Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pop up Started to Show


  • Please log in to reply
8 replies to this topic

#1 bigjohn

bigjohn

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sydney Australia
  • Local time:09:54 AM

Posted 02 October 2016 - 06:30 AM

Hi all. I have not posted for a long time and I need your help now.

 

Can you, please guys tell me if this pop up is legit. here is the link:

 

http://www.reimageplus.com/lp/sqh/index.php?tracking=YTZ&banner=direct&adgroup=4ff626c7-4b7a-49b3-a319-f40857467679&ads_name=direct&keyword=direct&context=096723e3-aec4-4ef3-a848-b3c67d411019

 

Do I need to block it? How?

 

Thanks in advance

 

John



BC AdBot (Login to Remove)

 


#2 The_Codesee

The_Codesee

  • Members
  • 337 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England, UK
  • Local time:11:54 PM

Posted 02 October 2016 - 06:36 AM

Hello! My name is The Codesee, nice to meet you   :)

 

Websites like the one you mentioned are nearly always a scam and are designed to infect your computer and/or get money from you. Please follow the steps below:
 
:step1: Please download MiniToolBox to your desktop

  • Double click MiniToolBox
  • Select the items below and press go
  • Post the log in your next reply
    • List Installed Programs
    • List Restore Points
    • List last 10 Event Viewer log
    • Flush DNS

:step2: Please download Security Check to your desktop

  • Double click SecurityCheck and follow the on-screen instructions.
  • A log should open called checkup.txt.
  • Post the log in your next reply

:step3: Please download TFC (Temp File Cleaner) to your desktop

  • Close all open applications
  • Double click TFC
  • Click the start button and the program will run
  • When done, press OK to restart your computer

Logs I expect in your next reply:

  • MiniToolBox Log
  • Security Check Log


#3 bigjohn

bigjohn
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sydney Australia
  • Local time:09:54 AM

Posted 02 October 2016 - 07:09 AM

The Codesee, thank you for your quick reply.

 

I downloaded the three programs and ran them as instructed by you.

 

Here are the two log files:

 

MiniToolBox by Farbar  Version: 17-06-2016

Ran by JOHN (administrator) on 02-10-2016 at 22:50:20
Running from "C:\Users\JOHN\Downloads\Programs"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Model: H81M-S2H Manufacturer: Gigabyte Technology Co., Ltd.
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (10/02/2016 10:07:01 PM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.
 
 
Details:
Access is denied.  (HRESULT : 0x80070005) (0x80070005)
 
Error: (10/02/2016 10:07:01 PM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
 
Details:
Access is denied.  (HRESULT : 0x80070005) (0x80070005)
 
Error: (10/02/2016 10:07:01 PM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
Access is denied.  (HRESULT : 0x80070005) (0x80070005)
 
Error: (10/02/2016 10:07:01 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot load the property store information.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  (HRESULT : 0x8004117f) (0x8004117f)
 
Error: (10/02/2016 10:07:01 PM) (Source: Windows Search Service) (User: )
Description: The search service has detected corrupted data files in the index {id=1100}. The service will attempt to automatically correct this problem by rebuilding the index.
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (10/02/2016 10:07:00 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot open the Jet property store.
 
 
Details:
0x%08x (0x8004117f - The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  (HRESULT : 0x8004117f))
 
Error: (10/02/2016 10:07:00 PM) (Source: Windows Search Service) (User: )
Description: The gatherer service cannot be initialized.
 
 
Details:
The Temp folder is on a drive that is full or is inaccessible. Free up space on the drive or verify that you have write permission on the Temp folder.  (HRESULT : 0x80070660) (0x80070660)
 
Error: (10/02/2016 10:06:35 PM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.
 
 
Details:
Access is denied.  (HRESULT : 0x80070005) (0x80070005)
 
Error: (10/02/2016 10:06:35 PM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
 
Details:
Access is denied.  (HRESULT : 0x80070005) (0x80070005)
 
Error: (10/02/2016 10:06:35 PM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
Access is denied.  (HRESULT : 0x80070005) (0x80070005)
 
 
System errors:
=============
Error: (10/02/2016 10:28:34 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 86 time(s).
 
Error: (10/02/2016 10:28:34 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with the following error: 
%%5 = Access is denied.
 
 
Error: (10/02/2016 10:10:32 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 85 time(s).
 
Error: (10/02/2016 10:10:32 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with the following error: 
%%5 = Access is denied.
 
 
Error: (10/02/2016 10:09:47 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 84 time(s).
 
Error: (10/02/2016 10:09:47 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with the following error: 
%%5 = Access is denied.
 
 
Error: (10/02/2016 10:08:07 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 83 time(s).
 
Error: (10/02/2016 10:08:07 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with the following error: 
%%5 = Access is denied.
 
 
Error: (10/02/2016 10:08:07 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 82 time(s).
 
Error: (10/02/2016 10:08:07 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with the following error: 
%%5 = Access is denied.
 
 
 
Microsoft Office Sessions:
=========================
Error: (10/02/2016 10:07:01 PM) (Source: Windows Search Service)(User: )
Description: 
Details:
Access is denied.  (HRESULT : 0x80070005) (0x80070005)
 
Error: (10/02/2016 10:07:01 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application
 
 
Details:
Access is denied.  (HRESULT : 0x80070005) (0x80070005)
 
Error: (10/02/2016 10:07:01 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
Access is denied.  (HRESULT : 0x80070005) (0x80070005)
 
Error: (10/02/2016 10:07:01 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  (HRESULT : 0x8004117f) (0x8004117f)
 
Error: (10/02/2016 10:07:01 PM) (Source: Windows Search Service)(User: )
Description: 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
1100
 
Error: (10/02/2016 10:07:00 PM) (Source: Windows Search Service)(User: )
Description: 
Details:
0x%08x (0x8004117f - The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  (HRESULT : 0x8004117f))
 
Error: (10/02/2016 10:07:00 PM) (Source: Windows Search Service)(User: )
Description: 
Details:
The Temp folder is on a drive that is full or is inaccessible. Free up space on the drive or verify that you have write permission on the Temp folder.  (HRESULT : 0x80070660) (0x80070660)
 
Error: (10/02/2016 10:06:35 PM) (Source: Windows Search Service)(User: )
Description: 
Details:
Access is denied.  (HRESULT : 0x80070005) (0x80070005)
 
Error: (10/02/2016 10:06:35 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application
 
 
Details:
Access is denied.  (HRESULT : 0x80070005) (0x80070005)
 
Error: (10/02/2016 10:06:35 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
Access is denied.  (HRESULT : 0x80070005) (0x80070005)
 
 
=========================== Installed Programs ============================
 
ACDSee Trial Version (HKLM-x32\...\ACDSee Trial Version) (Version:  - )
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.6.9.0 - SlySoft)
Brightness Guide 2.0 (HKLM\...\Brightness Guide_is1) (Version: 2.0 - Tint Guide)
ESET Smart Security (HKLM\...\{293ADC3B-DCF3-44C2-9CE8-19DD2B4F7646}) (Version: 8.0.312.0 - ESET, spol s r. o.)
File Shredder 2.5 (HKLM\...\File Shredder_is1) (Version:  - Pow Tools)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.3.4.311 - Foxit Software Inc.)
FrostWire 6.3.6 (HKLM-x32\...\FrostWire 6) (Version: 6.3.6.202 - FrostWire LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.116 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.31.5 - Google Inc.) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3540 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.16 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
jv16 PowerTools 2014 (HKLM-x32\...\jv16 PowerTools 2014) (Version:  - Macecraft Software)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version:  - )
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
MiniTool Partition Wizard Technician Edition 7.8 (HKLM-x32\...\{1CA89ED8-EFCF-412B-86AD-A81171ECF635}_is1) (Version:  - MiniTool Solution Ltd.)
Mozilla Firefox 15.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 15.0.1 (x86 en-US)) (Version: 15.0.1 - Mozilla)
Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Platform (HKLM-x32\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.) Hidden
Potplayer-64 Bits (HKLM\...\PotPlayer64) (Version:  - Kakao Corp.)
Prerequisite installer (HKLM-x32\...\{3AAB08A3-F129-4BD5-B409-AE674F93759D}) (Version: 12.0.0003 - Nero AG) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.92.115.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7553 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.6 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.6 - VS Revo Group, Ltd.)
Skype™ 7.27 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.27.101 - Skype Technologies S.A.)
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
Tipard Video Converter Ultimate 9.0.20 (HKLM-x32\...\{F2922911-108A-4d9e-B33A-2A101444F4CE}_is1) (Version: 9.0.20 - Tipard Studio)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.)
VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.2.0.13 - VSO Software)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
ZD Soft Screen Recorder (HKLM-x32\...\{E82D59B8-2A06-4B66-A716-21030F951343}) (Version: 8.0.0 - ZD Soft)
========================= Restore Points ==================================
 
24-09-2016 07:45:29 Windows Update
25-09-2016 10:05:00 Windows Backup
02-10-2016 08:00:16 Windows Backup
 
**** End of log ****
 
 

 Results of screen317's Security Check version 1.014 --- 12/23/15  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
ESET Smart Security 8.0   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 MVPS Hosts File  
 Mozilla Firefox 15.0.1 Firefox out of Date!  
 Google Chrome (53.0.2785.101) 
 Google Chrome (53.0.2785.116) 
 Google Chrome (SetupMetrics...) 
````````Process Check: objlist.exe by Laurent````````  
 ESET NOD32 Antivirus egui.exe  
 ESET NOD32 Antivirus ekrn.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log`````````````````````` 
 
 


#4 The_Codesee

The_Codesee

  • Members
  • 337 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England, UK
  • Local time:11:54 PM

Posted 02 October 2016 - 08:37 AM

Thank you for the logs.

 

Please update Mozilla Firefox: https://support.mozilla.org/en-US/kb/update-firefox-latest-version
 
:step1: Please uninstall some programs
 
There's currently some programs on your PC that we need to remove. Press the Windows + R key on your keyboard and type in appwiz.cpl and press enter. Navigate to each of the following below one-by-one and click uninstall:

  • KMSpico 

:step2: Please download Malwarebytes Anti-Malware to your desktop

  • Double click mbam-setup-x.x.x.xxxx and follow the on-screen instructions.
  • On the dashboard, click update now.
  • After that, click scan now - the scan will now begin.
  • When the scan's completed, select apply actions - make sure the action is quarantine.
  • Restart your computer.

How to get the log:

  • On the Malwarebytes Anti-Malware dashboard, select the history tab and click application logs.
  • Select the log which has the time and date of when you did the scan.
  • Click copy to clipboard and paste it into your reply.

:step3: Please download AdwCleaner to your desktop

  • Double click adwcleaner_x.xxx.exe.
  • If prompted, click I agree.
  • Click scan. When it's finished, select clean.
  • Allow AdwCleaner to restart your computer.
  • Once your computer's restarted, a log should appear.
  • Please post this in your next reply.

:step4: Please download Junkware Removal Tool to your desktop

  • Double click JRT.exe. (Win 7, 8 and Vista users, right-click and select run as admin)
  • Press any key and the scan will begin.
  • At the end, a log will open. Please post this in your next reply.

Logs I expect in your next reply:

  • Malwarebytes Log
  • AdwCleaner Log
  • Junkware Removal Tool (JRT) Log

Please also update me on the status of the computer



#5 bigjohn

bigjohn
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sydney Australia
  • Local time:09:54 AM

Posted 02 October 2016 - 10:05 AM

G'day again, The Codesee

 

Here are the log files. I found two Malwarebytes log files

 

=======================

 

<?xml version="1.0" encoding="UTF-8" ?>
<logs>
   <record severity="debug" LoggingEventType="2" datetime="2016-10-03T01:10:36.073250+11:00" source="Protection" type="Protection" username="SYSTEM" systemname="JOHN-PC" last_modified_tag="68c4ecb2-85de-4505-8740-a2e6bb761132" result="Starting" subtype="Malware Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2016-10-03T01:10:36.088850+11:00" source="Protection" type="Protection" username="SYSTEM" systemname="JOHN-PC" last_modified_tag="09d97a88-85f3-45b2-997f-a8120f4eb87c" result="Started" subtype="Malware Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2016-10-03T01:10:36.088850+11:00" source="Protection" type="Protection" username="SYSTEM" systemname="JOHN-PC" last_modified_tag="181c44a3-e01a-443a-8bb8-e289149be188" result="Starting" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2016-10-03T01:10:40.363258+11:00" source="Protection" type="Protection" username="SYSTEM" systemname="JOHN-PC" last_modified_tag="2371a4bf-1529-412e-90d9-e78bdf944128" result="Started" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="1" datetime="2016-10-03T01:13:28.565220+11:00" source="Manual" type="Update" username="SYSTEM" systemname="JOHN-PC" fromVersion="2016.2.12.1" last_modified_tag="78bb5dab-ad7f-4a6b-9f0e-c539118d1e9b" name="Remediation Database" toVersion="2016.9.21.1"></record>
   <record severity="debug" LoggingEventType="1" datetime="2016-10-03T01:13:28.596420+11:00" source="Manual" type="Update" username="SYSTEM" systemname="JOHN-PC" fromVersion="2016.2.8.1" last_modified_tag="e6d64d5a-a6e8-40b7-ad2a-5ed9e4a49864" name="Rootkit Database" toVersion="2016.9.26.2"></record>
   <record severity="debug" LoggingEventType="1" datetime="2016-10-03T01:13:29.048821+11:00" source="Manual" type="Update" username="SYSTEM" systemname="JOHN-PC" fromVersion="2016.2.8.1" last_modified_tag="e21f0371-4ba7-4e84-b915-ec802fa035a9" name="IP Database" toVersion="2016.10.1.2"></record>
   <record severity="debug" LoggingEventType="1" datetime="2016-10-03T01:13:30.936424+11:00" source="Manual" type="Update" username="SYSTEM" systemname="JOHN-PC" fromVersion="2016.2.16.8" last_modified_tag="30dd794e-b2fd-43d4-a8eb-cfaac3d33689" name="Domain Database" toVersion="2016.10.1.2"></record>
   <record severity="debug" LoggingEventType="1" datetime="2016-10-03T01:13:41.324443+11:00" source="Manual" type="Update" username="SYSTEM" systemname="JOHN-PC" fromVersion="2016.2.16.6" last_modified_tag="92767072-1492-4e70-8548-40a53e52c03a" name="Malware Database" toVersion="2016.10.2.4"></record>
   <record severity="debug" LoggingEventType="2" datetime="2016-10-03T01:13:41.386844+11:00" source="Protection" type="Protection" username="SYSTEM" systemname="JOHN-PC" last_modified_tag="3cfaad34-223c-4f58-a76f-788dfa48042d" result="Starting" subtype="Refresh"></record>
   <record severity="debug" LoggingEventType="2" datetime="2016-10-03T01:13:41.402444+11:00" source="Protection" type="Protection" username="SYSTEM" systemname="JOHN-PC" last_modified_tag="a8ab4844-39d6-441e-af08-84382a139dd7" result="Stopping" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2016-10-03T01:13:41.542844+11:00" source="Protection" type="Protection" username="SYSTEM" systemname="JOHN-PC" last_modified_tag="d6f37051-ba69-4050-8aca-ad920d0227d5" result="Stopped" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2016-10-03T01:13:46.647053+11:00" source="Protection" type="Protection" username="SYSTEM" systemname="JOHN-PC" last_modified_tag="6120a859-9bf0-49f9-b109-1f80c2a0ace8" result="Success" subtype="Refresh"></record>
   <record severity="debug" LoggingEventType="2" datetime="2016-10-03T01:13:46.662653+11:00" source="Protection" type="Protection" username="SYSTEM" systemname="JOHN-PC" last_modified_tag="35e1ea0b-6e80-4885-b473-5ca1ab228a15" result="Starting" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2016-10-03T01:13:48.550256+11:00" source="Protection" type="Protection" username="SYSTEM" systemname="JOHN-PC" last_modified_tag="81d66aed-79af-4dfa-97f1-0553b79fb3f2" result="Started" subtype="Malicious Website Protection"></record>
   <record severity="debug" scantype="threat" LoggingEventType="6" starttime="2016-10-03T01:14:38+11:00" datetime="2016-10-03T01:20:14.987144+11:00" source="Manual" type="Scan" username="SYSTEM" systemname="JOHN-PC" last_modified_tag="e0f288ee-9dda-4784-8adc-b0c6162089e6" duration="183" malwaredetections="1" nonmalwaredetections="2" scanresult="canceled"></record>
   <record severity="debug" LoggingEventType="2" datetime="2016-10-03T01:21:43.029253+11:00" source="Protection" type="Protection" username="SYSTEM" systemname="JOHN-PC" last_modified_tag="42a30bca-54ea-44c0-a099-39bf4ee6003a" result="Starting" subtype="Malware Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2016-10-03T01:21:43.091653+11:00" source="Protection" type="Protection" username="SYSTEM" systemname="JOHN-PC" last_modified_tag="7bab78da-b7c0-4b12-993a-dc6d6aeb8fd5" result="Started" subtype="Malware Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2016-10-03T01:21:43.122853+11:00" source="Protection" type="Protection" username="SYSTEM" systemname="JOHN-PC" last_modified_tag="6c4088a2-fabe-47a9-a1a2-c8edf205c103" result="Starting" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2016-10-03T01:21:53.507744+11:00" source="Protection" type="Protection" username="SYSTEM" systemname="JOHN-PC" last_modified_tag="5ab479ad-8b59-4e2c-b990-e17d3f0ec5a1" result="Started" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="6" datetime="2016-10-03T01:28:32.193808+11:00" source="Manual" type="Scan" username="SYSTEM" systemname="JOHN-PC" duration="271" last_modified_tag="bae1ad8c-b6a2-47c7-81bb-57bdffc7161e" malwaredetections="0" nonmalwaredetections="0" scanresult="completed" scantype="threat" starttime="2016-10-03T01:24:00+11:00"></record>
</logs>
 
=========================
 
<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2016/10/03 01:24:00 +1100</date>
<logfile>mbam-log-2016-10-03 (01-23-43).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.2.1.1043</version>
<malware-database>v2016.10.02.04</malware-database>
<rootkit-database>v2016.09.26.02</rootkit-database>
<license>trial</license>
<file-protection>enabled</file-protection>
<web-protection>enabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<hostname>JOHN-PC</hostname>
<ip>192.168.1.1</ip>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x64</arch>
<username>JOHN</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>287758</objects>
<time>271</time>
<processes>0</processes>
<modules>0</modules>
<keys>0</keys>
<values>0</values>
<datas>0</datas>
<folders>0</folders>
<files>0</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
</items>
</mbam-log>
 
========================
 
# AdwCleaner v6.020 - Logfile created 03/10/2016 at 01:46:58
# Updated on 14/09/2016 by ToolsLib
# Database : 2016-10-01.1 [Server]
# Operating System : Windows 7 Ultimate Service Pack 1 (X64)
# Username : JOHN - JOHN-PC
# Running from : C:\Users\JOHN\Desktop\AdwCleaner.exe
# Mode: Scan
 
 
 
***** [ Services ] *****
 
No malicious services found.
 
 
***** [ Folders ] *****
 
No malicious folders found.
 
 
***** [ Files ] *****
 
No malicious files found.
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
No malicious task found.
 
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
 
***** [ Web browsers ] *****
 
No malicious Firefox based browser items found.
No malicious Chromium based browser items found.
 
*************************
 
C:\AdwCleaner\AdwCleaner[S0].txt - [984 Bytes] - [03/10/2016 01:46:58]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1056 Bytes] ##########
 
 
====================
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.8 (09.20.2016)
Operating System: Windows 7 Ultimate x64 
Ran by JOHN (Administrator) on Mon 10/03/2016 at  1:48:29.41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 9 
 
Successfully deleted: C:\Users\JOHN\AppData\Roaming\Mozilla\Firefox\Profiles\gzcsw1ni.default\extensions\staged (Folder) 
Successfully deleted: C:\Users\JOHN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4GMT423F (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\JOHN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7XKQIIW6 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\JOHN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8AO6TFTE (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\JOHN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J20SXJVE (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4GMT423F (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7XKQIIW6 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8AO6TFTE (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J20SXJVE (Temporary Internet Files Folder) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 10/03/2016 at  1:51:19.88
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 


#6 The_Codesee

The_Codesee

  • Members
  • 337 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England, UK
  • Local time:11:54 PM

Posted 02 October 2016 - 10:07 AM

How is the PC now?



#7 bigjohn

bigjohn
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sydney Australia
  • Local time:09:54 AM

Posted 02 October 2016 - 11:41 AM

There hasn't been a pop up and it's very snappy now.

 

Thank you very much for your much appreciated help

 

Kind Regards

 

John



#8 bigjohn

bigjohn
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sydney Australia
  • Local time:09:54 AM

Posted 03 October 2016 - 05:54 AM

The Codesee, Hello again.

 

The pop up came back very aggressive and persistent even having it blocked in Eset and in Chrome. Google Chrome started to act funny, not completing the pages and having to restart pages up to four times to get them filled complete. I uninstalled Chrome and cleaned the registry, deleted restore points, and re installed Chrome. I'll see what happens.

 

Thanks again for your help

 

John


Edited by bigjohn, 03 October 2016 - 06:00 AM.


#9 The_Codesee

The_Codesee

  • Members
  • 337 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England, UK
  • Local time:11:54 PM

Posted 03 October 2016 - 09:48 AM

That's fine, let me know if it happens again :)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users