Solved Invisible spam in Firefox browser window

May 14, 2013 at 10:35:44
Specs: Windows 7
Hi, I have recently encounter this problem, its something new to me. I use Firefox as my main browser. I'll be browsing the web, next when I try to click on a link the mouse pointer stays an arrow instead of turning into the finger hand. As I click on the link it loads up a new tab or page and directs me into a survey or whatever it want. I close that tab and go back to the original page and only then the page functions as normal. It's pretty random.

Of course this happens not just links but the whole page. Just by clicking on anywhere even on white space this thing pops up. It's like the whole screen has an invisible button that directs you to a stupid survey or whatever spams are these days.

I don't believe this happens with my other browsers as I rarely use them.

What is this and how can I remove this?


See More: Invisible spam in Firefox browser window

Report •


✔ Best Answer
May 16, 2013 at 17:33:47
Lets do some checking computerperson, starting with these.

1: Run AdwCleaner
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://general-changelog-team.fr/en...
http://www.raymond.cc/blog/adwclean...
Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

2: Run Junkware Removal Tool
http://www.softpedia.com/get/Securi...
http://www.softpedia.com/progScreen...
http://www.bleepingcomputer.com/dow...
http://thisisudax.blogspot.com.au/2...
Download Junkware Removal Tool to your desktop.
Warning! Once the scan is complete JRT will shut down your browser with NO warning.
Shut down your protection software now to avoid potential conflicts.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. http://www.bleepingcomputer.com/for...
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Copy and Paste the contents of the JRT.txt log please.



#1
May 14, 2013 at 12:10:45
First of all, computerperson, "spam" is related to emails and has nothing to do with websites or web browsers.

Second, the fastest way out of your problem is to use Google Chrome and that's coming from someone who has used Firefox for ten years straight until I grew tired of it crashing, Flash Player problems and god knows what else.

Google Chrome lacks nothing and it just gets on with the job it was designed for:
https://www.google.com/intl/en/chro...

Firefox is no longer on my system. I'd get rid of IE too if I could do it without screwing Windows up.


Report •

#2
May 14, 2013 at 15:18:54
Have you recently scanned for malware using the free versions of Malwarebytes and SuperAntiSpyware in addition to your regularly scheduled anti-virus scans?

Do you have advertising blocking add-ons to help hide and prevent the loading of website adverts (sometimes referred to as "web browsing SPAM" or "Internet SPAM") such as AdBlock Plus?

Which specific website(s) are causing you such problems?

It sounds like a basic pop-up advertisement. Do you have those disabled in Firefox > Tools > Options > Content tab > checkmark: Block pop-up windows? Additionally, did you by chance whitelist the website in question to allow pop-ups? Check the Exceptions list adjacent to this option. Keep in mind some pop-ups can evade blockers like this.

What other add-ons and plugins do you have installed to Firefox?

Apologies if I don't respond to your reply immediately. I don't check this site daily, but you're welcome to PM me as a reminder.


Report •

#3
May 14, 2013 at 15:35:52
I use Firefox as my default browser. In addition to Adblock Plus, I use these.

Mozilla Labs: Prospector - about:trackers 2
https://addons.mozilla.org/en-US/fi...

SpywareBlaster
http://www.softpedia.com/get/Intern...
http://www.softpedia.com/progScreen...
http://www.bleepingcomputer.com/tut...
http://www.javacoolsoftware.com/spy...


Report •

Related Solutions

#4
May 14, 2013 at 16:03:45
Currently I use these softwares: SuperAntispyware, ad-aware antivirus, avg antivirus, spybot, spyware blaster.

I'm on Youtube alot so it tends to happen there, but it does happens to other places. I just installed some antivirus programs so I'll wait and see if its still happening.


Report •

#5
May 15, 2013 at 03:04:06
"Currently I use these softwares: SuperAntispyware, ad-aware antivirus, avg antivirus, spybot, spyware blaster."


computerperson, please note:

Ad-Aware Antivirus & AVG Antivirus are both real-time antivirus protection products and therefore should not be installed together on the same computer as it can cause conflicts and an unstable system.

Only one real-time antivirus protection product should be installed at any one time.


Report •

#6
May 15, 2013 at 18:00:17
@phil22 I have been doing that for many years now and my system has been running pretty stable much of the time. The only times the system is unstable is when the pc is infected with a virus.

Report •

#7
May 15, 2013 at 18:03:42
" I just installed some antivirus programs so I'll wait and see if its still happening"
Is it?

Report •

#8
May 16, 2013 at 14:06:50
"@phil22 I have been doing that for many years now and my system has been running pretty stable much of the time. The only times the system is unstable is when the pc is infected with a virus"

Well anyone who knows anything about the "do's and dont's" in computing will give you the same advice as I have. In any event, my PC has never been infected with malware and I have only ever had one AV installed at any one time.

It seems my single AV app has protected me, whereas your two AV apps have failed to protect you. So where's the proof that two is better, what's the point? Having two installed may even have caused the problem you're having now.


Report •

#9
May 16, 2013 at 17:27:09
@johnw seems like its still happening. I even reinstalled Firefox.

this is one of them popups that's popping out:
http://www. bestproducttesters.com/QuizV1/?subid=AF


Report •

#10
May 16, 2013 at 17:33:47
✔ Best Answer
Lets do some checking computerperson, starting with these.

1: Run AdwCleaner
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://general-changelog-team.fr/en...
http://www.raymond.cc/blog/adwclean...
Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

2: Run Junkware Removal Tool
http://www.softpedia.com/get/Securi...
http://www.softpedia.com/progScreen...
http://www.bleepingcomputer.com/dow...
http://thisisudax.blogspot.com.au/2...
Download Junkware Removal Tool to your desktop.
Warning! Once the scan is complete JRT will shut down your browser with NO warning.
Shut down your protection software now to avoid potential conflicts.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. http://www.bleepingcomputer.com/for...
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Copy and Paste the contents of the JRT.txt log please.


Report •

#11
May 17, 2013 at 11:23:55
@ johnW I ran these two in safe mode if that matters.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Ultimate x64
Ran by rock on Fri 05/17/2013 at 13:08:13.69
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Users\rock\appdata\local\adawarebp"
Successfully deleted: [Folder] "C:\Users\rock\appdata\local\downloadterms"
Successfully deleted: [Folder] "C:\Program Files (x86)\tgtsoft\stylexp"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\free window registry repair"

~~~ FireFox

Successfully deleted: [File] C:\Users\rock\AppData\Roaming\mozilla\firefox\profiles\tjgreloi.default\extensions\savefileto@mozdev.org.xpi [Tracur]
Successfully deleted: [File] "C:\Users\rock\AppData\Roaming\mozilla\firefox\profiles\tjgreloi.default\extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi"
Successfully deleted: [File] "C:\Users\rock\AppData\Roaming\mozilla\firefox\profiles\tjgreloi.default\extensions\isreaditlater@ideashower.com.xpi"
Successfully deleted: [Folder] C:\Users\rock\AppData\Roaming\mozilla\firefox\profiles\tjgreloi.default\extensions\50c2e098972de@50c2e09897318.com
Successfully deleted: [Folder] C:\Users\rock\AppData\Roaming\mozilla\firefox\profiles\tjgreloi.default\extensions\50cffa86b2676@50cffa86b26b0.com
Successfully deleted: [Folder] C:\Users\rock\AppData\Roaming\mozilla\firefox\profiles\tjgreloi.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
Emptied folder: C:\Users\rock\AppData\Roaming\mozilla\firefox\profiles\tjgreloi.default\minidumps [87 files]

~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\ippkomaaonokjnfjoikaemidanojkfmm

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 05/17/2013 at 13:10:02.56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-------------------------------------------------------------------------------------------------------------------------------

# AdwCleaner v2.301 - Logfile created 05/17/2013 at 12:58:06
# Updated 16/05/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : rock - ROCK-PC
# Boot Mode : Safe mode
# Running from : H:\firefox download que\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\END
File Deleted : C:\Users\rock\AppData\Roaming\Mozilla\Firefox\Profiles\tjgreloi.default\bProtector_extensions.rdf
File Deleted : C:\Users\rock\AppData\Roaming\Mozilla\Firefox\Profiles\tjgreloi.default\searchplugins\Babylon.xml
File Deleted : C:\Users\rock\AppData\Roaming\Mozilla\Firefox\Profiles\tjgreloi.default\searchplugins\BrowserProtect.xml
File Deleted : C:\Users\rock\AppData\Roaming\Mozilla\Firefox\Profiles\tjgreloi.default\searchplugins\mixidj.xml
File Deleted : C:\Users\rock\AppData\Roaming\Mozilla\Firefox\Profiles\tjgreloi.default\searchplugins\mywebsearch.xml
Folder Deleted : C:\Program Files (x86)\adawaretb
Folder Deleted : C:\Program Files (x86)\Common Files\Speedbit
Folder Deleted : C:\Program Files (x86)\Red Sky
Folder Deleted : C:\Program Files (x86)\Vaudix
Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vaudix
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\SoftSafe
Folder Deleted : C:\ProgramData\Speedbit
Folder Deleted : C:\ProgramData\Vaudix
Folder Deleted : C:\ProgramData\WeCareReminder
Folder Deleted : C:\Users\rock\AppData\Local\DownTango
Folder Deleted : C:\Users\rock\AppData\LocalLow\adawaretb
Folder Deleted : C:\Users\rock\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\rock\AppData\LocalLow\Speedbit
Folder Deleted : C:\Users\rock\AppData\LocalLow\Vaudix
Folder Deleted : C:\Users\rock\AppData\Roaming\Mozilla\Firefox\Profiles\tjgreloi.default\adawaretb
Folder Deleted : C:\Users\rock\AppData\Roaming\Mozilla\Firefox\Profiles\tjgreloi.default\jetpack
Folder Deleted : C:\Users\rock\AppData\Roaming\Mozilla\Firefox\Profiles\tjgreloi.default\WinampToolbarData

***** [Registry] *****

Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKCU\Software\SpeedBit
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKLM\Software\adawaretb
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SpeedBit
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://mixidj.delta-search.com/?affID=121149&tt=gc_&babsrc=HP_ss&mntrId=1ACB001D7E0C75BB --> hxxp://www.google.com

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\rock\AppData\Roaming\Mozilla\Firefox\Profiles\tjgreloi.default\prefs.js

C:\Users\rock\AppData\Roaming\Mozilla\Firefox\Profiles\tjgreloi.default\user.js ... Deleted !

Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Deleted : user_pref("aol_toolbar.default.search.check", false);
Deleted : user_pref("extensions.50cffa86b2723.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]
Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v26.0.1410.64

File : C:\Users\rock\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [6315 octets] - [17/05/2013 12:58:06]

########## EOF - C:\AdwCleaner[S1].txt - [6375 octets] ##########


Report •

#12
May 17, 2013 at 14:45:46
"@ johnW I ran these two in safe mode if that matters"
Doesn't look like it computerperson, it removed heaps of problems.

You need to to be more careful installing programs, no more click, click.
A lot of programs, now give you the choice to install toolbars & other during the install. Either uncheck these items during install, or use Custom install.

3: Run RogueKiller
http://www.softpedia.com/get/Securi...
http://www.softpedia.com/progScreen...
http://majorgeeks.com/RogueKiller_d...
http://www.geekstogo.com/forum/file...
http://www.sur-la-toile.com/RogueKi...
http://www.sur-la-toile.com/RogueKi...
Download & SAVE to your Desktop.
Quit all programs that you may have started.
Please disconnect any USB or external drives from the computer before you run this scan!
For Vista or Windows 7, right-click and select "Run as Administrator to start"
For Windows XP, double-click to start.
Wait until Prescan has finished ...
Then Click on "Scan" button
Wait until the Status box shows "Scan Finished"
click on "delete"
Wait until the Status box shows "Deleting Finished"
Click on "Report" and copy/paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop
Exit/Close RogueKiller.


Report •

#13
May 20, 2013 at 19:58:28
Yes it did remove a lot stuff. I'll give RogueKiller a try. I'll report back in a few days and see how my computer is responding.

Report •

#14
May 21, 2013 at 10:53:15
@johnw

here is the roguekiller

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/file...
Website : http://tigzy.geekstogo.com/roguekil...
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : rock [Admin rights]
Mode : Remove -- Date : 05/21/2013 12:50:26
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[TASK][SUSP PATH] ROC_REG_JAN_DELETE.job : C:\ProgramData\AVG January 2013 Campaign\ROC.exe /DELETE_FROM_SYSTEM=1 [7] -> DELETED
[TASK][SUSP PATH] ROC_REG_JAN_DELETE : C:\ProgramData\AVG January 2013 Campaign\ROC.exe /DELETE_FROM_SYSTEM=1 [7] -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD1500AHFD-00RAR5 ATA Device +++++
--- User ---
[MBR] 57597d46c4d9d2952bedb3bf35ffbbbe
[BSP] dcf85cdc0880fd400245218fe7ace454 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 143088 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Seagate ST380011A SCSI Disk Device +++++
--- User ---
[MBR] 68f5be12e38e15707b8ac25a124ac0a4
[BSP] 573fd7fb8cdde8f9c35b68423cb5669f : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76316 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive2: WDC WD32 00AAJB-00TYA0 SCSI Disk Device +++++
--- User ---
[MBR] 68935653c717fea4ac5faf7819d18bf9
[BSP] 49fc1e4c9f9804dc7d6bfc71bc142e61 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 305243 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive3: WD 5000AAJB Externa USB Device +++++
--- User ---
[MBR] 07886398f5223b638cfda8b3ebd2ffd6
[BSP] 96545aae4c3a8e5d84fbb99372be0652 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 476929 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2]_D_05212013_02d1250.txt >>
RKreport[1]_S_05212013_02d1246.txt ; RKreport[2]_D_05212013_02d1250.txt


Report •

#15
May 21, 2013 at 16:40:16
" I'll report back in a few days and see how my computer is responding."
You now need to keep things moving, just to make sure things don't worsen.

As we dismantle the infections bit by bit, that may allow the repeat use of programs, which may in turn pick up more.

Please download and run ListParts64 by Farbar (for 64-bit system):
http://download.bleepingcomputer.co...
Click on the Scan button.
The scan results will open in Notepad.
Copy and Paste the contents into your reply.


Report •

#16
May 22, 2013 at 10:18:13
listparts results:

ListParts by Farbar Version: 10-05-2013
Ran by rock (administrator) on 22-05-2013 at 12:15:47
Windows 7 (X64)
Running From: C:\Users\rock\Desktop
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 43%
Total physical RAM: 6143.05 MB
Available physical RAM: 3486.75 MB
Total Pagefile: 12284.28 MB
Available Pagefile: 7818.21 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:139.73 GB) (Free:50.41 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive e: (DISK3_VOL1) (Fixed) (Total:74.53 GB) (Free:14.24 GB) NTFS
5 Drive h: () (Fixed) (Total:298.09 GB) (Free:33.32 GB) NTFS
6 Drive l: (My Book) (Fixed) (Total:465.64 GB) (Free:114.74 GB) FAT32

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 139 GB 0 B
Disk 1 Online 74 GB 1024 KB
Disk 2 Online 298 GB 0 B
Disk 3 Online 465 GB 9 MB

Partitions of Disk 0:
===============

Disk ID: 30E3FC86

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 139 GB 1024 KB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 139 GB Healthy System (partition with boot components)

======================================================================================================

Partitions of Disk 1:
===============

Disk ID: 18C238DD

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 74 GB 31 KB

======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E DISK3_VOL1 NTFS Partition 74 GB Healthy

======================================================================================================

Partitions of Disk 2:
===============

Disk ID: F28D440C

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 298 GB 1024 KB

======================================================================================================

Disk: 2
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 H NTFS Partition 298 GB Healthy

======================================================================================================

Partitions of Disk 3:
===============

Disk ID: 8D399BC0

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 465 GB 31 KB

======================================================================================================

Disk: 3
Partition 1
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 L My Book FAT32 Partition 465 GB Healthy

======================================================================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: 30E3FC86
Partition 1: (Active) - (Size=140 GB) - (Type=07 NTFS)

==============================
Partitions of Disk 1:
===============
Disk ID: 18C238DD
Partition 1: (Active) - (Size=75 GB) - (Type=07 NTFS)

==============================
Partitions of Disk 2:
===============
Disk ID: F28D440C
Partition 1: (Active) - (Size=298 GB) - (Type=07 NTFS)

==============================
Partitions of Disk 3:
===============
Disk ID: 8D399BC0
Partition 1: (Not Active) - (Size=466 GB) - (Type=0C)


****** End Of Log ******


Report •

#17
May 22, 2013 at 16:19:00
"listparts results:"
Good result, no hidden partition housing nasties.

1: Download & run Unhide
http://www.bleepingcomputer.com/for...
http://download.bleepingcomputer.co...
A introduction as to what this program does.
http://www.bleepingcomputer.com/for...
For those of you who no longer have the %Temp%\Smtmp folder, you will not be able to use Unhide to restore your Start Menu items. With this in mind, I have created some scripts to restore the default Start Menu for specific versions of Windows that I have access to. You can view the available versions below. I will be adding more as time goes on.
Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run, it does take some time, be patient. This program will remove the +H, or hidden, attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.
When Unhide is complete, it will create a logfile on the Windows Desktop called Unhide.txt. Let me know if it dosn't produce a log please.

2: Reboot

3: Run TDSSKiller & post the contents of the log.
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://support.kaspersky.com/faq/?q...
http://support.kaspersky.com/viruse...


Report •

#18
May 23, 2013 at 16:50:44
I noticed that problem hasn't been seen for a few days now.


Unhide by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
http://www.bleepingcomputer.com/for...

Program started at: 05/23/2013 02:07:50 PM
Windows Version: Windows 7

Please be patient while your files are made visible again.

Processing the C:\ drive
Finished processing the C:\ drive. 210228 files processed.

Processing the E:\ drive
Finished processing the E:\ drive. 104126 files processed.

Processing the H:\ drive
Finished processing the H:\ drive. 35282 files processed.

Processing the L:\ drive
Finished processing the L:\ drive. 8934 files processed.

The C:\Users\rock\AppData\Local\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
Start Menu shortcuts: http://www.bleepingcomputer.com/for...

Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
No registry changes detected.

Program finished at: 05/23/2013 02:17:27 PM
Execution time: 0 hours(s), 9 minute(s), and 36 seconds(s)


Report •

#19
May 24, 2013 at 04:18:08
"I noticed that problem hasn't been seen for a few days now"
That's good news.

4: Download Security Check by screen317 from one of the following links and save it to your desktop.
http://screen317.spywareinfoforum.o...
http://screen317.changelog.fr/Secur...
* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Save it to your Desktop.
* Double click SecurityCheck.exe. If you run Windows Vista or 7, right click and choose 'Run as Administrator'.
o If you are asked by Windows to run this program or not, please click 'Yes' or 'Run'.
o When you see a console window, press any key to continue scanning.
o Wait while it scans.
o If your firewall alerts you of Security Check, please press 'Allow' or similar.
* A Notepad document should open automatically after scan is completed. It will be called checkup.txt; Please Copy and Paste the contents into your reply.
Note: If a security program requests permission from dig.exe to access the Internet, all


Report •

#20
June 9, 2013 at 15:22:51
@JohnW sorry the late reply.

here are the results

Results of screen317's Security Check version 0.99.64
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
[b][u]``````````````Antivirus/Firewall Check:``````````````[/b][/u]
Windows Firewall Enabled!
Kaspersky Internet Security
AVG AntiVirus Free Edition 2013
avast! Internet Security
Lavasoft Ad-Aware
Antivirus up to date! (On Access scanning [b]disabled[/b]!)
[b][u]`````````Anti-malware/Other Utilities Check:`````````[/b][/u]
Ad-Aware
SpywareBlaster 5.0
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 21
Adobe Flash Player 11.7.700.202
Adobe Reader XI
Mozilla Firefox (21.0)
Google Chrome 27.0.1453.110
Google Chrome 27.0.1453.94
[b][u]````````Process Check: objlist.exe by Laurent````````[/b][/u]
[color=red][b]Ad-Aware AAWService.exe is disabled![/b][/color]
[color=red][b]Ad-Aware AAWTray.exe is disabled![/b][/color]
[b][color=red]Spybot Teatimer.exe is disabled![/color][/b]
AVG avgwdsvc.exe
Ad-Aware Antivirus AdAwareService.exe
Ad-Aware Antivirus SBAMSvc.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast afwServ.exe
AVAST Software Avast AvastUI.exe
Kaspersky Lab Kaspersky Internet Security 2013 avp.exe
Kaspersky Lab Kaspersky Internet Security 2013 x64 wmi64.exe
[b][u]`````````````````System Health check`````````````````[/b][/u]
Total Fragmentation on Drive C: 8%
[b][u]````````````````````End of Log``````````````````````[/b][/u]


Report •

#21
June 10, 2013 at 03:16:44
"@JohnW sorry the late reply"
I have been away for a week myself.

As mentioned previously by phil22 in post #5, it is best to only use one real time AV, unless Oked by the program or you have the scanning disabled, which you appear to have done. As you say, the machine has been running fine for 2 years.

Everything else is good.


Report •

#22
June 10, 2013 at 15:21:16
computerperson
Please excuse this aside which is in reference to #1.

I too have used Firefox for 10 years or so and have had none of the issues described. It is also used widely by an extensive population of other people. If it is as bad as all that I am surprised that we have not been inundated with such problems on these boards and that about every helper would be telling people to avoid it.

Having said that everyone is entitled to their preferences and opinion on browsers (as with everything else). Personally I would not use Chrome because I regard it as particular snoopy. That is also opinion (mine) but put "does google chrome spy on you" in your search engine and you will see that I am not the only one with doubts.

Always pop back and let us know the outcome - thanks


Report •


Ask Question