adperformance network malware

Hi, My PC is infected with some type of adware or malware that brings in ad popups from adperformance network.com. I received two popups while I was typing this message. I tried avast, malwarebytes, hijackthis, CWshredder, ad-adware antivirus, adware removal by TSA, spybot, combofix, adwcleaner...None have removed it. Can you someone please help me. I have enclosed an example of one of the popups.

Also, as a side question, can anyone give their thoughts on ad-adware antivirus, it seems to come with shields. Does anyone recommend this freeware over the paid avast? I am looking for a comparable freeware to avast.

thank you.

 

I am using firefox. I will try using the procedures in the link you posted. But I am not too optimistic.

 

hi, I went through all the steps as best I could. it's not as straight forward for a novice like me and all the software such as defogger etc just slowed down my PC when I had to install and run them. Also, i wasn't sure how knowing if I was running windows 32 or windows 64 would help. I used defogger, ran ccleaner, had only one anti virus ( avast) and one firewall avast then I ran spy bot again. All the other spyware recommended did nothing previously including malware bytes and roguekiller requires purchasing which I cannot do now. When I ran spyhunter it was the only one that seemed to detect stuff the others didn't but needed me to purchase it to clean anything. Here the logs I received from spybot. Do you need other logs. Not sure what to attach. but I am still getting pop ups as a I type.

 

spyhunter says my registration has run out and I need to purchase it to clean my files.
Rogue killer was difficult to find a download link even coming from your page, it seemed to go to a page that was confusing and I could not determine what I needed to click on to download it. when I went to roguekillers main page thorugh google and clicked download, it asked for payment options. There was no trial or freeware option.

 

roguekiller will not download. I keep trying but it says download fails. I will keep trying.

 

Hi, I have spent most of the day into the evening and now the early morning, where I am, scanning. I am attaching the files. Just some background. My avast expired a few months ago and so I have no real time shields only my out of date virus definitions. I used also use spy hunter but that registration also expired. Due to some recent budgetary issues I am not currently paying for software. I think whatever malware I have was derived from Peer to Peer sharing. I have the logs for: rogue killer, TDSSKiller, spy bot (already shared), malware bytes, Hitmanpro, and Spyhunter, cause for some reason, I though the latter was on the list, and it took the longest to scan so I might as well attach it. I might have to do this in two parts. I have two logs for malwarebytes as I thought an earlier scan log could prove useful to you. I just finally got MSGtools to actually run, it seems to get stuck in the command prompt stage. I hope to send it in the next response with the remaining logs . But I hope what I attach now will provide some insight. Many thanks.

 

hi, here is part two. I had to zip Mslogs due to the multiple logs it gave me and also due to size I had to zip spyhunter, though I know it's not really needed. thanks again. View attachment MGlogs.zip

View attachment spyhunter log.zip

 

if I export text, it comes out completely blank with rogue killer. it's the same if I export HTML.

 

hi...I tried all of that yesterday and it's still blank today. ONLY Json format has any text. here is the blank text file.

 

I did all of that yesterday and it's still blank. and it's still blank today. here is the blank file.

 

here are the screen grabs. Blank as blank can be.

 

Hi, here are the screen captures. I deleted about 300 or so instances of zeroaccess from the filessystem tab on Roguekiller last night as they were all in red. But it didn't help with the pop ups.

 

Norton will not uninstall. It came preloaded and I have never been able to remove it without getting an error message. Mcafee comes with one of my software updates. Mcafee keeps coming back with a software update, i believe Google Chrome Or I tunes.
I don't use hot spot shield. that was ages ago and I removed it. if there are files left those are residual. the rest of the steps will take a while. I will let you know how it goes. thanks again.

 

Here is the error message with Norton PC check up. I can find no trace of hotspot shield to remove it. Can you please help with these? thanks.

 

I don't understand what this means: Before we continue I would like for you to use MSConfig to put this machine back into normal start up mode. Any other mode is primarily used for troubleshooting and diagnostic purposes. You should look into some third party software to control start up's.
Does this mean avoid safe mode?

Okay, I just figured it out but couldn't delete this message only edit so scratch the above message. :-D

 

I did the first part with Msconfig and before it restarted there was an error message because of the changing to "normal' start up. on start up I got a blue screen error I tried to photograph but it went away before I could. then I got this error. Attached. I had to switch off the PC manually and restart it in order to get back into windows. when I ran msconfig again, I checked the start up tab and noticed every program was now checked, including Okay freedom, which was deleted ages ago, mcafee, which was deleted last night... and a whole bunch of other programs such as e-mule are now configured to start up with my PC. is this normal? Cause the blue screen and the error message I attached which froze my PC on startup REALLY scared me.

 

I downloaded startup CPL and when I clicked on it , it seemed to install, but nothing happened. it's not in my list of programs and there's no read me file, so I am not sure what it has done exactly.

 

hi...I went through the entire process. Here are the files. I only attached the roguekiller tabs that found something. But I am still getting popups from adnetworkperformance as I type this message. It seems to happens most when I click your add attachment window. The popups load from that tab.
And I couldn't find these files to delete:
O4 - Startup: aKNefyi.lnk = C:\Documents and Settings\mypc\Application Data\wNeO4WFYURvm\QRjJOa6J.exe
O4 - Startup: Kkth8tnb.lnk = C:\Documents and Settings\mypc\Application Data\X5JJWuPD4NeO\lE4jCnl.exe
and I deleted the hotspot files that were popping up in roguekiller since that software shouldn't be installed.

 

hi..I selected normal startup and as I mentioned before the system got a blue screen and then froze on start up. You really want me to through the process again?

 

the popup blocker on firefox is checked. I reset the browser and as soon as it reopened an adnetwork performance pop appeared. I will try running rogue killer again now.

 

Hi...I re-ran rogue killer and those gray files were no longer there. perhaps do to the reset. I will keep watching if I get popups and let you know. the first one I mentioned below might have been previous windows sessions opening due to firefox relaunching after the reset and might have not have been new ones. It will take a few hours of surfing up to a full day before I am confident all is clear. Thanks for your help. And you can you recommend a good malware/antivirus program that has realtime protection that is freeware? thanks.