Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please help! Firefox infected


  • Please log in to reply
16 replies to this topic

#1 b_lo42

b_lo42

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 04 April 2015 - 11:48 AM

Greetings to the good folks at bleepingcomputer!

 

It seems like my Firefox browser has fallen ill, very ill. I'm hoping you can help. I am marginally computer literate, but solving this problem is beyond me. I believe some kind of Adware has taken over my browser. Websites are slow to completely unresponsive and free text fields are linking to ad sites. Please help!

 

I'm running Windows 7. If you need additional detail about my HW or OS please let me know.

 

Thanks so much for the help!

All the best,

Ben H



BC AdBot (Login to Remove)

 


m

#2 AndroidOS

AndroidOS

    Malware Search++ developer


  • Security Developer
  • 146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:04 AM

Posted 04 April 2015 - 12:05 PM

Hi b_lo42,

 

If you could run through the following instructions, that would be great. :) We'll see what these tools find and move on from there.

 

PMYCj.gif Please download Malwarebytes Anti-Malware from Malwarebytes.org.
Alternate link: Download Mirror
 
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)
 
Double Click mbam-setup.exe to install the application.
 
(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)
 

 

  • Open up Malwarebytes Anti-Malware
  • Once the program has loaded, select "Scan Now". 
  • If prompted to update the malware definitions, do so by clicking Update Now.
  • The scan may take some time to finish,so please be patient.
  • If the scan finds threats, ensure all items are set to Quarantine, click the "Apply Actions" button and then restart the machine (if required). 
  • Once the scan is complete, click Export Log > Text File (*.txt) and save the file to your desktop.
  • Copy and paste the contents of this log in your next post.
 
If Malwarebytes fails to download please use the following link:
 
 
==========
 

Please download JRT from here & double click to start the program.

 

  • Hit any key when prompted and allow it to run through it's process.
 
H2HaYv4.png
 
 
  • Post the log when it's finished.
 
 
==========
 

Please download AdwCleaner by Xplode onto your desktop.

 

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[R0].txt as well.
 

 



#3 b_lo42

b_lo42
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 04 April 2015 - 01:12 PM

Thanks so much for the quick response! I have attached the logfiles below as requested. Please let me know next steps.

 

Cheers,
Ben H

 

------------------------

Malware - Daily protection log

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Update, 4/4/2015 12:09:16 PM, SYSTEM, DF1-PBLEXDL, Manual, Rootkit Database, 2015.2.25.1, 2015.3.31.1,
Update, 4/4/2015 12:09:29 PM, SYSTEM, DF1-PBLEXDL, Manual, Malware Database, 2015.3.9.5, 2015.4.4.5,
Scan, 4/4/2015 12:20:28 PM, SYSTEM, DF1-PBLEXDL, Manual, Start:4/4/2015 12:10:03 PM, Duration:9 min 13 sec, Threat Scan, Completed, 2 Malware Detections, 110 Non-Malware Detections,
Error, 4/4/2015 12:22:52 PM, SYSTEM, DF1-PBLEXDL, Protection, IsLicensed, 13,
Protection, 4/4/2015 12:22:52 PM, SYSTEM, DF1-PBLEXDL, Protection, Malware Protection, Stopping,
Protection, 4/4/2015 12:22:52 PM, SYSTEM, DF1-PBLEXDL, Protection, Malware Protection, Stopped,

(end)

 

-------------------------------------

Malware - Scan log

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/4/2015
Scan Time: 12:10:03 PM
Logfile: Malwarebytes_scan log.txt
Administrator: Yes

Version: 2.01.4.1018
Malware Database: v2015.04.04.05
Rootkit Database: v2015.03.31.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Ben.Hoster

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 442280
Time Elapsed: 9 min, 13 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 42
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0051390.BHO, Quarantined, [9302c1a77218d95d5ba0657bbd46b947],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\3874, Quarantined, [e9acc2a6206a77bf6edea25901026a96],
PUP.Optional.TornTV.A, HKLM\SOFTWARE\WOW6432NODE\Torntv V9.0, Quarantined, [5e37ea7eed9dea4c16e3e1277e869967],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0051390.BHO, Quarantined, [2d68f1775d2dfb3ba05bf1ef23e09e62],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE, Quarantined, [3c5960085e2c092d94f006dcf70cb050],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLEDBROWSEREXTENSIONS\3874, Quarantined, [b2e35e0ae4a6979f88c47a812ed5f20e],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=10, Quarantined, [74211850c0ca48eea350b886af56946c],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=4, Quarantined, [b3e284e4c4c63105e2128faf5fa63bc5],
PUP.Optional.TornTV.A, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\Torntv V9.0, Quarantined, [4253dc8c8109310531ad9f629b698080],
PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-1836799174-1013579674-1902482439-23725731\SOFTWARE\1ClickDownload, Quarantined, [9ff68adec3c7de58d371fc2235d04eb2],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1836799174-1013579674-1902482439-23725731\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [fb9a6bfdd7b3ea4c58b651e084818f71],
PUP.Optional.TornTV.A, HKU\S-1-5-21-1836799174-1013579674-1902482439-23725731\SOFTWARE\APPDATALOW\SOFTWARE\Torntv V9.0, Quarantined, [3b5a145478121026efef8c75d92b2ad6],
PUP.Optional.GlobalUpdate.C, HKU\S-1-5-21-1836799174-1013579674-1902482439-23725731\SOFTWARE\GLOBALUPDATE\UPDATE\PROXY, Quarantined, [c4d10b5d2c5edb5b5183d7de3cc741bf],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1836799174-1013579674-1902482439-23725731\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\3874, Quarantined, [593ca8c0bcce4aec63f7825572917a86],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1836799174-1013579674-1902482439-23725731\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\installdaddy, Quarantined, [197c9ace28626cca9745fb220ef77789],
PUP.Optional.GlobalUpdate.T, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\globalUpdate, Quarantined, [9bfa392fec9eb87ea430a8ee27dce719],
PUP.Optional.GlobalUpdate.T, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\globalUpdatem, Quarantined, [9bfa392fec9eb87ea430a8ee27dce719],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, [9bfa392fec9eb87ea430a8ee27dce719],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, [9bfa392fec9eb87ea430a8ee27dce719],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, Quarantined, [9bfa392fec9eb87ea430a8ee27dce719],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\globalUpdate.OneClickCtrl.10, Quarantined, [9bfa392fec9eb87ea430a8ee27dce719],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdate.OneClickCtrl.10, Quarantined, [9bfa392fec9eb87ea430a8ee27dce719],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\WOW6432NODE\globalUpdate.OneClickCtrl.10, Quarantined, [9bfa392fec9eb87ea430a8ee27dce719],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, Quarantined, [9bfa392fec9eb87ea430a8ee27dce719],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, Quarantined, [9bfa392fec9eb87ea430a8ee27dce719],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, Quarantined, [9bfa392fec9eb87ea430a8ee27dce719],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, Quarantined, [9bfa392fec9eb87ea430a8ee27dce719],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\globalUpdate.Update3WebControl.4, Quarantined, [9bfa392fec9eb87ea430a8ee27dce719],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdate.Update3WebControl.4, Quarantined, [9bfa392fec9eb87ea430a8ee27dce719],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\WOW6432NODE\globalUpdate.Update3WebControl.4, Quarantined, [9bfa392fec9eb87ea430a8ee27dce719],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, Quarantined, [9bfa392fec9eb87ea430a8ee27dce719],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, Quarantined, [9bfa392fec9eb87ea430a8ee27dce719],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, Quarantined, [9bfa392fec9eb87ea430a8ee27dce719],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}, Quarantined, [9bfa392fec9eb87ea430a8ee27dce719],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}, Quarantined, [9bfa392fec9eb87ea430a8ee27dce719],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}, Quarantined, [9bfa392fec9eb87ea430a8ee27dce719],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}, Quarantined, [9bfa392fec9eb87ea430a8ee27dce719],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110511131190}, Quarantined, [5b3a79ef9af02b0ba43a4bb244c10cf4],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110511131190}, Quarantined, [5b3a79ef9af02b0ba43a4bb244c10cf4],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CrossriderApp0051390.BHO, Quarantined, [5b3a79ef9af02b0ba43a4bb244c10cf4],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1836799174-1013579674-1902482439-23725731\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110511131190}, Quarantined, [5b3a79ef9af02b0ba43a4bb244c10cf4],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1836799174-1013579674-1902482439-23725731\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110511131190}, Quarantined, [5b3a79ef9af02b0ba43a4bb244c10cf4],

Registry Values: 5
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE|path, C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe, Quarantined, [3c5960085e2c092d94f006dcf70cb050]
PUP.Optional.GlobalUpdate.C, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATEDEV|AuCheckPeriodMs, 21600000, Quarantined, [4253da8e9ceead89d66504b10201738d]
PUP.Optional.GlobalUpdate.C, HKU\S-1-5-21-1836799174-1013579674-1902482439-23725731\SOFTWARE\GLOBALUPDATE\UPDATE\PROXY|source, IE, Quarantined, [c4d10b5d2c5edb5b5183d7de3cc741bf]
Hijack.ControlPanelStyle, HKU\S-1-5-21-1836799174-1013579674-1902482439-23725731\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceClassicControlPanel, 1, Quarantined, [890cc3a54a40979fc66b8fe9fd071be5]
Hijack.ControlPanelStyle, HKU\S-1-5-21-3672122147-738796487-2669462349-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceClassicControlPanel, 1, Quarantined, [b2e33533cebc5dd94fe212667490718f]

Registry Data: 1
PUM.Hijack.HomePageControl, HKU\S-1-5-21-1836799174-1013579674-1902482439-23725731\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\CONTROL PANEL|HomePage, 1, Good: (0), Bad: (1),Replaced,[2e679dcb18722214f8e4d51c08fd7b85]

Folders: 11
PUP.Optional.TornTV.A, C:\Program Files (x86)\Torntv V9.0, Quarantined, [b1e4b8b0a8e244f22b5dea9842c17888],
PUP.Optional.TornTV.A, C:\Users\Ben.Hoster\AppData\LocalLow\Torntv V9.0, Quarantined, [088d2246a2e89b9b8a9a770d6e958779],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update, Quarantined, [9bfa392fec9eb87ea430a8ee27dce719],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0, Quarantined, [9bfa392fec9eb87ea430a8ee27dce719],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Download, Quarantined, [9bfa392fec9eb87ea430a8ee27dce719],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Download\{03A6B93C-9848-4355-A546-66C5481421F4}, Quarantined, [9bfa392fec9eb87ea430a8ee27dce719],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Download\{03A6B93C-9848-4355-A546-66C5481421F4}\1.3.25.27, Quarantined, [9bfa392fec9eb87ea430a8ee27dce719],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Install, Quarantined, [9bfa392fec9eb87ea430a8ee27dce719],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Offline, Quarantined, [9bfa392fec9eb87ea430a8ee27dce719],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Offline\{DD0F7C6B-603A-4089-BD12-6A25CC635855}, Quarantined, [9bfa392fec9eb87ea430a8ee27dce719],
PUP.Optional.GlobalUpdate.A, C:\Users\Ben.Hoster\AppData\Local\Temp\comh.439117, Quarantined, [bcd98ade7416d561539af99df2116e92],

Files: 53
PUP.Optional.CrossRider.A, C:\Users\Ben.Hoster\AppData\Roaming\rxwLwefRvRkBkSDH.exe, Quarantined, [e7aec6a2e9a17fb71ef9b99e18e89c64],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\Torntv V9.0\ecd06da5-7041-4c5c-acbf-762244f49e9d-11.exe, Quarantined, [74218edaa7e34fe7db3b1d3ad7290bf5],
PUP.Optional.Conduit.A, C:\Users\Ben.Hoster\AppData\Local\Temp\nsl8B9D.tmp\embededstub.exe, Quarantined, [7f169acec6c4320491fe50f4dc2421df],
PUP.Optional.CrossRider, C:\Users\Ben.Hoster\AppData\Local\Temp\nsl8B9D.tmp\trtextsetup.exe, Quarantined, [8114d890f6948da94568bf0c4fb24ab6],
PUP.Optional.WebSpades.A, C:\Users\Ben.Hoster\AppData\Local\Temp\WebSpades\WebSpades_Setup.exe, Quarantined, [e8ade97f0981b086ae69e07553ad669a],
PUP.Optional.OneClickDownloader.A, C:\Users\Ben.Hoster\Downloads\not_another_plane_bleep_movie_2014_Verified.exe, Quarantined, [851075f33e4cfd396fc96fd249b858a8],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\ecd06da5-7041-4c5c-acbf-762244f49e9d-1, Quarantined, [b7de6107f89290a6c9b691514bb8ec14],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\ecd06da5-7041-4c5c-acbf-762244f49e9d-11, Quarantined, [31641652dcae7bbbb5caf0f21ee503fd],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\ecd06da5-7041-4c5c-acbf-762244f49e9d-2, Quarantined, [cbcaca9e3b4f0234b8c7c31fc43f36ca],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\ecd06da5-7041-4c5c-acbf-762244f49e9d-4, Quarantined, [2174ca9eee9c57df740bf0f28380827e],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\ecd06da5-7041-4c5c-acbf-762244f49e9d-5, Quarantined, [2b6a01671f6bc571d5aabd257f8439c7],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\ecd06da5-7041-4c5c-acbf-762244f49e9d-5_user, Quarantined, [7421c2a6e0aae551d6a95e8459aafb05],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\ecd06da5-7041-4c5c-acbf-762244f49e9d-1.job, Quarantined, [2c69c7a197f391a5f4f13b0109fcbf41],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\ecd06da5-7041-4c5c-acbf-762244f49e9d-11.job, Quarantined, [4b4a4b1d167470c66b7ad9633acbcd33],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\ecd06da5-7041-4c5c-acbf-762244f49e9d-2.job, Quarantined, [b2e389df90faea4c786d61db3fc68080],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\ecd06da5-7041-4c5c-acbf-762244f49e9d-4.job, Quarantined, [91048bdd89010a2c9451c17b699ca25e],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\ecd06da5-7041-4c5c-acbf-762244f49e9d-5.job, Quarantined, [276eb2b644468ea8bd28e15b11f4c43c],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\ecd06da5-7041-4c5c-acbf-762244f49e9d-5_user.job, Quarantined, [9302de8ae6a485b172735ce0966f8a76],
PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job, Quarantined, [dbba2f39444688aed1239d9f010426da],
PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore, Quarantined, [01947deb4842b68027ce6dcf7293a35d],
PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job, Quarantined, [0b8a2d3b1a7031058670b4880cf942be],
PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA, Quarantined, [573e06622e5c38fe64935fdd788d4ab6],
PUP.Optional.TornTV.A, C:\Program Files (x86)\Torntv V9.0\1293297481.mxaddon, Quarantined, [b1e4b8b0a8e244f22b5dea9842c17888],
PUP.Optional.TornTV.A, C:\Program Files (x86)\Torntv V9.0\360-51390.crx, Quarantined, [b1e4b8b0a8e244f22b5dea9842c17888],
PUP.Optional.TornTV.A, C:\Program Files (x86)\Torntv V9.0\51390.xpi, Quarantined, [b1e4b8b0a8e244f22b5dea9842c17888],
PUP.Optional.TornTV.A, C:\Program Files (x86)\Torntv V9.0\background.html, Quarantined, [b1e4b8b0a8e244f22b5dea9842c17888],
PUP.Optional.TornTV.A, C:\Program Files (x86)\Torntv V9.0\ecd06da5-7041-4c5c-acbf-762244f49e9d.crx, Quarantined, [b1e4b8b0a8e244f22b5dea9842c17888],
PUP.Optional.TornTV.A, C:\Program Files (x86)\Torntv V9.0\Torntv V9.0.ico, Quarantined, [b1e4b8b0a8e244f22b5dea9842c17888],
PUP.Optional.TornTV.A, C:\Users\Ben.Hoster\AppData\LocalLow\Torntv V9.0\DTFProxyToServerSect_bCrossriderApp0051390_p2340.dat, Quarantined, [088d2246a2e89b9b8a9a770d6e958779],
PUP.Optional.TornTV.A, C:\Users\Ben.Hoster\AppData\LocalLow\Torntv V9.0\DTFProxyToServerSect_bCrossriderApp0051390_p31404.dat, Quarantined, [088d2246a2e89b9b8a9a770d6e958779],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe, Quarantined, [9bfa392fec9eb87ea430a8ee27dce719],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe, Quarantined, [9bfa392fec9eb87ea430a8ee27dce719],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe, Quarantined, [9bfa392fec9eb87ea430a8ee27dce719],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe, Quarantined, [9bfa392fec9eb87ea430a8ee27dce719],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateHelper.msi, Quarantined, [9bfa392fec9eb87ea430a8ee27dce719],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe, Quarantined, [9bfa392fec9eb87ea430a8ee27dce719],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdate.dll, Quarantined, [9bfa392fec9eb87ea430a8ee27dce719],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdateres_en.dll, Quarantined, [9bfa392fec9eb87ea430a8ee27dce719],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll, Quarantined, [9bfa392fec9eb87ea430a8ee27dce719],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\psmachine.dll, Quarantined, [9bfa392fec9eb87ea430a8ee27dce719],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\psuser.dll, Quarantined, [9bfa392fec9eb87ea430a8ee27dce719],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Download\{03A6B93C-9848-4355-A546-66C5481421F4}\1.3.25.27\setup.exe, Quarantined, [9bfa392fec9eb87ea430a8ee27dce719],
PUP.Optional.GlobalUpdate.A, C:\Users\Ben.Hoster\AppData\Local\Temp\comh.439117\GoogleCrashHandler.exe, Quarantined, [bcd98ade7416d561539af99df2116e92],
PUP.Optional.GlobalUpdate.A, C:\Users\Ben.Hoster\AppData\Local\Temp\comh.439117\GoogleUpdate.exe, Quarantined, [bcd98ade7416d561539af99df2116e92],
PUP.Optional.GlobalUpdate.A, C:\Users\Ben.Hoster\AppData\Local\Temp\comh.439117\GoogleUpdateBroker.exe, Quarantined, [bcd98ade7416d561539af99df2116e92],
PUP.Optional.GlobalUpdate.A, C:\Users\Ben.Hoster\AppData\Local\Temp\comh.439117\GoogleUpdateHelper.msi, Quarantined, [bcd98ade7416d561539af99df2116e92],
PUP.Optional.GlobalUpdate.A, C:\Users\Ben.Hoster\AppData\Local\Temp\comh.439117\GoogleUpdateOnDemand.exe, Quarantined, [bcd98ade7416d561539af99df2116e92],
PUP.Optional.GlobalUpdate.A, C:\Users\Ben.Hoster\AppData\Local\Temp\comh.439117\goopdate.dll, Quarantined, [bcd98ade7416d561539af99df2116e92],
PUP.Optional.GlobalUpdate.A, C:\Users\Ben.Hoster\AppData\Local\Temp\comh.439117\goopdateres_en.dll, Quarantined, [bcd98ade7416d561539af99df2116e92],
PUP.Optional.GlobalUpdate.A, C:\Users\Ben.Hoster\AppData\Local\Temp\comh.439117\npGoogleUpdate4.dll, Quarantined, [bcd98ade7416d561539af99df2116e92],
PUP.Optional.GlobalUpdate.A, C:\Users\Ben.Hoster\AppData\Local\Temp\comh.439117\psmachine.dll, Quarantined, [bcd98ade7416d561539af99df2116e92],
PUP.Optional.GlobalUpdate.A, C:\Users\Ben.Hoster\AppData\Local\Temp\comh.439117\psuser.dll, Quarantined, [bcd98ade7416d561539af99df2116e92],
PUP.Optional.CrossRider.A, C:\Users\Ben.Hoster\AppData\Roaming\Mozilla\Firefox\Profiles\j4q0t6m4.default\prefs.js, Good: (), Bad: (user_pref("extensions.crossrider.bic", "14707303eb13fe0eb9f0823445226664");), Replaced,[dcb90e5a74165adcbe4081b44fb7cf31]

Physical Sectors: 0
(No malicious items detected)

(end)

 

--------------------

JRT log

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.1 (04.02.2015:1)
OS: Windows 7 Enterprise x64
Ran by Ben.Hoster on Sat 04/04/2015 at 12:44:03.53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550555135590}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660566136690}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{55555555-5555-5555-5555-550555135590}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660566136690}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550555135590}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660566136690}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{55555555-5555-5555-5555-550555135590}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660566136690}

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Ben.Hoster\appdata\local\globalupdate"
Successfully deleted: [Folder] "C:\Users\Ben.Hoster\appdata\local\pc_drivers_headquarters"
Successfully deleted: [Folder] "C:\Program Files (x86)\globalupdate"
Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"
Successfully deleted: [Folder] "C:\Program Files (x86)\webspades"

 

~~~ FireFox

Successfully deleted the following from C:\Users\Ben.Hoster\AppData\Roaming\mozilla\firefox\profiles\j4q0t6m4.default\prefs.js

user_pref("extensions.crossrider.bic", "14707303eb13fe0eb9f0823445226664");
Emptied folder: C:\Users\Ben.Hoster\AppData\Roaming\mozilla\firefox\profiles\j4q0t6m4.default\minidumps [21 files]

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 04/04/2015 at 12:46:35.92
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

------------------------

ADWCleaner

 

# AdwCleaner v4.200 - Logfile created 04/04/2015 at 13:03:59
# Updated 29/03/2015 by Xplode
# Database : 2015-03-29.1 [Server]
# Operating system : Windows 7 Enterprise Service Pack 1 (x64)
# Username : Ben.Hoster - DF1-PBLEXDL
# Running from : C:\Users\Ben.Hoster\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RBUMBYGR\adwcleaner_4.200 (1).exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Found : C:\Program Files (x86)\Driver Manager
Folder Found : C:\Program Files (x86)\shopping blast
Folder Found : C:\ProgramData\Driver Manager
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Manager
Folder Found : C:\Users\Ben.Hoster\AppData\Roaming\Mozilla\Firefox\Profiles\j4q0t6m4.default\Extensions\isreaditlater@ideashower.com
Folder Found : C:\Users\BEN~1.HOS\AppData\Local\Temp\WebSpades

***** [ Scheduled tasks ] *****

Task Found : Driver Manager-RTMRules
Task Found : Driver Manager-RTMScan
Task Found : Driver Manager-RTMUpdater

***** [ Shortcuts ] *****

***** [ Registry ] *****

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>
Key Found : HKCU\Software\DriverSupport
Key Found : HKCU\Software\GlobalUpdate
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\Myfree Codec
Key Found : [x64] HKCU\Software\DriverSupport
Key Found : [x64] HKCU\Software\GlobalUpdate
Key Found : [x64] HKCU\Software\InstalledBrowserExtensions
Key Found : [x64] HKCU\Software\Myfree Codec
Key Found : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Found : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Found : HKLM\SOFTWARE\GlobalUpdate
Key Found : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{177CD779-4EEC-43C5-8DEA-4E0EC103624B}
Key Found : HKLM\SOFTWARE\Myfree Codec
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Value Found : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]

***** [ Web browsers ] *****

-\\ Internet Explorer v9.0.8112.16609

-\\ Mozilla Firefox v

*************************

AdwCleaner[R0].txt - [6376 bytes] - [04/04/2015 13:00:11]
AdwCleaner[R1].txt - [6273 bytes] - [04/04/2015 13:03:59]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [6332 bytes] ##########



#4 AndroidOS

AndroidOS

    Malware Search++ developer


  • Security Developer
  • 146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:04 AM

Posted 04 April 2015 - 01:15 PM

Thanks for the logs!

 

Can you run ADWCleaner again, but this time click Clean instead of Scan?

 

After that is done, report back and tell me how the machine is running. 



#5 b_lo42

b_lo42
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 04 April 2015 - 01:37 PM

Hello again!

 

I ran the clean (log file below). Firefox still seems to be behaving poorly. Please let me know what I should try next.

 

All the best,

Ben H

 

# AdwCleaner v4.200 - Logfile created 04/04/2015 at 13:29:35
# Updated 29/03/2015 by Xplode
# Database : 2015-03-29.1 [Server]
# Operating system : Windows 7 Enterprise Service Pack 1 (x64)
# Username : Ben.Hoster - DF1-PBLEXDL
# Running from : C:\Users\Ben.Hoster\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RBUMBYGR\adwcleaner_4.200.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Driver Manager
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Manager
Folder Deleted : C:\Program Files (x86)\Driver Manager
Folder Deleted : C:\Program Files (x86)\shopping blast
Folder Deleted : C:\Users\BEN~1.HOS\AppData\Local\Temp\WebSpades
Folder Deleted : C:\Users\Ben.Hoster\AppData\Roaming\Mozilla\Firefox\Profiles\j4q0t6m4.default\Extensions\isreaditlater@ideashower.com

***** [ Scheduled tasks ] *****

Task Deleted : Driver Manager-RTMRules
Task Deleted : Driver Manager-RTMScan
Task Deleted : Driver Manager-RTMUpdater

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\DriverSupport
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\Myfree Codec
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{177CD779-4EEC-43C5-8DEA-4E0EC103624B}
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>

***** [ Web browsers ] *****

-\\ Internet Explorer v9.0.8112.16609

-\\ Mozilla Firefox v

*************************

AdwCleaner[R0].txt - [6376 bytes] - [04/04/2015 13:00:11]
AdwCleaner[R1].txt - [6439 bytes] - [04/04/2015 13:03:59]
AdwCleaner[R2].txt - [6494 bytes] - [04/04/2015 13:28:35]
AdwCleaner[S0].txt - [6352 bytes] - [04/04/2015 13:29:35]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6411  bytes] ##########



#6 AndroidOS

AndroidOS

    Malware Search++ developer


  • Security Developer
  • 146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:04 AM

Posted 05 April 2015 - 03:26 AM

Lets see if an online scan finds anything.

 

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use


  • Click Start


  • When asked, allow the ActiveX control to install


  • Click Start


  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked


  • Click Scan (This scan can take several hours, so please be patient)


  • Once the scan is completed, you may close the window


  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt


  • Copy and paste that log as a reply to this topic


Edited by AndroidOS, 05 April 2015 - 03:26 AM.


#7 b_lo42

b_lo42
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 05 April 2015 - 11:45 AM

Hi Team,

 

As always, thanks for the help with this. Here is the log file you requested:

 

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

 

Cheers,

Ben H



#8 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Staff Emeritus
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:03:04 AM

Posted 05 April 2015 - 12:35 PM

Hi Team,

As always, thanks for the help with this. Here is the log file you requested:

ESETSmartInstaller@High as CAB hook log:


Your link is a MAIL TO link, which opens an email client.

You need to copy the Eset Log then paste in it in your reply.

Edited by Queen-Evie, 05 April 2015 - 05:20 PM.


#9 b_lo42

b_lo42
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 05 April 2015 - 07:30 PM

Hi Team,

 

When I look at the ESET log file, this is all it is showing:

 

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=12
esets_scanner_update returned -1 esets_gle=12

 

Am I doing something wrong?

 

Thanks again for the help!

 

Ben H



#10 AndroidOS

AndroidOS

    Malware Search++ developer


  • Security Developer
  • 146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:04 AM

Posted 07 April 2015 - 09:42 AM

Hi, sorry for the delayed reply.

 

Have you looked in the following location for the log file? C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt



#11 b_lo42

b_lo42
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 07 April 2015 - 09:45 AM

Hi Team,

 

No worries regarding response time. The file path you listed is exactly where I am pulling the log file from. Apologies for the hassle, please let me know what I should try next.

 

Regards,

Ben H



#12 AndroidOS

AndroidOS

    Malware Search++ developer


  • Security Developer
  • 146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:04 AM

Posted 07 April 2015 - 09:47 AM

Try and give this online scan a go instead.

 

Can you please go to Panda ActiveScan and click on the Scan now button.
 
Note: Please make sure that Full Scan is selected.
 
After the scan is finished, it should produce a log. Can you please post the contents of it in your next reply.


#13 b_lo42

b_lo42
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 07 April 2015 - 07:27 PM

Hi Team,

 

Here is the log file from Panda Active Scan. Please let me know next steps when you have time. Thanks!

 

;***********************************************************************************************************************************************************************************
ANALYSIS: 2015-04-07 17:27:03
PROTECTIONS: 1
MALWARE: 11
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description                                  Version                       Active    Updated
;===================================================================================================================================================================================
Windows Defender                                                           No        Yes
;===================================================================================================================================================================================
MALWARE
Id        Description                        Type                Active    Severity  Disinfectable  Disinfected Location
;===================================================================================================================================================================================
00139060  Cookie/Casalemedia                 TrackingCookie      No        0         Yes            No           c:\users\ben.hoster\appdata\roaming\microsoft\windows\cookies\low\6r7dj60w.txt
00139061  Cookie/Doubleclick                 TrackingCookie      No        0         Yes            No           c:\users\ben.hoster\appdata\roaming\microsoft\windows\cookies\low\ml091grj.txt
00139061  Cookie/Doubleclick                 TrackingCookie      No        0         Yes            No           c:\users\ben.hoster\appdata\roaming\microsoft\windows\cookies\298g4htu.txt
00145731  Cookie/Tribalfusion                TrackingCookie      No        0         Yes            No           c:\users\ben.hoster\appdata\roaming\microsoft\windows\cookies\low\i234fcj0.txt
00145738  Cookie/Mediaplex                   TrackingCookie      No        0         Yes            No           c:\users\ben.hoster\appdata\roaming\microsoft\windows\cookies\low\hk9mw2zi.txt
00168076  Cookie/BurstNet                    TrackingCookie      No        0         Yes            No           c:\users\ben.hoster\appdata\roaming\microsoft\windows\cookies\low\e3x29csf.txt
00168090  Cookie/Serving-sys                 TrackingCookie      No        0         Yes            No           c:\users\ben.hoster\appdata\roaming\microsoft\windows\cookies\low\l8rnpacj.txt
00168093  Cookie/Serving-sys                 TrackingCookie      No        0         Yes            No           c:\users\ben.hoster\appdata\roaming\microsoft\windows\cookies\low\2mq9ja2b.txt
00169190  Cookie/Advertising                 TrackingCookie      No        0         Yes            No           c:\users\ben.hoster\appdata\roaming\microsoft\windows\cookies\low\4ofsl1pq.txt
00170304  Cookie/WebtrendsLive               TrackingCookie      No        0         Yes            No           c:\users\ben.hoster\appdata\roaming\microsoft\windows\cookies\low\4hcvdxl7.txt
00172221  Cookie/Zedo                        TrackingCookie      No        0         Yes            No           c:\users\ben.hoster\appdata\roaming\microsoft\windows\cookies\low\rrrfn5ky.txt
00273339  Cookie/Smartadserver               TrackingCookie      No        0         Yes            No           c:\users\ben.hoster\appdata\roaming\microsoft\windows\cookies\low\cizf7qry.txt
;===================================================================================================================================================================================
SUSPECTS
Sent      Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id        Severity       Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================
 



#14 AndroidOS

AndroidOS

    Malware Search++ developer


  • Security Developer
  • 146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:04 AM

Posted 12 April 2015 - 01:34 PM

Sorry again for the late reply, I've been away for the past 3 days.

 

Is Firefox still having issues? The logs all seem to suggest everything "nasty" has been removed.


Edited by AndroidOS, 12 April 2015 - 01:35 PM.


#15 b_lo42

b_lo42
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 12 April 2015 - 02:49 PM

No worries on the delay. I'm still having issues. Lot's of pop-ups and free text fields are linking to alternate sites. Issue only seems to be with Firefox. IE is working well.

 

Thanks again for the help!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users