Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Hijacked by "Searchinterneat-a.akamaihd.net"


  • Please log in to reply
20 replies to this topic

#1 TLARbb

TLARbb

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Athens, LA, USA
  • Local time:09:51 AM

Posted 21 November 2015 - 04:04 PM

I'm going to need help with this problem.  I ran SpyHunter 4 when I noticed the redirect and found the recommendation to do so in a google search.  SpyHunter claimed to have fixed the issue, but it regenerated on the next browser start.  I am running Windows 8.1 on the affected Dell laptop.  I am running Google Chrome as my default browser.  

This junk was installed by the ImgBurn installation software.  Or, at least it manifested at the same time.  

You folks that take the time to help us with these problems are very much appreciated.  

 

I am not that familiar with Windows 8.1, so I might seem a bit slow to catch on to some things.  I'll do my best to keep up.  

 

EJ



BC AdBot (Login to Remove)

 


#2 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:05:51 PM

Posted 21 November 2015 - 08:17 PM

Hello,

 

Please read this topic about SpyHunter.

 

------

Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

 

§  Double-click mbam-setup-2.x.x.xxxx.exe and follow the prompts to install the program.

§  At the end, be sure a checkmark is placed next to the following:
 

o    Launch Malwarebytes Anti-Malware

o    A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

 

§  Click Finish.

§  On the Dashboard, click the 'Update Now >>' link

§  After the update completes, on Settings tab, set under Detection and Protection next options: 

1. 'Scan for rootkits'

2. Non-Malware Protection, for 'PUP detections', check, 'Threat detections as malware' option.

§  Return to Dashboard, click the 'Scan Now >>' button.

§  A Threat Scan will begin.

§  When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

§  In most cases, a restart will be required.

§  Wait for the prompt to restart the computer to appear, than click on Yes.


If you already have MBAM 2.0 installed:
 

§  On the Dashboard, click the 'Update Now >>' link.

§  After the update completes, on Settings tab, set under Detection and Protection next options: 

1. 'Scan for rootkits'

2. Non-Malware Protection, for 'PUP detections', check, 'Threat detections as malware' option.

§  Return to Dashboard, click the Scan Now >> button.

§  A Threat Scan will begin.

§  When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

§  In most cases, a restart will be required.

§  Wait for the prompt to restart the computer to appear, than click on Yes.

§  After the restart once you are back at your desktop, open MBAM once more.

§  Click on the History tab > Application Logs.

§  Double click on the Scan Log which shows the Date and time of the scan just performed.

§  Click 'Export'.

§  Click 'Copy to Clipboard'

§  Paste the contents of the clipboard into your reply.

 

-----

Please download AdwCleaner by Xplode onto your desktop.

§  Close all open programs and internet browsers.

§  Double click on adwcleaner.exe to run the tool.

§  In EULA window click I agree.

§  In Options uncheck Reset Winsock settings.

§  Click on Scan button.

§  When the scan has finished click on Cleaning button.

§  Your computer will be rebooted automatically. A text file will open after the restart.

§  Please post the contents of that logfile with your next reply.

§  You can find the logfile at C:\AdwCleaner[C1].txt as well.

-----

 

Please download Junkware Removal Tool  to your desktop.

§  Shut down your protection software now to avoid potential conflicts.

§  Run the tool by double-clicking it. If you are using Windows Vista, 7, 8 or 10; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

§  The tool will open and start scanning your system.

§  Please be patient as this can take a while to complete depending on your system's specifications.

§  On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

§  Post the contents of JRT.txt into your next message.

---------


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#3 TLARbb

TLARbb
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Athens, LA, USA
  • Local time:09:51 AM

Posted 21 November 2015 - 10:14 PM

I am rerunning the scan because I forgot to check the "scan for rootkits" box.

Here is the scan log for the scan that was run:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 11/21/2015
Scan Time: 8:35 PM
Logfile: 
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2015.11.22.01
Rootkit Database: v2015.11.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: VideoOp
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 326018
Time Elapsed: 10 min, 52 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 4
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\OLDSEARCH, Quarantined, [fe0b0180b6d555e106fb5162b54e39c7], 
PUP.Optional.WinYahoo, HKU\S-1-5-21-2627702009-2065322114-1373109395-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\OLDSEARCH, Quarantined, [34d5b4cd315ab87e1ce310a2d72c50b0], 
PUP.Optional.BDYahoo, HKU\S-1-5-21-2627702009-2065322114-1373109395-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6E1DFFB0-D71C-49B4-8B66-EB070EDEEF60}, Quarantined, [53b66e13b1dae84e022288e1ff04c43c], 
PUP.Optional.ProductSetup, HKU\S-1-5-21-2627702009-2065322114-1373109395-1001\SOFTWARE\PRODUCTSETUP, Quarantined, [ba4f235e4942cf6701d6cbc7ab585fa1], 
 
Registry Values: 6
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\OldSearch|URL, https://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_ir_15_42&param1=1&param2=f[fe0b0180b6d555e106fb5162b54e39c7]D4%26b[fe0b0180b6d555e106fb5162b54e39c7]DIE%26cc[fe0b0180b6d555e106fb5162b54e39c7]Dus%26pa[fe0b0180b6d555e106fb5162b54e39c7]DWincy%26cd[fe0b0180b6d555e106fb5162b54e39c7]D2XzuyEtN2Y1L1QzutAyE0EyC0DyByCyCyD0C0AyEyByDzytBtN0D0Tzu0StCtAzzyEtN1L2XzutAtFtCtAtFyBtFtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDyC0AyB0FtBzz0DtGtCtDtDyEtG0F0Bzz0EtGyC0A0CtBtGyDzzzy0FtCyEzztByB0DtBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0DtBtC0C0ByD0FtG0BtDtD0DtGyE0CtDyDtGzzyDzzzytG0DtAyDtDtDtAtDtBtB0AtDyE2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCtDyB%26cr[fe0b0180b6d555e106fb5162b54e39c7]D379788370%26a[fe0b0180b6d555e106fb5162b54e39c7]Dwncy_ir_15_42%26os[fe0b0180b6d555e106fb5162b54e39c7]DWindowsQuarantinedB8.1&p={searchTerms}, %4, %5
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\OldSearch|TopResultURLFallback, https://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_ir_15_42&param1=1&param2=f[f712abd6206b53e3d22f278cd72c58a8]D4%26b[f712abd6206b53e3d22f278cd72c58a8]DIE%26cc[f712abd6206b53e3d22f278cd72c58a8]Dus%26pa[f712abd6206b53e3d22f278cd72c58a8]DWincy%26cd[f712abd6206b53e3d22f278cd72c58a8]D2XzuyEtN2Y1L1QzutAyE0EyC0DyByCyCyD0C0AyEyByDzytBtN0D0Tzu0StCtAzzyEtN1L2XzutAtFtCtAtFyBtFtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDyC0AyB0FtBzz0DtGtCtDtDyEtG0F0Bzz0EtGyC0A0CtBtGyDzzzy0FtCyEzztByB0DtBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0DtBtC0C0ByD0FtG0BtDtD0DtGyE0CtDyDtGzzyDzzzytG0DtAyDtDtDtAtDtBtB0AtDyE2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCtDyB%26cr[f712abd6206b53e3d22f278cd72c58a8]D379788370%26a[f712abd6206b53e3d22f278cd72c58a8]Dwncy_ir_15_42%26os[f712abd6206b53e3d22f278cd72c58a8]DWindowsQuarantinedB8.1&p={searchTerms}, %4, %5
PUP.Optional.WinYahoo, HKU\S-1-5-21-2627702009-2065322114-1373109395-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\OldSearch|URL, https://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_ir_15_42&param1=1&param2=f[34d5b4cd315ab87e1ce310a2d72c50b0]D4%26b[34d5b4cd315ab87e1ce310a2d72c50b0]DIE%26cc[34d5b4cd315ab87e1ce310a2d72c50b0]Dus%26pa[34d5b4cd315ab87e1ce310a2d72c50b0]DWincy%26cd[34d5b4cd315ab87e1ce310a2d72c50b0]D2XzuyEtN2Y1L1QzutAyE0EyC0DyByCyCyD0C0AyEyByDzytBtN0D0Tzu0StCtAzzyEtN1L2XzutAtFtCtAtFyBtFtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDyC0AyB0FtBzz0DtGtCtDtDyEtG0F0Bzz0EtGyC0A0CtBtGyDzzzy0FtCyEzztByB0DtBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0DtBtC0C0ByD0FtG0BtDtD0DtGyE0CtDyDtGzzyDzzzytG0DtAyDtDtDtAtDtBtB0AtDyE2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCtDyB%26cr[34d5b4cd315ab87e1ce310a2d72c50b0]D379788370%26a[34d5b4cd315ab87e1ce310a2d72c50b0]Dwncy_ir_15_42%26os[34d5b4cd315ab87e1ce310a2d72c50b0]DWindowsQuarantinedB8.1&p={searchTerms}, %4, %5
PUP.Optional.WinYahoo, HKU\S-1-5-21-2627702009-2065322114-1373109395-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\OldSearch|TopResultURLFallback, https://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_ir_15_42&param1=1&param2=f[ff0a037eaeddd95db24d753ddd26827e]D4%26b[ff0a037eaeddd95db24d753ddd26827e]DIE%26cc[ff0a037eaeddd95db24d753ddd26827e]Dus%26pa[ff0a037eaeddd95db24d753ddd26827e]DWincy%26cd[ff0a037eaeddd95db24d753ddd26827e]D2XzuyEtN2Y1L1QzutAyE0EyC0DyByCyCyD0C0AyEyByDzytBtN0D0Tzu0StCtAzzyEtN1L2XzutAtFtCtAtFyBtFtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDyC0AyB0FtBzz0DtGtCtDtDyEtG0F0Bzz0EtGyC0A0CtBtGyDzzzy0FtCyEzztByB0DtBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0DtBtC0C0ByD0FtG0BtDtD0DtGyE0CtDyDtGzzyDzzzytG0DtAyDtDtDtAtDtBtB0AtDyE2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCtDyB%26cr[ff0a037eaeddd95db24d753ddd26827e]D379788370%26a[ff0a037eaeddd95db24d753ddd26827e]Dwncy_ir_15_42%26os[ff0a037eaeddd95db24d753ddd26827e]DWindowsQuarantinedB8.1&p={searchTerms}, %4, %5
PUP.Optional.BDYahoo, HKU\S-1-5-21-2627702009-2065322114-1373109395-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6E1DFFB0-D71C-49B4-8B66-EB070EDEEF60}|URL, http://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bir-dd__alt__ddc_dss_bd_com&p={searchTerms}, Quarantined, [53b66e13b1dae84e022288e1ff04c43c]
PUP.Optional.ProductSetup, HKU\S-1-5-21-2627702009-2065322114-1373109395-1001\SOFTWARE\PRODUCTSETUP|tb, 0X1F1T1V1G1G, Quarantined, [ba4f235e4942cf6701d6cbc7ab585fa1]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 13
PUP.Optional.Updater, C:\Program Files (x86)\Common Files\3a08aecf-996c-434c-872d-c3768a6d9134, Quarantined, [f4152e53a5e6fa3caadce7bbaf54d729], 
PUP.Optional.Updater, C:\Program Files (x86)\Common Files\3a08aecf-996c-434c-872d-c3768a6d9134\updater, Quarantined, [f4152e53a5e6fa3caadce7bbaf54d729], 
PUP.Optional.Yontoo, C:\ProgramData\3a08aecf-996c-434c-872d-c3768a6d9134, Quarantined, [4cbd89f8ddae290da9a40b815ca65ea2], 
PUP.Optional.Yontoo, C:\ProgramData\3a08aecf-996c-434c-872d-c3768a6d9134\plugincontainer, Quarantined, [4cbd89f8ddae290da9a40b815ca65ea2], 
PUP.Optional.Yontoo, C:\ProgramData\3a08aecf-996c-434c-872d-c3768a6d9134\plugins, Quarantined, [4cbd89f8ddae290da9a40b815ca65ea2], 
PUP.Optional.Yontoo, C:\ProgramData\3a08aecf-996c-434c-872d-c3768a6d9134\plugins\10, Quarantined, [4cbd89f8ddae290da9a40b815ca65ea2], 
PUP.Optional.Yontoo, C:\ProgramData\3a08aecf-996c-434c-872d-c3768a6d9134\plugins\2, Quarantined, [4cbd89f8ddae290da9a40b815ca65ea2], 
PUP.Optional.Yontoo, C:\ProgramData\3a08aecf-996c-434c-872d-c3768a6d9134\plugins\3, Quarantined, [4cbd89f8ddae290da9a40b815ca65ea2], 
PUP.Optional.Yontoo, C:\ProgramData\3a08aecf-996c-434c-872d-c3768a6d9134\plugins\5, Quarantined, [4cbd89f8ddae290da9a40b815ca65ea2], 
PUP.Optional.Yontoo, C:\ProgramData\3a08aecf-996c-434c-872d-c3768a6d9134\plugins\6, Quarantined, [4cbd89f8ddae290da9a40b815ca65ea2], 
PUP.Optional.Yontoo, C:\ProgramData\3a08aecf-996c-434c-872d-c3768a6d9134\plugins\7, Quarantined, [4cbd89f8ddae290da9a40b815ca65ea2], 
PUP.Optional.Yontoo, C:\ProgramData\3a08aecf-996c-434c-872d-c3768a6d9134\plugins\7\resources, Quarantined, [4cbd89f8ddae290da9a40b815ca65ea2], 
PUP.Optional.Yontoo, C:\ProgramData\3a08aecf-996c-434c-872d-c3768a6d9134\plugins\8, Quarantined, [4cbd89f8ddae290da9a40b815ca65ea2], 
 
Files: 11
PUP.Optional.Yontoo, C:\ProgramData\3a08aecf-996c-434c-872d-c3768a6d9134\plugincontainer.exe, Quarantined, [8c7ddba6f695b284d0d4573f2ad7e11f], 
PUP.Optional.Yontoo, C:\ProgramData\3a08aecf-996c-434c-872d-c3768a6d9134\plugins\7\resources\38.0.5.dll, Quarantined, [9c6dafd2fc8f9e9841632b6bb150ba46], 
PUP.Optional.Yontoo, C:\ProgramData\3a08aecf-996c-434c-872d-c3768a6d9134\plugins\7\resources\39.0.0.dll, Quarantined, [b85197ea7b102a0cb6ee33635ea336ca], 
PUP.Optional.Yontoo, C:\ProgramData\3a08aecf-996c-434c-872d-c3768a6d9134\plugins\7\resources\40.0.0.dll, Quarantined, [07024b36573430069b094353d32e629e], 
PUP.Optional.InstallCore, C:\Users\VideoOp\Desktop\Codec-Pack_installer.exe, Quarantined, [9376265b6526221459e47a09d4305ba5], 
PUP.Optional.APNToolBar, C:\Users\VideoOp\Downloads\WeatherBugSetup.exe, Quarantined, [23e6a1e02d5e60d6b340c65f08f953ad], 
PUP.Optional.OpenCandy, C:\Users\VideoOp\Downloads\FreeYouTubeDownloaderOC.exe, Quarantined, [f910d9a8c7c4f44248c701ff8879ac54], 
PUP.Optional.OpenCandy, C:\Users\VideoOp\Downloads\SetupImgBurn_2.5.8.0.exe, Quarantined, [63a64d34830889ad6fb27204976d39c7], 
PUP.Optional.SmileFiles, C:\Users\VideoOp\Music\Sandi_Patty_Another_Time_Another_Place.zip, Quarantined, [f316a9d8315a84b246c82a53a46052ae], 
PUP.Optional.Updater, C:\Program Files (x86)\Common Files\3a08aecf-996c-434c-872d-c3768a6d9134\updater.exe, Quarantined, [f4152e53a5e6fa3caadce7bbaf54d729], 
PUP.Optional.Yontoo, C:\ProgramData\3a08aecf-996c-434c-872d-c3768a6d9134\temp, Quarantined, [4cbd89f8ddae290da9a40b815ca65ea2], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
I'll post the results of the second scan when it completes later tonight.
 
EJ


#4 TLARbb

TLARbb
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Athens, LA, USA
  • Local time:09:51 AM

Posted 21 November 2015 - 10:39 PM

Second scan results.  Evidently no rootkits.

'Malwarebytes Anti-Malware

www.malwarebytes.org
 
Scan Date: 11/21/2015
Scan Time: 9:17 PM
Logfile: 
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2015.11.22.01
Rootkit Database: v2015.11.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: VideoOp
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 326799
Time Elapsed: 17 min, 50 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
EJ


#5 TLARbb

TLARbb
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Athens, LA, USA
  • Local time:09:51 AM

Posted 21 November 2015 - 10:50 PM

AdwCleaner log:

 

# AdwCleaner v5.021 - Logfile created 21/11/2015 at 21:47:27
# Updated 14/11/2015 by Xplode
# Database : 2015-11-19.4 [Server]
# Operating system : Windows 8.1  (x64)
# Username : VideoOp - WORSHIP15
# Running from : C:\Users\VideoOp\Downloads\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\VideoOp\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_searchinterneat-a.akamaihd.net_0.localstorage
[-] File Deleted : C:\Users\VideoOp\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_searchinterneat-a.akamaihd.net_0.localstorage-journal
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\C3F6D7A0BA2FDE84EB329997B1FF786D
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
 
***** [ Web browsers ] *****
 
[-] [C:\Users\VideoOp\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\VideoOp\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
 
*************************
 
:: "Tracing" keys removed
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1686 bytes] ##########


#6 TLARbb

TLARbb
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Athens, LA, USA
  • Local time:09:51 AM

Posted 21 November 2015 - 11:03 PM

JRT scan log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.0 (11.12.2015)
Operating System: Windows 8.1 x64 
Ran by VideoOp (Administrator) on Sat 11/21/2015 at 21:59:36.83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 3 
 
Successfully deleted: C:\Windows\system32\Tasks\PCDEventLauncherTask (Task)
Successfully deleted: C:\Windows\system32\Tasks\PCDoctorBackgroundMonitorTask (Task)
Successfully deleted: C:\Windows\prefetch\DRIVERCONSOLEAPP.EXE-23D95800.pf (File) 
 
 
 
Registry: 2 
 
Successfully deleted: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6043CEC0-2601-41C3-B1D5-A440C2AB469F} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 11/21/2015 at 22:01:02.80
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
EJ


#7 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:05:51 PM

Posted 22 November 2015 - 02:28 AM

Did you removed SpyHunter?

 

Do you still have problems?


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#8 TLARbb

TLARbb
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Athens, LA, USA
  • Local time:09:51 AM

Posted 22 November 2015 - 08:50 AM

Yes, I removed it, but still had the hijack in the browser.  At least the "home" page sent me to yahoo search, as if it was hijacked; The address bar comes up with the redirect URL when I start Chrome.

 

IE seems to be okay, but I don't use it.  

 

I won't be on the internet with that computer until about 8:00 PM my time (USA Central) tonight.  I appreciate your help so far; I think things are better.  I'll experiment again tonight and report back.  I think we are pretty close to killing the hijack.

 

EJ


Edited by TLARbb, 22 November 2015 - 08:57 AM.


#9 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:05:51 PM

Posted 22 November 2015 - 12:09 PM

That Yahoo search page can be a problem to remove. Check Google Chrome extensions, if you see some unknown you can remove it. 

 

You can also try to reset Chrome to default settings.

 

Reset your browser settings to default:

§  How to Reset Your Web Browser to its default settings in Google Chrome, Firefox, Internet Explorer

§  How to reset your browser settings to default in Internet Explorer, Firefox, Google Chrome, Opera, Safari

§  How to reset Internet Explorer settings (all versions)

§  Refresh Firefox - reset add-ons and settings

§  Reset Chrome browser settings

§  Reset Default Page Settings in Google Chrome


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#10 TLARbb

TLARbb
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Athens, LA, USA
  • Local time:09:51 AM

Posted 22 November 2015 - 02:24 PM

I ran the following checks to see if the hijacker had been killed.  It appears that it has not.

 

I created a word document with a hyperlink to a specific website.  When I open the hyperlink (with the browser not running) the browser opens to the yahoo search page and not to the hyperlinked page.

 

I went into browser settings and set up the home button to start a specific page upon browser start and the browser opens with the right address, but the hijack redirects it to the yahoo search.  

 

So, I still have the issue.

 

I will try to do a chrome reset and see what that does. 

 

Do you think I need to uninstall the ImgBurn program that hosted this issue?

Do you think I need to uninstall Chrome and clean the machine again with the tools and reinstall?

 

EJ


Edited by TLARbb, 22 November 2015 - 02:30 PM.


#11 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:05:51 PM

Posted 22 November 2015 - 02:28 PM

You have tried to reset your browser settings?


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#12 TLARbb

TLARbb
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Athens, LA, USA
  • Local time:09:51 AM

Posted 22 November 2015 - 05:31 PM

Yes.  I have done that.  And still having the issue.  

 

In fact, after I reset the browser, the search engines list was repopulated with the redirect  and Bing, Ask, and one other one.  I went in and deleted all of those, made sure the home page and start  pages were set to what I wanted (I had to manually change them).  Then, I closed  Chrome and restarted, and it regenerated again.   

 

EJ



#13 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:05:51 PM

Posted 22 November 2015 - 11:38 PM

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:

§  Flush DNS

§  Report IE Proxy Settings

§  Reset IE Proxy Settings

§  Report FF Proxy Settings

§  Reset FF Proxy Settings

§  List content of Hosts

§  List IP configuration

§  List Winsock Entries

§  List last 10 Event Viewer log

§  List Installed Programs

§  List Devices

§  List Users, Partitions and Memory size.

§  List Minidump Files

§  List Restore Points

Click Go and post the result (MTB.txt). A copy of MTB.txt will be saved in the same directory the tool is run.

---------

 

Re-scan with MBAM and post log if MBAM finds anything.


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#14 TLARbb

TLARbb
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Athens, LA, USA
  • Local time:09:51 AM

Posted 23 November 2015 - 06:59 AM

MTB log:

 

MiniToolBox by Farbar  Version: 02-11-2015
Ran by VideoOp (administrator) on 23-11-2015 at 05:55:16
Running from "C:\Users\VideoOp\Desktop"
Microsoft Windows 8.1  (X64)
Model: Inspiron 5558 Manufacturer: Dell Inc.
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
========================= IP Configuration: ================================
 
Intel® Dual Band Wireless-AC 3160 = Wi-Fi (Connected)
Realtek PCIe FE Family Controller = Ethernet (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Worship15
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : nexussystems.net
 
Wireless LAN adapter Local Area Connection* 3:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 34-E6-AD-6D-E4-FE
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 34-E6-AD-6D-E5-01
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : 34-E6-D7-66-5C-A4
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : nexussystems.net
   Description . . . . . . . . . . . : Intel® Dual Band Wireless-AC 3160
   Physical Address. . . . . . . . . : 34-E6-AD-6D-E4-FD
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::9429:88bf:286:ce27%3(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.7.147(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Sunday, November 22, 2015 9:29:14 PM
   Lease Expires . . . . . . . . . . : Tuesday, November 24, 2015 5:34:03 AM
   Default Gateway . . . . . . . . . : 192.168.7.1
   DHCP Server . . . . . . . . . . . : 192.168.7.1
   DHCPv6 IAID . . . . . . . . . . . : 53798573
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-EE-36-4B-34-E6-D7-66-5C-A4
   DNS Servers . . . . . . . . . . . : 10.230.23.97
                                       10.230.23.98
                                       192.168.7.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap.nexussystems.net:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : nexussystems.net
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:2cba:15a5:bf10:281d(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::2cba:15a5:bf10:281d%10(Preferred) 
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 369098752
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-EE-36-4B-34-E6-D7-66-5C-A4
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  UnKnown
Address:  10.230.23.97
 
Name:    google.com
Addresses:  2607:f8b0:4000:804::1000
 74.125.227.164
 74.125.227.165
 74.125.227.168
 74.125.227.169
 74.125.227.166
 74.125.227.160
 74.125.227.161
 74.125.227.163
 74.125.227.162
 74.125.227.174
 74.125.227.167
 
 
Pinging google.com [74.125.227.165] with 32 bytes of data:
Reply from 74.125.227.165: bytes=32 time=18ms TTL=54
Reply from 74.125.227.165: bytes=32 time=13ms TTL=54
 
Ping statistics for 74.125.227.165:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 13ms, Maximum = 18ms, Average = 15ms
Server:  UnKnown
Address:  10.230.23.97
 
Name:    yahoo.com
Addresses:  2001:4998:44:204::a7
 2001:4998:58:c02::a9
 2001:4998:c:a06::2:4008
 206.190.36.45
 98.139.183.24
 98.138.253.109
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=58ms TTL=50
Reply from 98.139.183.24: bytes=32 time=58ms TTL=50
 
Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 58ms, Maximum = 58ms, Average = 58ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  7...34 e6 ad 6d e4 fe ......Microsoft Wi-Fi Direct Virtual Adapter
  5...34 e6 ad 6d e5 01 ......Bluetooth Device (Personal Area Network)
  4...34 e6 d7 66 5c a4 ......Realtek PCIe FE Family Controller
  3...34 e6 ad 6d e4 fd ......Intel® Dual Band Wireless-AC 3160
  1...........................Software Loopback Interface 1
  8...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 10...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.7.1    192.168.7.147     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.7.0    255.255.255.0         On-link     192.168.7.147    281
    192.168.7.147  255.255.255.255         On-link     192.168.7.147    281
    192.168.7.255  255.255.255.255         On-link     192.168.7.147    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.7.147    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.7.147    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 10    306 ::/0                     On-link
  1    306 ::1/128                  On-link
 10    306 2001::/32                On-link
 10    306 2001:0:5ef5:79fd:2cba:15a5:bf10:281d/128
                                    On-link
  3    281 fe80::/64                On-link
 10    306 fe80::/64                On-link
 10    306 fe80::2cba:15a5:bf10:281d/128
                                    On-link
  3    281 fe80::9429:88bf:286:ce27/128
                                    On-link
  1    306 ff00::/8                 On-link
  3    281 ff00::/8                 On-link
 10    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [55296] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [65536] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [23040] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [50688] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [69120] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30720] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (11/21/2015 09:17:03 PM) (Source: Application Error) (User: )
Description: Faulting application name: mbam.exe, version: 2.3.125.0, time stamp: 0x5612a56b
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x1394
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
Faulting package full name: mbam.exe4
Faulting package-relative application ID: mbam.exe5
 
Error: (11/21/2015 03:33:33 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   Instantiating VSS server
 
Error: (11/21/2015 03:33:33 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x80070005, Access is denied.
]
 
 
Operation:
   Instantiating VSS server
 
Error: (11/21/2015 10:41:28 AM) (Source: Application Hang) (User: )
Description: The program BackgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 3f0
 
Start Time: 01d1247abe1dc023
 
Termination Time: 4294967295
 
Application Path: C:\Windows\System32\BackgroundTaskHost.exe
 
Report Id: b1060f73-906e-11e5-826d-34e6ad6de501
 
Faulting package full name: Microsoft.BingNews_3.0.4.336_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: AppexNews
 
Error: (11/21/2015 10:25:23 AM) (Source: Application Hang) (User: )
Description: The program BackgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: e08
 
Start Time: 01d124787e7365d2
 
Termination Time: 4294967295
 
Application Path: C:\Windows\System32\BackgroundTaskHost.exe
 
Report Id: 722479f3-906c-11e5-826d-34e6ad6de501
 
Faulting package full name: Microsoft.BingNews_3.0.4.336_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: AppexNews
 
Error: (11/18/2015 04:47:17 PM) (Source: TrueColorALS) (User: )
Description: TrueColorALSCUISDKaccess(): Getting access to the pipe failed. Error:1073741825 (0x40000001) and Error: 2 (0x2)
 
Error: (11/18/2015 08:13:17 AM) (Source: TrueColorALS) (User: )
Description: TrueColorALSCUISDKaccess(): Getting access to the pipe failed. Error:1073741825 (0x40000001) and Error: 2 (0x2)
 
Error: (11/15/2015 06:01:42 PM) (Source: Application Hang) (User: )
Description: The program BackgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1590
 
Start Time: 01d120013f404787
 
Termination Time: 4294967295
 
Application Path: C:\Windows\System32\BackgroundTaskHost.exe
 
Report Id: 32c4e1bb-8bf5-11e5-826d-34e6ad6de501
 
Faulting package full name: Microsoft.BingNews_3.0.4.336_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: AppexNews
 
Error: (11/15/2015 11:01:12 AM) (Source: Application Hang) (User: )
Description: The program BackgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 370
 
Start Time: 01d11fc5787442c1
 
Termination Time: 4294967295
 
Application Path: C:\Windows\System32\BackgroundTaskHost.exe
 
Report Id: 783c251e-8bba-11e5-826d-34e6ad6de501
 
Faulting package full name: Microsoft.BingNews_3.0.4.336_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: AppexNews
 
Error: (11/11/2015 06:22:57 PM) (Source: TrueColorALS) (User: )
Description: TrueColorALSALSWorkerThread(): ALS thread Error on WaitForSingleObject(). Error 6
 
 
System errors:
=============
Error: (11/22/2015 09:28:38 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\IWMSSvc.dll
 
Error: (11/22/2015 09:28:38 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\IWMSSvc.dll
 
Error: (11/22/2015 09:28:37 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\IWMSSvc.dll
 
Error: (11/22/2015 09:28:20 PM) (Source: Service Control Manager) (User: )
Description: The WMI Performance Adapter service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (11/22/2015 09:28:19 PM) (Source: Service Control Manager) (User: )
Description: The Dell Data Vault service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/22/2015 09:28:19 PM) (Source: Service Control Manager) (User: )
Description: The SoftThinks Agent Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/22/2015 09:28:19 PM) (Source: Service Control Manager) (User: )
Description: The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/22/2015 09:28:19 PM) (Source: Service Control Manager) (User: )
Description: The Intel® Dynamic Application Loader Host Interface Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/22/2015 09:28:19 PM) (Source: Service Control Manager) (User: )
Description: The Dell Update Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/22/2015 09:28:19 PM) (Source: Service Control Manager) (User: )
Description: The Dell Data Vault Wizard service terminated unexpectedly.  It has done this 1 time(s).
 
 
Microsoft Office Sessions:
=========================
Error: (11/21/2015 09:17:03 PM) (Source: Application Error)(User: )
Description: mbam.exe2.3.125.05612a56bMSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd139401d124d3325fd1e0C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll80018df6-90c7-11e5-8272-34e6ad6de501
 
Error: (11/21/2015 03:33:33 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x80070005, Access is denied.
 
 
Operation:
   Instantiating VSS server
 
Error: (11/21/2015 03:33:33 PM) (Source: VSS)(User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x80070005, Access is denied.
 
 
Operation:
   Instantiating VSS server
 
Error: (11/21/2015 10:41:28 AM) (Source: Application Hang)(User: )
Description: BackgroundTaskHost.exe6.3.9600.174153f001d1247abe1dc0234294967295C:\Windows\System32\BackgroundTaskHost.exeb1060f73-906e-11e5-826d-34e6ad6de501Microsoft.BingNews_3.0.4.336_x64__8wekyb3d8bbweAppexNews
 
Error: (11/21/2015 10:25:23 AM) (Source: Application Hang)(User: )
Description: BackgroundTaskHost.exe6.3.9600.17415e0801d124787e7365d24294967295C:\Windows\System32\BackgroundTaskHost.exe722479f3-906c-11e5-826d-34e6ad6de501Microsoft.BingNews_3.0.4.336_x64__8wekyb3d8bbweAppexNews
 
Error: (11/18/2015 04:47:17 PM) (Source: TrueColorALS)(User: )
Description: TrueColorALSCUISDKaccess(): Getting access to the pipe failed. Error:1073741825 (0x40000001) and Error: 2 (0x2)
 
Error: (11/18/2015 08:13:17 AM) (Source: TrueColorALS)(User: )
Description: TrueColorALSCUISDKaccess(): Getting access to the pipe failed. Error:1073741825 (0x40000001) and Error: 2 (0x2)
 
Error: (11/15/2015 06:01:42 PM) (Source: Application Hang)(User: )
Description: BackgroundTaskHost.exe6.3.9600.17415159001d120013f4047874294967295C:\Windows\System32\BackgroundTaskHost.exe32c4e1bb-8bf5-11e5-826d-34e6ad6de501Microsoft.BingNews_3.0.4.336_x64__8wekyb3d8bbweAppexNews
 
Error: (11/15/2015 11:01:12 AM) (Source: Application Hang)(User: )
Description: BackgroundTaskHost.exe6.3.9600.1741537001d11fc5787442c14294967295C:\Windows\System32\BackgroundTaskHost.exe783c251e-8bba-11e5-826d-34e6ad6de501Microsoft.BingNews_3.0.4.336_x64__8wekyb3d8bbweAppexNews
 
Error: (11/11/2015 06:22:57 PM) (Source: TrueColorALS)(User: )
Description: TrueColorALSALSWorkerThread(): ALS thread Error on WaitForSingleObject(). Error 6
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-11-22 15:42:30.699
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-11-22 11:04:09.070
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-11-21 13:52:17.819
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-11-12 08:17:24.016
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-11-02 06:19:19.555
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-10-30 06:49:21.216
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-10-16 06:59:23.141
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-10-02 07:41:32.539
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-09-23 07:39:04.163
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-09-14 17:03:13.067
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
=========================== Installed Programs ============================
 
Adobe Reader XI  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.8.0.66 - Dell Inc.)
Dell Customer Connect (HKLM-x32\...\{FEFDCDCF-C49C-45D0-AAF8-5345858ADEC7}) (Version: 1.2.1.0 - Dell Inc.)
Dell Data Services (HKLM\...\{90F9BFC9-A2A9-403F-9A40-1063FAD035BA}) (Version: 1.1.6.0 - Dell Inc.)
Dell Data Vault (HKLM\...\{2E55EEFD-2162-4A7D-9158-EDB0305603A6}) (Version: 4.3.5.1 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{693A23FB-F28B-4F7A-A720-4C1263F97F43}) (Version: 3.1.1002.0 - Dell Products, LP)
Dell Foundation Services (HKLM\...\{B1714996-891A-43D2-8B83-CCFB2EC53978}) (Version: 2.3.3800.0 - Dell Inc.)
Dell Help & Support (HKLM\...\{A00269ED-FD88-4907-834B-60B70DCE82C5}) (Version: 2.0.366.0 - Dell Inc.) Hidden
Dell Help & Support (HKLM-x32\...\InstallShield_{A00269ED-FD88-4907-834B-60B70DCE82C5}) (Version: 2.0.366.0 - Dell Inc.)
Dell Power Manager Lite (HKLM-x32\...\{BF1F9D57-57A1-4E87-A8E8-41F2B2AD6F53}) (Version: 1.0.0.1 - Compal Inc.) Hidden
Dell Power Manager Lite (HKLM-x32\...\InstallShield_{BF1F9D57-57A1-4E87-A8E8-41F2B2AD6F53}) (Version: 1.0.0.1 - Compal Inc.)
Dell Product Registration (HKLM-x32\...\{17FFE63C-6734-4950-B488-134B5A2505F7}) (Version: 2.04.0280 - Aviata Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.93 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.1.14 - Dell)
Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
Dropbox 20 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 0.9.0 - Dropbox, Inc.)
EasyWorship 2009 (HKLM-x32\...\{A92509EA-B526-4869-B8B3-A39E20DBBE7A}_is1) (Version: 2009.01.04 - Softouch Development, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.28.15 - Google Inc.) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Chipset Device Software (HKLM-x32\...\{e3d22965-5c2d-48c8-acec-c2ba2d50b275}) (Version: 10.0.22 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.30.1072 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4029 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.226.0 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{B991A1BC-DE0F-41B3-9037-B2F948F706EC}) (Version: 3.1.1228 - Intel Corporation)
Intel® WiDi (HKLM\...\{2F97FBC6-7992-4DF7-A7C7-B68455E307F7}) (Version: 5.1.20.0 - Intel Corporation)
Intel® Wireless Bluetooth®(patch version 17.1.1449.356) (HKLM\...\{302600C1-6BDF-4FD1-1411-148929CC1385}) (Version: 17.1.1411.0506 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{313c06de-4aa7-4a1f-930a-f10f80380426}) (Version: 17.14.0 - Intel Corporation)
K-Lite Codec Pack 11.5.3 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.5.3 - )
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 1.6.5073.103 - Waves Audio Ltd.) Hidden
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.124 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.39060 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7433 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
True Color (HKLM\...\{E00D25B3-85A0-4B51-9877-CD27FA222844}) (Version: 6.0.0.10 - Entertainment Experience LLC) Hidden
True Color (HKLM-x32\...\{992885f0-c469-4089-9719-24e16f896fc1}) (Version: 6.0.0.10 - Entertainment Experience)
 
========================= Devices: ================================
 
Name: HID-compliant touch pad
Description: HID-compliant touch pad
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: 
Device ID: HID\DLLC6AE&COL02\5&118778CA&0&0001
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Integrated Webcam
Description: USB Video Device
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo
Device ID: USB\VID_0C45&PID_6712&MI_00\7&1E9244D7&0&0000
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 22%
Total physical RAM: 8102.68 MB
Available physical RAM: 6263.04 MB
Total Virtual: 9382.68 MB
Available Virtual: 7322.31 MB
 
========================= Partitions: =====================================
 
1 Drive c: (OS) (Fixed) (Total:922.16 GB) (Free:836.11 GB) NTFS
3 Drive e: (ESP) (Fixed) (Total:0.48 GB) (Free:0.43 GB) FAT32
4 Drive w: (PBR Image) (Fixed) (Total:7.97 GB) (Free:0.73 GB) NTFS
5 Drive x: (WINRETOOLS) (Fixed) (Total:0.73 GB) (Free:0.44 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\WORSHIP15
 
Administrator            Guest                    VideoOp                  
 
========================= Minidump Files ==================================
 
No minidump file found
 
========================= Restore Points ==================================
 
18-11-2015 14:50:46 Scheduled Checkpoint
22-11-2015 03:59:39 JRT Pre-Junkware Removal
 
**** End of log ****

Next post will be the MBAM log...
 
EJ


#15 TLARbb

TLARbb
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Athens, LA, USA
  • Local time:09:51 AM

Posted 23 November 2015 - 07:21 AM

MBAM did not find anything.

 

EJ






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users