[Confused Dave]

Hi I recently installed windows 10 download, also canon zoom browser, canon photo professional. Soon after, the browser started redirecting to unwanted sites. I tried to install various malware removal tools but all installs are interrupted by errors. Kaspersky Internet security says it can't install due to presence of conflicting software ie Baidu antivirus ( which I haven't installed) and I can't find the program to remove it manually.

Any help would be appreciated

Dave

[Advertisements]

Hi there, lets see what is showing...

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• Select additions at the bottom
• Press Scan button.
  
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please attach both logs generated.

[Essexboy]

Hi there, lets see what is showing...

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• Select additions at the bottom
• Press Scan button.
  
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please attach both logs generated.

[Confused Dave]

Hi,

 

Thanks for the response. Requested files attached

 

 Addition.txt   20.72KB   1054 downloads  FRST.txt   62.1KB   240 downloads

 

Dave

[Essexboy]

OK there are two drivers that I will not be able to remove with FRST so I will need to use Malwarebytes for those.

This fix is quite long but it should virtually remove all the malware in one sweep

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKLM\...\Run: [SpaceSoundPro] => "C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe"
HKU\S-1-5-21-1046601001-1906817106-3343807100-1001\...\Run: [GoogleChromeAutoLaunch_471C568578175D6DF77F6D2460619B03] => C:\Users\Ellen\AppData\Local\Chromium\Application\chrome.exe [659456 2015-06-03] (The Chromium Authors)
HKU\S-1-5-21-1046601001-1906817106-3343807100-1001\...\Run: [DeskBar] => C:\Users\Ellen\AppData\Local\DeskBar\dblaunch.exe
HKU\S-1-5-21-1046601001-1906817106-3343807100-1001\...\Run: [WindApp] => "C:\Users\Ellen\AppData\Roaming\Store\WindApp\WindApp.exe" /winstartup
HKU\S-1-5-21-1046601001-1906817106-3343807100-1001\...\Run: [Selection Tools] => "C:\Users\Ellen\AppData\Roaming\WTools\Selection Tools\Selection Tools.exe" /winstartup
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Ellen\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\FileSyncShell.dll No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Ellen\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\FileSyncShell.dll No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Ellen\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\FileSyncShell.dll No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Ellen\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\FileSyncShell.dll No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Ellen\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\FileSyncShell.dll No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll No File
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\Haedyanurv64.dll [353608 2015-09-08] ()
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\Haedyanurv64.dll [353608 2015-09-08] ()
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\Haedyanurv64.dll [353608 2015-09-08] ()
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\Haedyanurv64.dll [353608 2015-09-08] ()
Winsock: Catalog9-x64 17 C:\WINDOWS\system32\Haedyanurv64.dll [353608 2015-09-08] ()
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1046601001-1906817106-3343807100-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.trovi.com/?gd=&ctid=CT3330130&octid=EB_ORIGINAL_CTID&ISID=M89F0110C-C151-4163-88B6-B1F0CC9B52B7&SearchSource=55&CUI=&UM=8&UP=SP76DD2D66-F056-46FB-9377-96A3F592F73F&D=090815&SSPV=SP30500TA_sp_ie
SearchScopes: HKLM -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = hxxp://www.cassiopessa.com/results.php?f=4&q={searchTerms}&a=csp_otbrw8_15_36&cd=2XzuyEtN2Y1L1QzutA0CtDyByBtCyCyCyE0D0Ezy0AyD0F0FtN0D0Tzu0StCtAyEtAtN1L2XzutAtFtCtBtFyDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SzytByBzy0Fzz0B0EtGzz0D0B0FtGyE0BtByBtG0ByEtA0BtG0ByBtA0EyEyCzzyByC0Bzzzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0DzztB0F0C0C0AtG0A0A0EtDtGyE0BtBzztG0A0FtA0AtG0CzytDyE0DzzyD0ByD0CtC0B2QtN0A0LzuyE&cr=1365513339&ir=
SearchScopes: HKU\S-1-5-21-1046601001-1906817106-3343807100-1001 -> DefaultScope {9143e921-7c9a-4d27-ac43-eaccc78cc55a} URL = hxxp://www-searching.com/search.aspx?s=F98zbwybl002,16e48174-861d-40fc-a252-76eb3e60302e&site=shyosie&prd=set&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1046601001-1906817106-3343807100-1001 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3330130&octid=EB_ORIGINAL_CTID&ISID=M89F0110C-C151-4163-88B6-B1F0CC9B52B7&SearchSource=58&CUI=&UM=8&UP=SP76DD2D66-F056-46FB-9377-96A3F592F73F&D=090815&q={searchTerms}&SSPV=SP30500TA_sp_ie
SearchScopes: HKU\S-1-5-21-1046601001-1906817106-3343807100-1001 -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = hxxp://www-searching.com/search.aspx?site=shdefault&prd=smw&pid=s&shr=d&q={searchTerms}&s=F98zbwybl002,16e48174-861d-40fc-a252-76eb3e60302e,
SearchScopes: HKU\S-1-5-21-1046601001-1906817106-3343807100-1001 -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = hxxp://www.cassiopessa.com/results.php?f=4&q={searchTerms}&a=csp_otbrw8_15_36&cd=2XzuyEtN2Y1L1QzutA0CtDyByBtCyCyCyE0D0Ezy0AyD0F0FtN0D0Tzu0StCtAyEtAtN1L2XzutAtFtCtBtFyDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SzytByBzy0Fzz0B0EtGzz0D0B0FtGyE0BtByBtG0ByEtA0BtG0ByBtA0EyEyCzzyByC0Bzzzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0DzztB0F0C0C0AtG0A0A0EtDtGyE0BtBzztG0A0FtA0AtG0CzytDyE0DzzyD0ByD0CtC0B2QtN0A0LzuyE&cr=1365513339&ir=
SearchScopes: HKU\S-1-5-21-1046601001-1906817106-3343807100-1001 -> {9143e921-7c9a-4d27-ac43-eaccc78cc55a} URL = hxxp://www-searching.com/search.aspx?s=F98zbwybl002,16e48174-861d-40fc-a252-76eb3e60302e&site=shyosie&prd=set&q={searchTerms}
FF user.js: detected! => C:\Users\Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\5hxdje8y.default\user.js [2015-09-11]
S2 Update Super Great; "C:\Program Files (x86)\Super Great\updateSuperGreat.exe" [X]
R1 bsdriver; C:\WINDOWS\system32\drivers\bsdriver.sys [34720 2015-09-08] ()
R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [56736 2015-08-20] (Windows ® Win 7 DDK provider)
R1 {ec691f88-7aa1-422e-8927-1e1e09131a80}Gw64; C:\Windows\System32\drivers\{ec691f88-7aa1-422e-8927-1e1e09131a80}Gw64.sys [48744 2015-09-05] (StdLib)
2015-09-19 20:53 - 2015-09-19 20:53 - 02012464 _____ C:\Users\Ellen\Downloads\Adaware_Installer.exe
2015-09-19 20:53 - 2015-09-19 20:53 - 00000000 ____D C:\ProgramData\Lavasoft
2015-09-19 00:17 - 2015-09-19 00:17 - 00000000 ____D C:\Users\Ellen\Downloads\mbam-chameleon-3.1.25.0
2015-09-19 00:16 - 2015-09-19 00:17 - 06383209 _____ C:\Users\Ellen\Downloads\mbam-chameleon-3.1.25.0.zip
2015-09-18 23:18 - 2015-09-18 23:22 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Ellen\Downloads\.exe.exe
2015-09-18 23:10 - 2015-09-18 23:11 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\Ellen\Downloads\SpyHunter-Installer.exe
2015-09-17 12:27 - 2015-09-17 12:28 - 04902832 _____ (VAPC (Lux) S.a.r.L) C:\Users\Ellen\Downloads\wzro32.exe
2015-09-10 18:10 - 2015-09-21 22:10 - 00000276 _____ C:\WINDOWS\Tasks\{6A128791-4857-4484-9BB2-71D4C1257200}.job
2015-09-10 18:10 - 2015-09-10 18:10 - 00003234 _____ C:\WINDOWS\System32\Tasks\{6A128791-4857-4484-9BB2-71D4C1257200}
2015-09-10 15:26 - 2015-09-10 15:30 - 00000000 ____D C:\Program Files (x86)\baidu
2015-09-10 15:26 - 2015-09-10 15:26 - 00000000 ____D C:\Users\Ellen\AppData\Roaming\Baidu
2015-09-10 15:26 - 2015-09-10 15:26 - 00000000 ____D C:\ProgramData\Baidu
2015-09-08 23:48 - 2015-09-10 18:09 - 00000000 ____D C:\Users\Ellen\AppData\Roaming\WTools
2015-09-08 23:48 - 2015-09-10 15:58 - 00000000 ____D C:\Users\Ellen\AppData\Roaming\Store
2015-09-08 23:48 - 2015-09-08 23:48 - 00000078 _____ C:\Users\Ellen\AppData\Roaming\WindApp.installation.log
2015-09-08 23:48 - 2015-09-08 23:48 - 00000078 _____ C:\Users\Ellen\AppData\Roaming\Selection Tools.installation.log
2015-09-08 23:47 - 2015-09-10 15:54 - 00000000 ____D C:\Users\Ellen\AppData\Roaming\Nosibay
2015-09-08 23:47 - 2015-09-08 23:49 - 00001309 _____ C:\Users\Ellen\AppData\Roaming\Bubble Dock.boostrap.log
2015-09-08 23:47 - 2015-09-08 23:48 - 00005713 _____ C:\Users\Ellen\AppData\Roaming\Bubble Dock.installation.log
2015-09-08 23:47 - 2015-09-08 23:47 - 00000097 _____ C:\Users\Ellen\AppData\Roaming\WindApp.boostrap.log
2015-09-08 21:53 - 2015-09-08 21:53 - 00034720 _____ () C:\WINDOWS\system32\Drivers\bsdriver.sys
2015-09-08 21:51 - 2015-09-10 17:53 - 00004760 _____ C:\WINDOWS\SysWOW64\Haedyanurv.ini
2015-09-08 21:51 - 2015-09-10 17:53 - 00002480 _____ C:\WINDOWS\SysWOW64\HaedyanurvOff.ini
2015-09-08 21:51 - 2015-09-10 17:53 - 00002480 _____ C:\WINDOWS\system32\HaedyanurvOff.ini
2015-09-08 21:51 - 2015-09-08 21:51 - 00003686 _____ C:\WINDOWS\System32\Tasks\BAUpd
2015-09-08 21:51 - 2015-09-08 21:51 - 00000000 ____D C:\Users\Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserAir
2015-09-08 21:51 - 2015-09-08 10:28 - 00353608 _____ C:\WINDOWS\system32\Haedyanurv64.dll
2015-09-08 21:50 - 2015-09-08 21:50 - 00000000 ____D C:\WINDOWS\system32\ebon
2015-09-08 21:50 - 2015-09-08 21:50 - 00000000 ____D C:\Users\Ellen\AppData\Roaming\ortmp
2015-09-08 21:49 - 2015-09-10 18:06 - 00000000 ____D C:\Program Files\groover080920151225
2015-09-08 21:49 - 2015-09-08 21:49 - 00000045 _____ C:\user.js
2015-09-08 21:49 - 2015-08-20 11:46 - 00056736 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\Drivers\cherimoya.sys
2015-09-08 21:48 - 2015-09-10 17:52 - 00000000 ____D C:\Program Files\Common Files\Goobzo
2015-09-08 21:48 - 2015-09-10 15:29 - 00000000 ____D C:\Program Files\WebBar
2015-09-08 21:48 - 2015-09-08 21:48 - 00000000 ____D C:\ProgramData\SearchModule
2015-09-06 00:03 - 2015-09-06 00:03 - 00000000 ____D C:\Users\Ellen\AppData\Roaming\0U1E1Q1T2Z1P0S2Z1T1C
2015-09-06 00:02 - 2015-09-06 00:02 - 00000000 ____D C:\Users\Public\Documents\Baidu
2015-09-05 23:59 - 2015-09-10 15:28 - 00000000 ____D C:\Users\Ellen\AppData\Local\Chromium
2015-09-05 23:56 - 2015-09-22 16:56 - 00000282 _____ C:\WINDOWS\Tasks\Tny_Cassiopesa.job
2015-09-05 23:56 - 2015-09-11 21:35 - 00000000 ____D C:\Program Files (x86)\SpaceSondPro_v57.1978
2015-09-05 23:56 - 2015-09-10 18:13 - 00000000 ____D C:\Program Files (x86)\SpaceSondPro
2015-09-05 23:56 - 2015-09-05 23:56 - 00002774 _____ C:\WINDOWS\System32\Tasks\Tny_Cassiopesa
2015-09-05 23:56 - 2015-09-05 23:56 - 00000008 _____ C:\END
2015-09-05 22:18 - 2015-09-05 22:18 - 00000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-09-05 20:09 - 2015-09-05 20:09 - 00000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
C:\Windows\Tasks\{6A128791-4857-4484-9BB2-71D4C1257200}.job
Task: {ACD04BE6-A213-43D1-9927-0A8D84BC524D} - System32\Tasks\Tny_Cassiopesa => C:\Users\Ellen\AppData\Local\{D7C0E~1\UNINST~1.EXE
Task: {C428CDF0-183F-41FB-BBA3-CC681F8174BF} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe <==== ATTENTION
Task: {E6123579-7B41-4C28-91FD-C74D066AA5FA} - System32\Tasks\{6A128791-4857-4484-9BB2-71D4C1257200} => C:\ProgramData\ToolsUpdatePlatform\CallBackInstall.exe [2015-07-07] ()
Task: {F787EC95-8C1B-4095-873A-82B5CF7B2AB3} - System32\Tasks\BAUpd => C:\Users\Ellen\AppData\Local\BrowserAir\Application\updater.exe
Task: C:\WINDOWS\Tasks\Tny_Cassiopesa.job =>
Task: C:\WINDOWS\Tasks\{6A128791-4857-4484-9BB2-71D4C1257200}.job => C:\ProgramData\ToolsUpdatePlatform\CallBackInstall.exe
C:\Program Files (x86)\baidu
C:\Users\Ellen\AppData\Local\Chromium
C:\Program Files\SpaceSoundPro
C:\Program Files (x86)\Super Great
C:\Windows\System32\drivers\{ec691f88-7aa1-422e-8927-1e1e09131a80}Gw64.sys
C:\Users\Ellen\AppData\Local\DeskBar
C:\Users\Ellen\AppData\Roaming\Store\WindApp
cmd: sfc /scanfile=C:\Windows\system32\dnsapi.dll
cmd: sfc /scanfile=C:\Windows\SysWOW64\dnsapi.dll
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download Malwarebytes Anti-Malware to your desktop

• Double-click mbam-setup-version.exe and follow the prompts to install the program.
• At the end, be sure a check-mark is placed next to the following:
  • Ensure that "Enable free trial of Malwarebytes Anti-Malware Premium" is unchecked
  • Launch Malwarebytes Anti-Malware
• Then click Finish.
• If an update is found, you will be prompted to download and install the latest version.
• Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
• When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
• Reboot your computer if prompted.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

To access logs from Malwarebytes Anti-Malware 2.0:



1.Open Malwarebytes Anti-Malware 2.0
2.Click History > Application Logs
3.Double-click the log you would like to open

Scan Logs record detections from manual scans, including threats detected and the actions taken against them

To save a Scan Log:

1.Open the log file you would like to save
2.Click Export
3.Choose to export to a .txt
4.Choose a folder to save the log file in, then click Save
5.Post that log here

FINALLY

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Scan.
• After the scan is complete click on "Clean"
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[S0].txt as well.

[Confused Dave]

Hi,

 

I ran FRST with the fixlist and received the attached log on completion

 

 Fixlog.txt   19.44KB   252 downloads

 

 

 

I then ran malwarebytes but received the following error on setup

 

"Runtime error (at 75:100):

 

 Could not call proc. "

 

Clicking ok closes the installation setup. Can you please advise me on a way around this?

 

Cheers

 

Dave

[Essexboy]

The Fix did not appear to be fully run

Could you re-run this portion of the fix and ensure that the system reboots please

Then try MBAM again, please download a fresh copy though

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
C:\Program Files (x86)\baidu
C:\Users\Ellen\AppData\Local\Chromium
C:\Program Files\SpaceSoundPro
C:\Program Files (x86)\Super Great
C:\Windows\System32\drivers\{ec691f88-7aa1-422e-8927-1e1e09131a80}Gw64.sys
C:\Users\Ellen\AppData\Local\DeskBar
C:\Users\Ellen\AppData\Roaming\Store\WindApp
cmd: sfc /scanfile=C:\Windows\system32\dnsapi.dll
cmd: sfc /scanfile=C:\Windows\SysWOW64\dnsapi.dll
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

[Confused Dave]

Hi,

 

Re-ran FRST with the new fixlist and received the following log

 

 Fixlog.txt   8.3KB   266 downloads

 

 

However when I tried to run the fresh download of MalwareBytes the same error occured

 

Dave

[Essexboy]

OK coninue to adwcleaner and I will have a rethink about how to tackle those two drivers

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Scan.
• After the scan is complete click on "Clean"
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[S0].txt as well.

[Confused Dave]

Hi,

 

That program ran fine and produced the following logs (wasn't sure which you needed so posted all 3)

 

 Quarantine.log   1.43KB   212 downloads  AdwCleanerS1.txt   4.02KB   229 downloads  AdwCleanerC1.txt   4.51KB   211 downloads

 

Cheers

 

 

[Essexboy]

OK when you are ready we will go to safe mode with networking

Turn off the PC by pressing the shift key at the same time as you press restart



Select the Trouble shoot option



Select Advanced option



Select Startup settings

Select Safe mode with networking

Then download and run Malwarebytes

[Confused Dave]

Hi

 

I tried running the program in safe mode as above but still received the same error message from previous attempts

[Essexboy]

OK return to normal mode on the computer and uninstall MBAM via control panel
Then download and run the following programme http://downloads.mal...file/mbam_cleanthis will remove all traces of MBAM

Then run a fresh FRST scan so that I can see the current satate of affairs

How is the computer behaving now ?

[Confused Dave]

Hi

 

Web links are still redirecting to ads and i'm still getting popups whenever I try to close tabs. General performance seems ok, no slow down or crashing

 

Attached logs as requested

 

 Addition.txt   19.14KB   240 downloads  FRST.txt   51.18KB   178 downloads

 

Cheers

[Essexboy]

Are the redirects in Edge browser ?


CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
R1 bsdriver; C:\WINDOWS\system32\drivers\bsdriver.sys [34720 2015-09-08] ()
2015-09-23 21:30 - 2015-09-23 21:30 - 00000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
Task: {E6123579-7B41-4C28-91FD-C74D066AA5FA} - \{6A128791-4857-4484-9BB2-71D4C1257200} -> No File <==== ATTENTION
C:\WINDOWS\system32\drivers\bsdriver.sys
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
cmd: sfc /scanfile=C:\Windows\SysWOW64\dnsapi.dll

Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download Malwarebytes Anti-Malware to your desktop

• Double-click mbam-setup-version.exe and follow the prompts to install the program.
• At the end, be sure a check-mark is placed next to the following:
  • Ensure that "Enable free trial of Malwarebytes Anti-Malware Premium" is unchecked
  • Launch Malwarebytes Anti-Malware
• Then click Finish.
• If an update is found, you will be prompted to download and install the latest version.
• Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
• When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
• Reboot your computer if prompted.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

To access logs from Malwarebytes Anti-Malware 2.0:



1.Open Malwarebytes Anti-Malware 2.0
2.Click History > Application Logs
3.Double-click the log you would like to open

Scan Logs record detections from manual scans, including threats detected and the actions taken against them

To save a Scan Log:

1.Open the log file you would like to save
2.Click Export
3.Choose to export to a .txt
4.Choose a folder to save the log file in, then click Save
5.Post that log here

[Confused Dave]

Hi

 

 Fixlog.txt   6.96KB   224 downloads

 

Same error code interrupting the install of Malwarebytes. The redirects seem a lot less frequent now though

 

Yes Edge is the only browser currently installed to my knowledge, Firefox was previously the default browser but it stopped connecting to the internet when other applications would so I tried a reinstall. However I couldn't get to the download link without being redirected to ads