Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

a variant of win 64 browse fox.cl


  • Please log in to reply
20 replies to this topic

#1 norm11

norm11

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 23 January 2015 - 12:31 PM

Hi A mounth ago you help me with almost the same bug and I belive at that time it was gone but it's here and worse than ever. pop up galore.

ESET online pick up this one but do not remove it. (a variant of win 64 browse fox.cl) THANKS



BC AdBot (Login to Remove)

 


m

#2 buddy215

buddy215

  • BC Advisor
  • 12,597 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:08 AM

Posted 23 January 2015 - 01:27 PM

I know you said that Eset didn't remove the adware but I still want to see what it finds so please run the last scan...Eset Online Scanner....too.

 

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).

  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.

POST THE MBAM LOG FOR REVIEW.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download


  • download AdwCleaner by Xplode and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Hold down Control and click on this link to open ESET OnlineScan in a new window. (Eset can take more than an hour to run so plan accordingly)

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 norm11

norm11
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 24 January 2015 - 12:00 PM

THANKS FOR THE HELP Here the Reports.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 23/01/2015
Scan Time: 3:21:29 PM
Logfile: MBAM.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.23.10
Rootkit Database: v2015.01.14.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: norma

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 384915
Time Elapsed: 14 min, 5 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

# AdwCleaner v4.108 - Report created 23/01/2015 at 17:44:50
# Updated 17/01/2015 by Xplode
# Database : 2015-01-23.3 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : norma - INGRID-PC
# Running from : C:\Users\norma\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v35.0 (x86 en-US)


*************************

AdwCleaner[R0].txt - [751 octets] - [23/01/2015 17:38:45]
AdwCleaner[S0].txt - [673 octets] - [23/01/2015 17:44:50]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [732 octets] ##########
 

 

 

 

C:\$Recycle.Bin\S-1-5-21-3060193818-780826043-819785903-1003\$RQ7OTHI.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
 



#4 buddy215

buddy215

  • BC Advisor
  • 12,597 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:08 AM

Posted 24 January 2015 - 01:11 PM

What evidence....such ads or search misdirections...is there now?


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#5 norm11

norm11
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 24 January 2015 - 01:56 PM

Malwarebytes Ant-imalware is poping up non stop on the right bottom of my screen telling me Malicious Webside Blocked.

c:\program files (x86)Mozilla Firefox\firefox.exe.



#6 buddy215

buddy215

  • BC Advisor
  • 12,597 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:08 AM

Posted 24 January 2015 - 02:12 PM

This is during the time that Firefox is open or closed?

 

Open CCleaner and click on Startups. On that page you will see a list of Windows Startups and at the top you will see buttons for browsers and Tasks. At the

bottom of the page you will see a button when clicked will allow you to Copy and Paste the Windows Startup items and the startup items for each of the buttons

at the top of the page. Please post those lists in your next post.

 

Run a scan using Emsisoft AntiMalware Download and post the log of what it finds and removes. Use the free version.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#7 norm11

norm11
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 24 January 2015 - 05:44 PM

Only went Firefox is open . Here is the Reports.

 

Yes    HKCU:Run    CCleaner Monitoring    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes    HKCU:Run    EPSON Stylus CX5800F Series    SEIKO EPSON CORPORATION    C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIALA.EXE /FU "C:\Windows\TEMP\E_S97BA.tmp" /EF "HKCU"
Yes    HKCU:Run    OfficeSyncProcess    Microsoft Corporation    "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
Yes    HKCU:Run    tixati    Tixati Software Inc.    "C:\Program Files\tixati\tixati.exe" -startminimized -d1
Yes    HKLM:Run    AvastUI.exe    AVAST Software    "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
Yes    HKLM:Run    BCSSync    Microsoft Corporation    "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
Yes    HKLM:Run    BrStsMon00    Brother Industries, Ltd.    C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
Yes    HKLM:Run    ControlCenter3    Brother Industries, Ltd.    C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
Yes    HKLM:Run    emsisoft anti-malware    Emsisoft GmbH    "c:\program files (x86)\emsisoft anti-malware\a2guard.exe" /d=60
Yes    HKLM:Run    iTunesHelper    Apple Inc.    "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
Yes    HKLM:Run    mwlDaemon        C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
Yes    HKLM:Run    NvBackend    NVIDIA Corporation    "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
Yes    HKLM:Run    RtHDVCpl    Realtek Semiconductor    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
Yes    HKLM:Run    ShadowPlay    Microsoft Corporation    C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
Yes    HKLM:Run    Syncios device service        C:\Program Files (x86)\Syncios\SynciosDeviceService.exe
 

Yes    Extension    Blog This    Microsoft Corporation    C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
Yes    Extension    Lync Click to Call    Microsoft Corporation    C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
Yes    Extension    Lync Click to Call    Microsoft Corporation    C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
Yes    Extension    OneNote Linked Notes    Microsoft Corporation    C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
Yes    Extension    OneNote Linked Notes    Microsoft Corporation    C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
Yes    Extension    Send to OneNote    Microsoft Corporation    C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
Yes    Extension    Send to OneNote    Microsoft Corporation    C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
Yes    Helper    avast! Online Security    AVAST Software    C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
Yes    Helper    avast! Online Security    AVAST Software    C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
No    Helper    Groove GFS Browser Helper    Microsoft Corporation    C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
No    Helper    Groove GFS Browser Helper    Microsoft Corporation    C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
Yes    Helper    Lync Browser Helper    Microsoft Corporation    C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
Yes    Helper    Lync Browser Helper    Microsoft Corporation    C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
Yes    Helper    Microsoft SkyDrive Pro Browser Helper    Microsoft Corporation    C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL
Yes    Helper    Microsoft SkyDrive Pro Browser Helper    Microsoft Corporation    C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
Yes    Helper    Office Document Cache Handler    Microsoft Corporation    C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
Yes    Helper    Office Document Cache Handler    Microsoft Corporation    C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
Yes    Helper    Windows Live ID Sign-in Helper    Microsoft Corp.    C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
Yes    Helper    Windows Live ID Sign-in Helper    Microsoft Corp.    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

 

 

Yes    Extension    Adblock Plus    2.6.7    Wladimir Palant    default    Firefox 35.0    C:\Users\norma\AppData\Roaming\Mozilla\Firefox\Profiles\k7i86w67.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
Yes    Extension    AdvanceElite    1.0.1    AdvanceElite    default    Firefox 35.0    C:\Users\norma\AppData\Roaming\Mozilla\Firefox\Profiles\k7i86w67.default\extensions\{336e37ae-3235-4f16-98ec-8cdf679be7d2}.xpi
Yes    Extension    avast! Online Security    9.0.2021.112    AVAST Software    default    Firefox 35.0    C:\Program Files\AVAST Software\Avast\WebRep\FF
Yes    Plugin    Adobe Acrobat    11.0.10.32    Adobe Systems Inc.    default    Firefox 35.0    C:\Program Files (x86)\Adobe\Reader 11.0\Reader\browser\nppdf32.dll
Yes    Plugin    Google Earth Plugin    7.1.2.2041    Google    default    Firefox 35.0    C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
Yes    Plugin    Google Update    1.3.25.11    Google Inc.    default    Firefox 35.0    C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
Yes    Plugin    iTunes Application Detector    1.0.1.1    Apple Inc.    default    Firefox 35.0    C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
Yes    Plugin    Microsoft Office 2010    14.0.4730.1010    Microsoft Corporation    default    Firefox 35.0    C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
Yes    Plugin    Microsoft Office 2010    14.0.4761.1000    Microsoft Corporation    default    Firefox 35.0    C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
Yes    Plugin    Microsoft Office 2013    15.0.4514.1000    Microsoft Corporation    default    Firefox 35.0    C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
Yes    Plugin    Microsoft Office 2013    15.0.4545.1000    Microsoft Corporation    default    Firefox 35.0    C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
Yes    Plugin    NVIDIA 3D Vision    7.17.13.3788    NVIDIA Corporation    default    Firefox 35.0    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
Yes    Plugin    NVIDIA 3D VISION    7.17.13.3788    NVIDIA Corporation    default    Firefox 35.0    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
Yes    Plugin    Shockwave Flash    16.0.0.296    Adobe Systems Incorporated    default    Firefox 35.0    C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll
Yes    Plugin    Silverlight Plug-In    5.1.30514.0     Microsoft Corporation    default    Firefox 35.0    c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll
Yes    Plugin    VLC Web Plugin    2.0.6.0    VideoLAN    default    Firefox 35.0    C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
Yes    Plugin    Windows Live Photo Gallery    15.4.3502.922    Microsoft Corporation    default    Firefox 35.0    C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

 

Yes    Task    Adobe Acrobat Update Task    Adobe Systems Incorporated    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Yes    Task    Adobe Flash Player Updater    Adobe Systems Incorporated    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes    Task    CCleanerSkipUAC    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes    Task    GoogleUpdateTaskMachineCore    Google Inc.    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes    Task    GoogleUpdateTaskMachineUA    Google Inc.    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes    Task    SidebarExecute    Microsoft Corporation    C:\Program Files\Windows Sidebar\sidebar.exe /addGadget
Yes    Task    {9F009640-7883-41B9-B78C-DD0CEAACF63D}    Mozilla Corporation    "c:\program files (x86)\mozilla firefox\firefox.exe" http://www.skype.com/go/downloading?source=l

Yes    Directory    Add to VLC media player's Playlist    VideoLAN    "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1"
Yes    Directory    Play with VLC media player    VideoLAN    "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1"
Yes    Drive    Emsisoft Shell Extension    Emsisoft GmbH    C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\A2CONTMENU.DLL
Yes    Drive    Emsisoft Shell Extension x64    Emsisoft GmbH    C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL
Yes    File    00avast    AVAST Software    C:\Program Files\AVAST Software\Avast\ashShA64.dll
Yes    File    avast    AVAST Software    C:\Program Files\AVAST Software\Avast\ashShA64.dll
Yes    File    Emsisoft Shell Extension    Emsisoft GmbH    C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\A2CONTMENU.DLL
Yes    File    Emsisoft Shell Extension x64    Emsisoft GmbH    C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL
Yes    Folder    avast    AVAST Software    C:\Program Files\AVAST Software\Avast\ashShA64.dll
Yes    Folder    Emsisoft Shell Extension    Emsisoft GmbH    C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\A2CONTMENU.DLL
Yes    Folder    Emsisoft Shell Extension x64    Emsisoft GmbH    C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL

 

Emsisoft Anti-Malware - Version 9.0
Last update: 24/01/2015 1:00:25 PM
User account: Ingrid-PC\norma

Scan settings:

Scan type: Smart Scan
Objects: Rootkits, Memory, Traces, C:\Windows\, C:\Program Files\, C:\Program Files (x86)\

Detect PUPs: Off
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:    24/01/2015 1:31:47 PM
Key: HKEY_USERS\.DEFAULT\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}     detected: Application.Win32.InstallAd (A)
Key: HKEY_USERS\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}     detected: Application.Win32.InstallAd (A)

Scanned    213336
Found    2

Scan end:    24/01/2015 2:13:03 PM
Scan time:    0:41:16

Key: HKEY_USERS\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}    Quarantined Application.Win32.InstallAd (A)

Quarantined    1



#8 buddy215

buddy215

  • BC Advisor
  • 12,597 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:08 AM

Posted 24 January 2015 - 07:11 PM

Just a quick look tells me Yes    Extension    AdvanceElite    1.0.1    AdvanceElite    default    Firefox 35.0    C:\Users\norma\AppData\Roaming\Mozilla\Firefox\Profiles\k7i86w67.default\extensions\{336e37ae-3235-4f16-98ec-8cdf679be7d2}.xpi is the culprit. Go ahead and disable or remove the extension in Firefox. A bit surprised that one of the other programs didn't pick that up.

 

I will have other suggestions after reviewing all the startups. But test to see if disabling or uninstalling that extension quiets MBAM.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#9 buddy215

buddy215

  • BC Advisor
  • 12,597 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:08 AM

Posted 24 January 2015 - 08:00 PM

Disable these Windows Startups for faster booting and to use less memory:

Yes    HKCU:Run    CCleaner Monitoring    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

Yes    HKCU:Run    EPSON Stylus CX5800F Series    SEIKO EPSON CORPORATION    C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIALA.EXE /FU "C:\Windows\TEMP\E_S97BA.tmp" /EF "HKCU"  (unless you do printing every day)

Yes    HKCU:Run    tixati    Tixati Software Inc.    "C:\Program Files\tixati\tixati.exe" -startminimized -d1

Yes    HKLM:Run    BrStsMon00    Brother Industries, Ltd.    C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN (unless you do printing every day)
Yes    HKLM:Run    ControlCenter3    Brother Industries, Ltd.    C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun (unless you do printing every day)
Yes    HKLM:Run    emsisoft anti-malware    Emsisoft GmbH    "c:\program files (x86)\emsisoft anti-malware\a2guard.exe" /d=60  (You can uninstall Emsisoft)
Yes    HKLM:Run    iTunesHelper    Apple Inc.    "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

 

Suggest disabling these Firefox Add-ons:

 

Yes    Extension    avast! Online Security    9.0.2021.112    AVAST Software    default    Firefox 35.0    C:\Program Files\AVAST Software\Avast\WebRep\FF
Yes    Plugin    Adobe Acrobat    11.0.10.32    Adobe Systems Inc.    default    Firefox 35.0    C:\Program Files (x86)\Adobe\Reader 11.0\Reader\browser\nppdf32.dll (Firefox has its own PDF reader)
Yes    Plugin    Google Earth Plugin    7.1.2.2041    Google    default    Firefox 35.0    C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
Yes    Plugin    Google Update    1.3.25.11    Google Inc.    default    Firefox 35.0    C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll

Yes    Plugin    Silverlight Plug-In    5.1.30514.0     Microsoft Corporation    default    Firefox 35.0    c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll

Yes    Plugin    Windows Live Photo Gallery    15.4.3502.922    Microsoft Corporation    default    Firefox 35.0    C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

 

Disable these Tasks:

 

Yes    Task    Adobe Acrobat Update Task    Adobe Systems Incorporated    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Yes    Task    Adobe Flash Player Updater    Adobe Systems Incorporated    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes    Task    CCleanerSkipUAC    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes    Task    GoogleUpdateTaskMachineCore    Google Inc.    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes    Task    GoogleUpdateTaskMachineUA    Google Inc.    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes    Task    SidebarExecute    Microsoft Corporation    C:\Program Files\Windows Sidebar\sidebar.exe /addGadget
Yes    Task    {9F009640-7883-41B9-B78C-DD0CEAACF63D}    Mozilla Corporation    "c:\program files (x86)\mozilla firefox\firefox.exe" http://www.skype.com/go/downloading?source=l


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#10 norm11

norm11
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 24 January 2015 - 08:10 PM

Soory but how do I disable all this ??



#11 buddy215

buddy215

  • BC Advisor
  • 12,597 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:08 AM

Posted 24 January 2015 - 08:46 PM

Preferably in Firefox click on Tools and choose Add-ons. Then choose extensions and disable the extensions listed. Then choose plugins and disable the plugins mentioned.

Uninstall the AdvanceElite extension if that option is offered....I think it will be.

 

You can use CCleaner by going back to the Tools > Startups and clicking on each item in each startup list to highlight and then on the right choose disable.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#12 norm11

norm11
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 24 January 2015 - 10:01 PM

Ok done look pretty good now.



#13 buddy215

buddy215

  • BC Advisor
  • 12,597 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:08 AM

Posted 24 January 2015 - 10:12 PM

Yeah, after a day or two if that extension doesn't show up again then I think at that point you can declare victory.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#14 norm11

norm11
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 25 January 2015 - 07:21 PM

It's back Malwarebytes Ant-imalware is poping up  on the right bottom of my screen telling me Malicious Webside Blocked.

 From Firefox and Tixati. just a few time for now.



#15 buddy215

buddy215

  • BC Advisor
  • 12,597 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:08 AM

Posted 25 January 2015 - 08:08 PM

Open CCleaner and click on Tools. Choose Uninstall. At the bottom right of that page you will see a button when clicked will allow you to

Copy and Paste the list of installed programs in your next post. Please do that.

 

While on that page click on Tixati to highlight and on the right choose uninstall.

You can also open Firefox and remove the extension for AdvanceElite....again. If it is there. Check all of the extensions and disable any suspicious ones.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users