Need help removing Chitika popups, FB popups, and adyieldmanager popups

Viruses and worms
21

Thanks Essexboy. Please see the attachment.

22

Any further problems ?

23

Until today, no more chitika :D. Thank you very much Essexboy. You make my day! ;D

24

Run OTL and press the cleanup button to remove it and its associated files ;D

25

Done. Thank you.

26

Could you please help me with mine as well?
I am not sure if this is the right place to post or I need to start another thread for my Chitka and Ads.
Admins, please let me know if you think I should start on a new thread.

I have my OTL Logs ready here.

[suspicious]Pretty please!! transgenic puppy eyes[/suspicious]
I thank you in advance.

27

@TrailerMusicLover

start your own topic in virus and worms forum section

also attach AdwCleaner and Malwarebytes logs. http://forum.avast.com/index.php?topic=53253.0

removers arrive in the forum later today…

28

Thanks for replying so quick. Now, that should help me organize things better.
I did all those steps already, now just put them together as requested.

29

Oh, big question, to any mods and admins who are reading this.
Do you know if I could hide my logs from non-member visitors, so that they don’t have access to them?
[suspicious]Those logs have my name in it, you see?[/suspicious]
If there’s a tutorial on how to keep attachments accessible to certain people only…
Thanks.

30

This should cure it, let me know

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

31

I think that solved it, i haven’t seen any of those intrusive things for the past five minutes. I attached the log here.
I wonder if it’s okay if I ask you for help to take a quick look at my mbam log as well.
Thank you.

32

Sure, but your main problem was a hijacked Host file

33

Thank you so much for being so nice and amazing. I’m sure it’s not very appropriate to discuss unrelated malware/virus problem here, but since you said I could.

Here we go, it was from a quick scan, which is practically the same as my fullscan results. The two registry value PUM.UserWLoad and Trojan.Ransom always show up in my MBAM scan results (regardless full or quick scans) I have no idea where I got them from. If I am to scan again now they would just show up again, even though it said “deleted on reboot”. I thought mbam would let me know if something persisent like that should require more action to remove.

What test do you suggest I run? I read some post regarding Cclean(er?), and wonder…

I have also read your “Logs to assist in cleaning malware” as suggested, and I know I am not doing things in the right order. So I appologize if that causes any inconvience.

Thank you again.

34

Could you run a fresh OTL scan please and ensure all users is selected plus the LOP tick box

35

… more work for you.

Thanks for looking in.

edited: forgot the extras.

36

OK lets now kill all the leftovers and do some repairs

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchbrowsing.com
IE - HKU\S-1-5-21-658246845-2640705209-2326254111-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchbrowsing.com
IE - HKU\S-1-5-21-658246845-2640705209-2326254111-1000\..\URLSearchHook: {1930e38a-deef-4cf4-9bfb-9c4ea3689a9d} - No CLSID value found
IE - HKU\S-1-5-21-658246845-2640705209-2326254111-1000\..\URLSearchHook: {bb45ef8e-1e36-4535-a017-ec908fb1e335} - No CLSID value found
O3 - HKU\S-1-5-21-658246845-2640705209-2326254111-1000\..\Toolbar\WebBrowser: (no name) - {1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D} - No CLSID value found.
F3:64bit: - HKU\S-1-5-21-658246845-2640705209-2326254111-1000 WinNT: Load - (C:\Users\dongnghi\LOCALS~1\Temp\msrouqc.com) - File not found
F3 - HKU\S-1-5-21-658246845-2640705209-2326254111-1000 WinNT: Load - (C:\Users\dongnghi\LOCALS~1\Temp\msrouqc.com) - File not found
[2013/01/28 21:20:25 | 000,000,000 | -HSD | M] -- C:\Users\dongnghi\AppData\Roaming\78E026

:Files
C:\$Recycle.Bin\S-1-5-18\$259e5a6c04e995c46253cac337b1e97e

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

  • IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks

http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png

http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png

[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Notes:

  1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
  2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
  3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

37

How my pc works after Combofix:

  1. Combofix finished Log. Some programs couldn’t open, with message “Illegal operation attempted on a registry key that has been mark for deletion”
  2. After rebooted, everything worked just fine and fast.
  3. Opened Chrome and browsed a few things, while running MBAM to see if the two mentioned viruses were gone…… PC crashed with blue screen “A problem has been detected and windows has been shut down…” (please see attached picture, and long report below for crashes history)
  4. I rebooted it again. Since then, nothing scary happened in the past 6 hours. New MBAM result was clean.

Long Report on the crashes eight days ago:

    My PC never crashed before in its 3 years life. 8 days ago, I downloaded Freemind program, downloaded Windows 8 from my college website, updated Adobe Reader to XI (still not working). And I also started using Chrome around the same time. My PC crashed like six times within half an hour that night, even when I tried Safemode with Networking, each with a blue screen message (same as the one mentioned above.)

   So I ran Microsoft Security Essentials and MBAM under Safemode. It didn’t crash again since then. I went back to using Internet Explorer. I attempted to install Windows 8, which countered some conflict and ended up unsuccessful.

   Until two days ago, you helped me with the hijacked host file problem. After that, you know the story 

Thanks for reading, and I apologize for any inconvenience this long message might cause.

38

For the BSOD could you locate the last two or three mindumps from C:\Windows\mindump folder
Zip them up and either e-mail them to me or upload to a file sharing site for me to collect.
That error code suggest a driver incompatibility

Combofix looks to have completed the repairs, but are you still having problems with Chrome when run without MBAM going

39

Hi there,

Here is the link to the dump files, http://www.mediafire.com/?u1r78mc3kg6x898
Let me know if you cannot collect them.
And Chrome has been working fine. Though after I woke up, I started receiving Security Alert messages from Internet Explorer, saying “You are about to view pages over a secure connection. Any information you exchange with this site cannot be view by anyone else on the web.” I browsed a little bit about it, and it seems be nothing to worry about much.
Anyway, thanks for the hard work.

[Edit] 5 hours later:

I shut the pc down and left for a bit. When I turned it back on, after I finished typing in the log-in password, it crashed with that blue screen and similar content. And that was the first crash in 24 hours, after the last crash and Combofix.

40

Hmm the answer to this is an unidentified driver. We have two ways to approach this:

Either run a driver checking utility to update the system drivers (I have one )
Or run the system in a clean boot mode and check groups of drivers out

Which way would you like to go ?