Page 1 of 2 12 LastLast
Results 1 to 10 of 12
  1. #1
    Member Oddjob's Avatar
    Join Date
    May 2004
    Location
    London, U.K.
    Posts
    1,979
    Points
    248

    Default odd thing appearing onscreen

    This is becoming more of an annoyance and I can't figure it out.

    More and more often, when I open a new webpage, a white box pops up at the foot of the screen, immediately above the taskbar.

    For example, this is what I got when clicking on the H2G home page to make this post.....




    I click on the "X" and the white box disappears.

    I have tried clicking on the word "disable" but it doesn't seem to do anything.

    There seems to be no pattern to this that I can see.

    Any thoughts on where this comes from and how to stop it? I will post HJT/Malwarebytes/Superatispyware logs if required.

    Thanks.
    PLEASE DONATE. Help keep our site alive without ads.

    Help keep your computer protected. Read this > http://www.help2go.com/article152.html

  2. #2
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,173
    Points
    1307

    Default

    Post the logs please.

    In addition to those logs, please see instructions below and post that log too.

    Download AdwCleaner
    • Double click on AdwCleaner.exe to run the tool.
      ***Note: Windows Vista and Windows 7 users:
      Right click in the adwCleaner.exe and select
    • Click the Search button.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your next reply.
    • Or you can find the logfile at C:\AdwCleaner[R1].txt.


    Joe

  3. #3
    Member Oddjob's Avatar
    Join Date
    May 2004
    Location
    London, U.K.
    Posts
    1,979
    Points
    248

    Default

    Ok.Will do Joe although the logs look clean.

    By the way I tried this evening - this mysterious white box only appears in Firefox, my default browser. not IE.

    Hmm....
    PLEASE DONATE. Help keep our site alive without ads.

    Help keep your computer protected. Read this > http://www.help2go.com/article152.html

  4. #4
    Member Oddjob's Avatar
    Join Date
    May 2004
    Location
    London, U.K.
    Posts
    1,979
    Points
    248

    Default

    Below are the logs from HJT, MBAM, SAS and ADWC.

    MBAM and SAS are both "full" scans not "quick scans.

    The one item found by SAS was deleted.

    If you have any more suggestions please let me know.

    Many thanks.


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 09:33:44, on 04/12/2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\IoctlSvc.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
    C:\program files\real\realplayer\update\realsched.exe
    C:\Program Files\AVAST Software\Avast\avastUI.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Stardock\CursorFX\CursorFX.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\DateInTray\DateInTray.exe
    C:\Program Files\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe
    C:\Program Files\Wisdom-soft ScreenHunter 6.0 Free\ScreenHunter.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by MSN & Bing
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
    O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [CursorFX] "C:\Program Files\Stardock\CursorFX\CursorFX.exe"
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Password Safe.lnk = C:\Program Files\Password Safe\pwsafe.exe
    O4 - Startup: ScreenHunter 6.0 Free.lnk = C:\Program Files\Wisdom-soft ScreenHunter 6.0 Free\ScreenHunter.exe
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Startup: TrayIconsOK.lnk = C:\Program Files\TrayIconsOK\TrayIconsOK.exe
    O4 - Global Startup: DateInTray.lnk = C:\Program Files\DateInTray\DateInTray.exe
    O4 - Global Startup: MBCameraMonitor.lnk = ?
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1228933538593
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1228933524000
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://akamaicdn.webex.com/client/W...nt/ieatgpc.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8560AF71-4247-429E-AB66-54E5FDA9E84D}: NameServer = 212.159.6.9,212.159.6.10
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Pervasive PSQL Workgroup Engine (psqlWGE) - Pervasive Software Inc. - C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Owner/LOCALS~1/Temp/msohtml1/01/clip_image001.gif

    --
    End of file - 12087 bytes


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    Malwarebytes Anti-Malware 1.65.1.1000
    Malwarebytes : Free anti-malware download

    Database version: v2012.12.04.04

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Owner :: HOME-DELL [administrator]

    04/12/2012 09:34:55
    mbam-log-2012-12-04 (09-34-55).txt

    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 389486
    Time elapsed: 6 hour(s), 43 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 12/04/2012 at 11:17 PM

    Application Version : 5.6.1014

    Core Rules Database Version : 9680
    Trace Rules Database Version: 7492

    Scan type : Complete Scan
    Total Scan Time : 06:28:47

    Operating System Information
    Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
    Administrator

    Memory items scanned : 675
    Memory threats detected : 0
    Registry items scanned : 42486
    Registry threats detected : 0
    File items scanned : 54130
    File threats detected : 1

    Adware.Tracking Cookie
    C:\Documents and Settings\Owner\Cookies\NWK4QBOK.txt [ /accounts.google.com ]


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    # AdwCleaner v2.011 - Logfile created 12/04/2012 at 09:26:38
    # Updated 02/12/2012 by Xplode
    # Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
    # User : Owner - HOME-DELL
    # Boot Mode : Normal
    # Running from : C:\Documents and Settings\Owner\Desktop\adwcleaner.exe
    # Option [Search]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Folder Found : C:\Documents and Settings\All Users\Application Data\Tarma Installer
    Folder Found : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\4vrxglu6.default\extensions\plugin@yontoo.com
    Folder Found : C:\Documents and Settings\Owner\Application Data\pdfforge
    Folder Found : C:\Program Files\Yontoo

    ***** [Registry] *****

    Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
    Key Found : HKCU\Software\Search Settings
    Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
    Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Found : HKLM\SOFTWARE\Classes\S
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
    Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
    Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
    Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
    Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
    Key Found : HKLM\Software\Freeze.com
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    Key Found : HKLM\Software\pdfforge
    Key Found : HKLM\Software\Search Settings
    Key Found : HKLM\Software\Tarma Installer
    Key Found : HKU\S-1-5-21-1085031214-1935655697-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.6001.18702

    [OK] Registry is clean.
    PLEASE DONATE. Help keep our site alive without ads.

    Help keep your computer protected. Read this > http://www.help2go.com/article152.html

  5. #5
    Member Oddjob's Avatar
    Join Date
    May 2004
    Location
    London, U.K.
    Posts
    1,979
    Points
    248

    Default

    More information which may help you get to the bottom of this annoyance.

    If I right click on that odd image and hover over "This Frame" a side menu comes up where I can choose various options. Three of them are as as follows:


    1. If I click on "Open Frame in New Tab" I am presented with a blank webpage and this URL at the top >

    "http://edge.omnitwig.com/app/category.htm?zone=990&cat=244,289&l=http%3A%2F%2Fwww.help2go.com"



    2. If I click on "View Frame Source" I get this......

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <title></title>
    <style type="text/css">
    html, body
    {
    margin: 0;
    border: 0;
    padding: 0;
    }
    </style>
    <script type="text/javascript">
    (function () {
    var W = window, D = document, zone, cat, loc;
    var queries = W.location.search.substr(1).split('&');
    for (var i = 0; i < queries.length; i++) {
    var p = queries[i].split('=');
    var k = p.shift();
    if (k == 'zone') zone = decodeURIComponent(p.shift().replace(/\+/g, ' '));
    if (k == 'cat') cat = decodeURIComponent(p.shift().replace(/\+/g, ' '));
    if (k == 'l') loc = decodeURIComponent(p.shift().replace(/\+/g, ' '));
    }

    W.url = 'http://openx.jeetyetmedia.com/www/delivery/ajs.php?cb=' + Math.random() + '&zoneid=' + zone + '&category=' + cat;
    W.onload = function () {
    W.top.postMessage(Math.max(D.body.children.length - 2, 0), loc);
    };
    })();
    </script>
    </head>
    <body>
    <script type="text/javascript">
    (function () {
    var url = window.url;
    try {
    delete window.url;
    } catch (ex) { }
    document.write('<scr' + 'ipt type="text/javascript" src="' + url + '">');
    document.write('<\/scr' + 'ipt>');
    })();
    </script>
    </body>
    </html>

    3. If I click on "View Frame Info" I get this .......

    PLEASE DONATE. Help keep our site alive without ads.

    Help keep your computer protected. Read this > http://www.help2go.com/article152.html

  6. #6
    Member Oddjob's Avatar
    Join Date
    May 2004
    Location
    London, U.K.
    Posts
    1,979
    Points
    248

    Default

    Could this be a java issue?

    I examined my Firefox cache by typing "about:cache" in the browser address bar. I noticed several entries related to edge.omnitwig.com which I believe is the source of the problem.

    I cleared my cache removing all entries. No mention of omnitwig.


    Next I returned here to H2G and the pop up returned immediately.

    These are some of are the new entries appearing in my Firefox "about:cache".....



    I noticed that "js" appears at the end of some entries.


    What can I do about this?

    Many thanks for your help.
    PLEASE DONATE. Help keep our site alive without ads.

    Help keep your computer protected. Read this > http://www.help2go.com/article152.html

  7. #7
    Member Oddjob's Avatar
    Join Date
    May 2004
    Location
    London, U.K.
    Posts
    1,979
    Points
    248

    Default

    ALL FIXED.

    Sorry to have wasted your time.


    >> Solution (I'm sure you're all desperate to know).......

    I noticed "jeetyetmedia" in the "View Frame Source" information above.

    Goggled that and came across other folk complaining of a virus is called YonToo PageRage.

    Found a YonToo program .exe file on my computer and used Revo Unisntaller to remove all traces of it. Completely.

    That pop up no longer appears when I visit H2G so it looks like it's fixed.

    I have no idea how that .exe file got on to my computer but I can only guess my daughter was using the machine and went somewhere she shouldn't.


    If I still have trouble on other webpages I'll let you know.

    Thanks again.
    PLEASE DONATE. Help keep our site alive without ads.

    Help keep your computer protected. Read this > http://www.help2go.com/article152.html

  8. The Following 2 Users Say Thank You to Oddjob For This Useful Post:


  9. #8
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    Ho Oddjob,

    No waste of time at all! I've never seen that before! This will definitely help others and I learned something, too! If you'd like, you could also run AdwCleaner again and choose Delete this time to see if Revo missed anything. PUP.Yontoo is in the change log for that tool. Nice tool! If you do decide to run AdwCleaner to Delete, please post the log. I'm curious to see if it finds anything that Revo might have missed.

    Donna
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  10. #9
    Member Oddjob's Avatar
    Join Date
    May 2004
    Location
    London, U.K.
    Posts
    1,979
    Points
    248

    Default

    Hi Donna

    I ran that tool again , as you recommended. The log is reproduced below.

    Note...I have NOT "deleted" anything; I only ran the tool and posted the results here.........



    # AdwCleaner v2.011 - Logfile created 12/05/2012 at 13:53:21
    # Updated 02/12/2012 by Xplode
    # Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
    # User : Owner - HOME-DELL
    # Boot Mode : Normal
    # Running from : C:\Documents and Settings\Owner\Desktop\Program shortcuts\adwcleaner.exe
    # Option [Search]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Folder Found : C:\Documents and Settings\All Users\Application Data\Tarma Installer
    Folder Found : C:\Documents and Settings\Owner\Application Data\pdfforge

    ***** [Registry] *****

    Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
    Key Found : HKCU\Software\Search Settings
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Found : HKLM\SOFTWARE\Classes\S
    Key Found : HKLM\Software\Freeze.com
    Key Found : HKLM\Software\pdfforge
    Key Found : HKLM\Software\Search Settings
    Key Found : HKLM\Software\Tarma Installer
    Key Found : HKU\S-1-5-21-1085031214-1935655697-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.6001.18702

    [OK] Registry is clean.

    -\\ Mozilla Firefox v17.0.1 (en-US)

    Profile name : default [Profil par défaut]
    File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\4vrxglu6.default\prefs.js

    [OK] File is clean.

    -\\ Opera v [Unable to get version]

    File : C:\Documents and Settings\Owner\Application Data\Opera\Opera\operaprefs.ini

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [3770 octets] - [04/12/2012 09:26:38]
    AdwCleaner[R2].txt - [2015 octets] - [05/12/2012 13:53:21]

    ########## EOF - C:\AdwCleaner[R2].txt - [2075 octets] ##########



    Do I need to do anything more?
    PLEASE DONATE. Help keep our site alive without ads.

    Help keep your computer protected. Read this > http://www.help2go.com/article152.html

  11. #10
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    Personally, I would allow the tool to delete everything that was found in the log above.

    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

Page 1 of 2 12 LastLast