Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

messages in firefox


  • Please log in to reply
15 replies to this topic

#1 Tilkon

Tilkon

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Local time:08:16 AM

Posted 04 February 2016 - 09:26 AM

Hello,

 

I am on Windows 7.

I use Firefox. Since few days, while using Firefox - especially when using the search box, but also upon opening new tabs and during normal browsing - I get a message (in a squared window) like this:

 

It was chosen to open: (my translation, my firefox is not in english)

 

push                 (or "search", or nothing)

 

type: application/octet-stream

from: https://cm.g.doubleclick.net

 

What Firefox have to do with this file?

Open with...

Save

 

 

 

 



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,534 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:16 AM

Posted 10 February 2016 - 04:01 PM

Looks like Adware

3Al62Pm.pngMiniToolBox
  • Please download MiniToolBox, save it to your desktop and run it.
  • Checkmark the following checkboxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
zcMPezJ.pngAdwCleaner
  • Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
lv0mVRW.pngJunkware Removal Tool
  • Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
cvMlKv6.pngESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Tilkon

Tilkon
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Local time:08:16 AM

Posted 11 February 2016 - 04:39 AM

MiniToolBox by Farbar  Version: 07-02-2016 01
Ran by Cesare (administrator) on 11-02-2016 at 10:00:11
Running from "C:\Users\Cesare\Desktop"
Microsoft Windows 7 Professional  Service Pack 1 (X86)
Model: HP Pavilion dv6 Notebook PC Manufacturer: Hewlett-Packard
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Configurazione IP di Windows

Cache del resolver DNS svuotata.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
========================= IP Configuration: ================================

Intel® WiFi Link 5100 AGN = Connessione rete wireless (Connected)
Scheda NIC Gigabit Ethernet PCI-E Realtek RTL8168C(P)/8111C(P) (NDIS 6.20) = Connessione alla rete locale (LAN) (Media disconnected)
Dispositivo Bluetooth (Personal Area Network) = Connessione di rete Bluetooth (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Connessione rete wireless 2 (Media disconnected)


# ----------------------------------
# Configurazione IPv4
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add route prefix=169.254.0.0/16 interface="iftype0_0" nexthop=192.168.1.5 metric=1 publish=SÞ


popd
# Fine configurazione IPv4



Configurazione IP di Windows

   Nome host . . . . . . . . . . . . . . : PC
   Suffisso DNS primario . . . . . . . . :
   Tipo nodo . . . . . . . . . . . . . . : Ibrido
   Routing IP abilitato. . . . . . . . . : No
   Proxy WINS abilitato . . . . . . . .  : No

Scheda LAN wireless Connessione rete wireless 2:

   Stato supporto. . . . . . . . . . . . : Supporto disconnesso
   Suffisso DNS specifico per connessione:
   Descrizione . . . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Indirizzo fisico. . . . . . . . . . . : 00-22-FA-4C-2D-C9
   DHCP abilitato. . . . . . . . . . . . : S
   Configurazione automatica abilitata   : S

Scheda Ethernet Connessione di rete Bluetooth:

   Stato supporto. . . . . . . . . . . . : Supporto disconnesso
   Suffisso DNS specifico per connessione:
   Descrizione . . . . . . . . . . . . . : Dispositivo Bluetooth (Personal Area Network)
   Indirizzo fisico. . . . . . . . . . . : 00-24-7E-61-10-C8
   DHCP abilitato. . . . . . . . . . . . : S
   Configurazione automatica abilitata   : S

Scheda Ethernet Connessione alla rete locale (LAN):

   Stato supporto. . . . . . . . . . . . : Supporto disconnesso
   Suffisso DNS specifico per connessione:
   Descrizione . . . . . . . . . . . . . : Scheda NIC Gigabit Ethernet PCI-E Realtek RTL8168C(P)/8111C(P) (NDIS 6.20)
   Indirizzo fisico. . . . . . . . . . . : 00-23-8B-C0-6D-2A
   DHCP abilitato. . . . . . . . . . . . : S
   Configurazione automatica abilitata   : S

Scheda LAN wireless Connessione rete wireless:

   Suffisso DNS specifico per connessione:
   Descrizione . . . . . . . . . . . . . : Intel® WiFi Link 5100 AGN
   Indirizzo fisico. . . . . . . . . . . : 00-22-FA-4C-2D-C8
   DHCP abilitato. . . . . . . . . . . . : S
   Configurazione automatica abilitata   : S
   Indirizzo IPv6 locale rispetto al collegamento . : fe80::580:f014:b4d5:f1bb%11(Preferenziale)
   Indirizzo IPv4. . . . . . . . . . . . : 192.168.12.120(Preferenziale)
   Subnet mask . . . . . . . . . . . . . : 255.255.252.0
   Lease ottenuto. . . . . . . . . . . . : gioved 11 febbraio 2016 09:43:40
   Scadenza lease . . . . . . . . . . .  : gioved 11 febbraio 2016 12:43:40
   Gateway predefinito . . . . . . . . . : 192.168.12.1
   Server DHCP . . . . . . . . . . . . . : 192.168.12.1
   IAID DHCPv6 . . . . . . . . . . . : 184558330
   DUID Client DHCPv6. . . . . . . . : 00-01-00-01-1B-C6-CA-84-00-23-8B-C0-6D-2A
   Server DNS . . . . . . . . . . . . .  : 217.111.226.2
                                           217.111.226.1
   NetBIOS su TCP/IP . . . . . . . . . . : Attivato

Scheda Tunnel isatap.{1BBFF6BC-C2C5-4DB5-9359-612F5A057E89}:

   Stato supporto. . . . . . . . . . . . : Supporto disconnesso
   Suffisso DNS specifico per connessione:
   Descrizione . . . . . . . . . . . . . : Microsoft ISATAP Adapter
   Indirizzo fisico. . . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP abilitato. . . . . . . . . . . . : No
   Configurazione automatica abilitata   : S

Scheda Tunnel Teredo Tunneling Pseudo-Interface:

   Stato supporto. . . . . . . . . . . . : Supporto disconnesso
   Suffisso DNS specifico per connessione:
   Descrizione . . . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Indirizzo fisico. . . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP abilitato. . . . . . . . . . . . : No
   Configurazione automatica abilitata   : S

Scheda Tunnel isatap.{505F5139-5E5B-4238-8914-98DC93180BAD}:

   Stato supporto. . . . . . . . . . . . : Supporto disconnesso
   Suffisso DNS specifico per connessione:
   Descrizione . . . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Indirizzo fisico. . . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP abilitato. . . . . . . . . . . . : No
   Configurazione automatica abilitata   : S

Scheda Tunnel isatap.{54D1D109-4AC6-4B07-AE9F-79DC2CA5223F}:

   Stato supporto. . . . . . . . . . . . : Supporto disconnesso
   Suffisso DNS specifico per connessione:
   Descrizione . . . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   Indirizzo fisico. . . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP abilitato. . . . . . . . . . . . : No
   Configurazione automatica abilitata   : S
Server:  UnKnown
Address:  217.111.226.2

Nome:    google.com
Addresses:  2a00:1450:4003:808::200e
      216.58.210.142


Esecuzione di Ping google.com [216.58.210.142] con 32 byte di dati:
Risposta da 216.58.210.142: byte=32 durata=35ms TTL=53
Risposta da 216.58.210.142: byte=32 durata=35ms TTL=53

Statistiche Ping per 216.58.210.142:
    Pacchetti: Trasmessi = 2, Ricevuti = 2,
    Persi = 0 (0% persi),
Tempo approssimativo percorsi andata/ritorno in millisecondi:
    Minimo = 35ms, Massimo =  35ms, Medio =  35ms
Server:  UnKnown
Address:  217.111.226.2

Nome:    yahoo.com
Addresses:  2001:4998:c:a06::2:4008
      2001:4998:58:c02::a9
      2001:4998:44:204::a7
      98.138.253.109
      98.139.183.24
      206.190.36.45


Esecuzione di Ping yahoo.com [98.139.183.24] con 32 byte di dati:
Risposta da 98.139.183.24: byte=32 durata=222ms TTL=51
Risposta da 98.139.183.24: byte=32 durata=175ms TTL=51

Statistiche Ping per 98.139.183.24:
    Pacchetti: Trasmessi = 2, Ricevuti = 2,
    Persi = 0 (0% persi),
Tempo approssimativo percorsi andata/ritorno in millisecondi:
    Minimo = 175ms, Massimo =  222ms, Medio =  198ms

Esecuzione di Ping 127.0.0.1 con 32 byte di dati:
Risposta da 127.0.0.1: byte=32 durata<1ms TTL=128
Risposta da 127.0.0.1: byte=32 durata<1ms TTL=128

Statistiche Ping per 127.0.0.1:
    Pacchetti: Trasmessi = 2, Ricevuti = 2,
    Persi = 0 (0% persi),
Tempo approssimativo percorsi andata/ritorno in millisecondi:
    Minimo = 0ms, Massimo =  0ms, Medio =  0ms
===========================================================================
Elenco interfacce
 16...00 22 fa 4c 2d c9 ......Microsoft Virtual WiFi Miniport Adapter
 14...00 24 7e 61 10 c8 ......Dispositivo Bluetooth (Personal Area Network)
 12...00 23 8b c0 6d 2a ......Scheda NIC Gigabit Ethernet PCI-E Realtek RTL8168C(P)/8111C(P) (NDIS 6.20)
 11...00 22 fa 4c 2d c8 ......Intel® WiFi Link 5100 AGN
  1...........................Software Loopback Interface 1
 18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
 21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
===========================================================================

IPv4 Tabella route
===========================================================================
Route attive:
     Indirizzo rete             Mask          Gateway     Interfaccia Metrica
          0.0.0.0          0.0.0.0     192.168.12.1   192.168.12.120     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      169.254.0.0      255.255.0.0         On-link    192.168.12.120    306
  169.254.255.255  255.255.255.255         On-link    192.168.12.120    276
     192.168.12.0    255.255.252.0         On-link    192.168.12.120    276
   192.168.12.120  255.255.255.255         On-link    192.168.12.120    276
   192.168.15.255  255.255.255.255         On-link    192.168.12.120    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link    192.168.12.120    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link    192.168.12.120    276
===========================================================================
Route permanenti:
   Indirizzo rete             Mask   Indir. gateway Metrica
      169.254.0.0      255.255.0.0      192.168.1.5       1
===========================================================================

IPv6 Tabella route
===========================================================================
Route attive:
 Interf Metrica Rete Destinazione      Gateway
  1    306 ::1/128                  On-link
 11    276 fe80::/64                On-link
 11    276 fe80::580:f014:b4d5:f1bb/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    276 ff00::/8                 On-link
===========================================================================
Route permanenti:
  Nessuna
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Windows\system32\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 35 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 36 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 37 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 38 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 39 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 40 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 41 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/11/2016 10:00:22 AM) (Source: Application Error) (User: )
Description: Nome dell'applicazione che ha generato l'errore: plugin-container.exe, versione: 44.0.0.5866, timestamp: 0x56a4304a
Nome del modulo che ha generato l'errore: mozglue.dll, versione: 44.0.0.5866, timestamp: 0x56a42229
Codice eccezione: 0x80000003
Offset errore 0x0000efa8
ID processo che ha generato l'errore: 0x12f8
Ora di avvio dell'applicazione che ha generato l'errore: 0xplugin-container.exe0
Percorso dell'applicazione che ha generato l'errore: plugin-container.exe1
Percorso del modulo che ha generato l'errore: plugin-container.exe2
ID segnalazione: plugin-container.exe3

Error: (02/11/2016 09:45:13 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/11/2016 09:44:16 AM) (Source: Application Error) (User: )
Description: Nome dell'applicazione che ha generato l'errore: sttray.exe, versione: 1.0.6276.0, timestamp: 0x4ba991cc
Nome del modulo che ha generato l'errore: sttray.exe, versione: 1.0.6276.0, timestamp: 0x4ba991cc
Codice eccezione: 0xc0000005
Offset errore 0x000077eb
ID processo che ha generato l'errore: 0xbec
Ora di avvio dell'applicazione che ha generato l'errore: 0xsttray.exe0
Percorso dell'applicazione che ha generato l'errore: sttray.exe1
Percorso del modulo che ha generato l'errore: sttray.exe2
ID segnalazione: sttray.exe3

Error: (02/11/2016 09:43:33 AM) (Source: STacSV) (User: NT AUTHORITY)
Description: Connection to PortConfig COM interface failed

Error: (02/10/2016 04:19:17 PM) (Source: Application Hang) (User: )
Description: Il programma Skype.exe versione 7.18.85.109 non interagisce più con Windows ed è stato chiuso. Per vedere se sono disponibili ulteriori informazioni sul problema, verificare la cronologia del problema in Centro operativo nel Pannello di controllo.

ID processo: dcc

Ora di avvio: 01d1631a0b723e37

Ora di chiusura: 2169

Percorso applicazione: C:\Program Files\Skype\Phone\Skype.exe

ID segnalazione: 991c9fdc-d009-11e5-82c1-00247e6110c8

Error: (02/10/2016 11:18:11 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14430

Error: (02/10/2016 11:18:11 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14430

Error: (02/10/2016 11:18:11 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/10/2016 11:18:04 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7410

Error: (02/10/2016 11:18:04 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7410


System errors:
=============
Error: (02/11/2016 09:48:55 AM) (Source: Service Control Manager) (User: )
Description: Servizio Windows Update bloccato in partenza.

Error: (02/11/2016 09:43:31 AM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (02/11/2016 09:43:31 AM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (02/11/2016 09:43:31 AM) (Source: EventLog) (User: )
Description: Precedente arresto del sistema inatteso a 09:41:37 su ‎11/‎02/‎2016.

Error: (02/10/2016 11:19:22 AM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (02/10/2016 10:40:27 AM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (02/09/2016 03:13:34 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (02/09/2016 11:22:21 AM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (02/09/2016 11:22:02 AM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (02/09/2016 11:18:03 AM) (Source: atikmdag) (User: )
Description: Display is not active


Microsoft Office Sessions:
=========================
Error: (02/11/2016 10:00:22 AM) (Source: Application Error)(User: )
Description: plugin-container.exe44.0.0.586656a4304amozglue.dll44.0.0.586656a42229800000030000efa812f801d164a8c1fd3441C:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\mozglue.dlle12b66ad-d09d-11e5-b8e9-00247e6110c8

Error: (02/11/2016 09:45:13 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/11/2016 09:44:16 AM) (Source: Application Error)(User: )
Description: sttray.exe1.0.6276.04ba991ccsttray.exe1.0.6276.04ba991ccc0000005000077ebbec01d164a85b5708beC:\Program Files\IDT\WDM\sttray.exeC:\Program Files\IDT\WDM\sttray.exea1c9e352-d09b-11e5-b8e9-00247e6110c8

Error: (02/11/2016 09:43:33 AM) (Source: STacSV)(User: NT AUTHORITY)
Description: Connection to PortConfig COM interface failed

Error: (02/10/2016 04:19:17 PM) (Source: Application Hang)(User: )
Description: Skype.exe7.18.85.109dcc01d1631a0b723e372169C:\Program Files\Skype\Phone\Skype.exe991c9fdc-d009-11e5-82c1-00247e6110c8

Error: (02/10/2016 11:18:11 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14430

Error: (02/10/2016 11:18:11 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14430

Error: (02/10/2016 11:18:11 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/10/2016 11:18:04 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7410

Error: (02/10/2016 11:18:04 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7410


CodeIntegrity Errors:
===================================
  Date: 2014-10-13 17:57:09.757
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

  Date: 2014-10-13 17:57:09.755
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

  Date: 2014-10-13 17:57:09.752
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

  Date: 2014-10-13 17:57:09.744
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

  Date: 2014-10-13 17:57:09.742
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

  Date: 2014-10-13 17:57:09.739
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

  Date: 2014-10-13 17:57:09.733
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX86\klelam.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

  Date: 2014-10-13 17:57:09.731
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX86\klelam.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

  Date: 2014-10-13 17:57:09.728
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX86\klelam.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.

  Date: 2014-10-13 17:57:09.721
  Description: Controllo dell'integrità del codice: impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX86\klelam.sys. Impossibile trovare l'insieme di hash dell'immagine per pagina nel sistema.


=========================== Installed Programs ============================

Adobe Acrobat Reader DC - Italiano (HKLM\...\{AC76BA86-7AD7-1040-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
ANT Drivers Installer x86 (HKLM\...\{5E58CA93-ABA0-4CDB-9E37-6C88A795C86E}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.1.0 (HKLM\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.1.4 - Canon Inc.)
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version: 3.4.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM\...\Canon_IJ_Scan_Utility) (Version: 1.1.5.14 - Canon Inc.)
Canon MX470 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX470_series) (Version: 1.00 - Canon Inc.)
Canon MX470 series On-screen Manual (HKLM\...\Canon MX470 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon MX530 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX530_series) (Version: 1.00 - Canon Inc.)
Canon MX530 series On-screen Manual (HKLM\...\Canon MX530 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon My Image Garden (HKLM\...\Canon My Image Garden) (Version: 3.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM\...\Canon My Image Garden Design Files) (Version: 3.0.0 - Canon Inc.)
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.4.1 - Canon Inc.)
Canon Utility Selezione rapida (HKLM\...\Speed Dial Utility) (Version: 1.5.0 - Canon Inc.)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5067 - CDBurnerXP)
CyberLink YouCam 5 (HKLM\...\{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.0909 - CyberLink Corp.) Hidden
CyberLink YouCam 5 (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.0909 - CyberLink Corp.)
Elevated Installer (HKLM\...\{8B20B453-8EB7-4F65-BF42-DA8B18C33CB0}) (Version: 4.1.16.0 - Garmin Ltd or its subsidiaries) Hidden
f.lux (HKCU\...\Flux) (Version:  - )
Garmin Communicator Plugin (HKLM\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM\...\{0733d53f-b41d-47cc-b336-d95751c4b2cb}) (Version: 4.1.16.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM\...\{5D34B8AF-7FB5-41AC-AEDC-B705FAF8BCAB}) (Version: 4.1.16.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (HKLM\...\{86A1F284-5314-402B-90C3-9B4E47CEEC77}) (Version: 4.1.16.0 - Garmin Ltd or its subsidiaries) Hidden
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
iTunes (HKLM\...\{3A9FE6B1-EE7F-40AC-B831-AC7C9ABB58A0}) (Version: 12.1.1.4 - Apple Inc.)
IZArc 4.1.9 (HKLM\...\{97C82B44-D408-4F14-9252-47FC1636D23E}_is1) (Version: 4.1.9 - Ivan Zahariev)
Kaspersky Internet Security 2013 (HKLM\...\{560985FB-4B76-4121-9189-7A2CDC7886D6}) (Version: 13.0.1.4190 - Kaspersky Lab) Hidden
Kaspersky Internet Security 2013 (HKLM\...\InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}) (Version: 13.0.1.4190 - Kaspersky Lab)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Italiano) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1040) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 44.0 (x86 it) (HKLM\...\Mozilla Firefox 44.0 (x86 it)) (Version: 44.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 44.0.0.5866 - Mozilla)
OpenOffice 4.1.1 (HKLM\...\{9E41A772-875C-4468-B1BD-54B1B1125C8B}) (Version: 4.11.9775 - Apache Software Foundation)
Pacchetto driver Windows - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Pacchetto driver Windows - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Registrazione utente Canon MX470 series (HKLM\...\Registrazione utente Canon MX470 series) (Version:  - ‭Canon Inc.)
Registrazione utente Canon MX530 series (HKLM\...\Registrazione utente Canon MX530 series) (Version:  - ‭Canon Inc.)
RescueTime 2.12.3.1430 (HKLM\...\{2505571C-03B3-4F9F-AC35-33F1CB4B5E9E}_is1) (Version:  - RescueTime.com)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RoboForm 7-9-17-5 (All Users) (HKLM\...\AI RoboForm) (Version: 7-9-17-5 - Siber Systems)
Skype™ 7.18 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.109 - Skype Technologies S.A.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1158 - SUPERAntiSpyware.com)
Supporto applicazioni Apple (32 bit) (HKLM\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Syntorial (HKLM\...\{0B10E9C8-D1C9-4F19-89D2-A006C12A3FD1}) (Version: 1.5.101 - Audible Genius, LLC)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)

========================= Memory info: ===================================

Percentage of memory in use: 46%
Total physical RAM: 3069.2 MB
Available physical RAM: 1649 MB
Total Virtual: 6136.71 MB
Available Virtual: 4400.51 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:96.58 GB) (Free:47.39 GB) NTFS
2 Drive d: () (Fixed) (Total:369.08 GB) (Free:189.43 GB) NTFS

========================= Users: ========================================

Account utente per \\PC

Administrator            Cesare                   Guest                    
Utente                   
Esecuzione comando riuscita.


**** End of log ****
 


# AdwCleaner v5.033 - Creato file registro eventi 11/02/2016 in 10:05:41
# Aggiornato 07/02/2016 da Xplode
# Database : 2016-02-07.2 [Server]
# Sistema operativo : Windows 7 Professional Service Pack 1 (x86)
# Nome utente : Cesare - PC
# In esecuzione da : C:\Users\Cesare\Desktop\AdwCleaner.exe
# Opzione : Analisi
# Supporto : http://toolslib.net/forum

***** [ Servizi ] *****


***** [ Cartelle ] *****

Cartella Trovato : C:\Users\Utente\AppData\Roaming\RHEng

***** [ File ] *****

File Trovato : C:\Users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\wluuurp4.default\searchplugins\ask-web-search.xml
File Trovato : C:\Users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\wluuurp4.default\user.js

***** [ DLL ] *****


***** [ Collegamenti ] *****


***** [ Attività pianificate ] *****


***** [ Registry ] *****

Chiave Trovato : HKLM\SOFTWARE\Uniblue

***** [ Browser web ] *****

[C:\Users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\wluuurp4.default\prefs.js] [Preference] Trovato : user_pref("browser.search.selectedEngine", "Ask Web Search");
[C:\Users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\wluuurp4.default\prefs.js] [Preference] Trovato : user_pref("extensions.toolbar.mindspark._64Members_.toolbar.ownSearch", true);
[C:\Users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\wluuurp4.default\prefs.js] [Preference] Trovato : user_pref("extensions.toolbar.mindspark.hp.enabled", false);
[C:\Users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\wluuurp4.default\prefs.js] [Preference] Trovato : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "");
[C:\Users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\wluuurp4.default\prefs.js] [Preference] Trovato : user_pref("extensions.toolbar.mindspark.lastInstalled", "televisionfanatic@mindspark.com");

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1834 byte] ##########
 



#4 Tilkon

Tilkon
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Local time:08:16 AM

Posted 11 February 2016 - 04:40 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 7 Professional x86
Ran by Cesare (Administrator) on 11/02/2016 at 10:12:41,36
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 5

Failed to delete: C:\Users\Cesare\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3HK13HWV (Folder)
Failed to delete: C:\Users\Cesare\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O1Y4NGNX (Folder)
Failed to delete: C:\Users\Cesare\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X6HSGAUF (Folder)
Failed to delete: C:\Users\Cesare\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XV6VPRK0 (Folder)
Successfully deleted: C:\Program Files\mozilla firefox\defaults\pref\itms.js (File)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11/02/2016 at 10:14:25,56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#5 Tilkon

Tilkon
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Local time:08:16 AM

Posted 11 February 2016 - 05:54 AM

C:\Users\Utente\AppData\Roaming\uTorrent\updates\3.4.2_34727.exe    a variant of Win32/OpenCandy.A potentially unsafe application    cleaned by deleting
D:\$RECYCLE.BIN\S-1-5-21-886373352-1276605797-4203897278-1000\$RNJPDCH.exe    a variant of Win32/InstallCore.ADX.gen potentially unwanted application    cleaned by deleting
D:\BCK\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G66W0JIE\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}[1].cpi    a variant of Win32/PriceGong.A potentially unwanted application    deleted
D:\BCK\Guest\AppData\LocalLow\ConduitEngine\ConduitEngine.dll    a variant of Win32/Toolbar.Conduit.P potentially unwanted application    cleaned by deleting
D:\BCK\Guest\AppData\LocalLow\ConduitEngine\ldrConduitEngine.dll    a variant of Win32/Toolbar.Conduit.P potentially unwanted application    cleaned by deleting
D:\BCK\Guest\AppData\LocalLow\uTorrentBar_IT\ldrtbuTor.dll    a variant of Win32/Toolbar.Conduit.P potentially unwanted application    cleaned by deleting
D:\BCK\Guest\AppData\LocalLow\uTorrentBar_IT\tbuTor.dll    a variant of Win32/Toolbar.Conduit.P potentially unwanted application    cleaned by deleting
D:\Cesare dati\AppData\Local\Temp\ASK5C17.tmp    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application    cleaned by deleting
D:\Cesare dati\AppData\Local\Temp\ASK60C2.tmp    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application    cleaned by deleting
D:\Cesare dati\AppData\Local\Temp\PIPInstaller_PTV_.exe    a variant of Win32/Bundled.Toolbar.Ask.C potentially unsafe application    cleaned by deleting
D:\Cesare dati\Documents\kmp.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application    deleted
D:\Egle dati\AppData\LocalLow\uTorrentBar_IT\ldrtbuTor.dll    a variant of Win32/Toolbar.Conduit.P potentially unwanted application    cleaned by deleting
D:\Egle dati\AppData\LocalLow\uTorrentBar_IT\tbuTor.dll    a variant of Win32/Toolbar.Conduit.P potentially unwanted application    cleaned by deleting
 



#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,534 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:16 AM

Posted 11 February 2016 - 11:18 AM

How is if now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Tilkon

Tilkon
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Local time:08:16 AM

Posted 11 February 2016 - 12:21 PM

good, the problem disappeared.

 

what about the adwcleaner findings? do I have to clean them?



#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,534 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:16 AM

Posted 11 February 2016 - 12:57 PM

Yes remove those now?

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • The tool will start to update its database...please wait until complete.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a report (AdwCleaner[SX].txt) will open in Notepad (where the largest value of X represents the most recent report).
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved on the %systemdrive% (usually C:\).

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Tilkon

Tilkon
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Local time:08:16 AM

Posted 12 February 2016 - 05:01 AM

# AdwCleaner v5.033 - Creato file registro eventi 12/02/2016 in 10:54:37
# Aggiornato 07/02/2016 da Xplode
# Database : 2016-02-07.2 [Server]
# Sistema operativo : Windows 7 Professional Service Pack 1 (x86)
# Nome utente : Cesare - PC
# In esecuzione da : C:\Users\Cesare\Desktop\AdwCleaner.exe
# Opzione : Pulizia
# Supporto : http://toolslib.net/forum

***** [ Servizi ] *****


***** [ Cartelle ] *****

[-] Cartella Eliminato : C:\Users\Utente\AppData\Roaming\RHEng

***** [ File ] *****

[-] File Eliminato : C:\Users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\wluuurp4.default\searchplugins\ask-web-search.xml
[-] File Eliminato : C:\Users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\wluuurp4.default\user.js

***** [ DLLs ] *****


***** [ Collegamenti ] *****


***** [ Attività pianificate ] *****


***** [ Registry ] *****

[-] Chiave Eliminata : HKLM\SOFTWARE\Uniblue

***** [ Browser web ] *****

[-] [C:\Users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\wluuurp4.default\prefs.js] [Preference] Eliminata : user_pref("browser.search.selectedEngine", "Ask Web Search");
[-] [C:\Users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\wluuurp4.default\prefs.js] [Preference] Eliminata : user_pref("extensions.toolbar.mindspark._64Members_.toolbar.ownSearch", true);
[-] [C:\Users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\wluuurp4.default\prefs.js] [Preference] Eliminata : user_pref("extensions.toolbar.mindspark.hp.enabled", false);
[-] [C:\Users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\wluuurp4.default\prefs.js] [Preference] Eliminata : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "");
[-] [C:\Users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\wluuurp4.default\prefs.js] [Preference] Eliminata : user_pref("extensions.toolbar.mindspark.lastInstalled", "televisionfanatic@mindspark.com");

*************************

:: Chiavi "Tracing" eliminatas
:: Impostazioni Winsock azzerate

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1986 byte] ##########
 



#10 Tilkon

Tilkon
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Local time:08:16 AM

Posted 12 February 2016 - 11:04 AM

while waiting for your reply, using this computer I got this message from Kaspersky:

 

A suspicious modification of the application detected: AdwCleaner

no digital signature, high danger rating.

 

I choosed "restrict" option.

 

Is this behaviour by AdwCleaner normal?



#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,534 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:16 AM

Posted 12 February 2016 - 02:00 PM

It's safe..
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 Tilkon

Tilkon
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Local time:08:16 AM

Posted 12 February 2016 - 02:31 PM

ok, so everything looks fine now.

 

anything more to do?



#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,534 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:16 AM

Posted 12 February 2016 - 02:39 PM

Great! run one more, not too long..



51a46ae42d560-malwarebytes_anti_malware.Malwarebytes Anti-Malware
  • Download MalwareBytes Anti-Malware to your desktop.
  • Double-click mbam-setup-2.0.exe to start the installation of Malwarebytes Anti-Malware.
  • Follow the instructions on your screen to complete the installation. You can find the complete installation procedure here.
  • Click the Scan Now button, a threat scan will start automatically.
  • MalwareBytes Anti-Malware will now check for the latest updates. Click Update Now if new updates are available.
  • Your computer is now being scanned, please do not use your computer during the scan.
  • If no threats were found, click View detailed log.
  • Click Export and save the log as a .txt file on your Desktop or another location.

  • If the scan detected any threats, click Apply Actions.
  • To complete any actions taken you will be prompted to restart your computer...click on Yes.
  • After reboot, start Malwarebytes Anti-Malware again and click the History Tab at the top and select Application Logs.
  • Check the box next to Scan Log. Choose the most current scan and click View.
  • Click Export and save the log as a .txt file on your Desktop or another location.
  • [/list]

  • Providing the MalwareBytes' Anti-Malware log file
  • Attach the log file you just saved to your next reply for further review.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 Tilkon

Tilkon
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Local time:08:16 AM

Posted 15 February 2016 - 04:37 AM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 15/02/2016
Scan Time: 09:54
Logfile: malw.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.02.15.01
Rootkit Database: v2016.02.08.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Cesare

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 360526
Time Elapsed: 29 min, 40 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.OpenCandy, C:\Users\Utente\AppData\Roaming\uTorrent\updates\3.4.3_40760.exe, Quarantined, [f607da86a7f293a3a551284b1ce68080],

Physical Sectors: 0
(No malicious items detected)


(end)



#15 Tilkon

Tilkon
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Local time:08:16 AM

Posted 16 February 2016 - 05:17 AM

it looks like its ok now. something else to do?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users