Assistance required with URL:Mal infection.

[REDACTED]

As per subject, I am currently strugling to get rid of said infection. I am currently following through the "Logs to assist in cleaning malware" thread so have attached the requested Logs. Any help will be gratefully recieved.

Ed

[REDACTED]

1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Code: [Select]

Task: {FC614EEE-92CB-4B91-BF0C-83706033CB50} - \Updater19962.exe No Task File <==== ATTENTION
HKU\S-1-5-21-2541191580-2575226481-2110239231-1000\...\Run: [AceStream] => C:\Users\Ed\AppData\Roaming\ACEStream\engine\ace_engine.exe [27904 2014-09-25] ()
C:\Users\Ed\AppData\Roaming\ACEStream\engine\ace_engine.exe
FF Plugin HKCU: @acestream.net/acestreamplugin,version=2.1.8 -> C:\Users\Ed\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies)
FF HKCU\...\Firefox\Extensions: [magicplayer@torrentstream.org] - C:\Users\Ed\AppData\Roaming\ACEStream\extensions\firefox\magicplayer@torrentstream.orgFF Extension: TS Magic Player - C:\Users\Ed\AppData\Roaming\ACEStream\extensions\firefox\magicplayer@torrentstream.org [2013-10-26]
C:\Users\Ed\AppData\Roaming\ACEStream\extensions\firefox\magicplayer@torrentstream.org
CHR HKCU\...\Chrome\Extension: [kpckgflgdapkpabemgkielbefdildaio] - C:\Users\Ed\AppData\Roaming\ACEStream\extensions\chrome_new\magicplayer.crx [2013-10-10]
C:\Users\Ed\AppData\Roaming\ACEStream\extensions\chrome_new\magicplayer.crx
CHR Extension: (AS Magic Player) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim [2014-07-10]
CHR Extension: (TS Magic Player) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\ochbjojkpcmlfeagbaahkofepalngihg [2012-11-24]
C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim
C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\ochbjojkpcmlfeagbaahkofepalngihg
EmptyTemp:
CMD: bitsadmin /reset /allusers
2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.


3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.

[REDACTED]

argus, thanks for your help with this matter and I appologise for the delay in my response. I have followed your instructions above and attached the Fixlog.txt file as requested.

Ed

[REDACTED]

How is the situation now?

[REDACTED]

All seems well so far, thanks, but I haven't really used the web much since this morning. Having said that, the problem was showing up on pretty much every web page so it seems whatever you have done has resolved the issue. Thanks for you time and help with this matter.

[REDACTED]

Cool


• The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;
Remove disinfection tools
Create registry backup
Purge System Restore
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)

[REDACTED]

argus, I hope you don't mind me asking but was the problem just down to the acestream application? I guess what i'm wondering is if I need to change any passwords I might have saved on my PC for logging in to some websites?

Ed

[REDACTED]

acestream only plugin, malicious.

Passwords are OK

[REDACTED]

Cheers buddy, you've been a massive help. I can watch the Ryder Cup in peace now!