Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Notepad pop-up keeps appearing


  • Please log in to reply
13 replies to this topic

#1 crtkns

crtkns

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 19 May 2013 - 01:55 PM

Hi there,

 

As of last night, multiple notepad pop-ups keep appearing on my screen. I have pasted the contents below. I originally thought this was to do with an easylifeapp virus, but I ran a few scans and that seems to be gone, while the notepads keep appearing. They appear to be about the AVG security toolbar, which as far as I can tell I don't have (or want!). I do have AVG2013 installed and protecting my computer, and have for a long time, but these pop-ups are brand new and super annoying. 

 

Any advice would be much appreciated! Thank you :)

 

 

roc_april[10] - Notepad
 
<!doctype html public "-//w3c//dtd xhtml 1.0 transitional//en" "http://www.w3.org/tr/xhtml1/dtd/xhtml1-transitional.dtd">
<!-- sn: TB2-CHOD-WFE18 -->
<!--[if lt IE 7]>      <html class="ie6"> <![endif]-->
<!--[if IE 7]>         <html class="ie7"> <![endif]-->
<!--[if IE 8]>         <html class="ie8"> <![endif]-->
<!--[if gt IE 8]><!-->
<html>
<!--<![endif]-->
<head>
    <title>AVG Security Toolbar</title>
    <link media="all" rel="stylesheet" href="/css/rc_april/roc_april.css?v=15.1.1.5" type="text/css" />
    <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.8.2/jquery.min.js"></script>
    <script language="javascript" type="text/javascript" src="/js/rc/json2.min.js?v=15.1.1.5"></script>
    <script language="javascript" type="text/javascript">
        var jsonObj = {"CmpID":"A_ROC_APR2013_AV","ProductID":"SafeGuard","StatsParam":"rVDLasQwDPya5LbBjhPbOeTQZrvtQmHL9nUM2rWcBvIwcjb086tATz0XhDTSDMMgF-u7j8d0gKmrbzEde1d7W5VX7WUhlCuM0xa0N6KwBq3SlfM7X5Wq0MZYiSiN9UIoKZXTOZbeSigkqIsppUkD1Z7S5kaE0_ICHb6fn-uvZQmJgiT3XMs8DxegDNYuu84jXzZZ5Hk-NdxpvrYQqB_aXEiVQQzfifINjAH6bjruE-U2Isk1J-fl37KzY6DNkBi5yIjfxHB7FC-3uAmAYMQFqYW1DTT7fkDmDoT4l12RYj9Pv3GzvBJFJljkez7J9BWJFcd9_Xaf75qn0373eXiQ9gc1","Disable":false};
    </script>
    <script language="javascript" type="text/javascript" src="/js/rc/MouseEvents.js?v=15.1.1.5"></script>
    <script language="javascript" type="text/javascript" src="/js/rc/tbapi.js?v=15.1.1.5"></script>
    <script language="javascript" type="text/javascript" src="/js/rc/roc.april.stats.js?v=15.1.1.5"></script>
    <script language="javascript" type="text/javascript" src="/js/rc/roc.april.tbapiWrapper.js?v=15.1.1.5"></script>
    <script language="javascript" type="text/javascript" src="/js/rc/roc_april.js?v=15.1.1.5"></script>
    <!--[if IE 6]>
            <script type="text/javascript" src="/js/DD_belatedPNG_0.0.8a-min.js?v=15.1.1.5"></script>
            <script type="text/javascript">
                DD_belatedPNG.fix('.png'); 
            </script>
    <![endif]-->
</head>
<body scroll="no" onload="roc.init();">
    <iframe id="statsFrm" style="display: none;"></iframe>
    <div id="roc_april">
        <div id="protection" class="borderpadding">
            <div class="logo png"></div>
            <h1>Improve Your Web Protection</h1>
            <p>Protect my browsers by installing the AVG SafeGuard toolbar and set AVG Secure Search as my homepage, new tab page and default search engine</p>
            <div class="protection-labels">
                <label class="label_check" for="tb_install_chk">
                    <input type="checkbox" checked="checked" id="tb_install_chk" />Protect my browsers by installing the AVG SafeGuard toolbar</label>
                <label class="label_check" for="hp_install_chk">
                    <input type="checkbox" checked="checked" id="hp_install_chk" />Set AVG Secure Search as my homepage and new tab page </label>
                <label class="label_check last" for="dsp_install_chk">
                    <input type="checkbox" checked="checked" id="dsp_install_chk" />Set AVG Secure Search as my default search engine</label>
            </div>
            <div class="nav" id="nav_camp_A">
                <a href="javascript: void(0)" class="btnReject button noborder leftFloat">Decline</a>
                <a href="javascript: void(0)" class="btnProtectionOK button button2 active rightFloat">OK</a>
            </div>
            <div class="nav" id="nav_camp_B">
                <a href="javascript: void(0)" class="btnOptions button noborder">Options</a>
                <a href="javascript: void(0)" class="btnReject button noborder">Decline</a>
                <a href="javascript: void(0)" class="btnProtectionOK button button2 active">OK</a>
            </div>
        </div>
        <div id="recommend" class="borderpadding">
            <div class="logo png"></div>
            <div id="recommendBox" class="borderpadding">
                <p>AVG highly recommends to protect your browsers by installing AVG SafeGuard toolbar and set AVG Secure Search as your homepage, new tab page and default search engine.</p>
                <div class="nav">
                    <a href="javascript: void(0)" id="btnTurnOff" class="button button3">No thanks</a> 
                    <a href="javascript: void(0)" id="btnTurnOn" class="button button3 active">Install</a>
                </div>
            </div>
        </div>
        <div id="progress" class="borderpadding">
            <div class="logo png">
            </div>
            <p>Please wait while AVG applies your security settings. It is <br />recommended not to open any browser until the process is complete.</p>
        </div>
        <div id="relaunch" class="borderpadding">
            <div class="logo png">
            </div>
            <p>Please click "Relaunch Browsers" to apply your security settings.</p>
            <div class="nav">
                <a href="javascript: void(0)" id="btnRelaunch" class="button active">
                    Relaunch Browsers</a></div>
        </div>
        <div id="done" class="borderpadding">
            <div class="logo png">
            </div>
            <p>The process was completed successfully.</p>
            <div class="nav">
                <a id="btnClose" href="javascript: void(0)" class="button">OK</a>
            </div>
        </div>
    </div>
    <script type="text/javascript">
        var RocExt = new Object();
        RocExt.InstallStatus = -1;
        RocExt.ClientID = '';
        RocExt.MachineID = 'f895c6f1403d47d68a6f70487e8369df-f953467781ee178f003113d62e5f81a41a3b7517';
        RocExt.DistributionSource = 'AVG';
        RocExt.Profile = 'fr';
        RocExt.ServerID = 'TB2-CHOD-WFE18';
        RocExt.ToolbarVersion = 'unknown';
        RocExt.IP = '207.38.140.205';
        RocExt.OperatingSystem = 'Windows 7';
        RocExt.CountryCode = 'US';
        RocExt.ToolbarLanguage = 'us';
        RocExt.InstallDate = '2000-01-01 00:00:00';
        RocExt.UserTime = getUserTime();
        RocExt.AdditionalInfoXML = '';
        RocExt.ProductID = 'SafeGuard';
        RocExt.SearchGroup = '';
        RocExt.CmpID = 'A_ROC_APR2013_AV';        
        RocExt.AVProfile = 'Free';
        RocExt.AVVersion = '2013.2904.0';
        RocExt.Before_FF_ToolbarEnabled = false;
        RocExt.Before_FF_KeywordUrl = false;
        RocExt.Before_FF_NewTab = false;
        RocExt.Before_FF_DSP = false;
        RocExt.Before_FF_HP = false;
        RocExt.Before_IE_ToolbarEnabled = false;
        RocExt.Before_IE_NewTab = false;
        RocExt.Before_IE_DSP = false;
        RocExt.Before_IE_HP = false;
        RocExt.Before_CH_ToolbarEnabled = false;
        RocExt.Before_CH_NewTab = false;
        RocExt.Before_CH_DSP = false;
        RocExt.Before_CH_HP = false;
        RocExt.After_FF_ToolbarEnabled = false;
        RocExt.After_FF_KeywordUrl = false;
        RocExt.After_FF_NewTab = false;
        RocExt.After_FF_DSP = false;
        RocExt.After_FF_HP = false;
        RocExt.After_IE_ToolbarEnabled = false;
        RocExt.After_IE_NewTab = false;
        RocExt.After_IE_DSP = false;
        RocExt.After_IE_HP = false;
        RocExt.After_CH_ToolbarEnabled = false;
        RocExt.After_CH_NewTab = false;
        RocExt.After_CH_DSP = false;
        RocExt.After_CH_HP = false;
        RocExt.DefaultBrowser = false;
        RocExt.IE_Version = false;
        RocExt.FF_Version = false;
        RocExt.CH_Version = false;
 
 
        function getUserTime() {
            var date = new Date();
 
            var items = new Array();
            var i = 0;
            var yyyy = date.getFullYear();
            var M = date.getMonth() + 1;
            var d = date.getDate();
            var HH = date.getHours();
            var m = date.getMinutes();
            var s = date.getSeconds();
            var ffff = date.getMilliseconds();
 
            var output = yyyy + '-' + M + '-' + d + ' ' + HH + ":" + m + ":" + s + "." + ffff;
            return output;
        } 
        
    </script>
</body>
</html>

Edited by hamluis, 21 May 2013 - 12:54 PM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 VSBUCKELEW1

VSBUCKELEW1

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 19 May 2013 - 05:31 PM

I AM HAVING THIS SAME PROBLEM WITH VISTA FOR ABOUT A WEEK NOW, I NEED HELP AS WELL.



#3 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:17 PM

Posted 19 May 2013 - 07:43 PM

A line seems to show a "bad problem" - Check that there is nothing in the Quarantine to remove.

 

Please download AdwCleaner by Xplode onto your desktop.

 

*Close all open programs and internet browsers.
*Double click on adwcleaner.exe to run the tool.
*Click on Delete.
*Confirm each time with Ok.

*Your computer will be rebooted automatically. A text file will open after the restart.

*Please post the contents of that logfile with your next reply.
*You can find the logfile at C:\AdwCleaner[S1].txt as well.



#4 crtkns

crtkns
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 19 May 2013 - 10:56 PM

Hi - thank you for responding! Below are the contents of the logfile. Another thing - I don't know if this is related, but also only from last night I have been getting a pop-up box that says "the ordinal 459 could not be located in the dynamic link library urlmon.dll". Any thoughts?

 

 

 

 
<!doctype html public "-//w3c//dtd xhtml 1.0 transitional//en" "http://www.w3.org/tr/xhtml1/dtd/xhtml1-transitional.dtd">
<!-- sn: TB2-CHOD-WFE11 -->
<!--[if lt IE 7]>      <html class="ie6"> <![endif]-->
<!--[if IE 7]>         <html class="ie7"> <![endif]-->
<!--[if IE 8]>         <html class="ie8"> <![endif]-->
<!--[if gt IE 8]><!-->
<html>
<!--<![endif]-->
<head>
    <title>AVG Security Toolbar</title>
    <link media="all" rel="stylesheet" href="/css/rc_april/roc_april.css?v=15.1.1.5" type="text/css" />
    <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.8.2/jquery.min.js"></script>
    <script language="javascript" type="text/javascript" src="/js/rc/json2.min.js?v=15.1.1.5"></script>
    <script language="javascript" type="text/javascript">
        var jsonObj = {"CmpID":"A_ROC_APR2013_AV","ProductID":"SafeGuard","StatsParam":"rVDLasQwDPya5LbBjhPbOeTQZrvtQmHL9nUM2rWcBvIwcjb086tATz0XhDTSDMMgF-u7j8d0gKmrbzEde1d7W5VX7WUhlCuM0xa0N6KwBq3SlfM7X5Wq0MZYiSiN9UIoKZXTOZbeSigkqIsppUkD1Z7S5kaE0_ICHb6fn-uvZQmJgiT3XMs8DxegDNYuu84jXzZZ5Hk-NdxpvrYQqB_aXEiVQQzfifINjAH6bjruE-U2Isk1J-fl37KzY6DNkBi5yIjfxHB7FC-3uAmAYMQFqYW1DTT7fkDmDoT4l12RYj9Pv3GzvBJFJljkez7J9BWJFcd9_Xaf75qn0373eXiQ8gc1","Disable":false};
    </script>
    <script language="javascript" type="text/javascript" src="/js/rc/MouseEvents.js?v=15.1.1.5"></script>
    <script language="javascript" type="text/javascript" src="/js/rc/tbapi.js?v=15.1.1.5"></script>
    <script language="javascript" type="text/javascript" src="/js/rc/roc.april.stats.js?v=15.1.1.5"></script>
    <script language="javascript" type="text/javascript" src="/js/rc/roc.april.tbapiWrapper.js?v=15.1.1.5"></script>
    <script language="javascript" type="text/javascript" src="/js/rc/roc_april.js?v=15.1.1.5"></script>
    <!--[if IE 6]>
            <script type="text/javascript" src="/js/DD_belatedPNG_0.0.8a-min.js?v=15.1.1.5"></script>
            <script type="text/javascript">
                DD_belatedPNG.fix('.png'); 
            </script>
    <![endif]-->
</head>
<body scroll="no" onload="roc.init();">
    <iframe id="statsFrm" style="display: none;"></iframe>
    <div id="roc_april">
        <div id="protection" class="borderpadding">
            <div class="logo png"></div>
            <h1>Improve Your Web Protection</h1>
            <p>Protect my browsers by installing the AVG SafeGuard toolbar and set AVG Secure Search as my homepage, new tab page and default search engine</p>
            <div class="protection-labels">
                <label class="label_check" for="tb_install_chk">
                    <input type="checkbox" checked="checked" id="tb_install_chk" />Protect my browsers by installing the AVG SafeGuard toolbar</label>
                <label class="label_check" for="hp_install_chk">
                    <input type="checkbox" checked="checked" id="hp_install_chk" />Set AVG Secure Search as my homepage and new tab page </label>
                <label class="label_check last" for="dsp_install_chk">
                    <input type="checkbox" checked="checked" id="dsp_install_chk" />Set AVG Secure Search as my default search engine</label>
            </div>
            <div class="nav" id="nav_camp_A">
                <a href="javascript: void(0)" class="btnReject button noborder leftFloat">Decline</a>
                <a href="javascript: void(0)" class="btnProtectionOK button button2 active rightFloat">OK</a>
            </div>
            <div class="nav" id="nav_camp_B">
                <a href="javascript: void(0)" class="btnOptions button noborder">Options</a>
                <a href="javascript: void(0)" class="btnReject button noborder">Decline</a>
                <a href="javascript: void(0)" class="btnProtectionOK button button2 active">OK</a>
            </div>
        </div>
        <div id="recommend" class="borderpadding">
            <div class="logo png"></div>
            <div id="recommendBox" class="borderpadding">
                <p>AVG highly recommends to protect your browsers by installing AVG SafeGuard toolbar and set AVG Secure Search as your homepage, new tab page and default search engine.</p>
                <div class="nav">
                    <a href="javascript: void(0)" id="btnTurnOff" class="button button3">No thanks</a> 
                    <a href="javascript: void(0)" id="btnTurnOn" class="button button3 active">Install</a>
                </div>
            </div>
        </div>
        <div id="progress" class="borderpadding">
            <div class="logo png">
            </div>
            <p>Please wait while AVG applies your security settings. It is <br />recommended not to open any browser until the process is complete.</p>
        </div>
        <div id="relaunch" class="borderpadding">
            <div class="logo png">
            </div>
            <p>Please click "Relaunch Browsers" to apply your security settings.</p>
            <div class="nav">
                <a href="javascript: void(0)" id="btnRelaunch" class="button active">
                    Relaunch Browsers</a></div>
        </div>
        <div id="done" class="borderpadding">
            <div class="logo png">
            </div>
            <p>The process was completed successfully.</p>
            <div class="nav">
                <a id="btnClose" href="javascript: void(0)" class="button">OK</a>
            </div>
        </div>
    </div>
    <script type="text/javascript">
        var RocExt = new Object();
        RocExt.InstallStatus = -1;
        RocExt.ClientID = '';
        RocExt.MachineID = 'f895c6f1403d47d68a6f70487e8369df-f953467781ee178f003113d62e5f81a41a3b7517';
        RocExt.DistributionSource = 'AVG';
        RocExt.Profile = 'fr';
        RocExt.ServerID = 'TB2-CHOD-WFE11';
        RocExt.ToolbarVersion = 'unknown';
        RocExt.IP = '207.38.140.205';
        RocExt.OperatingSystem = 'Windows 7';
        RocExt.CountryCode = 'US';
        RocExt.ToolbarLanguage = 'us';
        RocExt.InstallDate = '2000-01-01 00:00:00';
        RocExt.UserTime = getUserTime();
        RocExt.AdditionalInfoXML = '';
        RocExt.ProductID = 'SafeGuard';
        RocExt.SearchGroup = '';
        RocExt.CmpID = 'A_ROC_APR2013_AV';        
        RocExt.AVProfile = 'Free';
        RocExt.AVVersion = '2013.2904.0';
        RocExt.Before_FF_ToolbarEnabled = false;
        RocExt.Before_FF_KeywordUrl = false;
        RocExt.Before_FF_NewTab = false;
        RocExt.Before_FF_DSP = false;
        RocExt.Before_FF_HP = false;
        RocExt.Before_IE_ToolbarEnabled = false;
        RocExt.Before_IE_NewTab = false;
        RocExt.Before_IE_DSP = false;
        RocExt.Before_IE_HP = false;
        RocExt.Before_CH_ToolbarEnabled = false;
        RocExt.Before_CH_NewTab = false;
        RocExt.Before_CH_DSP = false;
        RocExt.Before_CH_HP = false;
        RocExt.After_FF_ToolbarEnabled = false;
        RocExt.After_FF_KeywordUrl = false;
        RocExt.After_FF_NewTab = false;
        RocExt.After_FF_DSP = false;
        RocExt.After_FF_HP = false;
        RocExt.After_IE_ToolbarEnabled = false;
        RocExt.After_IE_NewTab = false;
        RocExt.After_IE_DSP = false;
        RocExt.After_IE_HP = false;
        RocExt.After_CH_ToolbarEnabled = false;
        RocExt.After_CH_NewTab = false;
        RocExt.After_CH_DSP = false;
        RocExt.After_CH_HP = false;
        RocExt.DefaultBrowser = false;
        RocExt.IE_Version = false;
        RocExt.FF_Version = false;
        RocExt.CH_Version = false;
 
 
        function getUserTime() {
            var date = new Date();
 
            var items = new Array();
            var i = 0;
            var yyyy = date.getFullYear();
            var M = date.getMonth() + 1;
            var d = date.getDate();
            var HH = date.getHours();
            var m = date.getMinutes();
            var s = date.getSeconds();
            var ffff = date.getMilliseconds();
 
            var output = yyyy + '-' + M + '-' + d + ' ' + HH + ":" + m + ":" + s + "." + ffff;
            return output;
        } 
        
    </script>
</body>
</html>


#5 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:17 PM

Posted 20 May 2013 - 03:37 AM

Hi -

I have never seen a report that looked like that ??

First - Fully uninstall AVG and reinstall it later.

 

Please read the M/soft article linked below and see if this is any help -->
http://support.microsoft.com/kb/281679

 

A quick Google of that exact error message "The ordinal 459 could not be located in the dynamic link library urlmon.dll" has results of this problem going back to at least 2011. There are a number of solutions as well for different situations posted.

This Topic has a bit more information for you since the urlmon.dll seems to be at fault -



#6 crtkns

crtkns
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 20 May 2013 - 09:12 AM

Argh sorry, I must have pasted in one of the annoying popups rather than the report!! Here it is:

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x86
Ran by Courtney on Sun 19/05/2013 at 13:45:42.78
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Failed to delete: [Folder] "C:\ProgramData\bettersoft"
Failed to delete: [Folder] "C:\ProgramData\application data\bettersoft"
Successfully deleted: [Empty Folder] C:\Users\Courtney\appdata\local\{06518852-F6D9-4227-AA68-1A33EA8952BA}
Successfully deleted: [Empty Folder] C:\Users\Courtney\appdata\local\{215BEFCA-4864-4CBC-8BEF-C103B8513141}
Successfully deleted: [Empty Folder] C:\Users\Courtney\appdata\local\{28ADAE34-2CAE-4DF6-98DE-E64C36A67EBD}
Successfully deleted: [Empty Folder] C:\Users\Courtney\appdata\local\{2BB4E776-9FC1-466A-958D-0DAD2CE0DA47}
Successfully deleted: [Empty Folder] C:\Users\Courtney\appdata\local\{7C989883-E298-4114-8EA2-0895F9F6FC6B}
Successfully deleted: [Empty Folder] C:\Users\Courtney\appdata\local\{ABCF5C3B-F2AC-4A0F-9A1C-B86AD669DF46}
Successfully deleted: [Empty Folder] C:\Users\Courtney\appdata\local\{B4C1B0FA-784A-46C2-8094-B43CC34A188C}
Successfully deleted: [Empty Folder] C:\Users\Courtney\appdata\local\{C0CCB10B-32EE-43C7-9464-CB54EC7848A3}
Successfully deleted: [Empty Folder] C:\Users\Courtney\appdata\local\{C2577D7D-1A7B-4B0C-B63C-69D6D9C0273E}
Successfully deleted: [Empty Folder] C:\Users\Courtney\appdata\local\{C5B8920C-0B4D-417C-A517-CDB307EFA19D}
Successfully deleted: [Empty Folder] C:\Users\Courtney\appdata\local\{DC02AFB7-3C8D-4EA0-8A82-8EAAB26F6FE1}
Successfully deleted: [Empty Folder] C:\Users\Courtney\appdata\local\{DC12991C-4545-402D-BFD6-5593E09540D0}
Successfully deleted: [Empty Folder] C:\Users\Courtney\appdata\local\{DFA699BF-489F-438C-83F2-A1DACD53821F}
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 19/05/2013 at 13:50:17.42
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#7 crtkns

crtkns
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 20 May 2013 - 09:25 AM

Annnnd looks like that was something else again... not doing too well here. Here you go. I've also just uninstalled and reinstalled AVG, making sure to not let it install the secure search add-on!

 

 

# AdwCleaner v2.301 - Logfile created 05/19/2013 at 12:19:08
# Updated 16/05/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Courtney - COURTNEYEEEPC
# Boot Mode : Normal
# Running from : C:\Users\Courtney\Desktop\Downloads\adwcleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
Deleted on reboot : C:\ProgramData\BetterSoft
Folder Deleted : C:\Program Files\1ClickDownload
Folder Deleted : C:\Program Files\EasyLife
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\BrowoSE2isavve
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrowoSE2isavve
Folder Deleted : C:\ProgramData\SoftSafe
Folder Deleted : C:\Users\Courtney\AppData\Local\PackageAware
 
***** [Registry] *****
 
Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~1\browse~1\sprote~1.dll
Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~1\easylife\sprote~1.dll
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{01BD49D7-C76B-4310-8BEB-14D7E5F322C6}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C99FDC39-A1AE-4B24-8D71-E5274F8D7C54}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{14F35FFC-522A-4DD1-A07E-6B8B65C6891E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF428729-43DE-6DFF-A42E-7098C2826EAC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AC329328-7EC4-4C34-B672-0A2B90CB9B00}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{01BD49D7-C76B-4310-8BEB-14D7E5F322C6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF428729-43DE-6DFF-A42E-7098C2826EAC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C3F3165C-74D3-6FDB-3274-14FDA8698CFA}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v8.0.7601.17514
 
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.easylifeapp.com/?pid=34&src=ie1&r=2013/03/13&hid=2992496284&lg=EN&cc=AU --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.easylifeapp.com/?pid=34&src=ie1&r=2013/03/13&hid=2992496284&lg=EN&cc=AU --> hxxp://www.google.com
 
-\\ Google Chrome v26.0.1410.64
 
File : C:\Users\Courtney\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
Deleted [l.3676] : urls_to_restore_on_startup = [ "hxxp://search.easylifeapp.com/?pid=34&src=ch1&r=2013/03/13&hi[...]
 
*************************
 
AdwCleaner[R1].txt - [6405 octets] - [19/05/2013 12:08:58]
AdwCleaner[S1].txt - [6103 octets] - [19/05/2013 12:19:08]
 
########## EOF - C:\AdwCleaner[S1].txt - [6163 octets] ##########


#8 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:17 PM

Posted 20 May 2013 - 06:34 PM

Please try and see if ContinueToSave or BetterSoft are listed in Programs and Features, and remove them -

ContinueToSave from BetterSoft is an adware program in the form of a process and a web browser plugin. The Plugin is designed to monitor the user's search and browsing habits and deliver advertising by overwriting the content HTML within the user's web browser.

I think the AVG Security Toolbar should now be removed (useless) and a few other bits that were not wanted.

Look and make sure these others no longer exist - 1ClickDownload - EasyLife - BrowoSE2isavve - InstallMate -

You have downloaded these as Add-ons with other programs.

 

Is there any change at all now ??

 

Thank You -



#9 crtkns

crtkns
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 20 May 2013 - 09:42 PM

Thanks for the advice. I found something in program data called AVG April 2013 Campaign that I think might have a lot to do with it. I removed what I could but can't seem to get rid of it from program data. BetterSoft is also in program data (not files) and I can't delete that either - it continues to tell me it's open in another program. Let me know if that's a problem... otherwise I've uninstalled AVG and reinstalled (making sure not to add the toolbar!) and the notepad thing hasn't popped up in a while, so I am cautiously optimistic. 

 

Thank you for your help!



#10 crtkns

crtkns
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 20 May 2013 - 09:52 PM

Nope, false alarm, it's still happening. 

 

I don't seem to have ContinueToSave but I have something called BrowseToSave, is that related?



#11 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:17 PM

Posted 20 May 2013 - 10:30 PM

Yes the BrowseToSave is another one you need to remove as it is Spyware -

 

Please note I have done the steps with ( > ) between them meaning Go To, rather than listing them.

 

Go - Start > Programs > Accessories > WINDOWS EXPLORER > Computer > You may have a set of numbers followed by (C:) > Program Files > Look down the list of programs shown > Right click on any of the above mentioned programs > Click DELETE > Once you are sure that you can not find any more leave that area by using the X (top right) > Open Recycle Bin (there should be a desktop icon) > There should be an item that says Empty Recycle Bin > Click on that and confirm with OK -

 

Thank You -



#12 crtkns

crtkns
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 20 May 2013 - 10:34 PM

Thanks, I've now removed BrowsetoSave from C:\ProgamFiles Unfortunately all of the others (AVG April 2013 Campaign, Bettersoft) are in C:\ProgramData and when I attempt to delete them I am told that I can't as they are already open in another program. 



#13 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:17 PM

Posted 20 May 2013 - 11:15 PM

Hi -
I am sorry, but this now seems beyond my realm, and the Windows 7 area.

 

Please post to Am I Infected for basic infected help.

Or for more dedicated help, read the Preparation Guide from Step #6 and post a new topic in Malware Removal Logs Area for Expert help -

 

Thank You -



#14 crtkns

crtkns
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 20 May 2013 - 11:17 PM

Ok, thanks for trying! Have a good one. 

 

 

Mod Edit:  No need to create new topic, moved this topic to AII - Hamluis.


Edited by hamluis, 21 May 2013 - 12:55 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users