1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Survey POPup in Firefox

Discussion in 'Malware and Virus Removal Archive' started by Barry, 2013/08/12.

Page 3 of 3
  1. 2013/08/14
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    No as long as you don't use registry cleaner part.
    That's why I prefer TFC. it only does what is really needed. It cleans temporary junk.
    In general - leave registry alone.

    I may be wrong but I think Reader comes as a part of Adobe Acrobat.

    As for login issue....delete WindowsBBS cookies in Firefox.
    Restart Firefox, go to WindowsBBS and after entering username and a password appropriate cookie will be recreated.
    See if that fixes the issue.
     
    broni,
    #41
  2. 2013/08/14
    Barry

    Barry Geek Member Thread Starter

    Joined:
    2002/12/16
    Messages:
    1,209
    Likes Received:
    10
    This morning I ran ccleaner, including registry clean. Do I need to rerun one of the programs you suggested to put the registry back to where it is supposed to be? I won't run registry cleaner again. Do you believe TFC cleans better than ccleaner?

    I guess you're right about Reader 8, as add/remove program applications only list Reader 8, not Acrobat 8 Professional. I can uninstall Acrobat 5.0, though. I guess I should do that. Should I just use Acrobat 8 Professional offline, for security reasons, and other programs when I am online?

    As far as deleting the cookies, I don't allow tracking or history on Firefox, so there are no cookies to delete. Everything is deleted when I close out Firefox.
     
    Barry,
    #42


  3. to hide this advert.

  4. 2013/08/14
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Fine. Leave it where it is now.

    Both are good tools. You can keep using CCleaner as long as you don't touch registry part.

    You can use Acrobat online as long as you keep it up to date.

    As for Firefox issue....

    In this forum, we make sure, your computer is free of malware and your computer is clean :)
    Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
    You'll get more attention.

    As for this topic....

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure Windows Updates are current.

    4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

    6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    8. Run Temporary File Cleaner (TFC) weekly.

    9. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    11. (Windows XP only) Run defrag at your convenience.

    12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    13. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

    14. Please, let me know, how your computer is doing.
     
    broni,
    #43
  5. 2013/08/15
    Barry

    Barry Geek Member Thread Starter

    Joined:
    2002/12/16
    Messages:
    1,209
    Likes Received:
    10
    Here is my final log:

    All processes killed
    Error: Unable to interpret <Code:> in the current context!
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 8922 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Owner
    ->Temp folder emptied: 26445994 bytes
    ->Temporary Internet Files folder emptied: 82054 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 18730470 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Opera cache emptied: 0 bytes
    ->Flash cache emptied: 492 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 128496 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 43.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default User

    User: LocalService

    User: NetworkService

    User: Owner
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default User

    User: LocalService

    User: NetworkService

    User: Owner
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.69.0 log created on 08142013_160539

    Files\Folders moved on Reboot...

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...


    I finally have everything clean and updated. There were some glitches, and one still remains. The remaining one is Windows Security Alerts claims Microsoft Security Essentials is OFF, while Microsoft Security Essentials claims Real Time Protection is ON. Which do I believe?

    Other glitches are as follows:
    By uninstalling Acrobat 5, Acrobat 8 became unusable, so I had to reinstall Acrobat 8 Professional. I did update Acrobat Reader to 11, but I still need the capability of creating forms, so I kept 8 Professional. By the way, Foxit is now 28.6MB, not 3.5MB, and it doesn't create forms.

    Also, this page no longer exists: http://www.bleepingcomputer.com/tuto...r-safe-online/

    One final note is I was able to login to this site from Foxfire the first time around, this time, so that is a nice change.

    Thank you for all your help. Other than my concern about Microsoft Security Essentials, my computer is working fine.
     
    Barry,
    #44
  6. 2013/08/15
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    broni,
    #45
  7. 2013/08/15
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    broni,
    #46
  8. 2013/08/15
    Barry

    Barry Geek Member Thread Starter

    Joined:
    2002/12/16
    Messages:
    1,209
    Likes Received:
    10
    Now your link works. I tried it 4 times before and always got the 404 page not found error. Maybe something was just busy.

    I followed the steps and deleted the Repository, but I still have the same problem. I sense we just added too many programs at startup. I disabled some of them, but the problem still exists. Here is a log of my startup programs. Have you any idea what else I can disable or what I've disabled that needs to be in startup?

    Yes HKCU:Run ctfmon.exe Microsoft Corporation D:\WINDOWS\system32\ctfmon.exe
    No HKCU:Run ctfmon.exe Microsoft Corporation D:\WINDOWS\system32\ctfmon.exe
    Yes HKCU:Run IDMan Tonec Inc. E:\Program Files\Internet Download Manager\IDMan.exe /onboot
    Yes HKCU:Run ISUSPM Acresso Corporation D:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe -scheduler
    No HKCU:Run NBJ Ahead Software AG "D:\Program Files\Ahead\Nero BackItUp\NBJ.exe "
    Yes HKCU:Run SandboxieControl Sandboxie Holdings, LLC "E:\Program Files\Sandboxie\SbieCtrl.exe "
    Yes HKCU:Run WMPNSCFG Microsoft Corporation D:\Program Files\Windows Media Player\WMPNSCFG.exe
    Yes HKLM:Run 36X Raid Configurer Gigabyte Technology Corp. D:\WINDOWS\System32\xRaidSetup.exe boot
    Yes HKLM:Run Acrobat Assistant 8.0 Adobe Systems Inc. "E:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe "
    Yes HKLM:Run Acronis Scheduler2 Service Acronis "D:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe "
    Yes HKLM:Run adm_tray.exe Acronis E:\Program Files\Acronis\DriveMonitor\adm_tray.exe
    Yes HKLM:Run Adobe ARM Adobe Systems Incorporated "D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
    No HKLM:Run Alcmtr Realtek Semiconductor Corp. ALCMTR.EXE
    Yes HKLM:Run APSDaemon Apple Inc. "D:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe "
    No HKLM:Run BCU "D:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe "
    Yes HKLM:Run BrStsMon00 Brother Industries, Ltd. D:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN
    Yes HKLM:Run ControlCenter4 Brother Industries, Ltd. D:\Program Files\ControlCenter4\BrCcBoot.exe /autorun
    No HKLM:Run DivXMediaServer DivX, LLC E:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
    No HKLM:Run DivXUpdate DivX, LLC "D:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    No HKLM:Run Eraser The Eraser Project "E:\PROGRA~1\Eraser\Eraser.exe" --atRestart
    Yes HKLM:Run hplampc Hewlett-Packard D:\WINDOWS\system32\hplampc.exe
    No HKLM:Run IndexSearch Nuance Communications, Inc. "D:\Program Files\Nuance\PaperPort\IndexSearch.exe "
    Yes HKLM:Run JMB36X IDE Setup D:\WINDOWS\RaidTool\xInsIDE.exe
    Yes HKLM:Run MSC Microsoft Corporation "D:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    Yes HKLM:Run NUSB3MON NEC Electronics Corporation "C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe "
    Yes HKLM:Run NvCplDaemon Microsoft Corporation RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
    Yes HKLM:Run NvMediaCenter Microsoft Corporation RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    Yes HKLM:Run nwiz NVIDIA Corporation D:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
    No HKLM:Run PaperPort PTD Nuance Communications, Inc. "D:\Program Files\Nuance\PaperPort\pptd40nt.exe "
    No HKLM:Run PDF5 Registry Controller Nuance Communications, Inc. D:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe
    No HKLM:Run PDFHook Nuance Communications, Inc. D:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe
    No HKLM:Run PPort12reminder Nuance Communications, Inc. "D:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe" -r "D:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini "
    No HKLM:Run QuickTime Task Apple Inc. "E:\Program Files\QuickTime\qttask.exe" -atboottime
    No Startup Common MailWasherPro.lnk Firetrust D:\PROGRA~1\FIRETR~1\MAILWA~1\MAILWA~1.EXE
    Yes Startup Common Secunia PSI Tray.lnk Secunia D:\Program Files\Secunia\PSI\psi_tray.exe
    No Startup User Dropbox.lnk Dropbox, Inc. D:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe
    Yes Startup User Shortcut to speedfan.lnk Almico Software (www.almico.com) E:\Program Files\SpeedFan\speedfan.exe

    Yes Extension Diagnose Connection Problems... Microsoft Corporation %windir%\Network Diagnostic\xpnetdiag.exe
    Yes Extension Messenger Microsoft Corporation D:\Program Files\Messenger\msmsgs.exe
    Yes Extension Research Microsoft Corporation E:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
    Yes Helper Adobe PDF Conversion Toolbar Helper Adobe Systems Incorporated E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    Yes Helper Adobe PDF Reader Link Helper Adobe Systems Incorporated D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    Yes Helper DivX Plus Web Player HTML5 <video> DivX, LLC E:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    Yes Helper IDM integration (IDMIEHlprObj Class) Internet Download Manager, Tonec Inc. E:\Program Files\Internet Download Manager\IDMIECC.dll
    Yes Helper PlusIEEventHelper Class Zeon Corporation D:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll
    Yes Toolbar Adobe PDF Adobe Systems Incorporated E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

    Yes Extension Adblock Plus 2.3.2 Wladimir Palant default-1368980305000 Firefox 23.0 D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aznaz484.default-1368980305000\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    Yes Extension DivX Plus Web Player HTML5 <video> 2.1.2.182 © 2000-2013, DivX LLC. DivX and associated logos are trademarks of Rovi. All rights reserved. default-1368980305000 Firefox 23.0 E:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
    Yes Extension Element Hiding Helper for Adblock Plus 1.2.3 Wladimir Palant default-1368980305000 Firefox 23.0 D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aznaz484.default-1368980305000\extensions\elemhidehelper@adblockplus.org.xpi
    Yes Extension IDM CC 7.3.57 Internet Download Manager, Tonec Inc. default-1368980305000 Firefox 23.0 D:\Documents and Settings\Owner\Application Data\IDM\idmmzcc5
    Yes Extension IE Tab 2 (FF 3.6+) 4.12.22.2 Hong Jen Yee (PCMan) default-1368980305000 Firefox 23.0 D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aznaz484.default-1368980305000\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
    Yes Extension MetaProducts Integration 1.6.3 MetaProducts corp. default-1368980305000 Firefox 23.0 D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aznaz484.default-1368980305000\extensions\{D249FD00-4DF9-11D9-9FDC-0080481ADA61}.xpi
    No Extension Microsoft .NET Framework Assistant 0.0.0 Microsoft default-1368980305000 Firefox 23.0 D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    No Extension Microsoft .NET Framework Assistant 1.3.1 Microsoft default-1368980305000 Firefox 23.0 D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aznaz484.default-1368980305000\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
    Yes Extension Qualys BrowserCheck 1.7.15.1 Qualys, Inc. default-1368980305000 Firefox 23.0 D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aznaz484.default-1368980305000\extensions\{7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D}
    Yes Extension TinEye Reverse Image Search 1.1 Martine Vong default-1368980305000 Firefox 23.0 D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aznaz484.default-1368980305000\extensions\tineye@ideeinc.com.xpi
    Yes Extension WOT 20130402 WOT Services Oy default-1368980305000 Firefox 23.0 D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aznaz484.default-1368980305000\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    Yes Plugin Adobe Acrobat 11.0.3.37 Adobe Systems Inc. default-1368980305000 Firefox 23.0 D:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    Yes Plugin Coupons Inc., Coupon Printer Manager 4.0.2.0 Coupons, Inc. default-1368980305000 Firefox 23.0 D:\Program Files\Mozilla Firefox\browser\plugins\npMozCouponPrinter.dll
    Yes Plugin DivX Plus Web Player 2.4.0.368 DivX, LLC default-1368980305000 Firefox 23.0 E:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
    Yes Plugin DivX VOD Helper Plug-in 1.1.0.6 DivX, LLC. default-1368980305000 Firefox 23.0 E:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
    Yes Plugin DivX Web Player 1.5.0.52 DivX,Inc. default-1368980305000 Firefox 23.0 E:\Program Files\DivX\DivX Web Player\npdivx32.dll
    Yes Plugin Foxit Reader Plugin for Mozilla 2.2.3.402 Foxit Corporation default-1368980305000 Firefox 23.0 E:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
    Yes Plugin Google Update 1.3.21.153 Google Inc. default-1368980305000 Firefox 23.0 D:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
    Yes Plugin IE Tab Plug-in 2.2.0.1 ietab.mozdev.org default-1368980305000 Firefox 23.0 D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aznaz484.default-1368980305000\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll
    Yes Plugin Java Deployment Toolkit 7.0.250.16 10.25.2.16 Oracle Corporation default-1368980305000 Firefox 23.0 D:\WINDOWS\system32\npDeployJava1.dll
    Yes Plugin Java(TM) Platform SE 7 U25 10.25.2.16 Oracle Corporation default-1368980305000 Firefox 23.0 D:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
    Yes Plugin Microsoft® DRM 9.0.0.4503 Microsoft Corporation default-1368980305000 Firefox 23.0 D:\Program Files\Windows Media Player\npdrmv2.dll
    Yes Plugin Microsoft® DRM 9.0.0.4503 Microsoft Corporation default-1368980305000 Firefox 23.0 D:\Program Files\Windows Media Player\npwmsdrm.dll
    Yes Plugin Microsoft® Windows Media Services 4.1.0.3917 Microsoft Corporation default-1368980305000 Firefox 23.0 D:\WINDOWS\system32\npwmsdrm.dll
    Yes Plugin Qualys BrowserCheck Plugin 1.7.15.1 Qualys, Inc. default-1368980305000 Firefox 23.0 D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aznaz484.default-1368980305000\extensions\{7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D}\plugins\npqbc.dll
    Yes Plugin QuickTime Plug-in 7.7.4 7.7.4.0 Apple Inc. default-1368980305000 Firefox 23.0 E:\Program Files\QuickTime\Plugins\npqtplugin5.dll
    Yes Plugin Shockwave Flash 11.8.800.94 Adobe Systems Incorporated default-1368980305000 Firefox 23.0 D:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll
    No Plugin Shockwave Flash 9.0.45.0 Adobe Systems Incorporated default-1368980305000 Firefox 23.0 D:\WINDOWS\system32\NPSWF32.dll
    Yes Plugin Shockwave for Director 12.0.3.133 Adobe Systems, Inc. default-1368980305000 Firefox 23.0 D:\WINDOWS\system32\Adobe\Director\np32dsw_1203133.dll
    Yes Plugin VLC Web Plugin 2.0.6.0 VideoLAN default-1368980305000 Firefox 23.0 E:\Program Files\VideoLAN\VLC\npvlc.dll
    Yes Plugin Windows Media Player Plug-in Dynamic Link Library 3.0.2.629 Microsoft Corporation (written by Digital Renaissance Inc.) default-1368980305000 Firefox 23.0 D:\Program Files\Windows Media Player\npdsplay.dll
    Yes Plugin Windows Presentation Foundation 3.5.30729.1 Microsoft Corporation default-1368980305000 Firefox 23.0 D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

    Yes App Gmail 7 First user D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
    Yes App Google Drive 6.3 First user D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
    Yes App Google Search 0.0.0.20 First user D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
    Yes App YouTube 4.2.6 First user D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
    Yes Extension Adblock Plus 1.5.3 First user D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.3_0
    Yes Extension Google Docs 0.5 First user D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
    Yes Extension IDM Integration Module 6.17.7 First user D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn\6.17.7_0
    Yes Extension NotScripts 0.9.6 First user D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\odjhifogjcknibkahlpidmdajjpkkcfn\0.9.6_0
    Yes Extension WOT 1.4.13 First user D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.4.13_0

    Yes Task Adobe Flash Player Updater Adobe Systems Incorporated D:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Yes Task GoogleUpdateTaskMachineCore Google Inc. D:\Program Files\Google\Update\GoogleUpdate.exe /c
    Yes Task GoogleUpdateTaskMachineUA Google Inc. D:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
    Yes Task Microsoft Antimalware Scheduled Scan Microsoft Corporation D:\Program Files\Microsoft Security Client\MpCmdRun.exe Scan -ScheduleJob -RestrictPrivileges
    Yes Task MpIdleTask Microsoft Corporation D:\Program Files\Microsoft Security Client\MpCmdRun.exe -IdleTask -TaskName MpIdleTask

    No Directory 7-Zip Igor Pavlov D:\Program Files\7-Zip\7-zip.dll
    No Directory Add to VLC media player's Playlist VideoLAN "E:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1 "
    Yes Directory Adobe.Acrobat.ContextMenu Adobe Systems Inc. E:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll
    No Directory DropboxExt Dropbox, Inc. D:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.19.dll
    No Directory Eraser The Eraser Project "E:\PROGRA~1\Eraser\ERASER~3.DLL "
    No Directory MBAMShlExt Malwarebytes Corporation E:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
    No Directory Play with VLC media player VideoLAN "E:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1 "
    Yes Directory Run Sandboxed Sandboxie Holdings, LLC "E:\Program Files\Sandboxie\Start.exe" /box:__ask__ Explorer.exe "%1 "
    No Directory StuffIt11ContextMenuHandler Smith Micro Software, Inc. E:\Program Files\Smith Micro\StuffIt11\SxShellExt.dll
    No Drive Eraser The Eraser Project "E:\PROGRA~1\Eraser\ERASER~3.DLL "
    No Drive PartitionMagic 8.0 PowerQuest Corporation E:\Program Files\PowerQuest\PartitionMagic 8.0\PMAGIC.EXE
    No File 7-Zip Igor Pavlov D:\Program Files\7-Zip\7-zip.dll
    Yes File Adobe.Acrobat.ContextMenu Adobe Systems Inc. E:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll
    No File DropboxExt Dropbox, Inc. D:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.19.dll
    No File Eraser The Eraser Project "E:\PROGRA~1\Eraser\ERASER~3.DLL "
    No File Foxit_ConvertToPDF_Reader Foxit Corporation E:\Program Files\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x86.dll
    No File MBAMShlExt Malwarebytes Corporation E:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
    No File StuffIt11ContextMenuHandler Smith Micro Software, Inc. E:\Program Files\Smith Micro\StuffIt11\SxShellExt.dll
     
    Barry,
    #47
  9. 2013/08/15
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Startups have nothing to do with your issue.

    In any case....

    In this forum, we make sure, your computer is free of malware and your computer is clean :)
    Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
    You'll get more attention.

    Good luck :)
     
    broni,
    #48
  10. 2013/08/15
    Barry

    Barry Geek Member Thread Starter

    Joined:
    2002/12/16
    Messages:
    1,209
    Likes Received:
    10
    Thank you for all your help. It is nice to be rid of that malware.
     
    Barry,
    #49
  11. 2013/08/15
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You're very welcome [​IMG]
     
    broni,
    #50
  12. 2013/08/16
    Barry

    Barry Geek Member Thread Starter

    Joined:
    2002/12/16
    Messages:
    1,209
    Likes Received:
    10
    I just wanted to follow up and say the WSC problem was solved by uninstalling MSE and then doing a fresh reinstall.

    Thanks again for everything.
     
    Barry,
    #51
  13. 2013/08/16
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Excellent!
     
    broni,
    #52
Page 3 of 3

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...