Tech Support Guy banner
Cancel
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice

Virus - Christina's ultimate dieting?

2727 Views 6 Replies 2 Participants Last post by  Mark1956
N
From time to time, when I open a news website such as CNN.com, I get a new tab open with the website, "www.celebritybeautymagzine.com" - something about "Christina's ultimate dieting".

Initially, I thought I click one of the advertisement banners that cause this new tab to open but this has happened often enough to make me wonder if it is a virus/malware causing this new tab to open.

If I close the news website and open the news website again, the celebritybeautymagzine.com page does not launch anymore. But time and time, the celebritybeautymagzine.com does get launch, the exact circumstances that causes it to launch is not known. It is not restricted to CNN.com but other news website as well.

The website that get launched is:
http://www.celebritybeautymagzine.com/exclusive/ca/index-ca.html?t202id=3932&t202kw=

A screenshot of this webpage is shown below.


Here is my hijackthis.log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:41:32 PM, on 04/09/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17239)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\Users\PSCFWC-04300G\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJB
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Presented by TOSHIBA Leading Innovation >>>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - Startup: Send to OneNote.lnk = C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
O23 - Service: AdaptiveSleepService - Unknown owner - C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppIntegrationService - TODO: <Company name> - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\NIS.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA eco Utility Service - Toshiba Corporation - C:\Program Files\TOSHIBA\Teco\TecoService.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7906 bytes
See less See more
Save
Like
Status
Not open for further replies.
1 - 7 of 7 Posts
Mark1956
2
Please run this program below and post the log:

Click on this link to download : ADWCleaner Click on the Download Now button and save it to your desktop.

NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

Close your browser and double click on this icon on your desktop:

You will then see the screen below, click on the Scan button (as indicated), accept any prompts that appear and allow it to run, it may take several minutes to complete, when it is done click on the Clean button, accept any prompts that appear and allow the system to reboot. You will then be presented with the report, Copy & Paste it into your next post.

NOTE: If for any reason the report does not appear, open Windows Explorer and click on the C: drive in the left pane, in the right pane you should find a new folder called Adwcleaner, double click on it and you will see the saved logs. Find the log that has a number in brackets starting with an S NOT R, similar to this: Adwcleaner[S1], double click on the one with the highest number and the log will open, Copy & Paste it into your reply.

See less See more
Save
Like
N
I surf the news sites (CNN and news links from Google News) before running ADWCleaner this morning and the celebritybeautymagzine.com did not open.

I normally run CCleaner after each web browsing. This time I forgot to run CCleaner after closing my browser. I run ADWCleaner and the log is pasted below. In the log, there is an entry of Firefox prefs.js file, I open this file from the C:\AdwCleaner\Backup and search for the text "celebritybeautymagzine.com" and did not find any. I also attached the prefs.js file below.

The bad news is after I run ADWCleaner, I went to Google News and started clicking on various news links, testing to see if celebritybeautymagzine.com will open in a new tab. And celebritybeautymagzine.com did get launch again, which meant, if it is malware, it is still there on the computer.

The ADWCleaner and prefs.js is pasted below. I will run ADWCleaner again, this time running CCleaner first, and will paste the log of ADWCleaner for the second run.

# AdwCleaner v3.309 - Report created 05/09/2014 at 09:41:17
# Updated 02/09/2014 by Xplode
# Operating System : Windows 8.1 (64 bits)
# Username : PSCFWC-04300G - C50D-A-043
# Running from : C:\Users\PSCFWC-04300G\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17239

-\\ Mozilla Firefox v32.0 (x86 en-US)

[ File : C:\Users\PSCFWC-04300G\AppData\Roaming\Mozilla\Firefox\Profiles\mz1y4gx3.default\prefs.js ]

*************************

AdwCleaner[R0].txt - [815 octets] - [05/09/2014 09:38:54]
AdwCleaner[S0].txt - [737 octets] - [05/09/2014 09:41:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [796 octets] ##########

////////////////////////////////////////////////////////////////////////////////////////////////////////
////////////////////////////// Start of prefs_05_09_2014_09_41_18.js ////////////////////////////

# Mozilla User Preferences

/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
*/

user_pref("accessibility.typeaheadfind.flashBar", 0);
user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1409901138);
user_pref("app.update.lastUpdateTime.background-update-timer", 1409860793);
user_pref("app.update.lastUpdateTime.blocklist-background-update-timer", 1409900525);
user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1409933798);
user_pref("app.update.lastUpdateTime.experiments-update-timer", 1409881465);
user_pref("app.update.lastUpdateTime.search-engine-update-timer", 1409897116);
user_pref("app.update.migrated.updateDir", true);
user_pref("browser.bookmarks.restore_default_bookmarks", false);
user_pref("browser.cache.disk.capacity", 358400);
user_pref("browser.cache.disk.smart_size.first_run", false);
user_pref("browser.cache.disk.smart_size.use_old_max", false);
user_pref("browser.cache.disk.smart_size_cached_value", 358400);
user_pref("browser.cache.frecency_experiment", 4);
user_pref("browser.download.importedFromSqlite", true);
user_pref("browser.download.panel.shown", true);
user_pref("browser.download.save_converter_index", 0);
user_pref("browser.migration.version", 22);
user_pref("browser.newtabpage.storageVersion", 1);
user_pref("browser.pagethumbnails.storage_version", 3);
user_pref("browser.places.smartBookmarksVersion", 7);
user_pref("browser.preferences.advanced.selectedTabIndex", 4);
user_pref("browser.rights.3.shown", true);
user_pref("browser.sessionstore.upgradeBackup.latestBuildID", "20140825202822");
user_pref("browser.slowStartup.averageTime", 4076);
user_pref("browser.slowStartup.samples", 2);
user_pref("browser.startup.homepage_override.buildID", "20140825202822");
user_pref("browser.startup.homepage_override.mstone", "32.0");
user_pref("browser.syncPromoViewsLeftMap", "{\"passwords\":3}");
user_pref("browser.taskbar.lastgroupid", "E7CF176E110C211B");
user_pref("browser.uitour.whitelist.add.260", "");
user_pref("browser.uitour.whitelist.add.340", "");
user_pref("datareporting.healthreport.lastDataSubmissionRequestedTime", "1409898207515");
user_pref("datareporting.healthreport.lastDataSubmissionSuccessfulTime", "1409898209848");
user_pref("datareporting.healthreport.nextDataSubmissionTime", "1409984609848");
user_pref("datareporting.healthreport.service.firstRun", true);
user_pref("datareporting.policy.dataSubmissionPolicyAccepted", true);
user_pref("datareporting.policy.dataSubmissionPolicyAcceptedVersion", 1);
user_pref("datareporting.policy.dataSubmissionPolicyNotifiedTime", "1400429015564");
user_pref("datareporting.policy.dataSubmissionPolicyResponseTime", "1400429036237");
user_pref("datareporting.policy.dataSubmissionPolicyResponseType", "accepted-info-bar-button-pressed");
user_pref("datareporting.policy.firstRunTime", "1400363321994");
user_pref("datareporting.sessions.current.activeTicks", 249);
user_pref("datareporting.sessions.current.clean", true);
user_pref("datareporting.sessions.current.firstPaint", 4661);
user_pref("datareporting.sessions.current.main", 2522);
user_pref("datareporting.sessions.current.sessionRestored", 5750);
user_pref("datareporting.sessions.current.startTime", "1409933674876");
user_pref("datareporting.sessions.current.totalTime", 1407);
user_pref("datareporting.sessions.currentIndex", 554);
user_pref("datareporting.sessions.previous.553", "{\"s\":1409885600193,\"a\":2271,\"t\":16740,\"c\":true,\"m\":172,\"fp\":2074,\"sr\":3161}");
user_pref("datareporting.sessions.prunedIndex", 552);
user_pref("devtools.telemetry.tools.opened.version", "{\"DEVTOOLS_INSPECTOR_OPENED_PER_USER_FLAG\":\"31.0\",\"DEVTOOLS_RULEVIEW_OPENED_PER_USER_FLAG\":\"31.0\",\"DEVTOOLS_COMPUTEDVIEW_OPENED_PER_USER_FLAG\":\"31.0\",\"DEVTOOLS_FONTINSPECTOR_OPENED_PER_USER_FLAG\":\"31.0\",\"DEVTOOLS_LAYOUTVIEW_OPENED_PER_USER_FLAG\":\"31.0\"}");
user_pref("devtools.toolbox.selectedTool", "inspector");
user_pref("devtools.toolsidebar-width.inspector", 0);
user_pref("dom.mozApps.used", true);
user_pref("extensions.blocklist.pingCountTotal", 111);
user_pref("extensions.blocklist.pingCountVersion", 4);
user_pref("extensions.bootstrappedAddons", "{}");
user_pref("extensions.databaseSchema", 16);
user_pref("extensions.enabledAddons", "%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:32.0");
user_pref("extensions.getAddons.cache.lastUpdate", 1409901139);
user_pref("extensions.getAddons.databaseSchema", 5);
user_pref("extensions.hotfix.lastVersion", "20140527.01.3");
user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}\":{\"descriptor\":\"C:\\\\ProgramData\\\\Norton\\\\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\\\\NIS_21.0.0.100\\\\coFFPlgn\",\"mtime\":1409875455465,\"rdfTime\":1409875455436}}},{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1409727059367,\"rdfTime\":1409727058753}}}]");
user_pref("extensions.lastAppVersion", "32.0");
user_pref("extensions.lastPlatformVersion", "32.0");
user_pref("extensions.pendingOperations", false);
user_pref("extensions.shownSelectionUI", true);
user_pref("extensions.ui.dictionary.hidden", true);
user_pref("extensions.ui.experiment.hidden", true);
user_pref("extensions.ui.lastCategory", "addons://list/extension");
user_pref("extensions.ui.locale.hidden", true);
user_pref("font.internaluseonly.changed", true);
user_pref("gecko.buildID", "20140825202822");
user_pref("gecko.mstone", "32.0");
user_pref("gfx.direct3d.last_used_feature_level_idx", 0);
user_pref("idle.lastDailyNotification", 1409862270);
user_pref("network.cookie.lifetimePolicy", 2);
user_pref("network.cookie.prefsMigrated", true);
user_pref("pdfjs.migrationVersion", 2);
user_pref("pdfjs.previousHandler.alwaysAskBeforeHandling", true);
user_pref("pdfjs.previousHandler.preferredAction", 4);
user_pref("places.database.lastMaintenance", 1409898207);
user_pref("places.history.expiration.transient_current_max_pages", 104858);
user_pref("plugin.disable_full_page_plugin_for_types", "application/pdf");
user_pref("plugin.importedState", true);
user_pref("pref.privacy.disable_button.view_passwords", false);
user_pref("print.printer_Bullzip_PDF_Printer.print_bgcolor", false);
user_pref("print.printer_Bullzip_PDF_Printer.print_bgimages", false);
user_pref("print.printer_Bullzip_PDF_Printer.print_colorspace", "");
user_pref("print.printer_Bullzip_PDF_Printer.print_command", "");
user_pref("print.printer_Bullzip_PDF_Printer.print_downloadfonts", false);
user_pref("print.printer_Bullzip_PDF_Printer.print_duplex", -933564066);
user_pref("print.printer_Bullzip_PDF_Printer.print_edge_bottom", 0);
user_pref("print.printer_Bullzip_PDF_Printer.print_edge_left", 0);
user_pref("print.printer_Bullzip_PDF_Printer.print_edge_right", 0);
user_pref("print.printer_Bullzip_PDF_Printer.print_edge_top", 0);
user_pref("print.printer_Bullzip_PDF_Printer.print_evenpages", true);
user_pref("print.printer_Bullzip_PDF_Printer.print_footercenter", "");
user_pref("print.printer_Bullzip_PDF_Printer.print_footerleft", "&PT");
user_pref("print.printer_Bullzip_PDF_Printer.print_footerright", "&D");
user_pref("print.printer_Bullzip_PDF_Printer.print_headercenter", "");
user_pref("print.printer_Bullzip_PDF_Printer.print_headerleft", "&T");
user_pref("print.printer_Bullzip_PDF_Printer.print_headerright", "&U");
user_pref("print.printer_Bullzip_PDF_Printer.print_in_color", true);
user_pref("print.printer_Bullzip_PDF_Printer.print_margin_bottom", "0.5");
user_pref("print.printer_Bullzip_PDF_Printer.print_margin_left", "0.5");
user_pref("print.printer_Bullzip_PDF_Printer.print_margin_right", "0.5");
user_pref("print.printer_Bullzip_PDF_Printer.print_margin_top", "0.5");
user_pref("print.printer_Bullzip_PDF_Printer.print_oddpages", true);
user_pref("print.printer_Bullzip_PDF_Printer.print_orientation", 0);
user_pref("print.printer_Bullzip_PDF_Printer.print_page_delay", 50);
user_pref("print.printer_Bullzip_PDF_Printer.print_paper_data", 1);
user_pref("print.printer_Bullzip_PDF_Printer.print_paper_height", " 11.00");
user_pref("print.printer_Bullzip_PDF_Printer.print_paper_name", "");
user_pref("print.printer_Bullzip_PDF_Printer.print_paper_size_type", 0);
user_pref("print.printer_Bullzip_PDF_Printer.print_paper_size_unit", 0);
user_pref("print.printer_Bullzip_PDF_Printer.print_paper_width", " 8.50");
user_pref("print.printer_Bullzip_PDF_Printer.print_plex_name", "");
user_pref("print.printer_Bullzip_PDF_Printer.print_resolution", 122798976);
user_pref("print.printer_Bullzip_PDF_Printer.print_resolution_name", "");
user_pref("print.printer_Bullzip_PDF_Printer.print_reversed", false);
user_pref("print.printer_Bullzip_PDF_Printer.print_scaling", " 1.00");
user_pref("print.printer_Bullzip_PDF_Printer.print_shrink_to_fit", true);
user_pref("print.printer_Bullzip_PDF_Printer.print_to_file", false);
user_pref("print.printer_Bullzip_PDF_Printer.print_to_filename", "");
user_pref("print.printer_Bullzip_PDF_Printer.print_unwriteable_margin_bottom", 0);
user_pref("print.printer_Bullzip_PDF_Printer.print_unwriteable_margin_left", 0);
user_pref("print.printer_Bullzip_PDF_Printer.print_unwriteable_margin_right", 0);
user_pref("print.printer_Bullzip_PDF_Printer.print_unwriteable_margin_top", 0);
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_bgcolor", false);
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_bgimages", false);
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_colorspace", "");
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_command", "");
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_downloadfonts", false);
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_duplex", -933564066);
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_edge_bottom", 0);
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_edge_left", 0);
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_edge_right", 0);
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_edge_top", 0);
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_evenpages", true);
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_footercenter", "");
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_footerleft", "&PT");
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_footerright", "&D");
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_headercenter", "");
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_headerleft", "&T");
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_headerright", "&U");
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_in_color", true);
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_margin_bottom", "0.5");
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_margin_left", "0.5");
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_margin_right", "0.5");
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_margin_top", "0.5");
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_oddpages", true);
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_orientation", 0);
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_page_delay", 50);
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_paper_data", 1);
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_paper_height", " 11.00");
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_paper_name", "");
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_paper_size_type", 0);
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_paper_size_unit", 0);
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_paper_width", " 8.50");
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_plex_name", "");
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_resolution", 122798976);
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_resolution_name", "");
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_reversed", false);
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_scaling", " 1.00");
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_shrink_to_fit", true);
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_to_file", false);
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_to_filename", "");
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_bottom", 0);
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_left", 0);
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_right", 0);
user_pref("print.printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_top", 0);
user_pref("print_printer", "Bullzip PDF Printer");
user_pref("privacy.clearOnShutdown.offlineApps", true);
user_pref("privacy.clearOnShutdown.passwords", true);
user_pref("privacy.clearOnShutdown.siteSettings", true);
user_pref("privacy.cpd.offlineApps", true);
user_pref("privacy.cpd.siteSettings", true);
user_pref("privacy.sanitize.didShutdownSanitize", true);
user_pref("privacy.sanitize.migrateFx3Prefs", true);
user_pref("privacy.sanitize.sanitizeOnShutdown", true);
user_pref("services.sync.clients.lastSync", "0");
user_pref("services.sync.clients.lastSyncLocal", "0");
user_pref("services.sync.declinedEngines", "");
user_pref("services.sync.globalScore", 0);
user_pref("services.sync.migrated", true);
user_pref("services.sync.nextSync", 0);
user_pref("services.sync.tabs.lastSync", "0");
user_pref("services.sync.tabs.lastSyncLocal", "0");
user_pref("signon.importedFromSqlite", true);
user_pref("signon.rememberSignons", false);
user_pref("spellchecker.dictionary", "en-US");
user_pref("storage.vacuum.last.index", 1);
user_pref("storage.vacuum.last.places.sqlite", 1408323111);
user_pref("toolkit.startup.last_success", 1409933677);
user_pref("toolkit.telemetry.previousBuildID", "20140825202822");
user_pref("xpinstall.whitelist.add", "");
user_pref("xpinstall.whitelist.add.180", "");

////////////////////////////// end of prefs_05_09_2014_09_41_18.js ////////////////////////////
See less See more
Save
Like
N
The results of the second AdwCleaner run is pasted below. It looks the same as the first run. I thought CCleaner will remove the prefs.js file but looks like it did not.

In any case, "celebritybeautymagzine.com" did pop up after the first run of AdwCleaner.

# AdwCleaner v3.309 - Report created 05/09/2014 at 10:06:18
# Updated 02/09/2014 by Xplode
# Operating System : Windows 8.1 (64 bits)
# Username : PSCFWC-04300G - C50D-A-043
# Running from : C:\Users\PSCFWC-04300G\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17239

-\\ Mozilla Firefox v32.0 (x86 en-US)

[ File : C:\Users\PSCFWC-04300G\AppData\Roaming\Mozilla\Firefox\Profiles\mz1y4gx3.default\prefs.js ]

*************************

AdwCleaner[R1].txt - [815 octets] - [05/09/2014 10:04:45]
AdwCleaner[S1].txt - [737 octets] - [05/09/2014 10:06:18]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [796 octets] ##########
See less See more
Save
Like
Mark1956
The logs you have posted are completely free of any Adware detections.

CCLeaner is not the tool to use for this kind of problem as it does not detect any kind of Malware. If you have been using the registry cleaner I would highly recommend you don't use it again, cleaning the registry is not necessary and doing so carries the risk of something being deleted that your system needs to run smoothly.

If CCLeaner had removed the prefs.js file Firefox would recreate it.

I think we could be looking for an item of software that is causing the pop ups, but just to be sure I'd like you to run Firefox with no Add-ons. Please then check to see if the pop ups still appear and report back.

Open Firefox and click on Help, then select Restart with Add-ons Disabled.
Save
Like
N
Thank you for looking at the logs, confirming it is free of Adware and advice on not using registry cleaner. I was tempted to use it but have never use it and now will not use it after hearing from you.

I run Firefox as it is without using Add-ons, not even the Norton toolbar (disabled) which comes from the Norton Internet Security that I'm running. I will restart Firefox with Add-ons Disabled.

As soon as I get that "celebritybeautymagzine.com" pop up again, I will report back.

Thanks for your help!
Save
Like
Mark1956
Ok, let me know how it goes.
Save
Like
1 - 7 of 7 Posts
Status
Not open for further replies.
Tech Support Guy
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Hardware Virus & Other Malware Removal Off Topic Lounge Thread Games & Discussion Networking
Top