Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Laptop has copious pop-up ads, browser freeze ups [Solved]

pop-up browser freezups user accounts

  • This topic is locked This topic is locked

#1
stanhilliard

stanhilliard

    Member

  • Member
  • PipPip
  • 16 posts

I have an HP Spectre laptop running Win 8.1-64. I bought it a Best Buy in March 2015. In the begining I installed DVDs with software for the Kaspersky KIS and an external LG DVD reader. The problems started right away with a hugh amount of pop-up ads, jumps to new tabs containing more ads, and browser freeze ups. The HP Support Assistant utility crashes now.

I use Firefox and IE. The laptop has 4 user accounts and has Malwarebytes and Kaspersky Internet Secutity installed.

There is evidence of Cts.AdsSend.net. I previously discussed these problems at: http://www.eightforu...-resources.html

How can I find and fix the problems.?


  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi I will need to take a look see first

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select additions at the bottom
  • Press Scan button.
    frst.JPG
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach both logs generated.

  • 0

#3
stanhilliard

stanhilliard

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Here are the logs. (When I allowed this Geeks To Go page in the Firefox Noscript option all kinds of ad pop-ups were produced.)

Attached Files


  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Once these two fixes have run could you let me know how the computer is behaving

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
FF user.js: detected! => C:\Users\Stan\AppData\Roaming\Mozilla\Firefox\Profiles\68eic5ec.default\user.js [2015-04-07]
FF Extension: couponcheapchea - C:\Users\Stan\AppData\Roaming\Mozilla\Firefox\Profiles\68eic5ec.default\Extensions\[email protected] [2015-07-01]
FF Extension: cheap4alll - C:\Users\Stan\AppData\Roaming\Mozilla\Firefox\Profiles\68eic5ec.default\Extensions\[email protected] [2015-07-01]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.googl...jjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.googl...jjmlmojhbllhbho
2015-07-06 14:59 - 2015-07-06 14:59 - 00000000 ____D C:\ProgramData\{65AB91D4-DDD0-48D4-804D-C24E1FC90D44}
2015-06-28 13:53 - 2015-06-28 13:53 - 00000000 ____D C:\ProgramData\16125460926744368631
2015-06-17 22:06 - 2015-06-17 22:06 - 00000079 _____ C:\Program Files (x86)\prefs.js
2015-07-05 20:27 - 2015-04-09 00:16 - 00000000 __SHD C:\Users\barb\AppData\Local\EmieUserList
2015-07-05 20:27 - 2015-04-09 00:16 - 00000000 __SHD C:\Users\barb\AppData\Local\EmieSiteList
2015-07-05 20:27 - 2015-04-09 00:16 - 00000000 __SHD C:\Users\barb\AppData\Local\EmieBrowserModeList
2015-07-03 22:28 - 2015-03-24 21:52 - 00000000 __SHD C:\Users\Stan\AppData\Local\EmieUserList
2015-07-03 22:28 - 2015-03-24 21:52 - 00000000 __SHD C:\Users\Stan\AppData\Local\EmieSiteList
2015-07-03 22:28 - 2015-03-24 21:52 - 00000000 __SHD C:\Users\Stan\AppData\Local\EmieBrowserModeList
2015-07-01 19:45 - 2015-03-18 20:06 - 00000000 __SHD C:\Users\Barbara\AppData\Local\EmieUserList
2015-07-01 19:45 - 2015-03-18 20:06 - 00000000 __SHD C:\Users\Barbara\AppData\Local\EmieSiteList
2015-07-01 19:45 - 2015-03-18 20:06 - 00000000 __SHD C:\Users\Barbara\AppData\Local\EmieBrowserModeList
2015-06-17 12:31 - 2015-04-07 23:43 - 00000000 ____D C:\ProgramData\75b73cb40000367a
C:\Users\Public\VOIP.dat
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

  • 0

#5
stanhilliard

stanhilliard

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

fixlog.txt is attached. BTW  I still have loads of pop-ups. I will run adwcleaner now.

Attached Files


  • 0

#6
stanhilliard

stanhilliard

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

I don't see ant popups:

 

# AdwCleaner v4.207 - Logfile created 08/07/2015 at 12:31:04
# Updated 21/06/2015 by Xplode
# Database : 2015-07-05.2 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Stan - GRADMABARB
# Running from : C:\Users\Stan\Downloads\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\SecTaskMan
Folder Deleted : C:\Users\Stan\AppData\Local\SecTaskMan
Folder Deleted : C:\Users\barb\AppData\Roaming\Mozilla\Firefox\Profiles\lqwuywet.default\Extensions\[email protected]
File Deleted : C:\prefs.js
File Deleted : C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\n2h6kjyo.default-1435796636623\user.js
File Deleted : C:\Users\BarBara_2\AppData\Roaming\Mozilla\Firefox\Profiles\cysop52c.default\user.js
File Deleted : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\ie0i6thf.default\user.js

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\e54ab275-1bc9-760f-1fe6-e1c8b46ca3d3
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B853E835-9F24-4F4B-B55C-E554D15CCCD2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E104B9E4-01BA-4AAF-9957-6A525CC5451A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E104B9E4-01BA-4AAF-9957-6A525CC5451A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26453017-2C54-574B-7597-9EA6652686A6}

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v39.0 (x86 en-US)


*************************

AdwCleaner[R0].txt - [3338 bytes] - [24/03/2015 20:07:30]
AdwCleaner[R1].txt - [1896 bytes] - [24/03/2015 20:34:29]
AdwCleaner[R2].txt - [357 bytes] - [24/03/2015 21:41:27]
AdwCleaner[R3].txt - [1129 bytes] - [25/03/2015 23:03:17]
AdwCleaner[R4].txt - [1673 bytes] - [06/04/2015 23:12:13]
AdwCleaner[R5].txt - [2598 bytes] - [08/07/2015 12:27:05]
AdwCleaner[S0].txt - [3515 bytes] - [24/03/2015 20:28:44]
AdwCleaner[S1].txt - [1882 bytes] - [24/03/2015 20:36:54]
AdwCleaner[S2].txt - [1198 bytes] - [25/03/2015 23:13:35]
AdwCleaner[S3].txt - [1708 bytes] - [06/04/2015 23:14:05]
AdwCleaner[S4].txt - [2549 bytes] - [08/07/2015 12:31:04]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [2608  bytes] ##########
 

Attached Files


  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

How is the computer behaving now any further problems apparent ?


  • 0

#8
stanhilliard

stanhilliard

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

With IE -- this page looks OK

 

With Firefox -- this page looks OK until with noscript I select "temporarily allow all this sight." Then I get adds across the top of the page and a new tab. First it shows script for adssend, then that is replaced by a McAfee promotion.

 

adssend.net is in my list of recently blocked sites -- which was unblocked when I selected "temporarily allow all this sight."


  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Could I have a fresh FRST scan please


  • 0

#10
stanhilliard

stanhilliard

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

New frst.txt and addition.txt are attached.

Attached Files


  • 0

Advertisements


#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Let me know if this now stops the firefox ads

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint:
Startup: C:\Users\Stan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk [2015-03-24]
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
FF Extension: browse pulse - C:\Users\Stan\AppData\Roaming\Mozilla\Firefox\Profiles\68eic5ec.default\Extensions\{0f93dffa-0882-4ab1-9fb6-767b5032dcf7}.xpi [2015-04-07]
2015-07-04 12:34 - 2015-07-04 12:35 - 02811146 _____ C:\Users\Stan\Downloads\SecurityTaskManager_Setup.zip
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
  • 0

#12
stanhilliard

stanhilliard

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Here is the log:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-07-2015
Ran by Stan at 2015-07-08 14:07:52 Run:2
Running from C:\Users\Stan\Desktop
Loaded Profiles: Stan (Available Profiles: Barbara & Stan & barb & BarBara_2 & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
Startup: C:\Users\Stan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk [2015-03-24]
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
FF Extension: browse pulse - C:\Users\Stan\AppData\Roaming\Mozilla\Firefox\Profiles\68eic5ec.default\Extensions\{0f93dffa-0882-4ab1-9fb6-767b5032dcf7}.xpi [2015-04-07]
2015-07-04 12:34 - 2015-07-04 12:35 - 02811146 _____ C:\Users\Stan\Downloads\SecurityTaskManager_Setup.zip
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************

Restore point was successfully created.
C:\Users\Stan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk => moved successfully.
C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe not found.
C:\Users\Stan\AppData\Roaming\Mozilla\Firefox\Profiles\68eic5ec.default\Extensions\{0f93dffa-0882-4ab1-9fb6-767b5032dcf7}.xpi => moved successfully.
C:\Users\Stan\Downloads\SecurityTaskManager_Setup.zip => moved successfully.

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1652165426-3740713580-4145899124-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1652165426-3740713580-4145899124-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========


=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========

EmptyTemp: => 45.3 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 14:08:07 ====

Attached Files


  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Have the ads ceased in firefox now ?
  • 0

#14
stanhilliard

stanhilliard

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

I haven't seen any more pop-ups with Firefox, even though all is permitted.!

 

I will do a more thorough testing this evening and post the results.

I suspect that my infection came from the install disk for a portable LG DVD writer that I got at Best Buy when I bought my new computer. Would there be a way to verify that so that I can complain to Best Buy?


Edited by stanhilliard, 08 July 2015 - 02:07 PM.

  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
It is hard to say where you got it from as this type of programme is usually bundled with programmes that are downloaded from the web
  • 0






Similar Topics


Also tagged with one or more of these keywords: pop-up, browser freezups, user accounts

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP