Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    The Week in Ransomware - October 19th 2018 - GandCrab, Birbware, and More

Featured Deal: Get The Pay What You Want: AWS Cloud Development Bundle Deal

Photo

Browser hijacker from yahoo?

Started by bubbleit , May 01 2017 05:50 AM

  • Please log in to reply
21 replies to this topic

#1 bubbleit

bubbleit

  • Members
  • 24 posts
  • OFFLINE
    •  
  • Local time:12:05 AM

Posted 01 May 2017 - 05:50 AM

Hello
When i go on yahoo my browser redirects me to strange advertising sites through links like ads.diamonds.com or track.adform.net
 
This browser hijacker works only on yahoo. Other websites do not give me any trouble. Is it a yahoo problem or am I having an adware?
 
Thank you very much for your help :)

BC AdBot (Login to Remove)

 

#2 Dooms_Daisy

Dooms_Daisy

  • Members
  • 10 posts
  • OFFLINE
    •  
  • Local time:06:05 AM

Posted 01 May 2017 - 06:19 AM

That's quite possible. Do you have an antivirus and antimalware software installed? You might also want to think about getting a VPN, even an extension would do.


#3 bubbleit

bubbleit
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
    •  
  • Local time:12:05 AM

Posted 01 May 2017 - 06:42 AM

Yes i have Avast antivirus and Malwarebytes malware. I also use often JRT and adwcleaner :)


#4 iMacg3

iMacg3

    Bleepin' PowerPC G3


  • Malware Study Hall Senior
  • 1,473 posts
  • ONLINE
    •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:06:05 PM

Posted 01 May 2017 - 12:29 PM

This is not a Yahoo.com problem, as it works fine for me. Please follow the below instructions.

 

Download Farbar MiniToolBox and save the file to your desktop.

  1. Open MiniToolBox by right-clicking it and selecting Run as Administrator.

  2. Make sure the following options are checked and then click Go:

Report IE Proxy Settings

Report FF Proxy Settings

List content of Hosts

List IP configuration

List Winsock Entries

List last 10 Event Viewer log

List Installed Programs

List Devices (Don't change any settings here)

List Users, Partitions and Memory size

List Restore Points

 

  1. Paste the log file contents into a post.

 

Download ESET Online Scanner and save it to your desktop.

 

  1. Double-click on the ESET Online Scanner icon to launch ESET.

  2. Click through the prompts and select “Enable detection of potentially unwanted applications.”

  3. Click “Scan” and let the tool run.

  4. Once done, click the “Save to text file...” Save the file to your desktop and paste the contents into a post.

Download SecurityCheck by screen317.

 

  1. Click on the downloaded file and follow the instructions in the box on the screen.

  2. Paste the log file contents into a post.

  3. Important: If you get an error message, please restart your computer and try again.


Regards, iMacg3

If I do not reply to your malware removal topic in 48 hours, please send me a PM.

"Do, or do not. There is no try." - Yoda

#5 bubbleit

bubbleit
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
    •  
  • Local time:12:05 AM

Posted 01 May 2017 - 01:20 PM

Thanks for your reply :)

 

MiniToolBox by Farbar  Version: 17-06-2016
Ran by FabrizioZ (administrator) on 01-05-2017 at 19:48:43
Running from "C:\Users\FabrizioZ\Downloads"
Microsoft Windows 8.1  (X64)
Model: SATELLITE L50-B Manufacturer: TOSHIBA
Boot Mode: Normal
***************************************************************************
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
========================= FF Proxy Settings: ============================== 
 
========================= Hosts content: =================================
========================= IP Configuration: ================================
 
Intel® Dual Band Wireless-AC 3160 = Wi-Fi (Connected)
Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)
Bluetooth Device (Personal Area Network) = Connessione di rete Bluetooth (Media disconnected)
 
 
# ----------------------------------
# Configurazione IPv4
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
set interface interface="Connessione alla rete locale (LAN)* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Connessione di rete Bluetooth" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Connessione alla rete locale (LAN)* 4" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# Fine configurazione IPv4
 
 
 
Configurazione IP di Windows
 
   Nome host . . . . . . . . . . . . . . : Fabriziozpc
   Suffisso DNS primario . . . . . . . . : 
   Tipo nodo . . . . . . . . . . . . . . : Ibrido
   Routing IP abilitato. . . . . . . . . : No
   Proxy WINS abilitato . . . . . . . .  : No
 
Scheda LAN wireless Connessione alla rete locale (LAN)* 4:
 
   Stato supporto. . . . . . . . . . . . : Supporto disconnesso
   Suffisso DNS specifico per connessione: 
   Descrizione . . . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Indirizzo fisico. . . . . . . . . . . : D0-7E-35-91-B6-40
   DHCP abilitato. . . . . . . . . . . . : S
   Configurazione automatica abilitata   : S
 
Scheda LAN wireless Wi-Fi:
 
   Suffisso DNS specifico per connessione: 
   Descrizione . . . . . . . . . . . . . : Intel® Dual Band Wireless-AC 3160
   Indirizzo fisico. . . . . . . . . . . : D0-7E-35-91-B6-3F
   DHCP abilitato. . . . . . . . . . . . : S
   Configurazione automatica abilitata   : S
   Indirizzo IPv6 locale rispetto al collegamento . : fe80::5c3a:2f3e:bee9:b323%7(Preferenziale) 
   Indirizzo IPv4. . . . . . . . . . . . : 192.168.1.101(Preferenziale) 
   Subnet mask . . . . . . . . . . . . . : 255.255.255.0
   Lease ottenuto. . . . . . . . . . . . : luned 1 maggio 2017 18:03:33
   Scadenza lease . . . . . . . . . . .  : gioved 4 maggio 2017 18:03:33
   Gateway predefinito . . . . . . . . . : 192.168.1.1
   Server DHCP . . . . . . . . . . . . . : 192.168.1.1
   IAID DHCPv6 . . . . . . . . . . . : 147881525
   DUID Client DHCPv6. . . . . . . . : 00-01-00-01-1C-2D-F2-9F-2C-60-0C-36-52-DE
   Server DNS . . . . . . . . . . . . .  : 192.168.1.1
   NetBIOS su TCP/IP . . . . . . . . . . : Attivato
 
Scheda Ethernet Connessione di rete Bluetooth:
 
   Stato supporto. . . . . . . . . . . . : Supporto disconnesso
   Suffisso DNS specifico per connessione: 
   Descrizione . . . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Indirizzo fisico. . . . . . . . . . . : D0-7E-35-91-B6-43
   DHCP abilitato. . . . . . . . . . . . : S
   Configurazione automatica abilitata   : S
 
Scheda Ethernet Ethernet:
 
   Stato supporto. . . . . . . . . . . . : Supporto disconnesso
   Suffisso DNS specifico per connessione: 
   Descrizione . . . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Indirizzo fisico. . . . . . . . . . . : 2C-60-0C-36-52-DE
   DHCP abilitato. . . . . . . . . . . . : S
   Configurazione automatica abilitata   : S
 
Scheda Tunnel isatap.{3FF4D001-2ED1-4D3D-A558-AB8EF6FC19EE}:
 
   Stato supporto. . . . . . . . . . . . : Supporto disconnesso
   Suffisso DNS specifico per connessione: 
   Descrizione . . . . . . . . . . . . . : Microsoft ISATAP Adapter
   Indirizzo fisico. . . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP abilitato. . . . . . . . . . . . : No
   Configurazione automatica abilitata   : S
 
Scheda Tunnel Teredo Tunneling Pseudo-Interface:
 
   Suffisso DNS specifico per connessione: 
   Descrizione . . . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Indirizzo fisico. . . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP abilitato. . . . . . . . . . . . : No
   Configurazione automatica abilitata   : S
   Indirizzo IPv6 . . . . . . . . . . . . . . . . . : 2001:0:5ef5:79fd:3c30:c737:a009:add2(Preferenziale) 
   Indirizzo IPv6 locale rispetto al collegamento . : fe80::3c30:c737:a009:add2%9(Preferenziale) 
   Gateway predefinito . . . . . . . . . : ::
   IAID DHCPv6 . . . . . . . . . . . : 369098752
   DUID Client DHCPv6. . . . . . . . : 00-01-00-01-1C-2D-F2-9F-2C-60-0C-36-52-DE
   NetBIOS su TCP/IP . . . . . . . . . . : Disattivato
Server:  UnKnown
Address:  192.168.1.1
 
Nome:    google.com
Addresses:  2a00:1450:4002:809::200e
 216.58.205.142
 
 
Esecuzione di Ping google.com [216.58.205.142] con 32 byte di dati:
Risposta da 216.58.205.142: byte=32 durata=61ms TTL=54
Risposta da 216.58.205.142: byte=32 durata=59ms TTL=54
 
Statistiche Ping per 216.58.205.142:
    Pacchetti: Trasmessi = 2, Ricevuti = 2, 
    Persi = 0 (0% persi),
Tempo approssimativo percorsi andata/ritorno in millisecondi:
    Minimo = 59ms, Massimo =  61ms, Medio =  60ms
Server:  UnKnown
Address:  192.168.1.1
 
Nome:    yahoo.com
Addresses:  2001:4998:44:204::a7
 2001:4998:c:a06::2:4008
 2001:4998:58:c02::a9
 98.139.183.24
 206.190.36.45
 98.138.253.109
 
 
Esecuzione di Ping yahoo.com [206.190.36.45] con 32 byte di dati:
Risposta da 206.190.36.45: byte=32 durata=233ms TTL=50
Risposta da 206.190.36.45: byte=32 durata=235ms TTL=50
 
Statistiche Ping per 206.190.36.45:
    Pacchetti: Trasmessi = 2, Ricevuti = 2, 
    Persi = 0 (0% persi),
Tempo approssimativo percorsi andata/ritorno in millisecondi:
    Minimo = 233ms, Massimo =  235ms, Medio =  234ms
 
Esecuzione di Ping 127.0.0.1 con 32 byte di dati:
Risposta da 127.0.0.1: byte=32 durata<1ms TTL=128
Risposta da 127.0.0.1: byte=32 durata<1ms TTL=128
 
Statistiche Ping per 127.0.0.1:
    Pacchetti: Trasmessi = 2, Ricevuti = 2, 
    Persi = 0 (0% persi),
Tempo approssimativo percorsi andata/ritorno in millisecondi:
    Minimo = 0ms, Massimo =  0ms, Medio =  0ms
===========================================================================
Elenco interfacce
  8...d0 7e 35 91 b6 40 ......Microsoft Wi-Fi Direct Virtual Adapter
  7...d0 7e 35 91 b6 3f ......Intel® Dual Band Wireless-AC 3160
  6...d0 7e 35 91 b6 43 ......Bluetooth Device (Personal Area Network)
  3...2c 60 0c 36 52 de ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 10...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
  9...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Tabella route
===========================================================================
Route attive:
     Indirizzo rete             Mask          Gateway     Interfaccia Metrica
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.101     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.101    281
    192.168.1.101  255.255.255.255         On-link     192.168.1.101    281
    192.168.1.255  255.255.255.255         On-link     192.168.1.101    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.101    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.101    281
===========================================================================
Route permanenti:
  Nessuna
 
IPv6 Tabella route
===========================================================================
Route attive:
 Interf Metrica Rete Destinazione      Gateway
  9    306 ::/0                     On-link
  1    306 ::1/128                  On-link
  9    306 2001::/32                On-link
  9    306 2001:0:5ef5:79fd:3c30:c737:a009:add2/128
                                    On-link
  7    281 fe80::/64                On-link
  9    306 fe80::/64                On-link
  9    306 fe80::3c30:c737:a009:add2/128
                                    On-link
  7    281 fe80::5c3a:2f3e:bee9:b323/128
                                    On-link
  1    306 ff00::/8                 On-link
  7    281 ff00::/8                 On-link
  9    306 ff00::/8                 On-link
===========================================================================
Route permanenti:
  Nessuna
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [55296] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [65536] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [23040] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [50688] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [69120] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30720] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (05/01/2017 05:55:23 PM) (Source: Windows Search Service) (User: )
Description: Impossibile inizializzare l'indice.
 
Dettagli:
Impossibile trovare l'oggetto specificato. Specificare il nome di un oggetto esistente.  (HRESULT : 0x80040d06) (0x80040d06)
 
Error: (05/01/2017 05:55:23 PM) (Source: Windows Search Service) (User: )
Description: Impossibile inizializzare l'applicazione.
 
Contesto: applicazione Windows
 
Dettagli:
Impossibile trovare l'oggetto specificato. Specificare il nome di un oggetto esistente.  (HRESULT : 0x80040d06) (0x80040d06)
 
Error: (05/01/2017 05:55:23 PM) (Source: Windows Search Service) (User: )
Description: Impossibile inizializzare l'oggetto Gatherer.
 
Contesto: applicazione Windows, catalogo SystemIndex
 
Dettagli:
Impossibile trovare l'oggetto specificato. Specificare il nome di un oggetto esistente.  (HRESULT : 0x80040d06) (0x80040d06)
 
Error: (05/01/2017 05:55:23 PM) (Source: Windows Search Service) (User: )
Description: Impossibile inizializzare il plug-in <Search.TripoliIndexer>.
 
Contesto: applicazione Windows, catalogo SystemIndex
 
Dettagli:
Impossibile trovare l'oggetto specificato. Specificare il nome di un oggetto esistente.  (HRESULT : 0x80040d06) (0x80040d06)
 
Error: (05/01/2017 05:55:23 PM) (Source: Windows Search Service) (User: )
Description: Impossibile inizializzare il programma di gestione dei plug-in <Search.TripoliIndexer>.
 
Contesto: applicazione Windows
 
Dettagli:
(HRESULT : 0x8e5e0210) (0x8e5e0210)
 
Error: (05/01/2017 05:55:23 PM) (Source: Windows Search Service) (User: )
Description: È in corso l'interruzione del servizio Windows Search. Problema dell'indicizzatore, The catalog is corrupt.
 
Dettagli:
Il catalogo dell'indice del contenuto è danneggiato.   0xc0041801 (0xc0041801)
 
Error: (05/01/2017 05:55:23 PM) (Source: Windows Search Service) (User: )
Description: Il servizio di ricerca ha rilevato dati danneggiati nell'indice {id=4810 - enduser\mssearch2\search\ytrip\common\util\jetutil.cpp (167)}. Il servizio eseguirà un tentativo di correzione automatica del problema mediante la ricreazione dell'indice.
 
Dettagli:
0x8e5e0210 (0x8e5e0210)
 
Error: (05/01/2017 05:55:23 PM) (Source: ESENT) (User: )
Description: SearchIndexer (4564) Windows: Errore -1811 (0xfffff8ed) durante l'apertura del file di registro C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb00046.log.
 
Error: (05/01/2017 03:01:05 AM) (Source: MsiInstaller) (User: Fabriziozpc)
Description: Product: Amazon 1Button App -- Error 1316. L'account specificato esiste già.
 
Error: (04/30/2017 11:01:01 PM) (Source: Windows Search Service) (User: )
Description: Impossibile inizializzare l'indice.
 
Dettagli:
Impossibile trovare l'oggetto specificato. Specificare il nome di un oggetto esistente.  (HRESULT : 0x80040d06) (0x80040d06)
 
 
System errors:
=============
Error: (05/01/2017 05:55:53 PM) (Source: Service Control Manager) (User: )
Description: Il servizio Windows Search non è stato avviato per il seguente errore: 
%%1069 = Il servizio non è stato avviato a causa di un errore in fase di accesso.
 
 
Error: (05/01/2017 05:55:53 PM) (Source: Service Control Manager) (User: )
Description: Servizio WSearch: impossibile accedere come NT AUTHORITY\SYSTEM con la password attualmente configurata. Errore: 
%%50 = Richiesta non supportata.
 
 
Per garantire la corretta configurazione del servizio, utilizzare lo snap-in Servizi in Microsoft Management Console (MMC).
 
Error: (05/01/2017 05:55:51 PM) (Source: Service Control Manager) (User: )
Description: Il servizio Windows Search non è stato avviato per il seguente errore: 
%%1069 = Il servizio non è stato avviato a causa di un errore in fase di accesso.
 
 
Error: (05/01/2017 05:55:51 PM) (Source: Service Control Manager) (User: )
Description: Servizio WSearch: impossibile accedere come NT AUTHORITY\SYSTEM con la password attualmente configurata. Errore: 
%%50 = Richiesta non supportata.
 
 
Per garantire la corretta configurazione del servizio, utilizzare lo snap-in Servizi in Microsoft Management Console (MMC).
 
Error: (05/01/2017 05:55:47 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: Arresto imprevisto del modulo di estendibilità WLAN.
 
Percorso modulo: C:\Windows\System32\IWMSSvc.dll
 
Error: (05/01/2017 05:55:47 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: Arresto imprevisto del modulo di estendibilità WLAN.
 
Percorso modulo: C:\Windows\System32\IWMSSvc.dll
 
Error: (05/01/2017 05:55:42 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: Arresto imprevisto del modulo di estendibilità WLAN.
 
Percorso modulo: C:\Windows\System32\IWMSSvc.dll
 
Error: (05/01/2017 05:55:23 PM) (Source: Service Control Manager) (User: )
Description: Il servizio Windows Search è stato arrestato in modo imprevisto. Questo problema si è verificato 2 volta/e. Le seguenti azioni di correzione saranno eseguite tra 30000 millisecondi: Riavvia il servizio.
 
Error: (05/01/2017 05:55:23 PM) (Source: Service Control Manager) (User: )
Description: Servizio Windows Search terminato con l'errore specifico del servizio 
%%2147749126
 
Error: (05/01/2017 05:55:21 PM) (Source: Service Control Manager) (User: )
Description: Arresto imprevista del servizio TPCH Service. Questo evento si è già verificato 1 volta(e).
 
 
Microsoft Office Sessions:
=========================
Error: (05/01/2017 05:55:23 PM) (Source: Windows Search Service)(User: )
Description: Dettagli:
Impossibile trovare l'oggetto specificato. Specificare il nome di un oggetto esistente.  (HRESULT : 0x80040d06) (0x80040d06)
 
Error: (05/01/2017 05:55:23 PM) (Source: Windows Search Service)(User: )
Description: Contesto: applicazione Windows
 
Dettagli:
Impossibile trovare l'oggetto specificato. Specificare il nome di un oggetto esistente.  (HRESULT : 0x80040d06) (0x80040d06)
 
Error: (05/01/2017 05:55:23 PM) (Source: Windows Search Service)(User: )
Description: Contesto: applicazione Windows, catalogo SystemIndex
 
Dettagli:
Impossibile trovare l'oggetto specificato. Specificare il nome di un oggetto esistente.  (HRESULT : 0x80040d06) (0x80040d06)
 
Error: (05/01/2017 05:55:23 PM) (Source: Windows Search Service)(User: )
Description: Contesto: applicazione Windows, catalogo SystemIndex
 
Dettagli:
Impossibile trovare l'oggetto specificato. Specificare il nome di un oggetto esistente.  (HRESULT : 0x80040d06) (0x80040d06)
Search.TripoliIndexer
 
Error: (05/01/2017 05:55:23 PM) (Source: Windows Search Service)(User: )
Description: Contesto: applicazione Windows
 
Dettagli:
(HRESULT : 0x8e5e0210) (0x8e5e0210)
Search.TripoliIndexer
 
Error: (05/01/2017 05:55:23 PM) (Source: Windows Search Service)(User: )
Description: Dettagli:
Il catalogo dell'indice del contenuto è danneggiato.   0xc0041801 (0xc0041801)
The catalog is corrupt
 
Error: (05/01/2017 05:55:23 PM) (Source: Windows Search Service)(User: )
Description: Dettagli:
0x8e5e0210 (0x8e5e0210)
4810 - enduser\mssearch2\search\ytrip\common\util\jetutil.cpp (167)
 
Error: (05/01/2017 05:55:23 PM) (Source: ESENT)(User: )
Description: SearchIndexer4564Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb00046.log-1811 (0xfffff8ed)
 
Error: (05/01/2017 03:01:05 AM) (Source: MsiInstaller)(User: Fabriziozpc)
Description: Product: Amazon 1Button App -- Error 1316. L'account specificato esiste già.
(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (04/30/2017 11:01:01 PM) (Source: Windows Search Service)(User: )
Description: Dettagli:
Impossibile trovare l'oggetto specificato. Specificare il nome di un oggetto esistente.  (HRESULT : 0x80040d06) (0x80040d06)
 
 
=========================== Installed Programs ============================
 
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Adobe Flash Player 25 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.18) - Italiano (HKLM-x32\...\{AC76BA86-7AD7-1040-7B44-AB0000000001}) (Version: 11.0.18 - Adobe Systems Incorporated)
Amazon 1Button App (HKLM-x32\...\{4D875057-4353-4B8F-93E5-8C3DC7F34EA9}) (Version: 1.0.8 - Amazon)
AMD Catalyst Install Manager (HKLM\...\{4B59EFAF-8E8A-0F20-2AE1-DDF265413161}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.3.2291 - AVAST Software)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
CanoScan LiDE 210 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4809) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.49.0 - Conexant)
CyberLink MediaStory (HKLM-x32\...\InstallShield_{55762F9A-FCE3-45d5-817B-051218658423}) (Version: 1.0.2223 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.4518.05 - CyberLink Corp.)
Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform)
DTS Sound (HKLM-x32\...\{BC95D4AF-4DAC-4350-8BCE-C8BF16A13AE0}) (Version: 1.01.8800 - DTS, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.81 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.115 - Google Inc.) Hidden
HP Deskjet 2540 series Aiuto (HKLM-x32\...\{5498205F-A6B4-4731-9B96-F2F411AFC58D}) (Version: 30.0.0 - Hewlett Packard)
HP Deskjet 2540 series Software di base dispositivo (HKLM\...\{AA6A7206-C950-4BFC-98C3-EAF91DD0F659}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{f5d71765-7cd1-4e68-998f-5b379e725da3}) (Version: 10.0.22 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.30.1072 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3977 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.2.0.1016 - Intel Corporation)
Intel® WiDi (HKLM\...\{32E851D9-FA8D-4F60-BED4-B0F613BF5E20}) (Version: 5.1.18.0 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{72059B36-031F-495E-B1A6-5346A905386E}) (Version: 17.1.1434.02 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{50748ecf-730e-4c86-87be-0346d4aa7aac}) (Version: 17.0.6 - Intel Corporation)
LibreOffice 4.4.6.3 (HKLM-x32\...\{1013DB12-EC2E-455E-B5ED-BFD056DC1A99}) (Version: 4.4.6.3 - The Document Foundation)
Malwarebytes Anti-Malware versione 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 53.0 (x86 it) (HKLM-x32\...\Mozilla Firefox 53.0 (x86 it)) (Version: 53.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 53.0.0.6312 - Mozilla)
OEM Application Profile (HKLM-x32\...\{0405E53E-A68F-0B55-DEA5-5A070E58BD4E}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Opera Stable 44.0.2510.1449 (HKLM-x32\...\Opera 44.0.2510.1449) (Version: 44.0.2510.1449 - Opera Software)
PX Profile Update (HKLM-x32\...\{D5A0DE02-1B3B-7202-4D8A-5791FE0DF07F}) (Version: 1.00.1. - AMD) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29079 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.34.617.2014 - Realtek)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Studio per il miglioramento dei prodotti HP Deskjet 2540 series (HKLM\...\{AE239200-6353-465D-A5BD-DB7D694C8807}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
Symbaloo (HKLM-x32\...\Symbaloo) (Version: 1.0.0 - Symbaloo Launcher by Toshiba Europe GmbH)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.7.18 - Synaptics Incorporated)
TOSHIBA Display Utility (HKLM\...\{CD780B1B-8B32-43BD-81D4-5326C27B36A0}) (Version: 1.2.6.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{94D2A899-0C34-4420-880E-AE337E635AB0}) (Version: 2.5.3.6401 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{1844CFE2-EBA3-490A-8A5E-9BFC646342FD}) (Version: 1.1.5.6402 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.20 - TOSHIBA)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{26BB68BB-CF93-4A12-BC6D-A3B6F53AC8D9}) (Version: 6.1.9.0 - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{A0D34C74-70AC-45E4-9735-A11DA95A5810}) (Version: 4.00.00.6402 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.2.02.7000 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{38732132-C103-4F24-A91A-62B68649B313}) (Version: 2.6.16.0 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0039 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{4D57ED72-6B01-40BD-9CA9-012B8FC09CEB}) (Version: 2.0.5.32002 - Toshiba Corporation)
Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4.6.0 - Toshiba Europe GmbH)
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 31%
Total physical RAM: 8107.14 MB
Available physical RAM: 5581.46 MB
Total Virtual: 9387.14 MB
Available Virtual: 6842.68 MB
 
========================= Partitions: =====================================
 
1 Drive c: (TI31411800A) (Fixed) (Total:918.33 GB) (Free:854.36 GB) NTFS
 
========================= Users: ========================================
 
Account utente per \\FABRIZIOZPC
 
Administrator            FabrizioZ                Guest                    
Esecuzione comando riuscita.
 
========================= Restore Points ==================================
 
12-04-2017 12:01:49 Punto di controllo pianificato
25-04-2017 18:29:42 JRT Pre-Junkware Removal
30-04-2017 14:55:50 Operazione di ripristino
30-04-2017 16:42:17 JRT Pre-Junkware Removal
30-04-2017 17:30:44 JRT Pre-Junkware Removal
01-05-2017 01:00:27 Removed Amazon 1Button App
 
**** End of log ****
 

#6 bubbleit

bubbleit
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
    •  
  • Local time:12:05 AM

Posted 01 May 2017 - 02:50 PM

Eset online scanner reports browser-care-setup.exe a variant of Win32/Auslogics.C potentially unwanted application


#7 bubbleit

bubbleit
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
    •  
  • Local time:12:05 AM

Posted 01 May 2017 - 02:52 PM

 Results of screen317's Security Check version 1.014 --- 12/23/15  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Avast Antivirus    
Windows Defender   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Flash Player 25.0.0.148  
 Adobe Reader XI  
 Mozilla Firefox (53.0) 
 Google Chrome (58.0.3029.81) 
 Google Chrome (SetupMetrics...) 
````````Process Check: objlist.exe by Laurent````````  
 Intel iCLS Client AvastSvc.exe -?-  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 

#8 iMacg3

iMacg3

    Bleepin' PowerPC G3


  • Malware Study Hall Senior
  • 1,473 posts
  • ONLINE
    •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:06:05 PM

Posted 01 May 2017 - 03:17 PM

Please rerun ESET and delete the file it found.

Restart the computer and see if it still redirects.


Edited by iMacg3, 01 May 2017 - 03:18 PM.

Regards, iMacg3

If I do not reply to your malware removal topic in 48 hours, please send me a PM.

"Do, or do not. There is no try." - Yoda

#9 bubbleit

bubbleit
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
    •  
  • Local time:12:05 AM

Posted 02 May 2017 - 06:08 AM

Nothing .The browser hijacker remains. It's always from yahoo I get the redirects :(


#10 iMacg3

iMacg3

    Bleepin' PowerPC G3


  • Malware Study Hall Senior
  • 1,473 posts
  • ONLINE
    •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:06:05 PM

Posted 02 May 2017 - 06:22 AM

Click this link to go to Yahoo and see if you get the redirects.


Regards, iMacg3

If I do not reply to your malware removal topic in 48 hours, please send me a PM.

"Do, or do not. There is no try." - Yoda

#11 bubbleit

bubbleit
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
    •  
  • Local time:12:05 AM

Posted 02 May 2017 - 06:59 AM

Yes,  it Also redirects with this link. 


Edited by bubbleit, 02 May 2017 - 08:25 AM.

#12 iMacg3

iMacg3

    Bleepin' PowerPC G3


  • Malware Study Hall Senior
  • 1,473 posts
  • ONLINE
    •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:06:05 PM

Posted 02 May 2017 - 11:35 AM

What browser do you use?

 

Download Junkware Removal Tool and save it to your desktop.

  1. Double-click on the JRT.exe file on your desktop.

  2. Let JRT scan your computer and remove any infections.

  3. On your desktop, there will be a logfile called JRT.txt. Paste its contents into a post.

 

 

Download AdwCleaner and save it to your desktop.

  1. Click on the file you downloaded.

  2. Click Scan to start AdwCleaner's scanning process.

  3. Once done, make sure to delete all found threats.

  4. Open the “Logfile” and paste its contents into a post.


Edited by iMacg3, 02 May 2017 - 11:41 AM.

Regards, iMacg3

If I do not reply to your malware removal topic in 48 hours, please send me a PM.

"Do, or do not. There is no try." - Yoda

#13 bubbleit

bubbleit
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
    •  
  • Local time:12:05 AM

Posted 02 May 2017 - 11:42 AM

Chrome and Opera. The issue appears in both browsers   


#14 iMacg3

iMacg3

    Bleepin' PowerPC G3


  • Malware Study Hall Senior
  • 1,473 posts
  • ONLINE
    •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:06:05 PM

Posted 02 May 2017 - 11:44 AM

I edited the post after you replied; please follow the instructions in my previous post.


Regards, iMacg3

If I do not reply to your malware removal topic in 48 hours, please send me a PM.

"Do, or do not. There is no try." - Yoda

#15 bubbleit

bubbleit
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
    •  
  • Local time:12:05 AM

Posted 02 May 2017 - 12:21 PM

Ok thanks :)

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 8.1 x64 
Ran by FabrizioZ (Administrator) on 02/05/2017 at 18:51:15,02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 0 
 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02/05/2017 at 18:53:02,81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Back to Am I infected? What do I do?


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Am I infected? What do I do?
  4. Privacy Policy
  5. Rules ·