Hi all, I'm having problems with wonderlandads.com popping up through firefox and I can't stop it, hopefully some of you good folks here will point me in the right direction. I've run, Spybot Search & Destroy, AVG, Trend housescan, (run in safe mode) to no avail. I've seen guides online but I do not have the registry keys that I am meant to have to delete and the guides tell me to down load a removal tool which I am not sure would be a good idea. I've deleted and reinstalled firefox and made sure there were no add ons used. I use Opera and Chrome too but have no problems with them. Anyone have any advice on what to do please? Thanks for any/all help
Don't know if this will be of use however it seems comprehensive enough http://www.virusresearch.org/remove-wonderlandads-com-pop-up-ads-chrome-firefox-ie/
Hi scorpNZ, I came across that guide but can find nothing in task manager and none of the registry keys either. Is the removal program legit or will it be likely to be more malware? Thanks for the reply.
Here are the results of a hijackthis scan: Boot mode: Normal Running processes: C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files (x86)\AVG\Framework\Common\avguix.exe C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe C:\Users\raffs\AppData\Local\Temp\scoped_dir10840_15878\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba15.msn.com/?pc=TBTE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit= O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office16\GROOVEEX.DLL O4 - HKLM\..\Run: [TSVU] "c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe" O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" O4 - HKLM\..\Run: [AvgUi] "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKCU\..\Run: [OneDrive] "C:\Users\raffs\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background O4 - HKCU\..\Run: [uTorrent] "C:\Users\raffs\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent O4 - HKCU\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe" O4 - HKCU\..\Run: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean O4 - HKCU\..\Run: [TunnelBear] C:\Program Files (x86)\TunnelBear\TunnelBear.UI.exe -autoconnect O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKCU\..\Run: [Speech Recognition] "C:\WINDOWS\Speech\Common\sapisvr.exe" -SpeechUX -Startup O4 - HKCU\..\RunOnce: [Application Restart #4] C:\Users\raffs\AppData\Local\Host App Service\Engine\HostAppService.exe /open4efc125e5bdfe64bf86cc73a85a9d56ebf10231c --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\raffs\AppData\Local\Host App Service\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\Office16\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office\Office16\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office16\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office16\ONBttnIE.dll O9 - Extra button: @%CommonProgramFiles%\Microsoft Shared\Office16\oregres.dll,-430 - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll O9 - Extra 'Tools' menuitem: @%CommonProgramFiles%\Microsoft Shared\Office16\oregres.dll,-430 - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office16\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office16\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\MSOXMLMF.DLL O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing) O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing) O23 - Service: AVG Antivirus - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe O23 - Service: avgbIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe O23 - Service: AVG Service (avgsvc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing) O23 - Service: DTS APO Service (dts_apo_service) - Unknown owner - C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\WINDOWS\system32\EasyAntiCheat.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing) O23 - Service: GFNEX Service (GFNEXSrv) - Unknown owner - C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @oem36.inf,%SERVICE_NAME%;Intel Bluetooth Service (ibtsiva) - Unknown owner - C:\WINDOWS\system32\ibtsiva (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing) O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe O23 - Service: Intel(R) WiDi Software Asset Manager (Intel(R) WiDi SAM) - Intel Corporation - C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing) O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing) O23 - Service: TOSHIBA eco Utility Service - Toshiba Corporation - C:\Program Files\TOSHIBA\Teco\TecoService.exe O23 - Service: TOSRMService - TOSHIBA - C:\Program Files (x86)\TOSHIBA\TOSHIBA System Driver\RMService.exe O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe O23 - Service: TunnelBear Maintenance (TunnelBearMaintenance) - TunnelBear - C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - IntelĀ® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe Hope this sheds some light.
sorry man! i was just posting something to try,i have no idea how to get rid of it.There's only one person round here that i now of can & that's 2oldgeek
The HijackThis log contains nothing of importance. I'm not sure if it works with Windows 10 well. Run AdwCleaner as administrator. I would also run Malwarebytes which has a 14 day free trial. Next run ZHPCleaner Last you may need to reset your browser. In Firefox select help then Troubleshooting Information. Click on the repair firefox button and confirm. Maybe that information will get you sorted out.
Hi all I got some advice over on bleeping computer which seems to have sorted it out: Hello, Welcome to BleepingComputer. I'm nasdaq and will be helping you. If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed. === Press the windows key + r on your keyboard at the same time. This will open the RUN BOX. Type Notepad and and click the OK key. Please copy the entire contents of the code box below to the a new file. start CreateRestorePoint:EmptyTemp:CloseProcesses: (TrendMicroInc.) C:\Users\raffs\AppData\Local\Temp\scoped_dir10840_15878\HijackThis.exeWinlogon\Notify\SDWinLogon-x32:SDWinLogon.dll [X] IFEO\SppExtComObj.exe:[Debugger]ShellIconOverlayIdentifiers:[00avg]->{472083B0-C522-11CF-8763-00608CC02F24}=>->NoFileGroupPolicy:Restriction<======= ATTENTION GroupPolicy\User:Restriction<======= ATTENTIONSearchScopes: HKU\S-1-5-21-4010117224-1455702855-3999644452-1001->{FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id=%7BF131CBB0-9A1A-4F41-A4F5-6890E31FD562%7D&gp=811041 CHR HomePageefault-> mail.ru/cnt/11956636?rciguc__PARAM__ CHR StartupUrlsefault->"hxxp://mail.ru/cnt/10445?gp=811040" CHR NewTabefault->Active:"chrome-extension://oelpkepjlgmehajehfeicfbjdiobdkfj/visual-bookmarks.html" CHR DefaultSearchURLefault-> hxxp://go.mail.ru/distib/ep/?q={searchTerms}&product_id=%7B9C1EDA01-C2FD-43D9-94B0-E944F359D287%7D&gp=811041 CHR DefaultSearchKeywordefault-> go.mail.ru CHR DefaultSuggestURLefault-> hxxp://suggests.go.mail.ru/ff3?q={searchTerms} CHR Extension????????????????Mail.Ru)- C:\Users\raffs\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfifbojenkenpkmnbnndeadpfdiffof [2017-03-02] CHR ExtensionChromeWebStorePayments)- C:\Users\raffs\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-15] CHR Extension??????????????????Mail.Ru)- C:\Users\raffs\AppData\Local\Google\Chrome\User Data\Default\Extensions\oelpkepjlgmehajehfeicfbjdiobdkfj [2017-03-02] CHR ExtensionMail.Ru)- C:\Users\raffs\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojlcebdkbpjdpiligkdbbkdkfjmchbfd [2017-03-02] CHR ExtensionChromeMediaRouter)- C:\Users\raffs\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-15] CHR HKLM\...\Chrome\Extension:[flliilndjeohchalpbbcdekjklbdgfkk]- hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension:[ccfifbojenkenpkmnbnndeadpfdiffof]- hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension:[flliilndjeohchalpbbcdekjklbdgfkk]- hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension:[oelpkepjlgmehajehfeicfbjdiobdkfj]- hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension:[ojlcebdkbpjdpiligkdbbkdkfjmchbfd]- hxxps://clients2.google.com/service/update2/crx R2 ibtsiva;%SystemRoot%\system32\ibtsiva Task:{B9B1AF65-F2EB-47A8-A65D-6C0B983C898C}-System32\Tasks\vnovostyahnethewolsm =>Firefox.exe vnovostyah.net/hewolsm <==== ATTENTIONAlternateDataStreams: C:\ProgramData\Temp:0FF263E8[130] C:\Users\raffs\AppData\Local\Temp\scoped_dir10840_15878 EndSave the file as fixlist.txt in the same folder where the Farbar tool is running from. The location is listed in the 3rd line of the Farbar log you have submitted. Run FRST and click Fix only once and wait. The tool will create a log (Fixlog.txt) please post it to your reply. === Firefox: Reset Default Browsing settings: https://support.mozilla.org/en-US/k...vcd0BQA.2&utm_referrer=https://www.google.ca/ === So all that done and ran Adwcleaner and so far so good. No pop ups for several hours so am hoping the thing is cleaned.
