Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ad Choices malware + something else


  • This topic is locked This topic is locked
12 replies to this topic

#1 chrisywilly

chrisywilly

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 21 February 2015 - 12:54 PM

Hello all !

I seem to have two bits of Malware - AdChoices and every so often another thing which has pops out a small box from the right hand side of the screen and says "based on what you're reading" + advert.

 

I've run AdwCleaner v4.111- and it found nothing. (log below)

I've run MalwareBytes free - with similar lack of success.

I did all this before I reinstalled Windows, which was great fun, and I'm doing them again with the same results.

 

I run Windows 7 pro x64, on an i5 machine which is probably about 4-5 years old now. (I was running Windows home prem x64)

I use MS Security Essentials as my main AV. Definitions are up to date.

I use Steam to play Civ V, and I run World of Tanks.

I use Firefox 35.0.1 which is the most up to date version.

 

 



BC AdBot (Login to Remove)

 


#2 chrisywilly

chrisywilly
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 21 February 2015 - 01:04 PM

log from AdwCleaner

----------

 

# AdwCleaner v4.110 - Logfile created 13/02/2015 at 23:12:47
# Updated 05/02/2015 by Xplode
# Database : 2015-02-13.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Downloads\adwcleaner_4.110.exe
# Option : Scan

***** [ Services ] *****

Service Found : WindowsMangerProtect

***** [ Files / Folders ] *****

Folder Found : C:\ProgramData\f8cf818fcb5600d6
Folder Found : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gfhmhodogannbobebbbfhpdkcffkiokl
Folder Found : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfcpgdpgfbajffjdlncnmaccbnninelf
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gfhmhodogannbobebbbfhpdkcffkiokl
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfcpgdpgfbajffjdlncnmaccbnninelf
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfhmhodogannbobebbbfhpdkcffkiokl
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfcpgdpgfbajffjdlncnmaccbnninelf
Folder Found : C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gfhmhodogannbobebbbfhpdkcffkiokl
Folder Found : C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfcpgdpgfbajffjdlncnmaccbnninelf
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gfhmhodogannbobebbbfhpdkcffkiokl
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfcpgdpgfbajffjdlncnmaccbnninelf
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfhmhodogannbobebbbfhpdkcffkiokl
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfcpgdpgfbajffjdlncnmaccbnninelf
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gfhmhodogannbobebbbfhpdkcffkiokl
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfcpgdpgfbajffjdlncnmaccbnninelf
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gfhmhodogannbobebbbfhpdkcffkiokl
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfcpgdpgfbajffjdlncnmaccbnninelf
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfhmhodogannbobebbbfhpdkcffkiokl
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfcpgdpgfbajffjdlncnmaccbnninelf
Folder Found : C:\Users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gfhmhodogannbobebbbfhpdkcffkiokl
Folder Found : C:\Users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfcpgdpgfbajffjdlncnmaccbnninelf
Folder Found : C:\Users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gfhmhodogannbobebbbfhpdkcffkiokl
Folder Found : C:\Users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfcpgdpgfbajffjdlncnmaccbnninelf
Folder Found : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfhmhodogannbobebbbfhpdkcffkiokl
Folder Found : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfcpgdpgfbajffjdlncnmaccbnninelf

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\raw-therapee.en.softonic.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\v9.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.v9.com
Key Found : HKCU\Software\Store
Key Found : [x64] HKCU\Software\Store
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\B696D3C37BD0D6C33A65D38BEC459181
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\B696D3C37BD0D6C33A65D38BEC459181
Key Found : HKLM\SOFTWARE\istart123Software
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B696D3C37BD0D6C33A65D38BEC459181
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [WindApp]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BlockAndSurf]

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17631


-\\ Mozilla Firefox v35.0.1 (x86 en-US)


-\\ Google Chrome v


-\\ Comodo Dragon v


-\\ Opera v27.0.1689.69


-\\ Chrome Canary v

*************************

AdwCleaner[R0].txt - [8395 bytes] - [28/07/2014 18:39:23]
AdwCleaner[R1].txt - [5244 bytes] - [13/02/2015 23:12:47]
AdwCleaner[S0].txt - [6830 bytes] - [28/07/2014 18:40:00]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [5362 bytes] ##########
# AdwCleaner v4.111 - Logfile created 21/02/2015 at 17:51:51
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : admin - DESKTOP1
# Running from : C:\Users\admin\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.7601.17514


-\\ Mozilla Firefox v35.0.1 (x86 en-US)

*************************

AdwCleaner[R0].txt - [9620 bytes] - [28/07/2014 18:39:23]
AdwCleaner[R1].txt - [6128 bytes] - [13/02/2015 23:12:47]
AdwCleaner[R2].txt - [5272 bytes] - [13/02/2015 23:25:56]
AdwCleaner[R3].txt - [5331 bytes] - [13/02/2015 23:35:45]
AdwCleaner[R4].txt - [1218 bytes] - [14/02/2015 00:00:03]
AdwCleaner[R5].txt - [1278 bytes] - [14/02/2015 01:18:56]
AdwCleaner[S0].txt - [6830 bytes] - [28/07/2014 18:40:00]
AdwCleaner[S1].txt - [5432 bytes] - [13/02/2015 23:41:29]
AdwCleaner[S2].txt - [1344 bytes] - [14/02/2015 01:20:39]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [6600 bytes] ##########



#3 chrisywilly

chrisywilly
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 21 February 2015 - 01:50 PM

MalwareBytes log from scan just now

------------

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 21/02/2015
Scan Time: 18:28:40
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.21.06
Rootkit Database: v2015.02.20.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: admin

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 361045
Time Elapsed: 18 min, 7 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:42 AM

Posted 24 February 2015 - 05:52 PM

Hello , did you run the Clean option in ADWcleaner?

What is your browser?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 chrisywilly

chrisywilly
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 10 March 2015 - 01:13 PM

Browsers affected are Firefox 36.0.1 and Internet Explorer 11.0.96xxx

I gave Firefox 35 in my first post, but actually it's been updated since then.

 

Yes I've ran AdWCleaner. I've just done it again, and I'll post the logfile next post.

 

Still got Adchoices and some horrid pop ups.


Most recent ADWCleaner logfile -

 

# AdwCleaner v3.301 - Report created 28/07/2014 at 19:40:00
# Updated 28/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Desktop\adwcleaner_3.301.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : be0fb33b
Service Deleted : IePluginServices

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\IePluginServices
Folder Deleted : C:\ProgramData\WindowsMangerProtect
Folder Deleted : C:\ProgramData\SaveClicker
Folder Deleted : C:\Program Files (x86)\GetPrivate
Folder Deleted : C:\Program Files (x86)\supporter
Folder Deleted : C:\Program Files (x86)\SupTab
Folder Deleted : C:\Program Files (x86)\SaveClicker
Folder Deleted : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\torch
Folder Deleted : C:\Users\Owner\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Owner\AppData\Local\torch
Folder Deleted : C:\Users\Owner\AppData\Local\Temp\Norpalla
Folder Deleted : C:\Users\Owner\AppData\Roaming\GetPrivate
Folder Deleted : C:\Users\Owner\AppData\Roaming\Nosibay
Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\UpdatusUser\AppData\Local\torch

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Users\Owner\Desktop\Internet Explorer.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [faststartff@gmail.com]
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command
Key Deleted : HKCU\Software\Nosibay
Key Deleted : HKCU\Software\SupHpUISoft
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\Software\SupDp
Key Deleted : HKLM\Software\SupTab
Key Deleted : HKLM\Software\supWindowsMangerProtect
Key Deleted : HKLM\Software\supWPM
Key Deleted : HKLM\Software\V9Software
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SUPPOR~1\SUPPOR~2.DLL

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\z3v46j6w.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultenginename", "istart123");
Line Deleted : user_pref("browser.search.selectedEngine", "istart123");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://www.istart123.com/?type=hp&ts=1406546820&from=irs&uid=WDCXWD10EADS-22M2B0_WD-WCAV5860569405694");
Line Deleted : user_pref("extensions.JECbgBgX4ik.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumo[...]
Line Deleted : user_pref("extensions.OqGn0eayKYV.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumo[...]

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [8395 octets] - [28/07/2014 19:39:23]
AdwCleaner[S0].txt - [6662 octets] - [28/07/2014 19:40:00]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6722 octets] ##########
# AdwCleaner v4.112 - Logfile created 10/03/2015 at 18:01:06
# Updated 09/03/2015 by Xplode
# Database : 2015-03-05.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : admin - DESKTOP1
# Running from : C:\Users\admin\Downloads\AdwCleaner(1).exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17631


-\\ Mozilla Firefox v36.0.1 (x86 en-US)


*************************

AdwCleaner[R0].txt - [9620 bytes] - [28/07/2014 18:39:23]
AdwCleaner[R1].txt - [6679 bytes] - [13/02/2015 23:12:47]
AdwCleaner[R2].txt - [6502 bytes] - [13/02/2015 23:25:56]
AdwCleaner[R3].txt - [5331 bytes] - [13/02/2015 23:35:45]
AdwCleaner[R4].txt - [1218 bytes] - [14/02/2015 00:00:03]
AdwCleaner[R5].txt - [1278 bytes] - [14/02/2015 01:18:56]
AdwCleaner[S0].txt - [7810 bytes] - [28/07/2014 18:40:00]
AdwCleaner[S1].txt - [5432 bytes] - [13/02/2015 23:41:29]
AdwCleaner[S2].txt - [1344 bytes] - [14/02/2015 01:20:39]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7987  bytes] ##########
 



#6 chrisywilly

chrisywilly
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 10 March 2015 - 01:20 PM

For fun here is a picture of it -

 

Oh seems I don't have permission to post images.

Wasn't that exciting anyway if I'm honest...



#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:42 AM

Posted 10 March 2015 - 02:07 PM

Ccheck for and disable or remove any unwanted add-ons from your browser:There are also more suggestion in these articles:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 chrisywilly

chrisywilly
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 11 March 2015 - 07:50 PM

Thanks Boopme.

I had done all that stuff before, but just to check I've been through those links and done what they suggest - no suspect add ons found

 

I don't seem to have a toolbar problem, i.e. I don't have any odd toolbars, they look like they should do.

I don't get directed to an oddball search engine, nor a start up page.



#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:42 AM

Posted 12 March 2015 - 03:52 PM

If it is still persistent then we need a deeper look.

Please follow this Preparation Guide and post in a new topic.
Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 chrisywilly

chrisywilly
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 14 March 2015 - 11:43 AM

If I could post a screen grab I could show you what I am getting... is that possible ?



#11 chrisywilly

chrisywilly
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 14 March 2015 - 11:49 AM

OK a link to a screengrab on imgur

http://i.imgur.com/kt4RRqm.jpg

 

Adchoices... scumbags.

It clearly knows what I've been searching for and looking at.

Hilariously it constantly advertises malware removal software to me.... or is it taunting me ?



#12 chrisywilly

chrisywilly
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 14 March 2015 - 12:14 PM

I've followed the praparation guide and attempted to post anew topic - but I keep getting an error message that the webpage is offline

 

"Website is offline

Error 524 Ray ID: 1c71944490c90cbf A timeout occurred"

Hey ho...



#13 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,848 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:42 AM

Posted 14 March 2015 - 01:59 PM

Hello chrisywilly,

 

I've discovered in the past that when receiving a Time Out error when posting, that it's a good idea to look and see if the post or topic posted after all.  Sometimes it hasn't, but often it has.  In your case, you successfully posted 3 topics.  I have deleted two of them and kept this one: http://www.bleepingcomputer.com/forums/t/570093/adchoices-malware/

Now that you have posted a log, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possibleI advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic.  Good luck with your log.

Orange Blossom :cherry:


Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users