Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random Ads in Browsers


  • Please log in to reply
11 replies to this topic

#1 tmcburney

tmcburney

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 21 September 2013 - 07:18 AM

Hello,

 

My Windows XP (Media Center Edition, Version 2002, Service Pack 3) machine gets random advertisements that appear in browser windows (both IE and Firefox).  Sometimes the ads appear in new windows, sometimes in new tabs.  It only occurs if I leave a browser open.  A browser does not open with an advertisement on it's own, in other words.  It typically happens when the machine is unattended, but it does not always occur.  I left both browsers open overnight so that I could capture screenshots for this post, for instance, but no ads appeared by the morning.

 

This started after a file extractor was inadvertently downloaded to the machine.  While trying to download a desired program, an ad link labeled "DOWNLOAD" was clicked by mistake, and the "free" file extractor was off to the races.  It installed a few other things that attached to the browsers, like toolbars and search engines, and also reset my browser home pages.  I don't recall the name of it, but all components had entries in the installed program list and I was able to uninstall all of them.  I also came here and downloaded Malwarebytes Anti-Malware and ran it.  That found a few items and removed them, and I thought the problem was solved.

 

The file extraction software was gone, along with the toolbars and search engines, and I was able to reset my home pages succesfully.  These ad windows have appeared ever since however.  They are mostly nuisance and can be closed, but their presence makes me suspect there may be other things going on that I am unaware of.

 

I will come back and post screenshots of any ads that appear to this thread, but am hoping someone can help me figure out the source of these and remove them.

 

Thank you,

 

Tom



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:57 AM

Posted 21 September 2013 - 07:49 AM

Please post the complete results of your MBAM scan for review.

To retrieve the Malwarebytes Anti-Malware scan log information, launch MBAM.
  • Click the Logs Tab at the top.
  • The log will be named by the date of scan in the following format: mbam-log-yyyy-mm-dd
    -- If you have previously used MBAM, there may be several logs showing in the list.
  • Click on the log name to highlight it.
  • Go to the bottom and click on Open.
  • The log will automatically open in Notepad as a text file.
  • Go to Edit and choose Select all.
  • Go back to Edit and choose Copy or right-click on the highlighted text and choose Copy from there.
  • Come back to this thread, click Add Reply, then right-click and choose Paste.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
Logs are automatically saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7, 2008: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd



Please download AdwCleaner by Xplode and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
-- Note: The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on each one and uncheck any items you want to keep (except you cannot uncheck Chrome and Firefox preferences lines).


Please download Junkware Removal Tool thisisujrt.gif and save it to your Desktop.
  • Close all open programs and shut down any protection/security software now to avoid potential conflicts.
  • Double-click on JRT.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log file named JRT.txt will automatically open and be saved to your Desktop.
  • Copy and paste the contents of JRT.txt in your next reply.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 tmcburney

tmcburney
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 21 September 2013 - 02:22 PM

Hello,

 

Here are the log files.  Thank you for your help.

 

MB Log:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.20.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
McBurneys :: DELLDESKTOP [administrator]

7/20/2013 6:48:58 PM
mbam-log-2013-07-20 (18-48-58).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 462593
Time elapsed: 3 hour(s), 19 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

ADWC Log:

# AdwCleaner v3.004 - Report created 21/09/2013 at 14:33:48
# Updated 15/09/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : McBurneys - DELLDESKTOP
# Running from : C:\Documents and Settings\McBurneys\My Documents\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : APNMCP

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor
Folder Deleted : C:\Documents and Settings\All Users\Application Data\apn
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Application Data\BrowserDefender
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\AskPartnerNetwork
Folder Deleted : C:\Program Files\Babylon
Folder Deleted : C:\DOCUME~1\MCBURN~1\LOCALS~1\Temp\apn
Folder Deleted : C:\Documents and Settings\NetworkService\Local Settings\Application Data\AskPartnerNetwork
Folder Deleted : C:\Documents and Settings\NetworkService\Local Settings\Application Data\AskToolbar
Folder Deleted : C:\Documents and Settings\NetworkService\Application Data\adawaretb
Folder Deleted : C:\Documents and Settings\NetworkService\Application Data\Toolbar4
Folder Deleted : C:\Documents and Settings\McBurneys\Local Settings\Application Data\AskPartnerNetwork
Folder Deleted : C:\Documents and Settings\McBurneys\Local Settings\Application Data\AskToolbar
Folder Deleted : C:\Documents and Settings\McBurneys\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\McBurneys\Local Settings\Application Data\PackageAware
Folder Deleted : C:\Documents and Settings\McBurneys\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\McBurneys\Application Data\DSite
Folder Deleted : C:\Documents and Settings\McBurneys\Start Menu\Programs\BrowserDefender
Folder Deleted : C:\Documents and Settings\McBurneys\Application Data\Mozilla\Firefox\Profiles\27s346cw.default\Conduit
Folder Deleted : C:\Documents and Settings\McBurneys\Application Data\Mozilla\Firefox\Profiles\27s346cw.default\ConduitCommon
Folder Deleted : C:\Program Files\Mozilla Firefox\Extensions\ffxtlbr@babylon.com
File Deleted : C:\Documents and Settings\McBurneys\Application Data\Mozilla\Firefox\Profiles\27s346cw.default\\invalidprefs.js
File Deleted : C:\Documents and Settings\McBurneys\Application Data\Mozilla\Firefox\Profiles\j6elw48n.Default User\\invalidprefs.js
File Deleted : C:\Documents and Settings\McBurneys\Application Data\Mozilla\Firefox\Profiles\27s346cw.default\bprotector_extensions.sqlite
File Deleted : C:\Documents and Settings\McBurneys\Application Data\Mozilla\Firefox\Profiles\27s346cw.default\bprotector_prefs.js
File Deleted : C:\Documents and Settings\McBurneys\Application Data\Mozilla\Firefox\Profiles\27s346cw.default\searchplugins\delta.xml
File Deleted : C:\Documents and Settings\McBurneys\Application Data\Mozilla\Firefox\Profiles\j6elw48n.Default User\searchplugins\delta.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\search.xml
File Deleted : C:\Documents and Settings\McBurneys\Application Data\Mozilla\Firefox\Profiles\27s346cw.default\user.js
File Deleted : C:\Documents and Settings\McBurneys\Application Data\Mozilla\Firefox\Profiles\j6elw48n.Default User\user.js
File Deleted : C:\Documents and Settings\McBurneys\Local Settings\Application Data\Google\Chrome\User Data\Default\bProtector Web Data
File Deleted : C:\Documents and Settings\McBurneys\Local Settings\Application Data\Google\Chrome\User Data\Default\bprotectorpreferences
File Deleted : C:\Documents and Settings\McBurneys\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage
File Deleted : C:\WINDOWS\Tasks\BrowserDefendert.job
File Deleted : C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Key Deleted : HKCU\Software\5c68adbe76fbd49
Key Deleted : HKLM\SOFTWARE\5c68adbe76fbd49
Key Deleted : HKLM\SOFTWARE\Classes\SMTTB2009.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\SMTTB2009.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2559647
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2801948
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2878731
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskPartnerNetwork
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\DataMngr
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Somoto Toolbar
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskPartnerNetwork
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\ImInstaller
Key Deleted : HKLM\Software\Minibar
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Product Deleted : Ask Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [bProtectTabs]

-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Documents and Settings\McBurneys\Application Data\Mozilla\Firefox\Profiles\27s346cw.default\prefs.js ]

Line Deleted : user_pref("extensions.delta.admin", false);
Line Deleted : user_pref("extensions.delta.aflt", "babsst");
Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
Line Deleted : user_pref("extensions.delta.dfltLng", "en");
Line Deleted : user_pref("extensions.delta.excTlbr", false);
Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.delta.id", "70d2cca800000000000000188b5aab7e");
Line Deleted : user_pref("extensions.delta.instlDay", "15896");
Line Deleted : user_pref("extensions.delta.instlRef", "sst");
Line Deleted : user_pref("extensions.delta.newTab", false);
Line Deleted : user_pref("extensions.delta.prdct", "delta");
Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
Line Deleted : user_pref("extensions.delta.rvrt", "false");
Line Deleted : user_pref("extensions.delta.smplGrp", "none");
Line Deleted : user_pref("extensions.delta.tlbrId", "base");
Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.delta.vrsn", "1.8.21.5");
Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.21.519:24:59");
Line Deleted : user_pref("extensions.delta.vrsni", "1.8.21.5");
Line Deleted : user_pref("extensions.delta_i.babExt", "");
Line Deleted : user_pref("extensions.delta_i.babTrack", "affID=119351&tsp=4939");
Line Deleted : user_pref("extensions.delta_i.srcExt", "ss");

[ File : C:\Documents and Settings\McBurneys\Application Data\Mozilla\Firefox\Profiles\j6elw48n.Default User\prefs.js ]

Line Deleted : user_pref("extensions.delta.newTab", false);

-\\ Google Chrome v

[ File : C:\Documents and Settings\McBurneys\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : search_url
Deleted : keyword
Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [16887 octets] - [21/09/2013 14:28:26]
AdwCleaner[S0].txt - [16827 octets] - [21/09/2013 14:33:48]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [16888 octets] ##########
 

JRT Log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.1 (09.15.2013:1)
OS: Microsoft Windows XP x86
Ran by McBurneys on Sat 09/21/2013 at 14:46:33.12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully deleted [Registry Value] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\bProtectTabs



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1177238915-1214440339-1801674531-1003\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A34F9D97-58FD-4A08-A87A-824B7A486D7D}
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\clsid\{44cbc005-6243-4502-8a02-3a096a282664}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\clsid\{80703783-e415-4ee3-ab60-d36981c5a6f1}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\clsid\{d8278076-bc68-4484-9233-6e7f1628b56c}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\clsid\{f297534d-7b06-459d-bc19-2dd8ef69297b}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{6978f29a-3493-40b2-8cdc-9c13a02f85a4}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{d7949a66-d936-4028-9552-14f7dc50f38d}"



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\best buy pc app"
Successfully deleted: [Folder] "C:\Documents and Settings\McBurneys\Local Settings\Application Data\best buy pc app"
Failed to delete: [Folder] "C:\Program Files\coupons"
Failed to delete: [Folder] "C:\Program Files\yontoo layers runtime (drop down deals)"





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 09/21/2013 at 14:52:01.62
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Regards,

Tom



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:57 AM

Posted 21 September 2013 - 03:15 PM

Try doing an online scan to see if it finds anything else that the other scans may have missed.

Please perform a scan with Eset Online Anti-virus Scanner.
If using Mozilla Firefox, you will be prompted to download and use the ESET Smart Installer. Just double-click on esetsmartinstaller_enu.exe to install.
Vista/Windows 7/8 users need to run Internet Explorer/Firefox as Administrator.
To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.

  • Click the green esetOnline.png button.
  • Read the End User License Agreement and check the box:
  • Check esetAcceptTerms.png.
  • Click the esetStart.png button.
  • Accept any security warnings from your browser and allow the download/installation of any require files.
  • Under scan settings, check esetScanArchives.png and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click the Start button.
  • ESET will install itself, download virus signature database updates, and begin scanning your computer.
  • The scan can take some time to complete...close all programs and do NOT use the computer while the scan is running.
    If given the option (when threats are found), choose "Quarantine" instead of delete.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop as ESETScan.txt.
  • Push the esetBack.png button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply. If no threats are found, there is no option to create a log.



-- Note: If you recognize any of the detections as legitimate programs, it's possible they are "false positives" and you can ignore them or get a second opinion if you're not sure. Eset's detection rate is high and can include legitimate files which it considers suspicious, a Risk Tool, Hacking Tool, Potentially Unwanted Program, a possible threat or even Malware (virus/trojan) when that is not the case. Be careful what you choose to remove. If in doubt, ask before taking action.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 tmcburney

tmcburney
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 21 September 2013 - 09:05 PM

Hi, here is the ESET scan log file:

 

C:\AdwCleaner\Quarantine\C\Documents and Settings\McBurneys\Application Data\DSite\UpdateProc\UpdateTask.exe.vir    Win32/DownWare.E application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\APNSetup.exe.vir    Win32/Bundled.Toolbar.Ask.B application    deleted - quarantined
C:\Documents and Settings\McBurneys\My Documents\APNSetup.exe    Win32/Bundled.Toolbar.Ask.B application    deleted - quarantined
C:\Documents and Settings\McBurneys\My Documents\Downloads\cnet_HC2Setup_exe (1).exe    a variant of Win32/InstallCore.D application    cleaned by deleting - quarantined
C:\Documents and Settings\McBurneys\My Documents\Downloads\cnet_HC2Setup_exe (2).exe    a variant of Win32/InstallCore.D application    cleaned by deleting - quarantined
C:\Documents and Settings\McBurneys\My Documents\Downloads\setup.exe    a variant of Win32/AirAdInstaller.A application    cleaned by deleting - quarantined
C:\Documents and Settings\McBurneys\My Documents\Downloads\ZipOpenerSetup.exe    Win32/InstallCore.BN application    cleaned by deleting - quarantined
C:\System Volume Information\_restore{339FFC78-07A0-4FEF-869B-1DFDB210F279}\RP793\A0263537.dll    Win32/Toolbar.Babylon.G application    cleaned by deleting - quarantined
C:\System Volume Information\_restore{339FFC78-07A0-4FEF-869B-1DFDB210F279}\RP793\A0263538.dll    Win32/Toolbar.Escort.A application    cleaned by deleting - quarantined
C:\System Volume Information\_restore{339FFC78-07A0-4FEF-869B-1DFDB210F279}\RP793\A0263539.dll    a variant of Win32/Toolbar.Montiera.A application    cleaned by deleting - quarantined
C:\System Volume Information\_restore{339FFC78-07A0-4FEF-869B-1DFDB210F279}\RP793\A0263540.dll    probably a variant of Win32/Toolbar.Montiera.A application    cleaned by deleting - quarantined
C:\System Volume Information\_restore{339FFC78-07A0-4FEF-869B-1DFDB210F279}\RP793\A0263542.exe    a variant of Win32/Toolbar.Montiera.A application    cleaned by deleting - quarantined
C:\System Volume Information\_restore{339FFC78-07A0-4FEF-869B-1DFDB210F279}\RP793\A0263545.exe    Win32/Toolbar.Babylon.I application    cleaned by deleting - quarantined
C:\System Volume Information\_restore{339FFC78-07A0-4FEF-869B-1DFDB210F279}\RP793\A0263555.exe    Win32/AdWare.Yontoo.E application    cleaned by deleting - quarantined
C:\System Volume Information\_restore{339FFC78-07A0-4FEF-869B-1DFDB210F279}\RP793\A0263556.dll    probably a variant of Win32/Adware.Yontoo.A application    cleaned by deleting - quarantined
C:\System Volume Information\_restore{339FFC78-07A0-4FEF-869B-1DFDB210F279}\RP793\A0263557.exe    MSIL/WebCake.B application    cleaned by deleting - quarantined
C:\System Volume Information\_restore{339FFC78-07A0-4FEF-869B-1DFDB210F279}\RP793\A0263565.dll    probably a variant of Win32/Adware.Yontoo.B application    cleaned by deleting - quarantined
C:\System Volume Information\_restore{339FFC78-07A0-4FEF-869B-1DFDB210F279}\RP793\A0263573.exe    a variant of Win32/InstallCore.AZ application    cleaned by deleting - quarantined
C:\System Volume Information\_restore{339FFC78-07A0-4FEF-869B-1DFDB210F279}\RP866\A0457647.exe    Win32/Bundled.Toolbar.Ask.B application    deleted - quarantined
C:\System Volume Information\_restore{339FFC78-07A0-4FEF-869B-1DFDB210F279}\RP866\A0457679.exe    Win32/DownWare.E application    cleaned by deleting - quarantined
C:\WINDOWS\Installer\5429b75.msi    a variant of Win32/Bundled.Toolbar.Ask.D application    deleted - quarantined
 

Thank you,

Tom



#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:57 AM

Posted 21 September 2013 - 09:14 PM


How is your computer running now? Are there any more signs of infection?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 tmcburney

tmcburney
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 22 September 2013 - 06:07 AM

Hi,

 

No, i have not seen further ads appearing in browser windows so far, but I did not leave the browsers open overnight either.  I will leave the browsers open today and see if anything appears, then post back later today with results.

 

Thank you,

Tom



#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:57 AM

Posted 22 September 2013 - 07:28 AM

You're welcome.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 tmcburney

tmcburney
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 22 September 2013 - 05:04 PM

Hi,

 

Things are looking better.  I have  had both IE and Firefox open all day and there have been no new windows or tabs opening with advertisements.

 

Thanks,

Tom



#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:57 AM

Posted 22 September 2013 - 05:09 PM

Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state. Then use Disk Cleanup or Disk Cleanup with Sagesets to remove all but the most recently created Restore Point.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 anthonycuk

anthonycuk

  • Banned Spammer
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:57 PM

Posted 23 September 2013 - 05:10 AM

You just need to make changes to your browser settings:

 

1. reset your browser

 

- firefox

  1. Click on the Firefox button > Help > Troubleshooting information.
  2. A new window pops up with a box containing ‘Reset Firefox’ button on the left uppers corner of the web page
  3. A box pops up for confirmation, please click ‘Reset Firefox

 

- Google Chrome

  1. Choose ‘Customize and Control Google Chrome’ menu.
  2. Select ‘Options’.
  3. Click ‘Under the Hood’ tab on ‘Options’ window.
  4. Click ‘Reset to Defaults’ button.

 

- IE

  1. Open Internet Explorer
  2. Click on the Tools menu
  3. Select Internet Options
  4. Click on the Advanced tab
  5. Locate 'Reset Internet Explorer settings' section
  6. Hit Reset button > press 'Apply'.

 

2. manually change browser settings

 

- firefox

At the top of the Firefox window, click on the Tools menu -> manage Add-ons -> modification should be made under Extensions tab and Plugins tab respectively.

 

- Google Chrome

Click on ‘Customize and control’ Google Chrome icon -> select ‘Settings’ -> manage ‘Extension’

 

- IE

Go to Tools -> ‘Manage Add-ons’ > find and click on beesq.net in ‘Toolbars and Extensions’, ‘Search Providers’ respectively -> click ‘Disable’/ ‘Remove’ to remove unwanted items.

 

 

3.disable startup item related to unwanted items.

 

- Windows 7/XP/Vista

Start Menu -> Select ‘Run’ -> type ‘MSCONFIG’ -> find unwated items > press ‘Disable all’.

 

 

- Windows 8

Start screen -> type 'Task' > hit Startup tab > find unwanted startup item and disable it.

 

HAPPY ENDING :guitar:



#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:57 AM

Posted 23 September 2013 - 07:40 AM

@ anthonycuk

This topic has already been resolved.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users