Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ads Pop-Up Whenever A Link Is Opened - Another user


  • Please log in to reply
21 replies to this topic

#1 RAGG

RAGG

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 29 June 2015 - 01:58 PM

InadequateInfirmity - I am getting ads that pop up in a new window when you click within a couple of different sites.  One is IE the other  firefox.  I ran the second phase of software you recommended yesterday without going back to the very beginning and running the first 4 step process.  Should I go and run everything you recommended in the sequence suggested?  Also should I always do a reboot after a step that catches something?  Is there any benefit to having the sites with issues open when running the software?  Also if there is an issue with the bookmark for those sites the software should clean that correct?  I thought the new software I ran yesterday starting with Adware Removal Toll v3.9 would fix the issue as it found some registry issues... and some others issues were found in the steps after that... but unfortunately still having the same issues... what does rsthosts do?  should avg always be disabled when running the other scans?  thanks

BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:16 PM

Posted 29 June 2015 - 02:58 PM

Please start with these instructions, if your antivirus needs to be disabled it will say.... Even if you have ran these then do so again and post the logs.

 

Download and run wipe.

 

https://privacyroot.com/software/www/en/wipe.php

 

Under details make sure the highlighted button is ticked prior to cleaning.

v9cPNDN.jpg?1

 

Then System ninja

https://singularlabs.com/software/system-ninja/

 

Scan for junk then delete.

 

r5APpdC.jpg

 

Then.....

 

Go ahead and install ccleaner Now that you have the program installed go ahead and run the cleaner function.

https://www.piriform.com/ccleaner/download
kwLN4uv.png


Now that you have cleaned out some temp files, lets go ahead and disable all of the items starting up with your machine except your antivirus. To do this you will need to click on tools then start up select each item then disable.

GjWwvEu.png

Now that you have disabled those un-needed start ups lets go into the settings, we will have Ccleaner run when your machine boots, so that you will never have to worry about cleaning temp files again.

To do this:

  • Hit options.
  • Settings.
  • Place a tick to run Ccleaner when the computer starts.


Lxioao1.png

Now go to the advanced tab, and select close program after cleaning, now run the cleaner again this will close Ccleaner.

SnqZ2JW.png

 

Reboot your machine and then follow the  instructions below.

 

Step 1: eScanAV.

 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

Download the eScanAV Anti-Virus Toolkit (MWAV)
http://www.escanav.com/english/content/products/downloadlink/downloadcounter.asp?pcode=MWAV&src=english_dwn&type=alter

 

Source

http://www.escanav.com/english/content/products/downloadlink/downloadproduct.asp?pcode=MWAV
Save the file to your desktop.
Right click run as administrator.
A new icon will appear on your desktop.
Right click run as administrator on new icon.
Click on the update tab.
ZCDJtZN.png
Once you have updated the program, make sure the settings are the same as the picture below.
7DUFn5c.png
Once you have made sure the settings match the picture, hit the Scan & Clean button.
Upon scan completion, click View Log.
ApSVXsQ.png
Copy and paste entire log into your next reply.

Note: Reboot after you remove infections.

 

Step 2: Zemana

 

Run a full scan with Zemana antimalware.

http://www.zemana.us/product/zemana-antimalware/default.aspx

Install and select deep scan.

jdmyscF.jpg

Remove any infections found.

Then click on the icon in the pic below.

DOLGyto.jpg

Double click on the scan log, copy and paste here in your reply.

Note: Reboot after you remove infections.

 

 

Step 3: Junkware Removal Tool.
 
Please download Junkware Removal Tool and save it on your desktop.

Source

http://thisisudax.org/

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.

Step 4: Adware Cleaner.
 
Please download AdwCleaner by Xplode onto your desktop.


  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Edited by InadequateInfirmity, 29 June 2015 - 03:01 PM.


#3 RAGG

RAGG
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 29 June 2015 - 04:34 PM

29 Jun 2015 16:05:53 [110c] - **********************************************************
29 Jun 2015 16:05:53 [110c] - MWAV - eScanAV AntiVirus Toolkit.
29 Jun 2015 16:05:53 [110c] - Copyright © MicroWorld Technologies
29 Jun 2015 16:05:53 [110c] - **********************************************************
29 Jun 2015 16:05:53 [110c] - Source: C:\Users\RichardGentry\Downloads\mwav(1).exe
29 Jun 2015 16:05:53 [110c] - Version 14.0.189 (C:\USERS\RICHARDGENTRY\APPDATA\LOCAL\TEMP\MEXETMP.EX~)
29 Jun 2015 16:05:53 [110c] - Log File: C:\Users\RichardGentry\AppData\Local\Temp\MWAV.LOG
29 Jun 2015 16:05:53 [110c] - Last Scan Date and Time: 26.06.2015 20:34:58
29 Jun 2015 16:05:53 [110c] - MWAV Registered: TRUE
29 Jun 2015 16:05:53 [110c] - User Account: RichardGentry (Administrator Mode)
29 Jun 2015 16:05:53 [110c] - OS Type: Windows Workstation [InstallType: Client]
29 Jun 2015 16:05:53 [110c] - OS: Windows 7 64-Bit [OS Install Date: 10 Feb 2015 16:00:44]
29 Jun 2015 16:05:53 [110c] - Ver: Personal Service Pack 1 (Build 7601)
29 Jun 2015 16:05:53 [110c] - System Up Time: 10 Minutes, 17 Seconds


29 Jun 2015 16:05:53 [110c] - Windows Root  Folder: C:\Windows
29 Jun 2015 16:05:53 [110c] - Windows Sys32 Folder: C:\Windows\system32
29 Jun 2015 16:05:53 [110c] - DHCP NameServer: 75.75.75.75 75.75.76.76
29 Jun 2015 16:05:53 [110c] - Interface0 DHCPNameServer: 75.75.75.75 75.75.76.76
29 Jun 2015 16:05:53 [110c] - Local Fixed Drives: c:\,e:\,y:\
29 Jun 2015 16:05:53 [110c] - MWAV Mode(A): Scan and Clean files (for viruses, adware and spyware)
29 Jun 2015 16:05:53 [110c] - [CREATED ZIP FILE: C:\Users\RichardGentry\AppData\Local\Temp\pinfect.zip]
29 Jun 2015 16:05:53 [110c] - Command Line Options Given: /xsign
29 Jun 2015 16:05:53 [110c] - Latest Date of files inside MWAV: Mon Jun 22 20:31:57 2015.
29 Jun 2015 16:05:55 [110c] - Loading/Creating FileScan Cache Database C:\ProgramData\MicroWorld\MWAV\ESCANDBY.MDB [Log: C:\Users\RichardGentry\AppData\Local\Temp\ESCANDB.LOG]
29 Jun 2015 16:05:56 [110c] - Loaded/Created FileScan Cache Database...
29 Jun 2015 16:05:56 [110c] - Loading AV Library [DB]...
29 Jun 2015 16:06:24 [110c] - ArchiveScan: DISABLED
29 Jun 2015 16:06:25 [110c] - AV Library Loaded - MultiThreaded - 8 : [DB-DIRECT].
29 Jun 2015 16:06:25 [110c] - MWAV doing self scanning...
29 Jun 2015 16:06:25 [110c] - MWAV files are clean.
29 Jun 2015 16:06:25 [110c] - ArchiveScan: DISABLED
29 Jun 2015 16:06:25 [110c] - Virus Database Date: 22 Jun 2015
29 Jun 2015 16:06:25 [110c] - Virus Database Count: 5706626
29 Jun 2015 16:06:25 [110c] - Sign Version: 7.61188 [519940]
29 Jun 2015 16:06:37 [110c] - Downloading AntiVirus and Anti-Spyware Databases...
29 Jun 2015 16:10:52 [110c] - Update Successful...
29 Jun 2015 16:10:57 [110c] - Old Sign Version: 7.61188    New Sign Version: 7.61311
29 Jun 2015 16:11:09 [110c] - Reload of AntiVirus Signatures successfully done.
29 Jun 2015 16:11:09 [110c] - Virus Database Date: 29 Jun 2015
29 Jun 2015 16:11:09 [110c] - Virus Database Count: 5701552
29 Jun 2015 16:11:09 [110c] - Sign Version: 7.61311 [520063]
 
29 Jun 2015 16:14:23 [110c] - **********************************************************
29 Jun 2015 16:14:23 [110c] - MWAV - eScanAV AntiVirus Toolkit.
29 Jun 2015 16:14:23 [110c] - Copyright © MicroWorld Technologies
29 Jun 2015 16:14:23 [110c] -
29 Jun 2015 16:14:23 [110c] - Support: support@escanav.com
29 Jun 2015 16:14:23 [110c] - Web: http://www.escanav.com
29 Jun 2015 16:14:23 [110c] - **********************************************************
29 Jun 2015 16:14:23 [110c] - Version 14.0.189[DB] (C:\USERS\RICHARDGENTRY\APPDATA\LOCAL\TEMP\MEXETMP.EX~)
29 Jun 2015 16:14:23 [110c] - Log File: C:\Users\RichardGentry\AppData\Local\Temp\MWAV.LOG
29 Jun 2015 16:14:23 [110c] - User Account: RichardGentry (Administrator Mode)
29 Jun 2015 16:14:23 [110c] - Windows Root  Folder: C:\Windows
29 Jun 2015 16:14:23 [110c] - Windows Sys32 Folder: C:\Windows\system32
29 Jun 2015 16:14:23 [110c] - OS: Windows 7 64-Bit [OS Install Date: 10 Feb 2015 16:00:44]
29 Jun 2015 16:14:23 [110c] - Ver: Personal Service Pack 1 (Build 7601)
29 Jun 2015 16:14:23 [110c] - Latest Date of files inside MWAV: Mon Jun 22 20:31:57 2015.
29 Jun 2015 16:14:23 [110c] - Priority: NORMAL
 
29 Jun 2015 16:14:23 [12bc] - Options Selected by User:
29 Jun 2015 16:14:23 [12bc] - Memory Check: Enabled
29 Jun 2015 16:14:23 [12bc] - Registry Check: Enabled
29 Jun 2015 16:14:23 [12bc] - StartUp Folder Check: Enabled
29 Jun 2015 16:14:23 [12bc] - System Folder Check: Enabled
29 Jun 2015 16:14:23 [12bc] - Services Check: Enabled
29 Jun 2015 16:14:23 [12bc] - Scan Spyware: Enabled
29 Jun 2015 16:14:23 [12bc] - Scan Archives: Disabled
29 Jun 2015 16:14:23 [12bc] - Drive Check: Enabled
29 Jun 2015 16:14:23 [12bc] - All Drive Check :Disabled
29 Jun 2015 16:14:23 [12bc] - Drive Selected = C:\
29 Jun 2015 16:14:23 [12bc] - Folder Check: Disabled
29 Jun 2015 16:14:23 [12bc] - SCAN: All_Files [ANSI]
29 Jun 2015 16:14:23 [12bc] - MWAV Mode(B): Scan and Clean files (for viruses, adware and spyware)
 
29 Jun 2015 16:14:23 [12bc] - Scanning DNS Records...
29 Jun 2015 16:14:23 [12bc] - Scanning Master Boot Record (User)...
29 Jun 2015 16:14:23 [12bc] - Scanning Logical Boot Records...
29 Jun 2015 16:14:23 [12bc] - ***** Scanning For Hidden Rootkit Processes *****
29 Jun 2015 16:14:23 [12bc] - ***** Scanning For Hidden Rootkit Services *****
 
29 Jun 2015 16:14:26 [12bc] - ***** Scanning Memory Files *****
 
29 Jun 2015 16:14:27 [12bc] - ***** Scanning Registry Files *****
 
29 Jun 2015 16:14:29 [12bc] - ***** Scanning StartUp Folders *****
 
29 Jun 2015 16:14:43 [12bc] - ***** Scanning Service Files *****
 
29 Jun 2015 16:14:53 [12bc] - ***** Scanning Registry and File system for Adware/Spyware *****
29 Jun 2015 16:14:54 [12bc] - Loading Spyware Signatures from new External Database [Name: C:\Users\RICHAR~1\AppData\Local\Temp\spydb.avs, Size: 464724]...
29 Jun 2015 16:14:54 [12bc] - Indexed Spyware Databases Successfully Created...
 
 
29 Jun 2015 16:14:59 [12bc] - ***** Scanning Registry Files *****
 
29 Jun 2015 16:14:59 [12bc] - ***** Scanning System32 Folders *****
 
 
29 Jun 2015 16:15:08 [12bc] - ***** Scanning Drive C:\ *****
29 Jun 2015 16:15:43 [1004] - Scanning File C:\Program Files\Reason\Security\Quarantine\fd8534ba-a02e-423b-8130-e707605d9e5b
29 Jun 2015 16:15:43 [1004] - File C:\Program Files\Reason\Security\Quarantine\fd8534ba-a02e-423b-8130-e707605d9e5b infected by "Trojan.Dropper.RSA (DB)" Virus! Action Taken: File Renamed.

29 Jun 2015 16:16:20 [1004] - Scanning File C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
29 Jun 2015 16:16:20 [0a14] - Scanning File C:\System Volume Information\{bebf9ec3-1506-11e5-99aa-9cad97afbea0}{3808876b-c176-4e48-b7ae-04046e6cc752}
29 Jun 2015 16:16:20 [0acc] - Scanning File C:\System Volume Information\{7d9c826c-137e-11e5-9a54-9cad97afbea0}{3808876b-c176-4e48-b7ae-04046e6cc752}
29 Jun 2015 16:16:20 [1760] - Scanning File C:\System Volume Information\{0525159c-1ce6-11e5-bb67-9cad97afbea0}{3808876b-c176-4e48-b7ae-04046e6cc752}
29 Jun 2015 16:16:20 [14f4] - Scanning File C:\System Volume Information\{7d9c8268-137e-11e5-9a54-9cad97afbea0}{3808876b-c176-4e48-b7ae-04046e6cc752}
29 Jun 2015 16:16:20 [0cec] - Scanning File C:\System Volume Information\{41d325b4-1910-11e5-963e-9cad97afbea0}{3808876b-c176-4e48-b7ae-04046e6cc752}
 
29 Jun 2015 16:18:20 [12bc] - ***** Checking for specific ITW Viruses *****
 
29 Jun 2015 16:18:20 [12bc] - ***** Scanning complete. *****
 
29 Jun 2015 16:18:20 [12bc] - Total Objects Scanned: 200380
29 Jun 2015 16:18:20 [12bc] - Total Critical Objects: 1
29 Jun 2015 16:18:20 [12bc] - Total Disinfected Objects: 0
29 Jun 2015 16:18:20 [12bc] - Total Objects Renamed: 1
29 Jun 2015 16:18:20 [12bc] - Total Deleted Objects: 0
29 Jun 2015 16:18:20 [12bc] - Total Errors: 0
29 Jun 2015 16:18:20 [12bc] - Time Elapsed: 00:03:54
29 Jun 2015 16:18:20 [12bc] - Virus Database Date: 29 Jun 2015
29 Jun 2015 16:18:20 [12bc] - Virus Database Count: 5701552
29 Jun 2015 16:18:20 [12bc] - Sign Version: 7.61311 [520063]
 
29 Jun 2015 16:18:20 [12bc] - Scan Completed.
 



#4 RAGG

RAGG
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 29 June 2015 - 05:16 PM

repair for the hosts hijack is the correct action?  delete was not an option... defaulted to repair

 

Zemana AntiMalware 2.16.2.198 (Installed)

-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2015/6/29
Operating System       : Windows 7 64-bit
Processor              : 4X Intel® Core™ i3-4150 CPU @ 3.50GHz
BIOS Mode              : Legacy
CUID                   : 00D3C39A4CDDD1499000EE
Scan Type              : Deep Scan
Duration               : 12m 36s
Scanned Objects        : 152680
Detected Objects       : 2
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : Yes
Include All Extensions : No
Scan Documents         : Yes
Domain Info            : WORKGROUP,1,2
Detected Objects
-------------------------------------------------------

Hosts File
Status             : Scanned
Object             : %systemroot%\system32\drivers\etc\hosts
MD5                : 0008533A4D157460E397576EE99B268A
Publisher          : -
Size               : 1260
Version            : -
Detection          : Hosts Hijack
Cleaning Action    : Repair
Traces             :
                Hosts File - Hosts file is hidden
                File - %systemroot%\system32\drivers\etc\hosts

ninja-setup-3.0.7.exe
Status             : Scanned
Object             : %userprofile%\downloads\ninja-setup-3.0.7.exe
MD5                : 5269E6ED06CFFE100ED3F48B4A3DE45E
Publisher          : -
Size               : 2509450
Version            : 0.0.0.0
Detection          : Adware:Win32/OpenCandy
Cleaning Action    : Quarantine
Traces             :
                File - %userprofile%\downloads\ninja-setup-3.0.7.exe

Cleaning Result
-------------------------------------------------------
Cleaned               : 2
Reported as safe      : 0
Failed                : 0
 



#5 RAGG

RAGG
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 29 June 2015 - 06:38 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.2.2 (06.29.2015:1)
OS: Windows 7 Home Premium x64
Ran by RichardGentry on Mon 06/29/2015 at 17:28:05.96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks

Successfully deleted: [Task] C:\Windows\system32\tasks\PCDEventLauncherTask



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\pcdr
Successfully deleted: [Folder] C:\ProgramData\productdata
Successfully deleted: [Folder] C:\Users\RichardGentry\AppData\Roaming\pcdr
Successfully deleted: [Folder] C:\Users\RichardGentry\AppData\Roaming\productdata





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 06/29/2015 at 17:29:41.56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#6 RAGG

RAGG
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 29 June 2015 - 07:13 PM

# AdwCleaner v4.207 - Logfile created 29/06/2015 at 18:55:30
# Updated 21/06/2015 by Xplode
# Database : 2015-06-29.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : RichardGentry - RICHARDSDELL
# Running from : C:\Users\RichardGentry\Downloads\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v38.0.5 (x86 en-US)


*************************

AdwCleaner[R0].txt - [2782 bytes] - [07/06/2015 11:52:13]
AdwCleaner[R1].txt - [1012 bytes] - [11/06/2015 15:36:48]
AdwCleaner[R2].txt - [1131 bytes] - [11/06/2015 16:43:12]
AdwCleaner[R3].txt - [1100 bytes] - [15/06/2015 11:47:14]
AdwCleaner[R4].txt - [1218 bytes] - [16/06/2015 18:56:04]
AdwCleaner[R5].txt - [1336 bytes] - [17/06/2015 11:23:59]
AdwCleaner[R6].txt - [1425 bytes] - [22/06/2015 15:03:56]
AdwCleaner[R7].txt - [1544 bytes] - [26/06/2015 20:31:52]
AdwCleaner[R8].txt - [1603 bytes] - [29/06/2015 18:54:02]
AdwCleaner[S0].txt - [2582 bytes] - [07/06/2015 11:55:10]
AdwCleaner[S1].txt - [1095 bytes] - [11/06/2015 15:59:35]
AdwCleaner[S2].txt - [1149 bytes] - [11/06/2015 16:45:57]
AdwCleaner[S3].txt - [1165 bytes] - [15/06/2015 11:48:29]
AdwCleaner[S4].txt - [1283 bytes] - [16/06/2015 18:57:45]
AdwCleaner[S5].txt - [1490 bytes] - [22/06/2015 15:04:44]
AdwCleaner[S6].txt - [1528 bytes] - [29/06/2015 18:55:30]

########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [1587  bytes] ##########
 

after adwcleaner found nothing and reboot zemana and reason core are running with my avg and I noticed zemana finds issue with JRT.exe.  ok to try sites with issue?

 

Zemana AntiMalware 2.16.2.198 (Installed)

-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2015/6/29
Operating System       : Windows 7 64-bit
Processor              : 4X Intel® Core™ i3-4150 CPU @ 3.50GHz
BIOS Mode              : Legacy
CUID                   : 00D3C39A4CDDD1499000EE
Scan Type              : Scheduled Scan
Duration               : 1m 18s
Scanned Objects        : 9214
Detected Objects       : 1
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : Yes
Include All Extensions : No
Scan Documents         : Yes
Domain Info            : WORKGROUP,1,2
Detected Objects
-------------------------------------------------------

JRT.exe
Status             : Scanned
Object             : %userprofile%\desktop\jrt.exe
MD5                : C393FF8486E3183ACB8DBEF18975B08F
Publisher          : -
Size               : 2950579
Version            : 7.2.2.0
Detection          : Heur.Malicious!Pb
Cleaning Action    : Quarantine
Traces             :
                File - %userprofile%\desktop\jrt.exe

Cleaning Result
-------------------------------------------------------
Cleaned               : 1
Reported as safe      : 0
Failed                : 0
 



#7 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:16 PM

Posted 30 June 2015 - 09:19 AM

JRT is fine.

 

Adware Removal Tool.
 
Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

Source: http://www.techsupportall.com/adware-removal-tool/

LOr0Gd7.png

Hit Ok.

sYFsqHx.png

Hit next make sure to leave all items checked, for removal.

8NcZjGc.png


The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete,  then OK again to finish up. Post log generated by tool.

 

Step 2: ZHP Cleaner.

 

Download and save ZHP Cleaner to your desktop.

http://www.nicolascoolman.fr/download/zhpcleaner-2/

Right Click and run as administrator.

Click on the Repair button.

At the end of the process you will be asked to reboot your machine.

After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.

 

Step 3: Security Check.

 

Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document

 

 

 

Step 4: Minitoolbox.

 

Please download [b]MINITOOLBOX and run it.



Checkmark following boxes:


Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.

 

Eset Scan

http://www.eset.com/us/online-scanner/
 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

 
 
 esetonlinebtn.png
 

  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.


#8 RAGG

RAGG
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 30 June 2015 - 11:45 AM

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Adware Removal Tool v3.9
Time: 2015_06_30_11_39_23
OS: Windows 7 - 64 Bit
Account Name: RichardGentry
U0L0S0

\\\\\\\\\\\\\\\\\\\\\\\ Repair Logs \\\\\\\\\\\\\\\\\\\\\\


-- No objects found

\\ Finished
 



#9 RAGG

RAGG
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 30 June 2015 - 12:23 PM

~ ZHPCleaner v2015.6.30.285 by Nicolas Coolman (2015\06\30)
~ Run by RichardGentry (Administrator)  (30/06/2015 11:53:10)
~ Site : http://www.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Scan
~ Report : C:\Users\RichardGentry\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\RichardGentry\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
~ Windows 7, 64-bit Service Pack 1 (Build 7601)


---\\  Services (0)
~ No malicious items found.


---\\  Browser internet (0)
~ No malicious items found.


---\\  Hosts file (0)
~ No malicious items found.


---\\  Scheduled automatic tasks. (0)
~ No malicious items found.


---\\  Explorer ( File, Folder) (0)
~ No malicious items found.


---\\  Registry ( Key, Value, Data) (0)
~ No malicious items found.


---\\ Result of repair
~ Any repair made
~ Browser not found (Google Chrome)
~ Browser not found (Opera Software)


---\\ Statistics
~ Items scanned : 64391
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 0


End of clean at 12:19:54
===================
ZHPCleaner-[S]-30062015-12_19_54.txt
 



#10 RAGG

RAGG
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 30 June 2015 - 12:31 PM

 Results of screen317's Security Check version 1.004  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2015   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Zemana AntiMalware    
  Adobe Flash Player 17.0.0.190 Flash Player out of Date!  
 Adobe Reader XI  
 Mozilla Firefox (38.0.5)
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe
 Zemana AntiMalware ZAM.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 



#11 RAGG

RAGG
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 30 June 2015 - 01:09 PM

are these errors listed normal? any concerns?

 

MiniToolBox by Farbar  Version: 22-06-2015
Ran by RichardGentry (administrator) on 30-06-2015 at 12:37:58
Running from "C:\Users\RichardGentry\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: Inspiron 3847 Manufacturer: Dell Inc.
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

Hosts file not detected in the default directory
========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
Dell Wireless 1705 802.11b/g/n (2.4GHZ) = Wireless Network Connection (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : RichardsDell
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : hsd1.il.comcast.net.

Ethernet adapter Bluetooth Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network) #2
   Physical Address. . . . . . . . . : 9C-AD-97-AF-BE-A0
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Dell Wireless 1705 802.11b/g/n (2.4GHZ)
   Physical Address. . . . . . . . . : 9C-AD-97-AF-BE-9F
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : hsd1.il.comcast.net.
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : F8-BC-12-96-84-34
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:558:6033:74:2ce6:917d:5186:b41f(Preferred)
   Lease Obtained. . . . . . . . . . : Tuesday, June 30, 2015 11:17:03 AM
   Lease Expires . . . . . . . . . . : Saturday, July 04, 2015 1:51:52 AM
   Link-local IPv6 Address . . . . . : fe80::cc0e:c8fb:834d:dbd2%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 24.15.126.202(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.248.0
   Lease Obtained. . . . . . . . . . : Tuesday, June 30, 2015 11:17:14 AM
   Lease Expires . . . . . . . . . . : Saturday, July 04, 2015 11:17:01 AM
   Default Gateway . . . . . . . . . : fe80::201:5cff:fe6e:b846%11
                                       24.15.120.1
   DHCP Server . . . . . . . . . . . : 69.252.202.20
   DHCPv6 IAID . . . . . . . . . . . : 251182098
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-85-DC-9D-F8-BC-12-96-84-34
   DNS Servers . . . . . . . . . . . : 2001:558:feed::1
                                       2001:558:feed::2
                                       75.75.75.75
                                       75.75.76.76
   NetBIOS over Tcpip. . . . . . . . : Enabled
Server:  cdns01.comcast.net
Address:  2001:558:feed::1

Name:    google.com
Addresses:  2607:f8b0:4009:808::200e
      216.58.216.78


Pinging google.com [2607:f8b0:4009:809::200e] with 32 bytes of data:
Reply from 2607:f8b0:4009:809::200e: time=13ms
Reply from 2607:f8b0:4009:809::200e: time=13ms

Ping statistics for 2607:f8b0:4009:809::200e:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 13ms, Maximum = 13ms, Average = 13ms
Server:  cdns01.comcast.net
Address:  2001:558:feed::1

Name:    yahoo.com
Addresses:  206.190.36.45
      98.139.183.24
      98.138.253.109


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=66ms TTL=53
Reply from 206.190.36.45: bytes=32 time=70ms TTL=53

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 66ms, Maximum = 70ms, Average = 68ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 15...9c ad 97 af be a0 ......Bluetooth Device (Personal Area Network) #2
 12...9c ad 97 af be 9f ......Dell Wireless 1705 802.11b/g/n (2.4GHZ)
 11...f8 bc 12 96 84 34 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      24.15.120.1    24.15.126.202     20
      24.15.120.0    255.255.248.0         On-link     24.15.126.202    276
    24.15.126.202  255.255.255.255         On-link     24.15.126.202    276
    24.15.127.255  255.255.255.255         On-link     24.15.126.202    276
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     24.15.126.202    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     24.15.126.202    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 11    276 ::/0                     fe80::201:5cff:fe6e:b846
  1    306 ::1/128                  On-link
 11    276 2001:558:6033:74:2ce6:917d:5186:b41f/128
                                    On-link
 11    276 fe80::/64                On-link
 11    276 fe80::cc0e:c8fb:834d:dbd2/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/30/2015 11:41:50 AM) (Source: Application Error) (User: )
Description: Faulting application name: plugin-container.exe, version: 38.0.5.5623, time stamp: 0x5563c49a
Faulting module name: mozalloc.dll, version: 38.0.5.5623, time stamp: 0x5563b229
Exception code: 0x80000003
Fault offset: 0x00001aa1
Faulting process id: 0xec8
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (06/30/2015 11:18:14 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/29/2015 07:21:53 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/29/2015 07:21:53 PM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/29/2015 07:21:53 PM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.

Context: Windows Application


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/29/2015 07:21:53 PM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/29/2015 07:21:53 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (06/29/2015 07:21:53 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/29/2015 07:21:53 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  (HRESULT : 0x8004117f) (0x8004117f)

Error: (06/29/2015 07:21:53 PM) (Source: Windows Search Service) (User: )
Description: The search service has detected corrupted data files in the index {id=1100}. The service will attempt to automatically correct this problem by rebuilding the index.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (06/30/2015 11:42:02 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (06/30/2015 11:41:50 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (06/30/2015 11:18:21 AM) (Source: Service Control Manager) (User: )
Description: The Reason Core Security Engine Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/29/2015 07:22:00 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (06/29/2015 07:21:53 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (06/29/2015 06:55:59 PM) (Source: Service Control Manager) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error:
%%1069

Error: (06/29/2015 06:55:59 PM) (Source: Service Control Manager) (User: )
Description: The WMPNetworkSvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error:
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (06/29/2015 06:55:58 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1069

Error: (06/29/2015 06:55:58 PM) (Source: Service Control Manager) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (06/29/2015 06:55:51 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\system32\athihvs.dll


Microsoft Office Sessions:
=========================
Error: (06/30/2015 11:41:50 AM) (Source: Application Error)(User: )
Description: plugin-container.exe38.0.5.56235563c49amozalloc.dll38.0.5.56235563b2298000000300001aa1ec801d0b3520815cc40C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlle7ab2c6a-1f46-11e5-88e5-9cad97afbea0

Error: (06/30/2015 11:18:14 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/29/2015 07:21:53 PM) (Source: Windows Search Service)(User: )
Description:
Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (06/29/2015 07:21:53 PM) (Source: Windows Search Service)(User: )
Description:
Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/29/2015 07:21:53 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/29/2015 07:21:53 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/29/2015 07:21:53 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (06/29/2015 07:21:53 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (06/29/2015 07:21:53 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  (HRESULT : 0x8004117f) (0x8004117f)

Error: (06/29/2015 07:21:53 PM) (Source: Windows Search Service)(User: )
Description:
Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
1100


CodeIntegrity Errors:
===================================
  Date: 2015-06-17 13:52:12.440
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-06-17 13:52:12.415
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-06-17 13:52:12.389
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-06-17 13:52:12.364
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-06-11 16:08:40.906
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-06-11 16:08:40.875
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-06-11 16:08:40.859
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-06-11 16:08:40.828
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-06-08 20:26:18.427
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-06-08 20:26:18.402
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


=========================== Installed Programs ============================

9-lab Removal Tool (HKLM-x32\...\9-lab Removal Tool) (Version:  - )
Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Adobe Reader XI  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
AVG 2015 (HKLM\...\{60617D41-12B1-4D1F-B826-985727E26121}) (Version: 15.0.4365 - AVG Technologies) Hidden
AVG 2015 (HKLM\...\{A111021A-2AC8-4990-9F39-7990131252EE}) (Version: 15.0.6037 - AVG Technologies) Hidden
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6037 - AVG Technologies)
AVS Media Player 4.2.4.107 (HKLM-x32\...\AVS Media Player_is1) (Version: 4.2.4.107 - Online Media Technologies Ltd.)
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version:  - Online Media Technologies Ltd.)
AVS Video Converter 6 (HKLM-x32\...\AVS4YOU Video Converter 6_is1) (Version:  - Online Media Technologies Ltd.)
AVS Video Converter 9.1 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: 9.1.3.572 - Online Media Technologies Ltd.)
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
Brother MFL-Pro Suite MFC-J410W (HKLM-x32\...\{31FD9031-FA28-4F73-9FD1-D7E9997C41CE}) (Version: 0.0.1.0 - Brother Industries, Ltd.)
Canon G.726 WMP-Decoder (HKLM-x32\...\Canon G.726 WMP-Decoder) (Version: 1.1.0.4 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 2.6.0.4 - Canon Inc.)
Canon RAW Image Task for ZoomBrowser EX (HKLM-x32\...\RAW Image Task) (Version: 0.9.3.9 - Canon Inc.)
Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.1.0.2 - Canon Inc.)
Canon Utilities CameraWindow DC (HKLM-x32\...\CameraWindowDC) (Version: 7.1.0.7 - Canon Inc.)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.4.2.16 - Canon Inc.)
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 6.4.0.5 - Canon Inc.)
Canon Utilities MyCamera DC (HKLM-x32\...\MyCameraDC) (Version: 7.0.1.8 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.21.45 - Canon Inc.)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.7.1.9 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.1.0.20 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.1.0.8 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.07 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Crystal Security (HKLM-x32\...\{7CBAC602-1220-46C5-B2B9-1DFABDB9813D}) (Version: 3.5.0.129 - Kardo Kristal) Hidden
Crystal Security (HKLM-x32\...\Crystal Security 3.5.0.129) (Version: 3.5.0.129 - Kardo Kristal)
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.7.1.2 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.1.2 - Dell Inc.)
Dell Data Vault (HKLM\...\{2E55EEFD-2162-4A7D-9158-EDB0305603A6}) (Version: 4.2.2.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.1.3 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.0.2.57295 - Dell)
Dell Update (HKLM-x32\...\{3FB000F3-7444-41C1-A0A6-53E8FD0B7D9C}) (Version: 1.6.1007.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.242 - SurfRight B.V.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.7.3.1001 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.2.6.1 - IObit)
Logitech Vid (HKLM-x32\...\{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}) (Version: 1.10.1009 - Logitech Inc.)
Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office 97, Professional Edition (HKLM-x32\...\Office8.0) (Version:  - )
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PaperPort Image Printer 64-bit (HKLM\...\{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}) (Version: 1.00.0000 - Nuance Communications, Inc.)
Premium Service Agreement (HKLM-x32\...\{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}) (Version: 2.0.0 - Dell Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.230 - Qualcomm Atheros Communications)
QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.)
Reason Core Security (HKLM-x32\...\Reason Core Security) (Version: 1.0.7.0 - Reason Software Company Inc.)
ScanSoft PaperPort 11 (HKLM-x32\...\{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}) (Version: 11.2.0000 - Nuance Communications, Inc.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
System Ninja version 3.0.7 (HKLM-x32\...\{6E67710E-206D-43AB-BF21-E7CD63056C55}_is1) (Version: 3.0.7 - SingularLabs)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Wipe (HKLM\...\wipe) (Version: 2015.06 - PrivacyRoot.com)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.16.198 - Zemana Ltd.)

========================= Devices: ================================

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Device ID: ROOT\*TEREDO\0000
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


========================= Memory info: ===================================

Percentage of memory in use: 26%
Total physical RAM: 8108.95 MB
Available physical RAM: 5938 MB
Total Pagefile: 16216.11 MB
Available Pagefile: 13694.48 MB
Total Virtual: 4095.88 MB
Available Virtual: 3969.32 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:907.25 GB) (Free:587.38 GB) NTFS
3 Drive e: (2TB Samsung) (Fixed) (Total:1863.01 GB) (Free:1252.27 GB) NTFS
4 Drive y: (RECOVERY) (Fixed) (Total:24.22 GB) (Free:13.64 GB) NTFS

========================= Users: ========================================

User accounts for \\RICHARDSDELL

Administrator            Guest                    RichardGentry            


**** End of log ****
 



#12 RAGG

RAGG
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 30 June 2015 - 02:03 PM

C:\Program Files\Adware-Removal-Tool\ARTP3.exe    MSIL/FakeTool.PS trojan    cleaned by deleting - quarantined
C:\Users\RichardGentry\Downloads\ccsetup507.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
 



#13 RAGG

RAGG
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 30 June 2015 - 02:10 PM

anything else to run?  eset completed... try the websites giving the ads?  thanks



#14 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:16 PM

Posted 30 June 2015 - 09:21 PM

Yes please go ahead and see if you are still having issues.



#15 RAGG

RAGG
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 01 July 2015 - 12:29 AM

I hate to say this but unfortunately ads are still occurring on the IE site and Firefox... any other recommendations?  thanks






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users