Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

popup


  • Please log in to reply
16 replies to this topic

#1 pops1

pops1

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 27 November 2014 - 09:38 PM

i have a popup that shows up when i exit a secondary e-mail program. it's name in its address bar is;  s.ad127m .  it  advertises various products and services and it also reduces my screen size about 50% when it does.  after deleting it on the screen, the screen size is the same size when i search on it again.

 



BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:43 PM

Posted 28 November 2014 - 12:05 AM

Hello pops1 -

If you keep getting S.ad127m.com popups when you are operating your system, you should be careful that your computer is attacked by adware or Potentially Unwanted Programs. s.ad127m.com is an adware which is compatible with web browsers like Google Chrome, Firefox and Internet Explorer.
Note that S.ad127m.com popups are not real software updating notifications. It just uses the fake update message to draw your attention and want to get your clicks. If you download the updater from S.ad127m.com, you may find that these so-called latest version are some an unknown programs and can take a large space of your PC.

This program is usually downloaded with other programs when you just click Next / OK / OK etc without reading.

Step 1: Disable suspicious startup created by S.ad127m.com
Click Start menu ; click Start; type: msconfig in the Run box; click Ok to open the System Configuration Utility; Disable all odd, related possible startup items generated. If you see none, that is OK.

Step 2: Remove suspicious browsers add-ons

Internet Explorer:
Open Internet Explorer, go ‘Tools‘ -> ”Manage Add-ons’ -> ‘Toolbars and Extensions’. Here, look for www.ad-click.com and click ‘uninstall’. Now open IE once again and click Tools -> Internet Option -> General tab. Enter Google or other address to make it the default start page.

Mozilla Firefox:
Open Mozilla Firefox, go ‘Tools’ -> ‘Add-ons’ -> ‘Extensions’. Find www.ad-click.com and click ‘Uninstall’. Now open Mozilla Firefox once more, go to Tools -> Options -> General -> Startup and select ‘Show a blank page’ when Firefox Starts or set a certain website, like Google or similar.

Google Chrome:
Open Google Chrome, click on wench icon, go to settings and choose ‘Manage search engines’. Change search engine to google or other and delete www.ad-click.com from the list. Then Go to section “On start” and make sure you get blank page while creating new tab.

Step 3: Open the task manager (click Start and type Task manager in the search box) and stop all processes related to S.ad127m.com

 

Now -

Please download and run RKill by Grinler.
 A black DOS box will appear for a short time and then disappear.
 This is normal and indicates the tool ran successfully.
 At most the tool will usually run for about 2 minutes
 Please Copy and Paste the small log back here.

Important: Do not reboot your computer until you complete the next step.

* NOW :
 Please download AdwCleaner by Xplode and save to your Desktop.

  • Double-click on AdwCleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button only once to ensure a correct reading and watch the green bar move across
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Check the removals and see if you are OK with the list.

    If you are not sure with any removals post the [R0]txt file back here

  • Now
  • Click on the Clean button only once to ensure a correct reading
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and Paste the contents of that logfile in your next reply.
  • A copy of the logfile is also saved in the C:\AdwCleaner folder which was created when running the tool.

 

 

Please tell us how the problems are after you post the log.

 

Thank you



#3 pops1

pops1
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 28 November 2014 - 09:00 PM

kill 2.6.8 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/28/2014 07:55:40 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1    www.007guard.com
  127.0.0.1    007guard.com
  127.0.0.1    008i.com
  127.0.0.1    www.008k.com
  127.0.0.1    008k.com
  127.0.0.1    www.00hq.com
  127.0.0.1    00hq.com
  127.0.0.1    010402.com
  127.0.0.1    www.032439.com
  127.0.0.1    032439.com
  127.0.0.1    www.0scan.com
  127.0.0.1    0scan.com
  127.0.0.1    1000gratisproben.com
  127.0.0.1    www.1000gratisproben.com
  127.0.0.1    1001namen.com
  127.0.0.1    www.1001namen.com
  127.0.0.1    www.100888290cs.com
  127.0.0.1    100888290cs.com
  127.0.0.1    100sexlinks.com
  127.0.0.1    www.100sexlinks.com

  20 out of 15494 HOSTS entries shown.
  Please review HOSTS file for further entries.

Program finished at: 11/28/2014 07:56:09 PM
Execution time: 0 hours(s), 0 minute(s), and 29 seconds(s)
 



#4 pops1

pops1
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 28 November 2014 - 09:31 PM

 AdwCleaner v4.102 - Report created 28/11/2014 at 20:28:29
# Updated 23/11/2014 by Xplode
# Database : 2014-11-27.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Ken - KEN
# Running from : C:\Users\Ken\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17420


-\\ Mozilla Firefox v33.1 (x86 en-US)


*************************

AdwCleaner[R0].txt - [4829 octets] - [11/11/2014 10:10:11]
AdwCleaner[R1].txt - [872 octets] - [12/11/2014 13:30:22]
AdwCleaner[R2].txt - [987 octets] - [12/11/2014 20:32:47]
AdwCleaner[R3].txt - [4702 octets] - [19/11/2014 17:57:37]
AdwCleaner[R4].txt - [2626 octets] - [19/11/2014 18:24:14]
AdwCleaner[R5].txt - [2746 octets] - [19/11/2014 18:43:05]
AdwCleaner[R6].txt - [963 octets] - [28/11/2014 20:28:29]
AdwCleaner[S0].txt - [4761 octets] - [11/11/2014 10:13:09]
AdwCleaner[S1].txt - [932 octets] - [12/11/2014 13:33:17]
AdwCleaner[S2].txt - [1047 octets] - [12/11/2014 20:35:36]
AdwCleaner[S3].txt - [4648 octets] - [19/11/2014 18:01:21]
AdwCleaner[S4].txt - [2689 octets] - [19/11/2014 18:25:37]
AdwCleaner[S5].txt - [1403 octets] - [19/11/2014 18:48:28]

########## EOF - C:\AdwCleaner\AdwCleaner[R6].txt - [1381 octets] ##########
 



#5 pops1

pops1
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 28 November 2014 - 09:41 PM

Have run the suggested programs and posted the results but the popup is still there.



#6 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:43 PM

Posted 28 November 2014 - 10:46 PM

Hi -

I take it you went through the browser add-ons removals also.

 

Download Screen317 Security Check from Here or Here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt
  • Please Copy/Paste the contents of that document.

Note 1:: If any security program requests permission to access the Internet, allow it to
Note 2. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message, (or similar) restart computer and Security Check should run

 

 

 

Please download MiniToolBox  to desktop to run it.
 Checkmark the following boxes:

  • List content of Hosts
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
 Click Go and Copy / Paste the result. (result.txt)

 

 

 

Please download Malwarebytes Anti-Malware

  • Follow the simple directions to install the program to desktop
  • Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
  • Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
  • Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
  • If you find malware and tick it to remove it, you may be asked th re-boot the computer to finish cleaning.
  • Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

 

 

Download Malwarebytes Anti-Rootkit (A.K.A. MBAR) from HERE

  • Unzip the contents to a folder in a convenient location. (usually desktop)
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain.
  • If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

 

Again please tell us how things are after you post the logs ......

 

Thank you -



#7 pops1

pops1
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 01 December 2014 - 04:31 PM

 Results of screen317's Security Check version 0.99.91  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
McAfee Anti-Virus and Anti-Spyware   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 MVPS Hosts File  
 Spybot - Search & Destroy
 McAfee SiteAdvisor    
 Malwarebytes Anti-Malware version 2.0.3.1025  
 Java 8 Update 25  
 Java version 32-bit out of Date!
 Adobe Flash Player 15.0.0.189  
 Adobe Reader XI  
 Mozilla Firefox (33.1.1)
 Mozilla Thunderbird (31.2.0)
````````Process Check: objlist.exe by Laurent````````  
 Spybot Teatimer.exe is disabled!
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 



#8 pops1

pops1
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 01 December 2014 - 04:37 PM

MiniToolBox by Farbar  Version: 30-11-2014
Ran by Ken (administrator) on 01-12-2014 at 15:33:41
Running from "C:\Users\Ken\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    www.100888290cs.com
127.0.0.1    100888290cs.com
127.0.0.1    100sexlinks.com

There are 15476 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Ken
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 18-03-73-00-F3-9A
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::561:3a52:66ac:c551%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.101(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, December 01, 2014 7:48:21 AM
   Lease Expires . . . . . . . . . . : Tuesday, December 02, 2014 7:48:20 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 236454771
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-30-03-99-18-03-73-00-F3-9A
   DNS Servers . . . . . . . . . . . : 8.8.8.8
                                       8.8.4.4
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{EC85F23B-BE74-495D-8075-AAE06A3FF2A5}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:1465:186e:b53b:bf1a(Preferred)
   Link-local IPv6 Address . . . . . : fe80::1465:186e:b53b:bf1a%14(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Name:    google.com
Addresses:  2607:f8b0:4000:806::1000
      173.219.167.29
      173.219.167.50
      173.219.167.24
      173.219.167.30
      173.219.167.45
      173.219.167.55
      173.219.167.39
      173.219.167.34
      173.219.167.54
      173.219.167.59
      173.219.167.44
      173.219.167.25
      173.219.167.35
      173.219.167.40
      173.219.167.20
      173.219.167.49


Pinging google.com [74.125.198.100] with 32 bytes of data:
Reply from 74.125.198.100: bytes=32 time=408ms TTL=46
Reply from 74.125.198.100: bytes=32 time=18ms TTL=46

Ping statistics for 74.125.198.100:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 18ms, Maximum = 408ms, Average = 213ms
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Name:    yahoo.com
Addresses:  98.139.183.24
      98.138.253.109
      206.190.36.45


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=124ms TTL=50
Reply from 98.139.183.24: bytes=32 time=56ms TTL=50

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 56ms, Maximum = 124ms, Average = 90ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 11...18 03 73 00 f3 9a ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.101     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.101    276
    192.168.1.101  255.255.255.255         On-link     192.168.1.101    276
    192.168.1.255  255.255.255.255         On-link     192.168.1.101    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.101    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.101    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 14     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 14     58 2001::/32                On-link
 14    306 2001:0:9d38:6abd:1465:186e:b53b:bf1a/128
                                    On-link
 11    276 fe80::/64                On-link
 14    306 fe80::/64                On-link
 11    276 fe80::561:3a52:66ac:c551/128
                                    On-link
 14    306 fe80::1465:186e:b53b:bf1a/128
                                    On-link
  1    306 ff00::/8                 On-link
 14    306 ff00::/8                 On-link
 11    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/01/2014 07:49:58 AM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/01/2014 07:49:58 AM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.

Context: Windows Application


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/01/2014 07:49:58 AM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/01/2014 07:49:58 AM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (12/01/2014 07:49:56 AM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/01/2014 07:49:56 AM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (12/01/2014 07:49:56 AM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/01/2014 07:49:56 AM) (Source: Windows Search Service) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/01/2014 07:49:56 AM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot open the Jet property store.


Details:
    0x%08x (0xc0041800 - The content index database is corrupt.  (HRESULT : 0xc0041800))

Error: (12/01/2014 07:49:55 AM) (Source: ESENT) (User: )
Description: Windows (7876) Windows: Error -1811 occurred while opening logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0002D.log.


System errors:
=============
Error: (12/01/2014 07:49:58 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (12/01/2014 07:49:58 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (12/01/2014 07:49:05 AM) (Source: Microsoft-Windows-Time-Service) (User: NT AUTHORITY)
Description: The time provider 'VMICTimeProvider' failed to start due to the following error: The specified module could not be found. (0x8007007E)

Error: (12/01/2014 07:49:02 AM) (Source: Service Control Manager) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (12/01/2014 07:49:02 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (12/01/2014 07:48:32 AM) (Source: Service Control Manager) (User: )
Description: The mrtRate service failed to start due to the following error:
%%1275

Error: (12/01/2014 07:48:32 AM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\Drivers\mrtRate.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (12/01/2014 07:48:26 AM) (Source: Microsoft-Windows-TaskScheduler) (User: NT AUTHORITY)
Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183.

Error: (12/01/2014 07:48:24 AM) (Source: Microsoft-Windows-TaskScheduler) (User: NT AUTHORITY)
Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183.

Error: (11/30/2014 08:41:04 AM) (Source: Microsoft-Windows-Time-Service) (User: NT AUTHORITY)
Description: The time provider 'VMICTimeProvider' failed to start due to the following error: The specified module could not be found. (0x8007007E)


Microsoft Office Sessions:
=========================
Error: (12/01/2014 07:49:58 AM) (Source: Windows Search Service)(User: )
Description:
Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/01/2014 07:49:58 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/01/2014 07:49:58 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/01/2014 07:49:58 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (12/01/2014 07:49:56 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (12/01/2014 07:49:56 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (12/01/2014 07:49:56 AM) (Source: Windows Search Service)(User: )
Description:
Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (12/01/2014 07:49:56 AM) (Source: Windows Search Service)(User: )
Description:
Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
4700

Error: (12/01/2014 07:49:56 AM) (Source: Windows Search Service)(User: )
Description:
Details:
    0x%08x (0xc0041800 - The content index database is corrupt.  (HRESULT : 0xc0041800))

Error: (12/01/2014 07:49:55 AM) (Source: ESENT)(User: )
Description: Windows7876Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0002D.log-1811


CodeIntegrity Errors:
===================================
  Date: 2013-08-04 14:01:50.279
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-04 14:01:50.279
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-04 14:01:50.279
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-30 15:01:54.330
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-30 15:01:54.330
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-30 15:01:54.330
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-17 17:59:30.953
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-17 17:59:30.938
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-17 17:59:30.938
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-04-09 14:26:55.999
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.



=========================== Installed Programs ============================
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Canon iP2600 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series) (Version:  - )
Canon iP2600 series User Registration (HKLM-x32\...\Canon iP2600 series User Registration) (Version:  - )
Canon MP280 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Desktop Taipei version 2.2 (HKLM-x32\...\Desktop Taipei_is1) (Version:  - )
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 10.4.0.896 - Citrix Online, a division of Citrix Systems, Inc.)
High-Definition Video Playback (x32 Version: 7.3.10000.0.0 - Nero AG) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Internet Explorer (x32 Version: 8 - Microsoft Corporation) Hidden
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.25.18 - Oracle Corporation) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LinksysEasyLinkAdvisor (HKLM-x32\...\InstallShield_{2369561B-FD79-47F0-905D-B5FC7BAA9C80}) (Version:  - )
LinksysEasyLinkAdvisor (Version: 3.0.8122.29 - Linksys, Cisco System.) Hidden
Macromedia Shockwave Player (HKLM-x32\...\Macromedia Shockwave Player) (Version:  - )
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
McAfee AntiVirus Plus (HKLM-x32\...\MSC) (Version: 13.6.1138 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.154 - McAfee, Inc.)
McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 7.5.0.3093 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Digital Image Library 9 - Blocker (x32 Version: 9.00.0000 - Microsoft Corporation) Hidden
Microsoft Digital Image Standard 2006 Editor (x32 Version: 11.0.2018 - Microsoft Corporation) Hidden
Microsoft Digital Image Standard 2006 Library (x32 Version: 11.0.2018 - Microsoft Corporation) Hidden
Microsoft Digital Image Standard 2006 Update (HKLM-x32\...\PictureItPrem_v12) (Version: 11.0.2018 - Microsoft Corporation)
Microsoft Encarta Encyclopedia Standard 2006 (HKLM-x32\...\{06040048-3E21-46D6-9A91-D927BA08F41D}) (Version: 2006 - Microsoft Corporation)
Microsoft Office Excel Viewer (HKLM-x32\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Word 2002 (HKLM-x32\...\{911B0409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Microsoft Works Suite 2006 Setup Launcher (HKLM-x32\...\Works2006Setup) (Version:  - )
Microsoft Works Suite Add-in for Microsoft Word (HKLM-x32\...\{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}) (Version: 8.0.0.0000 - Microsoft Corporation)
Mozilla Firefox 33.1.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1.1 (x86 en-US)) (Version: 33.1.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
Mozilla Thunderbird 31.2.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.2.0 (x86 en-US)) (Version: 31.2.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 10 Movie ThemePack Basic (x32 Version: 10.2.10200.0.0 - Nero AG) Hidden
Nero Control Center 10 (x32 Version: 10.6.12500.0.5 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.2.10800 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.20000.9.12 - Nero AG) Hidden
NVIDIA 3D Vision Driver 267.16 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 267.16 - NVIDIA Corporation)
NVIDIA Control Panel 267.16 (Version: 267.16 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 267.16 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 267.16 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.1.13.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.1.13.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.265.39.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.10.0514 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6716 - NVIDIA Corporation) Hidden
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Pure Networks Platform (x32 Version: 10.1.8116.1 - Pure Networks) Hidden
Quicken 2001 Basic (HKLM-x32\...\Quicken 2001 Basic) (Version:  - )
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5963 - Realtek Semiconductor Corp.)
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (x32 Version: 1.3.3 - Roxio) Hidden
Roxio Burn (x32 Version: 1.8 - Roxio) Hidden
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio Creator Starter (x32 Version: 1.0.439 - Roxio) Hidden
Roxio Creator Starter (x32 Version: 5.0.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
SyncUP (HKLM-x32\...\{D92C9CCE-E5F0-4125-977A-0590F3225B74}) (Version: 10.2.14900 - Nero AG)
WebEx Support Manager for Internet Explorer (HKLM-x32\...\{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}) (Version: 6.5.47 - WebEx Communications Inc.)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Center Add-in for Flash (HKLM-x32\...\{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}) (Version: 4.1.2.0 - Microsoft Corporation)
Works Upgrade (x32 Version: 8.0.0.0000 - Microsoft Corporation) Hidden

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 45%
Total physical RAM: 4094.98 MB
Available physical RAM: 2220.13 MB
Total Pagefile: 8188.15 MB
Available Pagefile: 5933.78 MB
Total Virtual: 4095.88 MB
Available Virtual: 3976.33 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:916.66 GB) (Free:866.03 GB) NTFS

========================= Users: ========================================

User accounts for \\KEN

Administrator            ASPNET                   Guest                    
Ken                      

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

14-11-2014 23:39:28 Removed Java 7 Update 45
18-11-2014 14:51:16 Windows Update
19-11-2014 21:00:15 Windows Update
22-11-2014 02:39:31 Restore Operation
22-11-2014 02:48:09 Windows Update
22-11-2014 04:56:43 Windows Update
25-11-2014 14:48:03 Windows Update
25-11-2014 23:03:10 Restore Operation
25-11-2014 23:12:20 Windows Update
26-11-2014 05:22:14 Windows Update

**** End of log ****
 



#9 pops1

pops1
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 01 December 2014 - 05:13 PM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/1/2014
Scan Time: 3:39:10 PM
Logfile: mwb scan log.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.12.01.07
Rootkit Database: v2014.12.01.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Ken

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 330962
Time Elapsed: 12 min, 15 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


alwarebytes Anti-Rootkit BETA 1.08.2.1001
www.malwarebytes.org

Database version: v2014.12.01.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17420
Ken :: KEN [administrator]

12/1/2014 4:00:16 PM
mbar-log-2014-12-01 (16-00-16).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 330267
Time elapsed: 9 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 



#10 pops1

pops1
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 01 December 2014 - 05:18 PM

The popup is still present and it is still reduces my screen.



#11 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:43 PM

Posted 01 December 2014 - 06:09 PM

First open your CCleaner program, click on Tools at the bottom left and look for any odd program listings.

If you are not sure of any, please write them down and post them back here.

 

 

Do you only get this in one browser, (F/fox, Internet Explorer, Chrome) or at any time.

 

 

Run ESET Online Scanner.

  • For Internet Explorer users only, hold down Control  (Ctrl) and click on This Link to open ESET OnlineScan in a new window.
  • Click the ESET Online button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu. to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives but Not Remove Threats"
  • Click Advanced settings and select the following:
    Scan potentially unwanted applications
     Scan for potentially unsafe applications
     Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer.
  • Please be patient as this will take some time (2 hours is not unusual for a first scan).
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as "ESETScan". Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

NOTE:Sometimes if ESET finds no infections it will not create a log.

 

 

Thank You -


Edited by noknojon, 01 December 2014 - 06:11 PM.


#12 pops1

pops1
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 02 December 2014 - 12:17 AM

Eset scanner did not find any problems and did not make a log file.  To answer your question before, I use Firefox as my default browser and the problem only shows up on my secondary e-mail program that I use to sign up to different web sites purely to keep the spam down on my primary e-mail account.  That secondary account is with LycosMail.  That is the only place I have had trouble with it but I have not been able to delete it so far. 



#13 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:43 PM

Posted 02 December 2014 - 01:28 PM

Hi -

I think we have 2 choices left (provided that you can not find the item listed anywhere)

 

This should be done with Internet Explorer open, not Firefox
Click Tools or the Gear icon at the top of the browser > Go down the list to click on Internet Options > Go across to the last tab that should be Advanced >  Click on Advanced and then Reset (near the bottom) > You should get a Confirm box pop up > Tick Delete Personal Settings and now Reset.

This last part may be where the infection changed things -

Once the settings have all been reset, Close that box. Close any other open boxes. Now close I.E. and Reboot your computer.

 

 

If this works - Please download Temp File Cleaner by Old Timer
1 .Download TFC from the download link above and save the file on your desktop.
2 .Close ALL running applications as TFC will terminate them before attempting to clean up the temporary files.
3 .Double-click on the TFC icon.
4 .When the program opens, click on the Start button.  TFC will terminate the Explorer process and all running applications and then begin the process of cleaning out all of your temp folders.
5 .When done, press OK > Exit, and reboot your computer and finish the cleanup
No log is produced or expected.
Note: After removing temp files, the computer may show to be slow than usual, but it will improve once the cache is rebuild.

I would then delete that Lycos Email account and use a Gmail or Hotmail one (all free).

 

 

If all that fails to do anything, we need the Experts to extract it (directions will follow if needed).

 

Thanks -



#14 pops1

pops1
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 03 December 2014 - 12:15 PM

Have tried all those things and the problem is still there.



#15 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:43 PM

Posted 03 December 2014 - 01:56 PM

Hi -

Sorry, but I am unable to look much deeper or use stronger tools in this forum area. Please see below.

 

Please follow the instructions in the Malware Removal and Preparation Guide starting at Step 6.

  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running DDS which will create two logs. Note: Windows 8.1 Users will not be able run DDS and create a log

When you have done that, Copy and Paste your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs or you're using Windows 8.1, then still start the new topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can close this one, to prevent others answering incorrectly.

 

They can get busy, so the quicker you post there the quicker your reply

 

Good luck -






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users