Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

promotional popups at any site that i visit

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: promotional popups at any site that i visit

Unread postby blondlily57 » October 4th, 2013, 5:57 pm

ok i found where i can click on run as administrater. there is NO SEARCH there is a SCAN??
blondlily57
Regular Member
 
Posts: 37
Joined: September 30th, 2013, 5:16 pm
Advertisement
Register to Remove

Re: promotional popups at any site that i visit

Unread postby Wingman » October 4th, 2013, 6:08 pm

Yes, press the SCAN button.
I will update my instructions. Thanks.
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14117
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: promotional popups at any site that i visit

Unread postby blondlily57 » October 4th, 2013, 6:21 pm

a logfile did not automatically open. so do i click on 'report'?
blondlily57
Regular Member
 
Posts: 37
Joined: September 30th, 2013, 5:16 pm

Re: promotional popups at any site that i visit

Unread postby Wingman » October 4th, 2013, 6:27 pm

I do apologize... I posted an older vrsion of the instructions...

    When the scan finishes, you'll see a message on the product window: "Pending. Please uncheck elements you don't want to remove."
  1. Press the Report button to produce the scan report.
  2. A logfile C:\AdwCleaner[Rn].txt will automatically open. ([Rn] n = number of run)
  3. Please post the content of the C:\AdwCleaner[Rn].txt logfile in your next reply.
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14117
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: promotional popups at any site that i visit

Unread postby blondlily57 » October 4th, 2013, 6:38 pm

# AdwCleaner v3.006 - Report created 04/10/2013 at 15:20:32
# Updated 01/10/2013 by Xplode
# Operating System : Windows 8 (64 bits)
# Username : suzanne - SUZLENOVO
# Running from : C:\Users\suzanne\Downloads\adwcleaner(1).exe
# Option : Scan

***** [ Services ] *****

Service Found : DefaultTabUpdate
Service Found : Update SaltarSmart

***** [ Files / Folders ] *****

File Found : C:\END
Folder Found : C:\Users\suzanne\AppData\Roaming\Mozilla\Firefox\Profiles\dptemawm.default\Extensions\{37a7edb7-afda-4373-9865-02bf8160e677}
Folder Found C:\Program Files (x86)\Conduit
Folder Found C:\Program Files (x86)\SaltarSmart
Folder Found C:\ProgramData\Conduit
Folder Found C:\Users\suzanne\AppData\Local\Temp\CT3303000
Folder Found C:\Users\suzanne\AppData\Roaming\DefaultTab
Folder Found C:\Users\suzanne\AppData\Roaming\Mozilla\Firefox\Profiles\dptemawm.default\CT3303000

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D99A4EC9-00BD-4FE4-85A5-4DB018351265}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D99A4EC9-00BD-4FE4-85A5-4DB018351265}
Key Found : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D99A4EC9-00BD-4FE4-85A5-4DB018351265}
Key Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser
Key Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1
Key Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
Key Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3303000
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Default Tab
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D99A4EC9-00BD-4FE4-85A5-4DB018351265}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Found : HKLM\Software\SaltarSmart
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaltarSmart

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16688


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\suzanne\AppData\Roaming\Mozilla\Firefox\Profiles\dptemawm.default\prefs.js ]

Line Found : user_pref("CT3303000.FF19Solved", "true");
Line Found : user_pref("CT3303000.UserID", "UN37268103051034319");
Line Found : user_pref("CT3303000.browser.search.defaultthis.engineName", "true");
Line Found : user_pref("CT3303000.fullUserID", "UN37268103051034319.IN.20130922225842");
Line Found : user_pref("CT3303000.installDate", "22/09/2013 22:58:50");
Line Found : user_pref("CT3303000.installSessionId", "{7A932F0B-3D05-4176-919B-D984C12B0B40}");
Line Found : user_pref("CT3303000.installSp", "TRUE");
Line Found : user_pref("CT3303000.installerVersion", "1.7.100.2");
Line Found : user_pref("CT3303000.keyword", "true");
Line Found : user_pref("CT3303000.originalHomepage", "about:home");
Line Found : user_pref("CT3303000.originalSearchAddressUrl", "");
Line Found : user_pref("CT3303000.originalSearchEngine", "");
Line Found : user_pref("CT3303000.originalSearchEngineName", "");
Line Found : user_pref("CT3303000.searchRevert", "false");
Line Found : user_pref("CT3303000.searchUserMode", "2");
Line Found : user_pref("CT3303000.versionFromInstaller", "10.20.0.20");
Line Found : user_pref("CT3303000.xpeMode", "0");

*************************

AdwCleaner[R0].txt - [4056 octets] - [04/10/2013 15:20:32]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4116 octets] ##########
blondlily57
Regular Member
 
Posts: 37
Joined: September 30th, 2013, 5:16 pm

Re: promotional popups at any site that i visit

Unread postby blondlily57 » October 4th, 2013, 6:53 pm

ok i am at STEP 4.5 and the scan is in process. I have to head out for a few hours. I will post the results when i return and i will continue on with the next steps. thanks
blondlily57
Regular Member
 
Posts: 37
Joined: September 30th, 2013, 5:16 pm

Re: promotional popups at any site that i visit

Unread postby blondlily57 » October 4th, 2013, 10:34 pm

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
http://www.malwarebytes.org

Database version: v2013.10.04.11

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16688
suzanne :: SUZLENOVO [administrator]

Protection: Enabled

10/4/2013 3:51:08 PM
mbam-log-2013-10-04 (15-51-08).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 224134
Time elapsed: 3 minute(s), 42 second(s)

Memory Processes Detected: 3
C:\Users\suzanne\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe (PUP.Optional.DefaultTab.A) -> 1612 -> Delete on reboot.
C:\Program Files (x86)\SaltarSmart\updateSaltarSmart.exe (PUP.Optional.SaltarSmart.A) -> 1640 -> Delete on reboot.
C:\Program Files (x86)\SaltarSmart\bin\utilSaltarSmart.exe (PUP.Optional.SaltarSmart.A) -> 2124 -> Delete on reboot.

Memory Modules Detected: 1
C:\Program Files (x86)\SaltarSmart\bin\sqlite3.dll (PUP.Optional.SaltarSmart.A) -> Delete on reboot.

Registry Keys Detected: 30
HKLM\SYSTEM\CurrentControlSet\Services\DefaultTabUpdate (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{d99a4ec9-00bd-4fe4-85a5-4db018351265} (PUP.Optional.SaltarSmart.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{4f0c4513-1dcb-4975-b4f0-f98c18e17265} (PUP.Optional.SaltarSmart.A) -> Quarantined and deleted successfully.
HKCR\Interface\{5B725BC8-C263-4783-BE79-D3A812FBB42B} (PUP.Optional.SaltarSmart.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D99A4EC9-00BD-4FE4-85A5-4DB018351265} (PUP.Optional.SaltarSmart.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{D99A4EC9-00BD-4FE4-85A5-4DB018351265} (PUP.Optional.SaltarSmart.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D99A4EC9-00BD-4FE4-85A5-4DB018351265} (PUP.Optional.SaltarSmart.A) -> Quarantined and deleted successfully.
HKCR\AppID\{38495740-0035-4471-851E-F5BBB86AB085} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCR\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCR\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCR\DefaultTabBHO.DefaultTabBrowser.1 (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCR\DefaultTabBHO.DefaultTabBrowser (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCR\CLSID\{A1E28287-1A31-4b0f-8D05-AA8C465D3C5A} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\DefaultTabBHO.DefaultTabBrowserActiveX.1 (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\DefaultTabBHO.DefaultTabBrowserActiveX (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2D33ED6-EBBD-467C-BF6F-F175D9B51363} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAD84EE2-624D-4e7c-A8BB-41EFD720FD77} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\Update SaltarSmart (PUP.Optional.SaltarSmart.A) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\Util SaltarSmart (PUP.Optional.SaltarSmart.A) -> Quarantined and deleted successfully.
HKCR\AppID\DefaultTabBHO.DLL (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\SaltarSmart (PUP.Optional.SaltarSmart.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\DEFAULT TAB (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKLM\SOFTWARE\Default Tab|Version (PUP.Optional.DefaultTab.A) -> Data: 2.2.23.0 -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 16
C:\Program Files (x86)\SaltarSmart (PUP.Optional.SaltarSmart.A) -> Delete on reboot.
C:\Program Files (x86)\SaltarSmart\bin (PUP.Optional.SaltarSmart.A) -> Delete on reboot.
C:\Program Files (x86)\SaltarSmart\bin\plugins (PUP.Optional.SaltarSmart.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SaltarSmart\update (PUP.Optional.SaltarSmart.A) -> Quarantined and deleted successfully.
C:\Users\suzanne\AppData\Local\Temp\installdt.tmp (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\suzanne\AppData\Local\Temp\installdt.tmp\XPI (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\suzanne\AppData\Local\Temp\installdt.tmp\XPI\defaulttab (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\suzanne\AppData\Local\Temp\installdt.tmp\XPI\defaulttab\components (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\suzanne\AppData\Local\Temp\installdt.tmp\XPI\defaulttab\locale (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\suzanne\AppData\Local\Temp\installdt.tmp\XPI\defaulttab\locale\en-US (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\suzanne\AppData\Roaming\DefaultTab\DefaultTab (PUP.Optional.DefaultTab.A) -> Delete on reboot.
C:\Users\suzanne\AppData\Local\Temp\ct3303000 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\suzanne\AppData\Local\Temp\ct3303000\xpi (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\suzanne\AppData\Local\Temp\ct3303000\xpi\defaults (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\suzanne\AppData\Local\Temp\ct3303000\xpi\defaults\preferences (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\ProgramData\Conduit\IE (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

Files Detected: 47
C:\Users\suzanne\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe (PUP.Optional.DefaultTab.A) -> Delete on reboot.
C:\Program Files (x86)\SaltarSmart\SaltarSmartBHO.dll (PUP.Optional.SaltarSmart.A) -> Quarantined and deleted successfully.
C:\Users\suzanne\AppData\Local\Temp\yU0l0OlD.exe.part (PUP.Optional.Domalq) -> Quarantined and deleted successfully.
C:\Users\suzanne\AppData\Local\Temp\ct3303000\ctbe.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\suzanne\AppData\Local\Temp\ct3303000\ffLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\suzanne\AppData\Local\Temp\ct3303000\ieLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\suzanne\AppData\Local\Temp\ct3303000\spff.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\suzanne\AppData\Local\Temp\ct3303000\statisticsStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\suzanne\AppData\Local\Temp\ct3303000\stub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\suzanne\AppData\Local\Temp\google-earth.exe\bf32cc0565bf4aa9aff97aa8095b594d\google-earth.exe (PUP.Optional.BundleInstaller.A) -> Quarantined and deleted successfully.
C:\Users\suzanne\AppData\Local\Temp\google-earth.exe\bf32cc0565bf4aa9aff97aa8095b594d\installer.exe (PUP.Optional.Domalq) -> Quarantined and deleted successfully.
C:\Users\suzanne\AppData\Local\Temp\google-earth.exe\bf32cc0565bf4aa9aff97aa8095b594d\setup__120.exe (PUP.Optional.Amonetize) -> Quarantined and deleted successfully.
C:\Users\suzanne\AppData\Local\Temp\google-earth.exe\bf32cc0565bf4aa9aff97aa8095b594d\software\DefaultTabSetup.exe (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\suzanne\AppData\Local\Temp\google-earth.exe\bf32cc0565bf4aa9aff97aa8095b594d\software\SaltarSmart.exe (PUP.Optional.SaltarSmart.A) -> Quarantined and deleted successfully.
C:\Users\suzanne\AppData\Local\Temp\google-earth.exe\bf32cc0565bf4aa9aff97aa8095b594d\software\swa1_23.exe (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\suzanne\Downloads\FlashPlayer_V.119329333b.exe (PUP.FakeFlash.Domaiq) -> Quarantined and deleted successfully.
C:\Users\suzanne\Downloads\FlashPlayer_V.119333161b.exe (PUP.FakeFlash.Domaiq) -> Quarantined and deleted successfully.
C:\Users\suzanne\Downloads\FlashPlayer_V.119333385b.exe (PUP.FakeFlash.Domaiq) -> Quarantined and deleted successfully.
C:\Users\suzanne\Downloads\FlashPlayer_V.119333541b.exe (PUP.FakeFlash.Domaiq) -> Quarantined and deleted successfully.
C:\Users\suzanne\Downloads\google-earth.exe (PUP.Optional.Domalq) -> Quarantined and deleted successfully.
C:\Users\suzanne\Downloads\pcspeedup_fd47e95158eb4ce787a13f186a300428_.exe (PUP.Optional.PCSpeedUp.A) -> Quarantined and deleted successfully.
C:\Users\suzanne\Downloads\Setup(2).exe (PUP.Optional.iBryte) -> Quarantined and deleted successfully.
C:\Users\suzanne\Local Settings\Temporary Internet Files\Content.IE5\2J5NN6R1\statisticsstub[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\suzanne\Local Settings\Temporary Internet Files\Content.IE5\8ZLFJ88V\Setup[1].exe (PUP.Optional.SaltarSmart.A) -> Quarantined and deleted successfully.
C:\Users\suzanne\Local Settings\Temporary Internet Files\Content.IE5\8ZLFJ88V\stublogic[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\suzanne\Local Settings\Temporary Internet Files\Content.IE5\WECHXGO6\checktbexist[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\suzanne\Local Settings\Temporary Internet Files\Content.IE5\WECHXGO6\Vafmusic7[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SaltarSmart\updateSaltarSmart.InstallState (PUP.Optional.SaltarSmart.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SaltarSmart\Microsoft.Win32.TaskScheduler.dll (PUP.Optional.SaltarSmart.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SaltarSmart\SaltarSmart.Common.dll (PUP.Optional.SaltarSmart.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SaltarSmart\SaltarSmart.ico (PUP.Optional.SaltarSmart.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SaltarSmart\SaltarSmartUninstall.exe (PUP.Optional.SaltarSmart.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SaltarSmart\updateSaltarSmart.exe (PUP.Optional.SaltarSmart.A) -> Delete on reboot.
C:\Program Files (x86)\SaltarSmart\bin\sqlite3.dll (PUP.Optional.SaltarSmart.A) -> Delete on reboot.
C:\Program Files (x86)\SaltarSmart\bin\utilSaltarSmart.exe (PUP.Optional.SaltarSmart.A) -> Delete on reboot.
C:\Program Files (x86)\SaltarSmart\bin\utilSaltarSmart.InstallState (PUP.Optional.SaltarSmart.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SaltarSmart\bin\plugins\SaltarSmart.FFUpdate.dll (PUP.Optional.SaltarSmart.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SaltarSmart\update\ucflne3q.s5l.exe (PUP.Optional.SaltarSmart.A) -> Quarantined and deleted successfully.
C:\Users\suzanne\AppData\Local\Temp\installdt.tmp\DefaultTab.xpi (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\suzanne\AppData\Local\Temp\installdt.tmp\XPI\defaulttab\locale\en-US\defaulttab.properties (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\suzanne\AppData\Local\Temp\ct3303000\chromeid.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\suzanne\AppData\Local\Temp\ct3303000\conduit.xml (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\suzanne\AppData\Local\Temp\ct3303000\CT3303000.xpi (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\suzanne\AppData\Local\Temp\ct3303000\setup.ini.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\suzanne\AppData\Local\Temp\ct3303000\version.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\suzanne\AppData\Local\Temp\ct3303000\xpi\install.rdf (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\suzanne\AppData\Local\Temp\ct3303000\xpi\defaults\preferences\defaults.js (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

(end)
blondlily57
Regular Member
 
Posts: 37
Joined: September 30th, 2013, 5:16 pm

Re: promotional popups at any site that i visit

Unread postby blondlily57 » October 4th, 2013, 10:44 pm

still having popups.
blondlily57
Regular Member
 
Posts: 37
Joined: September 30th, 2013, 5:16 pm

Re: promotional popups at any site that i visit

Unread postby Wingman » October 5th, 2013, 8:47 am

Hello blondlily57,

Thanks for the logs... please make sure you have rebooted your computer normally, after the Malwarebytes Antimalware (MBAM) execution...

Please run the following steps... we're going to run AdwCleaner again...but this time after the scan, we're going to clean what it found.


Step 1.
Create a System Restore Point - W8
  1. Click the Start button Image, then right-click on Computer, then click Properties.
  2. In the left pane, click System protection. If UAC prompts, allow it.
  3. Click the System Protection tab... then click Create.
  4. In the System Protection dialog box, type a description... then click Create.
    A Restore Point will be created and you should receive a message: "The restore point was created successfully."
  5. Click Close and exit.
< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!


Step 2
Registry Backup (TCRB)
You should have this installed... if so, please ignore the download and install instructions.
Please download tweaking.com_registry_backup_setup.exe ... download and save it to your desktop.
Double click on the "...setup.exe" program and install the program. Let the install use the default installation. How to tutorial here.
Once the program is installed...
  1. Double click the Tweaking.com Registry Backup icon ... on your Desktop to open the program.
  2. It should open with the Backup Registry tab selected and all file options checked. Check any that are not already checked.
  3. Click on Backup Now to create a backup of your Registry.
    You'll see "Waiting for Volume Shadow Copy snapshot..." this may take a few moments, just be patient.
  4. When completed you should see a message saying something like ... Successful ??/?? Registry Files Backed Up ... ?? is total number of files, both numbers should match.
  5. Close and exit the program.
If you successfully created a TCRB backup of the registry, please continue...


Step 3.
AdwCleaner - Scan/Clean
You should still have AdwCleaner on your desktop.
  1. Close ALL open programs, including your Internet browsers.
  2. Right click on adwcleaner.exe and select "Run as administrator" to run it.
  3. Click on Scan. When the scan finishes...the Clean button will become active.
  4. Click on Clean.
  5. Select OK at each prompt... to reboot the computer.
  6. A logfile C:\AdwCleaner[Sn].txt will open after you log back on the computer. ([Sn] n = number of run)
  7. Please post the content of the C:\AdwCleaner[Sn].txt logfile in your next reply.


Step 4.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. System Restore point and TCRB backup created successfully?
  3. AdwCleaner (new) scan results.
  4. How is the computer behaving?

Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14117
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: promotional popups at any site that i visit

Unread postby blondlily57 » October 5th, 2013, 3:26 pm

step 1 restore point created successfully..
blondlily57
Regular Member
 
Posts: 37
Joined: September 30th, 2013, 5:16 pm

Re: promotional popups at any site that i visit

Unread postby blondlily57 » October 5th, 2013, 3:39 pm

step 2 successful 13/13 registry filesbacked up
blondlily57
Regular Member
 
Posts: 37
Joined: September 30th, 2013, 5:16 pm

Re: promotional popups at any site that i visit

Unread postby blondlily57 » October 5th, 2013, 3:59 pm

# AdwCleaner v3.006 - Report created 05/10/2013 at 12:55:13
# Updated 01/10/2013 by Xplode
# Operating System : Windows 8 (64 bits)
# Username : suzanne - SUZLENOVO
# Running from : C:\Users\suzanne\Downloads\adwcleaner(1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Users\suzanne\AppData\Roaming\DefaultTab
Folder Deleted : C:\Users\suzanne\AppData\Roaming\Mozilla\Firefox\Profiles\dptemawm.default\CT3303000
Folder Deleted : C:\Users\suzanne\AppData\Roaming\Mozilla\Firefox\Profiles\dptemawm.default\Extensions\{37a7edb7-afda-4373-9865-02bf8160e677}
File Deleted : C:\END

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3303000
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaltarSmart

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16688


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\suzanne\AppData\Roaming\Mozilla\Firefox\Profiles\dptemawm.default\prefs.js ]

Line Deleted : user_pref("CT3303000.FF19Solved", "true");
Line Deleted : user_pref("CT3303000.UserID", "UN37268103051034319");
Line Deleted : user_pref("CT3303000.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3303000.fullUserID", "UN37268103051034319.IN.20130922225842");
Line Deleted : user_pref("CT3303000.installDate", "22/09/2013 22:58:50");
Line Deleted : user_pref("CT3303000.installSessionId", "{7A932F0B-3D05-4176-919B-D984C12B0B40}");
Line Deleted : user_pref("CT3303000.installSp", "TRUE");
Line Deleted : user_pref("CT3303000.installerVersion", "1.7.100.2");
Line Deleted : user_pref("CT3303000.keyword", "true");
Line Deleted : user_pref("CT3303000.originalHomepage", "about:home");
Line Deleted : user_pref("CT3303000.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT3303000.originalSearchEngine", "");
Line Deleted : user_pref("CT3303000.originalSearchEngineName", "");
Line Deleted : user_pref("CT3303000.searchRevert", "false");
Line Deleted : user_pref("CT3303000.searchUserMode", "2");
Line Deleted : user_pref("CT3303000.versionFromInstaller", "10.20.0.20");
Line Deleted : user_pref("CT3303000.xpeMode", "0");

*************************

AdwCleaner[R0].txt - [4200 octets] - [04/10/2013 15:20:32]
AdwCleaner[R1].txt - [2820 octets] - [05/10/2013 12:50:58]
AdwCleaner[R2].txt - [2880 octets] - [05/10/2013 12:52:20]
AdwCleaner[S0].txt - [2863 octets] - [05/10/2013 12:55:13]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2923 octets] ##########
blondlily57
Regular Member
 
Posts: 37
Joined: September 30th, 2013, 5:16 pm

Re: promotional popups at any site that i visit

Unread postby blondlily57 » October 5th, 2013, 4:00 pm

nope still popups. now i am getting sex dating sites.
blondlily57
Regular Member
 
Posts: 37
Joined: September 30th, 2013, 5:16 pm

Re: promotional popups at any site that i visit

Unread postby Wingman » October 6th, 2013, 12:34 pm

Hello blondlily57,

Thanks for hanging in there, these cleanings can be tedious. :)
Please tell me if these pop-ups occur when using Internet Explorer or Firfox or both.

Please run the following steps...

Step 1.
Create a System Restore Point - W8
  1. Click the Start button Image, then right-click on Computer, then click Properties.
  2. In the left pane, click System protection. If UAC prompts, allow it.
  3. Click the System Protection tab... then click Create.
  4. In the System Protection dialog box, type a description... then click Create.
    A Restore Point will be created and you should receive a message: "The restore point was created successfully."
  5. Click Close and exit.
< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!


Step 2
Registry Backup (TCRB)
You should have this installed... if so, please ignore the download and install instructions.
Please download tweaking.com_registry_backup_setup.exe ... download and save it to your desktop.
Double click on the "...setup.exe" program and install the program. Let the install use the default installation. How to tutorial here.
Once the program is installed...
  1. Double click the Tweaking.com Registry Backup icon ... on your Desktop to open the program.
  2. It should open with the Backup Registry tab selected and all file options checked. Check any that are not already checked.
  3. Click on Backup Now to create a backup of your Registry.
    You'll see "Waiting for Volume Shadow Copy snapshot..." this may take a few moments, just be patient.
  4. When completed you should see a message saying something like ... Successful ??/?? Registry Files Backed Up ... ?? is total number of files, both numbers should match.
  5. Close and exit the program.
If you successfully created a TCRB backup of the registry, please continue...

Step 3
TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool. Vista - W7 users: Right-click and select "Run As Administrator".
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click Change parameters
  3. Under Additional Options CHECK Verify file digital signatures
  4. IMPORTANT: Ensure Detect TDLFS file system remains UNCHECKED.
  5. Click OK if changes were made.
  6. Click the Start Scan button. Do not use the computer during the scan! scan for Malicious objects.

    • If Malicious objects are detected, the default action will be Cure, ensure SKIP is selected... then click Continue
    • If suspicious objects are detected, the default action will be Skip, ensure Skip is selected... then click Continue
    • If Unsigned files are detected, the default action will be Skip, ensure Skip is selected... then click Continue

    DO NOT change the default actions, other than CURE to SKIP.
  7. You may be asked to reboot the computer to complete the process. Click on Reboot Now and allow the computer to reboot.
  8. A log will be created on your root drive (usually C:) drive. The log will have a name like Name.Version_Date_Time_log.txt.
    for example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt.
  9. If no reboot is required, click on Report. A log file should appear.
  10. Please post the contents of the log file in your next reply

Step 4.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. Pop-ups in what browser(s)?
  3. System Restore point and TCRB backup created successfully?
  4. TDSSKiller output.
  5. How is the computer behaving?

Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14117
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: promotional popups at any site that i visit

Unread postby blondlily57 » October 6th, 2013, 12:56 pm

it appears to only be in firefox.
blondlily57
Regular Member
 
Posts: 37
Joined: September 30th, 2013, 5:16 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: random/random and 65 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware