Ads playing in background

[SkyBlue]

On Wednesday, audio ads began playing in the background on the computer, the computer began randomly restarting, and google search items were being redirected. I went through all the steps on the blog on this site, and when I did the last step (jrt), the ads stopped. I then reset the browsers and the search redirect was fixed. But when I restarted the computer, the ads were back again. I did the jrt thing again and they stopped again, but I haven't restarted the computer yet. Help.

 

[TwinHeadedEagle]

Welcome


Follow this thread and attach the reports

http://malwaretips.com/threads/malware-removal-assistance-how-to-get-help.20334/

 

[SkyBlue]

# AdwCleaner v3.016 - Report created 05/01/2014 at 18:22:31
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium (64 bits)
# Username : Nidhal - NIDHAL-VAIO
# Running from : C:\Users\Nidhal\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7600.17267


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Nidhal\AppData\Roaming\Mozilla\Firefox\Profiles\efhzvdr3.default-1388953181525\prefs.js ]


-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\Nidhal\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2246 octets] - [05/01/2014 14:41:52]
AdwCleaner[R1].txt - [2491 octets] - [05/01/2014 14:45:01]
AdwCleaner[R2].txt - [1082 octets] - [05/01/2014 18:20:32]
AdwCleaner[S0].txt - [2395 octets] - [05/01/2014 14:47:31]
AdwCleaner[S1].txt - [1004 octets] - [05/01/2014 18:22:31]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1064 octets] ##########

 

[SkyBlue]

I got tired of copying and pasting.

 

[SkyBlue]

Addition

 

[SkyBlue]

I tried to do the last thing (aswmbr), but when it was scanning the program data, the screen turned blue and it said that windows was restarting because something was trying to modify it or something like that. This was the second time I had tried the scan. The first time, I left the computer alone and when I came back, it had already restarted, so I assume the same thing happened the first time. Should I try it again?

 

[TwinHeadedEagle]

Leave Aswmbr for now...


Once again we shall use FRST for additional checks. Re-run FRST/FRST64 by double-clicking:

• Type rpcss.dll into the Search: field in FRST then click the Search File(s) button.
• FRST will search your computer for files and when finished it will produce a log Search.txt in the same directory the tool is run.
• Please attach it to your reply.

 

[SkyBlue]

Done.

 

[TwinHeadedEagle]

Download attached fixlist.txt on the same location as FRST (otherwise the fix won't work)

Open FRST, and click Fix. Attach me that report after it is finished.

 

[SkyBlue]

Ok.

 

[TwinHeadedEagle]

Re-run FRST, attach fresh report...

Tell me how are the things now?

 

[SkyBlue]

I haven't heard the ads since I started up the computer this morning. Usually, they begin within a few minutes. There also haven't been any random restarts yet today. But yesterday when the fix with FRST finished, I noticed that in addition to the fixlog on my desktop, there was a file or something that I had never seen before with the name in Chinese characters. I've attached a picture of the icon. What should I do with that? If the computer continues to act normally, can I assume that things are fixed?

 

[TwinHeadedEagle]

Yes, PC is now clean. That strange file belongs to FRST, and you can delete it manually...

We need only one more check, and we're done...


Step 1.

Open My Computer --> C:\. You will see FRST folder located there.
I need you to archive (zip, rar) that folder and upload it here --> www.zippyshare.com
Copy download link here.



Step 2.

Please download aswMBR and save it to your desktop.

Double click aswMBR.exe to start the tool.

• Select Yes if prompted to download the Avast database.
• Click Scan
• Upon completion of the scan ( Scan finished successfully ) click Save log and save it to your desktop, and post that log in your next reply for review.
  Note: do NOT attempt any Fix yet.

 

[SkyBlue]

I tried to zip the folder, but it didn't work. I tried it with a random different folder to see if I was just being an idiot, but it worked with that one.

I was able to complete step 2.

 

[TwinHeadedEagle]

Can you post the link from .zip upload?

 

[SkyBlue]

I couldn't zip the file. It didn't work.

Also, I was having issues with searches being redirected. With Chrome, I deleted an extension that I hadn't installed, and that temporarily fixed it. But I've noticed that today whenever I open Chrome, that same extension is back and my searches are redirected.

 

[TwinHeadedEagle]

Re-run FRST, check Additon and attach both reports...

Look here how to .zip a folder.

 

[SkyBlue]

FRST and Addition

 

[SkyBlue]

As for the zipped folder, I had tried it as shown in the video before and it didn't work. I just tried it again twice and an error box popped up both times that said, "File not found or no read permission." And the zipped folder was not created.

 

[TwinHeadedEagle]

What extension is back?