 3 browsers in the manner that I outlined and whether they started cleanly !

 

Can you make screen-image captures?

 

I strongly believe you need to ditch Chrome and totally switch to another browser.  As I recall, I do not think that a malware infection has been found on this system.

 

Tell me, when was the last time this machine was scanned by your antivirus program ?
The last time you ran a threat scan with Malwarebytes ?

 

Do new scans with each of Bitdefender Antivirus

and

also Malwarebytes Anti-Malware.

[nayanwaghmare]

Sorry for late reply,

 

I tried to open Chrome using the way you told me to and the problem of tabs opening still persists.

 

The other browsers seem not to be affected by this issue.

 

By the way I also tried to uninstall Chrome completely and then also delete data again using the Google Dashboard and the restarted and then reinstalled Chrome. However to test whether the problem is with the data on my account, I did not log into Chrome and used it as a brand new browser with my Google account NOT logged in and nothing imported. The tabs still kept opening. This suggests there is something on my laptop itself that is causing this issue and neither has MalwareBytes or Bitdefender Total Security 2016 caught anything as I just ran the scans yesterday. Threat scan and custom scan in Malwarebytes and System Scan in Bitdefender with nothing being caught.

 

What do you suggest I should do?

[Maurice Naggar]

The only suggestion left is for totally uninstalling the Chrome browser.   It is corrupted in some way that cant be fixed.

 

The fact that both Bitdefender as well as our software, plus the other tools have not found a malware infection just confirms that.

Plus the fact that the other browsers are doing fine  just adds to that confirmation.

 

Please do not use Chrome, but remove it altogether.

I do wish you well.   But we have now reached the end of the road.

 

The following procedures will implement some cleanup procedures to remove the tools I had you use.

Download Delfix from here and save it to your desktop.

• Ensure Remove disinfection tools is checked.
• Click the Run button.
• Reboot

Any other programs or logs that are still remaining, you can manually delete.

 

[nayanwaghmare]

Hi thanks for your help.

 

Rather than use that tool I just reset my pc using win 10 reset option which kept my personal data but deleted all apps and etc.

 

So now with everything installed back, Chrome has NO issue

 

Should have done this before as it wasn't all that time consuming.

 

Thanks a lot for all your help and wish you well. 

 

Regard,

Nayan

[Maurice Naggar]

Hi,  That is good news indeed.

Cheers.