Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: Phishing Attack Pretends to be a Office 365 Non-Delivery Email

Featured Deal: Get 98% off the 2018 CompTIA Certification Training Bundle: Lifetime Access Deal

HELP! http://click.adservinganalytics.com/redirect.php?ID=1363348535

Started by rlswett , Mar 19 2017 07:32 PM

Next

This topic is locked

21 replies to this topic

#1 rlswett

Members
16 posts
OFFLINE

Local time:01:26 PM

Posted 19 March 2017 - 07:32 PM

PLEASE HELP. I am computer literate, but no expert. My partner must have clicked on SOMETHING and now http://click.adservinganalytics.com/redirect.php?ID=1363348535 randomly hijacks Internet Explorer, regularly and often. Random pop-ups drive me through the ROOF and google has been literally of no use.

SOMEBODY SAVE ME! I have Windows 10 Home on this machine.

Moved from Windows 10 to Am I Infected

NickAu

Edited by NickAu, 19 March 2017 - 07:43 PM.
Mod Edit

Back to top

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 boopme

To Insanity and Beyond

Global Moderator
73,573 posts
OFFLINE

Gender:Male
Location:NJ USA
Local time:12:26 PM

Posted 19 March 2017 - 07:57 PM

Hello riswett, run these next and see how it is.

MiniToolBox

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
- Flush DNS
- Report IE Proxy Settings
- Reset IE Proxy Settings
- Report FF Proxy Settings
- Reset FF Proxy Settings
- List content of Hosts
- List IP configuration
- List Winsock Entries
- List last 10 Event Viewer log
- List Installed Programs
- List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

AdwCleaner

Please download AdwCleaner by Xplode and save to your Desktop.
Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
Copy and paste the contents of that logfile in your next reply.
A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Junkware Removal Tool

Please download Junkware Removal Tool to your desktop.
Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

ESET Online Scanner

Click here to download the installer for ESET Online Scanner and save it to your Desktop.
Disable all your antivirus and antimalware software - see how to do that here.
Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
Select Enable detection of potentially unwanted applications.
Click Advanced Settings, then place a checkmark in the following:
- Remove found threats
- Scan archives
- Scan for potentially unsafe applications
- Enable Anti-Stealth technology
Click Start to begin scanning.
ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
When the scan is done, click List threats (only available if ESET Online Scanner found something).
Click Export, then save the file to your desktop.
Click Back, then Finish to exit ESET Online Scanner.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

Back to top

#3 rlswett

Topic Starter

Members
16 posts
OFFLINE

Local time:01:26 PM

Posted 20 March 2017 - 09:18 AM

Mini toolbox result: (working on the rest of your instructions now)

MiniToolBox by Farbar Version: 17-06-2016

Ran by Dave (administrator) on 20-03-2017 at 10:17:06

Running from "C:\Users\Dave\Downloads"

Microsoft Windows 10 Home (X64)

Model: NV57H Manufacturer: Gateway

Boot Mode: Normal

***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.

ProxyServer: http=127.0.0.1:47574

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= Hosts content: =================================

========================= IP Configuration: ================================

Qualcomm Atheros AR5B97 Wireless Network Adapter = Wireless Network Connection (Connected)

Broadcom NetLink ™ Gigabit Ethernet = Local Area Connection (Media disconnected)

# ----------------------------------

# IPv4 Configuration

# ----------------------------------

pushd interface ipv4

reset

set global

set interface interface="Wireless Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

set interface interface="Local Area Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

popd

# End of IPv4 configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : DavePrehoda-PC

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : nycap.rr.com

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet

Physical Address. . . . . . . . . : DC-0E-A1-26-FC-94

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 2:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter

Physical Address. . . . . . . . . : 16-39-E5-62-75-4E

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : nycap.rr.com

Description . . . . . . . . . . . : Atheros AR5B97 Wireless Network Adapter

Physical Address. . . . . . . . . : 94-39-E5-62-75-4E

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Link-local IPv6 Address . . . . . : fe80::c0e4:b180:6173:1458%2(Preferred)

IPv4 Address. . . . . . . . . . . : 192.168.0.8(Preferred)

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Lease Obtained. . . . . . . . . . : Sunday, March 19, 2017 7:10:28 PM

Lease Expires . . . . . . . . . . : Monday, March 20, 2017 11:10:30 AM

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DHCPv6 IAID . . . . . . . . . . . : 244595173

DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-5E-4A-9D-94-39-E5-62-75-4E

DNS Servers . . . . . . . . . . . : 209.18.47.62

209.18.47.61

NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.nycap.rr.com:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . : nycap.rr.com

Description . . . . . . . . . . . : Microsoft ISATAP Adapter

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 3:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:2c90:38bf:539b:498(Preferred)

Link-local IPv6 Address . . . . . : fe80::2c90:38bf:539b:498%5(Preferred)

Default Gateway . . . . . . . . . : ::

DHCPv6 IAID . . . . . . . . . . . : 67108864

DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-5E-4A-9D-94-39-E5-62-75-4E

NetBIOS over Tcpip. . . . . . . . : Disabled

Server: dns-cac-lb-02.rr.com

Address: 209.18.47.62

Name: google.com

Addresses: 2607:f8b0:4006:80c::200e

216.58.192.206

Pinging google.com [216.58.219.206] with 32 bytes of data:

Reply from 216.58.219.206: bytes=32 time=38ms TTL=56

Reply from 216.58.219.206: bytes=32 time=36ms TTL=56

Ping statistics for 216.58.219.206:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 36ms, Maximum = 38ms, Average = 37ms

Server: dns-cac-lb-02.rr.com

Address: 209.18.47.62

Name: yahoo.com

Addresses: 2001:4998:44:204::a7

2001:4998:58:c02::a9

2001:4998:c:a06::2:4008

98.139.183.24

206.190.36.45

98.138.253.109

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:

Reply from 98.139.183.24: bytes=32 time=40ms TTL=48

Reply from 98.139.183.24: bytes=32 time=52ms TTL=48

Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 40ms, Maximum = 52ms, Average = 46ms

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================

Interface List

7...dc 0e a1 26 fc 94 ......Broadcom NetLink ™ Gigabit Ethernet

8...16 39 e5 62 75 4e ......Microsoft Wi-Fi Direct Virtual Adapter

2...94 39 e5 62 75 4e ......Atheros AR5B97 Wireless Network Adapter

1...........................Software Loopback Interface 1

6...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter

5...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter

===========================================================================

IPv4 Route Table

===========================================================================

Active Routes:

Network Destination Netmask Gateway Interface Metric

0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.8 50

127.0.0.0 255.0.0.0 On-link 127.0.0.1 331

127.0.0.1 255.255.255.255 On-link 127.0.0.1 331

127.255.255.255 255.255.255.255 On-link 127.0.0.1 331

192.168.0.0 255.255.255.0 On-link 192.168.0.8 306

192.168.0.8 255.255.255.255 On-link 192.168.0.8 306

192.168.0.255 255.255.255.255 On-link 192.168.0.8 306

224.0.0.0 240.0.0.0 On-link 127.0.0.1 331

224.0.0.0 240.0.0.0 On-link 192.168.0.8 306

255.255.255.255 255.255.255.255 On-link 127.0.0.1 331

255.255.255.255 255.255.255.255 On-link 192.168.0.8 306

===========================================================================

Persistent Routes:

None

IPv6 Route Table

===========================================================================

Active Routes:

If Metric Network Destination Gateway

5 331 ::/0 On-link

1 331 ::1/128 On-link

5 331 2001::/32 On-link

5 331 2001:0:9d38:6ab8:2c90:38bf:539b:498/128

On-link

2 306 fe80::/64 On-link

5 331 fe80::/64 On-link

5 331 fe80::2c90:38bf:539b:498/128

On-link

2 306 fe80::c0e4:b180:6173:1458/128

On-link

1 331 ff00::/8 On-link

2 306 ff00::/8 On-link

5 331 ff00::/8 On-link

===========================================================================

Persistent Routes:

None

========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\SysWOW64\NLAapi.dll [65024] (Microsoft Corporation)

Catalog5 02 C:\WINDOWS\SysWOW64\napinsp.dll [55808] (Microsoft Corporation)

Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)

Catalog5 04 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)

Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)

Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [24064] (Microsoft Corporation)

Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128] (Apple Inc.)

Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)

Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)

Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)

Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)

Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)

Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)

Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)

Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)

Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)

Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)

Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)

Catalog9 12 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)

x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)

x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)

x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)

x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)

x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [133392] (Apple Inc.)

x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)

x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)

x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)

x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)

x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)

x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)

x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)

x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)

x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)

x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)

x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)

x64-Catalog9 12 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:

==================

Error: (03/19/2017 07:09:46 PM) (Source: Application Hang) (User: )

Description: The program SpyHunter4.exe version 4.25.6.4782 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: d14

Start Time: 01d2a105d3905a53

Termination Time: 10

Application Path: C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe

Report Id: 1ba8d7be-0cf9-11e7-8ef9-dc0ea126fc94

Faulting package full name:

Faulting package-relative application ID:

Error: (03/18/2017 06:03:14 PM) (Source: Windows Search Service) (User: )

Description: Enumerating user sessions to generate filter pools failed.

Details:

(HRESULT : 0x80040210) (0x80040210)

Error: (03/18/2017 06:03:14 PM) (Source: Windows Search Service) (User: )

Description: Enumerating user sessions to generate filter pools failed.

Details:

(HRESULT : 0x80040210) (0x80040210)

Error: (03/18/2017 06:03:14 PM) (Source: Windows Search Service) (User: )

Description: Enumerating user sessions to generate filter pools failed.

Details:

(HRESULT : 0x80040210) (0x80040210)

Error: (03/18/2017 06:03:14 PM) (Source: Windows Search Service) (User: )

Description: Enumerating user sessions to generate filter pools failed.

Details:

(HRESULT : 0x80040210) (0x80040210)

Error: (03/18/2017 06:03:14 PM) (Source: Windows Search Service) (User: )

Description: Enumerating user sessions to generate filter pools failed.

Details:

(HRESULT : 0x80040210) (0x80040210)

Error: (03/18/2017 06:03:14 PM) (Source: Windows Search Service) (User: )

Description: Enumerating user sessions to generate filter pools failed.

Details:

(HRESULT : 0x80040210) (0x80040210)

Error: (03/18/2017 06:03:14 PM) (Source: Windows Search Service) (User: )

Description: Enumerating user sessions to generate filter pools failed.

Details:

(HRESULT : 0x80040210) (0x80040210)

Error: (03/18/2017 06:03:14 PM) (Source: Windows Search Service) (User: )

Description: Enumerating user sessions to generate filter pools failed.

Details:

(HRESULT : 0x80040210) (0x80040210)

Error: (03/18/2017 06:03:14 PM) (Source: Windows Search Service) (User: )

Description: Enumerating user sessions to generate filter pools failed.

Details:

(HRESULT : 0x80040210) (0x80040210)

System errors:

=============

Error: (03/19/2017 09:05:58 PM) (Source: Service Control Manager) (User: )

Description: The Windows Logon Updater service failed to start due to the following error:

%%5 = Access is denied.

Error: (03/19/2017 09:05:55 PM) (Source: Service Control Manager) (User: )

Description: The Windows Logon Updater service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

Error: (03/19/2017 06:02:01 PM) (Source: Service Control Manager) (User: )

Description: The Windows Logon Updater service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

Error: (03/19/2017 02:59:34 PM) (Source: Service Control Manager) (User: )

Description: The Windows Logon Updater service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

Error: (03/19/2017 11:57:12 AM) (Source: Service Control Manager) (User: )

Description: The Windows Logon Updater service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

Error: (03/19/2017 11:28:46 AM) (Source: DCOM) (User: DAVEPREHODA-PC)

Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}DavePrehoda-PCDaveS-1-5-21-2997902774-1405300037-1433925904-1000LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (03/19/2017 11:27:23 AM) (Source: DCOM) (User: NT AUTHORITY)

Description: application-specificLocalActivation{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}{F72671A9-012C-4725-9D2F-2A4D32D65169}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (03/19/2017 08:55:54 AM) (Source: Service Control Manager) (User: )

Description: The Windows Logon Updater service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

Error: (03/19/2017 05:54:49 AM) (Source: Service Control Manager) (User: )

Description: The Windows Logon Updater service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

Error: (03/19/2017 02:53:44 AM) (Source: Service Control Manager) (User: )

Description: The Windows Logon Updater service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

Microsoft Office Sessions:

=========================

Error: (03/19/2017 07:09:46 PM) (Source: Application Hang)(User: )

Description: SpyHunter4.exe4.25.6.4782d1401d2a105d3905a5310C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe1ba8d7be-0cf9-11e7-8ef9-dc0ea126fc94

Error: (03/18/2017 06:03:14 PM) (Source: Windows Search Service)(User: )

Description:

Details:

(HRESULT : 0x80040210) (0x80040210)

Error: (03/18/2017 06:03:14 PM) (Source: Windows Search Service)(User: )

Description:

Details:

(HRESULT : 0x80040210) (0x80040210)

Error: (03/18/2017 06:03:14 PM) (Source: Windows Search Service)(User: )

Description:

Details:

(HRESULT : 0x80040210) (0x80040210)

Error: (03/18/2017 06:03:14 PM) (Source: Windows Search Service)(User: )

Description:

Details:

(HRESULT : 0x80040210) (0x80040210)

Error: (03/18/2017 06:03:14 PM) (Source: Windows Search Service)(User: )

Description:

Details:

(HRESULT : 0x80040210) (0x80040210)

Error: (03/18/2017 06:03:14 PM) (Source: Windows Search Service)(User: )

Description:

Details:

(HRESULT : 0x80040210) (0x80040210)

Error: (03/18/2017 06:03:14 PM) (Source: Windows Search Service)(User: )

Description:

Details:

(HRESULT : 0x80040210) (0x80040210)

Error: (03/18/2017 06:03:14 PM) (Source: Windows Search Service)(User: )

Description:

Details:

(HRESULT : 0x80040210) (0x80040210)

Error: (03/18/2017 06:03:14 PM) (Source: Windows Search Service)(User: )

Description:

Details:

(HRESULT : 0x80040210) (0x80040210)

CodeIntegrity Errors:

===================================

Date: 2017-03-19 12:09:38.342

Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2017-03-19 12:09:38.300

Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

Date: 2017-03-19 12:09:38.229

Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

Date: 2017-03-19 12:09:37.791

Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2017-03-19 12:09:37.567

Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

Date: 2017-03-19 12:09:37.460

Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

Date: 2017-03-19 12:09:30.345

Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

Date: 2017-03-19 12:09:28.446

Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

Date: 2017-03-19 11:56:34.073

Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2017-03-19 11:56:34.007

Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

=========================== Installed Programs ============================

Adobe Reader XI (11.0.19) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.19 - Adobe Systems Incorporated)

Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)

Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.2.2288 - AVAST Software)

Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)

Broadcom Card Reader Driver Installer (HKLM\...\{F0A7DF2F-0BE0-470F-B137-D7A19F977189}) (Version: 15.4.7.1 - Broadcom Corporation)

Dropbox (HKLM-x32\...\Dropbox) (Version: 21.4.25 - Dropbox, Inc.)

Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden

ELAN Touchpad 11.15.0.18_X64 (HKLM\...\Elantech) (Version: 11.15.0.18 - ELAN Microelectronic Corp.)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)

Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)

Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.32.7 - Google Inc.) Hidden

Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden

Home Designer Pro 2017 (64 bit) (HKLM\...\{A8C6669D-D5D7-4DB2-BC99-738F7CD1128D}) (Version: 18.3.0.0 - Chief Architect)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)

iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)

Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)

Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50905.0 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

SafeZone Stable 3.55.2393.590 (HKLM-x32\...\SafeZone 3.55.2393.590) (Version: 3.55.2393.590 - Avast Software) Hidden

SavingsCool (HKLM-x32\...\SavingsCool) (Version: - )

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)

Spotify (HKCU\...\Spotify) (Version: 1.0.50.41368.gbd68dbef - Spotify AB)

SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.25.6.4782 - Enigma Software Group, LLC)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated)

TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.41110 - TeamViewer)

========================= Memory info: ===================================

Percentage of memory in use: 66%

Total physical RAM: 3947.86 MB

Available physical RAM: 1318.68 MB

Total Virtual: 7915.86 MB

Available Virtual: 3963.05 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:297.52 GB) (Free:228.47 GB) NTFS

========================= Users: ========================================

User accounts for \\DAVEPREHODA-PC

Administrator Dave DefaultAccount

giann Guest octav

**** End of log ****

Back to top

#4 boopme

To Insanity and Beyond

Global Moderator
73,573 posts
OFFLINE

Gender:Male
Location:NJ USA
Local time:12:26 PM

Posted 20 March 2017 - 10:40 AM

Good , do the rest.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

Back to top

#5 rlswett

Topic Starter

Members
16 posts
OFFLINE

Local time:01:26 PM

Posted 20 March 2017 - 12:32 PM

Adw Cleaner logfile:

# AdwCleaner v6.044 - Logfile created 20/03/2017 at 13:29:56

# Updated on 28/02/2017 by Malwarebytes

# Database : 2017-03-20.1 [Server]

# Operating System : Windows 10 Home (X64)

# Username : Dave - DAVEPREHODA-PC

# Running from : C:\Users\Dave\Downloads\AdwCleaner.exe

# Mode: Scan

# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

Folder Found: C:\Users\Dave\AppData\Roaming\InstantSupport

Folder Found: C:\Users\Dave\AppData\Roaming\Enigma Software Group

Folder Found: C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\peglehonblabfemopkgmfcpofbchegcl

Folder Found: C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\peglehonblabfemopkgmfcpofbchegcl

Folder Found: C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk

***** [ Files ] *****

File Found: C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_peglehonblabfemopkgmfcpofbchegcl_0.localstorage

File Found: C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_peglehonblabfemopkgmfcpofbchegcl_0.localstorage-journal

File Found: C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mallpejgeafdahhflmliiahjdpgbegpk_0.localstorage

File Found: C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mallpejgeafdahhflmliiahjdpgbegpk_0.localstorage-journal

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious keys found.

***** [ Shortcuts ] *****

No infected shortcut found.

***** [ Scheduled Tasks ] *****

No malicious task found.

***** [ Registry ] *****

Key Found: HKLM\SOFTWARE\Classes\protector_dll.Protector

Key Found: HKLM\SOFTWARE\Classes\protector_dll.Protector.1

Key Found: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho

Key Found: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1

Key Found: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib

Key Found: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1

Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector

Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1

Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho

Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1

Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib

Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1

Key Found: HKU\S-1-5-21-2997902774-1405300037-1433925904-1000\Software\WebDiscoverBrowser

Key Found: HKU\S-1-5-21-2997902774-1405300037-1433925904-1000\Software\InSTab

Key Found: HKU\S-1-5-21-2997902774-1405300037-1433925904-1000\Software\ACPTab

Key Found: HKU\S-1-5-21-2997902774-1405300037-1433925904-1000\Software\SavingsCool

Key Found: HKCU\Software\WebDiscoverBrowser

Key Found: HKCU\Software\InSTab

Key Found: HKCU\Software\ACPTab

Key Found: HKCU\Software\SavingsCool

Key Found: HKLM\SOFTWARE\PCAcceleratePro

Key Found: HKLM\SOFTWARE\SavingsCool

Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SavingsCool

Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyHunter

Key Found: [x64] HKCU\Software\WebDiscoverBrowser

Key Found: [x64] HKCU\Software\InSTab

Key Found: [x64] HKCU\Software\ACPTab

Key Found: [x64] HKCU\Software\SavingsCool

Key Found: [x64] HKLM\SOFTWARE\WebDiscoverBrowser

Key Found: HKU\S-1-5-21-2997902774-1405300037-1433925904-1000\Software\Microsoft\Internet Explorer\SearchScopes\{1711FC25-F05A-40CE-B859-A0C1CF01FD18}

Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1711FC25-F05A-40CE-B859-A0C1CF01FD18}

Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1711FC25-F05A-40CE-B859-A0C1CF01FD18}

Key Found: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com

Key Found: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\azlyrics.com

Key Found: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dotomi.com

Key Found: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\fromdoctopdf.dl.tb.ask.com

Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com

Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\azlyrics.com

Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dotomi.com

Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\fromdoctopdf.dl.tb.ask.com

Value Found: HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [PCAcceleratePro.exe]

Value Found: HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION [PCAcceleratePro.exe]

***** [ Web browsers ] *****

No malicious Firefox based browser items found.

Chrome pref Found: [C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - mallpejgeafdahhflmliiahjdpgbegpk

Chrome pref Found: [C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - peglehonblabfemopkgmfcpofbchegcl

Chrome pref Found: [C:\Users\giann\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com

Chrome pref Found: [C:\Users\giann\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com

Chrome pref Found: [C:\Users\octav\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com

Chrome pref Found: [C:\Users\octav\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [5733 Bytes] - [20/03/2017 13:29:56]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5806 Bytes] ##########

Edited by rlswett, 20 March 2017 - 12:39 PM.

Back to top

#6 rlswett

Topic Starter

Members
16 posts
OFFLINE

Local time:01:26 PM

Posted 20 March 2017 - 12:38 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes

Version: 8.1.2 (03.10.2017)

Operating System: Windows 10 Home x64

Ran by Dave (Administrator) on Mon 03/20/2017 at 13:33:34.31

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 8

Successfully deleted: C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk (Folder)

Successfully deleted: C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\peglehonblabfemopkgmfcpofbchegcl (Folder)

Successfully deleted: C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\peglehonblabfemopkgmfcpofbchegcl (Folder)

Successfully deleted: C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mallpejgeafdahhflmliiahjdpgbegpk_0.localstorage-journal (File)

Successfully deleted: C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mallpejgeafdahhflmliiahjdpgbegpk_0.localstorage (File)

Successfully deleted: C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_peglehonblabfemopkgmfcpofbchegcl_0.localstorage-journal (File)

Successfully deleted: C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_peglehonblabfemopkgmfcpofbchegcl_0.localstorage (File)

Successfully deleted: C:\Program Files (x86)\GUT62D8.tmp (File)

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Mon 03/20/2017 at 13:37:19.79

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Back to top

#7 boopme

To Insanity and Beyond

Global Moderator
73,573 posts
OFFLINE

Gender:Male
Location:NJ USA
Local time:12:26 PM

Posted 20 March 2017 - 01:14 PM

After ESET remove what ADWcleaner found

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator
The tool will start to update the database if one is required.
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Logfile button.
A window will open which lists the logs of your scans.
Click on the Scan tab.
Double-click the most recent scan which will be at the top of the list....the log will appear.
Review the results...see note below
After reviewing the log, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

Back to top

#8 rlswett

Topic Starter

Members
16 posts
OFFLINE

Local time:01:26 PM

Posted 20 March 2017 - 01:44 PM

# AdwCleaner v6.044 - Logfile created 20/03/2017 at 14:34:02

# Updated on 28/02/2017 by Malwarebytes

# Database : 2017-03-20.1 [Local]

# Operating System : Windows 10 Home (X64)

# Username : Dave - DAVEPREHODA-PC

# Running from : C:\Users\Dave\Downloads\AdwCleaner (1).exe

# Mode: Clean

# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder deleted: C:\Users\Dave\AppData\Roaming\InstantSupport

[-] Folder deleted: C:\Users\Dave\AppData\Roaming\Enigma Software Group

***** [ Files ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector

[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector.1

[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho

[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1

[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib

[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1

[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector

[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1

[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho

[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1

[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib

[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1

[-] Key deleted: HKU\S-1-5-21-2997902774-1405300037-1433925904-1000\Software\WebDiscoverBrowser

[-] Key deleted: HKU\S-1-5-21-2997902774-1405300037-1433925904-1000\Software\InSTab

[-] Key deleted: HKU\S-1-5-21-2997902774-1405300037-1433925904-1000\Software\ACPTab

[-] Key deleted: HKU\S-1-5-21-2997902774-1405300037-1433925904-1000\Software\SavingsCool

[#] Key deleted on reboot: HKCU\Software\WebDiscoverBrowser

[#] Key deleted on reboot: HKCU\Software\InSTab

[#] Key deleted on reboot: HKCU\Software\ACPTab

[#] Key deleted on reboot: HKCU\Software\SavingsCool

[-] Key deleted: HKLM\SOFTWARE\PCAcceleratePro

[-] Key deleted: HKLM\SOFTWARE\SavingsCool

[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SavingsCool

[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyHunter

[#] Key deleted on reboot: [x64] HKCU\Software\WebDiscoverBrowser

[#] Key deleted on reboot: [x64] HKCU\Software\InSTab

[#] Key deleted on reboot: [x64] HKCU\Software\ACPTab

[#] Key deleted on reboot: [x64] HKCU\Software\SavingsCool

[-] Key deleted: [x64] HKLM\SOFTWARE\WebDiscoverBrowser

[-] Key deleted: HKU\S-1-5-21-2997902774-1405300037-1433925904-1000\Software\Microsoft\Internet Explorer\SearchScopes\{1711FC25-F05A-40CE-B859-A0C1CF01FD18}

[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1711FC25-F05A-40CE-B859-A0C1CF01FD18}

[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1711FC25-F05A-40CE-B859-A0C1CF01FD18}

[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com

[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\azlyrics.com

[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dotomi.com

[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\fromdoctopdf.dl.tb.ask.com

[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com

[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\azlyrics.com

[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dotomi.com

[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\fromdoctopdf.dl.tb.ask.com

[-] Value deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [PCAcceleratePro.exe]

[-] Value deleted: HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION [PCAcceleratePro.exe]

***** [ Web browsers ] *****

[-] [C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: mallpejgeafdahhflmliiahjdpgbegpk

[-] [C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: peglehonblabfemopkgmfcpofbchegcl

[-] [C:\Users\giann\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com

[-] [C:\Users\giann\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com

[-] [C:\Users\octav\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com

[-] [C:\Users\octav\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com

*************************

:: "Tracing" keys deleted

:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [5060 Bytes] - [20/03/2017 14:34:02]

C:\AdwCleaner\AdwCleaner[S0].txt - [5949 Bytes] - [20/03/2017 13:29:56]

C:\AdwCleaner\AdwCleaner[S1].txt - [5050 Bytes] - [20/03/2017 14:28:15]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [5279 Bytes] ##########

Back to top

#9 boopme

To Insanity and Beyond

Global Moderator
73,573 posts
OFFLINE

Gender:Male
Location:NJ USA
Local time:12:26 PM

Posted 20 March 2017 - 02:06 PM

Did you run ESET and how are things?

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

Back to top

#10 rlswett

Topic Starter

Members
16 posts
OFFLINE

Local time:01:26 PM

Posted 20 March 2017 - 07:07 PM

C:\Users\Dave\AppData\Local\Temp\CSM2232.tmp Win32/Adware.Mongoose application cleaned by deleting

Back to top

#11 rlswett

Topic Starter

Members
16 posts
OFFLINE

Local time:01:26 PM

Posted 20 March 2017 - 07:10 PM

All have been completed, but the problem is not gone. Internet Explorer still pops up automatically with that damn adservinganalytics redirect. HOW is this crap legal?

Back to top

#12 boopme

To Insanity and Beyond

Global Moderator
73,573 posts
OFFLINE

Gender:Male
Location:NJ USA
Local time:12:26 PM

Posted 22 March 2017 - 10:37 AM

Ok, try ..Disable Toolbars and Extensions Add-ons

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

Back to top

#13 rlswett

Topic Starter

Members
16 posts
OFFLINE

Local time:01:26 PM

Posted 22 March 2017 - 12:26 PM

I don't see any suspicious. Here is the list that came up. Do any appear like they shouldn't be there to you?

Name Google Toolbar

Publisher Google Inc

Status Enabled

Architecture 32-bit and 64-bit

File date ‎Sunday, ‎April ‎24, ‎2016, ‏‎10:11 AM

Version 7.5.7619.1252

Load time 0.01 s

Navigation time 0.00 s

Name Google Toolbar Helper

Publisher Google Inc

Status Enabled

Architecture 32-bit and 64-bit

File date ‎Sunday, ‎April ‎24, ‎2016, ‏‎10:11 AM

Version 7.5.7619.1252

Load time 0.00 s

Name Groove GFS Browser Helper

Publisher Microsoft Corporation

Status Disabled

Architecture 32-bit and 64-bit

File date ‎Thursday, ‎December ‎19, ‎2013, ‏‎12:44 AM

Version 14.0.7113.0

Name Office Document Cache Handler

Publisher Microsoft Corporation

Status Disabled

Architecture 32-bit and 64-bit

File date ‎Wednesday, ‎March ‎06, ‎2013, ‏‎7:39 AM

Version 14.0.7011.0

Name Groove Folder Synchronization

Publisher Microsoft Corporation

Status Disabled

Architecture 32-bit and 64-bit

File date ‎Thursday, ‎December ‎19, ‎2013, ‏‎12:44 AM

Version 14.0.7113.0

Name Send to OneNote

Publisher Not Available

Status Enabled

Architecture 32-bit and 64-bit

Name OneNote Linked Notes

Publisher Not Available

Status Enabled

Architecture 32-bit and 64-bit

Name Java™ Plug-In SSV Helper

Publisher Oracle America, Inc.

Status Enabled

Architecture 32-bit

File date ‎Tuesday, ‎January ‎07, ‎2014, ‏‎6:53 PM

Version 7.0.450.18

Load time 0.00 s

Name Java™ Plug-In 2 SSV Helper

Publisher Oracle America, Inc.

Status Enabled

Architecture 32-bit

File date ‎Tuesday, ‎January ‎07, ‎2014, ‏‎6:53 PM

Version 7.0.450.18

Load time 0.03 s

Back to top

#14 boopme

To Insanity and Beyond

Global Moderator
73,573 posts
OFFLINE

Gender:Male
Location:NJ USA
Local time:12:26 PM

Posted 22 March 2017 - 01:01 PM

Try disabling one at a time and see if the redirect stops. If not we'll get a deeper look at the system.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

Back to top

#15 rlswett

Topic Starter

Members
16 posts
OFFLINE

Local time:01:26 PM

Posted 23 March 2017 - 07:23 AM

First of all, thanks SO MUCH for all the time you've spent walking me through this. Unfortunately disabling the entire list one at a time and waiting didn't work. The redirect ALWAYS popped up.

I'm using google chrome to talk to you now. Do you think it's prudent to uninstall internet explorer? And if so, why did Windows 10 make it SO counter intuitive to find control panel and do to so? I feel like I've lost my mind.