Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

What's using up my internet quota?


  • This topic is locked This topic is locked
14 replies to this topic

#1 My.Rhapsodies12

My.Rhapsodies12

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:54 AM

Posted 24 March 2014 - 01:01 PM

Greetings,

 

I use a 21Mbps broadband modem to browse the internet and apparently, my monthly quota finished faster than it should. When I use my kaspersky to check my network activity, I found many unfamiliar applications running in my laptop such as 67 connections of Kaspersky Anti-virus, pdtwzd.exe, 21 connections of AFSS Service, etc with some unknown local ip addresses. I also received some warnings about phishing websites when I was trying to make an online transaction. A thorough scan by Malwarebytes Anti-Malware did not reveal any suspicious activities.

 

My laptop is running Windows 7 Home Premium operating system and I am using genuine Kasperky Internet Security 2014, legitimate TuneUp Utilities 2014 as well as licensed Malwarebytes Anti-Malware software. Can someone please shed some light to counteract this lingering complication? Thank you.


Edited by My.Rhapsodies12, 24 March 2014 - 01:05 PM.


BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:54 AM

Posted 25 March 2014 - 02:52 AM

Hello -
First start with Tracing a Hacker and then read Have I been Hacked

These 2 programs give you the basic tools to investigate your problem.

 

You must be hacked or have someone else using your connection, or your internet is not secure.

 

Failing this please contact your ISP Now to be sure your internet connection is secure.

 

 

Just to check it please run these and Copy / Paste the results -

 

Please download MiniToolBox to your desktop and run it.
Checkmark following boxes:
* Flush DNS
* Report IE Proxy Settings
* Reset IE Proxy Settings
* Report FF Proxy Settings
* Reset FF Proxy Settings
* List content of Hosts
* List IP configuration
* List Winsock Entries
* List last 10 Event Viewer log
* List Installed Programs
* List Devices (do NOT change any settings here)
* List Users, Partitions and Memory size
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Click Go and post the result. (result.txt)

 

 

Download Screen317 Security Check and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Please post the contents of that document.
Note:: If a security program requests permission to access the Internet, allow it to do so.

 

 

And clean up a bit -

Clear Cache/Temp Files
Download TFC by OldTimer to your desktop
• Please double-click TFC.exe to run it.
• For Vista, Win 7 / 8 right-click on the file and choose Run As Administrator).
• It will close all programs when run, so make sure you have saved all your work before you begin.
• Click the Start button to begin the process.
• Once it's finished it may reboot your machine.
• If it does not, please manually reboot the machine yourself to ensure a complete clean.



#3 My.Rhapsodies12

My.Rhapsodies12
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:54 AM

Posted 02 April 2014 - 12:25 AM

Sorry for the very late reply. I Here are the results as requested.

 

MiniToolBox by Farbar  Version: 23-01-2014
Ran by acer (administrator) on 02-04-2014 at 13:17:32
Running from "C:\Users\acer\Desktop"
Microsoft Windows 7 Professional  Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1    localhost

========================= IP Configuration: ================================

Remote NDIS based Internet Sharing Device = Local Area Connection (Connected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 3 (Media disconnected)
Atheros AR5B93 Wireless Network Adapter = Wireless Network Connection (Media disconnected)
Broadcom NetLink ™ Gigabit Ethernet = Local Area Connection 3 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : acer-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Remote NDIS based Internet Sharing Device
   Physical Address. . . . . . . . . : 34-4B-50-B7-EF-0F
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::eda3:9b0a:c84a:2ae4%18(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.0.100(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 02 April 2014 13:15:37
   Lease Expires . . . . . . . . . . : 03 April 2014 13:15:36
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 238308176
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-C8-FF-48-90-4C-E5-A3-6C-1B
   DNS Servers . . . . . . . . . . . : 192.168.0.1
                                       192.168.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection 3:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet #2
   Physical Address. . . . . . . . . : 70-5A-B6-02-B2-75
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 3:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2
   Physical Address. . . . . . . . . : 96-4C-E5-A3-6C-1B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Atheros AR5B93 Wireless Network Adapter
   Physical Address. . . . . . . . . : 90-4C-E5-A3-6C-1B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{BA9C9DB6-56D5-4129-AB23-7F21BB9D9ABB}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:1864:2f5b:3f57:ff9b(Preferred)
   Link-local IPv6 Address . . . . . : fe80::1864:2f5b:3f57:ff9b%13(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  UnKnown
Address:  192.168.0.1

Name:    google.com
Addresses:  2404:6800:4001:800::1008
      202.122.145.178
      202.122.145.177
      202.122.145.157
      202.122.145.163
      202.122.145.172
      202.122.145.153
      202.122.145.168
      202.122.145.152
      202.122.145.148
      202.122.145.162
      202.122.145.158
      202.122.145.167
      202.122.145.183
      202.122.145.187
      202.122.145.173
      202.122.145.182


Pinging google.com [202.122.145.182] with 32 bytes of data:
Reply from 202.122.145.182: bytes=32 time=118ms TTL=55
Reply from 202.122.145.182: bytes=32 time=102ms TTL=55

Ping statistics for 202.122.145.182:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 102ms, Maximum = 118ms, Average = 110ms
Server:  UnKnown
Address:  192.168.0.1

Name:    yahoo.com
Addresses:  98.139.183.24
      98.138.253.109
      206.190.36.45


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=417ms TTL=42
Reply from 206.190.36.45: bytes=32 time=490ms TTL=42

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 417ms, Maximum = 490ms, Average = 453ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 18...34 4b 50 b7 ef 0f ......Remote NDIS based Internet Sharing Device
 17...70 5a b6 02 b2 75 ......Broadcom NetLink ™ Gigabit Ethernet #2
 16...96 4c e5 a3 6c 1b ......Microsoft Virtual WiFi Miniport Adapter #2
 12...90 4c e5 a3 6c 1b ......Atheros AR5B93 Wireless Network Adapter
  1...........................Software Loopback Interface 1
 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1    192.168.0.100     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link     192.168.0.100    281
    192.168.0.100  255.255.255.255         On-link     192.168.0.100    281
    192.168.0.255  255.255.255.255         On-link     192.168.0.100    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.0.100    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.0.100    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 13     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 13     58 2001::/32                On-link
 13    306 2001:0:9d38:6ab8:1864:2f5b:3f57:ff9b/128
                                    On-link
 18    281 fe80::/64                On-link
 13    306 fe80::/64                On-link
 13    306 fe80::1864:2f5b:3f57:ff9b/128
                                    On-link
 18    281 fe80::eda3:9b0a:c84a:2ae4/128
                                    On-link
  1    306 ff00::/8                 On-link
 13    306 ff00::/8                 On-link
 18    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 35 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 36 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 37 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 38 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 39 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 40 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/31/2014 09:23:11 PM) (Source: Application Hang) (User: )
Description: The program DllHost.exe version 6.1.7600.16385 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 11e4

Start Time: 01cf4ce320f098f4

Termination Time: 4

Application Path: C:\Windows\system32\DllHost.exe

Report Id: 6ca0a911-b8d7-11e3-b0f1-344b50b7ef0f

Error: (03/31/2014 08:05:26 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/31/2014 08:05:26 PM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/31/2014 08:05:26 PM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.

Context: Windows Application


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/31/2014 08:05:26 PM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/31/2014 08:05:26 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (03/31/2014 08:05:26 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/31/2014 08:05:26 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  (HRESULT : 0x8004117f) (0x8004117f)

Error: (03/31/2014 08:05:26 PM) (Source: Windows Search Service) (User: )
Description: The search service has detected corrupted data files in the index {id=1100}. The service will attempt to automatically correct this problem by rebuilding the index.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/31/2014 08:05:26 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot open the Jet property store.


Details:
    0x%08x (0x8004117f - The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  (HRESULT : 0x8004117f))


System errors:
=============
Error: (04/02/2014 01:17:40 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1058

Error: (04/02/2014 01:17:40 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1058

Error: (04/02/2014 01:17:40 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1058

Error: (04/02/2014 01:16:12 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1058

Error: (04/02/2014 01:16:12 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1058

Error: (04/02/2014 01:16:12 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1058

Error: (04/02/2014 01:15:42 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1058

Error: (04/02/2014 01:15:42 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1058

Error: (04/02/2014 01:15:42 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1058

Error: (04/02/2014 01:15:42 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1058


Microsoft Office Sessions:
=========================
Error: (03/31/2014 09:23:11 PM) (Source: Application Hang)(User: )
Description: DllHost.exe6.1.7600.1638511e401cf4ce320f098f44C:\Windows\system32\DllHost.exe6ca0a911-b8d7-11e3-b0f1-344b50b7ef0f

Error: (03/31/2014 08:05:26 PM) (Source: Windows Search Service)(User: )
Description:
Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (03/31/2014 08:05:26 PM) (Source: Windows Search Service)(User: )
Description:
Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/31/2014 08:05:26 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/31/2014 08:05:26 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/31/2014 08:05:26 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (03/31/2014 08:05:26 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (03/31/2014 08:05:26 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  (HRESULT : 0x8004117f) (0x8004117f)

Error: (03/31/2014 08:05:26 PM) (Source: Windows Search Service)(User: )
Description:
Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
1100

Error: (03/31/2014 08:05:26 PM) (Source: Windows Search Service)(User: )
Description:
Details:
    0x%08x (0x8004117f - The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  (HRESULT : 0x8004117f))


CodeIntegrity Errors:
===================================
  Date: 2014-04-01 02:10:06.575
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-01 02:10:06.575
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-01 02:10:06.575
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-01 02:10:06.559
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-01 02:10:06.559
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-01 02:10:06.559
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-01 02:10:06.543
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-01 02:10:06.543
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-01 02:10:06.543
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-01 02:10:06.512
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

Adobe Flash Player 12 Plugin (Version: 12.0.0.77)
Adobe Reader XI (11.0.06) (Version: 11.0.06)
Atheros Driver Installation Program (Version: 8.0.0.238)
CCleaner (Version: 4.11)
GOM Player (Version: 2.2.56.5183)
Google Chrome (Version: 33.0.1750.154)
Google Update Helper (Version: 1.3.22.5)
HDAUDIO Soft Data Fax Modem with SmartCP (Version: 7.80.4.60)
Internet Download Manager
Kaspersky Internet Security 2014 (Version: 14.0.0.4651)
Malwarebytes Anti-Malware version 2.00.0.1000 (Version: 2.00.0.1000)
Maxis Broadband Hostless Modem (Version: 1.0.0.2)
MediaMonkey 4.1 (Version: 4.1)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 28.0 (x86 en-GB) (Version: 28.0)
NVIDIA Control Panel 314.07 (Version: 314.07)
NVIDIA Drivers (Version: 1.10.61.39)
NVIDIA Graphics Driver 314.07 (Version: 314.07)
NVIDIA Install Application (Version: 2.1002.142.992)
NVIDIA Update 1.12.12 (Version: 1.12.12)
NVIDIA Update Components (Version: 1.12.12)
Realtek High Definition Audio Driver (Version: 6.0.1.5958)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30104)
Switch Sound File Converter (Version: 4.52)
Synaptics Pointing Device Driver (Version: 17.0.6.17)
TuneUp Utilities 2014 (en-US) (Version: 14.0.1000.275)
TuneUp Utilities 2014 (Version: 14.0.1000.275)
VLC media player 2.1.3 (Version: 2.1.3)
WavePad Sound Editor (Version: 5.68)
Winamp (remove only)
WinRAR 5.01 (32-bit) (Version: 5.01.0)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 43%
Total physical RAM: 1974.71 MB
Available physical RAM: 1123.03 MB
Total Pagefile: 3949.41 MB
Available Pagefile: 2997.62 MB
Total Virtual: 2047.88 MB
Available Virtual: 1940.84 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:85.66 GB) (Free:58.68 GB) NTFS
2 Drive d: (Local Disk) (Fixed) (Total:380 GB) (Free:352.14 GB) NTFS

========================= Users: ========================================

User accounts for \\

acer                     Administrator            Guest                    
UpdatusUser              


**** End of log ****
 

 Results of screen317's Security Check version 0.99.81  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Kaspersky Internet Security   
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 TuneUp Utilities 2014   
 TuneUp Utilities 2014 (en-US)  
 TuneUp Utilities 2014   
 CCleaner     
 Adobe Flash Player     12.0.0.77  
 Adobe Reader XI  
 Mozilla Firefox (28.0)
 Google Chrome 33.0.1750.154  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Kaspersky Lab Kaspersky Internet Security 14.0.0 klwtblfs.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
 



#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:54 AM

Posted 02 April 2014 - 04:54 AM

CodeIntegrity Errors:
===================================
Date: 2014-04-01 02:10:06.575
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

 

 

This is a problem with your Kaspersky Antivirus.

Was the program installed correctly, and is it a full legal version of the program.

If you have an Install CD or just an ID for Kaspersky, please Uninstall the program, and Reinstall it.

 

 

File name - klelam.sys
Location - C:\Windows\ELAMBKUP\klelam.sys
File type - System file
Company name - Kaspersky Lab

 

 

TuneUp Utilities 2014  <= This must be removed from Programs and Features.

This (useless) program may be clashing with Kaspersky, and may be causing some problems.

 

From my earlier question and post

>> please contact your ISP Now to be sure your internet connection is secure. <<

Did you contact the ISP, and is there any result from them ??



#5 My.Rhapsodies12

My.Rhapsodies12
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:54 AM

Posted 02 April 2014 - 09:10 AM

I have already called my ISP and they have already confirmed that my internet connection is secure. I also have uninstalled Kaspersky Internet Security as well as Tune Up Utilities 2014 as requested. What should I do next?



#6 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:54 AM

Posted 03 April 2014 - 01:43 AM

Hi -

The request was not to leave your computer unprotected, but I left a series of questions about Kaspersky.

These were based on the errors in your logs that you had left, and I cannot check them from here.

This is a problem with your Kaspersky Antivirus.

Was the program installed correctly, and is it a full legal version of the program.

If you have an Install CD or just an ID for Kaspersky, please Uninstall the program, and Reinstall it.

If your Kaspersky was a good legal install, please put it back and see if there are any changes.

If you did not install it correctly, you have not said so, plus you did not say where it was from (CD / Download ?)

 

If you had a faulty Kaspersky install, I was only thinking it may not be protecting you as it should be.

 

Have you reinstalled any Antivirus, and please update us on the problem.

 

Do you have any method of keeping a watch on internet usage. My ISP has a daily readout that I can break down into hourly connections and the sites where I connected onto, and other details.

Did your ISP give you any idea as to when or where the "extra" online downloads were from ??

Any information like this is what you (and we) are looking for.

 

Tracing a Hacker and Have I been Hacked are the 2 basic programs you need to follow if the problem still exists.

 

There are tools for you to use to see when and where your internet usage is going to.

 

Please use these and see if you can find any idea of outside usage that should not be there.



#7 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:54 AM

Posted 03 April 2014 - 02:12 AM

Regarding PdtWzd.exe
It is Acer's Software, not a Microsoft .exe.

 

As we are not able to do some deeper scans in this area, please read This Preparation guide from Step #6 and post the 2 DDS logs to Virus and Malware logs area

 

The Experts will be able to see more from these logs than we can here.

 

When you post the new topic, please leave a link back here and we can lock this topic to stop any incorrect information being posted.



#8 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:54 AM

Posted 05 April 2014 - 07:01 PM

Further from your Listed Errors =>

"The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt".

And " The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)"

 

This problem is often caused by a error in the Windows Search Indexing Service.

And can mean an installed file is "probably corrupt".

 

Follow these instructions:
1) Go - Start > in the run/search box > type cmd, Right click on the top result and select "Run as administrator" (very important)

2) A black Command Prompt box should open

3) Type.sfc /scannow on the blinking line.
Also note the space between the c and / as it needs to be there

Now press Enter for the command to run ........

This should take (on average) between 15 and 20 minutes to run, depending on your system
Please plug the computer into a reliable power source, as batteries are known to fail.

 

This will check Installed System File Data, (sfc) against what should have been installed for your system.

Then for the command to start working now (/scannow) just make sure there is a space in the middle.


Edited by noknojon, 05 April 2014 - 08:58 PM.


#9 My.Rhapsodies12

My.Rhapsodies12
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:54 AM

Posted 09 April 2014 - 04:14 AM

hey there, once again sorry for the unintended late reply. I have reformatted my laptop once again and the problem doesn't seem to be resolved. I'm tired of sending it to the IT store to be reformatted. I already uninstalled Kaspersky and bought the Bitdefender total security system but instead of clearing the problems, I think it's getting more complicated. For several times I couldn't access my laptop because the password didn't match even though it was the correct one. The blue screen keeps occuring. And the internet is unbearable. I keep resetting my broadband because incompatible driver. Can you please please please assist me?



#10 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:54 AM

Posted 09 April 2014 - 04:35 AM

Please read Post #7, where I asked you to let the Experts look at your problem.

They are able to see more from their requested scans, and they do not charge you for the services.

 

You can "Buy them a Coffee" via their PayPal links if they do help you, but no "fee" is ever charged.

We just ask you to be patient, as they can get busy at times and you may need to wait a day or 3 for a reply.

 

As we are not able to do some deeper scans in this area, please read This Preparation guide from Step #6

Then post the 2 DDS logs to Virus and Malware logs area with a description of your problem.

 

The Experts will be able to see more from these logs than we can here.

 

When you post the new topic, please leave a link back here and we can lock this topic to stop any incorrect information being posted.



#11 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:54 AM

Posted 09 April 2014 - 04:43 AM

As I see you have posted the logs http://www.bleepingcomputer.com/forums/t/530425/before-its-too-late/#entry3337709 <=Here in  Virus, Trojan, Spyware, and Malware Removal area, I will have this topic locked so no other incorrect advice can be posted.

 

Please stay with your new topic until you get a reply.



#12 My.Rhapsodies12

My.Rhapsodies12
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:54 AM

Posted 09 April 2014 - 04:54 AM

Yes I have posted it. Should I edit that post to put a link back to this topic?



#13 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:54 AM

Posted 09 April 2014 - 05:22 AM

I have taken care of all that.

Please just stay with your new topic and do not make changes or run any tools now.

 

Do not put a link back to here, as the experts can check your previous posts to find what has been done.



#14 My.Rhapsodies12

My.Rhapsodies12
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:54 AM

Posted 09 April 2014 - 05:44 AM

Alright, noted. Your help and guidance are really appreciated..  TQ



#15 hamluis

hamluis

    Moderator


  • Moderator
  • 56,131 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:06:54 PM

Posted 09 April 2014 - 07:48 AM

Now that you have properly posted a malware log topic, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on, the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic.

Louis






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users