Windows 7 "Talking" Adware

[tomato500]

So here I am with yet another PC problem.
My aunt gave me her Samsung laptop running windows 7 home edition. She said it had a virus that slowed her computer down. It also starts "talking" adverts. I turned it on, connected to my home Wi-Fi, and i heard it blabbing about Jack-in-the-Box specials. Tried running Avast full scan, but it's saying that there's some files it couldn't scan. Also, Avast is saying that it is blocking a malicious URL from various websites. Sorry if this is too little info, but I have never really had experience with virus removal.
Please help!

 

[VistaKing]

tomato500

Run the two programs below

AdwCleaner

Click here AdwCleaner

:ar: Click on Download Now button

:ar: Save to the Desktop

:ar: Right-click on AdwCleaner.exe and choose

:ar: Click on Delete and confirm the prompt.

:ar: Your computer will be rebooted automatically. A text file will open after the restart.

Upload the log : The log file is at C:\AdwCleaner[Sn].txt


Download Junkware Removal Toolkit

Click here Junkware Removal Tool to download

Drag the JRT.exe from the Downloads folder to your Desktop

Right click JRT.exe and choose

Once done upload the JRT.txt file

 

[tomato500]

tomato500

Run the two programs below

AdwCleaner

Click here AdwCleaner

:ar: Click on Download Now button

:ar: Save to the Desktop

:ar: Right-click on AdwCleaner.exe and choose

:ar: Click on Delete and confirm the prompt.

:ar: Your computer will be rebooted automatically. A text file will open after the restart.

Upload the log : The log file is at C:\AdwCleaner[Sn].txt


Download Junkware Removal Toolkit

Click here Junkware Removal Tool to download

Drag the JRT.exe from the Downloads folder to your Desktop

Right click JRT.exe and choose

Once done upload the JRT.txt file

Ok here's the log files. It deleted a few files/registry keys associated with "StartNow toolbar".

 

[VistaKing]

Can you boot into normal mode ? See if you hear the talking advertisements ?

 

[tomato500]

Can you boot into normal mode ? See if you hear the talking advertisements ?

It's booting right now... it takes a while. I am using my other laptop to type this. It is configuring updates (taking a while). Yeah, it's talking about recipes? Oh, it just got a BSOD. It disappeared quickly, but it said something about "a clock interrupt was not received on a secondary processor within the allocated time interval". BlueScreenView shows that the same crash happened 2 days ago, when she said the PC got the virus. This is getting weird...

 

[VistaKing]

Do you have a USB Flash Drive ?

 

[tomato500]

Do you have a USB Flash Drive ?

Yup.

 

[VistaKing]

   Warning

You will need a USB FLASH DRIVE

   Tip

Download the Tool from a non infected PC

Farbar Recovery Scan Tool

Choose one that goes with your OS bit version . Save the file to a USB Flash drive

32-bit Version OS :ar: Farbar Recovery Scan Tool

64-Bit Version OS :ar: Farbar Recovery Scan Tool x64

   Note

Click the rb: button and right-click Computer .Select Properties . Look for System Type: which will say 32-bit Operating System or 64-bit Operating System

Plug the flash drive into the infected PC.

Enter System Recovery Options.

:ar: To enter System Recovery Options from the Advanced Boot Options:
Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select Repair Your Computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

:ar: To enter System Recovery Options by using Windows installation disc:
Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

:ar: On the System Recovery Options menu you will get the following options:

• Startup Repair

• System Restore

• Windows Complete PC Restore

• Windows Memory Diagnostic Tool

• Command Prompt

Select Command Prompt

In the command window type X:\FRST.exe (for x64 bit version type X:\FRST64.exe) and press Enter

   Note

Replace letter X with the drive letter of your flash drive.

   Tip

Type the commands below to see what your letter is for the USB drive and press ENTER after each command

Diskpart
List volume

The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
FRST will let you know when the scan is complete and has written the FRST.txt to file
Please copy and paste both logs in your reply.(FRST.txt and Addition.txt)

   Note

FRST.txt and Addition.txt files will be inside the root of the USB Flash Drive

 

[tomato500]

Ok, I ran the scan. For some reason there was no "Addition.txt"?

 

[VistaKing]

Open Notepad . Inside Notepad paste the highlighted text inside notepad


start
HKU\UpdatusUser\...\RunOnce: [mctadmin] -
HKU\Melody\...\Run: [swg] - "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
C:\Windows\System32\mctadmin.exe
C:\Users\Melody\jqs.exe
end


Click on File ====> Save As

File Name : Fixlist.txt

Save as type : All Files

Location : USB flash drive

Click on the [Save] button .

Open the FRST tool again inside System Recovey and click on the [Fix] button . Once complete it will create a new log called Fixlog.txt . Upload the new log created in your reply . It should be inside the usb drive .

 

[VistaKing]

You're running 3 Antivirus Softwares


Remove Avast

Download Link ===> aswclear.exe
Save onto your desktop
Start Windows in Safe Mode
Open the uninstall utility right click on aswcleaner.exe and choose

If you installed avast! in a different folder than the default, browse for it. (Note: Be careful! The content of any folder you choose will be deleted!)
Click REMOVE
Restart your computer

Remove McAfee

Click here ====> How to uninstall or reinstall supported McAfee products using the Consumer Products Removal tool (MCPR)

 

[tomato500]

I removed Avast and McAfee and ran the fix. Here's the results:

 

[VistaKing]

Are you still getting the Talking advertisements ?

 

[tomato500]

Are you still getting the Talking advertisements ?

Nope, not anymore. Thanks for your help!

 

[VistaKing]

Lets see what this shows

RogueKiller for 32bit <==== Download Link

RogueKiller for 64bit <==== Download Link

:ar: Click on one of the links above that goes with your Windows 7 bit versions

:ar: Save to the Desktop.

:ar: Close all windows and browsers

:ar: Right click on

and choose

:ar: Press: SCAN

:ar: provide the RKreport.txt (Mode: Scan) in your reply.

You could go ahead and delete the FRST folder inside C:\ Drive

 

[tomato500]

I ran RogueKiller. Here's the results, actually found a few:

 

[VistaKing]

Run the tool again and click on the [Delete] button .