Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser randomly autostarts


  • Please log in to reply
15 replies to this topic

#1 eingram25

eingram25

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:33 AM

Posted 16 October 2015 - 01:48 PM

I have an Asus computer running under Windows 10. AMD cpu with built in graphics.

I currently use Bitdefender 2016 antivirus.

When I am running a program (usually magic jigsaw puzzles, free ed), my default browser will start up by itself and the website will be completely random.

(Last time this happened it was Walmart's website).

This happened once before when I was using malwarebytes software.

I contacted tham and they had me run a bunch of different scanners ending with Farbar.

I wonder what I should use to see if I'm infected or not.

Have no screenshots yet, but I have the results of my latest Farbar scan (FRST64.exe, FRST.txt, addition.txt)

I can attach them if requested.

Thanks in advance for your help.



BC AdBot (Login to Remove)

 


#2 loki2007

loki2007

  • Members
  • 551 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Hampshire
  • Local time:07:33 AM

Posted 16 October 2015 - 02:44 PM

Hi eingram25, Welcome to BC! My name is loki and I will be assisting you today. Please follow the instructions below, if you have any questions please ask!

 

3Al62Pm.pngMiniToolBox

  • Please download MiniToolBox, save it to your desktop and run it.
  • Checkmark the following checkboxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Users, Partitions and Memory size.

  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


 
Member of the Bleeping Computer A.I.I. early response team!

#3 eingram25

eingram25
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:33 AM

Posted 16 October 2015 - 07:44 PM

I have run the program (MiniToolBox.exe) and have the result, but I don't seem to find the button for attaching a file.

I'm probably blind.



#4 loki2007

loki2007

  • Members
  • 551 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Hampshire
  • Local time:07:33 AM

Posted 16 October 2015 - 08:16 PM

Hi again eingram25!

 

No need to attach the file, please just copy and paste the results into your next reply. Sorry for not telling you that in my last post. Let me know if you have any questions.

 

Thanks,

 

loki :)


 
Member of the Bleeping Computer A.I.I. early response team!

#5 eingram25

eingram25
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:33 AM

Posted 17 October 2015 - 07:28 AM

MiniToolBox by Farbar  Version: 25-07-2015 01
Ran by Ed (administrator) on 16-10-2015 at 19:35:10
Running from "C:\Users\Ed\Desktop"
Microsoft Windows 10 Home  (X64)
Model: CM1735 Manufacturer: ASUSTeK COMPUTER INC.
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
========================= IP Configuration: ================================
 
Cisco AM10 = Wi-Fi (Connected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : DESKTOP-DO6GGUR
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : ks.cox.net
 
Wireless LAN adapter Local Area Connection* 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Hosted Network Virtual Adapter
   Physical Address. . . . . . . . . : 68-7F-74-7A-9F-E6
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : ks.cox.net
   Description . . . . . . . . . . . : Cisco AM10
   Physical Address. . . . . . . . . : 68-7F-74-7A-9F-E7
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::8a6:963c:570a:760a%3(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.114(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Friday, October 16, 2015 7:11:42 PM
   Lease Expires . . . . . . . . . . : Saturday, October 17, 2015 7:11:42 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 57180020
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-52-A7-21-68-7F-74-7A-9F-E7
   DNS Servers . . . . . . . . . . . : 68.105.28.12
                                       68.105.29.12
                                       68.105.28.11
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:2839:2bf0:e700:360d(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::2839:2bf0:e700:360d%4(Preferred) 
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 167772160
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-52-A7-21-68-7F-74-7A-9F-E7
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Tunnel adapter isatap.ks.cox.net:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : ks.cox.net
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  cdns2.cox.net
Address:  68.105.28.12
 
Name:    google.com
Addresses:  2607:f8b0:4000:80b::200e
 173.194.115.0
 173.194.115.7
 173.194.115.6
 173.194.115.14
 173.194.115.3
 173.194.115.5
 173.194.115.4
 173.194.115.2
 173.194.115.1
 173.194.115.9
 173.194.115.8
 
 
Pinging google.com [216.58.218.206] with 32 bytes of data:
Reply from 216.58.218.206: bytes=32 time=31ms TTL=56
Reply from 216.58.218.206: bytes=32 time=33ms TTL=56
 
Ping statistics for 216.58.218.206:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 31ms, Maximum = 33ms, Average = 32ms
Server:  cdns2.cox.net
Address:  68.105.28.12
 
Name:    yahoo.com
Addresses:  2001:4998:c:a06::2:4008
 2001:4998:44:204::a7
 2001:4998:58:c02::a9
 98.139.183.24
 206.190.36.45
 98.138.253.109
 
 
Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=99ms TTL=52
Reply from 98.138.253.109: bytes=32 time=92ms TTL=52
 
Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 92ms, Maximum = 99ms, Average = 95ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  7...68 7f 74 7a 9f e6 ......Microsoft Hosted Network Virtual Adapter
  3...68 7f 74 7a 9f e7 ......Cisco AM10
  1...........................Software Loopback Interface 1
  4...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
  6...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.114     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.114    281
    192.168.1.114  255.255.255.255         On-link     192.168.1.114    281
    192.168.1.255  255.255.255.255         On-link     192.168.1.114    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.114    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.114    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  4    306 ::/0                     On-link
  1    306 ::1/128                  On-link
  4    306 2001::/32                On-link
  4    306 2001:0:5ef5:79fd:2839:2bf0:e700:360d/128
                                    On-link
  3    281 fe80::/64                On-link
  4    306 fe80::/64                On-link
  3    281 fe80::8a6:963c:570a:760a/128
                                    On-link
  4    306 fe80::2839:2bf0:e700:360d/128
                                    On-link
  1    306 ff00::/8                 On-link
  3    281 ff00::/8                 On-link
  4    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [54784] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [64000] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23552] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67072] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [79872] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (10/16/2015 08:55:07 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: DESKTOP-DO6GGUR)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/15/2015 09:39:37 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: DESKTOP-DO6GGUR)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/15/2015 09:32:41 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (10/15/2015 09:31:30 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (10/14/2015 10:59:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: DESKTOP-DO6GGUR)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024865 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/14/2015 10:58:59 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: DESKTOP-DO6GGUR)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/14/2015 10:55:30 PM) (Source: Application Error) (User: )
Description: Faulting application name: Kindle.exe, version: 1.12.2.40996, time stamp: 0x55d593c5
Faulting module name: Kindle.exe, version: 1.12.2.40996, time stamp: 0x55d593c5
Exception code: 0xc0000005
Fault offset: 0x000f7490
Faulting process id: 0xa28
Faulting application start time: 0xKindle.exe0
Faulting application path: Kindle.exe1
Faulting module path: Kindle.exe2
Report Id: Kindle.exe3
Faulting package full name: Kindle.exe4
Faulting package-relative application ID: Kindle.exe5
 
Error: (10/14/2015 09:45:13 PM) (Source: MsiInstaller) (User: DESKTOP-DO6GGUR)
Description: Product: Adobe Acrobat Reader DC - Update '{AC76BA86-7AD7-0000-2550-AC0F094E6500}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error: (10/14/2015 07:29:23 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: DESKTOP-DO6GGUR)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/13/2015 07:27:58 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: DESKTOP-DO6GGUR)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024865 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
System errors:
=============
Error: (10/16/2015 07:21:24 PM) (Source: Service Control Manager) (User: )
Description: The Xbox Live Auth Manager service terminated with the following service-specific error: 
%%0
 
Error: (10/16/2015 07:11:27 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 12:19:32 PM on ‎10/‎16/‎2015 was unexpected.
 
Error: (10/16/2015 07:11:01 PM) (Source: Microsoft-Windows-Kernel-Boot) (User: NT AUTHORITY)
Description: 32212256841190208
 
Error: (10/16/2015 12:22:32 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (10/16/2015 12:18:20 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the VSSERV service.
 
Error: (10/16/2015 12:15:56 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: {A677570A-2BA2-4E9A-B2E2-8A02CD8B4FD3}
 
Error: (10/16/2015 12:15:28 PM) (Source: Service Control Manager) (User: )
Description: The Windows Modules Installer service terminated with the following error: 
%%2
 
Error: (10/16/2015 12:13:41 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 7:02:54 AM on ‎10/‎16/‎2015 was unexpected.
 
Error: (10/16/2015 12:10:42 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
 
Error: (10/16/2015 12:10:12 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
 
 
Microsoft Office Sessions:
=========================
Error: (10/16/2015 08:55:07 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: DESKTOP-DO6GGUR)
Description: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI-2144927141
 
Error: (10/15/2015 09:39:37 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: DESKTOP-DO6GGUR)
Description: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI-2144927141
 
Error: (10/15/2015 09:32:41 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
 
Error: (10/15/2015 09:31:30 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
 
Error: (10/14/2015 10:59:00 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: DESKTOP-DO6GGUR)
Description: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI-2147024865
 
Error: (10/14/2015 10:58:59 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: DESKTOP-DO6GGUR)
Description: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI-2144927141
 
Error: (10/14/2015 10:55:30 PM) (Source: Application Error)(User: )
Description: Kindle.exe1.12.2.4099655d593c5Kindle.exe1.12.2.4099655d593c5c0000005000f7490a2801d106fd4d133653C:\Users\Ed\AppData\Local\Amazon\Kindle\application\Kindle.exeC:\Users\Ed\AppData\Local\Amazon\Kindle\application\Kindle.exe9e21dfc6-d0c0-46a0-95aa-40de2e487d5f
 
Error: (10/14/2015 09:45:13 PM) (Source: MsiInstaller)(User: DESKTOP-DO6GGUR)
Description: Adobe Acrobat Reader DC{AC76BA86-7AD7-0000-2550-AC0F094E6500}1625(NULL)(NULL)(NULL)
 
Error: (10/14/2015 07:29:23 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: DESKTOP-DO6GGUR)
Description: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI-2144927141
 
Error: (10/13/2015 07:27:58 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: DESKTOP-DO6GGUR)
Description: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI-2147024865
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-09-26 21:38:09.332
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-09-26 21:38:09.303
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-09-26 21:38:09.032
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-09-26 21:38:08.882
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-09-25 10:23:40.549
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-09-25 10:23:40.511
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-09-21 17:37:59.733
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-09-21 17:37:59.705
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-09-21 17:37:59.669
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-09-21 17:37:59.646
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
=========================== Installed Programs ============================
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20069 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.190 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.207 - Adobe Systems Incorporated)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version:  - Amazon)
Amazon Send to Kindle (HKLM-x32\...\SendToKindle) (Version: 1.0.1.241 - Amazon)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{66AFB595-BC05-2913-7696-6D58F9B733E1}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 4.0.0.0 - AppEx Networks)
ANT Drivers Installer x64 (HKLM\...\{4874180F-02FD-458B-AFD1-43AEA852F8E6}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArtRage 4 (HKLM\...\{06C6DBA3-36DD-40E6-8CC2-5FBAD1710B89}) (Version: 4.5.6 - Ambient Design) Hidden
ArtRage 4 (HKLM-x32\...\ArtRage 4 4.5.6) (Version: 4.5.6 - Ambient Design)
ASUS Boot Setting (HKLM-x32\...\{7AAE9187-C24F-4073-A951-36C370E7A3A5}) (Version: 1.00.10 - ASUSTeK Computer Inc.)
Autodesk Pixlr (HKLM-x32\...\{B0547B43-3AEE-453C-9945-800DDF92052D}) (Version: 1.1.1.0 - Autodesk) Hidden
Autodesk Pixlr (HKLM-x32\...\Autodesk Pixlr) (Version: 1.1.1.0 - Autodesk)
AVS Audio Converter 8.0 (HKLM-x32\...\AVS Audio Converter_is1) (Version: 8.0.2.541 - Online Media Technologies Ltd.)
AVS Audio Editor 8.0 (HKLM-x32\...\AVS Audio Editor_is1) (Version: 8.0.2.501 - Online Media Technologies Ltd.)
AVS Disc Creator 5.2 (HKLM-x32\...\AVS Disc Creator_is1) (Version: 5.2.4.534 - Online Media Technologies Ltd.)
AVS Document Converter 3.0.1 (HKLM-x32\...\AVS Document Converter_is1) (Version: 3.0.1.237 - Online Media Technologies Ltd.)
AVS Image Converter 4.0.1.280 (HKLM-x32\...\AVS Image Converter_is1) (Version: 4.0.1.280 - Online Media Technologies Ltd.)
AVS Media Player 4.2.5.108 (HKLM-x32\...\AVS Media Player_is1) (Version: 4.2.5.108 - Online Media Technologies Ltd.)
AVS Photo Editor 2.3.3.147 (HKLM-x32\...\AVS Photo Editor_is1) (Version: 2.3.3.147 - Online Media Technologies Ltd.)
AVS Registry Cleaner 3.0.2.271 (HKLM-x32\...\AVS Registry Cleaner_is1) (Version: 3.0.2.271 - Online Media Technologies Ltd.)
AVS Video Converter 9.1 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: 9.1.4.574 - Online Media Technologies Ltd.)
AVS Video Editor 7.1 (HKLM-x32\...\AVS Video Editor_is1) (Version: 7.1.3.263 - Online Media Technologies Ltd.)
AVS Video ReMaker 5.0.1.172 (HKLM-x32\...\AVS Video ReMaker_is1) (Version: 5.0.1.172 - Online Media Technologies Ltd.)
Bamboo Dock (HKLM-x32\...\{90DFD61B-8224-00C6-3D69-A983B60A394E}) (Version: 4.1.0 - Wacom Europe GmbH) Hidden
Bamboo Dock (HKLM-x32\...\Bamboo Dock) (Version: 4.1 - Wacom Co., Ltd.)
Bamboo Dock (HKLM-x32\...\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1) (Version: 4.1.0 - Wacom Europe GmbH) Hidden
Bamboo Tablets Tutorial (HKLM-x32\...\{6E0C3C3D-CF8A-4AEC-AD6C-B4486A96BE8E}) (Version: 3.0.20 - Wacom) Hidden
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 20.0.18.1035 - Bitdefender)
Bitdefender Antivirus Plus 2016 (HKLM\...\Bitdefender) (Version: 20.0.18.1037 - Bitdefender)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre 64bit (HKLM\...\{7159D1E5-62F5-42C9-825E-BE613B5DFB0F}) (Version: 2.38.0 - Kovid Goyal)
Cisco Valet Connector (HKLM-x32\...\Cisco Valet Connector) (Version: 1.2.10148.2 - Cisco Consumer Products LLC)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.10.7 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.27.35 - Dropbox, Inc.) Hidden
Elevated Installer (HKLM-x32\...\{A88D9E0C-863A-4189-A051-FC48B3E43668}) (Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin BaseCamp (HKLM-x32\...\{11172DEF-77A3-418C-B980-EF0D097CA237}) (Version: 4.5.1 - Garmin Ltd or its subsidiaries)
Garmin City Navigator North America NT 2016.10 (HKLM-x32\...\{F9390291-4BC2-411B-A41E-A843AC632FB1}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{44d9dfc0-3a4a-4439-870f-f97550a9bc8d}) (Version: 4.1.8.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{E247A9DB-7405-4D3A-A447-4C6184A66133}) (Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (HKLM-x32\...\{DF98E789-84E2-4DB9-94C1-321443D4B7DB}) (Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM\...\{DC7720F2-98BE-41C1-B0A8-E391362E86B8}) (Version: 2.3.1.1 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.71 - Google Inc.)
Google Drive (HKLM-x32\...\{12ADFB82-D5A3-43E4-B2F4-FCD9B690315B}) (Version: 1.24.9931.5480 - Google, Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.28.15 - Google Inc.) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.40 - Irfan Skiljan)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{6CF1A7E2-8001-4870-9F18-3C6CDD6FE9E3}) (Version: 12.2.1.16 - Apple Inc.)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 41.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.1 (x86 en-US)) (Version: 41.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.1.5750 - Mozilla)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
OneClickdigital Media Manager (HKLM-x32\...\{FDFDEC8B-1047-49D8-B2D2-45C0B02F92FC}) (Version: 67.0.0.0 - Recorded Books)
Online Backup (HKLM-x32\...\Online Backup) (Version: 2.33 - www.backup.com)
Quicken 2015 (HKLM-x32\...\{00C2D443-43D9-4550-ABEA-318288E23E57}) (Version: 24.1.8.1 - Intuit)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
TwistedBrush Pro Studio (HKCU\...\TwistedBrush Pro Studio) (Version:  - )
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.5-3 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Средства проверки правописания Microsoft Office 2013 — русский (HKLM\...\{90150000-001F-0419-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Средства проверки правописания Microsoft Office 2013 — русский (HKLM-x32\...\{90150000-001F-0419-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 29%
Total physical RAM: 5590.52 MB
Available physical RAM: 3930.3 MB
Total Virtual: 6486.52 MB
Available Virtual: 4714.86 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:930.56 GB) (Free:828.4 GB) NTFS
3 Drive f: (Back) (Fixed) (Total:900.27 GB) (Free:224.77 GB) NTFS
4 Drive g: (From old) (Fixed) (Total:962.74 GB) (Free:793.2 GB) NTFS
6 Drive j: () (Removable) (Total:0.12 GB) (Free:0.11 GB) FAT
 
========================= Users: ========================================
 
User accounts for \\DESKTOP-DO6GGUR
 
Administrator            DefaultAccount           Ed                       
Guest                    
 
 
**** End of log ****


#6 loki2007

loki2007

  • Members
  • 551 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Hampshire
  • Local time:07:33 AM

Posted 17 October 2015 - 08:07 AM

Did you happen to remove any of the information from the "Hosts content:" portion of the log? Or was it all blank? If you didn't remove it please run the tool again and post the new log if it now shows information under "Hosts content:" Please run these two tools and post the results of the logs in your next reply.
 
Step 1:

zcMPezJ.pngAdwCleaner
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on I agree button.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[S#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Step 2:
 
thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 
Member of the Bleeping Computer A.I.I. early response team!

#7 eingram25

eingram25
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:33 AM

Posted 17 October 2015 - 09:20 AM

I haven't done anything to the file. Here are the next two log files:

 

# AdwCleaner v5.013 - Logfile created 17/10/2015 at 08:58:27
# Updated 09/10/2015 by Xplode
# Database : 2015-10-16.1 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : Ed - DESKTOP-DO6GGUR
# Running from : C:\Users\Ed\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum
 
***** [ Services ] *****
 

***** [ Folders ] *****
 
[-] Folder Deleted : C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\madakpajlmcpaodhfbekojajlhbdklol
 
***** [ Files ] *****
 

***** [ DLLs ] *****
 

***** [ Shortcuts ] *****
 

***** [ Scheduled tasks ] *****
 

***** [ Registry ] *****
 
[-] Key Deleted : HKCU\Software\distromatic
[!] Key Not Deleted : [x64] HKCU\Software\distromatic
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : madakpajlmcpaodhfbekojajlhbdklol
 
*************************
 
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [986 bytes] ##########
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 10 Home x64
Ran by Ed on Sat 10/17/2015 at  9:03:41.38
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 

~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\ProgramData\1443456645.bdinstall.bin
Successfully deleted: [File] C:\ProgramData\1444130655.bdinstall.bin
Successfully deleted: [File] C:\ProgramData\1445019866.bdinstall.bin
Successfully deleted: [File] C:\ProgramData\1445041420.bdinstall.bin
 
 
 
~~~ Folders
 
 
 
~~~ Chrome
 

[C:\Users\Ed\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\Ed\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\Ed\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\Ed\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 10/17/2015 at  9:12:36.70
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#8 loki2007

loki2007

  • Members
  • 551 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Hampshire
  • Local time:07:33 AM

Posted 17 October 2015 - 10:25 AM

Thanks for those logs! :) Can I ask what is currently set as your default browser? And are you still currently experiencing the problem?

 

I see that you have Malwarebytes installed, can you please run a scan with that?

 

Step 1:

 

2.0 Threat Scan

  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Open the file and Copy and paste the results from that file in your next reply.

 

loki


 
Member of the Bleeping Computer A.I.I. early response team!

#9 eingram25

eingram25
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:33 AM

Posted 17 October 2015 - 11:24 AM

I will be happy to Run the malwarebytes scan. However,let me mention that I had malwarebytes actively running and it didn't protect me. That is why I switched to Bitdefender. However it didn't protect me either. I am sending a dropbox link to a screenshot That just happened. I was using Chrome and firefox started up and went to the site shown. Note that firefox stayed in the background behind the Chrome window. The only way I knew something had happened was that Chrome suddenly startted running slower.

(I have reduced the size for rapid sharing).:

https://www.dropbox.com/s/sjk83zbc5x404u8/ScrnSht10-17-2015.jpg?dl=0

Yes I still have the problem. I have Firefox set to my default browser.

Now I will close this browser and run the malwarebytes scan.

I will then send it in my next reply.



#10 eingram25

eingram25
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:33 AM

Posted 17 October 2015 - 12:05 PM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/17/2015
Scan Time: 11:34 AM
Logfile: 10-17-15-11-34.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2015.10.17.03
Rootkit Database: v2015.10.16.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Ed

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 342605
Time Elapsed: 18 min, 55 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

Plus here is a link to my Malwarebytes settings:

https://www.dropbox.com/s/0arqyh2agsrjl4f/MWBYTES.jpg?dl=0



#11 loki2007

loki2007

  • Members
  • 551 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Hampshire
  • Local time:07:33 AM

Posted 17 October 2015 - 01:10 PM

Hi again eingram25! Sorry to hear you are still experiencing the problem. Would you be willing to reset your browser(s)? Here are the steps to do that if you wanted:
 
Refresh Firefox
 
Note that this process will reset your browser settings back to default and also remove your add-ons and customizations!

  • Open Firefox
  • Go to the Help menu
  • Next select Troubleshooting Information
  • In the upper right hand corner select Refresh Firefox...
  • Click on Refresh Firefox

Reset Chrome
 
Note that your settings will be restored to their original defaults. This will reset your homepage, new tab page and search engine, disable your extensions, and unpin all tabs. It will also clear other temporary and cached data, such as cookies, content and site data.

  • Open Chrome
  • In the top-right corner of the browser window, click the Chrome menu
  • Select Settings.
  • Scroll to the bottom of the page and click Show advanced settings.
  • Under the section "Reset settings,î click Reset settings.
  • In the dialog that appears, click Reset.

Reset IE
 
Note that resetting includes disabling of toolbars and add-ons, resetting of privacy settings, security settings, popup settings, advanced options etc. This will also reset your homepage, delete temporary Internet files, history, cookies, web form information, passwords etc.

  • Open Internet Explorer
  • Select the Tools button f2d3a394-a4c3-4747-989e-cf3f6b782b2f_43., and then select Internet options.
  • Select the Advanced tab, and then click Reset.
  • In the Reset Internet Explorer Settings dialog box, check the Delete personal setting box and click Reset.
  • When Internet Explorer finishes applying default settings, click Close, and then click OK. You'll need to restart your PC for these changes to take effect.

Lets try and run a scan with ESET, this could take a while so please be patient:
 
cvMlKv6.pngESET Online Scanner

  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.
  • If ESET detected anything please post the results in your next post.

Did resetting the browsers help?


 
Member of the Bleeping Computer A.I.I. early response team!

#12 eingram25

eingram25
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:33 AM

Posted 18 October 2015 - 12:15 PM

Eset detected and fixed 5 items. I don't know where the logfile is stored.

   Something has occurred to me.  I use a program called Magic Jigsaw, free version.  The Malwarebytes people have checked this program, but I think that maybe something else might be going on.
   You see, the program has ads running at the left of the screen. The ads frequently change. Further, they jiggle and dance very vigorously.
   My thought is this, could the program be triggering the symptom that I’m experiencing by sending my computer a message over the internet to start my default browser and place their client’s web page there. The one I sent the link to was only one of many different web sites that show up. I have never been on or used any of these different sites.


#13 loki2007

loki2007

  • Members
  • 551 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Hampshire
  • Local time:07:33 AM

Posted 19 October 2015 - 10:09 AM

Hello again eingram25,

 

Yes, it is possible that Magic Jigsaw (free version) could be the problem. I'm not familar with the program but I will try and do some research and get back to you. Do you know who the publisher for the program is? I don't see it listed in your installed program list from post#5? Also I wasn't able to view your screen shot from post#9 so I'm not sure of the websites that have been showing up in your browser. Could you post some of the URLs in your next reply? Would you also check to see if your running the most current version of Firefox? You can do this by:

 

 

Check Firefox Version

 

  • Open Firefox
  • Click Help
  • Next Click About Firefox
  • The version should be 41.0.2 and below the version should show "Firefox is up to date"

 

What I would like to see in your next post:

 

Were you able to find the publisher for Magic Jigsaw (free version)?

Is Firefox up to date?

URLs for websites that are showing up in your Firefox browser?

Also, did you happen to reset your browsers?


Edited by loki2007, 19 October 2015 - 10:10 AM.

 
Member of the Bleeping Computer A.I.I. early response team!

#14 eingram25

eingram25
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:33 AM

Posted 19 October 2015 - 11:00 AM

I am resisting resetting my browsers as that causes a lot of trouble losing cookie information.

No browser is running when I have the problem.

Magic is a windows 10 app that runs in tablet mode.

 https://www.dropbox.com/s/r28m8xd83jkv5zl/Clipboard01.jpg?dl=0

The above is a link to the app. info.

Firefox is up to date. I will have to wait till the problem happens to get urls.

It hasn't happened in a couple of days, so maybe the ESET scan got it.


Edited by eingram25, 19 October 2015 - 11:03 AM.


#15 loki2007

loki2007

  • Members
  • 551 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Hampshire
  • Local time:07:33 AM

Posted 19 October 2015 - 12:17 PM

:thumbup2:  Glad to hear it hasn't happend in a few days. Hopefully ESET found the problem and removed it. If it does happen again, please let me know.

 

thanks,

 

loki


 
Member of the Bleeping Computer A.I.I. early response team!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users