Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Continuing problems with ads


  • Please log in to reply
13 replies to this topic

#1 Carper

Carper

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 24 December 2013 - 11:04 AM

Hi I am new to the forum having been suggested to join to get rid of a lot of unwanted adverts and pop ups.

I have downloaded the programmes suggested but my problems still persist, particularly one which brings up a page every time I try to join a link. Each time it is blocked by Firefox and I need to  clear the page before I can proceed.

The address line is as follows  

 

http://www.hpylgr.com/sc?p=YTE2NTIyMDE0OTYQO3yArXWiOJMtvySVjjH.

 

I hope someone can suggest  how to get rid of it. (Not too complicated please I am 87) 

I am using Windows 8

Thanks in anticipation,

 

Regards                           Carper

 

Mod Edit: Moved from the Windows 8 forum to a more appropriate forum

Roger


Edited by rotor123, 24 December 2013 - 11:08 AM.


BC AdBot (Login to Remove)

 


#2 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:05:42 PM

Posted 24 December 2013 - 11:39 AM

Hi Carper,
 

I have downloaded the programmes suggested but my problems still persist, particularly one which brings up a page every time I try to join a link.

Which programs were suggested, and from where?
 
Run these for me:
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

---------
 
thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

---------
 
Please download Malwarebytes Anti-Malware mbamicontw5.gif and save it to your desktop.

  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
  • Double-click on the renamed file to install, then follow these instructions
  • for doing a Quick Scan in normal mode.
  • Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues

Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • After completing the scan, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab .
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.

Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

---------
 
Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • List Restore Points

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
 
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

 

xXToffeeXx~


Edited by xXToffeeXx, 24 December 2013 - 11:39 AM.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#3 Carper

Carper
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 26 December 2013 - 06:38 AM

Hi, Thanks for your suggestions, all of which I have carried out except being able to forward the scan log.

I have also carried out a full scan with AVG and regularly use Ccleaner and carefully note what there is in the cookies column.

However I decided to make Firefox my default browser and the problem has dissapeared. I still feel that the problem is lurking somewhere and would still like to get rid of it.     Thanks again Regards    Carper



#4 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:05:42 PM

Posted 26 December 2013 - 08:17 AM

Hi Carper,

 

If you want to carry on, then please post the logs I requested. I would like to review them to see what was removed.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#5 Carper

Carper
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 27 December 2013 - 07:01 AM

Thanks for your reply. As I said I was not able to save the Adw files but I am attaching the file for minit tool box. Hope this is satisfactory.

 

If I rescanned with Adw, would the result be any use?

 

           CarperMiniToolBox by Farbar  Version: 18-12-2013

Ran by Frank26 (administrator) on 27-12-2013 at 11:48:44
Running from "C:\Users\Frank26\Downloads"
Microsoft Windows 8  (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC = WiFi (Connected)
Realtek PCIe FE Family Controller = Ethernet (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 9" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="WiFi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 11" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : GeneralPC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 2C-D0-5A-AB-81-17
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : 7C-05-07-53-B2-3C
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter WiFi:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
   Physical Address. . . . . . . . . : 2C-D0-5A-AB-81-17
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.0.2(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 27 December 2013 11:44:18
   Lease Expires . . . . . . . . . . : 28 December 2013 11:44:18
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DNS Servers . . . . . . . . . . . : 194.168.4.100
                                       194.168.8.100
   NetBIOS over Tcpip. . . . . . . . : Enabled
Server:  cache1.service.virginmedia.net
Address:  194.168.4.100

Name:    google.com
Addresses:  2a00:1450:4009:804::1001
      173.194.34.133
      173.194.34.136
      173.194.34.128
      173.194.34.129
      173.194.34.131
      173.194.34.142
      173.194.34.134
      173.194.34.137
      173.194.34.135
      173.194.34.132
      173.194.34.130


Pinging google.com [173.194.34.128] with 32 bytes of data:
Reply from 173.194.34.128: bytes=32 time=17ms TTL=57
Reply from 173.194.34.128: bytes=32 time=20ms TTL=57

Ping statistics for 173.194.34.128:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 17ms, Maximum = 20ms, Average = 18ms
Server:  cache1.service.virginmedia.net
Address:  194.168.4.100

Name:    yahoo.com
Addresses:  98.139.183.24
      98.138.253.109
      206.190.36.45


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=166ms TTL=47
Reply from 98.138.253.109: bytes=32 time=170ms TTL=47

Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 166ms, Maximum = 170ms, Average = 168ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 14...2c d0 5a ab 81 17 ......Microsoft Wi-Fi Direct Virtual Adapter
 13...7c 05 07 53 b2 3c ......Realtek PCIe FE Family Controller
 12...2c d0 5a ab 81 17 ......Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1      192.168.0.2     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link       192.168.0.2    281
      192.168.0.2  255.255.255.255         On-link       192.168.0.2    281
    192.168.0.255  255.255.255.255         On-link       192.168.0.2    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.0.2    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.0.2    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  1    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\windows\SysWOW64\pnrpnsp.dll [67584] (Microsoft Corporation)
Catalog5 03 C:\windows\SysWOW64\pnrpnsp.dll [67584] (Microsoft Corporation)
Catalog5 04 C:\windows\SysWOW64\NLAapi.dll [55296] (Microsoft Corporation)
Catalog5 05 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog5 06 C:\windows\SysWOW64\winrnr.dll [21504] (Microsoft Corporation)
Catalog9 01 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 02 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 03 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 04 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 05 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 06 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 07 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 08 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 09 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 10 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [66560] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [72192] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [53760] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/27/2013 11:45:24 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: GENERALPC)
Description: Activation of application Microsoft.BingMaps_8wekyb3d8bbwe!AppexMaps failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/27/2013 11:45:24 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: GENERALPC)
Description: Activation of application Microsoft.BingMaps_8wekyb3d8bbwe!AppexMaps failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/27/2013 11:45:23 AM) (Source: Application Hang) (User: )
Description: The program Map.exe version 1.5.1.240 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 74c

Start Time: 01cf02f9001242ef

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\Microsoft.BingMaps_1.5.1.240_x64__8wekyb3d8bbwe\Map.exe

Report Id: 480e3e06-6eec-11e3-bea7-7c050753b23c

Faulting package full name: Microsoft.BingMaps_1.5.1.240_x64__8wekyb3d8bbwe

Faulting package-relative application ID: AppexMaps

Error: (12/27/2013 11:44:44 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: GENERALPC)
Description: App Microsoft.BingMaps_8wekyb3d8bbwe!AppexMaps did not launch within its allotted time.

Error: (12/24/2013 02:39:05 PM) (Source: Application Error) (User: )
Description: Faulting application name: TCrdMain_Win8.exe, version: 2.0.7.64, time stamp: 0x5091827a
Faulting module name: SynCOM.dll_unloaded, version: 0.0.0.0, time stamp: 0x50b86421
Exception code: 0xc0000005
Fault offset: 0x000000001001f368
Faulting process ID: 0x1624
Faulting application start time: 0xTCrdMain_Win8.exe0
Faulting application path: TCrdMain_Win8.exe1
Faulting module path: TCrdMain_Win8.exe2
Report ID: TCrdMain_Win8.exe3
Faulting package full name: TCrdMain_Win8.exe4
Faulting package-relative application ID: TCrdMain_Win8.exe5

Error: (12/23/2013 01:55:22 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/22/2013 04:16:44 PM) (Source: Microsoft-Windows-User Profiles Service) (User: NT AUTHORITY)
Description: Windows cannot delete the profile directory C:\Users\TEMP.GENERALPC. This error may be caused by files in this directory being used by another program.

 DETAIL - The directory is not empty.

Error: (12/22/2013 04:04:38 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddWin32ServiceFiles: Unable to back up image of service McAfee Application Installer Cleanup (0175171387295864) since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (12/22/2013 04:04:33 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2453351212-2000591773-1046958858-1001.bak).  hr = 0x80070539, The security ID structure is invalid.
.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {67dca6e9-118a-40be-a28e-007f5210202c}

Error: (12/22/2013 03:21:59 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (12/26/2013 11:05:06 AM) (Source: Service Control Manager) (User: )
Description: The vToolbarUpdater17.2.0 service failed to start due to the following error:
%%2

Error: (12/26/2013 11:04:07 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (12/25/2013 10:25:38 AM) (Source: Service Control Manager) (User: )
Description: The vToolbarUpdater17.2.0 service failed to start due to the following error:
%%2

Error: (12/25/2013 10:24:36 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (12/24/2013 02:23:27 PM) (Source: Service Control Manager) (User: )
Description: The vToolbarUpdater17.2.0 service failed to start due to the following error:
%%2

Error: (12/24/2013 02:22:31 PM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service did not shut down properly after receiving a pre-shutdown control.

Error: (12/24/2013 02:21:56 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (12/23/2013 03:24:37 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (12/21/2013 03:57:47 PM) (Source: DCOM) (User: GENERALPC)
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}

Error: (12/15/2013 01:12:58 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5


Microsoft Office Sessions:
=========================
Error: (12/27/2013 11:45:24 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: GENERALPC)
Description: Microsoft.BingMaps_8wekyb3d8bbwe!AppexMaps-2144927142

Error: (12/27/2013 11:45:24 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: GENERALPC)
Description: Microsoft.BingMaps_8wekyb3d8bbwe!AppexMaps-2144927142

Error: (12/27/2013 11:45:23 AM) (Source: Application Hang)(User: )
Description: Map.exe1.5.1.24074c01cf02f9001242ef4294967295C:\Program Files\WindowsApps\Microsoft.BingMaps_1.5.1.240_x64__8wekyb3d8bbwe\Map.exe480e3e06-6eec-11e3-bea7-7c050753b23cMicrosoft.BingMaps_1.5.1.240_x64__8wekyb3d8bbweAppexMaps

Error: (12/27/2013 11:44:44 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: GENERALPC)
Description: Microsoft.BingMaps_8wekyb3d8bbwe!AppexMaps

Error: (12/24/2013 02:39:05 PM) (Source: Application Error)(User: )
Description: TCrdMain_Win8.exe2.0.7.645091827aSynCOM.dll_unloaded0.0.0.050b86421c0000005000000001001f368162401cf00b3c9dc5508C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exeSynCOM.dll2350c2d1-6ca9-11e3-bea5-7c050753b23c

Error: (12/23/2013 01:55:22 PM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe

Error: (12/22/2013 04:16:44 PM) (Source: Microsoft-Windows-User Profiles Service)(User: NT AUTHORITY)
Description: C:\Users\TEMP.GENERALPCThe directory is not empty.

Error: (12/22/2013 04:04:38 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service McAfee Application Installer Cleanup (0175171387295864) since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (12/22/2013 04:04:33 PM) (Source: VSS)(User: )
Description: ConvertStringSidToSid(S-1-5-21-2453351212-2000591773-1046958858-1001.bak)0x80070539, The security ID structure is invalid.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {67dca6e9-118a-40be-a28e-007f5210202c}

Error: (12/22/2013 03:21:59 PM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe


CodeIntegrity Errors:
===================================
  Date: 2013-06-08 20:18:18.014
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-08 20:08:34.732
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-08 16:46:47.652
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll with signing level Unsigned while the system requires signing level 6 or better to load.

  Date: 2013-06-08 16:46:39.750
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll with signing level Unsigned while the system requires signing level 6 or better to load.

  Date: 2013-06-08 16:46:39.109
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll with signing level Unsigned while the system requires signing level 6 or better to load.

  Date: 2013-06-08 16:46:35.287
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll with signing level Unsigned while the system requires signing level 6 or better to load.

  Date: 2013-06-08 16:46:34.264
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll with signing level Unsigned while the system requires signing level 6 or better to load.

  Date: 2013-06-08 16:46:31.771
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll with signing level Unsigned while the system requires signing level 6 or better to load.

  Date: 2013-06-08 16:46:30.949
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll with signing level Unsigned while the system requires signing level 6 or better to load.

  Date: 2013-06-08 16:46:28.140
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll with signing level Unsigned while the system requires signing level 6 or better to load.


=========================== Installed Programs ============================

Adobe Digital Editions 2.0 (Version: 2.0.1)
Adobe Reader 6.0.1 (Version: 006.000.001)
Aloha TriPeaks (Version: 2.2.0.98)
Audacity 2.0.4 (Version: 2.0.4)
AVG 2013 (Version: 13.0.3462)
AVG 2013 (Version: 13.0.3658)
AVG 2013 (Version: 2013.0.3462)
AVG PC TuneUp 2014 (en-GB) (Version: 14.0.1001.229)
AVG PC TuneUp 2014 (Version: 14.0.1001.173)
AVG PC TuneUp 2014 (Version: 14.0.1001.229)
AVG PC TuneUp Language Pack (en-US) (Version: 12.0.4020.3)
Bejeweled 3 (Version: 2.2.0.98)
CCleaner (Version: 4.08)
Chuzzle Deluxe (Version: 2.2.0.95)
DriverUpdate (Version: 2.2.30452)
Empress of the Deep - The Darkest Secret (Version: 2.2.0.98)
Epson Connect Printer Setup (Version: 1.1.1)
Epson Easy Photo Print 2 (Version: 2.4.0.0)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (Version: 1.00.0000)
Epson Event Manager (Version: 3.01.0000)
Epson E-Web Print (Version: 1.17.0000)
EPSON Printer Finder (Version: 1.0.0)
EPSON Scan
EPSON SX410 Series Printer Uninstall
EPSON XP-205 207 Series Printer Uninstall
EpsonNet Print (Version: 2.6.0)
Google Earth (Version: 7.1.2.2041)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4805.320)
Google Update Helper (Version: 1.3.22.3)
Intel AppUp® center (Version: 3.8.0.41663.61)
Intel® Management Engine Components (Version: 8.1.0.1252)
Intel® Processor Graphics (Version: 9.17.10.2875)
Intel® Rapid Storage Technology (Version: 11.5.2.1001)
Intel® SDK for OpenCL - CPU Only Runtime Package (Version: 2.0.0.37149)
Intel® Trusted Connect Service Client (Version: 1.24.388.1)
IrfanView (remove only) (Version: 4.35)
Island Tribe (Version: 2.2.0.98)
Jewel Quest Solitaire 2 (Version: 2.2.0.98)
Magic Academy (Version: 2.2.0.98)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft Office 365 Home Premium - en-us (Version: 15.0.4551.1011)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SkyDrive (Version: 16.4.6012.0828)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 26.0 (x86 en-US) (Version: 26.0)
Mozilla Maintenance Service (Version: 26.0)
MuseScore 1.3 (Version: 1.3.0)
Musicnotes Player V1.32.2 and Viewer V1.19.0 (Version: 1.32.2)
MyEpson Portal
MyEpson Portal (Version: 1.0.0.12)
Network Guide EPSON XP-205 207 Series
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4551.1011)
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1011)
Office 15 Click-to-Run Localization Component (Version: 15.0.4551.1011)
OpenOffice 4.0.0 (Version: 4.00.9702)
Peggle Nights (Version: 2.2.0.98)
Picasa 3 (Version: 3.9)
Plants vs. Zombies - Game of the Year (Version: 2.2.0.98)
Polar Bowler (Version: 2.2.0.97)
Premium Sound HD (Version: 1.12.6000)
Qtrax Player
Qtrax Player (Version: 01.001.0001)
RealDownloader (Version: 1.3.2)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
RealPlayer (Version: 16.0.2)
Realtek Ethernet Controller Driver (Version: 8.3.730.2012)
Realtek High Definition Audio Driver (Version: 6.0.1.6794)
Realtek USB 2.0 Card Reader (Version: 6.1.8400.30136)
Realtek WLAN Driver (Version: 2.00.0020)
RealUpgrade 1.1 (Version: 1.1.0)
Revo Uninstaller 1.95 (Version: 1.95)
Shared C Run-time for x64 (Version: 10.0.0)
Sibelius Scorch (Firefox, Opera, Netscape, Chrome only) (Version: 6.2.0)
Skype Click to Call (Version: 6.11.13307)
Skype™ 6.11 (Version: 6.11.102)
Software Updater (Version: 4.1.7)
Spotify (Version: 0.8.5.1333.g822e0de8)
Synaptics Pointing Device Driver (Version: 16.3.4.0)
TOSHIBA Desktop Assist (Version: 1.00.08.6402)
TOSHIBA eco Utility (Version: 2.0.0.6415)
TOSHIBA Function Key (Version: 1.00.6626.6410)
TOSHIBA Manuals (Version: 10.10)
TOSHIBA Password Utility (Version: 2.00.973)
TOSHIBA PC Health Monitor (Version: 1.8.17.640104)
TOSHIBA Recovery Media Creator (Version: 2.2.1.54043006)
TOSHIBA Resolution+ Plug-in for Windows Media Player (Version: 1.2.2.00)
TOSHIBA Service Station (Version: 2.4.4)
TOSHIBA System Driver (Version: 1.00.0015)
TOSHIBA System Settings (Version: 1.00.0002.32002)
Toshiba TEMPRO (Version: 4.5.0)
TOSHIBA VIDEO PLAYER (Version: 5.1.0.21-A)
Update Installer for WildTangent Games App
User's Guide EPSON XP-205 207 Series
Virtual Villagers 4 - The Tree of Life (Version: 2.2.0.98)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
WildTangent Games (Version: 1.0.3.0)
WildTangent Games App (Toshiba Games) (Version: 4.0.9.7)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 25%
Total physical RAM: 8073.22 MB
Available physical RAM: 5976.01 MB
Total Pagefile: 9289.22 MB
Available Pagefile: 7171.28 MB
Total Virtual: 4095.88 MB
Available Virtual: 3961.64 MB

========================= Partitions: =====================================

1 Drive c: (TI31061100A) (Fixed) (Total:686.83 GB) (Free:640.37 GB) NTFS

========================= Users: ========================================

User accounts for \\GENERALPC

Administrator            Frank26                  Guest                    

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

10-12-2013 10:38:12 Scheduled Checkpoint
13-12-2013 16:35:44 Windows Update
17-12-2013 16:26:53 Installed Software Updater
20-12-2013 10:52:53 Revo Uninstaller's restore point - Google Chrome
22-12-2013 16:04:33 Revo Uninstaller's restore point - RebateInformer

**** End of log ****



#6 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:05:42 PM

Posted 27 December 2013 - 07:17 AM

Hi,
 
Thank you for that information. I would like to see the Malwarebytes logs by re-opening the program, going to the logs tab. Then click on the item shown, copy the text in the notepad document which opens and then paste that into your next reply.
 
Also, run these for me:

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters
     
     
    tds2.jpg
  • Check Loaded Modules, Verify Driver Digital Signature, and Detect TDLFS file system
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now
     
     
    2012081514h0118.png
  • Click Start Scan and allow the scan process to run
     
     
    tds4-1.jpg
  • If threats are detected select Skip or Cure (if available) for all of them unless otherwise instructed.
    ***Do NOT select Delete!
  • Click Continue
     
     
    tds6.jpg
  • Click Reboot computer
  • Please copy the TDSSKiller.[Version]_[Date]_[Time]_log.txt file found in your root directory (typically c:\) and paste it into your next reply

 

----------

I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#7 Carper

Carper
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 28 December 2013 - 01:06 PM

Hi    I'm sorry but I am getting out of my depth now. There is nothing in
the Malware folder and the E scan and  TDDS scan have revealed no threats.
At this stage I feel I must call it a day as I cannot afford the time with
my existing commitments and thank you for the trouble you have taken to
help. I will continue with the scans but if it gets too much I will go back
to the local engineer I have used with other problems.  Thanks again.
regards    Carper



#8 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:05:42 PM

Posted 28 December 2013 - 02:39 PM

Hi Carper,

 

No worries, you can run the scans/consider the information in your own time. You said that, "I still feel that the problem is lurking somewhere," could you expand on this a bit more? 

Everything doesn't look too bad actually. Generally those engineers cost money, but if you want to pay for then then it is your choice.

 

A few things to consider for me if you want to continue:

 

I noticed you had WildTangent on your computer;

 

Wild Tangent is a video game software company specializing in online games. It has even made a partnership with AOL to include itself as part of the AOL Instant Messenger for their AIM games section. The WildTangent Web Driver is their technology that allows you to play 3D games over the Internet. Although its not technically considered spyware it does have built in components to update itself and gather information about the computer system including:

  • Operating System Version
  • CPU Type and Speed
  • Memory Amount
  • Video Card type and Driver Version
  • Sound Card type and Driver Version
  • DirectX Version
  • Location that the Web Driver was installed from

For that reason I would suggest you uninstalling it via add/remove.

Reboot after the uninstallation.<- Important.

 

---------

 

I noticed you had AVG PC TuneUp installed;

 

Bleeping Computer DOES NOT recommend the use of registry cleaners/optimizers for several reasons:
 
• Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.
--------------------------------------------------------------
• Not all registry cleaners are created equal. There are a number of them available, but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
 
• Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
 
• Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
 
• The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries do not affect system performance but it can result in unpredictable results.
 
Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting againFor routine use, the benefits to your computer are negligible while the potential risks are great.

 

For that reason I would suggest you uninstalling it via add/remove.

Reboot after the uninstallation.<- Important.

 

---------

 

Uninstall Adobe Reader and update it here.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#9 Carper

Carper
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 29 December 2013 - 10:31 AM

Thanks for your continued interest.
Wild tangent was part of the package installed on the computer when I bought it and as I do not play games I will remove it as you suggest. I have often wondered if it was of any use to me.
Things are somewhat better than they were and I am not get the same amount of popups as previously, particularly as cookies under the name of PUP something, which I frequently removed with Ccleaner.
Following your suggestions I will remove some of the cleaners and keep my fingers crossed.
Thanks again for all your help, but as I said at the start, at 87 things do not soak in very well and my short term memory is not all it might be.

Thanks again   Regards         Carper



#10 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:05:42 PM

Posted 29 December 2013 - 12:02 PM

Hi Carper,

 

Often computer will come bundled with software and most of it you do not even need.

So how is your computer running? Is there any pop-ups or problems still?

 

You are welcome.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#11 Carper

Carper
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 31 December 2013 - 10:59 AM

Hi,

My computer is running generally good, with very few pop ups now. Although I didn't complete the total assesmant, I think that I am pretty satisfied with the performance now.  Should further problems occur I will post again    Thanks    Carper



#12 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:05:42 PM

Posted 31 December 2013 - 11:03 AM

Hi Carper,

 

What kind of pop-ups are you seeing? What browser are you using in which you see them?

 

xXToffeeXx~


Edited by xXToffeeXx, 31 December 2013 - 11:03 AM.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#13 Carper

Carper
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 01 January 2014 - 04:41 AM

The occurrance of pop ups is now so infrequent that I do not wish to go to the trouble of finding them. Thank you for your help,  I regard my problem,now as resolved

Regards    Carper



#14 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:05:42 PM

Posted 01 January 2014 - 07:18 AM

Hi Carper,

 

As you wish, we are done here now then.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users