Spyware adware help-- I'm infected

[Tylermancuso]

As far as I can tell this is only on Facebook.

I have run scans with

avg free

Ad-aware

spybot

house call trend micro


I don't know what to do.

Thanks for any help!!

here are the screen shots

 

[Tylermancuso]

For clarity I'm talking about the giant Facebook ads that are not supposed to be there. Swiching browsers does not help

 

[das_stig]

Have you used the facebook privacy settings to opt out of adverts?

 

[Tylermancuso]

no this is some kind of adware because it advertises fake anti virus programs and such.... and I don't get this on my other computers logged into the same account... facebook ads do not look like this....

this is malware bytes log after I ran it in safe mode

can type: Full scan (C:\|)
Objects scanned: 386824
Time elapsed: 32 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{70C6E9DE-F30E-4A40-8A6F-9572C2328320} (PUP.FCTPlugin) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{70C6E9DE-F30E-4A40-8A6F-9572C2328320} (PUP.FCTPlugin) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{70C6E9DE-F30E-4A40-8A6F-9572C2328320} (PUP.FCTPlugin) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{70C6E9DE-F30E-4A40-8A6F-9572C2328320} (PUP.FCTPlugin) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{70C6E9DE-F30E-4A40-8A6F-9572C2328320} (PUP.FCTPlugin) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files (x86)\Object\bho_project.dll (PUP.FCTPlugin) -> Quarantined and deleted successfully.

 

[AntiZig]

Look like normal ads to me

 

[Dark Lord of Tech]

plus 1 ^

 

[Tylermancuso]

taking me to a fake avg website is not a normal ad... anyone that uses facebook will see there is something wrong

 

[Guest]

Im having the same problem, scanned with AVG, Malwarebytes, nod32, and ad-aware still getting them on IE and firefox.

 

[smashcalf]

I started experiencing these odd pop ups while on Newegg... thing is I use No Script on Firefox so they always looked the same and didn't function properly. I thought it was No script blocking a Newegg promo but I started seeing them on other non associated legit websites. Anyway after running malwarebytes I got two "pup.fctplugin" hits. I got rid of the pop ups using these instructions at "http://www.pchelpforum.com/fixed-hijackthis-logs/114743-do-i-have-malicious-code.html". Worked like a charm. Note read the forum post completely before starting. You'll see the guy say he lost his firefox and explorer capability etc but it was restored after reboot. Its just combofix doing its job. Good luck, hopefully it works for you.