Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijacked Browsers and Vosteran infection


  • Please log in to reply
24 replies to this topic

#1 sudsy

sudsy

  • Members
  • 463 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US East Coast
  • Local time:10:30 PM

Posted 02 January 2015 - 07:57 PM

I had this posted un a different title but it seemed to get passed off and then disappeared. I don't want to re-type all of that info but much more of a trail can be found under Win7 Forums 'Firefox/IE Problems' my earlier post.

 

I hope this doesn't make Hamulias mad!

 

The scans requested have been posted. The machine is still as messed up as ever. even Bleeping computers site is having a bunch of pop ups. My Update History has disappeared. I have been having problems since Dec 18th and thought it was fixed for a few days.

 

Steve


UFO pilot

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:30 PM

Posted 02 January 2015 - 08:02 PM

Hi sudsy.. we will handle this here

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
    Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



    Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  • .
    .
    .
    ADW Cleaner

    Please download AdwCleaner by Xplode and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
  • -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on each one and uncheck any items you want to keep (except you cannot uncheck Chrome and Firefox preferences lines).


    .

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  • .
    .
    .
    .
  • Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 sudsy

sudsy
  • Topic Starter

  • Members
  • 463 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US East Coast
  • Local time:10:30 PM

Posted 02 January 2015 - 08:19 PM

Ok so now Boopme has closed my previous thread and sent me in a loop where the info was supposed to be continued. If I click on the link it takes me back to the top of the same page.

 

Steve


OK i see what to do now.


UFO pilot

#4 sudsy

sudsy
  • Topic Starter

  • Members
  • 463 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US East Coast
  • Local time:10:30 PM

Posted 02 January 2015 - 08:37 PM

First attempt at TDSSKiller scan said no threats found. I could not copy the contents of the file. It  just wouldn't do it. Should I run it again or go to next step? ADW Cleaner.

 

I am using two machines to do this. following mail on both and responding now from infected machine.

 

Steve


UFO pilot

#5 sudsy

sudsy
  • Topic Starter

  • Members
  • 463 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US East Coast
  • Local time:10:30 PM

Posted 02 January 2015 - 10:08 PM

I would like to add...

 

I remember just before all of these problems started I had tried to check in on my security cam, it's a dlink cam, I was in Firefox and was prompted to update my Java to the latest version which was a version 71.*.* or something. The camera had worked the day before and after a few tries I switched to IE11 and it worked fine there. Then the problems started. One of the first things I did was checked my Programs and Features and realized that the only change I had made was the Java update. I removed it in an attempt to return normal operation.

During my problem resolution a couple weeks ago with the same machine I was prompted to remove an older version 67.*.* during the cleanup.

 

Could Java be the culprit of the Update?

 

I see that sweetcarolinsue has sort of the same problem.

 

Steve


UFO pilot

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:30 PM

Posted 02 January 2015 - 10:30 PM

OK move on down the line.. No infection is good enough there.

Vosteran Search (a browser Hijacker) got on your computer after you have installed a freeware software (video recording/streaming, download-managers or PDF creators) that had bundled into their installation this browser hijacker.

The update info is in the Minitoolbox log.

Edited by boopme, 02 January 2015 - 10:32 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 sudsy

sudsy
  • Topic Starter

  • Members
  • 463 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US East Coast
  • Local time:10:30 PM

Posted 02 January 2015 - 11:12 PM

AdwCleaner has been running on that machine for a while. Waiting.

 

Steve


UFO pilot

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:30 PM

Posted 02 January 2015 - 11:14 PM


ok I have to go now but I'll look back in the am.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 sudsy

sudsy
  • Topic Starter

  • Members
  • 463 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US East Coast
  • Local time:10:30 PM

Posted 02 January 2015 - 11:17 PM

Yea, Me too.I will let you know tomorrow if it doesn't finish before long. There is someone else posting about Vosteran.


UFO pilot

#10 sudsy

sudsy
  • Topic Starter

  • Members
  • 463 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US East Coast
  • Local time:10:30 PM

Posted 03 January 2015 - 12:52 PM

OK it ran all night and I finally decided to click on the Clean button. Here's the report:

 

 

# AdwCleaner v4.106 - Report created 03/01/2015 at 08:20:04
# Updated 21/12/2014 by Xplode
# Database : 2015-01-01.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Steve - NOTEBOOK-PC
# Running from : C:\Users\Steve\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v34.0.5 (x86 en-US)

[4lw00n4q.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Vosteran");
[4lw00n4q.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://vosteran.com/?f=1&a=vst_adkpub_15_01_ff&cd=2XzuyEtN2Y1L1QzutDtDtCzy0D0BtA0Czyzz0AyE0EyDyE0DtN0D0Tzu0StCtDzyyCtN1L2XzutAtFyBtFtCtFtAtN1L1CzutCyEtBzytDyD1V1[...]
[9vgevm40.default-1379719606003\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Vosteran");
[9vgevm40.default-1379719606003\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.hmpgUrl", "hxxp://vosteran.com/?f=1&a=vst_adkpub_15_01_ff&cd=2XzuyEtN2Y1L1QzutDtDtCzy0D0BtA0Czyzz0AyE0EyDyE0DtN0D0Tzu0StCtDzyyCtN1L2XzutAtFyBtFtCtFtAtN1L1CzutCyEtBzytDy[...]
[9vgevm40.default-1379719606003\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.newTabUrl", "hxxp://vosteran.com/?f=2&a=vst_adkpub_15_01_ff&cd=2XzuyEtN2Y1L1QzutDtDtCzy0D0BtA0Czyzz0AyE0EyDyE0DtN0D0Tzu0StCtDzyyCtN1L2XzutAtFyBtFtCtFtAtN1L1CzutCyEtBzyt[...]
[9vgevm40.default-1379719606003\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.prtnrId", "WSE_Vosteran");
[9vgevm40.default-1379719606003\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.srchPrvdr", "Vosteran");
[9vgevm40.default-1379719606003\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.tlbrSrchUrl", "hxxp://vosteran.com/?f=3&a=vst_adkpub_15_01_ff&cd=2XzuyEtN2Y1L1QzutDtDtCzy0D0BtA0Czyzz0AyE0EyDyE0DtN0D0Tzu0StCtDzyyCtN1L2XzutAtFyBtFtCtFtAtN1L1CzutCyEtBz[...]
[9vgevm40.default-1379719606003\prefs.js] - Line Deleted : user_pref("extensions.xpiState", "{\"app-profile\":{\"gmailnoads@mywebber.com\":{\"d\":\"C:\\\\Users\\\\Steve\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\9vgevm40.default-1379719606003\[...]
[b8s6e4zw.default-1365557904647\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Vosteran");
[b8s6e4zw.default-1365557904647\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://vosteran.com/?f=1&a=vst_adkpub_15_01_ff&cd=2XzuyEtN2Y1L1QzutDtDtCzy0D0BtA0Czyzz0AyE0EyDyE0DtN0D0Tzu0StCtDzyyCtN1L2XzutAtFyBtFtCtFtAtN1L1CzutCyEtBzytDyD1V1[...]

-\\ Google Chrome v


-\\ Comodo Dragon v


*************************

AdwCleaner[R0].txt - [2953 octets] - [02/01/2015 22:36:17]
AdwCleaner[S0].txt - [2993 octets] - [03/01/2015 08:20:04]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3053 octets] ##########
 


UFO pilot

#11 sudsy

sudsy
  • Topic Starter

  • Members
  • 463 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US East Coast
  • Local time:10:30 PM

Posted 03 January 2015 - 01:17 PM

JRT text.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by Steve on Sat 01/03/2015 at 12:56:14.91
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\Steve\AppData\Roaming\mozilla\firefox\profiles\9vgevm40.default-1379719606003\prefs.js

user_pref("valueApps.autoDisableScopes", -1);
user_pref("valueApps.storage./9B+7E+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B474953462D584D503D263F2D2E3135443B464E4F5B565E695B426D6265523B544243464959505B637D737
user_pref("valueApps.storage./9B+7E,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C4748402C574C4F3C253E2C2E2B2F433A454E59505B57676A66426D62455E69543D56444643465B525D667
user_pref("valueApps.storage./9B+7E-x305", "247E29327641363937333545397E3F493B2F77317E202520362D3842474A58515A5C585D505F593964595C49324B393A3F395047525C4173686B6965677B796F6D7
user_pref("valueApps.storage./9B+7E.:2z527", "247E7075313F3C2C423A7B3C3F2B732D7C7D207923332A3527292D28272F5A4F523F28413132342E34473E493B3D3E3E436E6868645F5D49716658415A4A4B4A4
user_pref("valueApps.storage./9B+7E.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F564654524C474A595A4851505E51523964595C49324B393C3B3E5047525D6C6A6B6F786D68506A6F717
user_pref("valueApps.storage./9B+7E/x305", "247E2B413536327844393C29712B787C7B773027323E4C4343534E2D585B3C253E2C302E34433A45515862695E675A416C6164513A5341454348584F5A666D7B7C7
user_pref("valueApps.storage./9B+7E06CG5EL8:", "6E6D68727372736F6F73");
user_pref("valueApps.storage./9B+7E06CG5EL;8I:K", "247E2D2F226A74736E78797879757579242F4B49474F42357D5D5C3D");
user_pref("valueApps.storage./9B+7E0x305", "247E2C403A407743383B28702A777C757D2F26313E41295547484D515A4E5A59325D5255422B443237303749404B585E685E706E6E6674626E696B4D786D705D465
user_pref("valueApps.storage./9B+7E1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473E454745482F5A4F523F2841302D2F33463D48566265685C6B675F6D70604873686B58415A4946484B5
user_pref("valueApps.storage./9B+7E2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D3229344356554E472E594E51325E4F412A4335373231483F4A59655F5F626C5B717369756975744D786D70517E6
user_pref("valueApps.storage./9B+7E3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352C37474B59574B4A4858584E5E3762573A535E49324B3A3D3F3B504752626C625D75786D766A7C517C7
user_pref("valueApps.storage./9B+7E4x305", "247E302C407642373A276F29777B74762E2530413E4F494A522B55553A233C2B2F282941384354515E5D56615F56685C426D6265523B544346494A59505B6C697A7
user_pref("valueApps.storage./9B+7E5x305", "247E3136422B7743383B28702A79757A772F2631434B3D49564A50592E594E314A55402942322E332F473E495B5D595A6A5E58707262674974696C59425B4B474B5
user_pref("valueApps.storage./9B+7E6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B364953545259585A5A50524E36615659462F4838353D3C4D444F626C6D6B72716A77614D786D705D465
user_pref("valueApps.storage./9B+7E7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347513F445559424C5A315C5154412A4333323037483F4A5E68565B5970606E6C666164734C776C6F5C455E4
user_pref("valueApps.storage./9B+7E8x305", "247E343D3F3B35373B3F367C47472C742E7E782332293449565540472E594E513E274030323533453C475C5558636A656E625E6C616B7068734B766B6E5B445D4D4
user_pref("valueApps.storage./9B+7E9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4F44504C4754585C5048345F5457442D46373135344B424D636B5D5F5F73696B4A756A6D5A435C4D474
user_pref("valueApps.storage./9B+7E:x305", "247E36333B38327844393C29712B7B76797A30273249485545442C574C4F3C253E2F2A2D2D433A455C67555B5E3F6A5F624F3851423D403F564D586F7A68786C717
user_pref("valueApps.storage./9B+7E;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354D462C574C4F3C253E2F2B2B31433A455D6356575C5C5A416C6164513A5344404045584F5A7273717A7
user_pref("valueApps.storage./9B+7E<x305", "247E38343030442F463644377D493E412E7630217D2426352C37504C4757514B4F47345F5457442D4637343A3A4B424D665E705B646571634A756A6D5A435C4D4A5
user_pref("valueApps.storage./9B+7E=x305", "247E3933363F41413739357C483D402D752F207E2022342B36505459574C554F515B345F5457442D46373637384B424D676B706E606F61666B63664D786D705D465
user_pref("valueApps.storage./9B+7E>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A35504F5346482F5A4F523F28413233342F463D48635C5D66626A436E6366533C55464748425A515C77707
user_pref("valueApps.storage./9B+7E?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3652504C5249555256525C35605558452E47383B38364C434E6A706F5F65635D736F677578684C65706
user_pref("valueApps.storage./9B+7E@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2A554A2D46513C253E302B332C433A45626756516259655F5F436E63465F6A553E5749444C445C535E7
user_pref("valueApps.storage./9B+7EAx305", "247E3D3D37387743383B28702A7B7A757E2F26314F4B524B4445494B49485450585952535F513863585B48314A3C3B363D4F46516F6B6E6D63776D687666507B707
user_pref("valueApps.storage./9B+7EBE3G=;D9N9=D", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");
user_pref("valueApps.storage./9B+7EBx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352C37565949484E4F51525C4E4C55535B54605A5A3E695E614E37503B3D41544B567575656D7367796D6
user_pref("valueApps.storage./9B+7ECx305", "247E3F3D303043312E7A463B3E2B732D7B207E3128335351565551575A4F584C5E335E5356432C4534383649404B6B59566C686B46716669563F58474B485C535E7
user_pref("valueApps.storage./9B+7EDx305", "247E4035422A363879453A3D2A722C7D202F26315247543C484A2C575A3B243D2F2F4037426358654D595B3D685D40645F4F38514342544B56776C79616D6F51796
user_pref("valueApps.storage./9B+7Etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C32293423524C5457474A4E50565D4A61515F5D575255643D685D604D364F3D3E3E3D544B5645486A736D696F527
user_pref("valueApps.storage./9B-0?3G>D", "693B6D3E3D706E417A7770467220744B7A7D257E4D4E4F2A51292528562C582D2C30312E");
user_pref("valueApps.storage./9B-0?3G@6:5;", "");
user_pref("valueApps.storage./9B-0?3GFA7EF", "2B2E2C3D");
user_pref("valueApps.storage./9B-3=3ECCJA=F>", "247E333D2C452F4135276F297B7E7D21202F26313E4249357D37382F3A494D5D513F283338435D6554695B65546D57695D5D686365533C70766C66755E");
user_pref("valueApps.storage./9B/>01=9A6K6<IM;KRIE@PDAWM", "6A696B7273747576");
user_pref("valueApps.storage./9B3=>@44I48?", "372C2D3269757633423633414847203E3D474E4D4C45474F2A554A4D2D5858585E4B554E366352564F");
user_pref("valueApps.storage./9B5BA==9CJAG", "663A3D6B6B3E3F717A767145757C4B794B794D217E");
user_pref("valueApps.storage./9B6B11G4C56B>F;P;ANR@P", "6E6D68727372736E7777707677");
user_pref("valueApps.storage./9B90E@.3C;7B=?OFB>>RHIQS", "393F352F3E");
user_pref("valueApps.storage./9B9643G3/9E", "6A");
user_pref("valueApps.storage./9B;45>:BI9I7IE", "2B2E2C3D");
user_pref("valueApps.storage./9B<:222H64<", "393F352F3E");
user_pref("valueApps.storage./9B<:222H64<L8DAJ", "6D70706E7674747976702A7A76727B78757E7C");
user_pref("valueApps.storage./9B=+03EH8H8J?:", "4443");
user_pref("valueApps.storage./9B?+E2A52D8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
user_pref("valueApps.storage./9B?B0D:8AJ62<H", "6D");
user_pref("valueApps.storage./9BA@0<0BI6A7GN:6@L?", "6C");
user_pref("valueApps.storage.PG_ENABLE", "74727565");
user_pref("valueApps.storage.SF_JUST_INSTALLED", "46414C5345");
user_pref("valueApps.storage.SF_STATUS", "454E41424C4544");
user_pref("valueApps.storage.SF_USER_ID", "6369645F31383132303134303236343031323935393735");
user_pref("valueApps.storage._key_edilia__uID", "30363532626339352D663366352D343462332D383865382D386131646135613537336165");
user_pref("valueApps.storage.cbfirsttime", "536174204A616E20313820323031342030303A32363A343120474D542D3035303020284561737465726E205374616E646172642054696D6529");
user_pref("valueApps.storage.impression_session_counter", "30");
user_pref("valueApps.storage.impression_session_id", "2265636266313935372D616235332D343966352D386237662D61636530636131383062643622");
user_pref("valueApps.storage.impression_session_last_active", "31333930303232393538363234");
user_pref("valueApps.storage.mam_gk_appStateReportTime", "31333930303232373939333837");
user_pref("valueApps.storage.mam_gk_appsConfig", "7B2241707073436F6E66696775726174696F6E223A5B7B226964223A226170703133222C2275726C223A22687474703A2F2F73746F726167652E636F6E647
user_pref("valueApps.storage.mam_gk_appsDefaultEnabled", "6E756C6C");
user_pref("valueApps.storage.mam_gk_calledSetupService", "31");
user_pref("valueApps.storage.mam_gk_currentVersion", "312E31322E302E35");
user_pref("valueApps.storage.mam_gk_first_time", "31");
user_pref("valueApps.storage.mam_gk_lastLoginTime", "31333930303232373939363838");
user_pref("valueApps.storage.mam_gk_localization", "7B226469616C6F674F4B223A7B2254657874223A224F4B227D2C22646D626F7831223A7B2254657874223A224465616C5C725C6E6F66207468652064617
user_pref("valueApps.storage.mam_gk_mamEnabled", "74727565");
user_pref("valueApps.storage.mam_gk_settings1.12.0.5", "7B22537461747573223A22737563636565646564222C2244617461223A7B2263757272656E7444617465223A223230313430313138222C22696E746
user_pref("valueApps.storage.mam_gk_showWelcomeGadget", "66616C7365");
user_pref("valueApps.storage.mam_gk_stamp", "38365F30");
user_pref("valueApps.storage.mam_gk_userId", "33666539316639632D366330372D343233662D623930332D656636633062326639646139");
user_pref("valueApps.storage.mam_gk_user_approval_interacted", "");
user_pref("valueApps.storage.rematchGround-country-code", "22555322");
user_pref("valueApps.storage.rematchGround.upstairs", "7B22687474703A2F2F66617374636F6E74656E742E636F6E647569742E636F6D2F646F776E6C6F61645F6F66666572732E68746D6C3F637469643D63
user_pref("valueApps.storage.rematchagent-is-test-user", "66616C7365");
user_pref("valueApps.storage.rematchagent-matkot-user-id", "22313339303032323739353338333933323334353622");
user_pref("valueApps.storage.rematchagent-periodic-reports", "7B2270696E675F30223A5B313339303032323830303338352C31343430303030305D7D");
user_pref("valueApps.storage.rematchagent-user-id", "2230396464323139392D323761312D346562322D386663312D36666233626637346438346222");
Emptied folder: C:\Users\Steve\AppData\Roaming\mozilla\firefox\profiles\9vgevm40.default-1379719606003\minidumps [214 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 01/03/2015 at 13:02:56.63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


UFO pilot

#12 sudsy

sudsy
  • Topic Starter

  • Members
  • 463 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US East Coast
  • Local time:10:30 PM

Posted 03 January 2015 - 01:28 PM

ESET running. Need to run some errands. be back later.

 

Steve


UFO pilot

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:30 PM

Posted 03 January 2015 - 02:45 PM

OK ESET may take a couple ours, but we already got some Vosteran.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 sudsy

sudsy
  • Topic Starter

  • Members
  • 463 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US East Coast
  • Local time:10:30 PM

Posted 03 January 2015 - 04:21 PM

Ok ESET scan file. It found two files.

 

Are these tools something that I should keep on my computer. I understand that some like ESET have charges and I do have Malwarebytes Pro installed on my machines and it is up to date.

 

C:\Users\Steve\Downloads\Setup.exe    a variant of Win32/InstallCore.UQ potentially unwanted application    deleted - quarantined
C:\Users\Steve\Downloads\spsetup127.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
 


UFO pilot

#15 sudsy

sudsy
  • Topic Starter

  • Members
  • 463 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US East Coast
  • Local time:10:30 PM

Posted 03 January 2015 - 04:36 PM

I still have a problem with missing buttons on all of my forum pages from RCGroups while using Firefox. Should I uninstall Firefox and re-install it again? HDD activity light tells me that Malwarebytes is running a scan right now. I have restarted that machine since finishing ESET scan and making last post here.

 

Everything on forum pages is normal on another machine.

 

I am pretty much convinced that the java update is where I picked up all of this stuff.

 

Firefox is V 34.0.5

 

Steve


UFO pilot




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users