Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

tcf.huntergui.com


  • Please log in to reply
9 replies to this topic

#1 Djscot

Djscot

  • Members
  • 5 posts
  • OFFLINE
  •  

Posted 06 December 2015 - 11:03 AM

Yesterday my computer started displayingpop up ads. I ran a scan with both norton malwarebytes and came up with 60 infection objects that I cleaned using malwarebytes. Every time I open firefox I two alerts from malwarebytes:-

 

Domain: tcf.huntergui.com

IP: 127.42.0.39

Port:52261

Type:Outbound

 

And

 

Domain: nhn.rundevelopers.com

IP: 127.42.0.6

Port: 52714

Type: Outbound

 

both are of these pointing at the firefox executable and marked as malicious urls. Firefox is prettymuch unusable as these alerts appear everytime I perform any search or click any link. The problem was happening with Chrome but it seems to be resolved as I cleared the user settings and reinstalled.

 

My PC is new and came installed with WIndows 10. Can anyone help get rid of this issue?

 

Many thanks!



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,261 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:04 AM

Posted 06 December 2015 - 11:24 AM

Welcome to BC !

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

Download Emsisoft Emergency Kit and save it to your desktop. Double click on EmsisoftEmergencyKit.exe to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click  Accept & Extract. A folder named EEK will be created in the root of the drive (usually c:\). .

  • After extraction an Emsisoft Emergency Kit window will open. Under "Run Directly:" click Emergency Kit Scanner.
  • When asked to run an online update, click Yes.
  • When the update is finished, click the Back to Security Status link in the left corner. On the main screen click the Scan Now button.
  • Select the malware scan option and click the SCAN button.
  • When the scan is finished click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.
  • Click the View Report button and in the Reports window double-click on the most recent log. Note, logs are named as follows: a2scan_<date>-<time>.txt.
  • Copy/paste the report contents in your next reply.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 Djscot

Djscot
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  

Posted 06 December 2015 - 05:32 PM

Hi Buddy, thanks for your help.

 

I've carried out the steps that were advised and here are the results as requested;

 

AdwCleaner log;

 

# AdwCleaner v5.023 - Logfile created 06/12/2015 at 22:07:26
# Updated 30/11/2015 by Xplode
# Database : 2015-12-06.2 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : Stuar - LAPTOP-4NL9G6JH
# Running from : C:\Users\Stuar\Downloads\AdwCleaner (1).exe
# Option : Cleaning
# Support : http://toolslib.net/forum
 
***** [ Services ] *****
 

***** [ Folders ] *****
 
[-] Folder Deleted : C:\Users\Public\Documents\Guid
[-] Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\WeatherTool
 
***** [ Files ] *****
 
[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml
[-] File Deleted : C:\Users\Public\Desktop\eBay.lnk
[-] File Deleted : C:\Users\Stuar\AppData\Roaming\Mozilla\Firefox\Profiles\sdsxex0t.default\user.js
 
***** [ DLLs ] *****
 

***** [ Shortcuts ] *****
 

***** [ Scheduled tasks ] *****
 

***** [ Registry ] *****
 
[-] Key Deleted : HKCU\Software\Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
[-] Key Deleted : HKCU\Software\undefined
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Stuar\AppData\Local\Chromium\User Data\Default\Web Data] [Search Provider] Deleted : palikan
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1518 bytes] ##########
 
 
Junkware Removal logfile;
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 10 Home x64
Ran by Stuar (Administrator) on 06/12/2015 at 22:15:10.73
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 

File System: 2
 
Successfully deleted: C:\Users\Stuar\AppData\Roaming\0B1L1H1F0M1P1Q1L1T (Folder)
Successfully deleted: C:\Users\Stuar\AppData\Roaming\Mozilla\Firefox\Profiles\sdsxex0t.default\searchplugins\norton-safe-search.xml (File)
 
 
 
Registry: 0
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06/12/2015 at 22:16:31.66
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
EEK logfile;
 
Emsisoft Emergency Kit - Version 10.0
Last update: 06/12/2015 22:21:42
User account: LAPTOP-4NL9G6JH\Stuar
 
Scan settings:
 
Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files
 
Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 06/12/2015 22:24:43
 
Scanned 71860
Found 0
 
Scan end: 06/12/2015 22:25:34
Scan time: 0:00:51

Thanks,

DjScot

 



#4 buddy215

buddy215

  • Moderator
  • 13,261 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:04 AM

Posted 06 December 2015 - 06:38 PM

I see AdwCleaner found palikin....

Palikin usually infects ALL your browsers' shortcuts. Check one of Firefox shortcuts on your Desktop, Taskbar or Start Menu by

right clicking on it and choosing properties. In the Shortcut tab, in the Target field, remove the http://www.Palikan.com/

You should only see “C:\Program Files (x86)\Mozilla Firefox\firefox.exe” if palikin isn't there.

If palikin or any thing other than “C:\Program Files (x86)\Mozilla Firefox\firefox.exe” is found then you will need to delete ALL shortcuts for

ALL browsers and create new ones.

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 Djscot

Djscot
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  

Posted 06 December 2015 - 06:58 PM

Hi Buddy

 

I checked Firefox and it appears ok no mention of Palikan.

 

The lists from CC Cleaner are attached below;

 

Windows Startups;

 

Yes HKCU:Run AcerPortal Acer "C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe" startup
Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKCU:Run Host App Service  "%LOCALAPPDATA%\Host App Service\Engine\HostAppServiceUpdater.exe" /LOGON
Yes HKCU:Run OneDrive Microsoft Corporation "C:\Users\Stuar\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
Yes HKCU:Run Steam Valve Corporation "C:\Program Files (x86)\Steam\steam.exe" -silent
Yes HKLM:Run DAX2_APP  C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe -Hide
Yes HKLM:Run iTunesHelper Apple Inc. "D:\iTunesHelper.exe"
Yes HKLM:Run NvBackend NVIDIA Corporation "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
Yes HKLM:Run RtHDVBg_Dolby Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4
Yes HKLM:Run RTHDVCPL Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
Yes HKLM:Run ShadowPlay Microsoft Corporation C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

 

Scheduled tasks;

 

~Yes Task ACC Acer Incorporated C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe -auto
Yes Task ACCAgent  C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe
Yes Task ACCBackgroundApplication  C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
Yes Task AcerCloud Acer C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe task
Yes Task BacKGroundAgent Acer Incorporated C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe task
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task Power Button Acer Incorporated "C:\Program Files\Acer\Acer Power Management\ePowerButton_NB.exe" -s
Yes Task Power Management Acer Incorporated "C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe"
Yes Task Quick Access Acer Incorporated "C:\Program Files\Acer\Acer Quick Access\QALauncher.exe"
Yes Task Software Update Application Acer Incorporated "C:\ProgramData\OEM\UpgradeTool\ListCheck.exe"
Yes Task {9A324016-F69F-422C-BC71-599C2EAA37B6} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\Stuar\AppData\Roaming\0B1L1H1F0M1P1Q1L1T\7zip Packages\uninstaller.exe" -c /Uninst /NM="7zip Packages" /AN="0B1L1H1F0M1P1Q1L1T" /MBN="7zip Packages" /mnl​

 

Programs installed;

 

3D Builder Microsoft Corporation 03/12/2015  10.9.6.0
7zip Packages  03/12/2015  
abFiles Acer Incorporated 31/08/2015  2.03.2003
abFiles Acer Incorporated 31/08/2015 102 MB 2.03.2003
abPhoto Acer Incorporated 03/12/2015 165 MB 3.06.2000.22
abPhoto Acer Incorporated 03/12/2015  3.06.2000.22
Acer Care Center Acer Incorporated 31/08/2015 38.3 MB 2.00.3005
Acer Explorer Acer Incorporated 03/12/2015  2.0.3006.0
Acer Explorer Agent Acer Incorporated 20/10/2015 2.13 MB 2.00.3001
Acer Portal Acer Incorporated 03/12/2015 77.2 MB 3.09.2001
Acer Portal Acer Incorporated 03/12/2015  3.09.2001
Acer Power Management Acer Incorporated 20/10/2015 31.9 MB 7.00.8109
Acer Power Management Acer Incorporated 20/10/2015  7.00.8109
Acer Quick Access Acer Incorporated 20/10/2015 11.2 MB 2.00.3008
Acer Quick Access Acer Incorporated 20/10/2015  2.00.3008
Acer UEIP Framework Acer Incorporated 31/08/2015 16.1 MB 2.01.3002
Acer UEIP Framework Acer Incorporated 31/08/2015  2.01.3002
Adobe Flash Player 19 NPAPI Adobe Systems Incorporated 03/12/2015 17.9 MB 19.0.0.245
Alarms & Clock Microsoft Corporation 03/12/2015  10.1511.61020.0
AOP Framework Acer Incorporated 03/12/2015 21.3 MB 3.13.2000.0
AOP Framework Acer Incorporated 03/12/2015  3.13.2000.0
App connector Microsoft Corporation 03/12/2015  1.3.3.0
App Explorer  03/12/2015  1.0.2
Apple Application Support (32-bit) Apple Inc. 05/12/2015 148 MB 4.1
Apple Application Support (64-bit) Apple Inc. 05/12/2015 166 MB 4.1
Apple Mobile Device Support Apple Inc. 05/12/2015 42.7 MB 9.1.0.6
Apple Software Update Apple Inc. 05/12/2015 4.63 MB 2.1.4.131
Bonjour Apple Inc. 05/12/2015 3.28 MB 3.1.0.1
Calculator Microsoft Corporation 06/12/2015  10.1511.24020.0
Camera Microsoft Corporation 06/12/2015  2015.1078.40.0
Candy Crush Soda Saga king.com 03/12/2015  1.54.900.0
Care Center Acer Incorporated 31/08/2015 38.3 MB 2.00.3005
CCleaner Piriform 06/12/2015  5.12
CyberLink PowerDVD 12 CyberLink Corp. 20/10/2015 248 MB 12.0.5427.02
Dashlane Upgrade Service Dashlane SAS 05/12/2015 413 KB 1.0.13.0
Dolby Audio X2 Windows API SDK Dolby Laboratories, Inc. 20/10/2015 24.2 MB 0.5.2.32
Dolby Audio X2 Windows APP Dolby Laboratories, Inc. 20/10/2015 53.2 MB 0.4.0.22
DriverSetupUtility Acer Incorporated 20/10/2015 1.80 MB 1.00.3011
DriverSetupUtility Acer Incorporated 20/10/2015  1.00.3011
eBay Worldwide OEM 03/12/2015 1.48 MB 2.5.0427
Explorer Agent Acer Incorporated 20/10/2015 2.13 MB 2.00.3001
Films & TV Microsoft Corporation 03/12/2015  3.6.15361.0
Football Manager 2013 Sports Interactive 05/12/2015 5.87 GB 
Foxit PhantomPDF Foxit Software Inc. 20/10/2015 212 MB 7.0.410.326
Get Office Microsoft Corporation 03/12/2015  17.6418.23501.0
Get Skype Skype 03/12/2015  3.2.1.0
Get Started Microsoft Corporation 06/12/2015  2.5.6.0
Groove Music Microsoft Corporation 03/12/2015  3.6.15131.0
Host App Service SweetLabs 03/12/2015  0.271.0.188
Intel® Management Engine Components Intel Corporation 20/10/2015  11.0.0.1162
Intel® Processor Graphics Intel Corporation 20/10/2015  10.18.15.4279
Intel® Serial IO Intel Corporation 20/10/2015  30.100.1519.7
Intel® Security Assist Intel Corporation 20/10/2015 2.85 MB 1.0.0.532
iTunes Apple Inc. 05/12/2015 232 MB 12.3.1.23
Kindle AMZN Mobile LLC 03/12/2015  2.1.0.2
Mail and Calendar Microsoft Corporation 06/12/2015  17.6416.42001.0
Malwarebytes Anti-Malware version 2.2.0.1024 Malwarebytes 05/12/2015 66.1 MB 2.2.0.1024
Maps Microsoft Corporation 03/12/2015  4.1511.3161.0
Microsoft Office Microsoft Corporation 20/10/2015 593 MB 15.0.4693.1005
Microsoft Solitaire Collection Microsoft Studios 06/12/2015  3.5.11021.0
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 20/10/2015 4.84 MB 8.0.61001
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 20/10/2015 1.36 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 20/10/2015 10.1 MB 9.0.30729.4148
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 Microsoft Corporation 31/08/2015 13.6 MB 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 Microsoft Corporation 31/08/2015 11.0 MB 10.0.30319
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Corporation 20/10/2015 17.3 MB 11.0.61030.0
Money Microsoft Corporation 03/12/2015  4.7.118.0
Mozilla Firefox 42.0 (x86 en-US) Mozilla 06/12/2015 86.8 MB 42.0
Mozilla Maintenance Service Mozilla 06/12/2015 250 KB 42.0
Music Maker Jam MAGIX 06/12/2015  2.3.1046.3
Netflix Netflix, Inc. 03/12/2015  5.1.4.0
News Microsoft Corporation 03/12/2015  4.7.118.0
Norton Security Symantec Corporation 05/12/2015 518 MB 22.5.5.15
NVIDIA GeForce Experience 2.5.11.45 NVIDIA Corporation 20/10/2015 24.6 MB 2.5.11.45
NVIDIA Graphics Driver 353.62 NVIDIA Corporation 20/10/2015 471 MB 353.62
NVIDIA PhysX System Software 9.15.0428 NVIDIA Corporation 20/10/2015 348 MB 9.15.0428
OneNote Microsoft Corporation 06/12/2015  17.6366.15651.0
People Microsoft Corporation 06/12/2015  10.0.3350.0
Phone Companion Microsoft Corporation 06/12/2015  10.1511.18010.0
Photos Microsoft Corporation 06/12/2015  15.1201.10020.0
Qualcomm Atheros 11ac Wireless LAN&Bluetooth Installer Qualcomm Atheros 20/10/2015 7.16 MB 11.0.0.0099
Qualcomm Atheros Setup  20/10/2015  
Realtek Card Reader Realtek Semiconductor Corp. 20/10/2015 11.1 MB 6.3.9600.31213
Realtek Ethernet Controller Driver Realtek 20/10/2015 3.75 MB 10.1.505.2015
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 20/10/2015 369 MB 6.0.1.7621
Sport Microsoft Corporation 03/12/2015  4.7.130.0
Steam Valve Corporation 03/12/2015  2.10.91.91
Store Microsoft Corporation 03/12/2015  2015.23.23.0
Thunderbolt™ Software Intel Corporation 20/10/2015 139 MB 15.2.35.250
Twitter Twitter Inc. 03/12/2015  4.2.5.0
Voice Recorder Microsoft Corporation 03/12/2015  10.1511.17110.0
Weather Microsoft Corporation 03/12/2015  4.7.118.0
Xbox Microsoft Corporation 06/12/2015  11.11.19012.0

 

Thanks,​



#6 buddy215

buddy215

  • Moderator
  • 13,261 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:04 AM

Posted 06 December 2015 - 07:44 PM

Delete this Windows Startups: Use CCleaner by clicking on each item and then choose Delete on the right.

Yes HKCU:Run Host App Service  "%LOCALAPPDATA%\Host App Service\Engine\HostAppServiceUpdater.exe" /LOGON

 

Disable these Windows Startups:

Yes HKCU:Run Steam Valve Corporation "C:\Program Files (x86)\Steam\steam.exe" -silent

Yes HKLM:Run iTunesHelper Apple Inc. "D:\iTunesHelper.exe"

Yes HKLM:Run ShadowPlay Microsoft Corporation C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

 

Delete this Task:

Yes Task {9A324016-F69F-422C-BC71-599C2EAA37B6} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\Stuar\AppData\Roaming\0B1L1H1F0M1P1Q1L1T\7zip Packages\uninstaller.exe" -c /Uninst /NM="7zip Packages" /AN="0B1L1H1F0M1P1Q1L1T" /MBN="7zip Packages" /mnl​

 

Uninstall these programs:

Candy Crush Soda Saga king.com 03/12/2015  1.54.900.0 (Unless you intentionally installed it)

Dashlane Upgrade Service Dashlane SAS 05/12/2015 413 KB 1.0.13.0 (Unless you intentionally installed it)

eBay Worldwide OEM 03/12/2015 1.48 MB 2.5.0427 (Unless you intentionally installed it)

Football Manager 2013 Sports Interactive 05/12/2015 5.87 GB (Unless you intentionally installed it)

Host App Service SweetLabs 03/12/2015  0.271.0.188

Kindle AMZN Mobile LLC 03/12/2015  2.1.0.2 (Unless you intentionally installed it)

 

That Emsisoft scan was a bit too quick. Please run one more scan using Eset Online Scanner. It will take more than an hour to run so plan accordingly.

 

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

After running the Eset scan and Firefox is still not performing up to par you will need to do a Clean uninstall of it. That means removing your Firefox profile, too. Run the uninstaller for Firefox and then do a search for Mozilla Firefox and Firefox. Delete ALL that is found.

EDIT: you can save your Firefox bookmarks before uninstalling to your Desktop. Just be sure you don't delete them

after doing the search...:)

 


Edited by buddy215, 06 December 2015 - 07:50 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 Djscot

Djscot
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  

Posted 07 December 2015 - 04:43 PM

Hi Buddy,

 

I deleted the windows start up as advised and disabled the windows startups. I also deleted the task.

 

I uninstalled all of the recommended programs.

 

The ESET scan found two objects and I've included these below;

 

C:\OEM\Preload\APP\PERSONIFY\Preinstalled.Personify.2.10.5.3.-.Setup.exe probably unknown NewHeur_PE virus cleaned by deleting - quarantined
C:\Users\Stuar\AppData\Roaming\Mozilla\Firefox\Profiles\sdsxex0t.default\extensions\{30804580-be78-4669-a1e1-36ceb9904984}.xpi JS/BrowseFox.A potentially unwanted application deleted - quarantined

Firefox seems better and I've not had any malwarebyte warnings so far.

 

Thanks,



#8 Batzz

Batzz

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 07 December 2015 - 04:58 PM

You should be good to go, it appears that an unwanted browser addon had hijacked firefox and was playing a nice game of hide and seek.



#9 buddy215

buddy215

  • Moderator
  • 13,261 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:04 AM

Posted 07 December 2015 - 07:44 PM

.....Firefox seems better and I've not had any malwarebyte warnings so far........

 

Sounds good...if problem pops up again within a couple days in Firefox, you will need to do a clean uninstall of Firefox as described in my last post.

 

You're welcome....happy surfin'

 

Eset quarantined C:\OEM\Preload\APP\PERSONIFY\Preinstalled.Personify.2.10.5.3.-.Setup.exe probably unknown NewHeur_PE virus cleaned by deleting - quarantined

From the web...The Remote Control app enables a presenter to control Personify Live broadcasts while standing away from their computer.....if you don't need it...leave it quarantined and uninstall Eset from your lists of installed programs.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#10 Djscot

Djscot
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  

Posted 08 December 2015 - 05:36 PM

Thanks for all your help Buddy215.

 

I'll keep an eye out for any warnings.

 

Thanks again!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users