Jump to content

Adware detected from downloading extension

Recommended Posts

I removed two PUPs using adwcleaner as a result of downloading an extension for my Firefox browser which is an an ad blocker for my Yahoo mail account. I should tell the developer about this, but I'm only assuming it was from this. There were two entries in my registry keys that adwcleaner found. The name of the Firefox extension is called Yahoo Mail Hide Ad Panel. The adware was removed. It found two entries in the registry keys.

***** [ Registry ] *****

Deleted       HKLM\Software\Wow6432Node\Classes\AppID\OverlayIcon.DLL
Deleted       HKLM\SOFTWARE\Classes\AppID\OverlayIcon.DLL

Then I reported a website that Malwarebytes blocked using Firefox when I was going on Yahoo. Below are some details from the Malwarebytes log. This happened when I temporarily disabled AdBlock in order to test out another browser extension for my email account:

  -Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Category: PUP
Domain: partners.cmptch.com
IP Address:
Port: [53089]
Type: Outbound
File: C:\Program Files\Mozilla Firefox\firefox.exe

I also ran adwcleaner again and also Rogue Killer, but they didn't find anything.

When I reported this to the forum initially, I was instructed to run  the Farber Recovery Scan Tool and I have attached those two logs here plus my latest Malwarebytes report.




Share this post

Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.


Share this post

Link to post
Share on other sites

Hi Nasdaq,

I followed your instructions and I am attaching the file Fixlog.txt to this reply below after running the FRST program and then clicked Fix.

I have not had the pop-up problem for a number of days, but I hope my computer is ok.



Share this post

Link to post
Share on other sites


Could you please explain in detail what the problem was? I noticed the FRST program removed a bunch of temporary files. What exactly happened? Was the problem with any specific programs like the browser extensions I had in Firefox? I noticed a Facebook adblock was listed. I deleted that extension.

Thank you.



Share this post

Link to post
Share on other sites


I removed what I would not keep in my computer.

Also I added a command to the fix to delete all files in \temp folders.

Glad to see that all is working fine.


Share this post

Link to post
Share on other sites
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.