Solved how to uninstall directx redist ads?

[la321]

I downloaded a video player and it said i needed directx so i downloaded it the name of it is directx redist but there are amd ads popping up about sales for amd processor how do i unistall this and install another directx version i used dxdiag and it says i have direct 11 is there a way i can remove the ads if directx can't be unistalled

 

[A Guy]

Oh boy. You should never get ads if it was from a legit site. What was the video player? How long ago did this happen? A System restore point from before you installed it would be easiest.

http://www.sevenforums.com/tutorials/700-system-restore.html

You likely downloaded something bundled with the directx installer, or it was not a legit download and you now have malware at best.

A Guy

 

[la321]

It happened yesterday i downloaded potplayer and took me to dvbsupport download center DVB Support Download Center » Others » DirectX Runtime 06/2010

 

[andrew129260]

A restore point is never a good idea when a computer has an infection.
It often will not fix the problem as malware loves to jump into the restore point.
The best thing to do when having an infection is to actually turn off system protection.
This prevents the threats from reloading themselves.

But I agree with A guy There is probably a threat here.

I have asked cottenball (one of our awesome volunteer malware removers) to take a look.

 

[la321]

I haven't seen the popup at all today or last night but if you're familiar with avast when avast updates there is a voice saying avast has been updated then a pop up of avast happens below taskbar this is how the pop up from directx happens with a pop up about amd processor i have an intel processor not amd

 

[andrew129260]

Ah ok. Yeah, direct x would never pop up with a pop up like that.
While we are waiting for cottenball (one of our awesome volunteer malware removers):


1.) For now since you have avast, Right click the avast icon in the system tray. Go to update-program. If it finds an update and asks you to restart say NO. Then click the security tab/icon in avast, and scroll down. Click schedule now on boot time scan. Restart.
Let it scan your computer. It may ask you to delete items. If there is a option to quarantine/repair or anything of the sort do so, if it cannot do it then delete.
I would prefer you to quarantine anything if possible as we can see the type of threat it detected.
It will also be in the logs as well.

2.) You should also download malwarebytes in my sig and run a Full scan with that as well. Do the avast scan first, then follow with malware bytes. When you install malwarebytes, make sure you untick the box for the Free trial/paid version.
Malwarebytes is free and is a great program for removing malware. The paid version just runs on demand and has an active scanner. The free version is more than enough.

Thanks. Let me know how it goes.

 

[A Guy]

DirectX does not have ads. It must be malware. No way it is legit. Suggest you run ADWCleaner until someone with expertise comes along. If you are uncertain what it wants to delete, post the log here.

Choose Download Now @BleepingComputer link

AdwCleaner Download

How To Use AdwCleaner [Manual] | malwareremovalguides

A Guy

 

[A Guy]

Ah ok. Yeah, direct x would never pop up with a pop up like that.
While we are waiting for cottenball:


For now since you have avast, Right click the avast icon in the system tray. Go to update-program. If it finds an update and asks you to restart say NO. Then click the security tab/icon in avast, and scroll down. Click schedule now on boot time scan. Restart.

Avast had a program update today, just FYI. It will want to reboot if you have not already installed it.

A Guy

 

[andrew129260]

Ah ok. Yeah, direct x would never pop up with a pop up like that.
While we are waiting for cottenball:


For now since you have avast, Right click the avast icon in the system tray. Go to update-program. If it finds an update and asks you to restart say NO. Then click the security tab/icon in avast, and scroll down. Click schedule now on boot time scan. Restart.

Avast had a program update today, just FYI. It will want to reboot if you have not already installed it.

A Guy

I know They said they already had avast. That's why I mentioned the update to say no and then continue on from there. (Unless they already have the update.)

 

[cottonball]

la321,

Also, please do the following...

:info: Download the Farbar Recovery Scan Tool
Select the version that applies to the system (64-bit)



Save to the Desktop.

• Double-click the downloaded file to run it.
• When the tool opens click Yes to disclaimer.
• Press the Scan button.
• FRST64 makes a log (FRST.txt) in the same directory from which the tool is run (Desktop).

:ar: Please provide the FRST.txt in your reply.
The first time the tool is run, it also makes another log: Addition.txt
:ar: Also post the Addition.txt in your reply. It will present a list of the programs that are installed on your computer, and any undesirables can be identified.

 

[la321]

I have attached the results

 

[A Guy]

cottonball, lucky leap?

About lucky leap (from luckyleap)
“The Software provides a suite of toolbar-style browser features that customize and enhance your interaction with various websites by rendering graphics, text, or other functional or interactive content in your browser. Such features include, without limitation, tools and applications for search, text referencing, video, social media, website ratings and reviews, coupons, and comparison shopping for various products and services, including travel and insurance. The Software may also be used remotely to support computing research programs. The Software is compatible with Internet Explorer, Firefox, Safari, Google Chrome and RockMelt browsers. All browsers must close to install the Software, and the Software will be automatically enabled upon restart. The Software may automatically and without additional notice, download upgrades, enable new features or functionality, and install fixes.

The Software is supported by various types of advertising, including, without limitation, search, banner, text link, transitional, interstitial and full page ads. Ads and features that appear on websites by using the Software are not associated with or endorsed by any underlying websites. Some Software features and ad placements may contain links to further information or disabling instructions (e.g. "About this Ad"). All Software features, content and advertising may be updated, modified, added, enabled, disabled or discontinued at any time automatically and without additional notice to you. If at any time you are dissatisfied with the Software or any features, content or ads displayed through the Software, please uninstall the Software as instructed below.”

A Guy

 

[la321]

do i run the malwarebytes scan or avast scan?

 

[A Guy]

Wait for cottonball, I defer to his expertise. A Guy

 

[cottonball]

Pressing on with FRST...

:info: Please open Notepad (Start > All Programs > Accessories > Notepad)
Copy the entire contents of the code box below
Save it on the Desktop, and name it: fixlist.txt

start
() C:\Users\User\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = 
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
2013-09-01 12:48 - 2011-12-07 13:32 - 00216064 _____ ( ) C:\Windows\SysWOW64\lagarith.dll
2013-09-01 12:37 - 2013-09-01 12:39 - 25771406 _____ () C:\Users\User\Documents\K-Lite Mega Codec Pack 9.3.0 Final[Windows].exe
2013-08-31 23:09 - 2013-08-31 23:09 - 00000000 ____D C:\Users\User\Downloads\PotPlayer1539036EXE
2013-09-01 15:46 - 2013-09-01 15:46 - 00001178 _____ C:\Users\User\Desktop\PotPlayer.lnk
C:\Users\User\AppData\Local\Temp\bZWCRwuuKC.DLL
C:\Users\User\AppData\Local\Temp\HheOBszLKCNEmYjtsORu.DLL
C:\Users\User\AppData\Local\Temp\oi_{94752A8E-5635-497B-AEFF-3A1D8D5AB47C}.exe
C:\Users\User\AppData\Local\Temp\oi_{F5221195-C8FB-4455-82BA-030DC8672704}.exe
C:\Users\User\AppData\Local\Temp\SkypeSetup.exe
C:\Users\User\AppData\Local\Temp\tfvELncYsirgaOkGzTwY.DLL
C:\Users\User\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\User\AppData\Local\Temp\~nsu.tmp\Au_.exe
C:\Users\User\AppData\Local\Temp\nsx5D5F.tmp\ButtonEvent.dll
C:\Users\User\AppData\Local\Temp\nsx5D5F.tmp\customNsWeb.dll
C:\Users\User\AppData\Local\Temp\nsx5D5F.tmp\FloatingProgress.dll
C:\Users\User\AppData\Local\Temp\nsx5D5F.tmp\lua51.dll
C:\Users\User\AppData\Local\Temp\nsx5D5F.tmp\LuaBridge.dll
C:\Users\User\AppData\Local\Temp\nsx5D5F.tmp\luacom.dll
C:\Users\User\AppData\Local\Temp\nsx5D5F.tmp\LuaXml_lib.dll
C:\Users\User\AppData\Local\Temp\nsx5D5F.tmp\NotifyIcon.dll
C:\Users\User\AppData\Local\Temp\nsx5D5F.tmp\nsis7z.dll
C:\Users\User\AppData\Local\Temp\nsx5D5F.tmp\nsisunz.dll
C:\Users\User\AppData\Local\Temp\nsx5D5F.tmp\System.dll
C:\Users\User\AppData\Local\Temp\nsx5D5F.tmp\LuaSocket\socket\core.dll
C:\Users\User\AppData\Local\Temp\nsx5D5F.tmp\LuaSocket\mime\core.dll
C:\Users\User\AppData\Local\Temp\nso77B1.tmp\Helper.dll
C:\Users\User\AppData\Local\Temp\nsgE2A3.tmp\Helper.dll
end

This script is written specifically for use only on this computer.
Running this on another computer may cause damage to the Operating System!!

Run FRST, and press the Fix button, just once, and wait.

The tool creates a report on the Desktop called: Fixlog.txt
:ar: Please post the Fixlog.txt in your reply.

Let's get the results from this program, and take it from there.


:info: The suggestions given by andrew129260, to run avast! as well as Malwarebytes, and by A Guy, to run AdwCleaner as well as uninstall luckyleap, are good ones. Press on with them after you post the Fixlog.txt

 

[la321]

I have posted it

 

[andrew129260]

@ la321

Did you see this?

:info: The suggestions given by andrew129260, to run avast! as well as Malwarebytes, and by A Guy, to run AdwCleaner as well as uninstall luckyleap, are good ones. Press on with them after you post the Fixlog.txt

You can go ahead and proceed with what we recommended according to him.

 

[cottonball]

la321,

:info: FRST showed a group of entries related to the AVG SafeGuard toolbar:
C:\Users\User\AppData\Local\Temp\avg_a05068\ProgFiles\AVG SafeGuard toolbar

However, there is nothing related to AVG in the installed programs section of Addition.txt
Was it installed at one time?


:ar: Please post the AdwCleaner report in your reply.


:info: When you are done running Malwarebytes Anti-Malware, a report opens in Notepad.
:ar: Please copy/paste the entire contents of the MBAM report in your reply.


:info: Last, but not least, for avast!, please navigate to the following by right-clicking the Windows 7 orb and selecting Open Windows Explorer:
C:\ProgramData\Avast Software\Avast\report\aswBoot.txt

It should open in Notepad.
Please post aswBoot.txt also.


:ar: Also, let us know if you are still experiencing the same problem with ads popping up, etc...

 

[la321]

Malwarebytes Anti-Malware 1.75.0.1300
Malwarebytes : Free anti-malware download

Database version: v2013.09.02.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
User :: USER-PC [administrator]

9/3/2013 11:08:50 AM
MBAM-log-2013-09-03 (11-15-38).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 215275
Time elapsed: 2 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 27
HKCR\AppID\{38495740-0035-4471-851E-F5BBB86AB085} (PUP.Optional.DefaultTab.A) -> No action taken.
HKCR\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007} (PUP.Optional.DefaultTab.A) -> No action taken.
HKCR\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} (PUP.Optional.BrowseFox.A) -> No action taken.
HKCR\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} (PUP.Optional.BrowseFox.A) -> No action taken.
HKCR\CLSID\{A1E28287-1A31-4b0f-8D05-AA8C465D3C5A} (PUP.Optional.DefaultTab.A) -> No action taken.
HKCR\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73} (PUP.Optional.DefaultTab.A) -> No action taken.
HKCR\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60} (PUP.Optional.DefaultTab.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A} (PUP.Optional.DefaultTab.A) -> No action taken.
HKCR\CLSID\{CF190686-9E72-403C-B99D-682ABDB63C5B} (PUP.Optional.TopArcadeHits.A) -> No action taken.
HKCR\CLSID\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} (PUP.Optional.TopArcadeHits.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} (PUP.Optional.TopArcadeHits.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} (PUP.Optional.TopArcadeHits.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} (PUP.Optional.TopArcadeHits.A) -> No action taken.
HKCR\TypeLib\{39A17362-9C1D-4907-9428-0D28A94DC79D} (PUP.Optional.TopArcadeHits.A) -> No action taken.
HKCR\Interface\{627A968A-03E6-41C7-B11B-4E442B376F95} (PUP.Optional.TopArcadeHits.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CF190686-9E72-403C-B99D-682ABDB63C5B} (PUP.Optional.TopArcadeHits.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2D33ED6-EBBD-467C-BF6F-F175D9B51363} (PUP.Optional.DefaultTab.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAD84EE2-624D-4e7c-A8BB-41EFD720FD77} (PUP.Optional.DefaultTab.A) -> No action taken.
HKCR\CLSID\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} (Adware.GameVance) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} (Adware.GameVance) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} (Adware.GameVance) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} (Adware.GameVance) -> No action taken.
HKCR\TypeLib\{39A17362-9C1D-4907-9428-0D28A94DC79D} (Adware.GameVance) -> No action taken.
HKCR\Interface\{627A968A-03E6-41C7-B11B-4E442B376F95} (Adware.GameVance) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C1C3E833-420E-4D78-9BA7-86AEBB272384} (Adware.GameVance) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C1C3E833-420E-4D78-9BA7-86AEBB272384} (PUP.Optional.TopArcadeHits.A) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 7
C:\Users\User\AppData\Local\TopArcadeHits (Adware.GameVance) -> No action taken.
C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TopArcadeHits (Adware.GameVance) -> No action taken.
C:\Users\User\AppData\Local\TopArcadeHits (PUP.Optional.TopArcadeHits.A) -> No action taken.
C:\Users\User\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3} (PUP.Optional.TopArcadeHits.A) -> No action taken.
C:\Users\User\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome (PUP.Optional.TopArcadeHits.A) -> No action taken.
C:\Users\User\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome\content (PUP.Optional.TopArcadeHits.A) -> No action taken.
C:\Users\User\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\skin (PUP.Optional.TopArcadeHits.A) -> No action taken.

Files Detected: 21
C:\Users\User\AppData\Local\TopArcadeHits\Toparcadehits.dll (PUP.Optional.TopArcadeHits.A) -> No action taken.
C:\Users\User\AppData\Local\Temp\Installer.exe (PUP.Optional.SmartBar.A) -> No action taken.
C:\Users\User\AppData\Local\Temp\HBCD\ProduKey.exe (PUP.PSWTool.ProductKey) -> No action taken.
C:\Users\User\Downloads\iLividSetup-r0-n-bf.exe (PUP.Optional.Bandoo) -> No action taken.
C:\Users\User\Local Settings\Temporary Internet Files\Content.IE5\RA65CRV4\Setup[1].exe (PUP.Optional.LuckyLeap.A) -> No action taken.
C:\Users\User\AppData\Local\TopArcadeHits\tah.config (Adware.GameVance) -> No action taken.
C:\Users\User\AppData\Local\TopArcadeHits\Toparcadehits.dll (Adware.GameVance) -> No action taken.
C:\Users\User\AppData\Local\TopArcadeHits\uninstaller.exe (Adware.GameVance) -> No action taken.
C:\Users\User\AppData\Local\TopArcadeHits\updater.exe (Adware.GameVance) -> No action taken.
C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TopArcadeHits\Play Toparcadehits Online.url (Adware.GameVance) -> No action taken.
C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TopArcadeHits\Uninstall Toparcadehits.lnk (Adware.GameVance) -> No action taken.
C:\Users\User\AppData\Local\TopArcadeHits\tah.config (PUP.Optional.TopArcadeHits.A) -> No action taken.
C:\Users\User\AppData\Local\TopArcadeHits\uninstaller.exe (PUP.Optional.TopArcadeHits.A) -> No action taken.
C:\Users\User\AppData\Local\TopArcadeHits\updater.exe (PUP.Optional.TopArcadeHits.A) -> No action taken.
C:\Windows\Tasks\TopArcadeHits.job (PUP.Optional.TopArcadeHits.A) -> No action taken.
C:\Users\User\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome.manifest (PUP.Optional.TopArcadeHits.A) -> No action taken.
C:\Users\User\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\icon.png (PUP.Optional.TopArcadeHits.A) -> No action taken.
C:\Users\User\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\install.rdf (PUP.Optional.TopArcadeHits.A) -> No action taken.
C:\Users\User\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome\content\browser.xul (PUP.Optional.TopArcadeHits.A) -> No action taken.
C:\Users\User\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome\content\toparcadehits.js (PUP.Optional.TopArcadeHits.A) -> No action taken.
C:\Users\User\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\skin\style.css (PUP.Optional.TopArcadeHits.A) -> No action taken.

(end)

 

[la321]

Adw had luckyleap i deleted it i can't get the log then after that my computer restarted for avast to scan i have the viruses in chest in avast but don't know how to post them aswbott didn't show up in windows explorer also when i downloaded the fake directx it put files on my desktop labeled Mar2008 i deleted some of the files they are in recycle bin after malwarebytes ran its test i don't see popups