Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple Popups doesn't matter what brower?


  • Please log in to reply
7 replies to this topic

#1 hotpinkchic

hotpinkchic

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:19 PM

Posted 27 February 2014 - 06:58 AM

I'm using Windows 7 Professional and for some reason have been getting lots of popups when visiting sites. Sometimes it's a whole new browser popup and others it's just a flash window in the lower right with a video ad in it.

 

It's really annoying and a couple friends gave advice which hasn't worked yet.

 

I've already ran CCleaner, or something close to that maybe one 'C' I don't know and installed and ran Malwarebytes. Both did find and remove a lot of stuff but hasn't solved the popup problem.

 

I'm hoping someone can help. This is like my last resort. I wish I was McGee on NCIS I would fix these annoying buggers!

 

Just to let you all know I only have internet access at work now. Working on getting internet at home. Probably in a week or two. I work graveyard Wed, Thur, and Fri's so that's only time I can answer. Sorry!

 

Thanks in advance,

HotPinkChic



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,886 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:19 PM

Posted 27 February 2014 - 09:38 AM

In many cases these issues are the result of unwanted toolbars, add-ons/plug-ins, and browser extensions which come bundled with other free software you download. They can often be the source of various issues and problems to include Adware, pop-up ads browser hijacking which may change your home page and search engine, and user profile corruption. As such many of them are classified as Potentially Unwanted Programs (PUPs).

Some toolbars and Add-ons can be removed from within its program group shortcut in Start Menu > All Programs or by using Add/Remove Programs or Programs and Features in Control Panel, so always check there first.

Alternatively, you can use a third-party utility like Revo Uninstaller Free or Portable and follow these instructions for using it. Revo will do a more thorough job of searching for and removing related registry entries, files and folders.

Note: Some programs can be difficult to remove if their services and running processes are not disabled or turned off prior to attempting removal because they are in use. As such, it is easier to uninstall after booting into safe mode so there are less processes which can interfere with uninstalling the program.

Remove anything else (newly installed programs) you do not recognize.

If the program is not listed in Add/Remove or Programs and Features, and there is no uninstaller in the program's folder, the next place to check is your browser extensions and add-ons/plug-ins.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,886 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:19 PM

Posted 27 February 2014 - 09:38 AM

After doing the above...continue as follows:

Please download and use the following tools (in the order listed) which will search for and remove many potentially unwanted programs (PUPs), adware, toolbars, browser hijackers, extensions, add-ons and other junkware as well as related registry entries (values, keys) and remnants.

RKill created by Grinler (aka Lawrence Abrams), the site owner of BleepingComputer.
AdwCleaner created by Xplode.
Junkware Removal Tool created by thisisu.

1. Double-click on RKill to launch the tool. A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully. A log file will be created and saved to the root directory, C:\RKill.log. Copy and paste the contents of RKill.log in your next reply.

Important: Do not reboot your computer until you complete the next step.

2. Double-click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on each one and uncheck any items you want to keep (except you cannot uncheck Chrome and Firefox preferences lines).


Close all open programs and shut down any protection/security software to avoid potential conflicts.

3. Double-click on JRT.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log file named JRT.txt will automatically open and be saved to your Desktop.
  • Copy and paste the contents of JRT.txt in your next reply.
.
4. As a final step, rescan again with Malwarebytes Anti-Malware and post the log. They are automatically saved and can be viewed by clicking the Logs tab.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 hotpinkchic

hotpinkchic
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:19 PM

Posted 28 February 2014 - 06:55 AM

Thanks for replying.

 

Well I did all the above and things seem to be working ok for now.

 

Having people helping like this is awesome. Where do you go to learn about removing malware and can anyone help out here or do you have to be experienced in computers and malware?

 

Here are all the logs from the above scans you asked me to perform.

 

Rkill 2.6.5 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 02/28/2014 12:14:18 AM in x86 mode.
Windows Version: Windows 7 Professional Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 02/28/2014 12:17:01 AM
Execution time: 0 hours(s), 2 minute(s), and 42 seconds(s)
 
===========================================================
 
# AdwCleaner v3.020 - Report created 28/02/2014 at 00:21:06
# Updated 27/02/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : Admin - SHYLEIGH
# Running from : C:\Users\Admin\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Viewpoint
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\iLivid
Folder Deleted : C:\Program Files\SweetIM
Folder Deleted : C:\Program Files\Viewpoint
Folder Deleted : C:\Program Files\WinZip Registry Optimizer
Folder Deleted : C:\Program Files\Common Files\Software Update Utility
Folder Deleted : C:\Windows\system32\ARFC
Folder Deleted : C:\Windows\system32\jmdp
Folder Deleted : C:\Windows\system32\WNLT
Folder Deleted : C:\Users\Admin\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Admin\AppData\Local\visi_coupon
Folder Deleted : C:\Users\Admin\AppData\LocalLow\SweetIM
Folder Deleted : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s32kz54o.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Deleted : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s32kz54o.default\Extensions\ffxtlbr@funmoods.com
File Deleted : C:\Users\Public\Desktop\iLivid.lnk
File Deleted : C:\Windows\system32\ImhxxpComm.dll
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.xpt
File Deleted : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s32kz54o.default\searchplugins\funmoods.xml
File Deleted : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s32kz54o.default\searchplugins\MyStart Search.xml
File Deleted : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s32kz54o.default\searchplugins\MyStart.xml
File Deleted : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s32kz54o.default\searchplugins\Search_Results.xml
File Deleted : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s32kz54o.default\searchplugins\Sweetpacks Search.xml
File Deleted : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s32kz54o.default\user.js
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{8E9E3331-D360-4f87-8803-52DE43566502}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\ilivid
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4C836512-BB70-11D2-A5A7-00105A9C91C6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DB797690-40E0-11D2-9BD5-0060082AE372}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB797681-40E0-11D2-9BD5-0060082AE372}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKLM\Software\caphyon
Key Deleted : HKLM\Software\ilivid
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\TENCENT
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\Software\wnlt
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16798
 
 
-\\ Mozilla Firefox v27.0.1 (en-US)
 
[ File : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s32kz54o.default\prefs.js ]
 
Line Deleted : user_pref("FirstSearch.aol_toolbar.search.hasDoneFirst", 1);
Line Deleted : user_pref("aol_toolbar.aolmail.address", "");
Line Deleted : user_pref("aol_toolbar.aolmail.count", "0");
Line Deleted : user_pref("aol_toolbar.aolmail.id", "value");
Line Deleted : user_pref("aol_toolbar.aolmail.imagelist.layout", "empty");
Line Deleted : user_pref("aol_toolbar.aolmail.popup.autoclose", "true");
Line Deleted : user_pref("aol_toolbar.aolmail.user", "");
Line Deleted : user_pref("aol_toolbar.button.1302891289692_1329151352871.view", "0");
Line Deleted : user_pref("aol_toolbar.button.1302891991910_1329151338191.view", "0");
Line Deleted : user_pref("aol_toolbar.button.1363278391072_1370073352032.view", "0");
Line Deleted : user_pref("aol_toolbar.button.1363278407974_1370073337333.view", "0");
Line Deleted : user_pref("aol_toolbar.button.facebook_40839.click", "1");
Line Deleted : user_pref("aol_toolbar.button.netflix_46519.click", "1");
Line Deleted : user_pref("aol_toolbar.buttons.defaultview", 0);
Line Deleted : user_pref("aol_toolbar.buttons.layout", "1363278391072_1370073352032;1363278407974_1370073337333;ebay_1343881485509;aol_bookmark_button_1342200080837;aol_bookmark_button_1342194327261;aol_bookmark_but[...]
Line Deleted : user_pref("aol_toolbar.calendar.date", "{system.date.timestamp}");
Line Deleted : user_pref("aol_toolbar.calendar.displaydate", "{system.date.locale}");
Line Deleted : user_pref("aol_toolbar.calendar.timestamp", "1381756086962");
Line Deleted : user_pref("aol_toolbar.cookie.homepage", "");
Line Deleted : user_pref("aol_toolbar.cookie.search", "");
Line Deleted : user_pref("aol_toolbar.curtain.congrats", "curtain");
Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Line Deleted : user_pref("aol_toolbar.default.homepage.protection", true);
Line Deleted : user_pref("aol_toolbar.default.homepage.url", "hxxp://www.aol.com/?mtmhp=txtlnkusaolp00000051");
Line Deleted : user_pref("aol_toolbar.default.search.check", false);
Line Deleted : user_pref("aol_toolbar.default.search.label", "AOL Search");
Line Deleted : user_pref("aol_toolbar.default.search.url", "hxxp://search.aol.com/search/search?q={searchTerms}&s_it=aolrt-ff&s_qt=sb&tb_uuid=20120213163933266&tb_oid=13-02-2012&tb_mrud=06-04-2013");
Line Deleted : user_pref("aol_toolbar.firsttime.showwindow", false);
Line Deleted : user_pref("aol_toolbar.guid", "{78F979B5-6125-A9A6-1744-B88C646DAB1B}");
Line Deleted : user_pref("aol_toolbar.historybutton.active", true);
Line Deleted : user_pref("aol_toolbar.historybutton.enabled", true);
Line Deleted : user_pref("aol_toolbar.homepageprotection.enabled", true);
Line Deleted : user_pref("aol_toolbar.install.distroid", "");
Line Deleted : user_pref("aol_toolbar.install.homepage", "hxxp://www.aol.com/?mtmhp={mtmhp}");
Line Deleted : user_pref("aol_toolbar.install.homepage.label", "AOL.com");
Line Deleted : user_pref("aol_toolbar.install.lastTbVersion", "5.74.1.9660");
Line Deleted : user_pref("aol_toolbar.install.lid", "hyplognew00000010");
Line Deleted : user_pref("aol_toolbar.install.mtmhp", "txtlnkusaolp00000051");
Line Deleted : user_pref("aol_toolbar.install.ncid", "");
Line Deleted : user_pref("aol_toolbar.install.type", "new");
Line Deleted : user_pref("aol_toolbar.metrics.activestampdate", "27");
Line Deleted : user_pref("aol_toolbar.metrics.activestampmonth", "1");
Line Deleted : user_pref("aol_toolbar.metrics.activestampyear", "2014");
Line Deleted : user_pref("aol_toolbar.metrics.log", false);
Line Deleted : user_pref("aol_toolbar.metrics.originalDate", "13");
Line Deleted : user_pref("aol_toolbar.metrics.originalHours", "16");
Line Deleted : user_pref("aol_toolbar.metrics.originalMinutes", "41");
Line Deleted : user_pref("aol_toolbar.metrics.originalMonth", "2");
Line Deleted : user_pref("aol_toolbar.metrics.originalSeconds", "18");
Line Deleted : user_pref("aol_toolbar.metrics.originalYear", "2012");
Line Deleted : user_pref("aol_toolbar.relatednews.active", true);
Line Deleted : user_pref("aol_toolbar.relatednews.enabled", false);
Line Deleted : user_pref("aol_toolbar.remote..xml", "1393573551835");
Line Deleted : user_pref("aol_toolbar.remote.config.js", "");
Line Deleted : user_pref("aol_toolbar.remote.historyconfig.js", "");
Line Deleted : user_pref("aol_toolbar.remote.publish.xml", "1393573551078");
Line Deleted : user_pref("aol_toolbar.remote.rtw.js", "1359139924913");
Line Deleted : user_pref("aol_toolbar.remote.searchterm.js", "");
Line Deleted : user_pref("aol_toolbar.remote.ticker.rss", "1331142862903");
Line Deleted : user_pref("aol_toolbar.reset.flag", "1");
Line Deleted : user_pref("aol_toolbar.reset.style", "A");
Line Deleted : user_pref("aol_toolbar.resetprompt.daily.num", "2");
Line Deleted : user_pref("aol_toolbar.resetprompt.daily.timestamp", "Mon May 06 2013 14:33:57 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("aol_toolbar.resetprompt.display.limit", "8");
Line Deleted : user_pref("aol_toolbar.rtw.active", true);
Line Deleted : user_pref("aol_toolbar.rtw.enabled", "1");
Line Deleted : user_pref("aol_toolbar.search.button", true);
Line Deleted : user_pref("aol_toolbar.search.cid", "06-04-2013");
Line Deleted : user_pref("aol_toolbar.search.focusnewtab", true);
Line Deleted : user_pref("aol_toolbar.search.instd", "20120213163933266");
Line Deleted : user_pref("aol_toolbar.search.newtab", true);
Line Deleted : user_pref("aol_toolbar.search.oid", "13-02-2012");
Line Deleted : user_pref("aol_toolbar.search.placement", "right");
Line Deleted : user_pref("aol_toolbar.search.populateoncomplete", true);
Line Deleted : user_pref("aol_toolbar.search.savehistory", true);
Line Deleted : user_pref("aol_toolbar.search.searchtype", "web");
Line Deleted : user_pref("aol_toolbar.search.source", "aolrt-ff");
Line Deleted : user_pref("aol_toolbar.searchengine.label", "AOL Search");
Line Deleted : user_pref("aol_toolbar.searchprotection.enabled", true);
Line Deleted : user_pref("aol_toolbar.skin.custom", true);
Line Deleted : user_pref("aol_toolbar.skins.enabled", true);
Line Deleted : user_pref("aol_toolbar.surf.date", "2");
Line Deleted : user_pref("aol_toolbar.surf.enabled", "0");
Line Deleted : user_pref("aol_toolbar.surf.lastDate", "20");
Line Deleted : user_pref("aol_toolbar.surf.lastMonth", "8");
Line Deleted : user_pref("aol_toolbar.surf.lastYear", "2013");
Line Deleted : user_pref("aol_toolbar.surf.month", "15");
Line Deleted : user_pref("aol_toolbar.surf.prevMonth", "78");
Line Deleted : user_pref("aol_toolbar.surf.show", true);
Line Deleted : user_pref("aol_toolbar.surf.total", "9796");
Line Deleted : user_pref("aol_toolbar.surf.week", "15");
Line Deleted : user_pref("aol_toolbar.surf.year", "2823");
Line Deleted : user_pref("aol_toolbar.ticker.active", false);
Line Deleted : user_pref("aol_toolbar.ticker.animation", "hscroll");
Line Deleted : user_pref("aol_toolbar.ticker.collapsed", "0");
Line Deleted : user_pref("aol_toolbar.ticker.enabled", true);
Line Deleted : user_pref("aol_toolbar.ticker.endColor", "444444");
Line Deleted : user_pref("aol_toolbar.ticker.fontFamily", "Arial, Helvetica, sans-serif");
Line Deleted : user_pref("aol_toolbar.ticker.fontSize", "10");
Line Deleted : user_pref("aol_toolbar.ticker.maxWidth", "200");
Line Deleted : user_pref("aol_toolbar.ticker.show", true);
Line Deleted : user_pref("aol_toolbar.ticker.startColor", "0D0D0D");
Line Deleted : user_pref("aol_toolbar.ticker.tipHidden", "Show Headlines");
Line Deleted : user_pref("aol_toolbar.ticker.tipVisible", "Hide Headlines");
Line Deleted : user_pref("aol_toolbar.ticker.url", "hxxp://feeds.feedburner.com/aolnewstopstories");
Line Deleted : user_pref("aol_toolbar.toolbar.name", "AOL Toolbar");
Line Deleted : user_pref("aol_toolbar.uninstallreset", "3");
Line Deleted : user_pref("aol_toolbar.upgrade.showwindow", false);
Line Deleted : user_pref("aol_toolbar.weather.condition", "33_n");
Line Deleted : user_pref("aol_toolbar.weather.degc", "13");
Line Deleted : user_pref("aol_toolbar.weather.degf", "55");
Line Deleted : user_pref("aol_toolbar.weather.degrees", "F");
Line Deleted : user_pref("aol_toolbar.weather.image", "chrome://aoltoolbar/skin/weather/33_n.png");
Line Deleted : user_pref("aol_toolbar.weather.lastupdate", "");
Line Deleted : user_pref("aol_toolbar.weather.locationid", "USNV0049");
Line Deleted : user_pref("aol_toolbar.weather.metric", true);
Line Deleted : user_pref("aol_toolbar.weather.tooltip", "Las Vegas , NV : Mostly Clear");
Line Deleted : user_pref("aol_toolbar.weather.update", "1379744458172");
Line Deleted : user_pref("aol_toolbar.weather.zipcode", "89101");
Line Deleted : user_pref("aol_toolbar.widgets.layout", "");
Line Deleted : user_pref("aol_toolbar.widgets.log", false);
Line Deleted : user_pref("aol_toolbar.widgets.timestamp", "1393405761931");
Line Deleted : user_pref("aol_toolbar.widgets.version", "5.74.1.9660");
Line Deleted : user_pref("aol_toolbar.winamp.volume", "");
Line Deleted : user_pref("aol_toolbar.xxx", "");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.aol.com/search/search?q={searchTerms}&s_it=aolrt-ff&s_qt=sb&tb_uuid=20120213163933266&tb_oid=13-02-2012&tb_mrud=06-04-2013");
Line Deleted : user_pref("browser.search.order.1", "Search Results");
Line Deleted : user_pref("extensions.fblayouts.sites", "{\n\"ap\": {\n   \"hl\": {\"hxxp\": \"hxxp://www.hotlayouts2u.com/facebook-layouts/initJs.php\",\n          \"hxxps\": \"hxxps://secure.hotlayouts2u.com/facebo[...]
Line Deleted : user_pref("extensions.funmoods_i.aflt", "axl");
Line Deleted : user_pref("extensions.funmoods_i.dfltLng", "");
Line Deleted : user_pref("extensions.funmoods_i.dfltSrch", true);
Line Deleted : user_pref("extensions.funmoods_i.dnsErr", true);
Line Deleted : user_pref("extensions.funmoods_i.excTlbr", false);
Line Deleted : user_pref("extensions.funmoods_i.hmpg", true);
Line Deleted : user_pref("extensions.funmoods_i.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=axl");
Line Deleted : user_pref("extensions.funmoods_i.id", "22991dbc0000000000000013a9f3fc27");
Line Deleted : user_pref("extensions.funmoods_i.instlDay", "15382");
Line Deleted : user_pref("extensions.funmoods_i.instlRef", "");
Line Deleted : user_pref("extensions.funmoods_i.newTab", true);
Line Deleted : user_pref("extensions.funmoods_i.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=axl");
Line Deleted : user_pref("extensions.funmoods_i.prdct", "funmoods");
Line Deleted : user_pref("extensions.funmoods_i.prtnrId", "funmoods");
Line Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Line Deleted : user_pref("extensions.funmoods_i.srchPrvdr", "Search");
Line Deleted : user_pref("extensions.funmoods_i.tlbrId", "base");
Line Deleted : user_pref("extensions.funmoods_i.tlbrSrchUrl", "hxxp://start.funmoods.com/results.php?f=3&a=axl&q=");
Line Deleted : user_pref("extensions.funmoods_i.vrsn", "1.5.11.16");
Line Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.11.1619:41:47");
Line Deleted : user_pref("extensions.funmoods_i.vrsni", "1.5.11.16");
Line Deleted : user_pref("plugin.blocklisted.npviewpoint", true);
Line Deleted : user_pref("{8E9E3331-D360-4f87-8803-52DE43566502}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=toolbar|babsrc=tb_ss|invocationType=tb50-ie-aolsoftonic-tbsbox-en-us|invocationType=tb50-ff-aolsoftonic[...]
Line Deleted : user_pref("{8E9E3331-D360-4f87-8803-52DE43566502}.ScriptData_WSG_whiteList", "{\"search.babylon.com\":\"q\",\"search.imesh.net\":\"q\",\"www.search-results.com\":\"q\",\"home.mywebsearch.com\":\"searc[...]
Line Deleted : user_pref("{8E9E3331-D360-4f87-8803-52DE43566502}.ScriptData_product_name", "Updater By SweetPacks");
Line Deleted : user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=toolbar|babsrc=tb_ss|invocationType=tb50-ie-aolsoftonic-tbsbox-en-us|invocationType=tb50-ff-aolsoftonic[...]
Line Deleted : user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_WSG_whiteList", "{\"search.babylon.com\":\"q\",\"search.imesh.net\":\"q\",\"www.search-results.com\":\"q\",\"home.mywebsearch.com\":\"searc[...]
Line Deleted : user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_product_name", "Updater By SweetPacks");
 
-\\ Google Chrome v
 
[ File : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [23392 octets] - [28/02/2014 00:18:15]
AdwCleaner[S0].txt - [23910 octets] - [28/02/2014 00:21:06]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [23971 octets] ##########
 
========================================================================
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Professional x86
Ran by Admin on Fri 02/28/2014 at  0:29:53.33
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1855564564-3952220239-2754057914-1003\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{41A00922-6C00-4E76-9CFB-0FAFA2D739BF}
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Users\Admin\appdata\locallow\SkwConfig.bin"
Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npmozcouponprinter.dll"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Program Files\coupons"
 
 
 
~~~ FireFox
 
Successfully deleted: [File] C:\user.js
Successfully deleted: [Folder] C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\s32kz54o.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
Emptied folder: C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\s32kz54o.default\minidumps [69 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 02/28/2014 at  0:34:11.60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
==============================================================================
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.02.28.05
 
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16798
Admin :: SHYLEIGH [administrator]
 
2/28/2014 12:39:25 AM
mbam-log-2014-02-28 (00-39-25).txt
 
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 366007
Time elapsed: 2 hour(s), 29 minute(s), 28 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 

============================================================================

 

Thanks for your help, it's greatly appreciated.

 

hotpinkchic



#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,886 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:19 PM

Posted 28 February 2014 - 07:13 AM

Where do you go to learn about removing malware and can anyone help out here or do you have to be experienced in computers and malware?

Instructions for posting advice in Am I Infected

If learning about malware removal techniques and how to use specialized fix tools is something you are interested in, please read BleepingComputer's Malware Removal Training Program.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,886 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:19 PM

Posted 28 February 2014 - 07:14 AM

Now try doing an online scan to see if it finds anything else that the other scans may have missed.

Please perform a scan with Eset Online Anti-virus Scanner.
If using Mozilla Firefox, you will be prompted to download and use the ESET Smart Installer. Just double-click on esetsmartinstaller_enu.exe to install.
Vista/Windows 7/8 users need to run Internet Explorer/Firefox as Administrator.
To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.

  • Click the green esetOnline.png button.
  • Read the End User License Agreement and check the box:
  • Check esetAcceptTerms.png.
  • Click the esetStart.png button.
  • Accept any security warnings from your browser and allow the download/installation of any require files.
  • Under scan settings, check esetScanArchives.png and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click the Start button.
  • ESET will install itself, download virus signature database updates, and begin scanning your computer.
  • The scan can take some time to complete...close all programs and do NOT use the computer while the scan is running.
    If given the option (when threats are found), choose "Quarantine" instead of delete.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop as ESETScan.txt.
  • Push the esetBack.png button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply. If no threats are found, there is no option to create a log.


-- Note: If you recognize any of the detections as legitimate programs, it's possible they are "false positives" and you can ignore them or get a second opinion if you're not sure. Eset's detection rate is high and can include legitimate files which it considers suspicious, a Risk Tool, Hacking Tool, Potentially Unwanted Program, a possible threat or even Malware (virus/trojan) when that is not always the case. Be careful what you choose to remove. If in doubt, ask before taking action.
 


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 hotpinkchic

hotpinkchic
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:19 PM

Posted 01 March 2014 - 07:31 AM

Ok will read the link you posted.

 

The online scan went pretty good and all looks good for now.

 

Again thanks for your help.

 

hotpinkchic



#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,886 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:19 PM

Posted 01 March 2014 - 07:50 AM

Not a problem.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users