As for the last experience in this forum: I remind you politely, stay OT.

Please give me indication of a freeware program to remove the following:


23:38:43.098 Start Scan
23:38:51.976 Found BaiduSearchBar BHO, Hijacker, Trojan HKEY_LOCAL_MACHINE\software\baidu
23:38:51.977 Found BaiduSearchBar BHO, Hijacker, Trojan HKEY_LOCAL_MACHINE\software\baidu\BaiduYouQian
23:38:51.978 Found BaiduSearchBar BHO, Hijacker, Trojan HKEY_LOCAL_MACHINE\software\baidu\BaiduYouQian\pac kageinstall
23:38:51.979 Found BaiduSearchBar BHO, Hijacker, Trojan HKEY_LOCAL_MACHINE\software\baidu\WebSafe
23:38:54.272 Found quantserve.com Tracking Cookie C:\Users\COM\AppData\Roaming\Microsoft\Windows\Coo kies\0U19VH1B.txt
23:38:54.303 Found DoubleClick Tracking Cookie C:\Users\COM\AppData\Roaming\Microsoft\Windows\Coo kies\C7CQ0XWO.txt
23:38:54.560 Found DoubleClick Tracking Cookie C:\Users\COM\AppData\Roaming\Microsoft\Windows\Coo kies\Low\UUP6NTD9.txt
23:38:54.640 Found quantserve.com Tracking Cookie C:\Users\COM\AppData\Roaming\Mozilla\Firefox\Profi les\fhag86js.default\cookies.sqlite: quantserve.com
23:38:54.660 Found Revenue.net Tracking Cookie C:\Users\COM\AppData\Roaming\Mozilla\Firefox\Profi les\fhag86js.default\cookies.sqlite: media.net
23:38:54.751 Found Advertising.com Tracking Cookie C:\Users\COM\AppData\Local\Google\Chrome\User Data\Default\Cookies: advertising.com
23:38:54.753 Found afy11.net Tracking Cookie C:\Users\COM\AppData\Local\Google\Chrome\User Data\Default\Cookies: afy11.net
23:38:54.769 Found Casalemedia Tracking Cookie C:\Users\COM\AppData\Local\Google\Chrome\User Data\Default\Cookies: casalemedia.com
23:38:54.789 Found DoubleClick Tracking Cookie C:\Users\COM\AppData\Local\Google\Chrome\User Data\Default\Cookies: doubleclick.net
23:38:54.849 Found quantserve.com Tracking Cookie C:\Users\COM\AppData\Local\Google\Chrome\User Data\Default\Cookies: quantserve.com
23:38:54.851 Found revsci.net Tracking Cookie C:\Users\COM\AppData\Local\Google\Chrome\User Data\Default\Cookies: revsci.net
23:38:54.870 Found SmartAdServer.com Tracking Cookie C:\Users\COM\AppData\Local\Google\Chrome\User Data\Default\Cookies: smartadserver.com
23:38:54.940 Found turn.com Tracking Cookie C:\Users\COM\AppData\Local\Google\Chrome\User Data\Default\Cookies: turn.com
23:38:34.007 End Scan

Please indicate if any are likely to cause popup browser hyjacking.

Please indicate why this stuff was no removed when chrome & firefox were uninstalled and cookies cleared; and 4 malware programs were run?!

Note: I have run a system clean via the steps following:

To remove the unwanted advertisements, follow these steps:
STEP 1: Uninstall malicious programs from Windows
STEP 2: Scan your computer with AdwCleaner
STEP 3: Scan your computer with Malwarebytes Anti-Malware
STEP 4: Scan your computer with HitmanPro
(OPTIONAL) STEP 5: Scan your computer with Zemana AntiMalware
(OPTIONAL) STEP 6: Reset your browser to the default settings

malwaretips(dot)com

Lastly, I removed chrome with all personal data, and firefox. I checked all browsers for extentions/home page and alike. I have cleared any unknown (0) programs via control panel menu. I have reinstalled chrome with extensions (ABplus)(ABpro)(PUBpro)(WOT) and (AntiPorn_pro); no that is not overkill and each serve a purpose.

PUBpro is mavelous and stops 100% of PUB's except since last night, it does not stop (one click? _ in task manager (new)) PUBS on a site www.Agar(dot)pro which worked perfectly prior to yesterday. Hence, feeling something has infected my pc. On the chrome reinstall (no ext.) I still had issues. Help!

Any ideas what else I can do to remove this please?

1. Pubs are a good thing. They sell beer. What is this "PUBpro" of which you speak? What are these PUBs?

2. If you want help understanding why scans you ran didn't remove things, please post the relevant logs from each scan. In MBAM, for example, click "History" and then "Application Logs".

3. The scan log at the start of your post: what program is that from?

Lastly, most of those detections in that first scan are very commonly used tracking cookies. Chances are that you did remove them, and then they came back next time you browsed the web. That's how cookies work (unless you're blocking all cookies to start with, which I doubt). These are not a serious problem for you.

The only real issue in that log is the BaudiSearchBar. This shouldn't be too difficult to sort out, I would think. But answer the questions above first.

4. What antivirus software do you have installed? It is striking that out of everything you mentioned, nothing concerns antivirus software.

I googled: BaiduSearchBar registry

It returned this link at the top of the list:
http://www.exterminate-it.com/malped...baidusearchbar

Besides that is there anything you know about your computer/problem that you didn't include in your original post?

Do you have an operating system, what is it?

What program created that log?

Where is the world did you get these steps?
To remove the unwanted advertisements, follow these steps:
STEP 1: Uninstall malicious programs from Windows
STEP 2: Scan your computer with AdwCleaner
STEP 3: Scan your computer with Malwarebytes Anti-Malware
STEP 4: Scan your computer with HitmanPro
(OPTIONAL) STEP 5: Scan your computer with Zemana AntiMalware
(OPTIONAL) STEP 6: Reset your browser to the default settings

etc.

(those steps are from a suggestion on malwaretips(dot)com, as OP said in the OP)

Best program to eliminate malware would be www.malwarebytes(dot)com... I work for a tech company and use it with people every day... Best of all its free... Good luck hope it works...

Popup Blocker Pro, I highly recommend this if popups are your problem. ie. Zmovies and the-watch-series.

I'd prefer to not release that information due to your later statement, "chances are that you did remove them, and then they came back next time you browsed the web"

The log is from a 5th scan, installed on a whim to check the registry files. It was Exterminate-it. Downloaded from cnet which I trust that site completely for installation files (review dependant).

There is no visible evidence of a search bar. I also noticed this, and it maybe related to a previous installation of QQ chat. This is most likely. However, if it is not as I state then perhaps this is a candidate for my problems?!


For that matter there is no visible evidence of a culprit for the popup that I can find other than the originating site. But, it did not occur for a number of weeks. Hence, why I came here for help.

I have a full version Malwarebytes running since yesterday. The most recent previous scans were less than three months ago, where various software were used to clean the pc, during my past issue raised in this forum.

In what way? I stated the scans I ran. They do not solely seek for maleware right, since they also search for adaware; and I presume viruses?

Note: Running Spy Bot S&D, but which I dislike since changes from it's original harsh and direct approach to UI/cleaning.


Update: I have seemingly stopped the popup, but it still opens a brief instance before it gets MURDERED. This was done via a number of 3rd party lists added to the ABpro. (*not ABP). This may be why this issue came back, as previous such settings stopping it previously perhaps were lost when I removed ABplus and AB the other day for using ABPro without updating this area of AB Pro. However, I still do not know why or how it gets around the PUBpro, when all similar pages are in fact blocked from the sites Watch series and zmovies. Lastly, the popup on Agar(dot)pro when it is MURDERED does not cause the page I'm on to refresh which is a win for the short term. Btw, the reason for the third party lists both now and previous use, is for more accurate blocking, as the English list is sub-par imo.

Ps. Running on my pc is Auto Hotkey, with a code provided to me which is as follows:

#NoEnv ; Recommended for performance and compatibility with future AutoHotkey releases.
; #Warn ; Enable warnings to assist with detecting common errors.
SendMode Input ; Recommended for new scripts due to its superior speed and reliability.
SetWorkingDir %A_ScriptDir% ; Ensures a consistent starting directory.
*w::
Loop
{
GetKeyState, state, w, P
if State = U
break
; Otherwise:
Send, {w}
Sleep, 250
}
return

*q::
Loop
{
GetKeyState, state, q, P
if State = U
break
; Otherwise:
Send, {w}
Sleep, 10
}
return

This looks right for doing what I want and safe code. The program seems to be local to my pc only. I do not feel any issue lay here.

au4all I think this answers you as well.
Windows Vista SP2 Professional from memory.

Thanks guys.

I agree and also recommend frequently including the worth of paying for a full version.

Something more that could be rather useful knowledge, that is the popup I am stopping, well I consider it stopped, but perhaps still caused by something malicious is not only in the log-in screen (where you put your name and skin) because it also happens if I mouse click in the game. I presume that these are different objects, but which may relate the popup directly to the site?

However, a friend in Romania does not have this issue. It's hard to understand him, as he had some issue with a safe locker search bar, or something along those lines. However, it is not a popup issue, and I felt from what I could gather that there is a small chance it was related to the site. The original game Agar.io has mass adverts, and there is numerous sites that imitate it, and some for sure could be less than ideal with their methods online.

If all the scans I have done, and other factors identified are enough to say there is 95% likely hood this is not a malware/adaware or virus, then I will consider the issue resolved with my blocking. Also, that this popup is just missed by the PUBpro extension. Also, note I will undertake the removal instructions for the Baidu search bar. Thanks for that link au4all.

Just an OT side note, for the wondering few...

I will not likely require AB now with the update to filters on ABpro. But, AB works a little differently than ABP and ABpro in my experience (AB much better than ABP - not the same companies). Typically, AB it is a great ext and company to support (read https://getadblock.com/amnesty2016why/) for a compelling reason to why, and why I ******* seriously. I have a pure hate for 99.99999999% of ads online, from wasting my time, using my data, malicious intent, the fact I do not click ever, hate redirects right to the fact ads just spoil the net experience.

What and why - browser extentions.

I'm sorry, but this thread makes very little sense to me.

First, you are concerned about malware but you don't have an antivirus program installed and running? That is your primary problem. Start there, and install something. Full version MBAM is NOT antivirus software but it is an excellent thing to also have installed.

Second, it doesn't matter whether you can see visual evidence of a search bar. The four detections are registry keys - you may well already have removed most of the malicious Baidu search bar, but these are leftover components. You should still want to remove them.

Third, it is insane for you to ask why software did not remove things but to refuse to provide logs of the scans where it should have done so. We're not psychic. There is no other way in which anyone could answer that question.

Fourth, my recollection is that 2+2 doesn't allow discussion of ad blocking extensions, because of its own revenue model. If your posts get edited by a mod, don't get all paranoid. It's not personal.

Fifth, thanks for recommending your pop-up blocker but I don't remember the last time I saw a pop-up. If your current approach isn't working out for you, you might have more success if you were to run NoScript or something similar and only allow the elements of web pages that you actually need.

Incidentally, I haven't seen anyone recommend SpyBot S&D here since, well, about ten years ago. I wouldn't bother if I were you.

Last, it's not at all clear any more what help you need. If you need some help spell it out clearly, please, and provide the information that you're asked for.

Hey, thanks. well I thought the issue was perhaps fixed, but seemingly it is not. So I wish to identify and remove any possible cause for the popup I am experiencing, if one exists externally in my pc; or just to successfully block it, with out any interruption to the page (refreshing) if there is no other cause but the webpage. Will be as helpful as I can.


I do not know any anti-virus then I guess, and I am very hesitant to use Kapersky which was great and well I have big personal concerns about after it potentially demolished every service on a new laptop (whether warranted and correct or not). I will not use Norton. Any suggestion?

Yes, I agree about 10 years for spybot, but it still catches what Kapersky would not... How relevant and successful it is today I don't know but it's still maintained. Imho, it's just not that good because of limitations in place to raise revenue. Which I think is the change from about 10 years ago (not being as free and equipped as it once was.)


Yes, I understood something regarding the AB discussion isn't allowed, which I found out later in my thread when it was censored, and I left it censored. The discussion about AB's shouldn't be so censored in my opinion, where there is rather a guise of a freedom of speech being fostered to some degree, but who cares right?! Rules are rules and what happens happens. Thanks for the heads up, though I'd not cry or be paranoid about it, nor is that how I carry myself on this site. Prove anything to the contrary.

Not sure how to run no script (allowed for specific elements). Is it technical?

Lastly, I didn't allow the logs in the public domain and because the question was asked and answered, and because I felt in the end that question really didn't have weight after further thought and reading the responses. It's kind of a mute observation why or why not something was overlooked, including but not limited to the programs knowledge base. Anyway, it became irrelevant for me.

Thanks for helping, please see first paragraph for area of precise help.

Backup your important files, reinstall your operating system and DO NOT INSTALL some shady programs which YOU consider good or great or whatever.

FlicksTracey: Um, which shady install are you referencing exactly? why is that your first conclusion as to the problem and its solution? Sounds like the throw the computer at the wall and see if it sticks mentality, since you did not identify the problem per say meaning no clear indication that problem will permanently resolve.

Hey guys, here is a screen shot of the element/script running if it's helpful.

Forget it, I'm sure someone else can help you. Good luck.

The problem, a pdf list of what is going on stored on docdroid(dot)net

ABpro information on occurance and manner of the page in question.
https://www.docdroid.net/scbW9uX/agar.pdf.html#page=18

Note: whitelisted in ABpro to allow java blocker to more effectively block the page without page refreshes on each blocking attempt.


What is going on behind the scenes?

ABpro information on the page mechanics.
http://docdro.id/jZ49Dwy


Thanks... Hope we can solve it. I guess now I am too eager to know, and even learn something positive from this, such as where this script is running in the page and how to delete it or selectively run no script on it (as suggested previously)?!

adwcleaner

If your writing style wasn't so annoying, I might have read it

That's life. No worries and no problem.


Thanks for the suggestion but if you didn't read anything then I don't know your suggestion helps me in any way, or any more than the 4 protection software already used.

I'll give adwcleaner a look, but I don't think the problem is PC related, and no one has defined if this is a pc problem or not. No one assisted me to determine this or said anything to indicate the likely hood of where the problem originates so I'm shooting blind just providing some information that could help.

Anyway, a good place to start before commenting is reading some of the information. Right?

No, it's obviously not PC related. Perhaps it's a problem with your car.

For antivirus software try Avast. It's easy to use so hopefully you won't have any of the issues you seem to have experienced with Kaspersky. Free version.

It appears NoScript doesn't exist for Chrome so you can ignore that suggestion.

So you are telling me that all popups originate from a pc and never from a page script? Because the later would mean it isn't a pc issue.

There is information at this link http://html.com/javascript/popup-windows/ that show popups can be page generated.

Thanks for mentioning about the noscript not working with chrome. However, I believe I can alter scripts and elements manually, or with an extension, even with tamper monkey and script? If we identify the issue as a page script or element is it possible to axe it?

I ran adwcleaner and it didn't stop the popup on the page, or the page refreshing due to the popup.

Avast is running.

Have you whitelisted the page in any of your extensions (whether deliberately or otherwise - it might be on a bulk whitelist)?

Have you actually run a full scan with Avast? You need to start from a known clean state.

Yes I ran avast all scans. I am running it again now as search for pups is not on by default, so I just turned it on.

Yes I whitelisted the site in one ext. The whitelist allows another to work properly (javascript blocker), such that the pop up will not refresh the page when being blocked. I have looked at my extensions and it's only white listed on one site.


no-cosmetic-filtering: agar.pro true
no-large-media: agar.pro true
no-popups: agar.pro true
no-remote-fonts: agar.pro true
no-strict-blocking: download.cnet.com true
no-strict-blocking: dw.cbsi.com true


By having this white list - I can block the popup without a page refresh every time. If you look at the post with details of it's occurrences you'l see this is needed. But feel free to update me if I'm doing the wrong thing to temp block it. Thanks.

Is it possible a filter list for a ABpro could be a cause for something like this, if untrusted? I feel one time before I had a bad filter list that also did something like this for specific pages.

If yes, how do I track down which filter list?

Note: When chrome was uninstalled and fresh installed (no ext.), this pop up still occurred.

Update: Popup blocked with javascript popup blocker -> set to block blacklisted pages. The rules manually set which work are as follows:

data:///* and data*:///*

Also, notable is the domain of a popup I blocked which is as follows: data:text/html;base64,PGh0bWw+PGJvZHk+PHNjcmlwdD52YXIgZT0obm V3IERhdGUpLmdldFRpbWUoKTt2YXIgZWZ3PXdpbmRvdy5uYW1l LnNwbGl0KCdfJylbM107aWYoZS1lZnc8MjUwKXt3aW5kb3cubG 9jYXRpb249Jyc7fTwvc2NyaXB0PjwvYm9keT48L2h0bWw+

Problem fixed.
No instance of the popup occurs.

Antiporn extension? Like seriously?

I run no anti-virus, ublock origin, wot, and never have any problems (yes I even look at porn from time to time).

If you keep having problems then you probably click on things you shouldn't and go places you shouldn't.

I have 3 apps ABpro, Popup blocker and JavaScript blocker. I use wot when/if I am downloading file or books or something like that where site reputation matters, where you could be at risk to download viruses. It's off most of the time. The porn blocker was just to black list sites like popups addresses with one click, but JavaScript popup blocker is much better. I like single click activated apps and porn blocker was that (trying to remove this popup), and keeping the online experience simple and removing the junk, not limited to pop ups but adds and malicious content as well. Note these apps are just to reduce data usage, ads and spam in the most part. Yes pop ups also.

You also get such content on porn sites, so don't tell me you don't have pop ups and bad **** on your pc when you go to porn sites - note the joke next to the porn block app in the pic) - how are you stopping those (cindy from your suburb wants to meet you pop ups?).

So if you do not know what you are talking about, could not offer a solution then head off. The thread is solved.

I am only one of so many online who likes to watch free movies or tv online , and whose suffering on those sites (go to those and see for your self) due to pop ups as well as rubbish spam ads. Yeh, maybe I shouldn't be on those sites, being a bit more productive but such is life and I chose to work out a solution where you could not. The pop up I came here to resolve is on a site I am well entitled to go to, with no law, legislation or other reasons not to. The pop up is not rooted in my pc; is not adaware even if OP post title might indicate it was. Thanks for your input.