Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


I have a set of popups that wont go away

  • Please log in to reply
8 replies to this topic

#1 glack


  • Members
  • 38 posts
  • Gender:Male
  • Location:Oregon
  • Local time:05:19 PM

Posted 19 September 2015 - 12:27 AM

I have 2 popups that wont go away. I have run anti malware bytes and it found a few things but the popups are still popping up every 30 seconds to 1 minute.


My daughter was using this netbook but has a new laptop now, so I was trying to clean this one up. She said it got really slow on here and had some issues and the popups.


I think it may be related to a program I cant remove called junk cleaner...it opens sometimes as a black box that wont close in the middle of the screen.






This is on an Acer Aspire One Netbook running Windows 7 Pro 32 bit

Intel Atom CPU N455@1.66GHZ  1GB Ram

Edited by glack, 19 September 2015 - 12:42 AM.

BC AdBot (Login to Remove)


#2 Bezukhov


    Bleepin' Jazz Fan!

  • Members
  • 2,749 posts
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:08:19 PM

Posted 19 September 2015 - 02:21 AM

We can try a couple of other tools.

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

To err is Human. To blame it on someone else is even more Human.

#3 glack

  • Topic Starter

  • Members
  • 38 posts
  • Gender:Male
  • Location:Oregon
  • Local time:05:19 PM

Posted 19 September 2015 - 10:15 AM

OK I ran Adaware and got  this log:


# AdwCleaner v5.008 - Logfile created 19/09/2015 at 08:07:13
# Updated 18/09/2015 by Xplode
# Database : 2015-09-17.3 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x86)
# Username : Lisa - ACER-NETBOOK
# Running from : C:\Users\Lisa\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
[-] Value Deleted : HKLM\SOFTWARE\Classes\.xht\OpenWithProgIDs [CRSBRWSHTML]
[-] Value Deleted : HKLM\SOFTWARE\Classes\.webp\OpenWithProgIDs [CRSBRWSHTML]
[-] Value Deleted : HKLM\SOFTWARE\Classes\.shtml\OpenWithProgIDs [CRSBRWSHTML]
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[+] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures [Crossbrowse.job]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures [Crossbrowse.job.fp]
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EDBF8C0-C94C-4A13-956F-E393BCA5BA4B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4C3E50F-5761-4BF8-95A0-939A819DF1C3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9AE7A6AE-162E-44C4-9A2B-A6B4EF19909D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{062EF3A8-C387-442D-A560-BAD73ED0457A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{0FC07467-90AA-445C-8BCB-7CC1DF5A898E}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1B0B0427-0529-49C8-B27E-1BC3404BF746}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9AE7A6AE-162E-44C4-9A2B-A6B4EF19909D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FA21F8FE-E381-4E1A-A5AA-B2A7DBE115AD}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Key Deleted : HKCU\Software\Conduit
[-] Key Deleted : HKCU\Software\GlobalUpdate
[-] Key Deleted : HKCU\Software\powerpack
[-] Key Deleted : HKCU\Software\SocialBit
[-] Key Deleted : HKCU\Software\wscontb
[-] Key Deleted : HKCU\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
[-] Key Deleted : HKCU\Software\DAILYPCCLEAN
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
[-] Key Deleted : HKCU\Software\AppDataLow\Software\SmartWeb
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\AppDataLow\SOFTWARE\_CrossriderRegNamePlaceHolder_
[-] Key Deleted : HKLM\SOFTWARE\Conduit
[-] Key Deleted : HKLM\SOFTWARE\GlobalUpdate
[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SU
[!] Key Not Deleted : HKU\S-1-5-21-4040093970-2033247779-678176931-1000\Software\AppDataLow\Software\Conduit
[!] Key Not Deleted : HKU\S-1-5-21-4040093970-2033247779-678176931-1000\Software\AppDataLow\Software\SmartWeb
[!] Key Not Deleted : HKU\S-1-5-21-4040093970-2033247779-678176931-1000\Software\AppDataLow\Software\Yahoo\Companion

***** [ Web browsers ] *****

[-] [C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.conduit.com
[-] [C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : trovi.search
[-] [C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : nemfjadlboooiffmcelkafilagddogim
[-] [C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=M50821DF8-63A8-402A-B5DD-04B719FD0511&SearchSource=55&CUI=&UM=8&UP=SP5D5C74D5-59BD-447B-A7A7-2B11B8AECF37&D=091715&SSPV=


:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [6755 bytes] ##########

Edited by glack, 19 September 2015 - 10:17 AM.

#4 glack

  • Topic Starter

  • Members
  • 38 posts
  • Gender:Male
  • Location:Oregon
  • Local time:05:19 PM

Posted 19 September 2015 - 10:30 AM

Here is the JRT Log File:


Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.2 (09.14.2015:1)
OS: Windows 7 Professional x86
Ran by Lisa on Sat 09/19/2015 at  8:19:39.67


~~~ Services


~~~ Tasks


~~~ Registry Values


~~~ Registry Keys

Successfully deleted: [Registry Key] (Default)    REG_SZ    Crossbrowse


~~~ Files


~~~ Folders


~~~ Chrome

[C:\Users\Lisa\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Lisa\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Lisa\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Lisa\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:



Scan was completed on Sat 09/19/2015 at  8:27:39.68
End of JRT log




Im still getting the popups with the netbook sitting idle...no pages open and not on a web browser. I also installed avast after the 2 tests and ran it thru 2 times and still have the popups.


Thanks for everything so far!

Edited by glack, 19 September 2015 - 11:47 PM.

#5 Bezukhov


    Bleepin' Jazz Fan!

  • Members
  • 2,749 posts
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:08:19 PM

Posted 20 September 2015 - 01:08 AM

After a little more research we'll do the following:

Clear your Cache and Cookies in Internet Explorer:Clear your Cache and Cookies in Google Chrome:
  • Open Google Chrome
  • Click the Chrome menu button in the top-right on the browser toolbar
  • Click Tools, then Clear browsing data...
  • A dialog box will appear, select the beginning of time from the drop down
  • Check Clear browsing history
  • Check Clear download history
  • Check Empty the cache
  • Check Delete cookies and other site plug-in data
  • Uncheck Clear saved passwords
  • Uncheck Clear saved Autofill form data
  • Uncheck Clear data from hosted apps
  • Uncheck Deauthorize content licenses
  • Click Clear browsing data
  • Close Google Chrome
  • more info: https://support.google.com/chrome/answer/95537?hl=en
  • Press the Windows Key + R on your keyboard to bring up the Run Prompt
    note: the program is also located at Start > All Programs > Accessories > System Tools > Disk Cleanup
  • A box will appear, type the following command: cleanmgr
  • Click Ok, the Disk Cleanup window will appear
  • If a Drive selection box appears, select your system drive (usually C:\)
  • On the Disk Cleanup tab select the following options
    note: these options should cover the majority of temporary files, but if you see something that you do not recognize or that you would like to clear as well please post it in your next reply and we can review it
  • Check Downloaded program files
  • Check Temporary Internet Files
  • Check Offline Webpages
  • Check Recycle Bin
  • Check Temporary Files
  • Click Ok, the selected options will be cleared
  • more info: http://windows.microsoft.com/en-US/windows-vista/delete-files-using-disk-cleanup
We need to restart your computer

Now that we cleared everything out, it is good practice to restart one more time before we continue with anything else.

ESET Online Scanner:

Note: You will need to disable your currently installed Anti-Virus, how to do so can be read here.
  • Please go here, download the ESET Smart Installer, and save it to your desktop.
  • Double-click on the esetimage.png you just downloaded.
  • Place a checkmark next to "YES, I accept the Terms of Use" and click the shieldstart.png button.
  • Click "Yes" to the UAC (User Account Control) warning, then ESET will download it's components, register itself, and start itself.
  • In the new window that opens, tic the radio button next to Enable detection of potentially unwanted applications.
  • Then click "Advanced settings", and make sure there is a checkmark next to only the following items (uncheck everything else):
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Now click on: start.png
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. ...The scan may appear to be finished sometimes...if there is a progress bar visible, it is still scanning!
  • When the scan completes, click List Found Threats (only if anything is found).
  • Then click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click back.png, then click finish.png to exit ESET Online Scanner.
Don't forget to re-enable your antivirus when finished!
To err is Human. To blame it on someone else is even more Human.

#6 glack

  • Topic Starter

  • Members
  • 38 posts
  • Gender:Male
  • Location:Oregon
  • Local time:05:19 PM

Posted 20 September 2015 - 11:46 AM

Thanks Bezukhov, unfortunatly the eset was unable to open/load When clicking the link I get a 504 Gatewat timout after 3-4 minutes of it trying to download.


I will try it again later

#7 glack

  • Topic Starter

  • Members
  • 38 posts
  • Gender:Male
  • Location:Oregon
  • Local time:05:19 PM

Posted 20 September 2015 - 02:28 PM

OK, got it to run and it took about 2 hours but it did find some stuff, here is the file


C:\Program Files\CCleaner\ccsetup311.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application deleted - quarantined
C:\Program Files\CCleaner\ccsetup312.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application deleted - quarantined
C:\Program Files\MiniBrowser\Uninstall_MiniBrowser.exe probably unknown NewHeur_PE virus deleted - quarantined
C:\Program Files\Pandaje Technical Services\Junk Cleaner\JunkCleaner.exe a variant of MSIL/Adware.Pandaje.A application cleaned by deleting - quarantined
C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Users\ccfbdpfeenhcgabjghmmeaifpdndlhla\background.js Win32/TrojanDownloader.Tracur.V trojan cleaned by deleting - quarantined
C:\Users\Lisa\AppData\Local\Temp\nscCE7A.tmp a variant of Win32/Adware.Imali.F application cleaned by deleting - quarantined
C:\Users\Lisa\AppData\Local\Temp\nse3F64.tmp a variant of Win32/Adware.ConvertAd.XD.gen application cleaned by deleting - quarantined
C:\Users\Lisa\AppData\Local\Temp\nsxB493.tmp a variant of Win32/Adware.Imali.F application cleaned by deleting - quarantined
C:\Users\Lisa\AppData\Local\Temp\nsz3708.tmp multiple threats cleaned by deleting - quarantined
C:\Users\Lisa\AppData\Local\Temp\UBpBC5C.exe a variant of MSIL/Adware.Imali.C application cleaned by deleting - quarantined
C:\Users\Lisa\AppData\Local\Temp\UBpE07F.exe a variant of MSIL/Adware.Imali.C application cleaned by deleting - quarantined
C:\Users\Lisa\AppData\Local\Temp\8931\chrome.packed.7z a variant of Win32/AlteredSoftware.I potentially unwanted application deleted - quarantined
C:\Users\Lisa\AppData\Local\Temp\is-101E7.tmp\package_secureprotect_installer_multilang.exe a variant of Win32/Adware.EoRezo.AY application cleaned by deleting - quarantined
C:\Users\Lisa\AppData\Local\Temp\is-4RPPB.tmp\Z2VudGxlbWptcF9pZWV1dQ==.exe multiple threats cleaned by deleting - quarantined
C:\Users\Lisa\AppData\Local\Temp\is-T5ULB.tmp\Steelcut_Installer.exe NSIS/TrojanDownloader.Adload.AM trojan cleaned by deleting - quarantined
C:\Users\Lisa\AppData\Local\Temp\WIZZTEMP\newversion.exe multiple threats cleaned by deleting - quarantined
C:\Users\Lisa\AppData\Roaming\bf281ok1T JS/Toolbar.Crossrider.I potentially unwanted application deleted - quarantined
C:\Users\Lisa\Avira\avira_antivir_personal_en.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
C:\Users\Lisa\CCleaner\ccsetup310.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application deleted - quarantined
C:\Users\Lisa\Downloads\ccsetup406.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\551QJ383\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application cleaned by deleting - quarantined



I deleted the quarantined files from eset - used the delete button in the program

#8 Bezukhov


    Bleepin' Jazz Fan!

  • Members
  • 2,749 posts
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:08:19 PM

Posted 21 September 2015 - 12:46 AM

I noticed this from the ESET scan:

C:\Program Files\Pandaje Technical Services\Junk Cleaner\JunkCleaner.exe a variant of MSIL/Adware.Pandaje.A application cleaned by deleting - quarantined

Is this problem resolved?
To err is Human. To blame it on someone else is even more Human.

#9 glack

  • Topic Starter

  • Members
  • 38 posts
  • Gender:Male
  • Location:Oregon
  • Local time:05:19 PM

Posted 21 September 2015 - 09:16 PM

It has stopped with the popups. all seems ok now


Thank You Very Much!!

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users