[Essexboy]

OK lets manually remove it now

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKLM\...\Run: [SoftEther VPN Client UI Helper] => C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5199592 2015-10-06] (SoftEther VPN Project at University of Tsukuba, Japan.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk [2015-10-06]
ShortcutTarget: SoftEther VPN Client Manager Startup.lnk -> C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe (SoftEther VPN Project at University of Tsukuba, Japan.)
R2 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5199592 2015-10-06] (SoftEther VPN Project at University of Tsukuba, Japan.)
C:\Program Files\SoftEther VPN Client
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Scan.
• After the scan is complete click on "Clean"
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[S0].txt as well.

[Advertisements]

Here are my logs. I am still getting pops ups still sadly.

Attached Files

•  Fixlog.txt   3.08KB   186 downloads
•  AdwCleanerC1.txt   2.86KB   300 downloads

[Destiny000]

Here are my logs. I am still getting pops ups still sadly.

Attached Files

•  Fixlog.txt   3.08KB   186 downloads
•  AdwCleanerC1.txt   2.86KB   300 downloads

[Essexboy]

Are these MBAM alerts or actual ad popups ?

Are any other computers in the house experiencing the same problems

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint:
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

[Destiny000]

Will edit here in a bit once i finish the fix. The pop ups only happen when I click in browsers, and malwarebytes is blocking ports outbound, i'm sure i would have more pop ups happening without it. I also bring my laptop to work and no other computers have this issue. So using another internet, everything happens the same, even with windows update.

Attached Files

•  Fixlog.txt   7.47KB   187 downloads

Edited by Destiny000, 10 December 2015 - 01:37 PM.

[Essexboy]

So you still get the popups at work

[Destiny000]

Fix list is in earlier post. And yes even at work. Wherever I go, no matter what internet I use.  Would uninstalling all browsers then reinstalling do something do you think? I have bookmarks in oprah and firefox, not sure how i save those since the browsers are different than chrome. When malwarebytes shows it is blocking, you remember how it says chrome is sending it, well it changes depending on browser so if i close chrome and use oprah then malwarebytes says oprah is sending. Oh and i also don't get actual pop ups in oprah. . . . . . . never mind. They are now finally happening.

Edited by Destiny000, 10 December 2015 - 02:03 PM.

[Essexboy]

Yes that would be one way to go as I cannot see what is causing the problem.. Although adware is getting very smart now and actually subverting some browser files

When you uninstall/reinstall the browsers ensure that none are set to synchronise with online data as that could re-install the problem

[Destiny000]

How do I do that with chrome so it doesn't auto sync it with being windows 10? Also how do I somehow save my bookmarks in the various browsers? Is this possible?

 

Also is there actually a separate file online for downloading microsoftedge aside from having to download and install windows 10?

 

And i know there are some programs that when uninstalling it checks to see if there are any remainder files remaining after the installation that it can then delete if user chooses too. Would this be a good idea?

 

Do you know of any newer browsers that have been made that combat more browser based malware?

Edited by Destiny000, 10 December 2015 - 03:38 PM.

[Essexboy]

Edge is fairly safe at the moment as it is new. With regards to full removal you could use something like revo uninstaller http://www.revounins...e_download.html

There should be an export bookmark function in all browsers

I have instructions for removing Chrome


1. If you have bookmarks, let's save them by exporting them - Export Bookmarks
2. Then I need you to go Google Sync and sign into your account
3. Scroll down until you see the "Stop and Clear" button and click on the button. At the prompt click on "Ok"
4. Now we need to uninstall chrome. Note: When asked about user data or settings you must remove this also so please check the box.

Firefox has details here https://support.mozi...m-your-computer

For IE go to Control Panel > Internet Options > Advanced and click reset

[Destiny000]

I'm guessing the reset button at the bottom is the "stop and clear button" since there was no actually button saying that, only a reset button. That cleared all my data it said.

 

Also I used that program to run a scan just to see what it would find. I took pictures and have not done anything. I have added pics. Are any of these files/types safe to delete?

Attached Thumbnails

• 
• 
• 
• 
• 
• 
• 
• 
• 
• 

Edited by Destiny000, 10 December 2015 - 05:58 PM.

[Essexboy]

Aye they are all temp files and safe to remove

[Destiny000]

Ok Just letting you know. I have not had any pop ups at all thus far. I have not reinstalled any other browsers yet. I may do just opera. I will see what happens int he next few days. Thanks!

[Essexboy]

OK this was a weird one... I believe it is related to Chrome, keep me informed please

[Destiny000]

I think I had one pop up in Microsoft edge. Went to check statements in online banking and when sent url to go to it, another page opened  for a telus net survey winner. 0.o

Edited by Destiny000, 11 December 2015 - 11:25 AM.

[Essexboy]

Is Telus your ISP ?