Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple PopUps and Redirects


  • Please log in to reply
29 replies to this topic

#1 moonled

moonled

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 19 February 2014 - 02:48 AM

Hi, I'm new to this forum. I have Windows 7 and have installed Microsoft Security Essentials. I have updated and run Full scans with MSE several times; in fact it was installed and running before this infection occurred. Last month I picked up a malware that causes multiple popups: a "related searches" sidebar down the left side of my screen, and ads or bogus security warnings across the bottom and in the lower right corner. These will open a new page when X is clicked instead of closing. At first this only occurred when I used IE or Firefox, but in the last few days it has begun affecting Chrome as well. At the same time, it began redirecting to unwanted ad or security warning websites almost every time I click on a link (including the Post New Topic link on this site. Also, and this may be unrelated, at certain sites, like Amazon, I get what appear to be bogus survey requests from that site. ("Amazon would like you to take this survey" or "You have been selected ... " Can someone help me get rid of this thing? Thank you!


Edited by hamluis, 19 February 2014 - 10:34 AM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:39 AM

Posted 19 February 2014 - 12:51 PM

Hello moonled, Lets look at a coupe more scans and see how it is.

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
.
.
.
ADW Cleaner

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
    <-insert any special instructions here for what to uncheck OR remove this line if there are none->
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • .
    .
    .

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
    .
    .
    .
    .
    • Last run ESET.
      • Hold down Control and click on this link to open ESET OnlineScan in a new window.
      • Click the esetonlinebtn.png button.
      • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
      • Double click on the esetsmartinstaller_enu.png icon on your desktop.
      • Check "YES, I accept the Terms of Use."
      • Click the Start button.
      • Accept any security warnings from your browser.
      • Under scan settings, check "Scan Archives" and "Remove found threats"
      • Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology
      • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
      • When the scan completes, click List Threats
      • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
      • Click the Back button.
      • Click the Finish button.
      • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 moonled

moonled
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 19 February 2014 - 01:19 PM

Should I do all of these before I get back, or check the results one at a time?



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:39 AM

Posted 19 February 2014 - 01:35 PM

You can post as you get them but I will wait for all to see what's next.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 moonled

moonled
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 20 February 2014 - 02:30 AM

MiniToolBox by Farbar  Version: 23-01-2014
Ran by Niera (administrator) on 20-02-2014 at 01:28:56
Running from "C:\Users\Niera\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
"network.proxy.no_proxies_on", "localhost,127.0.0.1"
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
Atheros AR9285 Wireless Network Adapter = Wireless Network Connection (Connected)
Atheros AR8152 PCI-E Fast Ethernet Controller (NDIS 6.20) = Local Area Connection (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : HAL9000
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Atheros AR8152 PCI-E Fast Ethernet Controller (NDIS 6.20)
   Physical Address. . . . . . . . . : 00-26-6C-A3-C6-6B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Atheros AR9285 Wireless Network Adapter
   Physical Address. . . . . . . . . : 1C-65-9D-ED-DF-C9
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::707c:f16:6f6f:edef%10(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.0.19(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, February 20, 2014 12:44:56 AM
   Lease Expires . . . . . . . . . . : Thursday, February 20, 2014 2:14:56 AM
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 236742045
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-C2-06-26-1C-65-9D-ED-DF-C9
   DNS Servers . . . . . . . . . . . : 68.105.28.12
                                       68.105.29.12
                                       68.105.28.11
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap.{826E32E3-D358-41CA-9C2D-7B992898EB42}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{C7FE6031-4628-467C-9804-55EECFF3B3B7}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 9:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:38f7:3de8:3f57:ffec(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::38f7:3de8:3f57:ffec%13(Preferred) 
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  cdns2.cox.net
Address:  68.105.28.12
 
Name:    google.com
Addresses:  2607:f8b0:4000:80a::1002
 173.194.115.36
 173.194.115.37
 173.194.115.38
 173.194.115.39
 173.194.115.40
 173.194.115.41
 173.194.115.46
 173.194.115.32
 173.194.115.33
 173.194.115.34
 173.194.115.35
 
 
Pinging google.com [74.125.227.164] with 32 bytes of data:
Reply from 74.125.227.164: bytes=32 time=27ms TTL=55
Reply from 74.125.227.164: bytes=32 time=40ms TTL=55
 
Ping statistics for 74.125.227.164:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 27ms, Maximum = 40ms, Average = 33ms
Server:  cdns2.cox.net
Address:  68.105.28.12
 
Name:    yahoo.com
Addresses:  206.190.36.45
 98.138.253.109
 98.139.183.24
 
 
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=99ms TTL=49
Reply from 206.190.36.45: bytes=32 time=147ms TTL=49
 
Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 99ms, Maximum = 147ms, Average = 123ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 11...00 26 6c a3 c6 6b ......Atheros AR8152 PCI-E Fast Ethernet Controller (NDIS 6.20)
 10...1c 65 9d ed df c9 ......Atheros AR9285 Wireless Network Adapter
  1...........................Software Loopback Interface 1
 15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 12...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1     192.168.0.19     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link      192.168.0.19    281
     192.168.0.19  255.255.255.255         On-link      192.168.0.19    281
    192.168.0.255  255.255.255.255         On-link      192.168.0.19    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.0.19    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.0.19    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 13     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 13     58 2001::/32                On-link
 13    306 2001:0:9d38:90d7:38f7:3de8:3f57:ffec/128
                                    On-link
 10    281 fe80::/64                On-link
 13    306 fe80::/64                On-link
 13    306 fe80::38f7:3de8:3f57:ffec/128
                                    On-link
 10    281 fe80::707c:f16:6f6f:edef/128
                                    On-link
  1    306 ff00::/8                 On-link
 13    306 ff00::/8                 On-link
 10    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 08 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 09 C:\windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 09 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (02/19/2014 08:39:37 AM) (Source: Toshiba App Place) (User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (02/18/2014 08:39:33 AM) (Source: Toshiba App Place) (User: )
Description: System.Net.WebException: The remote server returned an error: (501) Not Implemented.
Error Data:
 
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (02/18/2014 04:29:39 AM) (Source: Application Error) (User: )
Description: Faulting application name: firefox.exe, version: 27.0.1.5156, time stamp: 0x52fc0faa
Faulting module name: visicom_antiphishing.dll_unloaded, version: 0.0.0.0, time stamp: 0x4f15c618
Exception code: 0xc0000005
Fault offset: 0x10039b08
Faulting process id: 0x4b70
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3
 
Error: (02/18/2014 04:29:29 AM) (Source: Application Error) (User: )
Description: Faulting application name: visicom_antiphishing.exe, version: 1.0.1.32, time stamp: 0x4f15c5e2
Faulting module name: netprofm.dll_unloaded, version: 0.0.0.0, time stamp: 0x4a5bda75
Exception code: 0xc0000005
Fault offset: 0x71cb2505
Faulting process id: 0xfc0
Faulting application start time: 0xvisicom_antiphishing.exe0
Faulting application path: visicom_antiphishing.exe1
Faulting module path: visicom_antiphishing.exe2
Report Id: visicom_antiphishing.exe3
 
Error: (02/17/2014 03:06:41 PM) (Source: Application Error) (User: )
Description: Faulting application name: firefox.exe, version: 27.0.1.5156, time stamp: 0x52fc0faa
Faulting module name: xul.dll, version: 27.0.1.5156, time stamp: 0x52fc0f79
Exception code: 0xc0000005
Fault offset: 0x001560c7
Faulting process id: 0x45c0
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3
 
Error: (02/17/2014 01:57:17 PM) (Source: Application Hang) (User: )
Description: The program chrome.exe version 32.0.1700.107 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 3e68
 
Start Time: 01cf2bb5a1a63448
 
Termination Time: 168
 
Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
Report Id: a8b61f05-980d-11e3-b353-00266ca3c66b
 
Error: (02/17/2014 08:39:27 AM) (Source: Toshiba App Place) (User: )
Description: System.Net.WebException: The remote server returned an error: (501) Not Implemented.
Error Data:
 
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (02/16/2014 07:00:01 PM) (Source: Windows Backup) (User: )
Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).
 
Error: (02/16/2014 08:39:23 AM) (Source: Toshiba App Place) (User: )
Description: System.Net.WebException: The remote server returned an error: (501) Not Implemented.
Error Data:
 
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (02/15/2014 08:39:23 AM) (Source: Toshiba App Place) (User: )
Description: System.Net.WebException: The remote server returned an error: (501) Not Implemented.
Error Data:
 
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
 
System errors:
=============
Error: (02/20/2014 00:45:41 AM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer MATHIAS
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{826E32E3-D358-41CA-9C2D-7B992898EB42}.
The master browser is stopping or an election is being forced.
 
Error: (02/19/2014 10:35:51 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer DEMI
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{826E32E3-D358-41CA-9C2D-7B992898EB42}.
The master browser is stopping or an election is being forced.
 
Error: (02/19/2014 10:11:48 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer DEMI
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{826E32E3-D358-41CA-9C2D-7B992898EB42}.
The master browser is stopping or an election is being forced.
 
Error: (02/19/2014 10:00:26 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer WINDOWS-7C3J76M
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{826E32E3-D358-41CA-9C2D-7B992898EB42}.
The master browser is stopping or an election is being forced.
 
Error: (02/19/2014 09:25:01 PM) (Source: NetBT) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.0.19.
The computer with the IP address 192.168.0.10 did not allow the name to be claimed by
this computer.
 
Error: (02/19/2014 08:35:37 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer WINDOWS-7C3J76M
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{826E32E3-D358-41CA-9C2D-7B992898EB42}.
The master browser is stopping or an election is being forced.
 
Error: (02/19/2014 08:23:07 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer WINDOWS-7C3J76M
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{826E32E3-D358-41CA-9C2D-7B992898EB42}.
The master browser is stopping or an election is being forced.
 
Error: (02/19/2014 07:38:56 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer WINDOWS-7C3J76M
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{826E32E3-D358-41CA-9C2D-7B992898EB42}.
The master browser is stopping or an election is being forced.
 
Error: (02/19/2014 03:23:52 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x80004004-1
 
Error: (02/19/2014 11:17:49 AM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{826E32E3-D358-41CA-9C2D-7B992898EB42}.
The backup browser is stopping.
 
 
Microsoft Office Sessions:
=========================
Error: (02/19/2014 08:39:37 AM) (Source: Toshiba App Place)(User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (02/18/2014 08:39:33 AM) (Source: Toshiba App Place)(User: )
Description: System.Net.WebException: The remote server returned an error: (501) Not Implemented.
Error Data:
 
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (02/18/2014 04:29:39 AM) (Source: Application Error)(User: )
Description: firefox.exe27.0.1.515652fc0faavisicom_antiphishing.dll_unloaded0.0.0.04f15c618c000000510039b084b7001cf2c926fa072c3C:\Program Files (x86)\Mozilla Firefox\firefox.exevisicom_antiphishing.dll92020f82-9887-11e3-b353-00266ca3c66b
 
Error: (02/18/2014 04:29:29 AM) (Source: Application Error)(User: )
Description: visicom_antiphishing.exe1.0.1.324f15c5e2netprofm.dll_unloaded0.0.0.04a5bda75c000000571cb2505fc001cf2800205c315eC:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exenetprofm.dll8b8de5a1-9887-11e3-b353-00266ca3c66b
 
Error: (02/17/2014 03:06:41 PM) (Source: Application Error)(User: )
Description: firefox.exe27.0.1.515652fc0faaxul.dll27.0.1.515652fc0f79c0000005001560c745c001cf2c21386d4c00C:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\xul.dll6583bb95-9817-11e3-b353-00266ca3c66b
 
Error: (02/17/2014 01:57:17 PM) (Source: Application Hang)(User: )
Description: chrome.exe32.0.1700.1073e6801cf2bb5a1a63448168C:\Program Files (x86)\Google\Chrome\Application\chrome.exea8b61f05-980d-11e3-b353-00266ca3c66b
 
Error: (02/17/2014 08:39:27 AM) (Source: Toshiba App Place)(User: )
Description: System.Net.WebException: The remote server returned an error: (501) Not Implemented.
Error Data:
 
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (02/16/2014 07:00:01 PM) (Source: Windows Backup)(User: )
Description: E:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)
 
Error: (02/16/2014 08:39:23 AM) (Source: Toshiba App Place)(User: )
Description: System.Net.WebException: The remote server returned an error: (501) Not Implemented.
Error Data:
 
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (02/15/2014 08:39:23 AM) (Source: Toshiba App Place)(User: )
Description: System.Net.WebException: The remote server returned an error: (501) Not Implemented.
Error Data:
 
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
 
=========================== Installed Programs ============================
 
3DVIA player 5.0 (Version: 5.0.0.15)
Adobe AIR (Version: 3.3.0.3670)
Adobe Community Help (Version: 3.0.0)
Adobe Community Help (Version: 3.0.0.400)
Adobe Download Assistant (Version: 1.2.1)
Adobe Flash Player 12 ActiveX (Version: 12.0.0.44)
Adobe Flash Player 12 Plugin (Version: 12.0.0.44)
Adobe Flash Professional CS5 (Version: 11.0)
Adobe Reader 9.5.2 (Version: 9.5.2)
Adobe Shockwave Player 11.6 (Version: 11.6.0.626)
Anti-phishing Domain Advisor (Version: 1.0.0.0)
Apple Application Support (Version: 2.3.2)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (Version: 2.1.3.127)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.27)
Atheros Driver Installation Program (Version: 5.2)
Best Buy pc app (Version: 3.0.0.0)
Bonjour (Version: 3.0.0.10)
CDisplay 1.8
Conexant HD Audio (Version: 4.119.0.61)
D3DX10 (Version: 15.4.2368.0902)
Google Chrome (Version: 32.0.1700.107)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4805.320)
Google Update Helper (Version: 1.3.22.5)
HP Photosmart 7510 series Basic Device Software (Version: 25.0.617.0)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2086)
Intel® Matrix Storage Manager
Java™ 6 Update 17 (Version: 6.0.170)
Junk Mail filter update (Version: 15.4.3502.0922)
KCA (Version: 5.4)
Label@Once 1.0 (Version: 1.0)
lucky leap 1.0.0 (Version: 1.0.0)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft IntelliPoint 8.1 (Version: 8.15.406.0)
Microsoft Office XP Professional with FrontPage (Version: 10.0.6626.0)
Microsoft Security Client (Version: 4.4.0304.0)
Microsoft Security Essentials (Version: 4.4.304.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Mozilla Firefox 27.0.1 (x86 en-US) (Version: 27.0.1)
Mozilla Maintenance Service (Version: 27.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
Pando Media Booster (Version: 2.3.5.4)
PDF Settings CS5 (Version: 10.0)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PlayReady PC Runtime x86 (Version: 1.3.0)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30111)
Slick Savings (Version: 1.3)
Spam Free Search Bar (Version: 1.0.0.12)
Synaptics Pointing Device Driver (Version: 15.0.8.1)
Toshiba App Place (Version: 1.0.6.3)
TOSHIBA Application Installer (Version: 9.0.1.1)
TOSHIBA Assist (Version: 3.00.11)
Toshiba Book Place (Version: 2.0.5271)
TOSHIBA Bulletin Board (Version: 1.6.07.64)
TOSHIBA Disc Creator (Version: 2.1.0.2 for x64)
TOSHIBA Hardware Setup (Version: 2.00.06)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.6)
TOSHIBA Media Controller (Version: 1.0.80.3.64)
TOSHIBA Media Controller Plug-in (Version: 1.0.4.9)
TOSHIBA Quality Application (Version: 1.0.3)
TOSHIBA Recovery Media Creator (Version: 2.1.0.4 for x64)
TOSHIBA ReelTime (Version: 1.6.06.64)
TOSHIBA Service Station (Version: 2.1.40)
TOSHIBA Supervisor Password (Version: 2.00.03)
TOSHIBA Value Added Package (Version: 1.3.19.64)
ToshibaRegistration (Version: 1.0.4)
Unity Web Player (Version: 2.5.5b4_50)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
Verizon Mobile Broadband Drivers (Version: 3.02.002.002)
Verizon Wireless MiFi-2200 Firmware Updates (Version: 1.0.3)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinRAR archiver
Yahoo! Install Manager
YTD Toolbar v8.6 (Version: 8.6)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 56%
Total physical RAM: 2939.98 MB
Available physical RAM: 1266.65 MB
Total Pagefile: 5878.13 MB
Available Pagefile: 3509.31 MB
Total Virtual: 4095.88 MB
Available Virtual: 3975.76 MB
 
========================= Partitions: =====================================
 
1 Drive c: (TI106034W0C) (Fixed) (Total:221.24 GB) (Free:86.54 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\HAL9000
 
Administrator            ASPNET                   Guest                    
Niera                    
 
 
**** End of log ****


#6 moonled

moonled
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 20 February 2014 - 03:02 AM

TSDDKiller found no infected or suspicious files, and did not require a reboot. I have the report, and I can highlight the data but cannot copy it. No response to right-click.



#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:39 AM

Posted 20 February 2014 - 01:22 PM

Ok, no infections then we can skip that log.

 


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 moonled

moonled
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 20 February 2014 - 02:02 PM

# AdwCleaner v3.019 - Report created 20/02/2014 at 12:53:07
# Updated 17/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Niera - HAL9000
# Running from : C:\Users\Niera\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : Application Updater
[#] Service Deleted : Update lucky leap
[#] Service Deleted : Util lucky leap
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Anti-phishing Domain Advisor
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Application Updater
Folder Deleted : C:\Program Files (x86)\blekkotb
Folder Deleted : C:\Program Files (x86)\lucky leap
Folder Deleted : C:\Program Files (x86)\YTD Toolbar
Folder Deleted : C:\Program Files (x86)\Common Files\Spigot
Folder Deleted : C:\Users\Niera\AppData\Local\blekkotb
Folder Deleted : C:\Users\Niera\AppData\Local\Slick Savings
Folder Deleted : C:\Users\Niera\AppData\LocalLow\blekkotb
Folder Deleted : C:\Users\Niera\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Niera\AppData\Roaming\Slick Savings
Folder Deleted : C:\Users\Niera\AppData\Roaming\Mozilla\Firefox\Profiles\gx0aan7j.default\blekkotb
Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com
Folder Deleted : C:\Users\Niera\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimolhnbbbdagljikeckdkldgemmmlj
Folder Deleted : C:\Users\Niera\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Folder Deleted : C:\Users\Niera\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Folder Deleted : C:\Users\Niera\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Folder Deleted : C:\Users\Niera\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp
File Deleted : C:\Users\Niera\AppData\Roaming\Mozilla\Firefox\Profiles\gx0aan7j.default\invalidprefs.js
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eiimolhnbbbdagljikeckdkldgemmmlj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Slick Savings]
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\blekkoTb_1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\blekkoTb_1_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Anti-phishing Domain Advisor]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{20A0BE68-8FD9-4539-8712-CE3D1C1FDFC6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26C9E18C-3717-4BE1-A225-04E4471F5B6E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D77AA852-DEF3-43CB-A3F5-BD679DE72F32}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B8BFA10F-6FFD-44B5-9DBB-E17CBAA107FF}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{20A0BE68-8FD9-4539-8712-CE3D1C1FDFC6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{26C9E18C-3717-4BE1-A225-04E4471F5B6E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D77AA852-DEF3-43CB-A3F5-BD679DE72F32}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{20A0BE68-8FD9-4539-8712-CE3D1C1FDFC6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{26C9E18C-3717-4BE1-A225-04E4471F5B6E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D77AA852-DEF3-43CB-A3F5-BD679DE72F32}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{20A0BE68-8FD9-4539-8712-CE3D1C1FDFC6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{26C9E18C-3717-4BE1-A225-04E4471F5B6E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{00F12770-E60E-4DC6-9105-425BFACE7C73}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{26C9E18C-3717-4BE1-A225-04E4471F5B6E}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
Key Deleted : HKCU\Software\anchorfree
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\lucky leap
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Software\blekkotb
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\Software\lucky leap
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3A787631-66A2-4634-B928-A37E73B58FB6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\blekkotb
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\lucky leap
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16518
 
 
-\\ Mozilla Firefox v27.0.1 (en-US)
 
[ File : C:\Users\Niera\AppData\Roaming\Mozilla\Firefox\Profiles\gx0aan7j.default\prefs.js ]
 
 
-\\ Google Chrome v32.0.1700.107
 
[ File : C:\Users\Niera\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [9590 octets] - [20/02/2014 12:51:06]
AdwCleaner[S0].txt - [9295 octets] - [20/02/2014 12:53:07]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9355 octets] ##########


#9 moonled

moonled
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 20 February 2014 - 02:15 PM

For the next step, how do I 

 

  • Shut down your protection software now to avoid potential conflicts.?


#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:39 AM

Posted 20 February 2014 - 02:38 PM

That means your Antivirus,but I don't think MSE will be in the way.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 moonled

moonled
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 20 February 2014 - 02:47 PM

Since I ran ADW Cleaner, I don't seem to be getting the popups. At least not on Chrome. I will try IE and Firefox.



#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:39 AM

Posted 20 February 2014 - 02:57 PM

Ok, but more than likely there are other parts the last 2 tools will find.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 moonled

moonled
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 20 February 2014 - 03:25 PM

Nothing on IE or Firefox either. Should I continue with the other programs you gave me just to be sure?


OK, will run the last 2



#14 moonled

moonled
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 20 February 2014 - 03:56 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by Niera on Thu 02/20/2014 at 14:43:58.85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\best buy pc app
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\users\default user\start menu\programs\startup\best buy pc app.lnk"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\best buy pc app"
Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\Users\Niera\appdata\local\best buy pc app"
Successfully deleted: [Folder] "C:\Users\Niera\appdata\locallow\ytd"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"
Successfully deleted: [Empty Folder] C:\Users\Niera\appdata\local\{2815C817-EBEA-4098-9C09-300A0D7FDF51}
Successfully deleted: [Empty Folder] C:\Users\Niera\appdata\local\{3E067D7E-EC56-41E8-8173-EF2322BCA77A}
Successfully deleted: [Empty Folder] C:\Users\Niera\appdata\local\{62502F07-2F4A-4B82-B47D-DB135501C50E}
Successfully deleted: [Empty Folder] C:\Users\Niera\appdata\local\{9FDF91F2-3261-4B62-9F19-45E2863F6718}
 
 
 
~~~ FireFox
 
Successfully deleted: [Folder] C:\Users\Niera\AppData\Roaming\mozilla\firefox\profiles\gx0aan7j.default\extensions\savingsslider@mybrowserbar.com
Successfully deleted: [Folder] C:\Users\Niera\AppData\Roaming\mozilla\firefox\profiles\gx0aan7j.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}
Emptied folder: C:\Users\Niera\AppData\Roaming\mozilla\firefox\profiles\gx0aan7j.default\minidumps [642 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 02/20/2014 at 14:54:05.63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#15 moonled

moonled
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 20 February 2014 - 04:00 PM

I've been using Chrome. ESET prefers IE. Should I use IE to get ESET or does it matter?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users