Need help removing Chitika popups, FB popups, and adyieldmanager popups

[TrailerMusicLover]

I think that solved it, i haven't seen any of those intrusive things for the past five minutes. I attached the log here.
I wonder if it's okay if I ask you for help to take a quick look at my mbam log as well.
Thank you.

[essexboy]

Sure, but your main problem was a hijacked Host file

[TrailerMusicLover]

Thank you so much for being so nice and amazing. I'm sure it's not very appropriate to discuss unrelated malware/virus problem here, but since you said I could.

Here we go, it was from a quick scan, which is practically the same as my fullscan results. The two registry value PUM.UserWLoad and Trojan.Ransom always show up in my MBAM scan results (regardless full or quick scans) I have no idea where I got them from. If I am to scan again now they would just show up again, even though it said "deleted on reboot". I thought mbam would let me know if something persisent like that should require more action to remove.

What test do you suggest I run? I read some post regarding Cclean(er?), and wonder.....

I have also read your "Logs to assist in cleaning malware" as suggested, and I know I am not doing things in the right order. So I appologize if that causes any inconvience.

Thank you again.

[essexboy]

Could you run a fresh OTL scan please and ensure all users is selected plus the LOP tick box

[TrailerMusicLover]

..... more work for you.

Thanks for looking in.

edited: forgot the extras.

[essexboy]

OK lets now kill all the leftovers and do some repairs

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  

Code: [Select]

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchbrowsing.com
IE - HKU\S-1-5-21-658246845-2640705209-2326254111-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchbrowsing.com
IE - HKU\S-1-5-21-658246845-2640705209-2326254111-1000\..\URLSearchHook: {1930e38a-deef-4cf4-9bfb-9c4ea3689a9d} - No CLSID value found
IE - HKU\S-1-5-21-658246845-2640705209-2326254111-1000\..\URLSearchHook: {bb45ef8e-1e36-4535-a017-ec908fb1e335} - No CLSID value found
O3 - HKU\S-1-5-21-658246845-2640705209-2326254111-1000\..\Toolbar\WebBrowser: (no name) - {1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D} - No CLSID value found.
F3:64bit: - HKU\S-1-5-21-658246845-2640705209-2326254111-1000 WinNT: Load - (C:\Users\dongnghi\LOCALS~1\Temp\msrouqc.com) - File not found
F3 - HKU\S-1-5-21-658246845-2640705209-2326254111-1000 WinNT: Load - (C:\Users\dongnghi\LOCALS~1\Temp\msrouqc.com) - File not found
[2013/01/28 21:20:25 | 000,000,000 | -HSD | M] -- C:\Users\dongnghi\AppData\Roaming\78E026

:Files
C:\$Recycle.Bin\S-1-5-18\$259e5a6c04e995c46253cac337b1e97e

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix
 
Download ComboFix from one of the following locations:
Link 1
Link 2
 
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
 
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.
  
• Accept the disclaimer and allow to update if it asks

• When finished, it shall produce a log for you.
• Please include the C:\ComboFix.txt in your next reply.[/b]
  

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3.  If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

[TrailerMusicLover]

How my pc works after Combofix:

1. Combofix  finished Log. Some programs couldn’t open, with message “Illegal operation attempted on a registry key that has been mark for deletion”
2. After rebooted, everything worked just fine and fast.
3. Opened Chrome and browsed a few things, while running MBAM to see if the two mentioned viruses were gone….. PC crashed with blue screen “A problem has been detected and windows has been shut down…” (please see attached picture, and long report below for crashes history)
4. I rebooted it again. Since then, nothing scary happened in the past 6 hours. New MBAM result was clean.

Long Report on the crashes eight days ago:

        My PC never crashed before in its 3 years life. 8 days ago, I downloaded Freemind program, downloaded Windows 8 from my college website, updated Adobe Reader to XI (still not working). And I also started using Chrome around the same time. My PC crashed like six times within half an hour that night, even when I tried Safemode with Networking, each with a blue screen message (same as the one mentioned above.)

       So I ran Microsoft Security Essentials and MBAM under Safemode. It didn’t crash again since then. I went back to using Internet Explorer. I attempted to install Windows 8, which countered some conflict and ended up unsuccessful.

       Until two days ago, you helped me with the hijacked host file problem. After that, you know the story 

Thanks for reading, and I apologize for any inconvenience this long message might cause.

[essexboy]

For the BSOD could you locate the last two or three mindumps from C:\Windows\mindump folder
Zip them up and either e-mail them to me or upload to a file sharing site for me to collect.
That error code suggest a driver incompatibility

Combofix looks to have completed the repairs,  but are you still having problems with Chrome when run without MBAM going

[TrailerMusicLover]

Hi there,

Here is the link to the dump files, http://www.mediafire.com/?u1r78mc3kg6x898
Let me know if you cannot collect them.
And Chrome has been working fine. Though after I woke up, I started receiving Security Alert messages from Internet Explorer, saying "You are about to view pages over  a secure connection. Any information you exchange with this site cannot be view by anyone else on the web." I browsed a little bit about it, and it seems be nothing to worry about much.
Anyway, thanks for the hard work.

[Edit] 5 hours later:

I shut the pc down and left for a bit. When I turned it back on, after I finished typing in the log-in password, it crashed with that blue screen and similar content. And that was the first crash in 24 hours, after the last crash and Combofix.

[essexboy]

Hmm the answer to this is an unidentified driver.  We have two ways to approach this:

Either run a driver checking utility to update the system drivers (I have one )
Or run the system in a clean boot mode and check groups of drivers out

Which way would you like to go ?

[TrailerMusicLover]

Hmm, I guess the first option sounds better. Which one do you think, would guarantee to solve the problem? I'm pretty much clueless about this, so you can choose 
Anyway, could you briefly explain to me what caused the unidentified driver to be there to begin with?

......Ah, It blued me out again when I was reading, using only chrome.

[essexboy]

When windows updates it can sometimes cause a driver to become unstable, and the mindump happens early on in the process and uses a windows module to load hence there is no indication as to which driver is at fault

OK I think the first thing to do would be to cleanboot the system and hopefully that will stop them, then we will look for driver updates

Step 1: Start MSConfig

Click Start, type msconfig in the Start Search box, and then press ENTER.
If you are prompted for an administrator password or for a confirmation, type the password, or provide confirmation.

Step 2: Configure Selective Startup options

1.In the System Configuration Utility dialog box, click Selective Startup on the General tab.



2.Click to clear the Load Startup Items check box.
Note The Use Original Boot.ini check box is unavailable.

3.Click the Services tab.



4.Click to select the Hide All Microsoft Services check box.
5.Click Disable All, and then click OK.
6. When you are prompted, click Restart.

Once back in windows does the problem still occur ?

THEN

Download Slim Drivers from here http://www.driverupdate.net/downloads/SlimDrivers-setup.exe

Install the programme and then run it, as this is a free service you may get some ads for there other products during the scan.  They appear on the main interface and are not a real annoyance
Once the scan has completed it will then list the outdated drivers
At this stage do not download or install any but make a screenshot of the results so that I can see which are required.

 

[TrailerMusicLover]

*Hide face in shame* That was awefully ignorant of me to miss all these updates.
Though, I honestly cannot recall seeing any popups or update reminders regarding these items at all. Wonder....

[essexboy]

When you started in the clean boot configuration were the blue screens still evident ?

Run Slimdrivers again and download the updates that I have indicated below
As they are the most likely initially to cause a crash

[TrailerMusicLover]

Hmm, most of the time, it crashed with BSOD when I was on chrome. And I haven't been on it since the last crash. Shoud I test to see how it works after the clean boot config, before doing the updates?