hxxp://13.ppcclickfeed.com/ popping up

[magna86]

Re-run OTL.exe.

• Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.
  
  

Code: [Select]


:OTL
FF - prefs.js..extensions.enabledAddons: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:2.0.7
FF - prefs.js..extensions.enabledAddons: {BE264805-FC7E-11E1-8270-B8AC6F996F26}:2.0.14
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\mine\Program Files (x86)\Mozilla Firefox\components [2012/09/06 23:44:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{BE264805-FC7E-11E1-8270-B8AC6F996F26}: C:\Users\User\AppData\Local\{BE264805-FC7E-11E1-8270-B8AC6F996F26}\ [2012/09/11 22:08:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\mine\Program Files (x86)\Mozilla Firefox\components [2012/09/06 23:44:55 | 000,000,000 | ---D | M]




• Then click the Run Fix button at the top.
  
• Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.

****************


Re-run OTL , click on QuickScan and attach here fresh OTL.txt logreport

[lucasbuck]

Here you go. I noticed it was focusing on Firefox. It's happening in IE too, but didn't know if that made a difference. Just throwing that out there.

[magna86]

> Go to C:\Qoobox folder and attach here ComboFix-quarantined-files.txt

Code: [Select]

C:\Qoobox\ ComboFix-quarantined-files.txt

***************


Re-run OTL.exe.

• Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.
  
  

Code: [Select]


:OTL
File not found (No name found) -- C:\USERS\USER\APPDATA\LOCAL\{BE264805-FC7E-11E1-8270-B8AC6F996F26}

:files
C:\USERS\USER\APPDATA\LOCAL\{BE264805-FC7E-11E1-8270-B8AC6F996F26}
dir /s /a "C:\symbols" /c



• Then click the Run Fix button at the top.
  
• Let the program run unhindered;

When it is done it will open notepad with logreport. Copy-paste or attach here that logreport.[/list]

Note: If logreport do not show , then go to C:\ _OTL \ MovedFiles and attach logreports with the latest date.
Example: 15092012_Time

**************


Do you still have pop ups?

[lucasbuck]

Here you go. No popups. Out of curiosity, ever seen this before? I thought it was weird I couldn't find any info about that popping up on a search. Any idea what it comes from (download, visiting site, etc.)?

[magna86]

Out of curiosity, ever seen this before? I thought it was weird I couldn't find any info about that popping up on a search.

There are many similar symptoms but for me it is only needed to find the source of the problem.
Your source is something new but not surprising (There is a lot of malware using the same method) but it can not hide from me. 

Any idea what it comes from (download, visiting site, etc.)?

I would not know.


------------------

No popups.

Nice.

It is necessary to uninstall ComboFix :

• Click Start (or ) then Run.
  
  
  On Windows7 or Vista you may use Start Search field if Run is not available.
  
  
• In the line of text type in (Copy) the following:

Code: [Select]

ComboFix /Uninstall

Note that there is a space between " ComboFix " and " /Uninstall " .

• then click OK (or press Enter ).

Wait for the uninstall process is complete.


-------------------

You can delete the used tools.
Keep OTL for now, keep monitor your system, and let me know tomorrow how is it running now.

[lucasbuck]

Thanks for much for your time, I'll check in tomorrow. It's great you folks take the time to help folks out.
I did notice that when I open another tab on Firefox (normally it's set for a blank page), I get:
The address isn't valid
           The URL is not valid and cannot be loaded.

Is this a side effect? Maybe reinstall firefox?

[magna86]

Just settup some homepage. Do the same with the other browser if necessary. That should be enough...

[lucasbuck]

Seems to still be working fine. Thanks again for all your help!

[magna86]

Ok.

> Re-run OTL and click on CleanUp! button.

You will be asked to reboot the machine to finish the cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTL. Feel free to manually delete any tools it leaves behind.

[lucasbuck]

Just wanted to update, it seems fine now. Thanks again for your patience!