Wonderlandads.com annoying firefox pop up

Discussion in 'Windows - Virus and spyware problems' started by raffs, Apr 20, 2017.

  1. raffs

    raffs Regular member

    Joined:
    Apr 22, 2005
    Messages:
    213
    Likes Received:
    0
    Trophy Points:
    26
    Hi all, I'm having problems with wonderlandads.com popping up through firefox and I can't stop it, hopefully some of you good folks here will point me in the right direction.

    I've run, Spybot Search & Destroy, AVG, Trend housescan, (run in safe mode) to no avail. I've seen guides online but I do not have the registry keys that I am meant to have to delete and the guides tell me to down load a removal tool which I am not sure would be a good idea. I've deleted and reinstalled firefox and made sure there were no add ons used. I use Opera and Chrome too but have no problems with them.

    Anyone have any advice on what to do please?

    Thanks for any/all help
     
  2. scorpNZ

    scorpNZ Active member

    Joined:
    Mar 23, 2005
    Messages:
    4,266
    Likes Received:
    63
    Trophy Points:
    78
  3. raffs

    raffs Regular member

    Joined:
    Apr 22, 2005
    Messages:
    213
    Likes Received:
    0
    Trophy Points:
    26
    Hi scorpNZ, I came across that guide but can find nothing in task manager and none of the registry keys either. Is the removal program legit or will it be likely to be more malware?

    Thanks for the reply.
     
  4. raffs

    raffs Regular member

    Joined:
    Apr 22, 2005
    Messages:
    213
    Likes Received:
    0
    Trophy Points:
    26
    Here are the results of a hijackthis scan:

    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
    C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
    C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
    C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
    C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
    C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
    C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
    C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
    C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
    C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
    C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
    C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
    C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
    C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
    C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
    C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
    C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
    C:\Users\raffs\AppData\Local\Temp\scoped_dir10840_15878\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba15.msn.com/?pc=TBTE
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=
    O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll
    O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office16\GROOVEEX.DLL
    O4 - HKLM\..\Run: [TSVU] "c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe"
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
    O4 - HKLM\..\Run: [AvgUi] "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
    O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    O4 - HKCU\..\Run: [OneDrive] "C:\Users\raffs\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
    O4 - HKCU\..\Run: [uTorrent] "C:\Users\raffs\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
    O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
    O4 - HKCU\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
    O4 - HKCU\..\Run: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
    O4 - HKCU\..\Run: [TunnelBear] C:\Program Files (x86)\TunnelBear\TunnelBear.UI.exe -autoconnect
    O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    O4 - HKCU\..\Run: [Speech Recognition] "C:\WINDOWS\Speech\Common\sapisvr.exe" -SpeechUX -Startup
    O4 - HKCU\..\RunOnce: [Application Restart #4] C:\Users\raffs\AppData\Local\Host App Service\Engine\HostAppService.exe /open4efc125e5bdfe64bf86cc73a85a9d56ebf10231c --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\raffs\AppData\Local\Host App Service\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\Office16\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office\Office16\ONBttnIE.dll/105
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office16\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office16\ONBttnIE.dll
    O9 - Extra button: @%CommonProgramFiles%\Microsoft Shared\Office16\oregres.dll,-430 - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll
    O9 - Extra 'Tools' menuitem: @%CommonProgramFiles%\Microsoft Shared\Office16\oregres.dll,-430 - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL
    O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL
    O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
    O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
    O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\MSOXMLMF.DLL
    O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
    O23 - Service: AVG Antivirus - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
    O23 - Service: avgbIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe
    O23 - Service: AVG Service (avgsvc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
    O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
    O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
    O23 - Service: DTS APO Service (dts_apo_service) - Unknown owner - C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
    O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\WINDOWS\system32\EasyAntiCheat.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
    O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
    O23 - Service: GFNEX Service (GFNEXSrv) - Unknown owner - C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: @oem36.inf,%SERVICE_NAME%;Intel Bluetooth Service (ibtsiva) - Unknown owner - C:\WINDOWS\system32\ibtsiva (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
    O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
    O23 - Service: Intel(R) WiDi Software Asset Manager (Intel(R) WiDi SAM) - Intel Corporation - C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe
    O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
    O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
    O23 - Service: TOSHIBA eco Utility Service - Toshiba Corporation - C:\Program Files\TOSHIBA\Teco\TecoService.exe
    O23 - Service: TOSRMService - TOSHIBA - C:\Program Files (x86)\TOSHIBA\TOSHIBA System Driver\RMService.exe
    O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    O23 - Service: TunnelBear Maintenance (TunnelBearMaintenance) - TunnelBear - C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - IntelĀ® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

    Hope this sheds some light.
     
  5. scorpNZ

    scorpNZ Active member

    Joined:
    Mar 23, 2005
    Messages:
    4,266
    Likes Received:
    63
    Trophy Points:
    78
    sorry man! i was just posting something to try,i have no idea how to get rid of it.There's only one person round here that i now of can & that's 2oldgeek
     
  6. syxguns

    syxguns Active member

    Joined:
    Jan 13, 2006
    Messages:
    1,378
    Likes Received:
    4
    Trophy Points:
    68
    The HijackThis log contains nothing of importance. I'm not sure if it works with Windows 10 well.

    Run AdwCleaner as administrator.

    I would also run Malwarebytes which has a 14 day free trial.

    Next run ZHPCleaner

    Last you may need to reset your browser.

    In Firefox select help then Troubleshooting Information. Click on the repair firefox button and confirm.

    Maybe that information will get you sorted out.
     
  7. raffs

    raffs Regular member

    Joined:
    Apr 22, 2005
    Messages:
    213
    Likes Received:
    0
    Trophy Points:
    26
    Thanks syxguns, doing that now.
     
  8. raffs

    raffs Regular member

    Joined:
    Apr 22, 2005
    Messages:
    213
    Likes Received:
    0
    Trophy Points:
    26
    Hi all I got some advice over on bleeping computer which seems to have sorted it out:

    Hello, Welcome to BleepingComputer.
    I'm nasdaq and will be helping you.

    If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
    ===

    Press the windows key [​IMG]+ r on your keyboard at the same time. This will open the RUN BOX.
    Type Notepad and and click the OK key.
    Please copy the entire contents of the code box below to the a new file.

    start

    CreateRestorePoint:EmptyTemp:CloseProcesses:

    (TrendMicroInc.) C:\Users\raffs\AppData\Local\Temp\scoped_dir10840_15878\HijackThis.exeWinlogon\Notify\SDWinLogon-x32:SDWinLogon.dll [X]
    IFEO\SppExtComObj.exe:[Debugger]ShellIconOverlayIdentifiers:[00avg]->{472083B0-C522-11CF-8763-00608CC02F24}=>->NoFileGroupPolicy:Restriction<======= ATTENTION
    GroupPolicy\User:Restriction<======= ATTENTIONSearchScopes: HKU\S-1-5-21-4010117224-1455702855-3999644452-1001->{FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id=%7BF131CBB0-9A1A-4F41-A4F5-6890E31FD562%7D&gp=811041
    CHR HomePage:Default-> mail.ru/cnt/11956636?rciguc__PARAM__
    CHR StartupUrls:Default->"hxxp://mail.ru/cnt/10445?gp=811040"
    CHR NewTab:Default->Active:"chrome-extension://oelpkepjlgmehajehfeicfbjdiobdkfj/visual-bookmarks.html"
    CHR DefaultSearchURL:Default-> hxxp://go.mail.ru/distib/ep/?q={searchTerms}&product_id=%7B9C1EDA01-C2FD-43D9-94B0-E944F359D287%7D&gp=811041
    CHR DefaultSearchKeyword:Default-> go.mail.ru
    CHR DefaultSuggestURL:Default-> hxxp://suggests.go.mail.ru/ff3?q={searchTerms}
    CHR Extension:(????????????????Mail.Ru)- C:\Users\raffs\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfifbojenkenpkmnbnndeadpfdiffof [2017-03-02]
    CHR Extension:(ChromeWebStorePayments)- C:\Users\raffs\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-15]
    CHR Extension:(??????????????????Mail.Ru)- C:\Users\raffs\AppData\Local\Google\Chrome\User Data\Default\Extensions\oelpkepjlgmehajehfeicfbjdiobdkfj [2017-03-02]
    CHR Extension:(Mail.Ru)- C:\Users\raffs\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojlcebdkbpjdpiligkdbbkdkfjmchbfd [2017-03-02]
    CHR Extension:(ChromeMediaRouter)- C:\Users\raffs\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-15]
    CHR HKLM\...\Chrome\Extension:[flliilndjeohchalpbbcdekjklbdgfkk]- hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension:[ccfifbojenkenpkmnbnndeadpfdiffof]- hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension:[flliilndjeohchalpbbcdekjklbdgfkk]- hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension:[oelpkepjlgmehajehfeicfbjdiobdkfj]- hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension:[ojlcebdkbpjdpiligkdbbkdkfjmchbfd]- hxxps://clients2.google.com/service/update2/crx
    R2 ibtsiva;%SystemRoot%\system32\ibtsiva
    Task:{B9B1AF65-F2EB-47A8-A65D-6C0B983C898C}-System32\Tasks\vnovostyahnethewolsm =>Firefox.exe vnovostyah.net/hewolsm <==== ATTENTIONAlternateDataStreams: C:\ProgramData\Temp:0FF263E8[130]
    C:\Users\raffs\AppData\Local\Temp\scoped_dir10840_15878

    EndSave the file as fixlist.txt in the same folder where the Farbar tool is running from.
    The location is listed in the 3rd line of the Farbar log you have submitted.

    Run FRST and click Fix only once and wait.

    The tool will create a log (Fixlog.txt) please post it to your reply.
    ===

    Firefox:
    Reset Default Browsing settings:
    https://support.mozilla.org/en-US/k...vcd0BQA.2&utm_referrer=https://www.google.ca/
    ===

    So all that done and ran Adwcleaner and so far so good. No pop ups for several hours so am hoping the thing is cleaned.
     
  9. raffs

    raffs Regular member

    Joined:
    Apr 22, 2005
    Messages:
    213
    Likes Received:
    0
    Trophy Points:
    26
    All still running smoothly, problem sorted.
     
  10. syxguns

    syxguns Active member

    Joined:
    Jan 13, 2006
    Messages:
    1,378
    Likes Received:
    4
    Trophy Points:
    68
    Great to hear! Thanks for touching base with us and letting us know!
     

Share This Page