Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Adware in Firefox

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Adware in Firefox

Unread postby Cypher » April 4th, 2015, 10:00 am

Hi Simon,
Hi again Cypher, thanks so much for your continued assistance

My pleasure :)
Does this latest analysis mean that TornTV is still in operation on my system?

Yes there are a lot of "leftovers" which we will remove now.
Do the following please then give me another update on the Adds you're seeing in FireFox.

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy and Paste the following script into Notepad, Do not include the words Code: select all
    • (Click the select all button next to code to select the entire script).
    Code: Select all
    C:\Program Files (x86)\TheTorntv 
    2015-04-01 18:46 - 2015-04-02 22:53 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
    2015-04-01 17:46 - 2015-04-04 12:46 - 00001336 _____ () C:\Windows\Tasks\helper_king_notification_service.job
    2015-04-01 17:46 - 2015-04-04 12:21 - 00000698 _____ () C:\Windows\Tasks\helper_king_updating_service.job
    2015-04-01 17:46 - 2015-04-02 22:56 - 00000000 ____D () C:\Program Files (x86)\helper king
    2015-04-01 17:46 - 2015-04-01 17:46 - 00004374 _____ () C:\Windows\System32\Tasks\helper_king_notification_service
    2015-04-01 17:46 - 2015-04-01 17:46 - 00003738 _____ () C:\Windows\System32\Tasks\helper_king_updating_service
    Task: {3DE241CC-3AA7-4B1A-B76A-1E19A4B7C10A} - \ItI78RqBO8wx3 No Task File <==== ATTENTION
    Task: {4B505419-B3C8-446E-9CA7-321CE5129ED1} - System32\Tasks\BGCOB => C:\Users\Simon Harries\AppData\Roaming\BGCOB.exe <==== ATTENTION
    Task: {B35755DB-2BCD-4B68-9AC1-7CE7E4DC56BA} - System32\Tasks\VLJUVMT => C:\Users\Simon Harries\AppData\Roaming\VLJUVMT.exe <==== ATTENTION
    AlternateDataStreams: C:\Users\Simon Harries\Cookies:a7dP5gmDxMWNYDpRgL5irjL
    AlternateDataStreams: C:\Users\Simon Harries\AppData\Local\Temporary Internet Files:bEKR1DIHW3xLarnNstx7rkLTThfuc
    AlternateDataStreams: C:\Users\Simon Harries\AppData\Local\Temporary Internet Files:ITppCZk9JDyaYIWh2MRE1VO7IGe
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49D262F-604A-45E5-988A-151F8A2C1F2}]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{63AAC20A-5A0-4A1D-8C7A-2CA89A2ADB1}]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68417b56-3d7a-429a-a598-f595d8165fe2}]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68417b56-3d7a-429a-a598-f595d8165fe2}]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{769ba6fc-2ff3-4508-a278-bde6e70db05d}]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{769ba6fc-2ff3-4508-a278-bde6e70db05d}]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BEAB6BEC-4762-40AA-8A65-CF86E7F9ED6}]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CD7616DA-858-41D1-AA1D-A85854C4F11C}]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cefcec6f-064b-4e4a-9099-8925f8efbfa2}]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cefcec6f-064b-4e4a-9099-8925f8efbfa2}]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DEDFAB7E-4B9-4695-8DF7-AE35772F9EB0}]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F122AE0D-E4F4-4185-921D-692FE0C748DA}]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F59B62D4-F56D-4298-B81F-5133112910C9}]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FA86571B-5756-4D09-8F63-B278A636B8C2}]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fbacdb05-e575-4e90-b2ef-92212246ce7a}]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fbacdb05-e575-4e90-b2ef-92212246ce7a}]
    [-HKEY_CURRENT_USER\Software\Classes\.torrent]
    [-HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\TheTorntv V10]
    [-HKEY_CURRENT_USER\Software\Classes\TornTvDownloader.File]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TornTvDownloader.File]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68417b56-3d7a-429a-a598-f595d8165fe2}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68417b56-3d7a-429a-a598-f595d8165fe2}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{769ba6fc-2ff3-4508-a278-bde6e70db05d}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{769ba6fc-2ff3-4508-a278-bde6e70db05d}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cefcec6f-064b-4e4a-9099-8925f8efbfa2}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cefcec6f-064b-4e4a-9099-8925f8efbfa2}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fbacdb05-e575-4e90-b2ef-92212246ce7a}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fbacdb05-e575-4e90-b2ef-92212246ce7a}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68417b56-3d7a-429a-a598-f595d8165fe2}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68417b56-3d7a-429a-a598-f595d8165fe2}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{769ba6fc-2ff3-4508-a278-bde6e70db05d}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{769ba6fc-2ff3-4508-a278-bde6e70db05d}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cefcec6f-064b-4e4a-9099-8925f8efbfa2}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cefcec6f-064b-4e4a-9099-8925f8efbfa2}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fbacdb05-e575-4e90-b2ef-92212246ce7a}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fbacdb05-e575-4e90-b2ef-92212246ce7a}]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\Torntv]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\eventlog\Application\Torntv]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Torntv]
    [-HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\TheTorntv V10]
    [-HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49D262F-604A-45E5-988A-151F8A2C1F2}]
    [-HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{63AAC20A-5A0-4A1D-8C7A-2CA89A2ADB1}]
    [-HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68417b56-3d7a-429a-a598-f595d8165fe2}]
    [-HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68417b56-3d7a-429a-a598-f595d8165fe2}]
    [-HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{769ba6fc-2ff3-4508-a278-bde6e70db05d}]
    [-HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{769ba6fc-2ff3-4508-a278-bde6e70db05d}]
    [-HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BEAB6BEC-4762-40AA-8A65-CF86E7F9ED6}]
    [-HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CD7616DA-858-41D1-AA1D-A85854C4F11C}]
    [-HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cefcec6f-064b-4e4a-9099-8925f8efbfa2}]
    [-HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cefcec6f-064b-4e4a-9099-8925f8efbfa2}]
    [-HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DEDFAB7E-4B9-4695-8DF7-AE35772F9EB0}]
    [-HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F122AE0D-E4F4-4185-921D-692FE0C748DA}]
    [-HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F59B62D4-F56D-4298-B81F-5133112910C9}]
    [-HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FA86571B-5756-4D09-8F63-B278A636B8C2}]
    [-HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fbacdb05-e575-4e90-b2ef-92212246ce7a}]
    [-HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fbacdb05-e575-4e90-b2ef-92212246ce7a}]
    [-HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Classes\.torrent]
    [-HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\TheTorntv V10]
    [-HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Classes\TornTvDownloader.File]
    [-HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000_Classes\.torrent]
    [-HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\TheTorntv V10]
    [-HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000_Classes\TornTvDownloader.File]
    [-HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\TheTorntv V10]
    
    EmptyTemp:
    CMD: ipconfig /flushdns
    
  • Save it next to FRST.exe on your Desktop as filename fixlist.txt
  • NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are saved in the same location or the fix will not work.
  • Right-click FRST.exe and select " Run as administrator " to run it.
  • Press the Fix button just once. Then wait.
  • When finished, it will create a Fixlog.txt log on your Desktop.
  • Please post the content of the Fixlog.txt in your next reply.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Re: Adware in Firefox

Unread postby harries71 » April 4th, 2015, 12:40 pm

Hi Cypher - I've just tried that latest fix, but I regret to say that the ads are still present in Firefox, interspersed within the webpage.
Log follows...

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Simon Harries at 2015-04-04 17:31:17 Run:2
Running from C:\Users\Simon Harries\Windows 7 Stuff\Desktop
Loaded Profiles: Simon Harries (Available profiles: Simon Harries)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Program Files (x86)\TheTorntv
2015-04-01 18:46 - 2015-04-02 22:53 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-04-01 17:46 - 2015-04-04 12:46 - 00001336 _____ () C:\Windows\Tasks\helper_king_notification_service.job
2015-04-01 17:46 - 2015-04-04 12:21 - 00000698 _____ () C:\Windows\Tasks\helper_king_updating_service.job
2015-04-01 17:46 - 2015-04-02 22:56 - 00000000 ____D () C:\Program Files (x86)\helper king
2015-04-01 17:46 - 2015-04-01 17:46 - 00004374 _____ () C:\Windows\System32\Tasks\helper_king_notification_service
2015-04-01 17:46 - 2015-04-01 17:46 - 00003738 _____ () C:\Windows\System32\Tasks\helper_king_updating_service
Task: {3DE241CC-3AA7-4B1A-B76A-1E19A4B7C10A} - \ItI78RqBO8wx3 No Task File <==== ATTENTION
Task: {4B505419-B3C8-446E-9CA7-321CE5129ED1} - System32\Tasks\BGCOB => C:\Users\Simon Harries\AppData\Roaming\BGCOB.exe <==== ATTENTION
Task: {B35755DB-2BCD-4B68-9AC1-7CE7E4DC56BA} - System32\Tasks\VLJUVMT => C:\Users\Simon Harries\AppData\Roaming\VLJUVMT.exe <==== ATTENTION
AlternateDataStreams: C:\Users\Simon Harries\Cookies:a7dP5gmDxMWNYDpRgL5irjL
AlternateDataStreams: C:\Users\Simon Harries\AppData\Local\Temporary Internet Files:bEKR1DIHW3xLarnNstx7rkLTThfuc
AlternateDataStreams: C:\Users\Simon Harries\AppData\Local\Temporary Internet Files:ITppCZk9JDyaYIWh2MRE1VO7IGe
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49D262F-604A-45E5-988A-151F8A2C1F2}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{63AAC20A-5A0-4A1D-8C7A-2CA89A2ADB1}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68417b56-3d7a-429a-a598-f595d8165fe2}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68417b56-3d7a-429a-a598-f595d8165fe2}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{769ba6fc-2ff3-4508-a278-bde6e70db05d}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{769ba6fc-2ff3-4508-a278-bde6e70db05d}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BEAB6BEC-4762-40AA-8A65-CF86E7F9ED6}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CD7616DA-858-41D1-AA1D-A85854C4F11C}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cefcec6f-064b-4e4a-9099-8925f8efbfa2}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cefcec6f-064b-4e4a-9099-8925f8efbfa2}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DEDFAB7E-4B9-4695-8DF7-AE35772F9EB0}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F122AE0D-E4F4-4185-921D-692FE0C748DA}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F59B62D4-F56D-4298-B81F-5133112910C9}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FA86571B-5756-4D09-8F63-B278A636B8C2}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fbacdb05-e575-4e90-b2ef-92212246ce7a}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fbacdb05-e575-4e90-b2ef-92212246ce7a}]
[-HKEY_CURRENT_USER\Software\Classes\.torrent]
[-HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\TheTorntv V10]
[-HKEY_CURRENT_USER\Software\Classes\TornTvDownloader.File]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TornTvDownloader.File]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68417b56-3d7a-429a-a598-f595d8165fe2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68417b56-3d7a-429a-a598-f595d8165fe2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{769ba6fc-2ff3-4508-a278-bde6e70db05d}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{769ba6fc-2ff3-4508-a278-bde6e70db05d}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cefcec6f-064b-4e4a-9099-8925f8efbfa2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cefcec6f-064b-4e4a-9099-8925f8efbfa2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fbacdb05-e575-4e90-b2ef-92212246ce7a}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fbacdb05-e575-4e90-b2ef-92212246ce7a}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68417b56-3d7a-429a-a598-f595d8165fe2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68417b56-3d7a-429a-a598-f595d8165fe2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{769ba6fc-2ff3-4508-a278-bde6e70db05d}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{769ba6fc-2ff3-4508-a278-bde6e70db05d}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cefcec6f-064b-4e4a-9099-8925f8efbfa2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cefcec6f-064b-4e4a-9099-8925f8efbfa2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fbacdb05-e575-4e90-b2ef-92212246ce7a}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fbacdb05-e575-4e90-b2ef-92212246ce7a}]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\Torntv]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\eventlog\Application\Torntv]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Torntv]
[-HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\TheTorntv V10]
[-HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49D262F-604A-45E5-988A-151F8A2C1F2}]
[-HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{63AAC20A-5A0-4A1D-8C7A-2CA89A2ADB1}]
[-HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68417b56-3d7a-429a-a598-f595d8165fe2}]
[-HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68417b56-3d7a-429a-a598-f595d8165fe2}]
[-HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{769ba6fc-2ff3-4508-a278-bde6e70db05d}]
[-HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{769ba6fc-2ff3-4508-a278-bde6e70db05d}]
[-HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BEAB6BEC-4762-40AA-8A65-CF86E7F9ED6}]
[-HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CD7616DA-858-41D1-AA1D-A85854C4F11C}]
[-HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cefcec6f-064b-4e4a-9099-8925f8efbfa2}]
[-HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cefcec6f-064b-4e4a-9099-8925f8efbfa2}]
[-HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DEDFAB7E-4B9-4695-8DF7-AE35772F9EB0}]
[-HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F122AE0D-E4F4-4185-921D-692FE0C748DA}]
[-HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F59B62D4-F56D-4298-B81F-5133112910C9}]
[-HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FA86571B-5756-4D09-8F63-B278A636B8C2}]
[-HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fbacdb05-e575-4e90-b2ef-92212246ce7a}]
[-HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fbacdb05-e575-4e90-b2ef-92212246ce7a}]
[-HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Classes\.torrent]
[-HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\TheTorntv V10]
[-HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Classes\TornTvDownloader.File]
[-HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000_Classes\.torrent]
[-HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\TheTorntv V10]
[-HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000_Classes\TornTvDownloader.File]
[-HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\TheTorntv V10]

EmptyTemp:
CMD: ipconfig /flushdns

*****************

"C:\Program Files (x86)\TheTorntv" => File/Directory not found.
C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 => Moved successfully.
C:\Windows\Tasks\helper_king_notification_service.job => Moved successfully.
C:\Windows\Tasks\helper_king_updating_service.job => Moved successfully.
C:\Program Files (x86)\helper king => Moved successfully.
C:\Windows\System32\Tasks\helper_king_notification_service => Moved successfully.
C:\Windows\System32\Tasks\helper_king_updating_service => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3DE241CC-3AA7-4B1A-B76A-1E19A4B7C10A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3DE241CC-3AA7-4B1A-B76A-1E19A4B7C10A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ItI78RqBO8wx3" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4B505419-B3C8-446E-9CA7-321CE5129ED1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4B505419-B3C8-446E-9CA7-321CE5129ED1}" => Key deleted successfully.
C:\Windows\System32\Tasks\BGCOB => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BGCOB" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B35755DB-2BCD-4B68-9AC1-7CE7E4DC56BA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B35755DB-2BCD-4B68-9AC1-7CE7E4DC56BA}" => Key deleted successfully.
C:\Windows\System32\Tasks\VLJUVMT => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\VLJUVMT" => Key deleted successfully.
"C:\Users\Simon Harries\Cookies" => ":a7dP5gmDxMWNYDpRgL5irjL" ADS not found.
"C:\Users\Simon Harries\AppData\Local\Temporary Internet Files" => ":bEKR1DIHW3xLarnNstx7rkLTThfuc" ADS not found.
"C:\Users\Simon Harries\AppData\Local\Temporary Internet Files" => ":ITppCZk9JDyaYIWh2MRE1VO7IGe" ADS not found.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49D262F-604A-45E5-988A-151F8A2C1F2} => Key Deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{63AAC20A-5A0-4A1D-8C7A-2CA89A2ADB1} => Key Deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68417b56-3d7a-429a-a598-f595d8165fe2} => Key Deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68417b56-3d7a-429a-a598-f595d8165fe2} => Key not found.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{769ba6fc-2ff3-4508-a278-bde6e70db05d} => Key Deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{769ba6fc-2ff3-4508-a278-bde6e70db05d} => Key not found.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BEAB6BEC-4762-40AA-8A65-CF86E7F9ED6} => Key Deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CD7616DA-858-41D1-AA1D-A85854C4F11C} => Key Deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cefcec6f-064b-4e4a-9099-8925f8efbfa2} => Key Deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cefcec6f-064b-4e4a-9099-8925f8efbfa2} => Key not found.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DEDFAB7E-4B9-4695-8DF7-AE35772F9EB0} => Key Deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F122AE0D-E4F4-4185-921D-692FE0C748DA} => Key Deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F59B62D4-F56D-4298-B81F-5133112910C9} => Key Deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FA86571B-5756-4D09-8F63-B278A636B8C2} => Key Deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fbacdb05-e575-4e90-b2ef-92212246ce7a} => Key Deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fbacdb05-e575-4e90-b2ef-92212246ce7a} => Key not found.
HKEY_CURRENT_USER\Software\Classes\.torrent => Key Deleted successfully.
HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\TheTorntv V10 => Key Deleted successfully.
HKEY_CURRENT_USER\Software\Classes\TornTvDownloader.File => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_CURRENT_USER\Software\Classes\TornTvDownloader.File => Key Deleted Successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TornTvDownloader.File => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TornTvDownloader.File => Key Deleted Successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68417b56-3d7a-429a-a598-f595d8165fe2} => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68417b56-3d7a-429a-a598-f595d8165fe2} => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{769ba6fc-2ff3-4508-a278-bde6e70db05d} => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{769ba6fc-2ff3-4508-a278-bde6e70db05d} => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cefcec6f-064b-4e4a-9099-8925f8efbfa2} => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cefcec6f-064b-4e4a-9099-8925f8efbfa2} => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fbacdb05-e575-4e90-b2ef-92212246ce7a} => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fbacdb05-e575-4e90-b2ef-92212246ce7a} => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68417b56-3d7a-429a-a598-f595d8165fe2} => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68417b56-3d7a-429a-a598-f595d8165fe2} => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{769ba6fc-2ff3-4508-a278-bde6e70db05d} => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{769ba6fc-2ff3-4508-a278-bde6e70db05d} => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cefcec6f-064b-4e4a-9099-8925f8efbfa2} => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cefcec6f-064b-4e4a-9099-8925f8efbfa2} => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fbacdb05-e575-4e90-b2ef-92212246ce7a} => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fbacdb05-e575-4e90-b2ef-92212246ce7a} => Key not found.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\Torntv => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\eventlog\Application\Torntv => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Torntv => Key not found.
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\TheTorntv V10 => Key Deleted successfully.
HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49D262F-604A-45E5-988A-151F8A2C1F2} => Key not found.
HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{63AAC20A-5A0-4A1D-8C7A-2CA89A2ADB1} => Key not found.
HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68417b56-3d7a-429a-a598-f595d8165fe2} => Key not found.
HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68417b56-3d7a-429a-a598-f595d8165fe2} => Key not found.
HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{769ba6fc-2ff3-4508-a278-bde6e70db05d} => Key not found.
HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{769ba6fc-2ff3-4508-a278-bde6e70db05d} => Key not found.
HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BEAB6BEC-4762-40AA-8A65-CF86E7F9ED6} => Key not found.
HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CD7616DA-858-41D1-AA1D-A85854C4F11C} => Key not found.
HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cefcec6f-064b-4e4a-9099-8925f8efbfa2} => Key not found.
HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cefcec6f-064b-4e4a-9099-8925f8efbfa2} => Key not found.
HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DEDFAB7E-4B9-4695-8DF7-AE35772F9EB0} => Key not found.
HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F122AE0D-E4F4-4185-921D-692FE0C748DA} => Key not found.
HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F59B62D4-F56D-4298-B81F-5133112910C9} => Key not found.
HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FA86571B-5756-4D09-8F63-B278A636B8C2} => Key not found.
HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fbacdb05-e575-4e90-b2ef-92212246ce7a} => Key not found.
HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fbacdb05-e575-4e90-b2ef-92212246ce7a} => Key not found.
HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Classes\.torrent => Key not found.
HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\TheTorntv V10 => Key not found.
HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Classes\TornTvDownloader.File => Key not found.
HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000_Classes\.torrent => Key not found.
HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\TheTorntv V10 => Key not found.
HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000_Classes\TornTvDownloader.File => Key not found.
HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\TheTorntv V10 => Key not found.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 7.6 MB temporary data.


The system needed a reboot.

==== End of Fixlog 17:32:10 ====
harries71
Regular Member
 
Posts: 22
Joined: April 3rd, 2015, 5:41 am

Re: Adware in Firefox

Unread postby Cypher » April 4th, 2015, 1:23 pm

Hi Simon,
You only see these adds in FireFox correct? you don't see them when using Internet Explorer?
Do you see the adds on all sites or just certain ones?


First please Disable any Antivirus you have active, as shown in This topic.
Note: Don't forget to re-enable it after the scan.

Next please download zoek.exe and save it to your desktop.
  • Close any open browsers.
  • Right click on zoek.exe and select " Run as administrator " to run it.
  • Please wait while the tool starts. It will appear to be doing nothing and may take a few seconds to come up.
  • Click the More Options button below the large panel and check the box:

    • Auto Clean
  • Click on Run script button
  • Please wait patiently (it may take a few minutes) until a log report will open (this may be after reboot, if required)
  • Copy (Ctrl +C) and paste (Ctrl +V) the contents of the opened entire report back here.

    Note: It will also create a log in the C:\ directory named "zoek-results.log"
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Adware in Firefox

Unread postby harries71 » April 4th, 2015, 2:05 pm

Hi Simon,
You only see these adds in FireFox correct? you don't see them when using Internet Explorer?
Do you see the adds on all sites or just certain ones?

Hi Cypher, you're correct I only see these adverts in Firefox - and they appear on all sites - e.g. bbc.co.uk, Twitter, National Rail Enquiries, even on Sky TV's online EPG. When trying to log in to Twitter just now, a new tab opened for the website 'efix.com' and an invitation to download Windows 7 PC Repair. Most of the adverts contain warnings of Low Disk Space and telling me that I have to "repair my windows errors".
I've just followed your latest directions for using zoek.exe and the report is attached below. Following reboot I just checked Firefox again, the adverts are still there.

---


Zoek.exe v5.0.0.0 Updated 02-April-2015
Tool run by Simon Harries on 04/04/2015 at 18:41:39.08.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Simon Harries\Windows 7 Stuff\Desktop\zoek.exe [Scan all users] [Checkboxes used]

==== System Restore Info ======================

04/04/2015 18:42:55 Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\Users\Simon Harries\AppData\Roaming\BandExtend deleted successfully
C:\Users\Simon Harries\AppData\Roaming\Publish Providers deleted successfully
C:\Users\Simon Harries\AppData\Roaming\Splashtop deleted successfully
C:\Users\Simon Harries\AppData\Local\MediaShow deleted successfully
C:\Users\Simon Harries\AppData\Local\PACE Anti-Piracy deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~2\Windows Live SkyDrive deleted
C:\PROGRA~3\WoW Worldwide Software LTD deleted
C:\PROGRA~2\AVG Web TuneUp deleted
C:\PROGRA~2\Splashtop deleted
C:\user.js deleted
C:\Users\Simon Harries\AppData\Roaming\CodecsLE_Install.log deleted
C:\Users\Simon Harries\AppData\Roaming\Rim.Desktop.Exception.log deleted
C:\Users\Simon Harries\AppData\Roaming\Rim.Desktop.HttpServerSetup.log deleted
C:\Users\Simon Harries\AppData\Roaming\Rim.DesktopHelper.Exception.log deleted
C:\Users\Simon Harries\AppData\Roaming\Rim.Transcoder.Exception.log deleted
C:\PROGRA~3\AVG Web TuneUp deleted
C:\PROGRA~3\InstallMate deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Simon Harries\AppData\Local\LaunchHomeCenter.log deleted
C:\Users\Simon Harries\AppData\Local\CrashRpt deleted
C:\Users\Simon Harries\AppData\LocalLow\AVG Web TuneUp deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Web TuneUp deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Application Updater deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Windows\SysWow64\AI_RecycleBin deleted
C:\Users\Default\AppData\Roaming\gacutil.exe deleted
C:\Users\Default\AppData\Roaming\PnPutil.exe deleted
"C:\Windows\Installer\1ddf28.msi" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}"="C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext" [03/07/2013 06:32]

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- BT DesktopHelp extension - %AppDir%\extensions\mcciwbch@motive.com.xpi
- Motive Extension - %AppDir%\browser\extensions\mcciwbch@motive.com.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Simon Harries\AppData\Roaming\Mozilla\Firefox\Profiles\vr5pke1c.default-1428014804228
2645990C521342DCD08963D2DF6CD0D2 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll - RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)
10737B44923217BC0E67D26A9FC1F0AA - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll - RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)
2C82D753EF779945977C82A3908DA20A - C:\Windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.90.5
43583AB4DFD406F4C188342F41B1F91C - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll - Shockwave Flash
E7F0B0AE0753629D00C7CFD8704FFABE - C:\Users\Simon Harries\AppData\Local\Programs\Aspera\Aspera Connect\lib\npasperaweb.dll - Aspera Web for Firefox
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
jfmjfhklogoienhpfnppmbcbjfjnkonk - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx[17/06/2012 12:02]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://bbc.co.uk/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://bbc.co.uk/"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C9C67683F0721D3429A64ED58E28A0B6 deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7777E30B-D867-CBE7-688A-699007F0C9B9} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Web TuneUp deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{38676C9C-270F-43D1-926A-E45DE8820A6B} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\C9C67683F0721D3429A64ED58E28A0B6 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Simon Harries\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Simon Harries\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=224 folders=102 97756135 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Simon Harries\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\SIMONH~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 04/04/2015 at 18:58:47.38 ======================
harries71
Regular Member
 
Posts: 22
Joined: April 3rd, 2015, 5:41 am

Re: Adware in Firefox

Unread postby Cypher » April 4th, 2015, 2:35 pm

Hi Simon,
Since FF is the only browser affected the problem is with FF itself.
Try using FF with add-ons disabled then let me know if you still see the adds.

In the FF browser Click > Help > Restart with Add-ons Disabled > Restart > Start in Safe mode.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Adware in Firefox

Unread postby harries71 » April 4th, 2015, 4:03 pm

Hi again Cypher,
Interesting... I tried that, using it in Safe Mode with Add-ons disabled and the adverts are still there.
Presumably this means there is nothing else to be done? Is the solution to avoid using Firefox from now on?
Simon
harries71
Regular Member
 
Posts: 22
Joined: April 3rd, 2015, 5:41 am

Re: Adware in Firefox

Unread postby Cypher » April 5th, 2015, 6:31 am

Hi simon,
thanks so much for your continued assistance

You're most welcome.
Interesting... I tried that, using it in Safe Mode with Add-ons disabled and the adverts are still there.
Presumably this means there is nothing else to be done? Is the solution to avoid using Firefox from now on?

This is an interesting problem, when it's just one browser affected it's usually one of the add-ons that's the cause.
Run the below scan for me please.

Please download RogueKiller by Tigzy and save it to your desktop.
  • Allow the download if prompted by your security software and please close all your programs.
  • Right click on RogueKiller.exe and select " Run as administrator " to run it.
  • If it does not run, please try a few times.
  • Wait for PreScan to finish, then click on Scan.
  • Once completed, a log called RKreport[1].txt will be created on the desktop. It can also be accessed via the Report button.
  • Please copy and paste the contents of that log in your next reply.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Adware in Firefox

Unread postby harries71 » April 5th, 2015, 7:28 am

Hello again - and once again many thanks for your assistance. Following the scan, the Rogue Killer status panel instructs the user to view the different tabs and check what should be removed before pressing the delete button. There seem to be around 12 items under the "registry" tab and 3 under "web browsers" - one of the latter is an object called "mcciwbch@motive.com" used by Firefox. However, I haven't deleted anything yet - here is the report:

RogueKiller V10.5.8.0 [Mar 30 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Simon Harries [Administrator]
Started from : C:\Users\Simon Harries\Windows 7 Stuff\Desktop\RogueKiller.exe
Mode : Scan -- Date : 04/05/2015 11:48:43

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 12 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\GVTDrv64 (\??\C:\Windows\GVTDrv64.sys) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GVTDrv64 (\??\C:\Windows\GVTDrv64.sys) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\GVTDrv64 (\??\C:\Windows\GVTDrv64.sys) -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://bbc.co.uk/ -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://bbc.co.uk/ -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{71476581-B615-4FFB-9120-B76B31BA2A6A} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{71476581-B615-4FFB-9120-B76B31BA2A6A} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{71476581-B615-4FFB-9120-B76B31BA2A6A} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)] -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST3750640NS ATA Device +++++
--- User ---
[MBR] 18962258cfec7af360fb76e05c1f5a91
[BSP] 48a44432b20eec55168ceb925a51987c : Windows Vista/7/8 MBR Code
Partition table:
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Seagate BUP Slim BK USB Device +++++
--- User ---
[MBR] 978178fab84fb98412aaaea7622ebc39
[BSP] b02ed1cf1df18d9022d02c662abc3079 : Empty MBR Code
Partition table:
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: WD My Book 1230 USB Device +++++
Error reading User MBR! ([57] The parameter is incorrect. )
Error reading LL1 MBR! ([79] The semaphore timeout period has expired. )
Error reading LL2 MBR! ([32] The request is not supported. )
harries71
Regular Member
 
Posts: 22
Joined: April 3rd, 2015, 5:41 am

Re: Adware in Firefox

Unread postby Cypher » April 5th, 2015, 7:45 am

Hi Simon,
and once again many thanks for your assistance.

My pleasure.
one of the latter is an object called "mcciwbch@motive.com" used by Firefox

Is this Extension something you use?
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Adware in Firefox

Unread postby harries71 » April 5th, 2015, 7:51 am

Not that I'm aware of - it's described as 'Motive Extension' but I don't know what it is. The other two items under Web Browsers are Google Toolbar in IE (which I do use, now) and a RealPlayerBrowser Record Plugin on Firefox, and I don't think I use that ever, as far as I know. Should I delete the two I don't recognise? Plus delete the other items under 'registry' tab?
harries71
Regular Member
 
Posts: 22
Joined: April 3rd, 2015, 5:41 am

Re: Adware in Firefox

Unread postby Cypher » April 5th, 2015, 7:58 am

harries71 wrote:Not that I'm aware of - it's described as 'Motive Extension' but I don't know what it is. The other two items under Web Browsers are Google Toolbar in IE (which I do use, now) and a RealPlayerBrowser Record Plugin on Firefox, and I don't think I use that ever, as far as I know. Should I delete the two I don't recognise? Plus delete the other items under 'registry' tab?

Ok as you don't use that extension lets remove them, remove the items listed below to please.


RogueKiller
  • Right click on RogueKiller.exe and select " Run as administrator " to run it.
  • If it does not run, please try a few times.
  • Wait for PreScan to finish, then click on Scan.
  • When the Status box shows Scan Finished, click the Registry tab and locate these detections:
    mcciwbch@motive.com
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
  • Place a checkmark next to each of these items, leave the others unchecked.
  • Now press the Delete button.
  • Once completed, a log called RKreport[1].txt will be created on the desktop. It can also be accessed via the Report button.
  • Please copy and paste the contents of that log in your next reply.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Adware in Firefox

Unread postby harries71 » April 5th, 2015, 1:24 pm

Hi Cypher
I've deleted the two web browser items and the four from the registry you instructed. Here is the report,
Cheers, S

---

RogueKiller V10.5.8.0 [Mar 30 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Simon Harries [Administrator]
Started from : C:\Users\Simon Harries\Windows 7 Stuff\Desktop\RogueKiller.exe
Mode : Delete -- Date : 04/05/2015 18:20:41

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 12 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\GVTDrv64 (\??\C:\Windows\GVTDrv64.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GVTDrv64 (\??\C:\Windows\GVTDrv64.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\GVTDrv64 (\??\C:\Windows\GVTDrv64.sys) -> Not selected
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://bbc.co.uk/ -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://bbc.co.uk/ -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{71476581-B615-4FFB-9120-B76B31BA2A6A} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{71476581-B615-4FFB-9120-B76B31BA2A6A} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{71476581-B615-4FFB-9120-B76B31BA2A6A} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)] -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Replaced (0)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Replaced (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Replaced (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Replaced (0)

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 2 ¤¤¤
[FIREFX:Addon] h1nfuxol.default-1428177862777 : Motive Extension [mcciwbch@motive.com] -> Deleted
[FIREFX:Addon] h1nfuxol.default-1428177862777 : RealPlayer Browser Record Plugin [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] -> Deleted

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST3750640NS ATA Device +++++
--- User ---
[MBR] 18962258cfec7af360fb76e05c1f5a91
[BSP] 48a44432b20eec55168ceb925a51987c : Windows Vista/7/8 MBR Code
Partition table:
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Seagate BUP Slim BK USB Device +++++
--- User ---
[MBR] 978178fab84fb98412aaaea7622ebc39
[BSP] b02ed1cf1df18d9022d02c662abc3079 : Empty MBR Code
Partition table:
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: WD My Book 1230 USB Device +++++
Error reading User MBR! ([57] The parameter is incorrect. )
Error reading LL1 MBR! ([79] The semaphore timeout period has expired. )
Error reading LL2 MBR! ([32] The request is not supported. )


============================================
RKreport_SCN_04052015_114843.log - RKreport_DEL_04052015_181905.log
harries71
Regular Member
 
Posts: 22
Joined: April 3rd, 2015, 5:41 am

Re: Adware in Firefox

Unread postby Cypher » April 5th, 2015, 1:28 pm

Hi Simon,
Good work. Now are you still seeing the adds?
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Adware in Firefox

Unread postby harries71 » April 5th, 2015, 1:29 pm

Hi again,
I'm afraid so... Current status is that Firefox is still showing the adverts on all websites...
S
harries71
Regular Member
 
Posts: 22
Joined: April 3rd, 2015, 5:41 am

Re: Adware in Firefox

Unread postby Cypher » April 5th, 2015, 1:44 pm

Sorry this is taking so long to resolve, stick with me we will figure out what's causing this.
Ok i know you have done it before, but i would like you to reinstall FireFox again.
We will backup your bookmarks first so you don't lose them.

Make a Backup of Firefox Bookmarks
  • Please open your FireFox browser.
  • Click the Bookmarks button on the navigation toolbar and select Show All Bookmarks to open the Library window.
  • In the Library window, click the Import and Backup button and then select Backup....
  • In the Bookmarks backup filename window that opens, choose a your Desktop as a location to save the file, which is named bookmarks-"date".json by default.
  • Save the bookmarks json file. The Bookmarks backup filename window will close and you can close the Library window.
Next.

Please download a fresh copy of Firefox
  • Using Internet Explorer download FireFox from Here.
  • Save it to your desktop, don't install it yet.
Next.

Uninstall Firefox
Click Start > Control Panel > Uninstall a program.
Uninstall the following if present.
Mozilla Firefox 37.0

Now reboot your computer

Next.

Install Firefox
  • Right click on Firefox Setup.exe select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  • Then follow installation prompts...

Still seeing the adds?
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 128 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware