I keep getting pop-ups saying what’s in the subject line sometimes over 50 while the computer is on one page or no page open or just sitting idle not being used. I would appreciate all the help anyone can offer.
Malwarebytes came up clean.
I hope I attach everything as requested. Here goes…
Thanks,
Daniel
Remoer Notified.
Thanks Michael,
I also have trouble downloading even mundane things sometimes. ERROR: “Your security settings won’t allow this download” (something like that…) I can reset my security settings to default and download it most of the time. Not sure it’s a part of the same problem but thought I’d mention it. Something is changing my settings.
Not sure this will work but it should be a sample of the error I keep getting. Beside “Object” there are many different things. They go away too fast to write them down most times popping up one after another.
https://forum.avast.com/index.php?action=dlattach;topic=164727.0;attach=153632;image
Thanks,
Daniel
Almost sounds like a ZA Trait… I don’t really have the expertise to say whether or not you have ZeroAccess (ZA). However, sometimes FRST will show this
Example Line <== ZeroAccess!!!.
I’ll have a quick run through. (Do not I won’t post a script for you to run, to avoid casuing any damage)
Sorry, someone is booting the school Network… (Booting = DDoS’ing aka Crashing the servers)/
HKU\S-1-5-21-755514826-1116167407-801232796-1001.…A8F59079A8D5}\localserver32: <==== ATTENTION!
I suspect that is one of your issues. Wait for Magna, Argus or Essexboy. They’ll give you a full report of what’s wrong.
Let me know how the computer is after this
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint: HKU\S-1-5-21-755514826-1116167407-801232796-1001\...A8F59079A8D5}\localserver32: <==== ATTENTION! Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File 2015-01-19 00:11 - 2015-01-19 00:11 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\QuickScan 2015-01-19 00:10 - 2015-01-19 00:19 - 00000000 ____D () C:\ProgramData\SmartPCScan 2015-01-18 23:41 - 2015-01-19 02:12 - 00000000 ____D () C:\Program Files (x86)\iYogi Support Dock 2015-01-18 22:54 - 2015-01-18 22:54 - 00002954 _____ () C:\windows\System32\Tasks\{F24AD5CE-E39D-435B-87EB-ECF7D2958CE7} EmptyTemp: CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
THEN
Please download AdwCleaner by Xplode onto your desktop.
[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.
Thank you Essex boy,
Actually the pop-ups stopped mysteriously before I did anything. I’m not sure for how long so I followed your instructions anyway. Below are the logs requested. Thanks
Content of fixlist:
CreateRestorePoint:
HKU\S-1-5-21-755514826-1116167407-801232796-1001.…A8F59079A8D5}\localserver32: <==== ATTENTION!
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
2015-01-19 00:11 - 2015-01-19 00:11 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\QuickScan
2015-01-19 00:10 - 2015-01-19 00:19 - 00000000 ____D () C:\ProgramData\SmartPCScan
2015-01-18 23:41 - 2015-01-19 02:12 - 00000000 ____D () C:\Program Files (x86)\iYogi Support Dock
2015-01-18 22:54 - 2015-01-18 22:54 - 00002954 _____ () C:\windows\System32\Tasks{F24AD5CE-E39D-435B-87EB-ECF7D2958CE7}
EmptyTemp:
CMD: bitsadmin /reset /allusers
Restore point was successfully created.
“HKU\S-1-5-21-755514826-1116167407-801232796-1001\Software\Classes\CLSID{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32” => Key deleted successfully.
“HKU\S-1-5-21-755514826-1116167407-801232796-1001\Software\Classes\CLSID{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}” => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
HKCR\CLSID{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Key not found.
C:\Users\Daniel\AppData\Roaming\QuickScan => Moved successfully.
C:\ProgramData\SmartPCScan => Moved successfully.
C:\Program Files (x86)\iYogi Support Dock => Moved successfully.
C:\windows\System32\Tasks{F24AD5CE-E39D-435B-87EB-ECF7D2958CE7} => Moved successfully.
========= bitsadmin /reset /allusers =========
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
Unable to cancel {EB1EBBC2-45B7-4550-BBE3-C1F7384B1789}.
0 out of 1 jobs canceled.
========= End of CMD: =========
EmptyTemp: => Removed 93 MB temporary data.
The system needed a reboot.
==== End of Fixlog 21:27:51 ===
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\speedypc software
Folder Deleted : C:\Users\Daniel\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Daniel\AppData\Roaming\speedypc software
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{065C1A21-97F8-45FB-A9F0-861B60FACEC8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{3204358F-5904-46A6-841F-D6B5BE3EF4E3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{3AE67737-0E3E-44AA-AA5E-46A68BF017FF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{3EE5B726-044A-48D2-AA7B-049BD9A0F62A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{60FBBE03-57FF-49D8-B38E-053D3F489825}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{6A5182F1-C0B8-42B8-96CC-7F329CD46913}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{6C153418-8E4D-4FAF-AF27-5201E38463A7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{A26A2F05-AC4D-4A1E-9531-9125F7309B78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{CC5D6240-7DF0-435D-9B9B-F8586A99DE86}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{F343045E-E20A-46E1-82D8-9962C43EFC9E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{FBB360DC-CB6C-4D6A-808A-2C773151BFFF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{FFD7DDAC-EC28-42A5-8D39-917B9078604B}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
How is the computer behaving now ?
No problems yet but haven’t used it much… any actually. BUT the pop-ups seem to be gone. They were like a plague and were there as soon as I turned it on. I’m fairly confident they are gone. I hope it fixed a few other problems like opening google search results in a new tab and nothing being there. I have to reload the page for it to show - minor problem for another thread I’m sure.
Thank you very much. I’ve had a computer since my first in 96. People like you have kept me sane, well almost sane but some was pre-existing,
Daniel
Run the system as normal for a while and when you are happy let me know and I will tidy up 