New Computer & Pop-ups

[marykatepenczkowski]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.1 (07.16.2015:1)
OS: Windows 7 Home Premium x64
Ran by Joe on Wed 07/22/2015 at 21:03:27.92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Users\Joe\Appdata\Local\google\chrome\user data\default\local storage\hxxp_services.hearstmags.com_0.localstorage
Successfully deleted: [File] C:\Users\Joe\Appdata\Local\google\chrome\user data\default\local storage\hxxp_services.hearstmags.com_0.localstorage-journal
Successfully deleted: [File] C:\Users\Joe\Appdata\Local\google\chrome\user data\default\local storage\hxxp_www.superfish.com_0.localstorage
Successfully deleted: [File] C:\Users\Joe\Appdata\Local\google\chrome\user data\default\local storage\hxxp_www.superfish.com_0.localstorage-journal
Successfully deleted: [File] C:\Users\Joe\Appdata\Local\google\chrome\user data\default\local storage\hxxps_www.superfish.com_0.localstorage
Successfully deleted: [File] C:\Users\Joe\Appdata\Local\google\chrome\user data\default\local storage\hxxps_www.superfish.com_0.localstorage-journal



~~~ Folders



~~~ Chrome


[C:\Users\Joe\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Joe\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Joe\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Joe\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 07/22/2015 at 21:09:54.73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[Corrine]

Fix result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by Joe at 2015-07-22 20:48:30 Run:1
Running from C:\Users\Joe\Desktop
Loaded Profiles: Joe (Available Profiles: Joe)
Boot Mode: Normal
==============================================

fixlist content:
*****************

*****************


==== End of Fixlog 20:48:31 ====


this is what popped up after i did what you said. is this correct?

No.  Please open open fixlist.txt.  It should have the following in it.  If it doesn't, copy what is below, paste it in fixlist.txt, save and close and then double-click FRST again to run it.

start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
EmptyTemp:
end

[marykatepenczkowski]

Okay, Im only having one problem with the FRST fixlist.txt thing i click fix an dit says fixed the log can be found in the same place as the FRST is located and i cannot find it. but i think the last scan that you had me run fixed the popups ecause they havent been coming up and google is my homepage again. everything seems to be running like normal again. youre honestly a magician!

[Corrine]

Correct, FRST and fixlist.txt must be located in the same place.  FRST is now on the desktop:  Running from C:\Users\Joe\Desktop which means that fixlist.txt must be located at C:\Users\Joe\Desktop\fixlist.txt. 

Your choices:

1.  Move or create a new fixlist.txt and make sure it is located at/saved to C:\Users\Joe\Desktop.
2.  Call it finished and I'll give you instructions to clean up the tools we used.  :)

[marykatepenczkowski]

Yes please would you be able to give me some advice of keeping the viruses out?

[Corrine]

1.  Let's take care of removing the tools used:

Please download Delfix from here.

Ensure the following boxes are checked:

• Remove disinfection tools
  
• Create registry backup
  
• Purge system restore
  
  
• Click Run
  

The program will run for a few moments and then notepad will open with a log.   Please paste the log in your next reply.

2.  Please refer to the Safe Computing Practices and other recommendations in "So how did I get infected in the first place?".  It is ready for an update but should give you some helpful hints.

Also see Answers to common security questions - Best Practices - Anti-Virus and Anti-Malware Software by quietman7.

3.  It isn't so much "viruses" per se but PUPs (Potentially Unwanted Programs) that are hijacking your browser and giving pop-ups. This could be from downloading programs at websites such as download.com and others that bundle unwanted programs with the installer.  You may want to consider Unchecky. The object of the software is to keep potentially unwanted programs from being installed by automatically unchecking unrelated offers.  Unchecky also provides a warning when you try to accept a potentially unwanted offer.  The program automatically updates when a new version is available.

Although an older article by How-to Geek, it provides additional information about Unchecky:  How to Avoid Junkware Offers with Unchecky

Home Page:  Unchecky

Note:  Even with Unchecky, a "custom" install of software is still recommended.  It is also advised to continue watching each screen while installing software for anything that Unchecky may have missed.