Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Desktop Window keeps popping up. please help


  • Please log in to reply
6 replies to this topic

#1 dcurtis19

dcurtis19

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:las vegas
  • Local time:10:55 AM

Posted 09 July 2014 - 08:56 PM

thank you in advance...

I'm running windows 7. I have pop up window that keeps popping up. it is a Japanese porn site. I have only clicked the top right corner to close it but it keeps coming back. When I go to windows task manager to close it the window is not a IE window, chrome window, nor firefox window. To right click on the window "

 

I have run malwarebytes to remove this but it found nothing...

 

there are actually of these windows popping up. they pop up under other windows.

 

thanks in advance

 

Dave



BC AdBot (Login to Remove)

 


m

#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:55 AM

Posted 09 July 2014 - 09:25 PM

Hello Dave -

Please download the tools to Desktop and Copy and Paste any logs.

 

First - This is a "basic clean-up" and we will go further depending on your answers.

 

Please download and run RKill by Grinler.
 A black DOS box will appear for a short time and then disappear.
 This is normal and indicates the tool ran successfully.
 At most the tool will usually run for about 2 minutes
 Please Copy / Paste the small log back here.

 

Important: Do not reboot your computer until you complete the next step.

 

* NOW :
 Please download AdwCleaner by Xplode and save to your Desktop.
 * Double-click on AdwCleaner.exe to run the tool.
 * Vista/Windows 7/8 users right-click and select Run As Administrator.
 * Click on the Scan button (only once)
 * AdwCleaner will begin...be patient as the scan may take some time to complete.
 * After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
* Check the removals and see if you are OK with the list.

* Now
 * Click on the Clean button (only once)
 * Press OK when asked to close all programs and follow the onscreen prompts.
 * Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
 * After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
 * Copy and Paste the contents of that logfile in your next reply.

* A copy of all logfiles are also saved in the C:\AdwCleaner folder which was created when running the tool.

 

 

Next -

Please download Junkware Removal Tool by Thisisu

Open your browser and go to Downloads, then click on the Junkware Removal Tool to install it. 

Click on Run to initiate the installation.

To avoid potential conflicts, Temporarily Disable your Antivirus

You may want to be offline when you do this.

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select Run as Administrator.

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open. 
Copy and this in your next post..

 

If the problem still exists, please tell me what browser(s) are the worst -



#3 dcurtis19

dcurtis19
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:las vegas
  • Local time:10:55 AM

Posted 11 July 2014 - 10:51 AM

Rkill 2.6.7 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 07/11/2014 08:49:41 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 07/11/2014 08:49:55 AM
Execution time: 0 hours(s), 0 minute(s), and 14 seconds(s)


#4 dcurtis19

dcurtis19
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:las vegas
  • Local time:10:55 AM

Posted 11 July 2014 - 11:10 AM

Logfile from AdwCleaner

 

# AdwCleaner v3.215 - Report created 11/07/2014 at 09:05:04
# Updated 09/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : David Curtis - CUSTOM-PC
# Running from : C:\Users\David Curtis\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : 70e6ca8c
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Search Protection
Folder Deleted : C:\ProgramData\Systweak
Folder Deleted : C:\Program Files (x86)\Whilokii
Folder Deleted : C:\Users\David Curtis\AppData\Local\genienext
Folder Deleted : C:\Users\David Curtis\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\David Curtis\AppData\Roaming\digitalsite
Folder Deleted : C:\Users\David Curtis\AppData\Roaming\Systweak
Folder Deleted : C:\Users\David Curtis\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnofepcmbghfcimfbjicplikedjcnalm
File Deleted : C:\Windows\System32\sasnative64.exe
File Deleted : C:\Users\David Curtis\daemonprocess.txt
File Deleted : C:\Users\David Curtis\AppData\Roaming\Mozilla\Firefox\Profiles\nfqh6mov.default\searchplugins\safeguard-secure-search.xml
File Deleted : C:\Users\David Curtis\AppData\Roaming\Mozilla\Firefox\Profiles\nfqh6mov.default\user.js
File Deleted : C:\Windows\System32\Tasks\RegClean Pro
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
Key Deleted : HKCU\Software\Google\Chrome\Extensions\hnofepcmbghfcimfbjicplikedjcnalm
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hnofepcmbghfcimfbjicplikedjcnalm
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\hnofepcmbghfcimfbjicplikedjcnalm
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\JFileManager_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\JFileManager_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289075
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422912228}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466916628}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422912228}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466916628}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\Uniblue
Key Deleted : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17207
 
 
-\\ Mozilla Firefox v29.0.1 (en-US)
 
[ File : C:\Users\David Curtis\AppData\Roaming\Mozilla\Firefox\Profiles\nfqh6mov.default\prefs.js ]
 
Line Deleted : user_pref("CT3289075.FF19Solved", "true");
Line Deleted : user_pref("CT3289075.UserID", "UN15561430182839910");
Line Deleted : user_pref("CT3289075.fullUserID", "UN15561430182839910.IN.20131002172753");
Line Deleted : user_pref("CT3289075.installDate", "02/10/2013 17:27:55");
Line Deleted : user_pref("CT3289075.installSessionId", "-1");
Line Deleted : user_pref("CT3289075.installSp", "TRUE");
Line Deleted : user_pref("CT3289075.installerVersion", "1.7.0.9");
Line Deleted : user_pref("CT3289075.searchRevert", "FALSE");
Line Deleted : user_pref("CT3289075.searchUserMode", "2");
Line Deleted : user_pref("CT3289075.versionFromInstaller", "10.20.0.13");
Line Deleted : user_pref("CT3289075.xpeMode", "0");
Line Deleted : user_pref("extensions.4CijsR4UAd.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.net\")>-1||url.i[...]
Line Deleted : user_pref("extensions.helperbar.DockingPositionDown", false);
Line Deleted : user_pref("extensions.helperbar.SmartbarDisabled", false);
Line Deleted : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Line Deleted : user_pref("extensions.helperbar.Visibility", false);
Line Deleted : user_pref("smartbar.machineId", "SLCT7JJJBJJVM1DYAK9L78BMONW9WATTJDQFNDCENI45WWAWVZNVMGH4ITHL5LTU7YL8+DEEKDFOFXZRW5JJWW");
 
-\\ Google Chrome v34.0.1847.131
 
[ File : C:\Users\David Curtis\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Extension] : bakijjialdiiboeaknfpmflphhmljfkd
Deleted [Extension] : bopakagnckmlgajfccecajhnimjiiedh
Deleted [Extension] : hnofepcmbghfcimfbjicplikedjcnalm
 
*************************
 
AdwCleaner[R0].txt - [7599 octets] - [11/07/2014 08:56:12]
AdwCleaner[S0].txt - [7362 octets] - [11/07/2014 09:05:04]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7422 octets] ##########


#5 dcurtis19

dcurtis19
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:las vegas
  • Local time:10:55 AM

Posted 11 July 2014 - 11:18 AM

JRT logfile

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by David Curtis on Fri 07/11/2014 at  9:11:52.75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ FireFox
 
Emptied folder: C:\Users\David Curtis\AppData\Roaming\mozilla\firefox\profiles\nfqh6mov.default\minidumps [3 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 07/11/2014 at  9:16:47.73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#6 dcurtis19

dcurtis19
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:las vegas
  • Local time:10:55 AM

Posted 11 July 2014 - 01:32 PM

Thank you. The windows no longer popup. 

However, in the task manager the applications are still running, http://dnt.realasian21info/...

Are they still a threat?

 

dave



#7 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:55 AM

Posted 11 July 2014 - 06:07 PM

Are they still a threat? << They may be -

 

Please run a free online scan with the ESET Online Scanner

  • Temporarily Disable Your Anti-virus
  • Click on "Run ESET Online Scanner" button.
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset doesn't find any threats it will NOT produce any log






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users