Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

eset online found problem and problems with some programs


  • This topic is locked This topic is locked
57 replies to this topic

#1 Tierra93

Tierra93

  • Members
  • 207 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:46 PM

Posted 29 July 2018 - 12:21 PM

The last few days have been having problems with Firefox and some other programs. Ran ESET online this morning and it found problem:

 

C:\Users\93\AppData\Local\Mozilla\Firefox\Profiles\sx0052ba.default-1525139707135\cache2\entries\628598023E1C19000158C5E6136F578298D5CA8F Win32/Bundled.Toolbar.Google.D potentially unsafe application

 

Sometimes I do get false positives but since FF is so buggy thought I should find out if this is a problem and resolve it.

 

Thank you.

 

Although attached both files looks like addition is missing - so I copied  and will paste here:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21.07.2018
Ran by 93 (29-07-2018 10:16:40)
Running from C:\Users\93\Desktop
Windows 10 Home Version 1803 17134.191 (X64) (2018-05-01 01:29:38)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

4 (S-1-5-21-3611102865-3659740907-1795170762-1002 - Limited - Enabled) => C:\Users\4
93 (S-1-5-21-3611102865-3659740907-1795170762-1001 - Administrator - Enabled) => C:\Users\93
Administrator (S-1-5-21-3611102865-3659740907-1795170762-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-3611102865-3659740907-1795170762-503 - Limited - Disabled)
Guest (S-1-5-21-3611102865-3659740907-1795170762-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3611102865-3659740907-1795170762-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20055 - Adobe Systems Incorporated)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.1 - Adobe Systems Incorporated)
Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-3611102865-3659740907-1795170762-1001\...\Amazon Kindle) (Version: 1.21.0.48017 - Amazon)
Apple Application Support (32-bit) (HKLM-x32\...\{E5347310-C82F-4833-AA36-8D11E5A8A86A}) (Version: 6.6 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D745E014-74DD-43A3-98DF-E7D38164B681}) (Version: 6.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C29B636B-9015-4ED1-A12F-6375A337F23B}) (Version: 11.4.1.46 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.10.15 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.2.0 - Canon Inc.)
Canon MG6600 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6600_series) (Version: 1.01 - Canon Inc.)
Canon MG6600 series On-screen Manual (HKLM-x32\...\Canon MG6600 series On-screen Manual) (Version: 7.7.0 - Canon Inc.)
Canon MG6600 series User Registration (HKLM-x32\...\Canon MG6600 series User Registration) (Version:  - ‭Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.3.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.2.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.6.1 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.45 - Piriform)
f.lux (HKU\S-1-5-21-3611102865-3659740907-1795170762-1001\...\Flux) (Version:  - f.lux Software LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.99 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1153 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4835 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
iTunes (HKLM\...\{36F365B3-05C2-455D-9D96-B73829DE046D}) (Version: 12.8.0.150 - Apple Inc.)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3611102865-3659740907-1795170762-1001\...\OneDriveSetup.exe) (Version: 18.111.0603.0006 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 61.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 61.0.1 (x64 en-US)) (Version: 61.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 61.0.1.6759 - Mozilla)
OverDrive for Windows (HKLM-x32\...\{FF27E73D-C30A-4F32-B2D7-22069F01DDB9}) (Version: 3.6.0 - OverDrive, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.)
Sandboxie 5.26 (64-bit) (HKLM\...\Sandboxie) (Version: 5.26 - Sandboxie Holdings, LLC)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype version 8.25 (HKLM-x32\...\Skype_is1) (Version: 8.25 - Skype Technologies S.A.)
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
Windows Driver Package - U.S. Robotics Corporation Model 5637 Voice Driver (01/28/2011 3.1.0.46) (HKLM\...\E7AE3AA66CA6D8D4AA8DED5BEED78DB3BEDFED27) (Version: 01/28/2011 3.1.0.46 - U.S. Robotics Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-10-20] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {16536914-DD21-4D3B-AAD6-47AC4F5C7F14} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-07-20] (Piriform Ltd)
Task: {1F35B4AC-A8CD-4D38-B54C-24D65D22E823} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-07-11] (Adobe Systems Incorporated)
Task: {311D5E48-6206-4BE5-A8C6-932E527F40AD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-06-25] (Microsoft Corporation)
Task: {40B18AA6-07C8-421F-A0F1-EC867DE31DCB} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe /NOUACCHECK
Task: {5C1B4CDB-60F5-4837-8196-91713C80E93B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-06-25] (Microsoft Corporation)
Task: {5FBC0AE8-E949-4022-8400-DE17BA94113B} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_134_Plugin.exe [2018-07-11] (Adobe Systems Incorporated)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {6CE172C2-16EF-46EE-8D4C-0489BDEA617A} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-07-20] (Piriform Ltd)
Task: {6DCC7D47-8F74-46D0-8AB2-4810DE0C60A7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3611102865-3659740907-1795170762-1002UA => C:\Users\4\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-26] (Google Inc.)
Task: {8C39E646-6B10-4648-825F-5CD9BFC75EC5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {8CAB2C24-1365-4ACD-8DAB-7645D0569079} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3611102865-3659740907-1795170762-1002Core1d25b233e644ec9 => C:\Users\4\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-26] (Google Inc.)
Task: {9924C044-BFF7-4128-866E-7268CD8C7E9E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated)
Task: {A498ED93-2E29-4168-8816-9580F5F8C356} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-06-25] (Microsoft Corporation)
Task: {A6B6CFA9-3D5D-4883-94E7-BBF7C37B8D99} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3611102865-3659740907-1795170762-1002Core => C:\Users\4\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-26] (Google Inc.)
Task: {B0D0334D-3BB7-44A9-AC36-3EB62A0B19EC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-05] (Google Inc.)
Task: {C4B8F79F-8E41-49C0-9754-06025B4DA76A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-05] (Google Inc.)
Task: {CBDFDE0A-7570-4CBF-BA4D-DB31B703FB31} - System32\Tasks\{5EDFECC5-F1BA-4CE6-8E4D-387B22293A69} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxps://ui.skype.com/ui/0/7.30.85.105/en/go/help.faq.installer?LastError=1618
Task: {EFF51B1D-6D44-4A53-8C06-4AB9578A05A6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3611102865-3659740907-1795170762-1002UA1d25b233ec3b039 => C:\Users\4\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-26] (Google Inc.)
Task: {F134FDB4-82DA-4BEA-B277-CDC88214621D} - System32\Tasks\{CB26D371-2041-4406-BDCD-47BAF536F3AF} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxps://ui.skype.com/ui/0/7.38.0.101/en/go/help.faq.installer?LastError=1618
Task: {F2759D8E-23D4-4686-AF08-48E35BAF751A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-06-25] (Microsoft Corporation)
Task: {F2AF9E70-9826-430B-9992-9FDDE64F154E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2018-07-11] (Microsoft Corporation)
Task: {F5A9622E-97A8-4ADB-BE91-1AEBE3B5FC8A} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3611102865-3659740907-1795170762-1002Core.job => C:\Users\4\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3611102865-3659740907-1795170762-1002UA.job => C:\Users\4\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2016-01-27 14:56 - 2013-06-28 16:28 - 000084616 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2017-09-14 04:15 - 2013-07-04 04:32 - 000936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2018-06-06 05:26 - 2018-07-17 12:04 - 002433744 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-11-30 19:54 - 2017-11-30 19:54 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-06-23 06:56 - 2018-06-23 06:56 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-10-20 17:42 - 2017-10-20 17:42 - 000393200 _____ () C:\WINDOWS\system32\igfxTray.exe
2018-04-11 16:34 - 2018-04-11 16:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-04-11 16:34 - 2018-04-11 16:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 16:34 - 2018-04-11 16:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-07-11 05:52 - 2018-07-05 23:55 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-09-14 04:15 - 2018-07-29 08:24 - 000033936 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2017-09-14 04:15 - 2013-07-04 04:32 - 000104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2015-06-24 02:07 - 2015-06-24 02:07 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2018-07-24 08:39 - 2018-06-26 20:39 - 001790592 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\ffmpeg.dll
2018-07-24 08:39 - 2018-06-26 20:39 - 000097224 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keytar\build\Release\keytar.node
2018-07-24 08:39 - 2018-06-26 20:39 - 002723968 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\libglesv2.dll
2018-07-24 08:39 - 2018-06-26 20:39 - 000031872 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\libegl.dll
2018-07-24 08:39 - 2018-06-26 20:39 - 000409544 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\@paulcbetts\spellchecker\build\Release\spellchecker.node
2018-07-24 08:39 - 2018-06-26 20:39 - 000138696 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keyboard-layout\build\Release\keyboard-layout-manager.node
2018-07-24 08:39 - 2018-06-26 20:39 - 002295752 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\slimcore\bin\skypert.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\4\Documents\allergy info for cobalt dichloride.jpg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\4\Documents\allergy info for cobalt dichloride.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\4\Documents\allergy info from 2018.jpg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\4\Documents\allergy info from 2018.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\4\Documents\allergy info on nickel.jpg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\4\Documents\allergy info on nickel.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\4\Documents\housing sept 2018 page 1.jpg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\4\Documents\housing sept 2018 page 1.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\4\Documents\housing sept 2018 page 2.jpg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\4\Documents\housing sept 2018 page 2.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-3611102865-3659740907-1795170762-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3611102865-3659740907-1795170762-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3611102865-3659740907-1795170762-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3611102865-3659740907-1795170762-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3611102865-3659740907-1795170762-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3611102865-3659740907-1795170762-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3611102865-3659740907-1795170762-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-3611102865-3659740907-1795170762-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-3611102865-3659740907-1795170762-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3611102865-3659740907-1795170762-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-3611102865-3659740907-1795170762-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3611102865-3659740907-1795170762-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3611102865-3659740907-1795170762-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3611102865-3659740907-1795170762-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3611102865-3659740907-1795170762-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3611102865-3659740907-1795170762-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3611102865-3659740907-1795170762-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3611102865-3659740907-1795170762-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3611102865-3659740907-1795170762-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3611102865-3659740907-1795170762-1001\...\1001movie.com -> 1001movie.com

There are 6091 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 00:24 - 2015-10-30 00:21 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3611102865-3659740907-1795170762-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\93\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.0.1 - 205.171.3.25
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "CanonQuickMenu"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{F860F30B-8CC0-44AE-88F1-E8E31B8CC3D3}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{CBC841A9-DB96-4D57-95D4-627ADFF2B629}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{86509205-CBF8-4F0E-AB0A-14B02D319BAB}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{5276F7E2-364F-4F9D-8B07-5D7A55CB2849}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9CA66CE7-93C6-41F3-81E8-CF2A58B43B4F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6F87DD62-95AC-48A2-89D6-C24BD7EE8ED8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{23E9417B-8517-48A5-AFA3-F30B86E5F899}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3802900E-50A1-4257-A867-BC63E7557426}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1E1A2123-A02F-4B92-9142-F19484CF6CF8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{57EB736A-E1FE-41E9-A159-4E7BFE45007E}C:\windows\system32\wfs.exe] => (Allow) C:\windows\system32\wfs.exe
FirewallRules: [UDP Query User{61B30FF4-2C10-4878-BF6B-5136FC55F803}C:\windows\system32\wfs.exe] => (Allow) C:\windows\system32\wfs.exe
FirewallRules: [{A08D68C0-E276-494A-BA5C-4ECC29DFBE9B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{AE9059AE-844E-49A8-840B-51AD2F1B8AAF}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{4549B397-66BF-49E9-9F01-572605A755EF}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{654830BD-3EBB-4572-9DAD-558E353748BB}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{BE22905F-4DB4-48F5-9D7B-9D2992CF5753}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{E39AC529-2DF3-4C1D-8FBE-479484CA0168}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe

==================== Restore Points =========================
 

Attached Files

  • Attached File  FRST.txt   64.86KB   128 downloads

Edited by Tierra93, 29 July 2018 - 12:24 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:46 PM

Posted 29 July 2018 - 12:45 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Your logs are clean.
This is an rentry in your Firfox Cache.
C:\Users\93\AppData\Local\Mozilla\Firefox\Profiles\sx0052ba.default-1525139707135\cache2\entries\628598023E1C19000158C5E6136F578298D5CA8F

Go to the c:\...\Cache2\enties list and find the 628598023E1C19000158C5E6136F578298D5CA8F entry.

Delete it.

Close and delete Firefox.

It should no longer be reported.

p.s.
The entry in item is in the Cache. Nothing can come of it.

#3 Tierra93

Tierra93
  • Topic Starter

  • Members
  • 207 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:46 PM

Posted 29 July 2018 - 03:10 PM

Can't I just clear the data? I went to C disk and users and 93 but can't find appdata.

 

Just found the hidden files; however, found 6271...  but not 6285...

 

Thank you.


Edited by Tierra93, 29 July 2018 - 03:30 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:46 PM

Posted 30 July 2018 - 07:27 AM


Hi,

If the entrie is found it will be removed with this fix.


Press the windows key Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CloseProcesses:

cmd: del /q C:\Users\93\AppData\Local\Mozilla\Firefox\Profiles\sx0052ba.default-1525139707135\cache2\entries\628598023E1C19000158C5E6136F578298D5CA8F

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Does Eset report finding this key?

#5 Tierra93

Tierra93
  • Topic Starter

  • Members
  • 207 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:46 PM

Posted 30 July 2018 - 07:52 AM

Thank you for your help.

I copied and pasted onto run (I have pinned to my start menu) and got error message. See attachment.

Having problems adding the attachments. Says added but not seeing in posts.


Edited by Tierra93, 30 July 2018 - 08:01 AM.


#6 Tierra93

Tierra93
  • Topic Starter

  • Members
  • 207 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:46 PM

Posted 30 July 2018 - 07:57 AM

I tried again and got this but not sure what app they want. I have command prompt pinned to my start menu - is that what they want? When I try to click on it it disappears.


Edited by Tierra93, 30 July 2018 - 08:01 AM.


#7 Tierra93

Tierra93
  • Topic Starter

  • Members
  • 207 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:46 PM

Posted 30 July 2018 - 08:04 AM

I don't know why the attachments aren't attaching.

 

The first one says: Windows cannot find 'del'.  Be sure you type the name correctly then try again.

 

The second message says: You'll need a new app for this cmd.  Look for app in app store  (doesn't say which app and don't have MS account)  Always use this app.  OK

 

App store says results for cmd No results found for this filtering.

Attached Files


Edited by Tierra93, 30 July 2018 - 08:11 AM.


#8 Tierra93

Tierra93
  • Topic Starter

  • Members
  • 207 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:46 PM

Posted 30 July 2018 - 08:16 AM

Just found another problem. I usually use CCleaner (right click recycle bin and only use the cleaner (not registry)after closing out and getting ready to shut down computer and it's not there and having problems when going to start to get it to run. Is this part of the problem? Thank you.

#9 Tierra93

Tierra93
  • Topic Starter

  • Members
  • 207 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:46 PM

Posted 30 July 2018 - 02:38 PM

Firefox is no longer working properly also. Is this due to the problem or something else? Should I uninstall both CCleaner and FF and reinstall or do you think it wouldn't fix problems? Thank you.

#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:46 PM

Posted 31 July 2018 - 07:10 AM

Hi,

Lets strart by fixing Firefox.

Remove and reinstall Firefox.

Before proceeding save your Bookmarks. (Export)
https://support.mozilla.org/en-US/kb/export-firefox-bookmarks-to-backup-or-transfer

Firefox Password manager - Import your passwords.
Password Manager - Remember, delete, change and import saved passwords in Firefox
https://support.mozilla.org/en-US/kb/password-manager-remember-delete-change-passwords

If you are Syncing Firefox it with other Devices remove it.
https://support.mozilla.org/en-US/kb/how-do-i-set-sync-my-computer

When all is well you can re-sync your devices. NOT NOW.
<<<>>>

Clean the Firefox Cache.
https://kb.iu.edu/d/ahic#firefox

Remove Firefox using the instructions one this page.
https://support.mozilla.org/en-US/kb/uninstall-firefox-from-your-computer

Restart the computer normallhy.

Install the latest version of the application.
https://www.mozilla.org/en-US/firefox/new/

Import your Bookmarks. Same link as the Export function above.

Restart the computer normally.

===

Letd me know what problem persists.

#11 Tierra93

Tierra93
  • Topic Starter

  • Members
  • 207 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:46 PM

Posted 31 July 2018 - 09:35 AM

Thank you! I just finished removing. I found nothing in: C:\Program Files\Mozilla Firefox C:\Program Files (x86)\Mozilla Firefox I had to reset up all of firefox in admin; however, my bookmarks and passwords were still in the general account that I use the most (and run in private browsing mode). Should I have deleted from both accounts? Windows is working weirdly too and when right clicking with mouse (brand new - just 2 weeks old and logetech - so should be good) often have to do more than once, sometimes too with left click - but I think it's windows acting weird. Thank you.

#12 Tierra93

Tierra93
  • Topic Starter

  • Members
  • 207 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:46 PM

Posted 31 July 2018 - 09:55 AM

Just fixed CCleaner. Also, think not the mouse - just the computer is taking forever to do anything. Seems like with every MS update it gets worse and worse. Thank you for all of your help.

#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:46 PM

Posted 31 July 2018 - 10:34 AM

Check the integrity of the operating system files.
How to run sfc /Scannow
http://support.microsoft.com/kb/929833

When completed refer to the Microsoft article again and follow the instructions to view details of the System File Checker process

Post the contents of the sfcdetails.txt file for my review.

Let me know if the problem persists.
<<<>>>

#14 Tierra93

Tierra93
  • Topic Starter

  • Members
  • 207 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:46 PM

Posted 31 July 2018 - 01:15 PM

After > than 10 minutes still not running.  Please see attachment.

Attached Files



#15 Tierra93

Tierra93
  • Topic Starter

  • Members
  • 207 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:46 PM

Posted 31 July 2018 - 02:02 PM

Finally got it to run; however, not getting the text.  See attachment - please.  Doesn't look like it found any problems.

 

Thank you

Attached Files

  • Attached File  scan.png   167.48KB   0 downloads





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users