Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Fixlist.txt for Farbar Recovery Scan Tool


  • This topic is locked This topic is locked
19 replies to this topic

#1 Tony3570

Tony3570

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:36 AM

Posted 05 April 2017 - 04:11 AM

Hi,

I'm trying to get rid of a malware that opens Firefox tabs automatically on a daily basis.

Therefore I scan my pc with Farbar. I've attached the three txt files (Addition, FRST, Shortcut) I got as a final result.

Can anybody pls. help to get the fixlist.txt file for FarBar Recovery Tool so I can fix the issue?

 

Many thanks in advance.

Tony

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:36 AM

Posted 06 April 2017 - 09:55 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-117064290-3293422965-3150230107-1002 -> No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} -  No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
S3 Trufos; C:\WINDOWS\System32\DRIVERS\Trufos.sys [452040 2016-03-16] (BitDefender S.R.L.)
S3 mfeaack01; \Device\mfeaack01.sys [X]
U0 SR; no ImagePath
U2 srservice; no ImagePath
CustomCLSID: HKU\S-1-5-21-117064290-3293422965-3150230107-1002_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\fagolli\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
Task: {07435A0E-9123-4C09-8EA2-51BE8136AC11} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {43F2411A-02C5-4F0F-BF65-E56B09531265} - \McAfee\McAfee Idle Detection Task -> No File <==== ATTENTION
Task: {537DCADA-1616-4D3D-8ED0-85E831D0D27E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {A18EB557-F310-42BF-9455-17579338B297} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {A9595579-56A8-4203-B42A-073C073CAEEA} - System32\Tasks\SparkTrust PC Cleaner Plus_sch_AA103272-75DB-11E6-82C0-3010B318F478 => C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe  <==== ATTENTION
Task: {B138A479-5D13-4F67-AE73-C753B9EB7078} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {C326CA1B-69D3-4477-BDB6-EAA0D51F8C95} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {C3B90375-3CCB-4188-AC87-0282EFFC9ACE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {D4C5B987-5877-4763-9749-4F31F2398656} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {DB331C58-9039-4F9A-B4AB-6B32452F0212} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {E5261C5F-F2D2-45F2-AC69-9110B42DBDA0} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {EB246CC5-211B-4848-B145-02B386E13412} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {EB527BB3-E20D-4EB0-A623-4365919F1414} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {F6FD5C66-6514-4D0B-A7E7-6CB82AC4BE69} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\SparkTrust PC Cleaner Plus_sch_AA103272-75DB-11E6-82C0-3010B318F478.job => C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe <==== ATTENTION
AlternateDataStreams: C:\Windows:nlsPreferences [386]
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-21-117064290-3293422965-3150230107-1002\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-21-117064290-3293422965-3150230107-1002\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
FirewallRules: [{6279D072-DD62-4A53-B86F-35A851576417}] => (Allow) C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe
C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus
C:\Program Files (x86)\iMesh Applications
C:\WINDOWS\System32\DRIVERS\Trufos.sys
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings\AMD Radeon Settings.lnk -> C:\Program Files\AMD\CNext\CNext\cnext.exe (No File)
Shortcut: C:\Users\fagolli\Webroot Anywhere\Documents\Informatica Back Up\INFORMATICA\Account Charter, Goals & Revenue Targets.one - Shortcut.lnk -> C:\Users\fagolli\Desktop\Account Charter, Goals & Revenue Targets.one (No File)
Shortcut: C:\Users\fagolli\Webroot Anywhere\Documents\Informatica Back Up\INFORMATICA\Balanced Pipeline SQL Server V2.4.accdb - Shortcut.lnk -> C:\Users\fagolli\Desktop\Balanced Pipeline SQL Server V2.4.accdb (No File)
Shortcut: C:\Users\fagolli\Webroot Anywhere\Documents\Informatica Back Up\INFORMATICA\BAPR-C.ParticipantGuide.20130204.1.1.onepkg - Shortcut.lnk -> C:\Users\fagolli\Desktop\BAPR-C.ParticipantGuide.20130204.1.1.onepkg (No File)
Shortcut: C:\Users\fagolli\Webroot Anywhere\Documents\Informatica Back Up\INFORMATICA\BMANTR Review - Shortcut.lnk -> C:\Users\fagolli\Desktop\BMANTR Review (No File)
Shortcut: C:\Users\fagolli\Webroot Anywhere\Documents\Informatica Back Up\INFORMATICA\Box Sync.lnk -> C:\Users\fagolli\Box Sync (No File)
Shortcut: C:\Users\fagolli\Webroot Anywhere\Documents\Informatica Back Up\INFORMATICA\Chatter Desktop.lnk -> C:\Program Files (x86)\salesforce.com\Chatter Desktop\Chatter Desktop.exe (No File)
Shortcut: C:\Users\fagolli\Webroot Anywhere\Documents\Informatica Back Up\INFORMATICA\Circolare_263_2006.pdf - Shortcut.lnk -> C:\Users\fagolli\Desktop\Circolare_263_2006.pdf (No File)
Shortcut: C:\Users\fagolli\Webroot Anywhere\Documents\Informatica Back Up\INFORMATICA\Cisco Jabber.lnk -> C:\Program Files (x86)\Cisco Systems\Cisco Jabber\CiscoJabber.exe (No File)
Shortcut: C:\Users\fagolli\Webroot Anywhere\Documents\Informatica Back Up\INFORMATICA\Contact1.xls 1877 - Shortcut.lnk -> C:\Users\fagolli\Desktop\Contact1.xls 1877 (No File)
Shortcut: C:\Users\fagolli\Webroot Anywhere\Documents\Informatica Back Up\INFORMATICA\Doc1.docx - Shortcut.lnk -> C:\Users\fagolli\Desktop\Doc1.docx (No File)
Shortcut: C:\Users\fagolli\Webroot Anywhere\Documents\Informatica Back Up\INFORMATICA\ENEL - Shortcut.lnk -> C:\Users\fagolli\Desktop\ENEL (No File)
Shortcut: C:\Users\fagolli\Webroot Anywhere\Documents\Informatica Back Up\INFORMATICA\ENEL_Trifiletti - Shortcut.lnk -> C:\Users\fagolli\Box Sync\ENEL_Trifiletti (No File)
Shortcut: C:\Users\fagolli\Webroot Anywhere\Documents\Informatica Back Up\INFORMATICA\Energy - Shortcut.lnk -> C:\Users\fagolli\Desktop\Energy (No File)
Shortcut: C:\Users\fagolli\Webroot Anywhere\Documents\Informatica Back Up\INFORMATICA\ESTA Exp date 21Jul 2015.pdf - Shortcut.lnk -> C:\Users\fagolli\Desktop\ESTA Exp date 21Jul 2015.pdf (No File)
Shortcut: C:\Users\fagolli\Webroot Anywhere\Documents\Informatica Back Up\INFORMATICA\Fastweb - Shortcut.lnk -> C:\Users\fagolli\Desktop\Fastweb (No File)
Shortcut: C:\Users\fagolli\Webroot Anywhere\Documents\Informatica Back Up\INFORMATICA\Firma Digitale - Shortcut.lnk -> C:\Users\fagolli\Desktop\Firma Digitale (No File)
Shortcut: C:\Users\fagolli\Webroot Anywhere\Documents\Informatica Back Up\INFORMATICA\Fredi Agolli.pdf - Shortcut.lnk -> C:\Users\fagolli\Desktop\Fredi Agolli.pdf (No File)
Shortcut: C:\Users\fagolli\Webroot Anywhere\Documents\Informatica Back Up\INFORMATICA\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (No File)
Shortcut: C:\Users\fagolli\Webroot Anywhere\Documents\Informatica Back Up\INFORMATICA\iLivid.lnk -> C:\Users\fagolli\AppData\Local\iLivid\iLivid.exe (No File)
Shortcut: C:\Users\fagolli\Webroot Anywhere\Documents\Informatica Back Up\INFORMATICA\Interni.cellulari MI-RM.xlsx - Shortcut.lnk -> C:\Users\fagolli\Desktop\Interni.cellulari MI-RM.xlsx (No File)
Shortcut: C:\Users\fagolli\Webroot Anywhere\Documents\Informatica Back Up\INFORMATICA\ISS2013Ch01ExecutiveSummary98238.pdf - Shortcut.lnk -> C:\Users\fagolli\Desktop\ISS2013Ch01ExecutiveSummary98238.pdf (No File)
Shortcut: C:\Users\fagolli\Webroot Anywhere\Documents\Informatica Back Up\INFORMATICA\Lista interni_MI-RM.xlsx - Shortcut.lnk -> C:\Users\fagolli\Desktop\Lista interni_MI-RM.xlsx (No File)
Shortcut: C:\Users\fagolli\Webroot Anywhere\Documents\Informatica Back Up\INFORMATICA\Offerta Informatica_Intesa Sanpaolo_OP451677_20140722 v1.doc - Shortcut.lnk -> C:\Users\fagolli\Desktop\Offerta Informatica_Intesa Sanpaolo_OP451677_20140722 v1.doc (No File)
Shortcut: C:\Users\fagolli\Webroot Anywhere\Documents\Informatica Back Up\INFORMATICA\One-Click.lnk -> C:\Program Files (x86)\WebEx\Productivity Tools\ptoneclk.exe (No File)
Shortcut: C:\Users\fagolli\Webroot Anywhere\Documents\Informatica Back Up\INFORMATICA\RealPlayer Cloud.lnk -> C:\program files (x86)\real\realplayer\RealPlay.exe (No File)
Shortcut: C:\Users\fagolli\Webroot Anywhere\Documents\Informatica Back Up\INFORMATICA\SAIPEM.docx - Shortcut.lnk -> C:\Users\fagolli\Desktop\SAIPEM.docx (No File)
Shortcut: C:\Users\fagolli\Webroot Anywhere\Documents\Informatica Back Up\INFORMATICA\Sistema di Gestione dei dati Circolare 263 Luglio 2013.docx - Shortcut.lnk -> C:\Users\fagolli\Desktop\Sistema di Gestione dei dati Circolare 263 Luglio 2013.docx (No File)
Shortcut: C:\Users\fagolli\Webroot Anywhere\Documents\Informatica Back Up\INFORMATICA\Skype.lnk -> C:\Windows\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe (No File)
Shortcut: C:\Users\fagolli\Webroot Anywhere\Documents\Informatica Back Up\INFORMATICA\Torch.lnk -> C:\Users\fagolli\AppData\Local\Torch\Application\torch.exe (No File)
Shortcut: C:\Users\fagolli\Webroot Anywhere\Documents\Informatica Back Up\INFORMATICA\Vodafone Mobile Broadband.lnk -> C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe (No File)
Shortcut: C:\Users\fagolli\Webroot Anywhere\Documents\Informatica Back Up\INFORMATICA\Documents\Cartelle condivise.lnk -> C:\Documents and Settings\fagoli\Local Settings\Application Data\Microsoft\Messenger (No File)
Shortcut: C:\Users\fagolli\Webroot Anywhere\Documents\Informatica Back Up\INFORMATICA\Documents\Offerte - Shortcut.lnk -> C:\Users\fagolli.INFORMATICA\Documents\Offerte (No File)
Shortcut: C:\Users\fagolli\Documents\Informatica Back Up\INFORMATICA\Account Charter, Goals & Revenue Targets.one - Shortcut.lnk -> C:\Users\fagolli\Desktop\Account Charter, Goals & Revenue Targets.one (No File)
Shortcut: C:\Users\fagolli\Documents\Informatica Back Up\INFORMATICA\Balanced Pipeline SQL Server V2.4.accdb - Shortcut.lnk -> C:\Users\fagolli\Desktop\Balanced Pipeline SQL Server V2.4.accdb (No File)
Shortcut: C:\Users\fagolli\Documents\Informatica Back Up\INFORMATICA\BAPR-C.ParticipantGuide.20130204.1.1.onepkg - Shortcut.lnk -> C:\Users\fagolli\Desktop\BAPR-C.ParticipantGuide.20130204.1.1.onepkg (No File)
Shortcut: C:\Users\fagolli\Documents\Informatica Back Up\INFORMATICA\BMANTR Review - Shortcut.lnk -> C:\Users\fagolli\Desktop\BMANTR Review (No File)
Shortcut: C:\Users\fagolli\Documents\Informatica Back Up\INFORMATICA\Box Sync.lnk -> C:\Users\fagolli\Box Sync (No File)
Shortcut: C:\Users\fagolli\Documents\Informatica Back Up\INFORMATICA\Chatter Desktop.lnk -> C:\Program Files (x86)\salesforce.com\Chatter Desktop\Chatter Desktop.exe (No File)
Shortcut: C:\Users\fagolli\Documents\Informatica Back Up\INFORMATICA\Circolare_263_2006.pdf - Shortcut.lnk -> C:\Users\fagolli\Desktop\Circolare_263_2006.pdf (No File)
Shortcut: C:\Users\fagolli\Documents\Informatica Back Up\INFORMATICA\Cisco Jabber.lnk -> C:\Program Files (x86)\Cisco Systems\Cisco Jabber\CiscoJabber.exe (No File)
Shortcut: C:\Users\fagolli\Documents\Informatica Back Up\INFORMATICA\Contact1.xls 1877 - Shortcut.lnk -> C:\Users\fagolli\Desktop\Contact1.xls 1877 (No File)
Shortcut: C:\Users\fagolli\Documents\Informatica Back Up\INFORMATICA\Doc1.docx - Shortcut.lnk -> C:\Users\fagolli\Desktop\Doc1.docx (No File)
Shortcut: C:\Users\fagolli\Documents\Informatica Back Up\INFORMATICA\ENEL - Shortcut.lnk -> C:\Users\fagolli\Desktop\ENEL (No File)
Shortcut: C:\Users\fagolli\Documents\Informatica Back Up\INFORMATICA\ENEL_Trifiletti - Shortcut.lnk -> C:\Users\fagolli\Box Sync\ENEL_Trifiletti (No File)
Shortcut: C:\Users\fagolli\Documents\Informatica Back Up\INFORMATICA\Energy - Shortcut.lnk -> C:\Users\fagolli\Desktop\Energy (No File)
Shortcut: C:\Users\fagolli\Documents\Informatica Back Up\INFORMATICA\ESTA Exp date 21Jul 2015.pdf - Shortcut.lnk -> C:\Users\fagolli\Desktop\ESTA Exp date 21Jul 2015.pdf (No File)
Shortcut: C:\Users\fagolli\Documents\Informatica Back Up\INFORMATICA\Fastweb - Shortcut.lnk -> C:\Users\fagolli\Desktop\Fastweb (No File)
Shortcut: C:\Users\fagolli\Documents\Informatica Back Up\INFORMATICA\Firma Digitale - Shortcut.lnk -> C:\Users\fagolli\Desktop\Firma Digitale (No File)
Shortcut: C:\Users\fagolli\Documents\Informatica Back Up\INFORMATICA\Fredi Agolli.pdf - Shortcut.lnk -> C:\Users\fagolli\Desktop\Fredi Agolli.pdf (No File)
Shortcut: C:\Users\fagolli\Documents\Informatica Back Up\INFORMATICA\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (No File)
Shortcut: C:\Users\fagolli\Documents\Informatica Back Up\INFORMATICA\iLivid.lnk -> C:\Users\fagolli\AppData\Local\iLivid\iLivid.exe (No File)
Shortcut: C:\Users\fagolli\Documents\Informatica Back Up\INFORMATICA\Interni.cellulari MI-RM.xlsx - Shortcut.lnk -> C:\Users\fagolli\Desktop\Interni.cellulari MI-RM.xlsx (No File)
Shortcut: C:\Users\fagolli\Documents\Informatica Back Up\INFORMATICA\ISS2013Ch01ExecutiveSummary98238.pdf - Shortcut.lnk -> C:\Users\fagolli\Desktop\ISS2013Ch01ExecutiveSummary98238.pdf (No File)
Shortcut: C:\Users\fagolli\Documents\Informatica Back Up\INFORMATICA\Lista interni_MI-RM.xlsx - Shortcut.lnk -> C:\Users\fagolli\Desktop\Lista interni_MI-RM.xlsx (No File)
Shortcut: C:\Users\fagolli\Documents\Informatica Back Up\INFORMATICA\Offerta Informatica_Intesa Sanpaolo_OP451677_20140722 v1.doc - Shortcut.lnk -> C:\Users\fagolli\Desktop\Offerta Informatica_Intesa Sanpaolo_OP451677_20140722 v1.doc (No File)
Shortcut: C:\Users\fagolli\Documents\Informatica Back Up\INFORMATICA\One-Click.lnk -> C:\Program Files (x86)\WebEx\Productivity Tools\ptoneclk.exe (No File)
Shortcut: C:\Users\fagolli\Documents\Informatica Back Up\INFORMATICA\RealPlayer Cloud.lnk -> C:\program files (x86)\real\realplayer\RealPlay.exe (No File)
Shortcut: C:\Users\fagolli\Documents\Informatica Back Up\INFORMATICA\SAIPEM.docx - Shortcut.lnk -> C:\Users\fagolli\Desktop\SAIPEM.docx (No File)
Shortcut: C:\Users\fagolli\Documents\Informatica Back Up\INFORMATICA\Sistema di Gestione dei dati Circolare 263 Luglio 2013.docx - Shortcut.lnk -> C:\Users\fagolli\Desktop\Sistema di Gestione dei dati Circolare 263 Luglio 2013.docx (No File)
Shortcut: C:\Users\fagolli\Documents\Informatica Back Up\INFORMATICA\Skype.lnk -> C:\Windows\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe (No File)
Shortcut: C:\Users\fagolli\Documents\Informatica Back Up\INFORMATICA\Torch.lnk -> C:\Users\fagolli\AppData\Local\Torch\Application\torch.exe (No File)
Shortcut: C:\Users\fagolli\Documents\Informatica Back Up\INFORMATICA\Vodafone Mobile Broadband.lnk -> C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe (No File)
Shortcut: C:\Users\fagolli\Documents\Informatica Back Up\INFORMATICA\Documents\Cartelle condivise.lnk -> C:\Documents and Settings\fagoli\Local Settings\Application Data\Microsoft\Messenger (No File)
Shortcut: C:\Users\fagolli\Documents\Informatica Back Up\INFORMATICA\Documents\Offerte - Shortcut.lnk -> C:\Users\fagolli.INFORMATICA\Documents\Offerte (No File)
Shortcut: C:\Users\fagolli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CNext.lnk -> C:\Program Files\AMD\CNext\CNext\cnext.exe (No File)
Shortcut: C:\Users\fagolli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Start Menu.lnk -> C:\Users\fagolli\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe (No File)

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F
===

Please let me know what problem persists with this computer.

#3 Tony3570

Tony3570
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:36 AM

Posted 06 April 2017 - 04:29 PM

Hi nasdaq, many thanks thanks for your time and your support!

I followed your instructions.  Pls find attached the requested file (Fixlog.txt).

The issue shows up on a daily basis so I'll let you know if we managed to get rid of it or if it still persists.

 

Attached Files



#4 Tony3570

Tony3570
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:36 AM

Posted 07 April 2017 - 04:07 AM

Hi nasdaq,

unfortunately the error persists. I still get firefox tabs pointing at "dxnas21.com " opened automatically.

Do you have any suggestions on how to approach this situation?

Many thanks



#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:36 AM

Posted 07 April 2017 - 09:44 AM

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======

I still get firefox tabs pointing at "dxnas21.com "

Is is always the same location?

#6 Tony3570

Tony3570
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:36 AM

Posted 08 April 2017 - 05:08 AM

The location is the same "dxnas21.com " though it opens two or three tabs pointing at different ads.

Pls. find attached RogueKiller report.

Attached Files



#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:36 AM

Posted 08 April 2017 - 07:46 AM


Run the RogueKiller tool and remove these items.

[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-117064290-3293422965-3150230107-1002\Software\IM -> Trovato
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-117064290-3293422965-3150230107-1002\Software\IM -> Trovato
[PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost | bdx : [x] -> Trovato
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {6279D072-DD62-4A53-B86F-35A851576417} : v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe|Name=iMesh| [x] -> Trovato

===

Please download Malwarebytes Anti-Malware from here
  • Right-click on the MBAM icon and select Run as administrator to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.
  • On the left menu pane click the Settings tab, and then select the Protection tab on the top.
  • Under the Scan Options, turn on the button Scan for rootkits.
  • Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button
  • Note: The scan may take some time to finish, so please be patient.
  • If potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selected button.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
Please post the log for my review.

Note: If asked to restart the computer, please do so immediately.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Let me know if the problem persists.

#8 Tony3570

Tony3570
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:36 AM

Posted 08 April 2017 - 12:46 PM

Pls. find attached the two logs. I'll keep you posted if the problem persists.

Many thanks!

Attached Files



#9 Tony3570

Tony3570
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:36 AM

Posted 11 April 2017 - 03:22 AM

I confirm the issue has been fixed now. Non more tabs open automatically.

Many thanks for your time and your support!!!



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:36 AM

Posted 11 April 2017 - 08:16 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===

#11 Tony3570

Tony3570
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:36 AM

Posted 11 April 2017 - 08:53 AM

The issue has been resolved.

 

The system is running very slowly though. Should I open a new topic on the Windows forum?



#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:36 AM

Posted 11 April 2017 - 12:18 PM

Run this cleaning tool for now.

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zoek tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyclsid;
emptyffcache;
FFdefaults;
emptyiecache;
iedefaults;
emptychrcache;
CHRdefaults;
emptyalltemp;
emptyfolderscheck;delete
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.
===

Also, please provide an update on how the computer is behaving after running the above script.

#13 Tony3570

Tony3570
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:36 AM

Posted 13 April 2017 - 04:47 AM

Pls. find attached the zoek log. The system is still very slow.

 

Attached Files



#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:36 AM

Posted 13 April 2017 - 07:30 AM



Check the integrity of the operating system files.
How to run sfc /Scannow
http://support.microsoft.com/kb/929833

When completed refer to the Microsoft article again and follow the instructions to view details of the System File Checker process

Post the contents of the sfcdetails.txt file for my review.
===

If the problem persists please check the 3rd party drivers for possible updates.

Navigate to this page.
http://learn.flexerasoftware.com/SVM-EVAL-Personal-Software-Inspector

Download and run the Flexera Software Personal Software Inspector.

Update all the old drivers.

Keep me posted.

#15 Tony3570

Tony3570
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:36 AM

Posted 14 April 2017 - 05:10 AM

Pls. find attached the sfcdetails.txt. I ran Secunia PSI and got 13 updates recommendations.  I updated Adobe and Microsoft Silverlight. Most of the others are Windows related and, as Windows check automatically for periodical updates,  I'm not sure if I have to perform these tasks manually.  Moreover some of those look like legacy ones. The performance of the system has not improved so far.

Attached Files


Edited by Tony3570, 14 April 2017 - 05:16 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users