Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: Princess Evolution Ransomware is a RaaS With a Slick Payment Site

Featured Deal: Get 73% off of a Sticky Password Premium: Lifetime Subscription Deal

Browser hijacker from yahoo?

Started by bubbleit , May 01 2017 05:50 AM

Next

Please log in to reply

21 replies to this topic

#1 bubbleit

Members
24 posts
OFFLINE

Local time:07:09 AM

Posted 01 May 2017 - 05:50 AM

Hello

When i go on yahoo my browser redirects me to strange advertising sites through links like ads.diamonds.com or track.adform.net

This browser hijacker works only on yahoo. Other websites do not give me any trouble. Is it a yahoo problem or am I having an adware?

Thank you very much for your help

Back to top

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 Dooms_Daisy

Members
10 posts
OFFLINE

Local time:01:09 PM

Posted 01 May 2017 - 06:19 AM

That's quite possible. Do you have an antivirus and antimalware software installed? You might also want to think about getting a VPN, even an extension would do.

Back to top

#3 bubbleit

Topic Starter

Members
24 posts
OFFLINE

Local time:07:09 AM

Posted 01 May 2017 - 06:42 AM

Yes i have Avast antivirus and Malwarebytes malware. I also use often JRT and adwcleaner

Back to top

#4 iMacg3

Bleepin' 68000

Malware Study Hall Senior
1,153 posts
OFFLINE

Gender:Male
Location:Indiana, USA
Local time:01:09 AM

Posted 01 May 2017 - 12:29 PM

This is not a Yahoo.com problem, as it works fine for me. Please follow the below instructions.

Download Farbar MiniToolBox and save the file to your desktop.

Open MiniToolBox by right-clicking it and selecting Run as Administrator.
Make sure the following options are checked and then click Go:

Report IE Proxy Settings

Report FF Proxy Settings

List content of Hosts

List IP configuration

List Winsock Entries

List last 10 Event Viewer log

List Installed Programs

List Devices (Don't change any settings here)

List Users, Partitions and Memory size

List Restore Points

Paste the log file contents into a post.

Download ESET Online Scanner and save it to your desktop.

Double-click on the ESET Online Scanner icon to launch ESET.
Click through the prompts and select “Enable detection of potentially unwanted applications.”
Click “Scan” and let the tool run.
Once done, click the “Save to text file...” Save the file to your desktop and paste the contents into a post.

Download SecurityCheck by screen317.

Click on the downloaded file and follow the instructions in the box on the screen.
Paste the log file contents into a post.
Important: If you get an error message, please restart your computer and try again.

Regards, iMacg3

"Do, or do not. There is no try." - Yoda

Back to top

#5 bubbleit

Topic Starter

Members
24 posts
OFFLINE

Local time:07:09 AM

Posted 01 May 2017 - 01:20 PM

Thanks for your reply

MiniToolBox by Farbar Version: 17-06-2016

Ran by FabrizioZ (administrator) on 01-05-2017 at 19:48:43

Running from "C:\Users\FabrizioZ\Downloads"

Microsoft Windows 8.1 (X64)

Model: SATELLITE L50-B Manufacturer: TOSHIBA

Boot Mode: Normal

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.

No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

========================= IP Configuration: ================================

Intel® Dual Band Wireless-AC 3160 = Wi-Fi (Connected)

Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)

Bluetooth Device (Personal Area Network) = Connessione di rete Bluetooth (Media disconnected)

# ----------------------------------

# Configurazione IPv4

# ----------------------------------

pushd interface ipv4

reset

set global icmpredirects=enabled

set interface interface="Connessione alla rete locale (LAN)* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

set interface interface="Connessione di rete Bluetooth" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

set interface interface="Connessione alla rete locale (LAN)* 4" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

popd

# Fine configurazione IPv4

Configurazione IP di Windows

Nome host . . . . . . . . . . . . . . : Fabriziozpc

Suffisso DNS primario . . . . . . . . :

Tipo nodo . . . . . . . . . . . . . . : Ibrido

Routing IP abilitato. . . . . . . . . : No

Proxy WINS abilitato . . . . . . . . : No

Scheda LAN wireless Connessione alla rete locale (LAN)* 4:

Stato supporto. . . . . . . . . . . . : Supporto disconnesso

Suffisso DNS specifico per connessione:

Descrizione . . . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter

Indirizzo fisico. . . . . . . . . . . : D0-7E-35-91-B6-40

DHCP abilitato. . . . . . . . . . . . : S

Configurazione automatica abilitata : S

Scheda LAN wireless Wi-Fi:

Suffisso DNS specifico per connessione:

Descrizione . . . . . . . . . . . . . : Intel® Dual Band Wireless-AC 3160

Indirizzo fisico. . . . . . . . . . . : D0-7E-35-91-B6-3F

DHCP abilitato. . . . . . . . . . . . : S

Configurazione automatica abilitata : S

Indirizzo IPv6 locale rispetto al collegamento . : fe80::5c3a:2f3e:bee9:b323%7(Preferenziale)

Indirizzo IPv4. . . . . . . . . . . . : 192.168.1.101(Preferenziale)

Subnet mask . . . . . . . . . . . . . : 255.255.255.0

Lease ottenuto. . . . . . . . . . . . : luned 1 maggio 2017 18:03:33

Scadenza lease . . . . . . . . . . . : gioved 4 maggio 2017 18:03:33

Gateway predefinito . . . . . . . . . : 192.168.1.1

Server DHCP . . . . . . . . . . . . . : 192.168.1.1

IAID DHCPv6 . . . . . . . . . . . : 147881525

DUID Client DHCPv6. . . . . . . . : 00-01-00-01-1C-2D-F2-9F-2C-60-0C-36-52-DE

Server DNS . . . . . . . . . . . . . : 192.168.1.1

NetBIOS su TCP/IP . . . . . . . . . . : Attivato

Scheda Ethernet Connessione di rete Bluetooth:

Stato supporto. . . . . . . . . . . . : Supporto disconnesso

Suffisso DNS specifico per connessione:

Descrizione . . . . . . . . . . . . . : Bluetooth Device (Personal Area Network)

Indirizzo fisico. . . . . . . . . . . : D0-7E-35-91-B6-43

DHCP abilitato. . . . . . . . . . . . : S

Configurazione automatica abilitata : S

Scheda Ethernet Ethernet:

Stato supporto. . . . . . . . . . . . : Supporto disconnesso

Suffisso DNS specifico per connessione:

Descrizione . . . . . . . . . . . . . : Realtek PCIe GBE Family Controller

Indirizzo fisico. . . . . . . . . . . : 2C-60-0C-36-52-DE

DHCP abilitato. . . . . . . . . . . . : S

Configurazione automatica abilitata : S

Scheda Tunnel isatap.{3FF4D001-2ED1-4D3D-A558-AB8EF6FC19EE}:

Stato supporto. . . . . . . . . . . . : Supporto disconnesso

Suffisso DNS specifico per connessione:

Descrizione . . . . . . . . . . . . . : Microsoft ISATAP Adapter

Indirizzo fisico. . . . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP abilitato. . . . . . . . . . . . : No

Configurazione automatica abilitata : S

Scheda Tunnel Teredo Tunneling Pseudo-Interface:

Suffisso DNS specifico per connessione:

Descrizione . . . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

Indirizzo fisico. . . . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP abilitato. . . . . . . . . . . . : No

Configurazione automatica abilitata : S

Indirizzo IPv6 . . . . . . . . . . . . . . . . . : 2001:0:5ef5:79fd:3c30:c737:a009:add2(Preferenziale)

Indirizzo IPv6 locale rispetto al collegamento . : fe80::3c30:c737:a009:add2%9(Preferenziale)

Gateway predefinito . . . . . . . . . : ::

IAID DHCPv6 . . . . . . . . . . . : 369098752

DUID Client DHCPv6. . . . . . . . : 00-01-00-01-1C-2D-F2-9F-2C-60-0C-36-52-DE

NetBIOS su TCP/IP . . . . . . . . . . : Disattivato

Server: UnKnown

Address: 192.168.1.1

Nome: google.com

Addresses: 2a00:1450:4002:809::200e

216.58.205.142

Esecuzione di Ping google.com [216.58.205.142] con 32 byte di dati:

Risposta da 216.58.205.142: byte=32 durata=61ms TTL=54

Risposta da 216.58.205.142: byte=32 durata=59ms TTL=54

Statistiche Ping per 216.58.205.142:

Pacchetti: Trasmessi = 2, Ricevuti = 2,

Persi = 0 (0% persi),

Tempo approssimativo percorsi andata/ritorno in millisecondi:

Minimo = 59ms, Massimo = 61ms, Medio = 60ms

Server: UnKnown

Address: 192.168.1.1

Nome: yahoo.com

Addresses: 2001:4998:44:204::a7

2001:4998:c:a06::2:4008

2001:4998:58:c02::a9

98.139.183.24

206.190.36.45

98.138.253.109

Esecuzione di Ping yahoo.com [206.190.36.45] con 32 byte di dati:

Risposta da 206.190.36.45: byte=32 durata=233ms TTL=50

Risposta da 206.190.36.45: byte=32 durata=235ms TTL=50

Statistiche Ping per 206.190.36.45:

Pacchetti: Trasmessi = 2, Ricevuti = 2,

Persi = 0 (0% persi),

Tempo approssimativo percorsi andata/ritorno in millisecondi:

Minimo = 233ms, Massimo = 235ms, Medio = 234ms

Esecuzione di Ping 127.0.0.1 con 32 byte di dati:

Risposta da 127.0.0.1: byte=32 durata<1ms TTL=128

Statistiche Ping per 127.0.0.1:

Pacchetti: Trasmessi = 2, Ricevuti = 2,

Persi = 0 (0% persi),

Tempo approssimativo percorsi andata/ritorno in millisecondi:

Minimo = 0ms, Massimo = 0ms, Medio = 0ms

===========================================================================

Elenco interfacce

8...d0 7e 35 91 b6 40 ......Microsoft Wi-Fi Direct Virtual Adapter

7...d0 7e 35 91 b6 3f ......Intel® Dual Band Wireless-AC 3160

6...d0 7e 35 91 b6 43 ......Bluetooth Device (Personal Area Network)

3...2c 60 0c 36 52 de ......Realtek PCIe GBE Family Controller

1...........................Software Loopback Interface 1

10...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter

9...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface

===========================================================================

IPv4 Tabella route

===========================================================================

Route attive:

Indirizzo rete Mask Gateway Interfaccia Metrica

0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.101 25

127.0.0.0 255.0.0.0 On-link 127.0.0.1 306

127.0.0.1 255.255.255.255 On-link 127.0.0.1 306

127.255.255.255 255.255.255.255 On-link 127.0.0.1 306

192.168.1.0 255.255.255.0 On-link 192.168.1.101 281

192.168.1.101 255.255.255.255 On-link 192.168.1.101 281

192.168.1.255 255.255.255.255 On-link 192.168.1.101 281

224.0.0.0 240.0.0.0 On-link 127.0.0.1 306

224.0.0.0 240.0.0.0 On-link 192.168.1.101 281

255.255.255.255 255.255.255.255 On-link 127.0.0.1 306

255.255.255.255 255.255.255.255 On-link 192.168.1.101 281

===========================================================================

Route permanenti:

Nessuna

IPv6 Tabella route

===========================================================================

Route attive:

Interf Metrica Rete Destinazione Gateway

9 306 ::/0 On-link

1 306 ::1/128 On-link

9 306 2001::/32 On-link

9 306 2001:0:5ef5:79fd:3c30:c737:a009:add2/128

On-link

7 281 fe80::/64 On-link

9 306 fe80::/64 On-link

9 306 fe80::3c30:c737:a009:add2/128

On-link

7 281 fe80::5c3a:2f3e:bee9:b323/128

On-link

1 306 ff00::/8 On-link

7 281 ff00::/8 On-link

9 306 ff00::/8 On-link

===========================================================================

Route permanenti:

Nessuna

========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [55296] (Microsoft Corporation)

Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)

Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)

Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [65536] (Microsoft Corporation)

Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)

Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [23040] (Microsoft Corporation)

Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [50688] (Microsoft Corporation)

Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)

Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)

Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)

Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)

Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)

Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)

Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)

Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)

Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)

Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)

Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)

x64-Catalog5 01 C:\Windows\System32\napinsp.dll [69120] (Microsoft Corporation)

x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)

x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)

x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [86016] (Microsoft Corporation)

x64-Catalog5 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30720] (Microsoft Corporation)

x64-Catalog5 07 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)

x64-Catalog9 01 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)

x64-Catalog9 02 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)

x64-Catalog9 03 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)

x64-Catalog9 04 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)

x64-Catalog9 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)

x64-Catalog9 06 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)

x64-Catalog9 07 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)

x64-Catalog9 08 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)

x64-Catalog9 09 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)

x64-Catalog9 10 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)

x64-Catalog9 11 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:

==================

Error: (05/01/2017 05:55:23 PM) (Source: Windows Search Service) (User: )

Description: Impossibile inizializzare l'indice.

Dettagli:

Impossibile trovare l'oggetto specificato. Specificare il nome di un oggetto esistente. (HRESULT : 0x80040d06) (0x80040d06)

Error: (05/01/2017 05:55:23 PM) (Source: Windows Search Service) (User: )

Description: Impossibile inizializzare l'applicazione.

Contesto: applicazione Windows

Dettagli:

Impossibile trovare l'oggetto specificato. Specificare il nome di un oggetto esistente. (HRESULT : 0x80040d06) (0x80040d06)

Error: (05/01/2017 05:55:23 PM) (Source: Windows Search Service) (User: )

Description: Impossibile inizializzare l'oggetto Gatherer.

Contesto: applicazione Windows, catalogo SystemIndex

Dettagli:

Impossibile trovare l'oggetto specificato. Specificare il nome di un oggetto esistente. (HRESULT : 0x80040d06) (0x80040d06)

Error: (05/01/2017 05:55:23 PM) (Source: Windows Search Service) (User: )

Description: Impossibile inizializzare il plug-in <Search.TripoliIndexer>.

Contesto: applicazione Windows, catalogo SystemIndex

Dettagli:

Impossibile trovare l'oggetto specificato. Specificare il nome di un oggetto esistente. (HRESULT : 0x80040d06) (0x80040d06)

Error: (05/01/2017 05:55:23 PM) (Source: Windows Search Service) (User: )

Description: Impossibile inizializzare il programma di gestione dei plug-in <Search.TripoliIndexer>.

Contesto: applicazione Windows

Dettagli:

(HRESULT : 0x8e5e0210) (0x8e5e0210)

Error: (05/01/2017 05:55:23 PM) (Source: Windows Search Service) (User: )

Description: È in corso l'interruzione del servizio Windows Search. Problema dell'indicizzatore, The catalog is corrupt.

Dettagli:

Il catalogo dell'indice del contenuto è danneggiato. 0xc0041801 (0xc0041801)

Error: (05/01/2017 05:55:23 PM) (Source: Windows Search Service) (User: )

Description: Il servizio di ricerca ha rilevato dati danneggiati nell'indice {id=4810 - enduser\mssearch2\search\ytrip\common\util\jetutil.cpp (167)}. Il servizio eseguirà un tentativo di correzione automatica del problema mediante la ricreazione dell'indice.

Dettagli:

0x8e5e0210 (0x8e5e0210)

Error: (05/01/2017 05:55:23 PM) (Source: ESENT) (User: )

Description: SearchIndexer (4564) Windows: Errore -1811 (0xfffff8ed) durante l'apertura del file di registro C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb00046.log.

Error: (05/01/2017 03:01:05 AM) (Source: MsiInstaller) (User: Fabriziozpc)

Description: Product: Amazon 1Button App -- Error 1316. L'account specificato esiste già.

Error: (04/30/2017 11:01:01 PM) (Source: Windows Search Service) (User: )

Description: Impossibile inizializzare l'indice.

Dettagli:

Impossibile trovare l'oggetto specificato. Specificare il nome di un oggetto esistente. (HRESULT : 0x80040d06) (0x80040d06)

System errors:

=============

Error: (05/01/2017 05:55:53 PM) (Source: Service Control Manager) (User: )

Description: Il servizio Windows Search non è stato avviato per il seguente errore:

%%1069 = Il servizio non è stato avviato a causa di un errore in fase di accesso.

Error: (05/01/2017 05:55:53 PM) (Source: Service Control Manager) (User: )

Description: Servizio WSearch: impossibile accedere come NT AUTHORITY\SYSTEM con la password attualmente configurata. Errore:

%%50 = Richiesta non supportata.

Per garantire la corretta configurazione del servizio, utilizzare lo snap-in Servizi in Microsoft Management Console (MMC).

Error: (05/01/2017 05:55:51 PM) (Source: Service Control Manager) (User: )

Description: Il servizio Windows Search non è stato avviato per il seguente errore:

%%1069 = Il servizio non è stato avviato a causa di un errore in fase di accesso.

Error: (05/01/2017 05:55:51 PM) (Source: Service Control Manager) (User: )

Description: Servizio WSearch: impossibile accedere come NT AUTHORITY\SYSTEM con la password attualmente configurata. Errore:

%%50 = Richiesta non supportata.

Per garantire la corretta configurazione del servizio, utilizzare lo snap-in Servizi in Microsoft Management Console (MMC).

Error: (05/01/2017 05:55:47 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)

Description: Arresto imprevisto del modulo di estendibilità WLAN.

Percorso modulo: C:\Windows\System32\IWMSSvc.dll

Error: (05/01/2017 05:55:47 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)

Description: Arresto imprevisto del modulo di estendibilità WLAN.

Percorso modulo: C:\Windows\System32\IWMSSvc.dll

Error: (05/01/2017 05:55:42 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)

Description: Arresto imprevisto del modulo di estendibilità WLAN.

Percorso modulo: C:\Windows\System32\IWMSSvc.dll

Error: (05/01/2017 05:55:23 PM) (Source: Service Control Manager) (User: )

Description: Il servizio Windows Search è stato arrestato in modo imprevisto. Questo problema si è verificato 2 volta/e. Le seguenti azioni di correzione saranno eseguite tra 30000 millisecondi: Riavvia il servizio.

Error: (05/01/2017 05:55:23 PM) (Source: Service Control Manager) (User: )

Description: Servizio Windows Search terminato con l'errore specifico del servizio

%%2147749126

Error: (05/01/2017 05:55:21 PM) (Source: Service Control Manager) (User: )

Description: Arresto imprevista del servizio TPCH Service. Questo evento si è già verificato 1 volta(e).

Microsoft Office Sessions:

=========================

Error: (05/01/2017 05:55:23 PM) (Source: Windows Search Service)(User: )

Description: Dettagli:

Impossibile trovare l'oggetto specificato. Specificare il nome di un oggetto esistente. (HRESULT : 0x80040d06) (0x80040d06)

Error: (05/01/2017 05:55:23 PM) (Source: Windows Search Service)(User: )

Description: Contesto: applicazione Windows

Dettagli:

Impossibile trovare l'oggetto specificato. Specificare il nome di un oggetto esistente. (HRESULT : 0x80040d06) (0x80040d06)

Error: (05/01/2017 05:55:23 PM) (Source: Windows Search Service)(User: )

Description: Contesto: applicazione Windows, catalogo SystemIndex

Dettagli:

Impossibile trovare l'oggetto specificato. Specificare il nome di un oggetto esistente. (HRESULT : 0x80040d06) (0x80040d06)

Error: (05/01/2017 05:55:23 PM) (Source: Windows Search Service)(User: )

Description: Contesto: applicazione Windows, catalogo SystemIndex

Dettagli:

Impossibile trovare l'oggetto specificato. Specificare il nome di un oggetto esistente. (HRESULT : 0x80040d06) (0x80040d06)

Search.TripoliIndexer

Error: (05/01/2017 05:55:23 PM) (Source: Windows Search Service)(User: )

Description: Contesto: applicazione Windows

Dettagli:

(HRESULT : 0x8e5e0210) (0x8e5e0210)

Search.TripoliIndexer

Error: (05/01/2017 05:55:23 PM) (Source: Windows Search Service)(User: )

Description: Dettagli:

Il catalogo dell'indice del contenuto è danneggiato. 0xc0041801 (0xc0041801)

The catalog is corrupt

Error: (05/01/2017 05:55:23 PM) (Source: Windows Search Service)(User: )

Description: Dettagli:

0x8e5e0210 (0x8e5e0210)

4810 - enduser\mssearch2\search\ytrip\common\util\jetutil.cpp (167)

Error: (05/01/2017 05:55:23 PM) (Source: ESENT)(User: )

Description: SearchIndexer4564Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb00046.log-1811 (0xfffff8ed)

Error: (05/01/2017 03:01:05 AM) (Source: MsiInstaller)(User: Fabriziozpc)

Description: Product: Amazon 1Button App -- Error 1316. L'account specificato esiste già.

(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (04/30/2017 11:01:01 PM) (Source: Windows Search Service)(User: )

Description: Dettagli:

Impossibile trovare l'oggetto specificato. Specificare il nome di un oggetto esistente. (HRESULT : 0x80040d06) (0x80040d06)

=========================== Installed Programs ============================

Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated)

Adobe Flash Player 25 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.18) - Italiano (HKLM-x32\...\{AC76BA86-7AD7-1040-7B44-AB0000000001}) (Version: 11.0.18 - Adobe Systems Incorporated)

Amazon 1Button App (HKLM-x32\...\{4D875057-4353-4B8F-93E5-8C3DC7F34EA9}) (Version: 1.0.8 - Amazon)

AMD Catalyst Install Manager (HKLM\...\{4B59EFAF-8E8A-0F20-2AE1-DDF265413161}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)

Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.3.2291 - AVAST Software)

Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: - )

Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version: - )

Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - )

CanoScan LiDE 210 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4809) (Version: - )

CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)

Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.49.0 - Conexant)

CyberLink MediaStory (HKLM-x32\...\InstallShield_{55762F9A-FCE3-45d5-817B-051218658423}) (Version: 1.0.2223 - CyberLink Corp.)

CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.4518.05 - CyberLink Corp.)

Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform)

DTS Sound (HKLM-x32\...\{BC95D4AF-4DAC-4350-8BCE-C8BF16A13AE0}) (Version: 1.01.8800 - DTS, Inc.)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.81 - Google Inc.)

Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden

Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.115 - Google Inc.) Hidden

HP Deskjet 2540 series Aiuto (HKLM-x32\...\{5498205F-A6B4-4731-9B96-F2F411AFC58D}) (Version: 30.0.0 - Hewlett Packard)

HP Deskjet 2540 series Software di base dispositivo (HKLM\...\{AA6A7206-C950-4BFC-98C3-EAF91DD0F659}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)

HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)

HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)

HPDiagnosticAlert (HKLM-x32\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden

Intel® Chipset Device Software (HKLM-x32\...\{f5d71765-7cd1-4e68-998f-5b379e725da3}) (Version: 10.0.22 - Intel® Corporation) Hidden

Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.30.1072 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3977 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.2.0.1016 - Intel Corporation)

Intel® WiDi (HKLM\...\{32E851D9-FA8D-4F60-BED4-B0F613BF5E20}) (Version: 5.1.18.0 - Intel Corporation)

Intel® Wireless Bluetooth® (HKLM-x32\...\{72059B36-031F-495E-B1A6-5346A905386E}) (Version: 17.1.1434.02 - Intel Corporation)

Intel® PROSet/Wireless Software (HKLM-x32\...\{50748ecf-730e-4c86-87be-0346d4aa7aac}) (Version: 17.0.6 - Intel Corporation)

LibreOffice 4.4.6.3 (HKLM-x32\...\{1013DB12-EC2E-455E-B5ED-BFD056DC1A99}) (Version: 4.4.6.3 - The Document Foundation)

Malwarebytes Anti-Malware versione 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Mozilla Firefox 53.0 (x86 it) (HKLM-x32\...\Mozilla Firefox 53.0 (x86 it)) (Version: 53.0 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 53.0.0.6312 - Mozilla)

OEM Application Profile (HKLM-x32\...\{0405E53E-A68F-0B55-DEA5-5A070E58BD4E}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)

Opera Stable 44.0.2510.1449 (HKLM-x32\...\Opera 44.0.2510.1449) (Version: 44.0.2510.1449 - Opera Software)

PX Profile Update (HKLM-x32\...\{D5A0DE02-1B3B-7202-4D8A-5791FE0DF07F}) (Version: 1.00.1. - AMD) Hidden

Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29079 - Realtek Semiconductor Corp.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.34.617.2014 - Realtek)

SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )

Studio per il miglioramento dei prodotti HP Deskjet 2540 series (HKLM\...\{AE239200-6353-465D-A5BD-DB7D694C8807}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)

Symbaloo (HKLM-x32\...\Symbaloo) (Version: 1.0.0 - Symbaloo Launcher by Toshiba Europe GmbH)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.7.18 - Synaptics Incorporated)

TOSHIBA Display Utility (HKLM\...\{CD780B1B-8B32-43BD-81D4-5326C27B36A0}) (Version: 1.2.6.0 - Toshiba Corporation)

TOSHIBA eco Utility (HKLM\...\{94D2A899-0C34-4420-880E-AE337E635AB0}) (Version: 2.5.3.6401 - Toshiba Corporation)

TOSHIBA Function Key (HKLM\...\{1844CFE2-EBA3-490A-8A5E-9BFC646342FD}) (Version: 1.1.5.6402 - Toshiba Corporation)

TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.20 - TOSHIBA)

TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{26BB68BB-CF93-4A12-BC6D-A3B6F53AC8D9}) (Version: 6.1.9.0 - Toshiba Corporation)

TOSHIBA PC Health Monitor (HKLM\...\{A0D34C74-70AC-45E4-9735-A11DA95A5810}) (Version: 4.00.00.6402 - Toshiba Corporation)

TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.2.02.7000 - Toshiba Corporation)

TOSHIBA Service Station (HKLM\...\{38732132-C103-4F24-A91A-62B68649B313}) (Version: 2.6.16.0 - Toshiba Corporation)

TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0039 - Toshiba Corporation)

TOSHIBA System Settings (HKLM-x32\...\{4D57ED72-6B01-40BD-9CA9-012B8FC09CEB}) (Version: 2.0.5.32002 - Toshiba Corporation)

Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4.6.0 - Toshiba Europe GmbH)

========================= Devices: ================================

========================= Memory info: ===================================

Percentage of memory in use: 31%

Total physical RAM: 8107.14 MB

Available physical RAM: 5581.46 MB

Total Virtual: 9387.14 MB

Available Virtual: 6842.68 MB

========================= Partitions: =====================================

1 Drive c: (TI31411800A) (Fixed) (Total:918.33 GB) (Free:854.36 GB) NTFS

========================= Users: ========================================

Account utente per \\FABRIZIOZPC

Administrator FabrizioZ Guest

Esecuzione comando riuscita.

========================= Restore Points ==================================

12-04-2017 12:01:49 Punto di controllo pianificato

25-04-2017 18:29:42 JRT Pre-Junkware Removal

30-04-2017 14:55:50 Operazione di ripristino

30-04-2017 16:42:17 JRT Pre-Junkware Removal

30-04-2017 17:30:44 JRT Pre-Junkware Removal

01-05-2017 01:00:27 Removed Amazon 1Button App

**** End of log ****

Back to top

#6 bubbleit

Topic Starter

Members
24 posts
OFFLINE

Local time:07:09 AM

Posted 01 May 2017 - 02:50 PM

Eset online scanner reports browser-care-setup.exe a variant of Win32/Auslogics.C potentially unwanted application

Back to top

#7 bubbleit

Topic Starter

Members
24 posts
OFFLINE

Local time:07:09 AM

Posted 01 May 2017 - 02:52 PM

Results of screen317's Security Check version 1.014 --- 12/23/15

x64 (UAC is enabled)

Internet Explorer 11

``````````````Antivirus/Firewall Check:``````````````

Avast Antivirus

Windows Defender

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Adobe Flash Player 25.0.0.148

Adobe Reader XI

Mozilla Firefox (53.0)

Google Chrome (58.0.3029.81)

Google Chrome (SetupMetrics...)

````````Process Check: objlist.exe by Laurent````````

Intel iCLS Client AvastSvc.exe -?-

AVAST Software Avast AvastUI.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: %

````````````````````End of Log``````````````````````

Back to top

#8 iMacg3

Bleepin' 68000

Malware Study Hall Senior
1,153 posts
OFFLINE

Gender:Male
Location:Indiana, USA
Local time:01:09 AM

Posted 01 May 2017 - 03:17 PM

Please rerun ESET and delete the file it found.

Restart the computer and see if it still redirects.

Edited by iMacg3, 01 May 2017 - 03:18 PM.

Regards, iMacg3

"Do, or do not. There is no try." - Yoda

Back to top

#9 bubbleit

Topic Starter

Members
24 posts
OFFLINE

Local time:07:09 AM

Posted 02 May 2017 - 06:08 AM

Nothing .The browser hijacker remains. It's always from yahoo I get the redirects

Back to top

#10 iMacg3

Bleepin' 68000

Malware Study Hall Senior
1,153 posts
OFFLINE

Gender:Male
Location:Indiana, USA
Local time:01:09 AM

Posted 02 May 2017 - 06:22 AM

Click this link to go to Yahoo and see if you get the redirects.

Regards, iMacg3

"Do, or do not. There is no try." - Yoda

Back to top

#11 bubbleit

Topic Starter

Members
24 posts
OFFLINE

Local time:07:09 AM

Posted 02 May 2017 - 06:59 AM

Yes, it Also redirects with this link.

Edited by bubbleit, 02 May 2017 - 08:25 AM.

Back to top

#12 iMacg3

Bleepin' 68000

Malware Study Hall Senior
1,153 posts
OFFLINE

Gender:Male
Location:Indiana, USA
Local time:01:09 AM

Posted 02 May 2017 - 11:35 AM

What browser do you use?

Download Junkware Removal Tool and save it to your desktop.

Double-click on the JRT.exe file on your desktop.
Let JRT scan your computer and remove any infections.
On your desktop, there will be a logfile called JRT.txt. Paste its contents into a post.

Download AdwCleaner and save it to your desktop.