Every first click on a new page is trying to open popup window

[excarione]

Hello,

I was searching for some file on internet. I found one. Before I opened it, I uploaded it to VirSCAN.org and it told me, the file is clean. So I opened it on my computer, it was not my program and it installed adware on my computer. I had these symtoms:

(1) When I typed to google bar, a toolbar opened and all the letters were there. I had to close the toolbar everytime
(2) Popup windows sometimes appeared
(3) When I opened Firefox, with all my old tabs, also one new opened with ads
(4) When I open a page in a new tab or window, and I put my mouse on a hyperlink it does not change to little hand cursor, but it still looks the same. When I click, the whole screen blinks and firefox says it blocked a popup windows trying to direct to tradeadexchange.com

After all these problems I runned AdwCleaner and it solved the problem number (3). I also reinstaled my browser. I had no time to keep solving, so kept using my browser. Today I decided to solve it.

I runned AdwCleaner, then Malwarbytes Anti-Malware, then HitManPro and Zemana AntiMalware. It found few things and everything seem to be much better. ALL the problems are solved exept the problem number (4).

Always, the first click on a new page blinks add try to open a popup window. It is very anoying. Please, give me any advice, I will be VERY grateful.

PS: I can not send FRST log. When I open it, it is searching for updates, then a small window appears saying it is updated. Then it closes itsefl, opens again and the whole process goes again and again and again in the circle.
PPS: I can not find button "upload" anywhere so I will first post this and then try to upload some of them after.

Thank you for your help!

 

[TwinHeadedEagle]

Hello,


Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
  
  
  
  
  
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

[excarione]

Hello,


Please download Farbar Recovery Scan Tool and save it to your desktop.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
  
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Hello,

as I wrote, it is not possible, the Farbar is saying it is updated again and again in the circle, so I can not click anything. I add logs from AdwCleaner and Malwarebytes AntiMalware. It is not possible to upload the files, it shouw error when I try to.


ADW FIRST SCAN IN THE MIDDLE OF OCTOBER:

# AdwCleaner v6.021 - Log soubor vytvořen 13/10/2016 na 04:36:12
# Aktualizováno dne 06/10/2016 z ToolsLib
# Databáze : 2016-10-11.1 [Server]
# Operační systém : Windows 10 Pro (X64)
# Uživatelské jméno : racek - HLUBINAMYŠLENÍ
# Beží od : C:\Users\racek\Downloads\adwcleaner_6.021.exe
# Mod: Skenování
# Podpora : ToolsLib



***** [ Služby ] *****

Nebyly nalezeny žádné škodlivé služby.


***** [ Adresáře ] *****

Nebyly nalezeny žádné škodlivé složky.


***** [ Soubory ] *****

Nebyly nalezeny žádné škodlivé soubory.


***** [ DLL ] *****

Nebyly nalezeny žádné škodlivé DLL soubory.


***** [ WMI ] *****

Nebyly nalezeny žádné škodlivé klíče.


***** [ Zástupce ] *****

Zástupce infikován: C:\Users\Public\Desktop\Google Chrome.lnk ( "hxxp://webstarts.biz/?ssid=1476317014&a=1004438&src=sh&uuid=a13067f9-5936-4569-84df-d7d8d6114658,1476316649051" )
Zástupce infikován: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk ( "hxxp://webstarts.biz/?ssid=1476317014&a=1004438&src=sh&uuid=a13067f9-5936-4569-84df-d7d8d6114658,1476316649051" )
Zástupce infikován: C:\Users\racek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk ( "hxxp://webstarts.biz/?ssid=1476317014&a=1004438&src=sh&uuid=a13067f9-5936-4569-84df-d7d8d61146
Zástupce infikován: C:\Users\racek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk ( "hxxp://webstarts.biz/?ssid=1476317014&a=1004438&src=sh&uuid=a13067f9-5936-4569-84df-d7d8d6114658,1476316649


***** [ Plánovač úloh ] *****

Žádný nebezpečná úloha nenalezena.


***** [ Registry ] *****

Klíč nalezen: HKU\S-1-5-21-4282418195-2813720572-1034136875-1001\Software\Conduit
Klíč nalezen: HKCU\Software\Conduit
Klíč nalezen: HKLM\SOFTWARE\Conduit
Klíč nalezen: [x64] HKCU\Software\Conduit
Klíč nalezen: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
Klíč nalezen: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
Klíč nalezen: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
Klíč nalezen: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com


***** [ Internetové prohlížeče ] *****

Nebyly nalezeny žádné škodlivé položky prohlížeče Firefox báze.
Nebyly nalezeny žádné škodlivé položky prohlížeče Chromium báze.

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [2537 Bajtů] - [13/10/2016 04:36:12]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2611 Bajtů] ##########
________________________________________________________________________________________________________
ADW SECOND SCAN TODAY:

# AdwCleaner v6.030 - Log soubor vytvořen 03/11/2016 na 22:26:21
# Aktualizováno dne 19/10/2016 z Malwarebytes
# Databáze : 2016-11-03.2 [Server]
# Operační systém : Windows 10 Pro (X64)
# Uživatelské jméno : racek - HLUBINAMYŠLENÍ
# Beží od : C:\Users\racek\Downloads\Instalačky\adwcleaner_6.030.exe
# Mod: Skenování
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****

Nebyly nalezeny žádné škodlivé služby.


***** [ Adresáře ] *****

Nebyly nalezeny žádné škodlivé složky.


***** [ Soubory ] *****

Nebyly nalezeny žádné škodlivé soubory.


***** [ DLL ] *****

Nebyly nalezeny žádné škodlivé DLL soubory.


***** [ WMI ] *****

Nebyly nalezeny žádné škodlivé klíče.


***** [ Zástupce ] *****

Žádné infikovaný zástupce nenalezen.


***** [ Plánovač úloh ] *****

Žádný nebezpečná úloha nenalezena.


***** [ Registry ] *****

Klíč nalezen: HKU\S-1-5-21-4282418195-2813720572-1034136875-1001\Software\Conduit
Klíč nalezen: HKCU\Software\Conduit
Klíč nalezen: [x64] HKCU\Software\Conduit


***** [ Internetové prohlížeče ] *****

Firefox nastavení nalezeno: [C:\Users\racek\AppData\Roaming\Mozilla\Firefox\Profiles\yommvckr.default\prefs.js] - "browser.search.hiddenOneOffs" - "Seznam,DuckDuckGo,Mapy.cz,Slunečnice"
Nebyly nalezeny žádné škodlivé položky prohlížeče Chromium báze.

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [2111 Bajtů] - [13/10/2016 03:39:56]
C:\AdwCleaner\AdwCleaner[S0].txt - [2703 Bajtů] - [13/10/2016 03:36:12]
C:\AdwCleaner\AdwCleaner[S1].txt - [1533 Bajtů] - [13/10/2016 03:47:02]
C:\AdwCleaner\AdwCleaner[S2].txt - [1601 Bajtů] - [17/10/2016 14:55:53]
C:\AdwCleaner\AdwCleaner[S3].txt - [1777 Bajtů] - [03/11/2016 22:26:21]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1851 Bajtů] ##########
__________________________________________________________________________________________________________

MALWAREBYTES ANTI MALWARE TODAY:


Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 03.11.2016
Čas skenování: 23:43
Protokol: Malwarbytes Succesfull scan.txt
Správce: Ano

Verze: 2.2.1.1043
Databáze malwaru: v2016.11.03.14
Databáze rootkitů: v2016.10.31.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto

OS: Windows 10
CPU: x64
Souborový systém: NTFS
Uživatel: racek

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 394597
Uplynulý čas: 3 min, 44 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 0
(Nenalezeny žádné škodlivé položky)

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

________________________________________________________________________________________

THANK YOU VERY MUCH!

 

[TwinHeadedEagle]

Please disconnect your internet and then run Farbar.

 

[TwinHeadedEagle]

Never copy/paste reports, that is rule number one. Always attach them.

 

[excarione]

Hello, as I wrote twice already, I can not attach a file. The button between "Post Reply" and "More Options" is white, no text. Also I read some old threads and you said to somebody that he can past the report if the Upload button does not work. So I did the same. Thank you for your help Eagle!

 

[TwinHeadedEagle]

Please upload reports here and give me download links:
Zippyshare.com - Free File Hosting