Solved How do I stop the ads that keep popping up as I type?

March 21, 2015 at 08:54:09
Specs: Windows 7
When I search the internet, or even just type emails, ads pop up in front of where I was typing. It's unnerving, but I assume this means someone sees all I do on my computer, even this!


See More: How do I stop the ads that keep popping up as I type?

Report •

✔ Best Answer
March 22, 2015 at 19:05:08
AdwCleaner won't affect any security program unless it is bogus.

You can find the AdwCleaner log by going to the root of the C drive (assuming your main drive is C). There you will find an AdwCleaner folder, with the log inside it. Double click the log to open it in NotePad, then copy the text. You can do this using "Edit > Select All", then "Edit > Copy".

When you come on here you use the keys Ctrl + V and it will paste it in (that's a universal paste command).

How did you get on with MalwareBytes and have the ads stopped?

Always pop back and let us know the outcome - thanks

message edited by Derek



#1
March 21, 2015 at 13:47:22
try adblock freebie thats what i have

Davidw


Report •

#2
March 21, 2015 at 14:34:52
Possibly malware, please run these two:

MalwareBytes:
http://filehippo.com/download_malwa...
(green Download button top right - not anything else on the page)
Run the program but before doing the scan go to "Settings > Detection and Protection" and put a checkmark in "Scan for rootkits". Quarantine anything it finds.

ADWCleaner:
http://www.bleepingcomputer.com/dow...
(blue Download button near top - not anything else on the page).
Download and "Save" the file somewhere. Go to the saved file then double click it to run the Scan. You then have options to remove whatever it shows under each heading in the table that appears below, although it is usually safe to run "Cleaning".

If either find anything please copy/paste the logs on here, even if the symptoms are fixed.

Always pop back and let us know the outcome - thanks


Report •

#3
March 22, 2015 at 08:58:20
I'll do that once I've removed malware. Thanks. I'm learning a lot!

Report •

Related Solutions

#4
March 22, 2015 at 09:41:04
I've been downloading the file from filehippo for about an hour, getting concerned. Can't find "settings" on my computer. Time to call in some younger relatives, I think. Your directions might help them clean up my mess. I'll report progress later today.

Report •

#5
March 22, 2015 at 10:02:02
Downloading MalwareBytes should only take about a minute and it is very easy. It is probably malware or a virus that is deliberately stopping you (MalwareBytes is well known by malware writers so they block it). Try ADWCleaner first - that might get you out of this hole and then allow you to run MalwareBytes afterwards.

[Going to settings is something you do from MalwareBytes after it is installed. You can forget that for now if you wish - it can be done later if necessary].

Let us know how you get on - we can keep helping if you have issues with our suggestions (many other ways forward). Just keep in touch.

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

#6
March 22, 2015 at 18:40:11
I can't find a way to copy logs to show you, but adwcleaner found a ton of problems. Maybe some of my security program, but I know how to update that or my son can do it for me. Thanks. (sorry to be slow, fighting stomach viruses here as well as computer ones.)

Report •

#7
March 22, 2015 at 19:05:08
✔ Best Answer
AdwCleaner won't affect any security program unless it is bogus.

You can find the AdwCleaner log by going to the root of the C drive (assuming your main drive is C). There you will find an AdwCleaner folder, with the log inside it. Double click the log to open it in NotePad, then copy the text. You can do this using "Edit > Select All", then "Edit > Copy".

When you come on here you use the keys Ctrl + V and it will paste it in (that's a universal paste command).

How did you get on with MalwareBytes and have the ads stopped?

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

#8
March 22, 2015 at 19:08:18
I've just edited my #7 above so take another look in case it changed since you saw it.

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

#9
March 22, 2015 at 19:10:34
I figured the avg stuff was bogus & had it removed, so thanks for the confirmation, whew! After it really ran & restarted computer, it ran a log on a notepad. Here goes: ***** [ Services ] *****

Service Deleted : APNMCP
Service Deleted : SWUpdater
Service Deleted : vToolbarUpdater18.3.0
Service Deleted : StormWatch Update Service

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Activeris
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\AskPartnerNetwork
Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activeris AntiMalware
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StormWatch
Folder Deleted : C:\Program Files\Activeris AntiMalware
Folder Deleted : C:\Program Files\AskPartnerNetwork
Folder Deleted : C:\Program Files\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files\AVG Security Toolbar
Folder Deleted : C:\Program Files\StormWatch
Folder Deleted : C:\Program Files\WSE_Binkiland
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Windows\system32\SearchProtect
Folder Deleted : C:\Users\MOIRAR~1\AppData\Local\Temp\AirInstaller
Folder Deleted : C:\Users\MOIRAR~1\AppData\Local\Temp\apn
Folder Deleted : C:\Users\MOIRAR~1\AppData\Local\Temp\Round World
Folder Deleted : C:\Users\Moira Rawson\AppData\Local\AskPartnerNetwork
Folder Deleted : C:\Users\Moira Rawson\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Moira Rawson\AppData\Local\StormWatch
Folder Deleted : C:\Users\Moira Rawson\AppData\Local\Weather_Protector_LLC
Folder Deleted : C:\Users\Moira Rawson\AppData\Local\Binkiland
Folder Deleted : C:\Users\Moira Rawson\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Moira Rawson\AppData\Roaming\Activeris
Folder Deleted : C:\Users\Moira Rawson\AppData\Roaming\pdfforge
Folder Deleted : C:\Users\Moira Rawson\AppData\Roaming\WSE_Binkiland
Folder Deleted : C:\Users\Moira Rawson\Documents\Optimizer Pro
Folder Deleted : C:\Users\Moira Rawson\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfjgekpddapedobkjbmeefnjofabigbi
File Deleted : C:\Windows\Reimage.ini
File Deleted : C:\Users\Moira Rawson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatch.lnk
File Deleted : C:\Users\Moira Rawson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Deleted : C:\Users\Moira Rawson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
File Deleted : C:\Users\Moira Rawson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage-journal
File Deleted : C:\Users\Moira Rawson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage
File Deleted : C:\Users\Moira Rawson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_toolbar.avg.com_0.localstorage-journal

***** [ Scheduled tasks ] *****

Task Deleted : Activeris AntiMalware_startup
Task Deleted : driverupdate startup
Task Deleted : Wse_binkiland

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaahaeginbdcckocjkhbciadcafnep
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pljcgbedjplidkdjahbaalanadmjfgop
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaahlfahldnilidgnlikdckbfehhca
Key Deleted : HKCU\Software\Google\Chrome\Extensions\elggllhppljlljkgfeokjpehmdamkejk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\elggllhppljlljkgfeokjpehmdamkejk
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKCU\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform
Key Deleted : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\AskPartnerNetwork
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\Reimage
Key Deleted : HKCU\Software\StormWatchApp
Key Deleted : HKCU\Software\Binkiland Browser
Key Deleted : HKCU\Software\WSE_Binkiland
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\AskPartnerNetwork
Key Deleted : HKLM\SOFTWARE\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Reimage
Key Deleted : HKLM\SOFTWARE\StormWatchApp
Key Deleted : HKLM\SOFTWARE\StormWatch
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\StormWatch
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WSE_Binkiland
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4F524A2D-5354-2D53-5045-A758B70C1801}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\binkiland.com

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17689

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Google Chrome v41.0.2272.101


*************************

AdwCleaner[R0].txt - [9139 bytes] - [22/03/2015 19:51:35]
AdwCleaner[S0].txt - [8891 bytes] - [22/03/2015 19:55:10]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8950 bytes] ##########


Report •

#10
March 22, 2015 at 19:19:44
In view of that lot best run this too:

Junkware Removal Tool (JRT)
http://www.bleepingcomputer.com/dow...
(blue Download button near top - not anything else on the page).
Download and "Save" the file somewhere. Go to the saved file then double click it to run JRT. It might appear to have stopped at times or flash the screen but sit tight until it has finished. Copy paste that log too please.

Ideally do this one before MalwareBytes (if it will now run) but the order is no big deal if it's too late.

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

#11
March 22, 2015 at 19:28:18
Got to nip off to bed now (early hours here in the UK). In the meantime a Johnw might chime in and take this further. Hope your stomach is holding up, if not take a break.

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

#12
March 22, 2015 at 19:51:12
Thanks Derek, I'm here.

Hi Grammi, still more cleaning to be done.

Next step.

Step 2: Run Junkware Removal Tool
http://www.softpedia.com/get/Securi...
http://www.bleepingcomputer.com/dow...
http://thisisudax.blogspot.com.au/2...
Download Junkware Removal Tool onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Warning! Once the scan is complete JRT will shut down your browser with NO warning.
Shut down your protection software now to avoid potential conflicts.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan.
Click this link to see a list of security programs that should be disabled and how to disable them.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7/8, right-click JRT and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved onto your Desktop and will automatically open.
Copy and Paste the contents of the JRT.txt log please.


Report •

#13
March 22, 2015 at 20:16:17
Successfully ran junk remover tool & will copy log. Thanks SOOO much. When my computer starts, it's fast, & I can read emails without ad popping up in front of them! I feel like I got my computer back. Calling it a night, too, a fruitful day. Everyone is feeling better here. You were my angel today. Log: ~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

Successfully deleted: [File] C:\Windows\System32\Tasks\UPDTEXE4_WDR
Successfully deleted: [File] "C:\Windows\System32\Tasks\ai_updater"
Successfully deleted: [File] "C:\Windows\System32\Tasks\boosterpop"
Successfully deleted: [File] C:\Windows\System32\Tasks\DriverUpdate Scan
Successfully deleted: [File] "C:\Windows\System32\Tasks\ieerror"
Successfully deleted: [File] C:\Windows\Tasks\DriverUpdate Scan.job

~~~ Folders

~~~ Chrome

Successfully deleted: [Folder] C:\Users\Moira Rawson\appdata\local\Google\Chrome\User Data\Default\Extensions\hfjgekpddapedobkjbmeefnjofabigbi

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 03/22/2015 at 21:09:53.62
End of JRT log


Report •

#14
March 22, 2015 at 20:26:12
Good news Grammi, when you are back online, here is your next step.

Treat your infections like a cancer, until you remove it all......

Run RogueKiller
http://www.softpedia.com/get/Securi...
http://majorgeeks.com/RogueKiller_d...
http://www.geekstogo.com/forum/file...
http://tigzy.geekstogo.com/roguekil...
http://www.sur-la-toile.com/RogueKi...
User Guide
http://www.adlice.com/softwares/rog...
Official tutorial
http://www.adlice.com/softwares/rog...
How to Temporarily Disable your Anti-virus
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
If RogueKiller won't run, open IE & turn off SmartScreen Filter.
http://windows.microsoft.com/en-AU/...
Download & SAVE to your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Quit all programs that you may have started.
Shutdown your antivirus to avoid any conflicts.
Please disconnect any USB or external drives from the computer before you run this scan!
For Vista or Windows 7/8, right-click and select "Run as Administrator to start"

For Windows XP, double-click to start.
Wait until Prescan has finished ...
Then Click on "Scan" button
Wait until the Status box shows "Scan Finished"
Anything that is not checked, leave it unchecked.
Click on "Delete"
Wait until the Status box shows "Deleting Finished"
Click on "Report" and Copy & Paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop.
Exit/Close RogueKiller.
When completed make sure to re-enable your antivirus.


Report •

Ask Question