Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HELP! http://click.adservinganalytics.com/redirect.php?ID=1363348535


  • This topic is locked This topic is locked
21 replies to this topic

#1 rlswett

rlswett

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:09 PM

Posted 19 March 2017 - 07:32 PM

PLEASE HELP.  I am computer literate, but no expert.  My partner must have clicked on SOMETHING and now http://click.adservinganalytics.com/redirect.php?ID=1363348535 randomly hijacks Internet Explorer, regularly and often.  Random pop-ups drive me through the ROOF and google has been literally of no use.

 

SOMEBODY SAVE ME!  I have Windows 10 Home on this machine.

 

 

Moved from Windows 10 to Am I Infected

NickAu


Edited by NickAu, 19 March 2017 - 07:43 PM.
Mod Edit


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 69,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:09 PM

Posted 19 March 2017 - 07:57 PM

Hello riswett, run these next and see how it is.
 
3Al62Pm.pngMiniToolBox
  • Please download MiniToolBox, save it to your desktop and run it.
  • Checkmark the following checkboxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
zcMPezJ.pngAdwCleaner
  • Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
lv0mVRW.pngJunkware Removal Tool
  • Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
cvMlKv6.pngESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 rlswett

rlswett
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:09 PM

Posted 20 March 2017 - 09:18 AM

Mini toolbox result: (working on the rest of your instructions now)
 

MiniToolBox by Farbar  Version: 17-06-2016
Ran by Dave (administrator) on 20-03-2017 at 10:17:06
Running from "C:\Users\Dave\Downloads"
Microsoft Windows 10 Home  (X64)
Model: NV57H Manufacturer: Gateway
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
ProxyServer: http=127.0.0.1:47574
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
========================= IP Configuration: ================================
 
Qualcomm Atheros AR5B97 Wireless Network Adapter = Wireless Network Connection (Connected)
Broadcom NetLink ™ Gigabit Ethernet = Local Area Connection (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global
set interface interface="Wireless Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : DavePrehoda-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : nycap.rr.com
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet
   Physical Address. . . . . . . . . : DC-0E-A1-26-FC-94
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Local Area Connection* 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 16-39-E5-62-75-4E
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : nycap.rr.com
   Description . . . . . . . . . . . : Atheros AR5B97 Wireless Network Adapter
   Physical Address. . . . . . . . . : 94-39-E5-62-75-4E
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::c0e4:b180:6173:1458%2(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.0.8(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Sunday, March 19, 2017 7:10:28 PM
   Lease Expires . . . . . . . . . . : Monday, March 20, 2017 11:10:30 AM
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 244595173
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-5E-4A-9D-94-39-E5-62-75-4E
   DNS Servers . . . . . . . . . . . : 209.18.47.62
                                       209.18.47.61
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap.nycap.rr.com:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : nycap.rr.com
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 3:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:2c90:38bf:539b:498(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::2c90:38bf:539b:498%5(Preferred) 
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 67108864
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-5E-4A-9D-94-39-E5-62-75-4E
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  dns-cac-lb-02.rr.com
Address:  209.18.47.62
 
Name:    google.com
Addresses:  2607:f8b0:4006:80c::200e
 216.58.192.206
 
 
Pinging google.com [216.58.219.206] with 32 bytes of data:
Reply from 216.58.219.206: bytes=32 time=38ms TTL=56
Reply from 216.58.219.206: bytes=32 time=36ms TTL=56
 
Ping statistics for 216.58.219.206:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 36ms, Maximum = 38ms, Average = 37ms
Server:  dns-cac-lb-02.rr.com
Address:  209.18.47.62
 
Name:    yahoo.com
Addresses:  2001:4998:44:204::a7
 2001:4998:58:c02::a9
 2001:4998:c:a06::2:4008
 98.139.183.24
 206.190.36.45
 98.138.253.109
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=40ms TTL=48
Reply from 98.139.183.24: bytes=32 time=52ms TTL=48
 
Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 40ms, Maximum = 52ms, Average = 46ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  7...dc 0e a1 26 fc 94 ......Broadcom NetLink ™ Gigabit Ethernet
  8...16 39 e5 62 75 4e ......Microsoft Wi-Fi Direct Virtual Adapter
  2...94 39 e5 62 75 4e ......Atheros AR5B97 Wireless Network Adapter
  1...........................Software Loopback Interface 1
  6...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
  5...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1      192.168.0.8     50
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.0.0    255.255.255.0         On-link       192.168.0.8    306
      192.168.0.8  255.255.255.255         On-link       192.168.0.8    306
    192.168.0.255  255.255.255.255         On-link       192.168.0.8    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link       192.168.0.8    306
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link       192.168.0.8    306
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  5    331 ::/0                     On-link
  1    331 ::1/128                  On-link
  5    331 2001::/32                On-link
  5    331 2001:0:9d38:6ab8:2c90:38bf:539b:498/128
                                    On-link
  2    306 fe80::/64                On-link
  5    331 fe80::/64                On-link
  5    331 fe80::2c90:38bf:539b:498/128
                                    On-link
  2    306 fe80::c0e4:b180:6173:1458/128
                                    On-link
  1    331 ff00::/8                 On-link
  2    306 ff00::/8                 On-link
  5    331 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\SysWOW64\NLAapi.dll [65024] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\napinsp.dll [55808] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [24064] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128] (Apple Inc.)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [133392] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (03/19/2017 07:09:46 PM) (Source: Application Hang) (User: )
Description: The program SpyHunter4.exe version 4.25.6.4782 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: d14
 
Start Time: 01d2a105d3905a53
 
Termination Time: 10
 
Application Path: C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
 
Report Id: 1ba8d7be-0cf9-11e7-8ef9-dc0ea126fc94
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (03/18/2017 06:03:14 PM) (Source: Windows Search Service) (User: )
Description: Enumerating user sessions to generate filter pools failed.
 
 
Details:
(HRESULT : 0x80040210) (0x80040210)
 
Error: (03/18/2017 06:03:14 PM) (Source: Windows Search Service) (User: )
Description: Enumerating user sessions to generate filter pools failed.
 
 
Details:
(HRESULT : 0x80040210) (0x80040210)
 
Error: (03/18/2017 06:03:14 PM) (Source: Windows Search Service) (User: )
Description: Enumerating user sessions to generate filter pools failed.
 
 
Details:
(HRESULT : 0x80040210) (0x80040210)
 
Error: (03/18/2017 06:03:14 PM) (Source: Windows Search Service) (User: )
Description: Enumerating user sessions to generate filter pools failed.
 
 
Details:
(HRESULT : 0x80040210) (0x80040210)
 
Error: (03/18/2017 06:03:14 PM) (Source: Windows Search Service) (User: )
Description: Enumerating user sessions to generate filter pools failed.
 
 
Details:
(HRESULT : 0x80040210) (0x80040210)
 
Error: (03/18/2017 06:03:14 PM) (Source: Windows Search Service) (User: )
Description: Enumerating user sessions to generate filter pools failed.
 
 
Details:
(HRESULT : 0x80040210) (0x80040210)
 
Error: (03/18/2017 06:03:14 PM) (Source: Windows Search Service) (User: )
Description: Enumerating user sessions to generate filter pools failed.
 
 
Details:
(HRESULT : 0x80040210) (0x80040210)
 
Error: (03/18/2017 06:03:14 PM) (Source: Windows Search Service) (User: )
Description: Enumerating user sessions to generate filter pools failed.
 
 
Details:
(HRESULT : 0x80040210) (0x80040210)
 
Error: (03/18/2017 06:03:14 PM) (Source: Windows Search Service) (User: )
Description: Enumerating user sessions to generate filter pools failed.
 
 
Details:
(HRESULT : 0x80040210) (0x80040210)
 
 
System errors:
=============
Error: (03/19/2017 09:05:58 PM) (Source: Service Control Manager) (User: )
Description: The Windows Logon Updater service failed to start due to the following error: 
%%5 = Access is denied.
 
 
Error: (03/19/2017 09:05:55 PM) (Source: Service Control Manager) (User: )
Description: The Windows Logon Updater service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
 
Error: (03/19/2017 06:02:01 PM) (Source: Service Control Manager) (User: )
Description: The Windows Logon Updater service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
 
Error: (03/19/2017 02:59:34 PM) (Source: Service Control Manager) (User: )
Description: The Windows Logon Updater service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
 
Error: (03/19/2017 11:57:12 AM) (Source: Service Control Manager) (User: )
Description: The Windows Logon Updater service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
 
Error: (03/19/2017 11:28:46 AM) (Source: DCOM) (User: DAVEPREHODA-PC)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}DavePrehoda-PCDaveS-1-5-21-2997902774-1405300037-1433925904-1000LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (03/19/2017 11:27:23 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}{F72671A9-012C-4725-9D2F-2A4D32D65169}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (03/19/2017 08:55:54 AM) (Source: Service Control Manager) (User: )
Description: The Windows Logon Updater service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
 
Error: (03/19/2017 05:54:49 AM) (Source: Service Control Manager) (User: )
Description: The Windows Logon Updater service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
 
Error: (03/19/2017 02:53:44 AM) (Source: Service Control Manager) (User: )
Description: The Windows Logon Updater service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
Error: (03/19/2017 07:09:46 PM) (Source: Application Hang)(User: )
Description: SpyHunter4.exe4.25.6.4782d1401d2a105d3905a5310C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe1ba8d7be-0cf9-11e7-8ef9-dc0ea126fc94
 
Error: (03/18/2017 06:03:14 PM) (Source: Windows Search Service)(User: )
Description: 
Details:
(HRESULT : 0x80040210) (0x80040210)
 
Error: (03/18/2017 06:03:14 PM) (Source: Windows Search Service)(User: )
Description: 
Details:
(HRESULT : 0x80040210) (0x80040210)
 
Error: (03/18/2017 06:03:14 PM) (Source: Windows Search Service)(User: )
Description: 
Details:
(HRESULT : 0x80040210) (0x80040210)
 
Error: (03/18/2017 06:03:14 PM) (Source: Windows Search Service)(User: )
Description: 
Details:
(HRESULT : 0x80040210) (0x80040210)
 
Error: (03/18/2017 06:03:14 PM) (Source: Windows Search Service)(User: )
Description: 
Details:
(HRESULT : 0x80040210) (0x80040210)
 
Error: (03/18/2017 06:03:14 PM) (Source: Windows Search Service)(User: )
Description: 
Details:
(HRESULT : 0x80040210) (0x80040210)
 
Error: (03/18/2017 06:03:14 PM) (Source: Windows Search Service)(User: )
Description: 
Details:
(HRESULT : 0x80040210) (0x80040210)
 
Error: (03/18/2017 06:03:14 PM) (Source: Windows Search Service)(User: )
Description: 
Details:
(HRESULT : 0x80040210) (0x80040210)
 
Error: (03/18/2017 06:03:14 PM) (Source: Windows Search Service)(User: )
Description: 
Details:
(HRESULT : 0x80040210) (0x80040210)
 
 
CodeIntegrity Errors:
===================================
  Date: 2017-03-19 12:09:38.342
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-03-19 12:09:38.300
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-03-19 12:09:38.229
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-03-19 12:09:37.791
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-03-19 12:09:37.567
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-03-19 12:09:37.460
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-03-19 12:09:30.345
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-03-19 12:09:28.446
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-03-19 11:56:34.073
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-03-19 11:56:34.007
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
 
 
=========================== Installed Programs ============================
 
Adobe Reader XI (11.0.19) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.19 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.2.2288 - AVAST Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Broadcom Card Reader Driver Installer (HKLM\...\{F0A7DF2F-0BE0-470F-B137-D7A19F977189}) (Version: 15.4.7.1 - Broadcom Corporation)
Dropbox (HKLM-x32\...\Dropbox) (Version: 21.4.25 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
ELAN Touchpad 11.15.0.18_X64 (HKLM\...\Elantech) (Version: 11.15.0.18 - ELAN Microelectronic Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.32.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Home Designer Pro 2017 (64 bit) (HKLM\...\{A8C6669D-D5D7-4DB2-BC99-738F7CD1128D}) (Version: 18.3.0.0 - Chief Architect)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50905.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
SafeZone Stable 3.55.2393.590 (HKLM-x32\...\SafeZone 3.55.2393.590) (Version: 3.55.2393.590 - Avast Software) Hidden
SavingsCool (HKLM-x32\...\SavingsCool) (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Spotify (HKCU\...\Spotify) (Version: 1.0.50.41368.gbd68dbef - Spotify AB)
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.25.6.4782 - Enigma Software Group, LLC)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.41110 - TeamViewer)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 66%
Total physical RAM: 3947.86 MB
Available physical RAM: 1318.68 MB
Total Virtual: 7915.86 MB
Available Virtual: 3963.05 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:297.52 GB) (Free:228.47 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\DAVEPREHODA-PC
 
Administrator            Dave                     DefaultAccount           
giann                    Guest                    octav                    
 
 
**** End of log ****


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 69,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:09 PM

Posted 20 March 2017 - 10:40 AM

Good , do the rest.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 rlswett

rlswett
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:09 PM

Posted 20 March 2017 - 12:32 PM

Adw Cleaner logfile:
 

# AdwCleaner v6.044 - Logfile created 20/03/2017 at 13:29:56
# Updated on 28/02/2017 by Malwarebytes
# Database : 2017-03-20.1 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : Dave - DAVEPREHODA-PC
# Running from : C:\Users\Dave\Downloads\AdwCleaner.exe
# Mode: Scan
 
 
 
***** [ Services ] *****
 
No malicious services found.
 
 
***** [ Folders ] *****
 
Folder Found:  C:\Users\Dave\AppData\Roaming\InstantSupport
Folder Found:  C:\Users\Dave\AppData\Roaming\Enigma Software Group
Folder Found:  C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\peglehonblabfemopkgmfcpofbchegcl
Folder Found:  C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\peglehonblabfemopkgmfcpofbchegcl
Folder Found:  C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk
 
 
***** [ Files ] *****
 
File Found:  C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_peglehonblabfemopkgmfcpofbchegcl_0.localstorage
File Found:  C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_peglehonblabfemopkgmfcpofbchegcl_0.localstorage-journal
File Found:  C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mallpejgeafdahhflmliiahjdpgbegpk_0.localstorage
File Found:  C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mallpejgeafdahhflmliiahjdpgbegpk_0.localstorage-journal
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
No malicious task found.
 
 
***** [ Registry ] *****
 
Key Found:  HKLM\SOFTWARE\Classes\protector_dll.Protector
Key Found:  HKLM\SOFTWARE\Classes\protector_dll.Protector.1
Key Found:  HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
Key Found:  HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
Key Found:  HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
Key Found:  HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector
Key Found:  [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
Key Found:  [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
Key Found:  [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
Key Found:  HKU\S-1-5-21-2997902774-1405300037-1433925904-1000\Software\WebDiscoverBrowser
Key Found:  HKU\S-1-5-21-2997902774-1405300037-1433925904-1000\Software\InSTab
Key Found:  HKU\S-1-5-21-2997902774-1405300037-1433925904-1000\Software\ACPTab
Key Found:  HKU\S-1-5-21-2997902774-1405300037-1433925904-1000\Software\SavingsCool
Key Found:  HKCU\Software\WebDiscoverBrowser
Key Found:  HKCU\Software\InSTab
Key Found:  HKCU\Software\ACPTab
Key Found:  HKCU\Software\SavingsCool
Key Found:  HKLM\SOFTWARE\PCAcceleratePro
Key Found:  HKLM\SOFTWARE\SavingsCool
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SavingsCool
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyHunter
Key Found:  [x64] HKCU\Software\WebDiscoverBrowser
Key Found:  [x64] HKCU\Software\InSTab
Key Found:  [x64] HKCU\Software\ACPTab
Key Found:  [x64] HKCU\Software\SavingsCool
Key Found:  [x64] HKLM\SOFTWARE\WebDiscoverBrowser
Key Found:  HKU\S-1-5-21-2997902774-1405300037-1433925904-1000\Software\Microsoft\Internet Explorer\SearchScopes\{1711FC25-F05A-40CE-B859-A0C1CF01FD18}
Key Found:  HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1711FC25-F05A-40CE-B859-A0C1CF01FD18}
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1711FC25-F05A-40CE-B859-A0C1CF01FD18}
Key Found:  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Found:  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\azlyrics.com
Key Found:  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dotomi.com
Key Found:  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\fromdoctopdf.dl.tb.ask.com
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\azlyrics.com
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dotomi.com
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\fromdoctopdf.dl.tb.ask.com
Value Found:  HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [PCAcceleratePro.exe]
Value Found:  HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION [PCAcceleratePro.exe]
 
 
***** [ Web browsers ] *****
 
No malicious Firefox based browser items found.
Chrome pref Found:  [C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - mallpejgeafdahhflmliiahjdpgbegpk
Chrome pref Found:  [C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - peglehonblabfemopkgmfcpofbchegcl
Chrome pref Found:  [C:\Users\giann\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found:  [C:\Users\giann\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com
Chrome pref Found:  [C:\Users\octav\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found:  [C:\Users\octav\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com
 
*************************
 
C:\AdwCleaner\AdwCleaner[S0].txt - [5733 Bytes] - [20/03/2017 13:29:56]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5806 Bytes] ##########

Edited by rlswett, 20 March 2017 - 12:39 PM.


#6 rlswett

rlswett
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:09 PM

Posted 20 March 2017 - 12:38 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.2 (03.10.2017)
Operating System: Windows 10 Home x64 
Ran by Dave (Administrator) on Mon 03/20/2017 at 13:33:34.31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 8 
 
Successfully deleted: C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk (Folder) 
Successfully deleted: C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\peglehonblabfemopkgmfcpofbchegcl (Folder) 
Successfully deleted: C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\peglehonblabfemopkgmfcpofbchegcl (Folder) 
Successfully deleted: C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mallpejgeafdahhflmliiahjdpgbegpk_0.localstorage-journal (File) 
Successfully deleted: C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mallpejgeafdahhflmliiahjdpgbegpk_0.localstorage (File) 
Successfully deleted: C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_peglehonblabfemopkgmfcpofbchegcl_0.localstorage-journal (File) 
Successfully deleted: C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_peglehonblabfemopkgmfcpofbchegcl_0.localstorage (File) 
Successfully deleted: C:\Program Files (x86)\GUT62D8.tmp (File) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 03/20/2017 at 13:37:19.79
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 69,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:09 PM

Posted 20 March 2017 - 01:14 PM

After ESET remove what ADWcleaner found


Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
  • -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 rlswett

rlswett
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:09 PM

Posted 20 March 2017 - 01:44 PM

# AdwCleaner v6.044 - Logfile created 20/03/2017 at 14:34:02
# Updated on 28/02/2017 by Malwarebytes
# Database : 2017-03-20.1 [Local]
# Operating System : Windows 10 Home  (X64)
# Username : Dave - DAVEPREHODA-PC
# Running from : C:\Users\Dave\Downloads\AdwCleaner (1).exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\Users\Dave\AppData\Roaming\InstantSupport
[-] Folder deleted: C:\Users\Dave\AppData\Roaming\Enigma Software Group
 
 
***** [ Files ] *****
 
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Key deleted: HKU\S-1-5-21-2997902774-1405300037-1433925904-1000\Software\WebDiscoverBrowser
[-] Key deleted: HKU\S-1-5-21-2997902774-1405300037-1433925904-1000\Software\InSTab
[-] Key deleted: HKU\S-1-5-21-2997902774-1405300037-1433925904-1000\Software\ACPTab
[-] Key deleted: HKU\S-1-5-21-2997902774-1405300037-1433925904-1000\Software\SavingsCool
[#] Key deleted on reboot: HKCU\Software\WebDiscoverBrowser
[#] Key deleted on reboot: HKCU\Software\InSTab
[#] Key deleted on reboot: HKCU\Software\ACPTab
[#] Key deleted on reboot: HKCU\Software\SavingsCool
[-] Key deleted: HKLM\SOFTWARE\PCAcceleratePro
[-] Key deleted: HKLM\SOFTWARE\SavingsCool
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SavingsCool
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyHunter
[#] Key deleted on reboot: [x64] HKCU\Software\WebDiscoverBrowser
[#] Key deleted on reboot: [x64] HKCU\Software\InSTab
[#] Key deleted on reboot: [x64] HKCU\Software\ACPTab
[#] Key deleted on reboot: [x64] HKCU\Software\SavingsCool
[-] Key deleted: [x64] HKLM\SOFTWARE\WebDiscoverBrowser
[-] Key deleted: HKU\S-1-5-21-2997902774-1405300037-1433925904-1000\Software\Microsoft\Internet Explorer\SearchScopes\{1711FC25-F05A-40CE-B859-A0C1CF01FD18}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1711FC25-F05A-40CE-B859-A0C1CF01FD18}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1711FC25-F05A-40CE-B859-A0C1CF01FD18}
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\azlyrics.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dotomi.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\fromdoctopdf.dl.tb.ask.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\azlyrics.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dotomi.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\fromdoctopdf.dl.tb.ask.com
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [PCAcceleratePro.exe]
[-] Value deleted: HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION [PCAcceleratePro.exe]
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: mallpejgeafdahhflmliiahjdpgbegpk
[-] [C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: peglehonblabfemopkgmfcpofbchegcl
[-] [C:\Users\giann\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\giann\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\octav\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\octav\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [5060 Bytes] - [20/03/2017 14:34:02]
C:\AdwCleaner\AdwCleaner[S0].txt - [5949 Bytes] - [20/03/2017 13:29:56]
C:\AdwCleaner\AdwCleaner[S1].txt - [5050 Bytes] - [20/03/2017 14:28:15]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [5279 Bytes] ##########


#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 69,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:09 PM

Posted 20 March 2017 - 02:06 PM

Did you run ESET and how are things?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 rlswett

rlswett
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:09 PM

Posted 20 March 2017 - 07:07 PM

C:\Users\Dave\AppData\Local\Temp\CSM2232.tmp Win32/Adware.Mongoose application cleaned by deleting



#11 rlswett

rlswett
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:09 PM

Posted 20 March 2017 - 07:10 PM

All have been completed, but the problem is not gone.  Internet Explorer still pops up automatically with that damn adservinganalytics redirect.  HOW is this crap legal?



#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 69,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:09 PM

Posted 22 March 2017 - 10:37 AM

Ok, try ..Disable Toolbars and Extensions Add-ons
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 rlswett

rlswett
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:09 PM

Posted 22 March 2017 - 12:26 PM

I don't see any suspicious. Here is the list that came up.  Do any appear like they shouldn't be there to you?

 

Name                   Google Toolbar
Publisher              Google Inc
Status                 Enabled
Architecture           32-bit and 64-bit
File date              ‎Sunday, ‎April ‎24, ‎2016, ‏‎10:11 AM
Version                7.5.7619.1252
Load time              0.01 s
Navigation time        0.00 s
 
Name                   Google Toolbar Helper
Publisher              Google Inc
Status                 Enabled
Architecture           32-bit and 64-bit
File date              ‎Sunday, ‎April ‎24, ‎2016, ‏‎10:11 AM
Version                7.5.7619.1252
Load time              0.00 s
 
Name                   Groove GFS Browser Helper
Publisher              Microsoft Corporation
Status                 Disabled
Architecture           32-bit and 64-bit
File date              ‎Thursday, ‎December ‎19, ‎2013, ‏‎12:44 AM
Version                14.0.7113.0
 
Name                   Office Document Cache Handler
Publisher              Microsoft Corporation
Status                 Disabled
Architecture           32-bit and 64-bit
File date              ‎Wednesday, ‎March ‎06, ‎2013, ‏‎7:39 AM
Version                14.0.7011.0
 
Name                   Groove Folder Synchronization
Publisher              Microsoft Corporation
Status                 Disabled
Architecture           32-bit and 64-bit
File date              ‎Thursday, ‎December ‎19, ‎2013, ‏‎12:44 AM
Version                14.0.7113.0
 
Name                   Send to OneNote
Publisher              Not Available
Status                 Enabled
Architecture           32-bit and 64-bit
 
Name                   OneNote Linked Notes
Publisher              Not Available
Status                 Enabled
Architecture           32-bit and 64-bit
 
Name                   Java™ Plug-In SSV Helper
Publisher              Oracle America, Inc.
Status                 Enabled
Architecture           32-bit
File date              ‎Tuesday, ‎January ‎07, ‎2014, ‏‎6:53 PM
Version                7.0.450.18
Load time              0.00 s
 
Name                   Java™ Plug-In 2 SSV Helper
Publisher              Oracle America, Inc.
Status                 Enabled
Architecture           32-bit
File date              ‎Tuesday, ‎January ‎07, ‎2014, ‏‎6:53 PM
Version                7.0.450.18
Load time              0.03 s


#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 69,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:09 PM

Posted 22 March 2017 - 01:01 PM

Try disabling one at a time and see if the redirect stops. If not we'll get a deeper look at the system.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 rlswett

rlswett
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:09 PM

Posted 23 March 2017 - 07:23 AM

First of all, thanks SO MUCH for all the time you've spent walking me through this.  Unfortunately disabling the entire list one at a time and waiting didn't work.  The redirect ALWAYS popped up.

 

I'm using google chrome to talk to you now.  Do you think it's prudent to uninstall internet explorer?  And if so, why did Windows 10 make it SO counter intuitive to find control panel and do to so? I feel like I've lost my mind.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users