Apiandfree Posted February 22, 2019 ID:1300118 Share Posted February 22, 2019 I'm stuck with a popup AD Googlechrome. exratorrent.ag . Everybody on different forum told me to use Malwarebytes but nothing change after the scan and repair. Maybe I will find a solution around here? Thanks in advance! M-A Link to post Share on other sites More sharing options...
nasdaq Posted February 24, 2019 ID:1300415 Share Posted February 24, 2019 Hello, Welcome to Malwarebytes. I'm nasdaq and will be helping you. If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed. === Download the version of this tool for your operating system.Farbar Recovery Scan Tool (64 bit)Farbar Recovery Scan Tool (32 bit) and save it to a folder on your computer's Desktop. Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. How to attach a file to your reply: In the Reply section in the bottom of the topic Click the "more reply Options" button. Attach the file. Select the "Choose a File" navigate to the location of the File.Click the file you wish to Attach.Click Attach this file.Click the Add reply button. === Please post the logs for my review. Wait for further instructions Link to post Share on other sites More sharing options...
Apiandfree Posted February 24, 2019 Author ID:1300446 Share Posted February 24, 2019 I Nasdaq, Done! FRST 1.txt Addition 2.txt Link to post Share on other sites More sharing options...
nasdaq Posted February 24, 2019 ID:1300471 Share Posted February 24, 2019 Hi, There is a small error in the FRST version you used. The program was just recently updated. Delete your version and Download the new version from this site. Download the Farbar Recovery Scan Tool (FRST).Choose the 32 or 64 bit version for your system. Scan the computer and post only the FRST.TXT log for my review. Link to post Share on other sites More sharing options...
Apiandfree Posted February 24, 2019 Author ID:1300479 Share Posted February 24, 2019 Just finish but I have run Malwarebytes with a very complete scan, and since the last scan, Malware find 2 suspect files. Did not see the pop ad since I restart my computer! I join my FRST . Thanks FRST final 2.txt Link to post Share on other sites More sharing options...
Apiandfree Posted February 25, 2019 Author ID:1300542 Share Posted February 25, 2019 Popup chrome extratorrent is back... Link to post Share on other sites More sharing options...
nasdaq Posted February 25, 2019 ID:1300575 Share Posted February 25, 2019 Hi, Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from. The location is listed in the 3rd line of the FRST.txt log you have submitted. Run FRST and click Fix only once and wait. The tool will create a log (Fixlog.txt) please post it to your reply. === If the problem persists IN CHROME and you Sync Chrome with other devices reset the Sync. Read this article and proceed. Chrome Secure Preferences detection always comes backhttps://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/ <<<>>> If the problem persists in IE disable the Sync.https://www.thewindowsclub.com/sync-internet-explorer-settings-windows-8-1-devices Close IE. Restart the Internet Explorer and re-sync you devices if you need them. <<<>>> Please post the Fixlog.txt and let me know what problem persists. fixlist.txt Link to post Share on other sites More sharing options...
Apiandfree Posted March 2, 2019 Author ID:1301628 Share Posted March 2, 2019 Hello Nasdaq, I'm back i did not have the time last week so here I am with the result.fixlist.txt Link to post Share on other sites More sharing options...
nasdaq Posted March 3, 2019 ID:1301739 Share Posted March 3, 2019 HI, Sorry but I was expecting the Fixlog.txt. Post it for may review. How is the computer running? Link to post Share on other sites More sharing options...
Apiandfree Posted March 3, 2019 Author ID:1301771 Share Posted March 3, 2019 I thought I join the file, I just see that you are from Montreal do you speak french? fixlist.txt Link to post Share on other sites More sharing options...
Apiandfree Posted March 3, 2019 Author ID:1301772 Share Posted March 3, 2019 I'm still stuck with the Popup! :-( Start:: CreateRestorePoint: EmptyTemp: CloseProcesses: CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-1276972147-3723255965-2402248701-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Toolbar: HKU\S-1-5-21-1276972147-3723255965-2402248701-1000 -> Pas de nom - {472734EA-242A-422B-ADF8-83D1E48CC825} - Pas de fichier FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\virtualKeyboard@kaspersky.ru => non trouvé(e) FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ru => non trouvé(e) FF HKLM-x32\...\Thunderbird\Extensions: [{eea12ec4-729d-4703-bc37-106ce9879ce2}] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\THBExt => non trouvé(e) U3 idsvc; pas de ImagePath ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> Pas de fichier Task: {07655023-1A62-4846-865D-D51509671664} - \Microsoft\Windows\UNP\RunCampaignManager -> Pas de fichier <==== ATTENTION Task: {8BADD9D1-41F5-4F89-9655-0198186D8E60} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Pas de fichier <==== ATTENTION AlternateDataStreams: C:\ProgramData\TEMP:1DA424AA [248] AlternateDataStreams: C:\ProgramData\TEMP:430C6D84 [127] AlternateDataStreams: C:\ProgramData\TEMP:49F896E9 [140] AlternateDataStreams: C:\ProgramData\TEMP:4A9FA516 [290] AlternateDataStreams: C:\ProgramData\TEMP:5CE91C67 [140] AlternateDataStreams: C:\ProgramData\TEMP:61F0C8FB [118] AlternateDataStreams: C:\ProgramData\TEMP:8944C195 [270] AlternateDataStreams: C:\ProgramData\TEMP:B54E4B5A [270] AlternateDataStreams: C:\ProgramData\TEMP:C5CE2DF6 [248] AlternateDataStreams: C:\ProgramData\TEMP:D6255023 [128] AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2 [121] AlternateDataStreams: C:\ProgramData\TEMP:E2CB42C9 [114] AlternateDataStreams: C:\ProgramData\TEMP:FC2E567F [352] HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (Pas de fichier) FirewallRules: [{C5A5BA69-2C57-4C4F-9CEE-C9EEF570796A}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe Pas de fichier FirewallRules: [{245BD937-36F9-4DE6-B88F-6E459E5488AB}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe Pas de fichier FirewallRules: [{0BBBA7DF-61D0-4352-86CB-58566397BE14}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe Pas de fichier FirewallRules: [{2EDD6EA5-E52A-4B78-AFEF-EB674A4DF8B4}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe Pas de fichier FirewallRules: [{1835C4A1-5CF5-4CD3-A96A-97853560A944}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe Pas de fichier FirewallRules: [UDP Query User{C7AAD896-95E2-4B25-8A29-532E39C59E84}C:\users\marc-andré\appdata\local\skypeplugin\7.12.0.55\pluginhost.exe] => (Allow) C:\users\marc-andré\appdata\local\skypeplugin\7.12.0.55\pluginhost.exe Pas de fichier FirewallRules: [TCP Query User{143FAA0A-520D-41E2-8BD9-359B08C690CF}C:\users\marc-andré\appdata\local\skypeplugin\7.12.0.55\pluginhost.exe] => (Allow) C:\users\marc-andré\appdata\local\skypeplugin\7.12.0.55\pluginhost.exe Pas de fichier FirewallRules: [{809E96C6-DE5F-47D4-AE2B-1F090EBEB2F2}] => (Allow) C:\Users\Marc-André\AppData\Local\Temp\7zS4475\HPDiagnosticCoreUI.exe Pas de fichier FirewallRules: [{2362A45B-31F7-4C36-9D97-7CF355756427}] => (Allow) C:\Users\Marc-André\AppData\Local\Temp\7zS4475\HPDiagnosticCoreUI.exe Pas de fichier FirewallRules: [{A05CB260-5B6D-4DAD-9B73-3BB682A70F6A}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe Pas de fichier FirewallRules: [{454CE501-3A85-4F8A-B440-A9541A1F8D73}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe Pas de fichier FirewallRules: [{73526AF9-8CF0-4E96-B295-E7C71CE75E3D}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe Pas de fichier FirewallRules: [{4155AF60-AA0A-46C3-B929-08BEF0526C5B}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe Pas de fichier FirewallRules: [UDP Query User{4D28A78C-C34A-460E-AC20-C61206C18E48}C:\program files\guillemot\hdjtray\hdjseries2traybar.exe] => (Block) C:\program files\guillemot\hdjtray\hdjseries2traybar.exe Pas de fichier FirewallRules: [TCP Query User{4B3959D6-43EB-424D-9E63-17E0A60C4DB1}C:\program files\guillemot\hdjtray\hdjseries2traybar.exe] => (Block) C:\program files\guillemot\hdjtray\hdjseries2traybar.exe Pas de fichier FirewallRules: [UDP Query User{1C8B1502-698C-4CD0-BFB0-272D0B229669}C:\games\world_of_warplanes\wowplauncher.exe] => (Allow) C:\games\world_of_warplanes\wowplauncher.exe Pas de fichier FirewallRules: [TCP Query User{64B9F5AF-4269-4E8E-A3ED-8466A1063EDA}C:\games\world_of_warplanes\wowplauncher.exe] => (Allow) C:\games\world_of_warplanes\wowplauncher.exe Pas de fichier FirewallRules: [UDP Query User{FAAC1EC8-45A2-49A4-9503-56296BE45D77}C:\program files\guillemot\hdjtray\hdjseries2traybar.exe] => (Allow) C:\program files\guillemot\hdjtray\hdjseries2traybar.exe Pas de fichier FirewallRules: [TCP Query User{EC2479BF-9855-4CFC-913C-BFBFB94A2721}C:\program files\guillemot\hdjtray\hdjseries2traybar.exe] => (Allow) C:\program files\guillemot\hdjtray\hdjseries2traybar.exe Pas de fichier FirewallRules: [{80F922BF-95A1-4ECA-9EA2-FA7BD7486C66}] => (Allow) C:\Windows\SysWOW64\msiexec.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{3B1E5FD6-14B6-4A13-BACB-DBE25D8DDA7D}] => (Allow) C:\Windows\SysWOW64\msiexec.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{57BA4CBE-0D5E-42AB-A44A-6526A3C0ABD4}] => (Allow) D:\RouterSetup\QISWizard.exe Pas de fichier FirewallRules: [{68250A7C-115E-4D46-A458-4C2849A40E55}] => (Allow) D:\RouterSetup\QISWizard.exe Pas de fichier FirewallRules: [{0839DF4E-1368-419C-B5C8-AB34E16CD7AB}] => (Allow) D:\RouterSetup\QISWizard.exe Pas de fichier FirewallRules: [{AE31BC07-D80F-4803-908C-112FFE7A04BE}] => (Allow) D:\RouterSetup\QISWizard.exe Pas de fichier FirewallRules: [{1532609B-FB42-487D-8DCC-28C9A21D65E5}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe Pas de fichier FirewallRules: [{219A3A6D-822C-41AF-8EB2-06B0F218EE2A}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe Pas de fichier FirewallRules: [{020F07D4-7C52-451A-A411-EA7DAFE814E3}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe Pas de fichier FirewallRules: [{3CC116A8-81C9-4B98-B4B7-C1237113234D}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe Pas de fichier FirewallRules: [{8769984C-10E6-46D4-8AB4-3660FB5E2DC6}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe Pas de fichier FirewallRules: [{36EEE95F-8C64-4C0E-9260-D343A534D5A8}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe Pas de fichier FirewallRules: [{A4D0FFB5-303D-4FEE-8BA8-1CC526E5EA2C}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe Pas de fichier FirewallRules: [{EBEF7409-4E3A-4398-BF28-4B9E5F95C67F}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe Pas de fichier FirewallRules: [UDP Query User{4F54B6D1-5435-4786-B308-6438989EBF76}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe] => (Allow) C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe Pas de fichier FirewallRules: [TCP Query User{0FCFA8CB-F1C0-477C-8906-4E0A3E3CBD41}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe] => (Allow) C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe Pas de fichier Reboot: End:: Link to post Share on other sites More sharing options...
nasdaq Posted March 3, 2019 ID:1301807 Share Posted March 3, 2019 I was expecting the Fixlog.txt please post it. Link to post Share on other sites More sharing options...
Apiandfree Posted March 3, 2019 Author ID:1301810 Share Posted March 3, 2019 Sorry Nasdaq but I thought that was the fixlog. I need more explanition and I will do my best. By the way,thanks for taking the time! Link to post Share on other sites More sharing options...
Apiandfree Posted March 8, 2019 Author ID:1302716 Share Posted March 8, 2019 Popup publicity going big time in my left windows. I know I did not send you the right things but I'm doing my best. M-A Link to post Share on other sites More sharing options...
nasdaq Posted March 8, 2019 ID:1302787 Share Posted March 8, 2019 Hello, Welcome to Malwarebytes. I'm nasdaq and will be helping you. If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed. === Mon Francais ecrit n'est pas tres bon. J'ai traduit avec ImTranslator. Pour Chrome:https://chrome.google.com/webstore/detail/imtranslator-translator-d/noaijdpnepcgjemiklgfkcfbkokogabh?hl=en Pour Firefox:https://addons.mozilla.org/en-US/firefox/addon/imtranslator/ === Traduction de mes instructions au poste No. & Téléchargez le fichier Fixlist.txt ci-joint dans le même dossier que celui où est exécuté l'outil Farbar. L'emplacement est répertorié dans la 3ème ligne du journal FRST.txt que vous avez soumis. (Exécuté depuis C:\Users\Marc-André\Desktop) Exécutez FRST et cliquez sur Fix une seule fois et attendez. L'outil créera un journal (Fixlog.txt), joignez-le à votre réponse suivante, comme les autres dans votre message n ° 3.. === Popups.... Si le problème persiste dans Firefox et que vous effectuez une synchronisation avec d'autres appareils, réinitialisez-le.https://support.mozilla.org/en-US/kb/how-do-i-set-sync-my-computer Lorsque tout va bien, vous pouvez resynchroniser vos appareils. laissez-moi savoir si le problème persiste. === Link to post Share on other sites More sharing options...
Apiandfree Posted March 12, 2019 Author ID:1303375 Share Posted March 12, 2019 Je suis en dehors de la ville pour quelques jours, je vais faire le tout à mon retour. Merci Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 16, 2019 Root Admin ID:1304039 Share Posted March 16, 2019 Please post an update soon. If your topic does get closed @Apiandfree and you're ready to work on the issue, then please send me a private message and I can reopen your topic. Thank you Ron Link to post Share on other sites More sharing options...
Apiandfree Posted March 19, 2019 Author ID:1304586 Share Posted March 19, 2019 On 3/15/2019 at 8:44 PM, AdvancedSetup said: Please post an update soon. If your topic does get closed @Apiandfree and you're ready to work on the issue, then please send me a private message and I can reopen your topic. Thank you Ron On 3/8/2019 at 8:52 AM, nasdaq said: Hello, Welcome to Malwarebytes. I'm nasdaq and will be helping you. If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed. === Mon Francais ecrit n'est pas tres bon. J'ai traduit avec ImTranslator. Pour Chrome:https://chrome.google.com/webstore/detail/imtranslator-translator-d/noaijdpnepcgjemiklgfkcfbkokogabh?hl=en Pour Firefox:https://addons.mozilla.org/en-US/firefox/addon/imtranslator/ === Traduction de mes instructions au poste No. & Téléchargez le fichier Fixlist.txt ci-joint dans le même dossier que celui où est exécuté l'outil Farbar. L'emplacement est répertorié dans la 3ème ligne du journal FRST.txt que vous avez soumis. (Exécuté depuis C:\Users\Marc-André\Desktop) Exécutez FRST et cliquez sur Fix une seule fois et attendez. L'outil créera un journal (Fixlog.txt), joignez-le à votre réponse suivante, comme les autres dans votre message n ° 3.. === Popups.... Si le problème persiste dans Firefox et que vous effectuez une synchronisation avec d'autres appareils, réinitialisez-le.https://support.mozilla.org/en-US/kb/how-do-i-set-sync-my-computer Lorsque tout va bien, vous pouvez resynchroniser vos appareils. laissez-moi savoir si le problème persiste. === Did you received my files I don't see it? On 3/8/2019 at 8:52 AM, nasdaq said: Hello, Welcome to Malwarebytes. I'm nasdaq and will be helping you. If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed. === Mon Francais ecrit n'est pas tres bon. J'ai traduit avec ImTranslator. Pour Chrome:https://chrome.google.com/webstore/detail/imtranslator-translator-d/noaijdpnepcgjemiklgfkcfbkokogabh?hl=en Pour Firefox:https://addons.mozilla.org/en-US/firefox/addon/imtranslator/ === Traduction de mes instructions au poste No. & Téléchargez le fichier Fixlist.txt ci-joint dans le même dossier que celui où est exécuté l'outil Farbar. L'emplacement est répertorié dans la 3ème ligne du journal FRST.txt que vous avez soumis. (Exécuté depuis C:\Users\Marc-André\Desktop) Exécutez FRST et cliquez sur Fix une seule fois et attendez. L'outil créera un journal (Fixlog.txt), joignez-le à votre réponse suivante, comme les autres dans votre message n ° 3.. === Popups.... Si le problème persiste dans Firefox et que vous effectuez une synchronisation avec d'autres appareils, réinitialisez-le.https://support.mozilla.org/en-US/kb/how-do-i-set-sync-my-computer Lorsque tout va bien, vous pouvez resynchroniser vos appareils. laissez-moi savoir si le problème persiste. === I dont understand I have place 2 times what you ask and I don't see it. Did you receveid my files? Link to post Share on other sites More sharing options...
Apiandfree Posted March 19, 2019 Author ID:1304587 Share Posted March 19, 2019 I don't no what happen but I was having problem sending you my files. Sorry for de delay I hope thi one is the good one. Fixlog.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 19, 2019 Root Admin ID:1304593 Share Posted March 19, 2019 Yes, that is the correct one @Apiandfree please wait and @nasdaq will be with you as soon as he comes back online. Link to post Share on other sites More sharing options...
nasdaq Posted March 19, 2019 ID:1304596 Share Posted March 19, 2019 HI, That went well. Any remaining issues with this computer? Link to post Share on other sites More sharing options...
Apiandfree Posted March 19, 2019 Author ID:1304597 Share Posted March 19, 2019 Yess still have pop up, like this one, now it's not only from extratorrent, but Youzik? Casino, girls, Computer alert, they even offer me to get rid of virus! Link to post Share on other sites More sharing options...
nasdaq Posted March 20, 2019 ID:1304677 Share Posted March 20, 2019 Hi, This looks like Adds from the notifications on the bottom and right side of some pages. Next time you see an add click on the notice on the right of the task bar. If you see a setting wheel open it and change the setting to stop the notifications. How to Disable Notifications in Google Chromehttps://gadgets.ndtv.com/apps/features/how-to-disable-notifications-in-google-chrome-643057 Add the site to your block list. ===== Let me know if our problem is solved. Link to post Share on other sites More sharing options...
Apiandfree Posted March 20, 2019 Author ID:1304734 Share Posted March 20, 2019 Hey Nasdaq, Hurry and a big thank you! No more Popup, and it was so simple but I'm not good enough to know those things. Thansk you soo much for taking the time to help me. A lot of trouble for not much, but you find the solution. Have a nice day! Api Link to post Share on other sites More sharing options...
nasdaq Posted March 21, 2019 ID:1304808 Share Posted March 21, 2019 Hey do not worry about it. I had the save issue. By trial and error I got it. The problem we are having with this is that every one is calling it a popup when actually it's a popup add disguise as a notification. Glad we could help. Link to post Share on other sites More sharing options...
Recommended Posts