Solved Strange object on the browser header bar

basketcase · 2015/12/23

Well ... it did not spot anything and there was no button for a report, so I figured there was nothing to report.

But since you asked I did a search and found a report.

2015-12-23 11:22:29.407 Sophos Virus Removal Tool version 2.5.5
2015-12-23 11:22:29.407 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2015-12-23 11:22:29.407 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2015-12-23 11:22:29.407 Windows version 6.2 SP 0.0 build 9200 SM=0x100 PT=0x1 WOW64
2015-12-23 11:22:29.407 Checking for updates...
2015-12-23 11:22:29.532 Update progress: proxy server not available
2015-12-23 11:22:50.883 Option all = no
2015-12-23 11:22:50.898 Option recurse = yes
2015-12-23 11:22:50.898 Option archive = no
2015-12-23 11:22:50.898 Option service = yes
2015-12-23 11:22:50.898 Option confirm = yes
2015-12-23 11:22:50.898 Option sxl = yes
2015-12-23 11:22:50.898 Option max-data-age = 35
2015-12-23 11:22:50.898 Option EnableSafeClean = yes
2015-12-23 11:22:57.877 Downloading updates...
2015-12-23 11:22:58.002 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2015-12-23 11:22:58.002 Update progress: [I49502] Found supplement SAVIW32 LATEST
2015-12-23 11:22:58.002 Update progress: [I49502] Found supplement IDE523 LATEST
2015-12-23 11:22:58.002 Update progress: [I49502] Found supplement IDE524 LATEST
2015-12-23 11:22:58.002 Update progress: [I49502] Found supplement IDE525 LATEST
2015-12-23 11:22:58.002 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2015-12-23 11:22:58.002 Update progress: [I19463] Syncing product SAVIW32 63
2015-12-23 11:23:00.612 Update progress: [I19463] Syncing product IDE523 121
2015-12-23 11:23:01.362 Installing updates...
2015-12-23 11:23:02.738 Option vdl-logging = yes
2015-12-23 11:23:04.181 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-12-23 11:23:04.181 Machine ID: 754d250c5af446b09b200ee728141b18
2015-12-23 11:23:04.181 Component SVRTcli.exe version 2.5.5
2015-12-23 11:23:04.181 Component control.dll version 2.5.5
2015-12-23 11:23:04.181 Component SVRTservice.exe version 2.5.5
2015-12-23 11:23:04.181 Component engine\osdp.dll version 1.44.1.2230
2015-12-23 11:23:04.181 Component engine\veex.dll version 3.63.0.2230
2015-12-23 11:23:04.181 Component engine\savi.dll version 9.0.0.2230
2015-12-23 11:23:04.181 Component rkdisk.dll version 1.5.30.0
2015-12-23 11:23:04.181 Version info: Product version 2.5.5
2015-12-23 11:23:04.181 Version info: Detection engine 3.63.0
2015-12-23 11:23:04.181 Version info: Detection data 5.22
2015-12-23 11:23:04.181 Version info: Build date 12/8/2015
2015-12-23 11:23:04.181 Version info: Data files added 193
2015-12-23 11:23:04.181 Version info: Last successful update (not yet updated)
2015-12-23 11:23:04.181 Error level 1
2015-12-23 11:23:04.353 Update progress: [I19463] Syncing product IDE524 74
2015-12-23 11:23:04.353 Update progress: [I19463] Syncing product IDE525 1
2015-12-23 11:23:13.184 Update successful
2015-12-23 11:23:25.720 Option all = no
2015-12-23 11:23:25.720 Option recurse = yes
2015-12-23 11:23:25.720 Option archive = no
2015-12-23 11:23:25.720 Option service = yes
2015-12-23 11:23:25.720 Option confirm = yes
2015-12-23 11:23:25.720 Option sxl = yes
2015-12-23 11:23:25.720 Option max-data-age = 35
2015-12-23 11:23:25.720 Option EnableSafeClean = yes
2015-12-23 11:23:26.360 Option vdl-logging = yes
2015-12-23 11:23:26.376 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-12-23 11:23:26.376 Machine ID: 754d250c5af446b09b200ee728141b18
2015-12-23 11:23:26.376 Component SVRTcli.exe version 2.5.5
2015-12-23 11:23:26.376 Component control.dll version 2.5.5
2015-12-23 11:23:26.376 Component SVRTservice.exe version 2.5.5
2015-12-23 11:23:26.376 Component engine\osdp.dll version 1.44.1.2230
2015-12-23 11:23:26.376 Component engine\veex.dll version 3.63.0.2230
2015-12-23 11:23:26.376 Component engine\savi.dll version 9.0.0.2230
2015-12-23 11:23:26.376 Component rkdisk.dll version 1.5.30.0
2015-12-23 11:23:26.376 Version info: Product version 2.5.5
2015-12-23 11:23:26.376 Version info: Detection engine 3.63.0
2015-12-23 11:23:26.376 Version info: Detection data 5.22
2015-12-23 11:23:26.376 Version info: Build date 12/8/2015
2015-12-23 11:23:26.376 Version info: Data files added 193
2015-12-23 11:23:26.376 Version info: Last successful update 12/23/2015 5:23:13 AM

2015-12-23 12:06:55.864 Could not open C:\hiberfil.sys
2015-12-23 12:06:58.662 Could not open C:\pagefile.sys
2015-12-23 12:14:05.957 Could not open C:\swapfile.sys
2015-12-23 12:14:06.129 Could not open C:\System Volume Information\{13c22bc1-96a4-11e5-9c11-0023ae59de59}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-12-23 12:14:06.129 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-12-23 12:14:06.129 Could not open C:\System Volume Information\{75a98c02-a37d-11e5-9c1c-0023ae59de59}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-12-23 12:14:06.129 Could not open C:\System Volume Information\{9528aedb-9c03-11e5-9c14-0023ae59de59}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-12-23 12:14:06.129 Could not open C:\System Volume Information\{c250f978-a864-11e5-9c25-0023ae59de59}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-12-23 12:14:06.129 Could not open C:\System Volume Information\{e390d497-a789-11e5-9c23-0023ae59de59}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-12-23 12:17:28.821 Password protected file C:\Users\Rick\Documents\Oct 2015 Data Backups\092215 HBC Office Backup\Documents Folder\Journal\DM091914.docx
2015-12-23 12:17:36.133 Password protected file C:\Users\Rick\Documents\Oct 2015 Data Backups\092215 HBC Office Backup\Documents Folder\JRM Misc\PW List.docx
2015-12-23 12:25:23.713 Password protected file C:\Users\Rick\OneDrive\Documents\7406 Oak Leaf Household Records\Combinations and Locks Info.docx
2015-12-23 12:25:27.417 Password protected file C:\Users\Rick\OneDrive\Documents\Articles in Process\Basic Commitments to Heal.docx
2015-12-23 12:25:27.776 Password protected file C:\Users\Rick\OneDrive\Documents\Articles in Process\ScandalLinks.docx
2015-12-23 12:25:57.661 Password protected file C:\Users\Rick\OneDrive\Documents\CLM Stuff\Doc1.docx
2015-12-23 12:25:57.833 Password protected file C:\Users\Rick\OneDrive\Documents\CLM Stuff\M&W.xls
2015-12-23 12:27:45.401 Password protected file C:\Users\Rick\OneDrive\Documents\Jeep and Motorcycling\Cemetery Tour.docx
2015-12-23 12:30:23.026 Password protected file C:\Users\Rick\OneDrive\Documents\Miscellaneous Notes\What Really Happened.docx
2015-12-23 12:30:23.948 Password protected file C:\Users\Rick\OneDrive\Documents\Money and Finance\Notes November 23.docx
2015-12-23 12:32:44.679 Password protected file C:\Users\Rick\OneDrive\Documents\RicksData\How I want things.docx
2015-12-23 12:32:48.706 Password protected file C:\Users\Rick\OneDrive\Documents\Spreadsheets\BFGNotes.xls
2015-12-23 12:45:39.700 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2015-12-23 12:45:39.700 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2015-12-23 12:45:42.842 Could not open C:\Windows\System32\config\BBI
2015-12-23 12:45:42.967 Could not open C:\Windows\System32\config\RegBack\DEFAULT
2015-12-23 12:45:42.967 Could not open C:\Windows\System32\config\RegBack\SAM
2015-12-23 12:45:42.967 Could not open C:\Windows\System32\config\RegBack\SECURITY
2015-12-23 12:45:42.967 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2015-12-23 12:45:42.983 Could not open C:\Windows\System32\config\RegBack\SYSTEM
2015-12-23 13:01:11.827 SafeClean bin directory is empty.
2015-12-23 13:01:13.249 Error level 0

2015-12-23 13:09:24.031 Scan completed.
2015-12-23 13:09:24.031

------------------------------------------------------------

2015-12-23 13:17:19.455 Sophos Virus Removal Tool version 2.5.5
2015-12-23 13:17:19.455 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2015-12-23 13:17:19.455 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2015-12-23 13:17:19.455 Windows version 6.2 SP 0.0 build 9200 SM=0x100 PT=0x1 WOW64
2015-12-23 13:17:19.455 Checking for updates...
2015-12-23 13:17:19.486 Update progress: proxy server not available
2015-12-23 13:17:33.600 Option all = no
2015-12-23 13:17:33.600 Option recurse = yes
2015-12-23 13:17:33.600 Option archive = no
2015-12-23 13:17:33.600 Option service = yes
2015-12-23 13:17:33.600 Option confirm = yes
2015-12-23 13:17:33.600 Option sxl = yes
2015-12-23 13:17:33.600 Option max-data-age = 35
2015-12-23 13:17:33.600 Option EnableSafeClean = yes
2015-12-23 13:17:33.694 Update not required
2015-12-23 13:17:34.647 Option vdl-logging = yes
2015-12-23 13:17:34.678 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-12-23 13:17:34.678 Machine ID: 754d250c5af446b09b200ee728141b18
2015-12-23 13:17:34.694 Component SVRTcli.exe version 2.5.5
2015-12-23 13:17:34.694 Component control.dll version 2.5.5
2015-12-23 13:17:34.694 Component SVRTservice.exe version 2.5.5
2015-12-23 13:17:34.694 Component engine\osdp.dll version 1.44.1.2230
2015-12-23 13:17:34.694 Component engine\veex.dll version 3.63.0.2230
2015-12-23 13:17:34.694 Component engine\savi.dll version 9.0.0.2230
2015-12-23 13:17:34.694 Component rkdisk.dll version 1.5.30.0
2015-12-23 13:17:34.694 Version info: Product version 2.5.5
2015-12-23 13:17:34.694 Version info: Detection engine 3.63.0
2015-12-23 13:17:34.694 Version info: Detection data 5.22
2015-12-23 13:17:34.694 Version info: Build date 12/8/2015
2015-12-23 13:17:34.694 Version info: Data files added 193
2015-12-23 13:17:34.694 Version info: Last successful update 12/23/2015 5:23:13 AM
2015-12-23 13:25:03.110 Error level 1

2015-12-23 13:25:03.126 Scan completed.
2015-12-23 13:25:03.126

------------------------------------------------------------

broni · 2015/12/23

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

Activate UAC (optional; some users prefer to keep it off)

Remove disinfection tools

Create registry backup

Purge System Restore

Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now ")

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.

basketcase · 2015/12/23

Thank you as always. I'll follow up with the steps you suggested.

And all the best for a safe and joyous Christmas!

PS: Where is the "resolved" button? Seems I have marked them on earlier occasions but for the life of me, I'm not seeing the option.

broni · 2015/12/24

Only I can mark it "Resolved" in this forum.

Log in or Sign up

Solved Strange object on the browser header bar

basketcase Well-Known Member Thread Starter

broni Moderator Malware Analyst

basketcase Well-Known Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Strange object on the browser header bar

basketcase Well-Known Member Thread Starter

broni Moderator Malware Analyst

basketcase Well-Known Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches