Virus and pop-up issues

[jdog9243]

I'm having problems with pop-ups and virus issues. My anti-virus protection lapsed and I've been having troubles. Reinstating the virus program (ESET) can't seem to fix the issues. Have tried MBAM, etc., but I think I need a careful analysis and cleaning.

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 8.1, 64 bit
Processor: Intel(R) Core(TM) i7-4702HQ CPU @ 2.20GHz, Intel64 Family 6 Model 60 Stepping 3
Processor Count: 8
RAM: 8115 Mb
Graphics Card: NVIDIA GeForce GTX 765M, -2048 Mb
Hard Drives: C: Total - 231369 MB, Free - 157320 MB;
Motherboard: RAZER, RAZER
Antivirus: ESET Smart Security 8.0, Updated and Enabled

 

[CatByte]

Welcome to TSG

please do the following

Please download the appropriate version of Farbar Recovery Scan Tool (FRST.exe) from here:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ (for 32bit systems)
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ (for 64bit systems)
save it to your desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

[jdog9243]

Thanks for your reply. I have tried to post this a few times with cut and paste versions of the logs, but I just realized the message is too long, so just attaching the files.

 

[CatByte]

please do the following:

Download attached fixlist.txt file and save it to the Downloads folder.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.


NEXT

Please download Junkware Removal Tool to your desktop.

• Shutdown your antivirus to avoid any conflicts.
• Right-mouse click JRT.exe and select Run as administrator
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message

 

[jdog9243]

Here you go:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.1 (04.02.2015:1)
OS: Windows 8.1 x64
Ran by John on Fri 04/03/2015 at 10:45:08.84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\John\AppData\Roaming\mozilla\firefox\profiles\5yw7ss6r.default-1426520601840\minidumps [2 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 04/03/2015 at 10:48:12.47
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[jdog9243]

Sorry forgot the fixlog.txt:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by John at 2015-04-03 10:41:28 Run:1
Running from C:\Users\John\Downloads
Loaded Profiles: UpdatusUser & John (Available profiles: UpdatusUser & John & Administrator)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
HKLM-x32\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
URLSearchHook: [S-1-5-21-3341362822-3246827577-644040578-1001] ATTENTION ==> Default URLSearchHook is missing.
2015-03-16 20:07 - 2015-03-16 20:08 - 00000000 ____D () C:\ProgramData\VVxHFo
C:\Users\John\AppData\Local\Temp\ConsumerInputSetup.exe
C:\Users\John\AppData\Local\Temp\dllnt_dump.dll
C:\Users\John\AppData\Local\Temp\HitmanPro.exe
C:\Users\John\AppData\Local\Temp\InstHelper.exe
C:\Users\John\AppData\Local\Temp\Quarantine.exe
C:\Users\John\AppData\Local\Temp\SpOrder.dll
C:\Users\John\AppData\Local\Temp\sqlite3.dll
end
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
Error setting Default URLSearchHook.
C:\ProgramData\VVxHFo => Moved successfully.
C:\Users\John\AppData\Local\Temp\ConsumerInputSetup.exe => Moved successfully.
C:\Users\John\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.
C:\Users\John\AppData\Local\Temp\HitmanPro.exe => Moved successfully.
C:\Users\John\AppData\Local\Temp\InstHelper.exe => Moved successfully.
C:\Users\John\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\John\AppData\Local\Temp\SpOrder.dll => Moved successfully.
C:\Users\John\AppData\Local\Temp\sqlite3.dll => Moved successfully.

==== End of Fixlog 10:41:36 ====

 

[CatByte]

what issues are remaining?

 

[jdog9243]

All the same issues. Nothing has changed. Pop-ups, videos play, etc. every time I visit a web site.

 

[CatByte]

Please do the following:

Reset all the browsers back to default:

Instructions on how to backup your Favourites/Bookmarks and other data can be found below.

Backup Internet Explorer Bookmarks
http://www.wikihow.com/Back-Up-Favorites-in-Internet-Explorer
Backup Firefox Bookmarks
https://support.mozilla.org/en-US/kb/export-firefox-bookmarks-to-backup-or-transfer
Backup Chrome Bookmarks
http://www.wikihow.com/Export-Bookmarks-from-Chrome

Proceed with the reset once done.

I.E.

Open Internet Explorer, click on the gear icon at the top (far right), then click again on Internet Options.
In the Internet Options dialog box, click on the Advanced tab, then click on the Reset button.
Reset Internet Explorer
In the Reset Internet Explorer settings section, check the Delete personal settings box, then click on Reset Internet Explorer back to its default settings
When Internet Explorer finishes resetting, click Close in the confirmation dialogue box and then click OK.
Close Internet Explorer.

Firefox

At the top of the Firefox window, click the Firefox button, go over to the Help sub-menu and select Troubleshooting Information.
Click the Reset Firefox button in the upper-right corner of the Troubleshooting Information page.
To continue, click Reset Firefox in the confirmation window that opens.
Firefox will close and be reset. When it&#8217;s done, a window will list the information that was imported. Click Finish

Google Chrome

enter the following into the Chrome address bar:

chrome://settings/personal

&#8226; and at the bottom click on "Advanced Settings"
&#8226; At the very bottom of the page click on "Reset Browser Settings"

Then if you use the sync feature, check the section for "delete your synced data from your Google Account " at the bottom of this page
http://support.google.com/chrome/bin/answer.py?hl=en&answer=185277


NEXT


Reset your Router:

This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.
Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
If you don&#8217;t know the router's default password, you can look it up. HERE http://www.routerpasswords.com/
You also need to reconfigure any security settings you had in place prior to the reset.
You may also need to consult with your Internet service provider to find out which DNS servers your network should be using.

NEXT

Please do the following:

type cmd.exe into the search box
RIGHT-click on Cmd.exe when it populates in the window below

Select Run As Administrator

In the command window type the following and then hit enter:

ipconfig /flushdns

You will see the following confirmation:

"Windows IP Configuration
Successfully flushed the DNS Resolver Cache."

Let me know how that worked

 

[jdog9243]

Everything is loading really slowly, but pop-ups are gone and that is a very good thing. Having to close 5-6 windows every site you visit gets really old. Thank you so much.

 

[CatByte]

That's good news, reboot the PC a couple of times, see if the speed improves.

Run a scan with Malwarebytes > update the definitions and let me know if anything is found

attach the new log

(history > application logs > open the latest scan log > export to a .txt file > save > post)

Please let me know if there are any outstanding issues.

 

[jdog9243]

Speed is improving, I assume as cookies, etc. are reinstalled. Have only had one pop-up occur since the reset. Vast improvement.

Here is the Malwarebytes scan log:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/5/2015
Scan Time: 11:33:32 AM
Logfile: MBAM.txt
Administrator: Yes

Version: 2.01.4.1018
Malware Database: v2015.04.05.03
Rootkit Database: v2015.03.31.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: John

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 471994
Time Elapsed: 5 min, 24 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

[CatByte]

Have only had one pop-up occur since the reset

what was the pop-up and where did you see it - which browser.

 

[jdog9243]

Firefox, didn't make note of the last pop-up, but new pop-ups from Kiosked.ads

 

[jdog9243]

Now getting some Mark Weldon and DiscountDrivers.com pop-ups, still on Firefox. Only ever use IE for emergencies or when Firefox isn't working.