Author Topic: Websites I think have pop ups (Read 5734 times)

sportsfan7702 · « **on:** August 20, 2015, 05:20:42 AM »

I have run scans with Malwarebytes, Adwcleaner but I still seem to have a few lingering pop ups on websites. I'm installingAvast Free as my AV and will run a boot time scan to see if this fixes the issue, and I seem to have a remnant from Evernote (from the previous Windows 8 install) that I upgraded to 10, that when I uninstall it, the installer cannot find. As an aside the ads are only on Microsoft Edge and Chrome is affected to on various sites.

The boot time scan found a whole ton of adware, Trojan and other things. I got rid of all the viruses in the chest, but the problem still exists. Matt

Asyn · « **Reply #1 on:** August 20, 2015, 06:51:05 AM »

Attach your basic diagnostic logs. (MBAM, FRST and aswMBR)
Instructions: https://forum.avast.com/index.php?topic=53253.0

sportsfan7702 · « **Reply #2 on:** August 20, 2015, 07:19:53 AM »

Thanks for your help

I will attach the files soon.

sportsfan7702 · « **Reply #3 on:** August 20, 2015, 07:22:32 AM »

The Malwarebytes one will be coming momentarily.

sportsfan7702 · « **Reply #4 on:** August 20, 2015, 07:48:01 AM »

Malwayebytes text

Asyn · « **Reply #5 on:** August 20, 2015, 07:49:58 AM »

OK, now you've to wait a bit...

essexboy · « **Reply #6 on:** August 20, 2015, 03:36:55 PM »

At the moment Edge has no adblocking capabilities at all so it is subject to whatever th esites put out

Have you run AdwCleaner ?

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

Quote

CreateRestorePoint:
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll No File
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll No File
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll No File
2015-08-19 12:40 - 2015-08-19 17:33 - 00000000 ____D C:\Users\MattyIce\AppData\Roaming\y2ziyzzxywtlbtv
2015-08-19 11:13 - 2015-08-19 21:57 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-08-19 11:13 - 2015-08-19 11:13 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2015-08-12 13:50 - 2014-04-16 17:08 - 0658000 _____ (WildTangent, Inc.) C:\ProgramData\uninstall3010528.exe
Task: {284D96A7-D8D7-4678-B6D7-80077CB5070F} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {3A36E291-1FEF-47EA-827C-93758583CEB7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {42C461B4-B2E2-400A-A3DC-601058AD0B30} - \DNSWABENO -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => 0x000A0100C5E4A00954333644B8F9AF405B81C5C84600D400000000003C000A00200000000014730F000000000513040020200401000000000000000000000000000000000000180043003A005C00570049004E0044004F00570053005C006500780070006C006F007200650072002E0065007800650000000C002F004E004F0055004100430043004800450043004B000000000018004500780070006C006F007200650072005300680065006C006C0055006E0065006C00650076006100740065006400000000000000080003130400000000000000
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => 0x000A01002BE3E9BD2E0EA245870D43B3A717522146002E03000000003C000A0020000000FEFFFFFF000000000013040000008021DF0708000300130015003900240072030000360043003A005C00500072006F006700720061006D002000460069006C00650073002000280078003800360029005C0047006F006F0067006C0065005C005500700064006100740065005C0047006F006F0067006C0065005500700064006100740065002E00650078006500000003002F0063000000000010004F00460046004900430045005C004D006100740074007900490063006500000020014B006500650070007300200079006F0075007200200047006F006F0067006C006500200073006F00660074007700610072006500200075007000200074006F00200064006100740065002E002000490066002000740068006900730020007400610073006B002000690073002000640069007300610062006C006500640020006F0072002000730074006F0070007000650064002C00200079006F0075007200200047006F006F0067006C006500200073006F006600740077006100720065002000770069006C006C0020006E006F00740020006200650020006B00650070007400200075007000200074006F00200064006100740065002C0020006D00650061006E0069006E0067002000730065006300750072006900740079002000760075006C006E00650072006100620069006C00690074006900650073002000740068006100740020006D00610079002000610072006900730065002000630061006E006E006F007400200062006500200066006900780065006400200061006E00640020006600650061007400750072006500730020006D006100790020006E006F007400200077006F0072006B002E002000540068006900730020007400610073006B00200075006E0069006E007300740061006C006C007300200069007400730065006C00660020007700680065006E0020007400680065007200650020006900730020006E006F00200047006F006F0067006C006500200073006F0066007400770061007200650020007500730069006E0067002000690074002E000000000008000000000000000000020030000000CF0701000100000000000000000000000000000000000000000000000700000001000000000000000000000030000100DF07080013000000000000000D00190000000000000000000000000001000000010000000000000000000000
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

sportsfan7702 · « **Reply #7 on:** August 20, 2015, 05:27:58 PM »

Not since last night, no. I do have chrome as a backup (I'll use that until Edge matures)..Quick question. Where can I put both the tool and the text copied from notepad so the fix is effective? The desktop doesn't seem to work well.

essexboy · « **Reply #8 on:** August 20, 2015, 05:41:26 PM »

As long as the fix and frst are in the same folder (not a temporary one) it should work OK

sportsfan7702 · « **Reply #9 on:** August 20, 2015, 05:59:00 PM »

Here is the fixlist.txt. Not sure why it was renamed to fixlog. (Maybe after I created the folder and applied the fix, it renamed)? I will be back in a bit (have to run across town to get a new ID)

essexboy · « **Reply #10 on:** August 20, 2015, 06:33:45 PM »

Yes that is automatic fixlist is deleted and fixlog created..

What problems are evident now

sportsfan7702 · « **Reply #11 on:** August 20, 2015, 11:09:35 PM »

Other then the fact I'm having an issue with Edge and startup is taking about 173 seconds, not many problems. (That I can see anyway) Are you noticing anything problematic?

sportsfan7702 · « **Reply #12 on:** August 21, 2015, 01:00:38 AM »

I take that back...lots of popups in browsers but only on edge...Chrome is not affected.

essexboy · « **Reply #13 on:** August 21, 2015, 02:02:17 PM »

Could you try IE and see if that is also affected

sportsfan7702 · « **Reply #14 on:** August 21, 2015, 04:17:12 PM »

I certainly can, but since IE was scrapped on Windows 10 in favor of Edge, I am not sure where to find it?

Author Topic: Websites I think have pop ups (Read 5734 times)

sportsfan7702

Websites I think have pop ups

Asyn

Re: Websites I think have pop ups

sportsfan7702

Re: Websites I think have pop ups

sportsfan7702

Re: Websites I think have pop ups

sportsfan7702

Re: Websites I think have pop ups

Asyn

Re: Websites I think have pop ups

essexboy

Re: Websites I think have pop ups

sportsfan7702

Re: Websites I think have pop ups

essexboy

Re: Websites I think have pop ups

sportsfan7702

Re: Websites I think have pop ups

essexboy

Re: Websites I think have pop ups

sportsfan7702

Re: Websites I think have pop ups

sportsfan7702

Re: Websites I think have pop ups

essexboy

Re: Websites I think have pop ups

sportsfan7702

Re: Websites I think have pop ups