Tech Problem Aggregator

Possible malware informs me to contact ISP when Visiting websites to remove it

Q: Possible malware informs me to contact ISP when Visiting websites to remove it

Upon visiting websites, a pop up comes up (screenshot available upon request) informing me to contact my ISP (which is the correct one) and a phone number to call. Some annoying voice also speaks this and can only be terminated via the task manager. Everything that has been done so faris outlined in previous correspondence here: http://www.bleepingcomputer.com/forums/t/590600/possible-malware-informs-me-to-contact-isp-when-visiting-websites-to-remove-it/

All browsers are affected and seems to be triggered mostly by stream2watch.com but is not limited to there as I get the message randomly on other sites (ESPN, CNN, Bleeping computer included)

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:15-09-2015
Ran by justin (administrator) on ROCKHOUSE-PC (20-09-2015 05:23:17)
Platform: Windows 10 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Codebox Software) C:\Program Files (x86)\Codebox\BitMeterOS\BitMeterCaptureService.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Codebox Software) C:\Program Files (x86)\Codebox\BitMeterOS\BitMeterWebService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files\SecureAge\Everything\Everything.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Tanuki Software, Ltd.) C:\Program Files (x86)\i2p\I2Psvc.exe
() C:\Program Files (x86)\ZTE\Join Me\JoinMEAssistantServices.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_60\bin\java.exe
() C:\Windows\SysWOW64\dxconfig.exe
(SecureAge Technology) C:\Program Files\SecureAge\Whitelist\saappsvc.exe
(SecureAge Technology) C:\Program Files\SecureAge\Everything\EverythingServer.exe
(SecureAge Technology) C:\Program Files\SecureAge\AntiVirus\sascansvc.exe
(SecureAge Technology) C:\Program Files\SecureAge\UniversalAV\UniversalAVService.exe
(SecureAge Technology) C:\Program Files\SecureAge\Whitelist\SecureAPlusService.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
() C:\Program Files (x86)\SurfEasy VPN\client\SurfEasyService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(SourceFire, Inc.) C:\Program Files\SecureAge\AntiVirus\clamd.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
() C:\Windows\SysWOW64\dxconfig.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Program Files\SecureAge\Everything\Everything.exe
(SecureAge Technology) C:\Program Files\SecureAge\Whitelist\sanotifier.exe
(SecureAge Technology) C:\Program Files\SecureAge\Whitelist\SecureAPlus.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(SecureAge Technology) C:\Program Files\SecureAge\Whitelist\sanotifier.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
() C:\Program Files (x86)\Megabit\KeepAliveHD\KeepAliveHD.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Cerulean Studios) C:\Program Files (x86)\Trillian\trillian.exe
(Collectorz.com) C:\Program Files (x86)\Collectorz.com\Movie Collector\MovieCollector.exe
(Deluge Team) C:\Program Files (x86)\Deluge\deluge.exe
(Microsoft Corporation) C:\Windows\System32\LockAppHost.exe
() C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Microsoft Corporation) C:\Windows\System32\SnippingTool.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\Temp\CBB3FFDF-DC2B-4679-8E8A-9F01BD1100AA\DismHost.exe
(VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3350760 2015-07-14] (ELAN Microelectronics Corp.)
HKLM\...\Run: [HotKeysCmds] => "C:\WINDOWS\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\WINDOWS\system32\igfxpers.exe"
HKLM\...\Run: [Everything] => C:\Program Files\SecureAge\Everything\Everything.exe [1441792 2014-08-05] ()
HKLM\...\Run: [SAAppWhitelistingNotifier] => C:\Program Files\SecureAge\Whitelist\sanotifier.exe [8706752 2015-09-06] (SecureAge Technology)
HKLM\...\Run: [SecureAPlus] => C:\Program Files\SecureAge\Whitelist\SecureAPlus.exe [24395856 2015-09-06] (SecureAge Technology)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3111880 2015-07-23] (Logitech, Inc.)
HKLM-x32\...\Run: [PowerDVD14Agent] => "C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe"
HKLM-x32\...\Run: [DiscWizardMonitor.exe] => C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe [6382504 2013-10-30] (Seagate)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1103424 2013-01-10] (Acronis)
HKLM-x32\...\Run: [HDD Regenerator] => "C:\Program Files (x86)\HDD Regenerator\Shell.exe" /0
HKLM-x32\...\Run: [JoinMEUIExec] => C:\Program Files (x86)\ZTE\Join Me\JoinMEUIExec.exe [137072 2013-06-05] ()
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [39175960 2015-08-14] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
HKLM\...\Policies\Explorer\Run: [Mpk.exe] => C:\Program Files (x86)\KGB\Mpk.exe
HKU\S-1-5-21-1106552174-2026213447-2673983111-1001\...\Run: [PeerBlock] => C:\Program Files\PeerBlock\peerblock.exe [2513992 2014-01-14] (PeerBlock, LLC)
HKU\S-1-5-21-1106552174-2026213447-2673983111-1001\...\Run: [Speech Recognition] => C:\WINDOWS\Speech\Common\sapisvr.exe [45056 2015-07-10] (Microsoft Corporation)
HKU\S-1-5-21-1106552174-2026213447-2673983111-1001\...\Run: [Dropbox Update] => C:\Users\justin\AppData\Local\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-22] (Dropbox, Inc.)
HKU\S-1-5-21-1106552174-2026213447-2673983111-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7930136 2015-07-30] (SUPERAntiSpyware)
HKU\S-1-5-21-1106552174-2026213447-2673983111-1001\...\RunOnce: [Uninstall C:\Users\justin\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\justin\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64"
HKU\S-1-5-21-1106552174-2026213447-2673983111-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [PeerBlock] => C:\Program Files\PeerBlock\peerblock.exe [2513992 2014-01-14] (PeerBlock, LLC)
HKU\S-1-5-21-1106552174-2026213447-2673983111-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Speech Recognition] => C:\WINDOWS\Speech\Common\sapisvr.exe [45056 2015-07-10] (Microsoft Corporation)
HKU\S-1-5-21-1106552174-2026213447-2673983111-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Dropbox Update] => C:\Users\justin\AppData\Local\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-22] (Dropbox, Inc.)
HKU\S-1-5-21-1106552174-2026213447-2673983111-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7930136 2015-07-30] (SUPERAntiSpyware)
HKU\S-1-5-21-1106552174-2026213447-2673983111-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Uninstall C:\Users\justin\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\justin\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64"
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{08034e07-7442-49e5-a9a7-38b7aa239a22}: [DhcpNameServer] 10.9.0.1
Tcpip\..\Interfaces\{84C38F4A-DAEF-4C6D-8C72-2A96AFE51131}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{8d0543db-48b8-45f1-8d27-e355d23edf66}: [DhcpNameServer] 10.0.0.138
Internet Explorer:
==================
HKU\S-1-5-21-1106552174-2026213447-2673983111-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://xfinitytv.comcast.net/tv-listings?cmpid=xf_dash_tvl&cid=customer
HKU\S-1-5-21-1106552174-2026213447-2673983111-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://xfinitytv.comcast.net/tv-listings?cmpid=xf_dash_tvl&cid=customer
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-07-23] (Logitech, Inc.)
BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll [2015-06-09] ()
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-17] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-07-23] (Logitech, Inc.)
BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files (x86)\WOT\WOT.dll [2015-06-09] ()
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-17] (Oracle Corporation)
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2015-06-09] ()
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll [2015-06-09] ()
Toolbar: HKU\S-1-5-21-1106552174-2026213447-2673983111-1001 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2015-06-09] ()
Toolbar: HKU\S-1-5-21-1106552174-2026213447-2673983111-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2015-06-09] ()
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-03-29] (Belarc, Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll [2015-06-09] ()
Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll [2015-06-09] ()
FireFox:
========
FF ProfilePath: C:\Users\justin\AppData\Roaming\Mozilla\Firefox\Profiles\2uvv5ml2.default
FF Homepage: hxxp://127.0.0.1:7657/i2psnark/
hxxp://127.0.0.1:7657/home
hxxp://tracker2.postman.i2p/
FF NetworkProxy: "socks_remote_dns", true
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-09-19] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-09-19] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-17] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2013-08-20] (Nero AG)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll [2013-07-23] (Nullsoft, Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2007-05-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2007-05-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2007-05-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2007-05-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2007-05-02] (Apple Inc.)
FF Extension: Xmarks - C:\Users\justin\AppData\Roaming\Mozilla\Firefox\Profiles\2uvv5ml2.default\Extensions\[email protected] [2015-09-07]
FF Extension: FoxyProxy Standard - C:\Users\justin\AppData\Roaming\Mozilla\Firefox\Profiles\2uvv5ml2.default\Extensions\[email protected] [2015-05-31]
FF Extension: NoScript - C:\Users\justin\AppData\Roaming\Mozilla\Firefox\Profiles\2uvv5ml2.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-09-13]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-08-27]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-09-04]
Chrome:
=======
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2015-09-17]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2015-09-17]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-16]
CHR Extension: (Skype Click to Call) - C:\Users\justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-06-23]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-04-16]
CHR Extension: (Ghostery) - C:\Users\justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-04-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-16]
CHR Extension: (Gmail) - C:\Users\justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-16]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
Opera:
=======
OPR Extension: (No Name) - C:\Users\justin\AppData\Roaming\Opera Software\Opera Stable\Extensions\mhgklikgljbhnomlmhmondmafldgmojo [2015-08-31]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 BitMeterCaptureService; C:\Program Files (x86)\Codebox\BitMeterOS\BitMeterCaptureService.exe [99037 2012-03-04] (Codebox Software) [File not signed]
R2 BitMeterWebService; C:\Program Files (x86)\Codebox\BitMeterOS\BitMeterWebService.exe [148484 2012-03-04] (Codebox Software) [File not signed]
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-05] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-05] (Dropbox, Inc.)
R2 Everything; C:\Program Files\SecureAge\Everything\Everything.exe [1441792 2014-08-05] () [File not signed]
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [351824 2014-01-14] ()
R2 i2p; C:\Program Files (x86)\i2p\I2Psvc.exe [389632 2015-08-15] (Tanuki Software, Ltd.) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328608 2015-07-30] (Intel Corporation)
R2 JoinMEUI Assistant Service; C:\Program Files (x86)\ZTE\Join Me\JoinMEAssistantServices.exe [248688 2013-06-05] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 Microsoft DirectX Configuration Service; C:\WINDOWS\SysWOW64\dxconfig.exe [64512 2015-08-25] () [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 saappsvc; C:\Program Files\SecureAge\Whitelist\saappsvc.exe [913600 2015-09-06] (SecureAge Technology)
R2 SAEverythingServer; C:\Program Files\SecureAge\Everything\EverythingServer.exe [202944 2015-06-15] (SecureAge Technology)
R2 sascansvc; C:\Program Files\SecureAge\AntiVirus\sascansvc.exe [1040048 2015-09-06] (SecureAge Technology)
R2 SAUAVSvc; C:\Program Files\SecureAge\UniversalAV\UniversalAVService.exe [1168064 2015-09-06] (SecureAge Technology)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia)
R2 SecureAPlusService; C:\Program Files\SecureAge\Whitelist\SecureAPlusService.exe [989072 2015-09-06] (SecureAge Technology)
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [737984 2015-08-30] (@ByELDI) [File not signed]
R2 SurfEasyVPN; C:\Program Files (x86)\SurfEasy VPN\client\SurfEasyService.exe [3272048 2015-03-05] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-09-25] (Atheros) [File not signed]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4325544 2015-06-26] (Qualcomm Atheros Communications, Inc.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [100776 2015-07-28] (ASUS Corporation)
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [165376 2015-07-10] (Microsoft Corporation)
R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [36864 2015-07-10] (Microsoft Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [237568 2015-07-10] (Microsoft Corporation)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [16776 2011-07-29] () [File not signed]
S3 epmntdrv; C:\WINDOWS\SysWOW64\epmntdrv.sys [14216 2011-07-29] () [File not signed]
R3 ETDSMBus; C:\Windows\System32\drivers\ETDSMBus.sys [31320 2015-07-14] (ELAN Microelectronic Corp.)
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [9096 2011-07-29] () [File not signed]
S3 EuGdiDrv; C:\WINDOWS\SysWOW64\EuGdiDrv.sys [8456 2011-07-29] () [File not signed]
S3 massfilter_hs; C:\WINDOWS\system32\drivers\massfilter_hs.sys [18456 2013-06-05] (HandSet Incorporated)
R2 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [109272 2015-06-18] (Malwarebytes Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-20] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 NPF; C:\Windows\System32\drivers\NPF.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [22600 2014-01-14] ()
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2014-11-28] (Secunia)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] ()
R0 SAAppCtl; C:\Windows\System32\DRIVERS\saappctl.sys [254432 2015-07-28] (SecureAge Technology)
R0 sascan; C:\Windows\System32\DRIVERS\sascan.sys [87912 2015-07-22] (SecureAge Technology)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 tapoas; C:\Windows\System32\drivers\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)
R3 tapse01; C:\Windows\System32\drivers\tapse01.sys [26624 2015-03-05] (The OpenVPN Project)
S3 tapstrong; C:\Windows\system32\DRIVERS\tapstrong.sys [38760 2014-07-14] (The OpenVPN Project)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2015-03-24] (Acronis International GmbH)
S3 tib_mounter; C:\Windows\system32\DRIVERS\tib_mounter.sys [183224 2015-03-24] (Acronis)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 zghsdiag; C:\Windows\system32\DRIVERS\zghsdiag.sys [129432 2013-06-05] (ZTE Incorporated)
S3 zghsmdm; C:\Windows\system32\DRIVERS\zghsmdm.sys [129432 2013-06-05] (ZTE Incorporated)
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-09-20 05:22 - 2015-09-20 05:23 - 00000000 ____D C:\FRST
2015-09-20 03:00 - 2015-09-20 03:03 - 00000000 ___HD C:\$Windows.~BT 2015-09-20 02:19 - 2015-09-20 02:19 - 00773624 _____ (Ammyy LLC) C:\Users\justin\Downloads\AA_v3.exe 2015-09-20 02:19 - 2015-09-20 02:19 - 00000073 _____ C:\Users\justin\Downloads\AA_v3.log 2015-09-20 02:19 - 2015-09-20 02:19 - 00000000 ____D C:\ProgramData\AMMYY 2015-09-20 02:01 - 2015-09-20 02:01 - 00016148 _____ C:\WINDOWS\system32\ROCKHOUSE-PC_justin_HistoryPrediction.bin 2015-09-20 01:08 - 2015-09-20 01:12 - 3333357568 _____ C:\Users\justin\Downloads\Windows.iso 2015-09-20 00:20 - 2015-09-20 00:20 - 00000000 ___HD C:\$Windows.~WS
2015-09-19 23:44 - 2015-09-19 23:44 - 00016148 _____ C:\WINDOWS\system32\ROCKHOUSE-PC_Administrator_HistoryPrediction.bin
2015-09-19 23:36 - 2015-09-19 23:36 - 00000000 ___RD C:\Users\Administrator\OneDrive
2015-09-19 23:35 - 2015-09-19 23:35 - 00000000 ____D C:\Users\Administrator\AppData\Local\Dropbox
2015-09-19 23:33 - 2015-09-19 23:33 - 00000000 ____D C:\Users\Administrator\AppData\Local\Publishers
2015-09-19 23:28 - 2015-09-19 23:30 - 00000000 ____D C:\Users\Administrator\AppData\Local\Comms
2015-09-19 23:27 - 2015-09-19 23:27 - 00000258 __RSH C:\Users\Administrator\ntuser.pol
2015-09-19 23:27 - 2015-09-19 23:27 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2015-09-19 23:27 - 2015-09-19 23:27 - 00000000 ____D C:\Users\Administrator\AppData\Local\TileDataLayer
2015-09-19 23:07 - 2015-09-19 23:07 - 00000000 ___HD C:\OneDriveTemp
2015-09-19 17:26 - 2015-09-19 17:26 - 00000218 _____ C:\Users\justin\AppData\Local\recently-used.xbel
2015-09-19 03:42 - 2015-09-19 03:43 - 00000308 _____ C:\WINDOWS\SecuniaPackage.log
2015-09-19 02:47 - 2015-09-19 02:47 - 00001146 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2015-09-19 02:47 - 2015-09-19 02:47 - 00000000 ____D C:\Users\justin\AppData\Local\Secunia PSI
2015-09-19 02:46 - 2015-09-19 02:46 - 00000000 ____D C:\Program Files (x86)\Secunia
2015-09-19 02:38 - 2015-09-19 02:38 - 00000000 ____D C:\Program Files\WOT
2015-09-19 02:38 - 2015-09-19 02:38 - 00000000 ____D C:\Program Files (x86)\WOT
2015-09-19 02:02 - 2015-09-19 02:07 - 00001029 _____ C:\DelFix.txt
2015-09-19 02:02 - 2015-09-19 02:02 - 00000000 ____D C:\WINDOWS\ERUNT
2015-09-17 22:01 - 2015-09-19 23:13 - 00000000 ____D C:\ProgramData\Sophos
2015-09-17 09:13 - 2015-09-17 15:37 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-09-17 01:23 - 2015-09-20 02:46 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-09-17 01:21 - 2015-09-17 01:21 - 00001175 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-17 01:21 - 2015-09-17 01:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-17 01:21 - 2015-09-17 01:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-09-17 01:21 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-09-17 01:21 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-09-17 01:21 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-09-17 00:08 - 2015-09-17 00:08 - 00000000 ____D C:\Users\justin\AppData\Roaming\Sun
2015-09-17 00:08 - 2015-09-17 00:08 - 00000000 ____D C:\Users\justin\.oracle_jre_usage
2015-09-16 21:10 - 2015-09-20 05:23 - 00000000 ____D C:\Users\justin\Downloads\Virus Removal Tools 9.16.15 in order
2015-09-15 15:03 - 2015-09-19 23:29 - 00000538 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 65503b91-30cb-493e-987a-9829a4b7377d.job
2015-09-15 15:03 - 2015-09-19 12:00 - 00000538 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 0c79afc1-9427-46f0-acbf-9965802a5ab9.job
2015-09-15 15:03 - 2015-09-15 15:03 - 00003774 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task 0c79afc1-9427-46f0-acbf-9965802a5ab9
2015-09-15 15:03 - 2015-09-15 15:03 - 00003692 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task 65503b91-30cb-493e-987a-9829a4b7377d
2015-09-14 18:45 - 2015-09-20 04:38 - 00000000 ____D C:\Users\justin\AppData\Roaming\vlc
2015-09-14 18:44 - 2015-09-14 18:44 - 00001143 _____ C:\Users\Public\Desktop\VLC media player.lnk
2015-09-14 18:44 - 2015-09-14 18:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-09-14 18:41 - 2015-09-14 18:41 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2015-09-13 23:38 - 2015-09-13 23:38 - 00001052 _____ C:\Users\Public\Desktop\Deluge.lnk
2015-09-13 23:14 - 2015-09-13 23:15 - 00262144 _____ C:\WINDOWS\Minidump\091315-44140-01.dmp
2015-09-12 17:17 - 2015-09-15 15:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-09-12 17:17 - 2015-09-12 17:17 - 00000000 ____D C:\Users\justin\AppData\Roaming\SUPERAntiSpyware.com
2015-09-12 17:16 - 2015-09-12 17:17 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-09-12 17:16 - 2015-09-12 17:16 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2015-09-12 16:28 - 2015-09-12 16:31 - 00000000 ____D C:\Users\justin\AppData\Local\Deployment
2015-09-12 14:57 - 2015-09-12 14:57 - 00208216 _____ (Kaspersky Lab, GERT) C:\WINDOWS\system32\Drivers\09897907.sys
2015-09-12 14:30 - 2015-09-12 14:30 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2015-09-12 00:05 - 2015-09-12 00:05 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab
2015-09-11 05:06 - 2015-09-11 05:06 - 00001716 _____ C:\Users\justin\Desktop\IE Sync Xmarks.lnk
2015-09-10 19:21 - 2015-09-10 19:21 - 00003294 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2015-09-10 19:21 - 2015-09-10 19:21 - 00003242 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2015-09-10 19:21 - 2015-09-10 19:21 - 00003238 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2015-09-09 21:01 - 2015-09-09 21:01 - 00002361 _____ C:\Users\Public\Desktop\CyberLink PowerDVD 15.lnk
2015-09-09 21:01 - 2015-09-09 21:01 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 15
2015-09-09 20:49 - 2015-09-09 20:49 - 00000000 ____D C:\Program Files (x86)\CyberLink
2015-09-09 05:24 - 2015-08-27 01:04 - 21874688 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-09-09 05:24 - 2015-08-27 00:59 - 02880032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-09-09 05:24 - 2015-08-27 00:55 - 24594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-09-09 05:24 - 2015-08-27 00:51 - 02350592 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-09-09 05:24 - 2015-08-27 00:51 - 01774592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-09-09 05:24 - 2015-08-27 00:47 - 12503552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-09-09 05:24 - 2015-08-27 00:23 - 19324416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-09-09 05:24 - 2015-08-27 00:16 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-09-09 05:24 - 2015-08-27 00:16 - 02153472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-09-09 05:24 - 2015-08-27 00:09 - 11262464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-09-09 05:23 - 2015-09-01 20:20 - 00077400 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-09-09 05:23 - 2015-09-01 19:25 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-09-09 05:23 - 2015-09-01 19:25 - 01382912 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-09-09 05:23 - 2015-08-27 01:36 - 03620736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-09-09 05:23 - 2015-08-27 01:32 - 00608936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-09-09 05:23 - 2015-08-27 00:54 - 00541248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-09-09 05:23 - 2015-08-27 00:54 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-09-09 05:23 - 2015-08-27 00:49 - 01008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-09-09 05:23 - 2015-08-27 00:43 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-09-09 05:23 - 2015-08-27 00:43 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-09-09 05:23 - 2015-08-27 00:42 - 00596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-09-09 05:23 - 2015-08-27 00:42 - 00578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-09-09 05:23 - 2015-08-27 00:42 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.PicturePassword.dll
2015-09-09 05:23 - 2015-08-27 00:42 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2015-09-09 05:23 - 2015-08-27 00:39 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-09-09 05:23 - 2015-08-27 00:23 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-09-09 05:23 - 2015-08-27 00:16 - 01612288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-09-09 05:23 - 2015-08-27 00:12 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-09-09 05:23 - 2015-08-27 00:12 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-09-09 05:23 - 2015-08-27 00:11 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2015-09-09 05:23 - 2015-08-27 00:11 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2015-09-09 05:23 - 2015-08-27 00:08 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-09-07 15:36 - 2015-09-07 15:36 - 00000655 _____ C:\Users\justin\Desktop\NFL 2015_2016 bye weeks.txt
2015-09-07 15:36 - 2015-09-07 15:36 - 00000000 _____ C:\Users\justin\Desktop\New Text Document.txt
2015-09-07 04:59 - 2015-09-13 23:30 - 00000000 ____D C:\Program Files\KMSpico
2015-09-07 04:59 - 2015-09-07 04:59 - 00004608 _____ C:\WINDOWS\SECOH-QAD.exe
2015-09-07 04:59 - 2015-09-07 04:59 - 00003584 _____ C:\WINDOWS\SECOH-QAD.dll
2015-09-07 04:59 - 2015-09-07 04:59 - 00003472 _____ C:\WINDOWS\System32\Tasks\AutoPico Daily Restart
2015-09-07 04:59 - 2015-09-07 04:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2015-09-07 04:59 - 2010-12-05 21:16 - 00090112 _____ (Vestris Inc.) C:\WINDOWS\system32\Vestris.ResourceLib.dll
2015-09-07 04:12 - 2015-09-15 19:49 - 00000000 ____D C:\Users\justin\AppData\Local\Xmarks
2015-09-07 04:12 - 2015-09-07 04:47 - 00000000 ____D C:\Users\justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Xmarks
2015-09-07 04:12 - 2015-09-07 04:12 - 00000000 ____D C:\Program Files (x86)\Xmarks
2015-09-06 22:22 - 2015-09-06 22:25 - 00000000 ____D C:\Program Files\Speccy
2015-09-06 22:22 - 2015-09-06 22:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2015-09-05 23:25 - 2015-09-05 23:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-09-05 23:20 - 2015-09-05 23:26 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-09-04 23:36 - 2015-09-04 23:36 - 00000000 ____D C:\Program Files\Logitech
2015-09-04 17:42 - 2015-09-04 17:42 - 00000000 ____D C:\Users\justin\AppData\Local\Slimjet
2015-09-04 17:41 - 2015-09-05 00:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashPeak Slimjet
2015-09-04 17:41 - 2015-09-05 00:00 - 00000000 ____D C:\Program Files (x86)\Slimjet
2015-09-04 05:45 - 2015-09-04 22:35 - 00000000 ____D C:\Program Files (x86)\Mousefix
2015-09-04 04:52 - 2015-09-04 04:52 - 02276560 _____ (Microsoft Corporation) C:\WINDOWS\system32\coin95ip.dll
2015-09-04 04:41 - 2015-09-04 04:41 - 00000000 ____D C:\Users\justin\AppData\Roaming\sp6_log
2015-09-03 15:53 - 2015-09-15 16:26 - 00000000 ____D C:\Users\justin\AppData\Roaming\SlimBrowser
2015-09-03 15:53 - 2015-09-04 22:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashPeak SlimBrowser
2015-09-03 15:53 - 2015-09-04 22:35 - 00000000 ____D C:\Program Files (x86)\SlimBrowser
2015-09-03 15:29 - 2015-08-11 04:23 - 16706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-09-03 15:29 - 2015-08-11 03:57 - 13024768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-09-03 15:28 - 2015-08-20 01:07 - 08019296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-09-03 15:28 - 2015-08-20 01:06 - 00609592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-09-03 15:28 - 2015-08-20 01:02 - 22324656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-09-03 15:28 - 2015-08-20 00:26 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-09-03 15:28 - 2015-08-20 00:21 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2015-09-03 15:28 - 2015-08-20 00:16 - 20857848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-09-03 15:28 - 2015-08-20 00:13 - 02235904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-09-03 15:28 - 2015-08-20 00:09 - 00929280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2015-09-03 15:28 - 2015-08-18 02:56 - 02498808 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-09-03 15:28 - 2015-08-18 02:55 - 00373072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-09-03 15:28 - 2015-08-18 02:54 - 01396064 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-09-03 15:28 - 2015-08-18 02:27 - 01771592 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-09-03 15:28 - 2015-08-18 02:24 - 00963920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-09-03 15:28 - 2015-08-18 02:13 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2015-09-03 15:28 - 2015-08-18 02:13 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2015-09-03 15:28 - 2015-08-18 02:12 - 02225664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-09-03 15:28 - 2015-08-18 02:07 - 02226688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2015-09-03 15:28 - 2015-08-18 02:04 - 01234944 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2015-09-03 15:28 - 2015-08-18 02:04 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-09-03 15:28 - 2015-08-18 01:59 - 01294336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcnwiz.dll
2015-09-03 15:28 - 2015-08-18 01:59 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2015-09-03 15:28 - 2015-08-18 01:58 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2015-09-03 15:28 - 2015-08-18 01:58 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnNetsh.dll
2015-09-03 15:28 - 2015-08-18 01:57 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2015-09-03 15:28 - 2015-08-18 01:56 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2015-09-03 15:28 - 2015-08-18 01:55 - 02178560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-09-03 15:28 - 2015-08-18 01:54 - 00247296 _____ C:\WINDOWS\system32\facecredentialprovider.dll
2015-09-03 15:28 - 2015-08-18 01:52 - 01888768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-09-03 15:28 - 2015-08-18 01:50 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-09-03 15:28 - 2015-08-18 01:49 - 01061888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2015-09-03 15:28 - 2015-08-18 01:49 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2015-09-03 15:28 - 2015-08-18 01:36 - 01226752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcnwiz.dll
2015-09-03 15:28 - 2015-08-18 01:35 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2015-09-03 15:28 - 2015-08-18 01:34 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2015-09-03 15:28 - 2015-08-18 01:29 - 01593344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-09-03 15:28 - 2015-08-17 23:44 - 00008847 _____ C:\WINDOWS\system32\ResPriHMImageList
2015-09-03 15:28 - 2015-08-12 23:22 - 02093056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2015-09-03 15:28 - 2015-08-12 23:20 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2015-09-03 15:28 - 2015-08-12 22:53 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2015-09-03 15:28 - 2015-08-11 05:04 - 04532304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-09-03 15:28 - 2015-08-11 05:04 - 02462648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-09-03 15:28 - 2015-08-11 05:04 - 01087296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-09-03 15:28 - 2015-08-11 05:03 - 00442208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2015-09-03 15:28 - 2015-08-11 05:02 - 00554744 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2015-09-03 15:28 - 2015-08-11 05:02 - 00292856 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2015-09-03 15:28 - 2015-08-11 05:02 - 00080720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2015-09-03 15:28 - 2015-08-11 04:52 - 00993104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2015-09-03 15:28 - 2015-08-11 04:50 - 01643872 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-09-03 15:28 - 2015-08-11 04:40 - 04048808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-09-03 15:28 - 2015-08-11 04:40 - 02151208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-09-03 15:28 - 2015-08-11 04:40 - 00918320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-09-03 15:28 - 2015-08-11 04:38 - 00454000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2015-09-03 15:28 - 2015-08-11 04:37 - 00243800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2015-09-03 15:28 - 2015-08-11 04:26 - 00845664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2015-09-03 15:28 - 2015-08-11 04:21 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-09-03 15:28 - 2015-08-11 04:21 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2015-09-03 15:28 - 2015-08-11 04:20 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2015-09-03 15:28 - 2015-08-11 04:19 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2015-09-03 15:28 - 2015-08-11 04:18 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2015-09-03 15:28 - 2015-08-11 04:16 - 02416640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-09-03 15:28 - 2015-08-11 04:14 - 00404480 _____ C:\WINDOWS\system32\diagtrack_wininternal.dll
2015-09-03 15:28 - 2015-08-11 04:13 - 00413184 _____ C:\WINDOWS\system32\diagtrack_win.dll
2015-09-03 15:28 - 2015-08-11 04:11 - 02446336 _____ C:\WINDOWS\system32\InputService.dll
2015-09-03 15:28 - 2015-08-11 04:11 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2015-09-03 15:28 - 2015-08-11 04:10 - 00778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2015-09-03 15:28 - 2015-08-11 04:10 - 00293376 _____ C:\WINDOWS\system32\TextInputFramework.dll
2015-09-03 15:28 - 2015-08-11 04:09 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2015-09-03 15:28 - 2015-08-11 04:08 - 00893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2015-09-03 15:28 - 2015-08-11 04:08 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-09-03 15:28 - 2015-08-11 04:07 - 01178112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-09-03 15:28 - 2015-08-11 04:07 - 00593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-09-03 15:28 - 2015-08-11 04:07 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeParserTask.exe
2015-09-03 15:28 - 2015-08-11 04:06 - 07523328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-09-03 15:28 - 2015-08-11 04:06 - 02662400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2015-09-03 15:28 - 2015-08-11 04:05 - 03527168 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-09-03 15:28 - 2015-08-11 04:05 - 00996352 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-09-03 15:28 - 2015-08-11 04:05 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationGeofences.dll
2015-09-03 15:28 - 2015-08-11 04:05 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2015-09-03 15:28 - 2015-08-11 04:05 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPermissions.dll
2015-09-03 15:28 - 2015-08-11 04:05 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2015-09-03 15:28 - 2015-08-11 04:03 - 02558976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-09-03 15:28 - 2015-08-11 04:02 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-09-03 15:28 - 2015-08-11 04:02 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2015-09-03 15:28 - 2015-08-11 04:01 - 01334784 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-09-03 15:28 - 2015-08-11 04:00 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-09-03 15:28 - 2015-08-11 04:00 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll
2015-09-03 15:28 - 2015-08-11 03:59 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-09-03 15:28 - 2015-08-11 03:59 - 00642560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
2015-09-03 15:28 - 2015-08-11 03:59 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2015-09-03 15:28 - 2015-08-11 03:59 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tetheringclient.dll
2015-09-03 15:28 - 2015-08-11 03:58 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2015-09-03 15:28 - 2015-08-11 03:57 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2015-09-03 15:28 - 2015-08-11 03:51 - 01916928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-09-03 15:28 - 2015-08-11 03:51 - 01823232 _____ C:\WINDOWS\SysWOW64\InputService.dll
2015-09-03 15:28 - 2015-08-11 03:50 - 00200704 _____ C:\WINDOWS\SysWOW64\TextInputFramework.dll
2015-09-03 15:28 - 2015-08-11 03:50 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2015-09-03 15:28 - 2015-08-11 03:49 - 00586752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2015-09-03 15:28 - 2015-08-11 03:48 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2015-09-03 15:28 - 2015-08-11 03:47 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-09-03 15:28 - 2015-08-11 03:45 - 01820672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2015-09-03 15:28 - 2015-08-11 03:43 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-09-03 15:28 - 2015-08-11 03:42 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-09-03 15:28 - 2015-08-11 03:40 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-09-03 15:28 - 2015-08-11 03:40 - 01112064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-09-03 15:28 - 2015-08-11 03:39 - 00280576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-09-03 15:27 - 2015-08-18 01:58 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWCN.dll
2015-09-03 15:27 - 2015-08-18 01:58 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWCN.dll
2015-09-03 15:27 - 2015-08-18 01:54 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2015-09-03 15:27 - 2015-08-18 01:49 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2015-09-03 15:27 - 2015-08-18 01:35 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdWCN.dll
2015-09-03 15:27 - 2015-08-18 01:26 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2015-09-03 15:27 - 2015-08-11 04:10 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-09-03 15:27 - 2015-08-11 03:50 - 00420352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2015-09-03 15:27 - 2015-08-11 03:49 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-09-03 1

A: Possible malware informs me to contact ISP when Visiting websites to remove it

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Press the windows key + r on your keyboard at the same time. This will open the RUN BOX.Type Notepad and and click the OK key.Please copy the entire contents of the code box below to the a new file.

start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
HKLM\...\Policies\Explorer\Run: [Mpk.exe] => C:\Program Files (x86)\KGB\Mpk.exe
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
OPR Extension: (No Name) - C:\Users\justin\AppData\Roaming\Opera Software\Opera Stable\Extensions\mhgklikgljbhnomlmhmondmafldgmojo [2015-08-31]
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [737984 2015-08-30] (@ByELDI) [File not signed]
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
C:\Program Files\KMSpico
C:\Program Files (x86)\KGB
C:\Users\justin\AppData\Roaming\Opera Software\Opera Stable\Extensions\mhgklikgljbhnomlmhmondmafldgmojo

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.The location is listed in the 3rd line of the Farbar log you have submitted.Run FRST and click Fix only once and wait.Restart the computer normally to reset the registry.The tool will create a log (Fixlog.txt) please post it to your reply.===Reset Internet Explorer:Menu > Tools > Internet Options > Advanced Tab.Click the Reset button on the bottom of the pane.Click the Apply button.Close IE.Clean the Internet Explorer Cache.https://kb.wisc.edu/page.php?id=15141For IE 10, 11 follow the following instructions.http://refreshyourcache.com/en/internet-explorer-11/===How is the computer running now?

16 more replies

OS = Windows 10, effects all browsers used (slimbrowser, slimjet, IE11, Firefox w/noscript running, Chrome, Opera, these are the only ones i tried)

When browsing to a website (typically seems to be stream2watch) but others randomly trigger a message that informs me to call my ISP to remove malware, and a fake blue screen error withing a browser windows behind that. This can only be terminated by ending the task within task manager. ALT+F4 does nothing, just sends it repeating.

I have Secure A Plus running along with Superantispyware, both have run a full scan and to no avail minus piddly tracking cookies in SAS. ADW cleaner also has been run after the fact. No repeat customer seem to appear.

I have a screen capture if you would like to see it, and hope to get this resolved, it gets very irritating. Thank you

A:Possible malware informs me to contact ISP when Visiting websites to remove it

20 more replies

Thank you for your help. You helped my husband so well on his computer a year or so ago. I know you are the best! If you need any other info than what is in the area above, let me know!

Nattasiri

A:Popups telling me to contact Microsoft to remove malware

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

1 more replies

Hello all,
I am having a problem with all of the browsers on my computer directing to a spam search site when I try to visit certain websites.

I believe the problem started when I installed this software to help me switch audio output very easily:
http://www.sevenforums.com/customization/65079-anyway-use-hotkeys-switch-sound-output.html

I've done the following:
1) Run updated Malware bytes Anti Malware
2) Run TDSS Rootkit Remover Tool by Kaspersky.
3) Run Virus Remover Tool by Kaspersky.
4) Reset my cookies in Chrome.
5) Read the "Before posting a log" on this forum (the sticky post).
6) Updated my notification options as recommended.
I could not run GMER as I'm running Windows 7 64 bit.

I've attached my DDS/Attach/Hijack logs.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Nublard at 12:30:59 on 2011-11-19
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8187.6350 [GMT -5:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

A:Redirecting When Visiting Websites

Hi,

you mentioned running a number of tools in the beginning, did they all come back clean? I'd be in particular interested in the tdsskiller log.

regards myrti

12 more replies

Really really random bsod's. help please! :<

A:BSOD - Visiting websites.

Code:
BugCheck 116, {fffffa80046bb010, fffff88003bb045c, 0, 2}
This bugcheck indicates that an attempt to reset the display within the allocated time interval failed, hence the bugcheck.
This isn't a typical bugcheck in terms that this only happens when the graphics card doesn't respond either because of a bad driver or the GPU is faulty.

Code:
2: kd> KnL
00 fffff88005a7a1c8 fffff8800414b054 nt!KeBugCheckEx <-- The BSOD crash
01 fffff88005a7a1d0 fffff8800414ad5e dxgkrnl!TdrBugcheckOnTimeout+0xec <-- Instruction telling the system to crash if the graphics card doesn't respond.
02 fffff88005a7a210 fffff8800400ff13 dxgkrnl!TdrIsRecoveryRequired+0x1a2 <-- Telling the system to run a display recovery.
03 fffff88005a7a240 fffff8800403ded6 dxgmms1!VidSchiReportHwHang+0x40b <-- This reports the graphics card has hung.
04 fffff88005a7a320 fffff88004023ce9 dxgmms1!VidSchWaitForCompletionEvent+0x196
05 fffff88005a7a360 fffff88004026be7 dxgmms1!VIDMM_GLOBAL::xWaitForAllEngines+0x1e9
06 fffff88005a7a460 fffff880040252d8 dxgmms1!VIDMM_GLOBAL::SetupForBuildPagingBuffer+0xd7
07 fffff88005a7a4a0 fffff8800402522e dxgmms1!VIDMM_GLOBAL::UnmapVideoApertureSegmentInternal+0x34
08 fffff88005a7a630 fffff8800402e77e dxgmms1!VIDMM_GLOBAL::UnmapVideoApertureSegment+0x13e
09 fffff88005a7a6a0 fffff8800402e527 dxgmms1!VIDMM_APERTURE_SEGMENT::UnmapApertureRange+0x7a

8 more replies

Quote: Originally Posted by Casuaisxtynine

Really really random bsod's. help please! :<

This is a repost.. I'm sorry for this but I need help

A:BSOD - Visiting websites

Hi Casuaisxtynine.

Click on the button below ....

It will download the DM log collector. Right click on the application and run as administrator. It will generate a .zip file on your desktop. Upload the .zip.
Screenshots and Files - Upload and Post in Seven Forums

9 more replies

I have a:
Gateway laptop Gateway Laptop
MX6433
AMD Turion 64 mobile
Technology ML-30
1.59 GHz, 448 MB of RAM
Windows XP Media Center edition (service pack 3).

I bought it two years or so ago. Since as long as I can remember I have had this problem.

when I am on my browser (I use chrome, firefox, and IE) my wireless connection will cut out after a while. I have noticed that if I am on just one site (example: Pandora.com) it can be fine for hours. But once I start going to different sites, I eventually get kicked off. It can be any website, Facebook, youtube, etc.

When I lose connectivity, I refresh my wireless connections and only the printer comes up. If I try to right click on the tray icon to repair internet connection, it freezes. I am guessing that this is a hardware problem. (?) Though I'm not extremely technical with computers, I know my way around most issues that can arise.

I have reformatted my hard drive (twice) and all my software is up to date. I have run AVG scan and Ad Aware scan hundreds of times. Can anyone offer assistance? Thank you very much!

More replies

We recently added a filter to our computer because of our children. Each week we get a report on sites that we attempted to be opened, but are blocked. There are several, but one in particular is on there all the time and has a high percentage. I am wondering if anyone recognizes it and if it is possible that somehow there is something on our computer that is automatically leading us there. We have not gone to it ever as far as I know.

It is: eserviceds1x.us.dell.com

We have both AdAware SE and Spybots and run them regularly.

Below is our Hi-Jack this latest run:
Logfile of HijackThis v1.98.2
Scan saved at 11:49:24 AM, on 10/13/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe

A:Websites visited that we aren't visiting??

Hi MNgirl,

2° Create a permanent folder like C:\Program Files\LSP and extract the download zip file into that folder.

3° Log your computer in safe mode (hit F8 many times during booting procedure);

4° Disable your System Restore : have a look to Disabling or enabling Windows XP System Restore ;

5° Close all open windows - it is very important;

6° Run LSPFix : click only the Fix button;

7° Reboot normally and post a new HijackThis log.

3 more replies

I am rephrasing the question to be more specific. I cannot see how my first request was inappropriate. I have not needed to set up a network in years, so I hope someone has the answer to my question.

I am paying for my home internet, and I do not want anyone visiting pron websites. Is their any tool that can alert me if one of my friends is accessing inappropriate material on the website. Someone closed my question before, so I guess knowing how to share their internet histories is NOT the proper answer.

I will not stand for people looking at bad websites, so I hope someone can point me to a decent solution.

A:I need to make sure users are not visiting bad websites

6 more replies

Hey guys,

I have a friend who has an adult filtering program on his computer. I get a daily email with all of the sites his computer goes to. I know that they are not visiting these sites personally, so, there has to be some malware/adware that is causing it. I also learned today that there are a number of popups, probably related to these sites.

The websites are:

Also - it has been running slower as of late.

Thanks for the help.

Jeremy

A:Vista Laptop - visiting certain websites automatically every day

I hate to use the word "Bump," but, I just wanted to send out a reminder....

6 more replies

is it safe to visit a website that has been attacked with SQL injection? ..as an example google www.wowyeye.cn www.killwow1.cn and look at the websites that have been compromised by these Chinese domains, if by chance if you surf to a site "taken over" can that website with the attack host files be downloaded to your browser?

A:visiting Compromised websites -SQL Injection ATTACKS

6 more replies

I've been able to run a few scanners, Avast!, Spybot S&D, AVG, etc- spybot found a few things, and deleted them. The online webscanners like panda and trend micro won't allow me to goto the sites, because whatever the virus is takes me to another site/weberror even if I type it straight into the adress bar. I ran stinger and it found no errors, following is my hijackthis logfile.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:37:14 PM, on 9/15/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\Program Files\Analog Devices\SoundMAX\Smax4.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Spy... Read more

A:Doesn't Allow Visiting Of Anti-spyware Websites

Hello Shoyu,

Welcome to Bleeping Computer

Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

2 more replies

As the title states, after visiting some potentially dangerous websites, my laptop is acting a little strange. I'm concerned that a trojan virus or the like may be capturing my data/passwords. I would greatly appreciate any assistance! Below is my generated  FRST.txt log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-06-2016 02
Ran by Oracle (administrator) on ORACLE-PC (06-06-2016 15:14:36)
Running from C:\Users\Oracle\Desktop
Loaded Profiles: Oracle & UpdatusUser (Available Profiles: Oracle & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe

A:Suspicious behaviour on laptop after visiting questionable websites

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Remove this program via the Control Panel > Programs > Programs and Features applet.Driver Downloader v3.2 (HKLM-x32\...\Driver Downloader_is1) (Version: 3.2 - PDE Publications Limited)===Press the windows key + r on your keyboard at the same time. This will open the RUN BOX.Type Notepad and and click the OK key.Please copy the entire contents of the code box below to the a new file. start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-1473783762-3503634554-1593080487-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2013-06-02] <==== ATTENTION

0 more replies

Spam contact added to Gmail can't be removedI know how to remove contacts from the list. Suddenly 5 have been added under the "people" category all with the name Davey, or Dave.... The "delete" command has been greyed out for these.They do not show up on the normal list but were discovered when searching for a similar name in the search box which then includes them along with the proper list. This appears only on one of my computers. Clicking on each shows a bunch of other URLs which I haven't clicked on.How can I remove please? Thanks.message edited by dbeckman

A:Why can't I remove spam contact from gmail contact list?

2 more replies

Hello,

So I've always wondered if you can get a virus/malware just by visiting a website?

I always thought this was a No, because I believe a user is only infected when he/she opens up that malware/virus FILE, once you open it up and install it then you are infected.

I know there are drive by downloads, but your anti-virus or anti-malware program should detect the file and automatically delete it.

Malware/virus can't infect your computer unless you open the file, right?

A:can you get a virus/malware just by visiting a website?

27 more replies

Hi all,

I have a rather specific and annoying problem with my router. every few days or so the internet will cut out. However, i am still able to use websites that i have been using already, so am able to check emails read articles etc, but am unable to do things like stream videos from youtube or play online games. I run network diagnostics (Windows 7) and receive the error: Your computer appears to be correctly configured, but the device or resource (samsung.msn.com) is not responding. I have already updated all my drivers and have completely reinstalled my router and checked all cables etc. This appears to be only to do with computers that are connected wirelessly, as the pc connected via ethernet seems to be unaffected,

I have both a netbook and a gaming pc connected wirelessly.
Netbook:
OS Version: Microsoft Windows 7 Starter, Service Pack 1, 32 bit
Processor: Intel(R) Atom(TM) CPU N550 @ 1.50GHz, x64 Family 6 Model 28 Stepping 10
Processor Count: 4
RAM: 2037 Mb
Graphics Card: Intel(R) Graphics Media Accelerator 3150, 256 Mb
Hard Drives: C: Total - 175103 MB, Free - 32693 MB; D: Total - 45832 MB, Free - 15033 MB;
Motherboard: SAMSUNG ELECTRONICS CO., LTD., NF110/NF210/NF310
Antivirus: AVG Anti-Virus Free Edition 2012, Updated and Enabled

Gaming PC:
Windows 7 SP1 64 bit
CPU: AMD Phenom II 955 BE
RAM: 8GB OCZ
GPU: AMD 6990 4GB
HDD: 1TB WD Caviar Black
MB: Gigabyte 890FX UD-5
AVG Free

The router is a TP-Link WR1043ND v1
Firmware: 3.13.4 Build 110429 Rel.36959n

A:Unable to contact DNS, yet can still use some websites

Is that ipconfig /all for when you are experiencing the problem? If not, please post for that condition. Also for when you have the problem ...

Please attach a screen shot of the Networks page of the Xirrus Wi-Fi Inspector. If you need help with that see TSG Posting a Screenshot. FWIW to take screen shots with Windows 7 or Vista I prefer to use the built-in Snipping Tool.

3 more replies

I have a Toshiba Satellite A135-S4527 laptop with Vista. Whenever I need to contact anyone from a website and the address isn't displayed, it takes me through a whole thing to configure Outlook Express. But it never finishes it. For the Gmail address it doesn't too far. for the yahoo adress it says Type your name and password, but it just doesn't go further - the same scren keeps popping up. And yes, I have the write name and password.

It's frustrating as I can't contact anyone!

Also, my computer has Windows Mail. Could it be used instead? How?

Thanks!

8 more replies

Hi guys, I'd like to help clean up unused programs and malware, super slow .  I will be unable (she is unwilling) to take Mcafee off -she unfortunately decided to buy it for a year. Can someone run me through and help clean up? I ran adwcleaner but have not yet followed through, hope someone can help me this evening, i'm pretty quick if needed. Thanks!

A:Visiting my Aunt, pretty sure she's got some malware and i'm leaving tomorrow

If I understand you, you have scanned with AdwCleaner but haven't chose to click on the Clean button...if so, rerun and do that.
Post its log per instructions.

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the
Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.
After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
When MBAM is finished scanning it will display a screen that displays any malware that it has detected.
Click the Remove Selected button.

35 more replies

I keep getting a Security Certificate Alert Popup when using Internet Explorer and a webpage loads. The options are Yes/No/Cancel. It seems like I have some sort of malware/adware installed as there are some weird ads appearing on the page. How can I remove the malware/adware?

Here is the Hijack this log:

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 11:21:11 AM, on 3/6/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17631)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe

A:Solved: Getting Security Alert - Certificate Pop Up when visiting Webpages - Malware?

Do the following in the order that they're listed.

Note: You might want to print off these instructions before you start so they're easier to follow.

-----------------------------------------------------------

Close all open windows first, then double-click AdwCleaner.exe to load its main window.

Click the "Scan" button, then allow the scanning process to finish.
(Note: Several seconds may pass before the scanning process starts, so be patient.)

Click the "Cleaning" button, then click "OK".

Allow the cleaning process to finish.

When it's finished, click "OK" in each window that appears.

The computer will restart.

When the log appears during restart, save it.

-----------------------------------------------------------

Start SUPERAntiSpyware.

Click "System Tools".

Click "Preferences", then uncheck "Run in the background (system tray)", then click "Done".

Click "Advanced Settings", then uncheck "Follow shortcuts (*.lnk) during scan", then click "OK - Done".

When the definition files have updated, click "OK".

Click "Scan This Computer", then click Quick Scan.

If problems are found during the scan, the number of them will be highlighted in red.

When the scan is finished, click "Continue".

7 more replies

We just started having this problem today at one of our computers at work, we run on Windows XP. Every time I navigate to a new web page (even here), I get a pop up warning:

Internet Explorer Warning - visiting this web site may harm your computer!

Most likely causes:
The website contains exploits that can launch a malicious code on your computer
Suspicious network activity detected
There might be an active spyware running on your computer

What you can try:
Activate Antivirus 360 for secure Internet surfing (Recommended).
Check your computer for viruses and malware.

Can you please help me get rid of this? I have tried to attach the 2 things that came up with the DDS

A:Internet Explorer Warning - visiting this website may harm your computer Antivirus 360 Malware

2 more replies

Recently I have not been able to update windows7 and nothing seems to be able to solve this problem. Today a box aoppeared teling me that my copy of windows7 is not genuine and to click on the box for further info.

This is obviously some kind of scam because I built this computer and purchased a genuine copy of windows7 from a well known and reputable retail outlet. My problem is I want to get rid of whatever is corrupting my computer and preventing me updating and also get rid of this message box.

I am operating windows7 64bit with 4Gig of ram and a Q9550 quadcore processor.

Please find below the system info.

Many thanks.

Code:
GetSystemInfo version 4.1.0.245:
<Time>
Time[:]29/03/2012 23:18:55
</Time>
<BIOS>
BuildNumber[:]
InstallDate[:]
Manufacturer[:]American Megatrends Inc.
Name[:]BIOS Date: 07/10/09 18:35:53 Ver: 08.00.14
PrimaryBIOS[:]True
ReleaseDate[:]20090710000000.000000+000
SerialNumber[:]System Serial Number
SMBIOSBIOSVersion[:]2301
SMBIOSMajorVersion[:]2
SMBIOSMinorVersion[:]5
SMBIOSPresent[:]True
SoftwareElementID[:]BIOS Date: 07/10/09 18:35:53 Ver: 08.00.14
SoftwareElementState[:]3
Status[:]OK
TargetOperatingSystem[:]0
version[:]A_M_I_ - 7000910
</BIOS>
<Processor>
Architecture[:]9
Availability[:]3
Caption[:]Intel64 Family 6 Model 23 Stepping 10
CpuStatus[:]1
CurrentClockSpeed[:]2833
CurrentVoltage[:]13
DataWidth[:]64
Description[:]Intel64 Family 6 Model 23 Stepping 10

A:Message box informs me that windows7 is not genuine!

To properly analyse and solve problems with Activation and Validation, we need to see a full copy of the report produced by the MGADiag tool (download and save to desktop - http://go.microsoft.com/fwlink/?linkid=52012 )
Once saved, run the tool.
Click on the Continue button, which will produce the report.
To copy the report to your response, click on the Copy button in the tool (ignore any error messages at this point), and then paste (using either r-click/Paste, or Ctrl+V ) into your response.
Please also state the Version and Edition of Windows quoted on your COA sticker (if you have one) on the case of your machine, but do NOT quote the Key on the sticker!
How to Tell - Home

9 more replies

Got home today to find that my mother had answered a phone call from the # 707-706-0870 stating that MY laptop had been "hacked". She said that whoever was on the other end of the line did not sound like they were from this country.She said it kind of sounded like they may have been from India.Just wondering if anyone else out there has ever experienced this ? Also,the caller said that they were from "laptop support ??? Any input on this is much appreciated.I'll check back tomorrow night.Got another 12 hour shift in the am...Gotta get some sleep for now.As always-thank very much.

A:Telephone call informs me that my pc has been hacked ???

Quote: Originally Posted by guitarfiend

Got home today to find that my mother had answered a phone call from the # 707-706-0870 stating that MY laptop had been "hacked". She said that whoever was on the other end of the line did not sound like they were from this country.She said it kind of sounded like they may have been from India.Just wondering if anyone else out there has ever experienced this ? Also,the caller said that they were from "laptop support ??? Any input on this is much appreciated.I'll check back tomorrow night.Got another 12 hour shift in the am...Gotta get some sleep for now.As always-thank very much.

It's a scam.

9 more replies

I was trying to remove a contact that I had added by mistake to the favourites (star) tab of the phone dialer app. However, I am not able to find any way to do that. I tried long pressing the contact but it only allows me to reorder the list not remove the contact. the ellipses at the bottom do not help, there is only a add new contact, voice mail and phone book options there.
This is really frustrating, I am not a new WP user, have been on it since WP7.5 and I still cannot find a way to do this.
This is really a usability fail for MS....

More replies

I've deleted it from windows mail contacts, and from within explorer contacts but when I type the persons name it comes up as the old email address I deleted not the new contact... How can I remove the contact completely so the new contact details are initiated when I type the persons name in windows mail..?

A:Remove contact from windows mail ? !

Would this be helpful? How to clear the email auto-complete entries in Windows Mail

If you would rather not manually change the registry, there is a small utility at the bottom of the tutorial under "Related Articles".

Don't forget to Back up your registry: Registry - Backup and Restore

5 more replies

I'm not really sure what to do here. AVG 9's Resident Shield informs me of Pakes.GDP virus being present in my Local Settings/Temp folder. I've deleted the offending files, but it keeps coming back, though the folders that the virus is alleged to be in no longer exist. Thinking it was a false positive, I temporarily whitelisted that segment.

Today I got a new message about the same virus being present in a folder known as Toetef in the Application Data folder. Once more, I've removed the offending files, yet do not believe the issue is resolved.

Why do I think this? Well, every few seconds, something is sending a request to connect to a specific IP, 193.105.207.29 . Malwarebytes is blocking this for now, but I'm not content with treating the symptoms.

Oh, TSG people, please help me. I want to avoid reformatting like the plague, but I also want a clean and happy computer again.

A:Pakes.GDP, can't seem to remove, tries to contact specific IP.

15 more replies

I'm referring to MS Outlook 07 wherein the default country is Australia that automatically appears in all the contact physical addresses. For reasons I'm not sure of, I just don't like it nor need it for all my predominately Ozzie addresses.

By the same token, I also don't like the way Outlook wants to insert the area code (07) into all my phone numbers. This is REALLY annoying when it comes to mobile numbers as it inserts brackets around the first two numbers thinking they are an area code e.g. 0407744444 is displayed as (04)07744444. I make sure I use the Mobile "field" so I can't see why it wants to put the brackets in!

Thanks all

More replies

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Please DownloadTDSSKiller.zip>>> Double-click on TDSSKiller.exe to run the application.Click on the Start Scan button and wait for the scan and disinfection process to be over.If an infected file is detected, the default action will be Cure, click on Continue
If a suspicious file is detected, the default action will be Skip, click on Continue

A:Win7 64bit informs me I am Infected with Trojan.PWS.Legmir.AD / [email protected]

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

2 more replies

I share IT responsibilities at my company and one of our (former) sales people added profile pictures to every single one of his contacts (787). To make matters worse, the large majority of them are celebrities & models if he liked the person, or "ugly people" if he did not like them.

We have a new salesperson onboarding and I need to transfer his contacts to her, but before I can do that I must find a way to rid all 787 contacts of their profile pictures.

Is there any way to accomplish this without having to manually remove each photo and resave the contacts? A setting, script, anything?

Thanks

More replies

I added a contact that appeared under the chat contacts in gmail. Then some public talk profile was generated and also added for the same person. I could delete the chat that I added regularly but not the 73yrfhvyrfgirigu @ public.talk.google.com crap that was generated. I read somewhere I had to search for Circles and things in google plus - Firstly it is not in ANY contacts page that you can go to from the gmail. It is not in any circles either, and yet when you click in the Hangouts in the search bar this contact appears as a suggestion. On other places like circles, find co-workers among the mess that Google+ is you can find other emails you have emailed are suggested and not this particular public.talk contact. And yet for Hangouts this is the only suggestion that comes first and it has no option to remove from chat and I can't find what stores it... Holy crap google

Added the contact to a new circle removes it below the chat but now when you go to Contacts > Circles and see the circle, you cannot remove the circle or the chat. It is in the gmail circle not google+ .. After lots of trouble clicking on People > Circles and finding where to click on the newly created circle to 'Edit Circle' found the delete option, the name within the circle is gone from both the Chat below in gmail and the circle, Idk how.

Q: The name is still suggested and pops up as a contact with profile pic when I click 'Search' field in the Hangouts? Where is this name stored to delete it? Y... Read more

More replies

Somehow I got redirected to a site that gave my a virus/malware, even though pop-up blocker was enabled. I knew somthing was up, so I decided to run Spybot, but it wouldn't launch. i rebooted and tried to launch again...no luck. I then uninstalled Spybot, and went to Safer-Networking website to redownload, but the site was blocked. Norton blocked. McAfee blocked. Trend Micro blocked.

To make things stranger, when I search for these using Google, then click on anti-virus websites, I get redirected to something strange...every time.

The only site I could go to was Microsoft One Care, which did a scan of my computer from the MS website, but it found nothing.

Using a different computer, I was able to download Stinger, burn it to a CD, then run it on my computer, but it found nothing.

I then burned another CD with HijackThis, but it wouldn't launch on my computer. When I renamed the file to banklogin.exe, it was able to install.

It seems that I was able to install Malwarebytes' Anti-Malware, but it doesn't seem to launch, no matter how many times I reboot the computer.

Because I can't log into this website from my infected computer, it would be difficult to transfer Hijackthis results to this forum.

My computer (when not running Stinger, HijackThis, or other programs) is utilizing the Ariva AntiVir Personal anti-virus software.

Any help/ideas would be greatly appreciated!

A:Malware Won't Let Anti-Malware Run, and Redirects to Malicious Websites

3 more replies

This is a follow up to my posting in the "Am I infected? What do I do?" section.Thank you extremeboy for answering my plea for help. Below is a paste from the infected computer's HijackThis log file:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:02:33 PM, on 1/8/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:H:\WINDOWS\System32\smss.exeH:\WINDOWS\system32\winlogon.exeH:\WINDOWS\system32\services.exeH:\WINDOWS\system32\lsass.exeH:\WINDOWS\system32\svchost.exeH:\WINDOWS\System32\svchost.exeH:\WINDOWS\system32\svchost.exeH:\WINDOWS\system32\spoolsv.exeH:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeH:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeH:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeH:\WINDOWS\System32\svchost.exeH:\Program Files\Java\jre6\bin\jqs.exeH:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeH:\WINDOWS\system32\nvsvc32.exeH:\WINDOWS\system32\svchost.exeH:\WINDOWS\Explorer.EXEH:\Program Files\Java\jre6\bin\jusched.exeH:\WINDOWS\RTHDCPL.EXEH:\Program Files\QuickTime&... Read more

A:Malware Won't Let Anti-Malware Run, and Redirects to Malicious Websites

Title was: Browser Redirect - wdmaud? ~ OBTried to get help posting hijackthis file last week...no takers, so I started to do a little homework.My browser redirects to bogus websites (most of the time), and redirects to bogus websites when trying to go to anit-malware sites all of the time.Was able to get Avira AntiVir loaded, but doesn't detect the virus. Able to get a HijackThis log. McAfee won't launch, Malwarebytes won't launch, Spybot won't launch, etc.Reading up on the subject of recent browser redirection, there is a lot of people having trouble with the wdmaud file in their Windows/System32 directory. I tried to rename it and reboot, but it just came back. Tried to delete it, and it wouldn't let me. Then I loaded the Gibbon Gipo program, that forces the file to be deleted upon reboot. That works with every file except wdmaud! It keeps reappearing after reboot.This may or may not be the infected file...might be chasing a ghost here, but any help or suggestions would be appreciated.Thanks!

4 more replies

An email address of mine sent out a malware link in an email to everyone on my contact list on January 5th 2010. This email address is NOT one that I use on any forums EVER as it was created and only used for job searches (yahoo account). Because of this I have my suspicion that the problem started with a computer training place I took classes at in the first 2 weeks of Jan 2009 which has my email (yahoo) on their contact list. I had gotten a similar email from them in December. I opened the email but I did NOT click the link in the email. I reported it as spam and moved on. I did however reply (it just occurred to me how stupid this was) as the sender is someone I know and I asked if they are aware they are sending out malware. It never occurred to me that their account might be hijacked. Not until yesterday when my account just sent out an email to everyone on my contact list (just like theirs had). The only way I found out that mine did this was because I have my other email (gmail that I use for forums) account on the contact list and it sent to that. The thing is, I opened it in that account (gmail) and saw it was spam from myself. I logged into my other account (the job search one - Yahoo) and changed the password in it. Is that enough?

What i want to know is, is that enough to stop the problem? Is there anything else I can do? How does this happen? Can just replying to someone on my contact list whose account might have been hijacked be enough for them to be able to ... Read more

A:EMail sent out a malware link to everyone on contact list

Yahoo's help section has a lot of useful information you should look at.Go here >> Yahoo! Mail Help Topics : Spam, Viruses, and Other AbuseIf this continues to be a problem, and you find that you can do without that specific Yahoo account, you should close it. You can always open another one if you need a separate account for job searches.

9 more replies

Bump, does anyone have an idea ?

3 more replies

I am trying to upgrade Windows Vista Home Premium to Windows 10, and I got  message saying the upgrade was cancelled and Winhdows 10 installation could not continue because I first have to uninstall the following programs: Business Contact Manager and Anri-Malware Core.  I have looked under "all programs" and on the C:\ drive (programs), but I cannot find any files with these names. If anyone can help me identify what I'm supposed to uninstall and where the programs are likely to be located, I'd be very appreciative. Thank you.

A:uninstall anti-malware core and business contact manager

1 more replies

Hello,

have just started using Business Contact Manager for Outlook 2007. I have created some business contacts and linked emails with these contacts. The Communication History folder shows all the emails linked to these contacts. However, when I open the contact's business card and click the History button on the Show area of the ribbon to view the associated emails nothing happens.

The button depresses, but the window never changes and the General button immediately goes back to being depressed again instead of History.

Any ideas why this could be? This is one of the major functions that I would like to use!!

More replies

I seem to be unable to delete an unwanted contact from the list of offerings in "To:" section when starting an eMail.  (I have tried others with same result.)
"Help" section says I should highlight the unwanted, then click to "X" on right of name.
I do this, Yahoo Mail responds "Succesful Permanent Deletion", but the contact remains and is offered again in next email attempt.
I use Currently Update Firefox.  I have "deleted history" (Cleared Cache).
Regards,  Frank  22oct15

More replies

Hi everyone I'm new here, my problem is that I have a contact on skype but everytime i try sendin an IM i'm seein this grey circling notification stating that the message haven't went through. I can see when they come on and offline but I can IM or Call. Is this a problem from my account cause i can chat with others just fine. Also someone did a scan on my computer and told me i have some viruses that may cause it to crash soon and that is why the skype problem is happening can this be verified? I really do look for a speedy reply and solution. Thanks

A:I can't contact a person on Skype who is on my contact list and online

You should post in Virus and Malware Removal forum. Follow these instructions before posting located at top of page.

Everyone MUST read this BEFORE posting for help in this forumClick to expand...

1 more replies

I know I've seen this somewhere but - Use It or Lose It! so I've forgotten

I want to remove any saved - Remember Me IDs

I've deleted everything from Tools - delete browsing, etc.

My biggest problem - somehow my ID on ebay was saved, true I still have to enter my PW - but I really don't want my ID here or in a couple of other places.

A:[SOLVED] Remove 'Remember me - IDs' on websites

Go to your desktop and double click on ATF-Cleaner.exe.

Main

Under Main. Click Select All, then click Empty

16 more replies

I purchased a used computer for my grandson. Since I do not know how this computer has been used, is there a basic program that will remove visited websites from the hard drive. I have heard of Eraser, is that a good one for a novice?

thanks
rlight

A:REMOVE WEBSITES VISITED ON HARD DRIVE

Your best option would be to reinstall Windows and start fresh.

6 more replies

Put a couple of websites in my "all apps" using Edge to do it, but can't find anything as to how to now remove them. The sites didn't come up with my signed in page, just the general page one would see if they hadn't subscribed or registered with the site.

A:Can't remove some websites I added to all apps using Edge

Hi:

I don't use Edge, but perhaps this tutorial will help, until someone arrives who does use it:

How to Add or Remove Items in All apps in Windows 10 Start menu
Hope this helps,
MM

1 more replies

I've sync'd my google contacts with the people contacts in 8.1. On initial setup everything transferred ok. To test the link I then added a new contact in google to see if it would sync with the people contacts. So far it hasn't. How often does the people app update with google?

regards,
jj

A:How often does the People Contact sync with google contact

Finding the same problem here, made some changes to Google contacts and still hasn't been captured by the People app days later although it says it syncs each time I've opened it.

To be honest, what I thought would be a very useful app when I first heard about it has become nearly unused by me because of things like this or the inability to add a birthday directly in the app to a contact. Just feels half done and forgotten by MS at this point.

1 more replies

Computer Spec's

Power Supply: 650 Watt NZXT PRC-650 SLI Ready

Processor: Intel Core 2 Duo Processor E6850 (2 X 3.0GHz) / 4MB L2 Cache / 1333 FSB

Motherboard: Asus P5N32-E SLI nForce 680i SLI Chipset w/ 7.1 ssound/ Gb LAN/ S-ATA Raid, USB 2.0, IEEE-1394 Dual PCI-E Mobo

RAM: (4096MB) 1024mb X 4- DDR2-800- PC6400 Memory Modules- Corsair XMS2 XTREME w/ Heat Spreader

Video Card: Nvidia GeForce 8800 GTS 320Mb memory

Hard Drive 1 Hitachi 320GB ( Serial-ATA-ll, 3Gb 7200 RPM, 16Mb Cache) Windows XP Pro SP 2 with all updates to date

Hard Drive 2 ( Same as HD 1 ) Windows Vista Home Premium with all updates to date

Easy BCD BootLoad Manager to toggle between Operating Systems/ Windows XP Pro is my DeFault OS.

Monitors: Dual Widescreen Viewsonic 20" Color Flatscreens

Sound Card: Creative Labs Sound Blaster X-FI Extreme
This Machine was custom built to my spec's by a reputable custom build computer company and I have both my OEM Operating System recovery disks that came with this machine when I

purchased it.

THERE IS ABSOLUTELY NO PIRATED SOFTWARE ON MY MACHINE WHICH INCLUDES BOTH OPERATING SYSTEMS AND ALL ANCILLARY APPLICATIONS!!!!!!!!

_____________________________________________________________________________________________________________________________________________________
Ok Folks!

Here is the gist of my problem.

Win XP Pro is my default operating system and is the OS that I use most of the time on this machine. ... Read more

A:Win Vista OS informs me Vista Not Activated/Product key invalid

Hi, a smilar thing happened to me. All you have to do is contact MS and they will help you through it.

7 more replies

This started two days ago, every time I click on a google link it takes me to a spam site or sometimes to an empty page. I have AVG 2011 anti virus set up however every 30 minutes or so a new threat is detected by them but they are unable to remove it because it is not able to access that file. When I'm browsing the internet random pop ups seem to come up as well.

I do not have access to: Windows Install disc or a Boot CD

AVG describes the virus as being in: c://windows/temp/fnff
c://windows/temp/nsferdata
c:/windows/temp/yrgm/setup.exe
and many more file folders...

AVG has detected a Sheur3.ceps trojan virus

Any help would be appreciated!

I was running the Gmer and it said: Gmer has found system modification caused by ROOTKIT activity.

Here is the dds log:

.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by User at 10:21:32 on 2011-06-16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.37 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe

A:Google redirects to spam websites, Avg can't seem to remove the virus.

Hello and welcome. Please follow these guidelines while we work on your PC:Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I?ve given you the ?All clear.? Absence of symptoms does not mean your machine is clean!
Please do not run any scans or install/uninstall any applications without being directed to do so.
Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Press Start Scan
If Malicious objects are found then ensure Cure is selected. Important - If there is no option to "Cure" it is critical that you select "Skip"
Then click Continue > Reboot now
Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - ComboFix will not run until AVG is uninstalled. This is because AVG falsely detects ComboFix (or its embedded files) as a threat ... Read more

12 more replies

Hello,

I have a PC with Windows XP Professional operating system. I noticed that everytime I try to click onto web links found on Google searches, the website is redirected to ad pages. Furthermore, at random times, I would hear unwanted audio clips playing on the my computer when all programs are closed. In addition, I notice ping.exe error messages pop up occasionally when I'm using the computer. When I go to Task Manager, I see that ping.exe is using up about 40% of my CPU most of the times.

You are infected. Due to forum rules, we cannot help you with virus removal here. Please click on the Link for Virus/Malware Help in my signature and post there for more help.

1 more replies

as per subject - some websites (such as http://omg.yahoo.com/) have huge borders on both left and right corners, wasting screen estate when reading news. is there any chrome extension or app that i can use to auto-detect these empty borders and eliminate them?

A:how to auto-remove huge borders from websites, in Chrome?

Hi -The sites you mention are just designed to look like that. There is no "real" way that you can do much -See the forum box that you are typing in, it is about the same every where unless you get a larger monitor -You can try to expand your screen settings, or just press F11 for the largest standard default screen - Don't forget to press F11 when you go to another site.F11 just removes the browser address line and most Add On Tool bars - Also delete any toolbars that you do not NEED as they take space at the top of screens -Your only other option is to use the Onscreen Magnifier - Start > Programs > Accessories > Accessability and click on the Magnifier option -Hope it helps -

2 more replies

Dear helper,

Am I infected ?? What should I do ?

Window XP, Internet Explorer 6, Sony VGN-SZ18GP laptop bought in 2006.

System crash last night, with rapid lost of hard-disc drive space (from 15 GB down to 100 Mb within 2 hours). Norton security (2006 version) & Internet explorer were busted afterward, was not able to run at all. The build-in system recovery programme was also affected.

Was forced to use back-up system recovery CD to restore the laptop back in its origin shipping state.

However afterward it is still not right. Installed McAfee (from my internet service provider) but the update function is not working - repeatly state that it can now update because I am not connect to the internet, when I'm actually conneted to your website typing this email right this moment. Also internet access to microsoft and all other common antivirus website (Norton, McAfee, AVG, Kaspersky, Avast, etc) are all block. Hence I can't even attempt to find out what happen to my laptop.

What virus have I been infected ? What programme should I use to remove the malware now that I cannot access to any of the antivirus website or microsoft website ?

Thank you

Jason

More replies

When i try to access google.com or dell.com or mail.yahoo.com or some specific web site , browser not responding.( keeps searching ) nothing happens

Very often advt pop's coming up .( not of same advt ).

I tried using - SUPER Anti spyware and PC Spyware doctor - nothing helpful so far.

Did a full system scan with MCAFEE antivirus - nothing so far.

Below is the hijack, can some one help me.
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:11:25 AM, on 5/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe

A:malware - not able to access some websites

updated HIJACK FILE

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:29:31 AM, on 5/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\Rundll32.exe

1 more replies

The websites I click on redirect to other sites. I've used spybot, spyware doctor, malwarebytes and nothing works. I downloaded HijackThis and I think I found the problem. When I checked the boxes to fix them they still didn't go away. Here is the logfile from HijackThis I hope someone can help because this is driving me crazy trying to figure out.Thank You,PJSPJSLogfile of Trend Micro HijackThis v2.0.2Scan saved at 12:59:01 PM, on 6/18/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ehome\ehtray.exeC:\WINDOWS\stsystra.exeC:\Program Files\Common Files\AOL\1238830345\ee\AOLSoftware.exeC:\Program Files\Lexmark 5000 Series\lxdmmon.exeC:\Program Files\Lexmark 5000 Series\lxdmamon.exeC:\Program Files\Real\RealPlayer&... Read more

A:Websites redirecting - malware

2 more replies

Hi I am a first time poster and a first time HighJack This user, so please forgive me if I make any mistakes or any Forum faux pas, it is not intentional, just inexperience. I would be very grateful for any help with a problem I am having getting to certain websites.

Whenever I go onto the Internet it is slow, but it 'sort of' works in that I can get to some sites such as Google and Microsoft, but I can't get to a huge number of other websites including big ones such as eBay. In fact the sites I can't access greatly outnumber the ones that I can.

I have a Dell Dimension 5000 running XP Pro SP3. I run McAfee VirusScan Enterprise 7.1, Windows Defender, Zone Alarm firewall (the free version), MS firewall is disabled. All service packs and updates are kept fully up-to-date, I check every day, but that's not to say that something may have sneaked past my security!

I have a TP-LINK TL-WN350G wireless pci adapter in the PC and a Netgear DG834Gv5 router modem. Both are running the very latest firmware.

The problems exist on both Google Chrome and IE8, so I don't believe that it is browser related, it seems to be more fundamental than that.

Any help humbly received and very much appreciated!

Alan

DDS (Ver_09-12-01.01) - NTFSx86
Run by Alan at 20:45:14.28 on 02/12/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.353.1033.18.3326.2355 [GMT 0:00]

FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

A:Can't Access Some Websites, Don't know if Malware.

Hello and welcome to BleepingComputer If you're still in need of some help, and still have the same symptoms, please do the following.Download RemAdvertisemen and save it to your desktop.Double-click remadvertisemen.exe to start.Click the Start Removal buttonIt will say Done Removal! Please reboot your computer now once finished.Click OK and reboot.Please post a new DDS log for me to look at

3 more replies

browser disconnects from certain websites and gives warning message. site work fine as i checked it from different computer, ran malware antibytes, superanitspyware, avast anti virus, all clean now, but site still disconnects. ran rootkit unhooker and here is the report
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xB9643000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 6283264 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 182.50 )
0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 6189056 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 182.50 )
0xA8E76000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 4083712 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2154496 bytes
0x804D7000 RAW 2154496 bytes
0x804D7000 WMIxWDM 2154496 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB94D5000 C:\WINDOWS\system32\DRIVERS\AGRSM.sys 1167360 bytes (LSI Corporation, SoftModem Device Driver)

A:disconnecting websites/malware

Hi

uTorrent

Above listed ones are P2P file sharing programs. P2P downloads are nowadays one of those things that most likely bring infection into the system. My recommendation is to uninstall these (and other if present) P2P file sharing programs.

A guide and tutorial on using ComboFix

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.

Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

6 more replies

I am being redirected to other websites while using Firefox especially when searching with google and clicking on the link. I haven't found this problem with IE yet.When I looked at the running processes it shows "Obroker.exe" which looks suspicious to me but am not sure whether this could be the cause.
So far have scanned with McAfee,spybot and MBAM but the results are clean.
Attached and as follows are the logs as advised.Youe help would be appreciated.Thank you.
PS: I do have windows install kit

DDS (Ver_10-03-17.01) - NTFSX64
Run by asad at 8:08:20.84 on Thu 04/22/2010
Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_18

============== Running Processes ===============

============== Pseudo HJT Report ===============

uSearch Bar = Preserve
mLocal Page = c:\windows\syswow64\blank.htm
BHO: Virtual Account Numbers Helper: {17424104-1444-4810-85d7-b4da413c5a9a} - c:\program files (x86)\virtual account numbers\CitiVANHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~2\mcafee\msk\mskapbho.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files (x86)\avg\avgls\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files (x86)\spybot - search & destroy\SDHelper.dll

A:Malware:Redirected to other websites

Thank you

2 more replies

Hi, I'm suddenly having a lot of trouble with malware. My computer seemed to be running okay but I ran Malwarebytes as I occasionally do, and it picked up a fair amount of malware on my system. I deleted it and rebooted, but that's when my problems really began. Upon restarting, my internet connection has become almost unusable. It's extremely slow and generally I can't even open a page that I want after trying to refresh several times. Oddly though, google is working perfectly and a few other sites seem to work too, including this one. I've tried running MBAM again and again, each time it picks up more malware and I remove it, then reboot and the cycle renews. I can't seem to get rid of all of it, every time I scan my system there's just more of it. I've tried ComboFix but it doesn't seem to have done anything. One persistent thing seems to be photo_id.exe, I've got a few messages from MBAM saying it can't be removed and I need to reboot. Also, I've noticed that if I'm trying to reach a webpage, although it won't load there seems to be some redirecting, for example I just tried to reach a wikipedia page and it says &quot;The server at topsearchfeed.com is taking too long to respond&quot; For some reason I can't bloody format this properly no matter how hard I try, so here's an attached HJT log:

A:Malware removal attempt led to unusable internet, still can't remove all malware

problem has become more serious, now my mother has told me that the internet on her laptop is also extremely slow and essentially unusable, I'm worried that something from my computer has got on to hers via the wireless network we're both connected to. Somebody please help me

2 more replies

Hi. There is something going on with my computer, can't get on internet and many pop up messages, and I have tried to run MBAm. When I click on "Remove Selected" it starts doing the removal but then a box pops up with "Malwarebytes Anti-Malware has encountered a problem and needs to close." There are three boxes to choose to click on...Debug, Send Error Report, or Don't Send. When I click on Debug I get a new pop up box with "DrWatson Postmortem Debugger has encountered a problem and needs to close". Same three boxes to choose to click. I click on Debug and then get a pop up box with "Microsoft Visual C++ Runtime Library. Runtime error. Program:C:\Windows\System32\svchost.exe.

I have multiple pop up boxes coming up when I just log on:

dsca.exe-Application error

27578134.exe has encountered a problem

Sysfader:IEXPLORE.EXE-application error. Instruction at "0x03a0bdd9" referenced memory at "0x03a0bdd9". The memory could not be written. When I click "OK" to terminate this it came up with multiple other boxes with different numbers...0x0403bdd9,0x03eabdd9,0x0455bdd9,0x053abdd9.

ctfmom.exe Application error

Data Execution Prevention-Microsoft Windows...to help protect your computer Windows has closed this program: Internet Explorer.

I am unable to get on the internet from my computer and am currently using my husbands laptop to post.

A:Malwarebytes Anti-Malware unable to remove selected malware

I would try logging in to safemode with networking and then run the scanfrom there. To log in to safemode gently tap the F8 key as the computer reboots and then select safemode with networking from the list. If you are able to run the scan in safemode then there's probably some infection that was preventing it from runnig in the regular Windows mode. If not then there may be a problem with the Malwarebytes. I have had a similar problem and I had to un-install it and then re-install it. I emailed their tech support and was told it was possibly a conflict between it and AVG free though I'd never had that problem before... EVER.

I suspected it was something buggy with the update that had come through.

4 more replies

Gud day to everyone,

My computer having some malware activity, i have used adware 2008, spyware removal tool, norton anti-virus and other removal tool, but still those malware cannot be deleted.. My Computer icon could not display its properties, instead it appears like a file when you see its properties. It also disabled TCP/IP that why until now i cannot connect to the internet.. I don't have WindowsXP SP2 cd for repair..

A:Urgent! My XP SP2 have malware activity!.. cannot remove using malware removal tool

Hello frozenfire03, Welcome to TSF!

I recommend that you read this article… "Having problems with spyware and pop-ups? - First Steps"; follow the instructions very carefully; then, post all the requested logs and information; as instructed, in the HiJackThis Log Help Forum.
(Simply, click on the coloured links to be re-directed.)

Please ensure that you create a new thread in the HiJackThis Log Help Forum; not back here in this one.

When carrying out The 5 Steps, if you cannot complete any of them for whatever reason, just continue on with the next one until they are all completed.
However,it is extremely important to make mention of the fact that you could not complete any of the steps in your post to The HJT Help Forum; where an Analyst will assist you with other workarounds.

Once done, please be patient, as the Security Team Analysts are usually very busy; one of them will answer your request as soon as they can.

Good Luck with it.

Kind Regards,

7 more replies

For some reason, I can't browse some websites.
Namely:
www.xfire.com
www.yahoo.com
I'm using Firefox but also tried google and IE.

Tried the flushdns command but I still can't browse it. I also tried to scan for malware using malwarebyte and avast(boot-time scan) however, Malwarebyte detected nothing but Avast detected 4.

Anyway, here is my DDS. Thanks in advance.

DDS (Ver_09-11-24.02) - NTFSx86
Run by Daimler at 11:01:28.43 on Fri 11/27/2009
Internet Explorer: 8.0.6001.18828 BrowserJavaVersion: 1.6.0_15
Microsoft? Windows Vista? Ultimate 6.0.6002.2.1252.1.1033.18.2558.1764 [GMT 8:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\Dwm.exe

A:Can't browse some websites (malware infection?)

Bump. I still can't browse some websites. Anyone please?

1 more replies

A:Cannot access any anti-malware websites....

Hello

Apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.

Thanks and again sorry for the delay.

Before we can continue, please post a fresh HijackThis log back here

10 more replies

Greetings! I have recently been infected with some sort of malware. It is preventing me from visiting several websites I used to visit often. A few examples:Google, Yahoo search engine, Gmail, Hotmail, Facebook... Just to name a few. When I try to visit any of these sites I receive a browser message "Unable To Connect". I use Firefox.

I run Windows 7 64 bit.
_____________________________________________________________
.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Tyrantius at 21:05:02 on 2011-08-22
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4030.2591 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common File... Read more

A:Malware Preventing Me From Opening Many Websites

Hello, Welcome to TSF.
I'm nasdaq and will be helping you.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programs, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.
===

If you did not modify your HOSTS file it has been compromised.

Quote:

Hosts: 209.172.56.118 search.yahoo.com
Hosts: 209.172.56.118 Bing

Go to: HostsXpert v4.4
Unzip the program and execute it.
Select
"Restore MS Hosts File".
Close the application.

Restart the computer normally.
===

When the hosts file has been restored.

7 more replies

Hi, I'm at the end of my rope with this problem, hopefully you can help.

3 days ago I suddenly couldn't access websites that I often frequent. I would click the link and it would begin to load but nothing loads. At the bottom of the screen it just constantly display "waiting for (website)...". Also I can acess google.com but the moment I do a search it also brings up "waiting for google.com".
The weird thing is I can acess other websites that I use less often such as AT&T and wellsfargo. I'm on a network and all the other computers work fine.
Within the last two days I've been seeing spyware ads for privacyconductor.com and antispywaremaster.com, antispywaredeluxe as well as antispywaresuite.

As a result Ive ran norton Internet security which removed trojan.horse and adware.purity scan but did not fix the issue
from there I googled ( on my phone) and saw posts about antispywaremaster and got spyhunter and scaned, only found wild tangent. No fix

I then ran adaware and found 365 spyware entires most of which were tracking cookies but it also found vitrumonde, which I used adaware to remove-no fix

I've since ran smitfeaud and vundofix the latter of which said it found two entries, no fix yet, I'm at the end of my sanity rope, please advise me

Hi,It looks like you have some rogue antispyware programs on board.PrivacyConductor is a rogue privacy program that displays exaggerated warnings and labels legitimate programs as privacy risks. This type of rogue is aggressively advertised through misleading doorway web pages that emulate a program scanning your computer. These fake scans show that your computer has privacy issues even though there is no possible way that the web site could know this. Once PrivacyConductor is installed it will scan your computer and list exaggerated results that require you to purchase a license in order to fix them. http://www.bleepingcomputer.com/malware-re...rivacyconductorWhilst you wait further help from the malware experts check this article from the site: How to remove PrivacyConductor (Removal Instructions)

2 more replies

Hello - I could use some help getting my computer's Internet Explorer and CD drive working again.

The problem started a few days ago after I did a web search for pdf maps of Las Vegas. The first thing I noticed was that my CD drive would no longer read data CDs. When I looked at My Computer (Windows XP), it did not list the CD drive (D:\), but instead listed an E:\ which did not exist. I verified this by disconnecting all of my external connections. When I tried to read a CD, it would spin, but my computer would not read it or register a CD drive.

Later, Internet Explorer would activate a new window that would try to connect to websites related to "famoussearchsystems.com" and "coolsearch.com". My security software, Trend Micro, would block most of them, but some opened to innocent looking search sites. This continued several times per hour, but the number of websites it would open decreased over time. After this started to occur, I did a full scan of my computer with Trend Micro Internet Security which found nothing suspicious. After contacting their help desk, I downloaded their RootkitBuster which identified a series of hooked services such as "ZwCreateKey; hooked by" and "ZwWriteVirtualMemory; hooked by" (All of these are at the top of the GMER list under "Value" which I am currently running.). Soon after I ran this program, I was no longer able to access the internet by Internet Explorer or Mozilla F... Read more

A:Malware - famoussearchsystems.com & coolsearch websites

Attached is the ark.txt file created by GMER.

Let me know if there is any other information you need to help diagnose and fix this problem.

Thanks.

28 more replies

For the past month I have been attempting to remove a virus that is blocking my access to Microsoft.com, Anti-Virus websites and some others. I have used numerous removal tools to no avail.

Below is my HiJack-This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:47:10, on 24/08/2009
Platform: Unknown Windows (WinNT 6.01.3004)
MSIE: Internet Explorer v8.00 (8.00.7100.0000)
Boot mode: Normal

Running processes:
C:\Windows\System32\rundll32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\System32\dinotify.exe

A:Malware Blocking Microsoft.com And AV Websites

Bump, anyone able to help?

3 more replies

On Windows 7. Most malware-removal-related sites are blocked, this one included, along with various news sites, Facebook, Amazon and others (some come and go, some only partly load, some are blocked completely and permanently, as if the server were down).
This started when a rogue Flash plug-in installed an executable in C:\ProgramData (bin2dbex).
Any help would be appreciated. I ran RKill and Rootkit Remover (McAfee) and nothing came up.
Cheers,
Andy
Edit: oh, it also hides all hidden and system files every time I turn my laptop on.
Edit again: hosts file is clean.

6 more replies

Recently I found that a few websites like: irctc.co.in, onlinesbi.com, statebankofindia.com are not opening in my browser. I have checked using Firefox, Internet Explorer, Google Chrome. In Internet Explorer I get the message "The page cannot be displayed". In Google Chrome, I found the message "Oops! Google Chrome could not find www.irctc.co.in". I formatted my system once, installed antivirus and tried accessing the above sites. It worked. Then I tried accessing my backed up files (scanned before trying to access). Could not find any virus, but since then I am not able to open those sites again.

I am using quick-heal antivirus. I tried start-up scan, full system scan, malware scan. Could not find a single virus/malware.
Then I tried to open the files using a Proxy site like hidemyass.com. It worked. Hence I feel there is some virus/malware in the system. Please help me to access those sites since those are the essential websites. Thanks in advance.

More replies

Tries running Malware bytes, HJThis and nothing... Any help would be good.

-Thanks
Panama

A:Malware redirecting websites from google help.

Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

2 more replies

A:Rootkit/malware redirecting me other websites

18 more replies

http://threatpost.com/en_us/blogs/report-more-1-million-web-sites-serving-malware-q2-091510

A:1 Million websites serving Malware

Wow

1 more replies

Following on from a thread in "Am I infected? What do I do?" (can't post the URL as I'm browsing through a proxy - this website is one of the ones that's blocked - so hopefully you can find it in my recent posts).
As I wrote there:
On Windows 7. Most malware-removal-related sites are blocked, this one included, along with various news sites, Facebook, Amazon and others (some come and go, some only partly load, some are blocked completely and permanently, as if the server were down).
This started when a rogue Flash plug-in installed an executable in C:\ProgramData (bin2dbex).
Any help would be appreciated. I ran RKill and Rootkit Remover (McAfee) and nothing came up.
Cheers,
Andy
Edit: oh, it also hides all hidden and system files every time I turn my laptop on.
Edit again: hosts file is clean.
FRST.txt:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by Andy (administrator) on ANDY-LAPTOP on 21-06-2015 00:23:42
Running from C:\Users\Andy\Desktop
Loaded Profiles: Andy (Available Profiles: Andy)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser path: "C:\Program Files (x86)\Opera\Opera.exe" "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process wi... Read more

14 more replies

Hi,Here is the problem description:1. Was unable to access most of the websites through IE and Firefox. Though lot of the Indian websites worked (I am based in India). For example, I could reach http://www.google.co.in but firing any search did not work. Similarly some other sites also were accessible.2. The problem was not seen in Netscape.3. There were sudden pop-ups in IE warning of virus and then leading to some arbitrary sites.Machine Configuration: Windows XP, SP2. IE 7.0. Current Situation:Following few messages in the forums here, I installed Combofix, Hijackthis and Windows Restore Console. Ran the Combofix and it seems to have resolved the problem. The message suggested to still get the logs scanned by an expert and hence I create this message here. The Hijackthis log is attached and can later attach Combofix log if requested.Thanks for the help

A:Malware On Machine. Most Websites Inaccessible

Hello Nick1000Welcome to BleepingComputer ========================If you are still in need of assistance please post a new Hijackthis log.

1 more replies

Logfile of HijackThis v1.99.1Scan saved at 7:34:31 AM, on 6/29/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\CTSVCCDA.EXEC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Dantz\Retrospect Express HD\retrorun.exeC:\WINDOWS\system32\slserv.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\WINDOWS\system32\rundll32.exeC:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exeC:\Program Files\Common Files ... Read more

A:Sandbomb: Malware Causes Pop Up Force Going To Websites

Hi,

Then I'll take a look.

35 more replies

Could someone please take a look at mt HijackThis log file?Thanks.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:44:09 PM, on 27/03/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\program files\bmccm\tuner\Tuner.exeC:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\Program Files\Common Files\DHI\MikeZero\LicSvcLoc.exeC:\Program Files\McAfee\Common Framework\FrameworkService.exeC:\Program Files\Network Associates\VirusScan\Mcshield.exeC:\Program Files\Network Associates\VirusScan\VsTskMgr.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exeC:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsr... Read more

2 more replies

Hi! I accidentally installed an unknown .exe file few days back which didn't seem suspicious though I think it infected my computer with malware that has hijacked my Chrome. I looked for it in the Control Panel and uninstalled anything that seemed suspicious. I even downloaded and installed various malware removal tools, include Malwarebytes and IObit malware fighter. But none of these were able to get rid of it completely as after a few days my homepage changed again.
What keeps on happening is that new malware keeps on showing up. In the beginning my homepage got changed to "indiatimes.xyz". I looked up online and uninstalled the unknown software from Control Panel and also reset my Chrome settings. After a few days, it came back in the form of Snap.Do and then again I tried to remove it and it went away. But now it's back and again my homepage has changed. BUT this time I keep on getting ads from "Safe Finder" . After trying again for a malware search and restarting my computer it seems to have gone away but I don't think that the problem is gone.
Also, it also seemed to have taken over my ESET NOD32 and forced it to block websites that were safe. Among the websites that my ESET was blocking was the official ESET website, so I got rid of ESET as well.
I don't know what to do. I've tried a lot but nothing seems to help. Please I need help!! Please respond as soon as possible.
Thank you so much.
My operating system is Windows 10.

UPDATE : It is back.... Read more

A:Help! Unable to remove malware and new malware showing up daily!!

1 more replies

Hello. I am working on a friends machine that seems to have a nasty infection. This machine is a dedicated server running Windows Server 2003 Web. Everything I am doing to it is via remote desktop which is making it a little more of a challenge. Web browsing on the server was incredibly slow when he asked me to take a look at it. I figured he was infected with something so I was going to try and install a few things on it and run a few scans, only to find that all of the sites that I found to use are blocked or disable by whatever is infecting the server. Any attempt to access an anti-virus or anti-malware website results in a message stating server cannot be found. Any other website can be accessed though.

There is an FTP server running on this machine, so I do have that availability to FTP to the server to get any file or program to it that I need to. Please just let me know what you need from me and I will get it up here as soon as I can. I am a fairly experienced user and can grasp things pretty easily. Thanks for your time, I greatly appreciate it.

Jamie

A:Malware Blocking all Anti-Malware/Anti Virus websites

If it doesn't block you from softpedia or download.com, the get the anti virus software from their sites instead. Hopefully it won't block them. When they are downloaded, rename the file names.

2 more replies

I have experiencing an issue with google redirect to multiple websites.
14:42:11.0422 5668 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
14:42:11.0788 5668 ============================================================
14:42:11.0788 5668 Current date / time: 2012/07/21 14:42:11.0788
14:42:11.0788 5668 SystemInfo:
14:42:11.0788 5668
14:42:11.0788 5668 OS Version: 6.1.7601 ServicePack: 1.0
14:42:11.0788 5668 Product type: Workstation
14:42:11.0788 5668 ComputerName: NEILnoname-PC
14:42:11.0788 5668 Windows directory: C:\windows
14:42:11.0788 5668 System windows directory: C:\windows
14:42:11.0788 5668 Running under WOW64
14:42:11.0788 5668 Processor architecture: Intel x64
14:42:11.0788 5668 Number of processors: 2
14:42:11.0788 5668 Page size: 0x1000
14:42:11.0788 5668 Boot type: Normal boot
14:42:11.0788 5668 ============================================================
14:42:12.0177 5668 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:42:12.0185 5668 ============================================================
14:42:12.0185 5668 \Device\Harddisk0\DR0:
14:42:12.0185 5668 MBR partitions:
14:42:12.0185 5668 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000

A:google redirect malware to multiple websites

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:25:46 PM, on 6/3/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://blekkosearch.mystart.com/blekkotb_soc/?source=a545ea26&toolbarid=blekkotb_soc&u=9B5FD1D9EFBD709AA6EF214FCBFFB4E4&tbp=homepage&v=2_0
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
O2 - BHO: CrossriderApp0003491 - {11111111-1111-1111-1111-110011341191} - C:\Program Files (x86)\Vid-Saver&... Read more

11 more replies

I first noticed my issue because youtube videos were displaying the "an error has occurred" screen. Then i noticed a range of flash functions werent working. I was going to update my flash but I cannot access the adobe flash site. I tried on IE same story. I cleared my cache and reset my router, I tried a bunch of stuff even tried a point restore. I also couldn't access the microsoft support website and several others so I tried pinging them and came up with the following:

C:\Users\Ben>ping windows.microsoft.com

Pinging origin.windows.microsoft.com.akadns.net [207.46.113.50] with 32 bytes of
data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 207.46.113.50:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

Pinging get.wip4.adobe.com [192.150.16.58] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 192.150.16.58:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\Users\Ben>

A:Can't access certain websites, problems with flash. malware?

Hi and welcome to SevenForums,

Use Clean boot,
http://www.sevenforums.com/tutorials/179159-troubleshoot-application-conflicts-performing-clean-startup.html
Click Start and type in the search box,
msconfig
Click on the suggestion on top or hit the Enter key,
Go to the Startup section and take some screen shots for a complete list,
Go to the Services section and on the bottom left Check the box to Hide All Microsoft services,
Repeat the screen shots,
See the links above my signature on how to take and upload screen shots here,

Shut down your machine, Unplug-Hold the power button down for 30/45 seconds (Power Drain)
Power up and Tap the F8 key continuously until you see a black page with white text,
Use the down arrow key to toggle to safe mode with networking/ hit the enter key.
http://www.sevenforums.com/tutorials/69585-safe-mode.html

Review Jacee’s instructions to run Adwcleaner here post #7,
Ignore the title of the thread,
Instant Savings App
You can use these free tools to see if they find anything,
Manually Update them before running full scans,
Try not to use your computer while the scans are running, (one at a time of course).

1 more replies

Hi

I have had a virus or spyware that is affecting my system

Whenever i try and log into Capital One I am being redirected to a bogus site

I've tried SB SD, Malware Bytes, Spydoctore and none can remove it

HJT Log posted
I can see that there is someting wrong but do not know what to remove

Using Windows XP service pack 3

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:41:18, on 16/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe

A:Malware Problem - Accessing Banking websites

16 more replies

Started with redirects. Then I ran Hitman and it found a random, 7-letter exe file in system32. However, once it is removed, a new one replaces it seconds later. Now websites start putting up a phishing form that you have to fill out to access the sites that asks for credit card number, social security number, name, address, etc. I can't use these sites until I get rid of this thing. I downloaded Microsoft Security Essentials and ran that and it immediately placed the file in "Excluded files and locations." When I removed it, it got flagged as a Trojan, but then a new file just immediately replaced it in the folder, and the "Excluded files and locations." Have no idea what else I can do to get rid of this thing, but am desperate to do so as soon as possible so I can use my banking sites again.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 10.5.1
Run by Jonathan at 13:52:33 on 2012-09-13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.1505 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService

A:Redirects, Websites Phishing, Respawning Malware

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

35 more replies

Either got from a subtitles website with green web of trust, or I just accidentally clicked the wrong thing on some random cooking site. I get bizarre fake websites and install this and that on web pages.
ran malawarebytes . it found 2, then 5 then 30 plus in heuristics . 50 or so total. quarantined all. will provide that log also. malawarebytes reads clear now and so does ms security.
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/18/2015
Scan Time: 3:59:29 PM
Logfile:

Version: 2.00.4.1028
Malware Database: v2015.02.18.08
Rootkit Database: v2015.02.03.01
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Gerald

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 343605
Time Elapsed: 6 min, 18 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
PUP.Optional.MultiPlug.A, C:\ProgramData\{e772cbb8-3d1e-a306-e772-2cbb83d12ee0}\interstellar-eng-6028896.exe, 3868, Delete-on-Reboot, [d24058c2ed9df93d96a626fe986a13ed]

Modules: 0
(No malicious items detected)

Registry Keys: 33
PUP.Optional.Booster.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{891e9dd5}, Quarantined, [868cf228b0da1d190b8c29905da69070],

A:Malware, fake websites for Google searches etc

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==============================

Close all the running programs
Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
Otherwise just double-click on RogueKiller.exe
Pre-scan will start. Let it finish.
Click on SCAN button.
Wait until the Status box shows Scan Finished
Click on Delete.
Wait until the Status box shows Deleting Finished.

15 more replies

I have a virus that redirects me after any search I do in Yahoo or Google. I also sometimes get re-directed on regular websites, but not as much as the search engines. I'm connected to my internet through a wireless router. Sometimes I'll connect to my brother's connection, who lives next door, and I won't get directed at all like I do when I'm connected to my connection. I have used AVG, spybot, and microsoft security essentials and nothing comes up on their scans. I just did a scan with Hijack This and this is the log.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:47:38 PM, on 11/1/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Suppor... Read more

A:Virus/Malware redirecting me to unwanted websites

2 more replies

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.17.2
Run by Drounds at 18:40:36 on 2013-03-17
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3241.2253 [GMT -5:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\system32\vcsFPService.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IDT\WDM\stacsv.exe
C:\Program Files\McAfee\Endpoint Encryption for PC\SbClientManager.exe

A:Unknown malware impacting certain financial websites

40 more replies

As you will see from the log, running 64 bit so no GMER.

Most of the quarantine items and messages I get from AVG indicate problems in the SYSWOW64 directory.

I also cannot turn on Windows Firewall. Access is being blocked somehow.

DTLite was running during the scan but has been disabled since. If you need me to rerun the scan with DTLite disabled just let me know.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Dube at 0:00:55 on 2011-10-11
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.1094 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs

A:Unknown Virus/Malware redirecting websites

14 more replies

When opening firefox every website the connection is untrusted when I try to get a certification it says that  Sendori is not a trusted certification.

A:Sendori malware websites are considered untrusted

10 more replies

my computer gives me popup saying my computer is infected or in danger and wont let me browse certain websites to download avg or another antivirus

More replies

This PC I fixed for a friend was loaded with malware, adware, browser hijackers. you name it and he had it on there... should I assume that maybe his passwords for websites could have been compromised and that he should change them just in case? especially for sites like his bank, or paypal?

I removed the malware (all of it, I think) using various programs, and I did not format the drive or reinstall windows.

thoughts?

thanks for the help.

A:should passwords be changed on websites after malware is found on a pc

Hi

if it was me I would change the passwords from another computer for the web sites.

2 more replies

Hello all,This is my first technical post so hoping that I don't do anything wrong and that some kind individual will be able to help me. My computer is running very slowly and everytime I enter a URL it brings up a different result and when I enter a search topic in Google, a lot of weird results come up which I am nearly sure are dodgy websites, below is the log file. If I am doing anything wrong etc or not posting the log right please let me know.Hoping someone can help,Thanks in advanceaLogfile of Trend Micro HijackThis v2.0.2Scan saved at 12:52:33, on 05/02/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Alwil Software\Avast5\AvastSvc.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Kontiki\KService.exeC:\WINDOWS\system32\o2flash... Read more

A:Unknown Malware, weird websites coming up, pls help!

9 more replies

A:Malware problem... redirecting when using search websites

10 more replies

Hi I have one of those viruses that always opens an advertisement up when I open up a new firefox window. Also when i browse websites or look up stuff on google when i click the link it redirects me (google-redirect.com) to some other website. I use superantivirus and it finds malware and deletes them when I reboot the computer but once I use firefox again, the advertisement still shows up and when i scan again using superantivirus it finds more viruses/malwares. I've read other threads with the same issues but I don't want to follow the exact procedure that others have been told to do so I'm following the NEW Instructions for posting for malware removal help.

Thank you very much for your help.

DDS (Ver_09-05-14.01) - NTFSx86
Run by Daniel01 at 19:13:42.20 on 28/05/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1370 [GMT -6:00]

AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Outdated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Security Suite Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe

A:Mozilla Virus/Malware redirects to other websites

Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please be patient with me during this time.

Mark

13 more replies

I have some infection that keeps redirecting my web pages and pop ups constantly on every site I visit. I have done as instructed and now pasting the log files. Thanks for any help I can get!

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16521  BrowserJavaVersion: 10.51.2
Run by Home at 9:23:27 on 2014-04-12
#Option Extended Search is enabled.
#Option Whitelisting is disabled.
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.3992.1471 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

A:Malware/Virus redirecting me to websites. Log files attached.

15 more replies

Recently my computer caught some type of malware. I cannot use the internet most of the time, occasionally pop ups will appear, and I cannot seem to delete some of the files that may be causing this. I have McAfee and AdAware but they are not taking care of the problem. Here is my Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:55:56 PM, on 7/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe... Read more

A:Cannot access some websites, pop ups, malware files detected every startup

Also, here is my panda log (I was only just able to access the site)

18 more replies

I'm sure I have picked up a nasty, invasive bit of malware. I can't change my background/wallpaper which has been changed to an obnoxious "your system is infected" message, I can't access certain websites like twitter, I was blocked from running task manager until i figured away around it and my computer is running incredibly slow. When I try to run Winzip, I get this message: "Cannot start WinZip! E-mail library WZSMTP.DLL could not be started" I think it's because of the malware. I searched for wzsmtp.dll through google and got a bunch of what I think are phony results.

So, yeah, I've got problems. here is my hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:14:43 PM, on 1/15/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe

More replies

I've got a Windows domain with multiple workstations on it. On all workstations connected to the domain, when browsing to certain sites, the site loads correctly, and then is redirected to a generic search site that appears to host malware. The behavior is the same with Internet Explorer and Firefox. On a laptop connected to the domain, I removed it from the domain, and connected to the internet using wifi tethering on my smart phone. When I did that, the sites loaded correctly. I also changed the DNS server on one of the workstations to Google's, and that did nothing to help the problem.

These are the sites that are currently loading wrong, and what they redirect to:

hxxp://www.priorityclub.com redirects to hxxp://pagesinxt.com/?dn=cls.ichotelsgroup.com&fp=zWyT5wBXmcQWHfrEcI%2BDjfoC%2Bbkh3eyA9Qi2zHSCZq0j7oBQqdeA0OdNUsWnq91NuDpOPFa85ikXkDhFw0Aaug%3D%3D&prvtof=LxmEj0vXdAyJDuApoWkDkatCeePeNVz6fsrpN5ondYQBvGCEW8Un1vjVCQjP1hvascWJGrYjCShGweVmfs0SVg%3D%3D&poru=8qtpZ9370vX7els2ZD47ni6AjG17gaNbWTMtX9sncaAweVQsO%2BDDkwwJcCtcTeXqdKyUSl8byJsVNI7RuWoAMZ9GHP4WmMJ... Read more

A:All computers on domain, certain websites being redirected to malware sites

7 more replies

This is not happening to my PC. I have posted here before and have been helped (Thanks guys!), so I'll try again.

My fathers PC is getting hit hard by malware; like Spyware 2009 continual pop-ups, google redirect problems, and other things.

When I used his PC to download Anti-Malwarebytes and Combo-Fix, I could not access the websites. Google was doing it's redirect problems BIG-TIME. I typed the url address directly into the searchbar, and IE stated that that website could not be accessed. This also happened when I tried to access THIS FORUM. I can navigate to anything in his bookmark folder, and I can type in other urls, like Amazon, ESPN, New-Egg, and other benign sites. But everytime I try to access some anti bad-program site, I get shut down. I have tried to access by directly typing in the URLs of:
Antimalwarebytes
Kaspersky
Combo-Fix
Anti-Spyware (the real program)
Panda Scan
HiJackThis

So... Short-cut! I load the install files for Anti-Malware, HiJackThis, and Combo-Fix onto a USB and boot that into the PC. Guess what...

They won't install. Their operations are attempting to run when I look at Windows Task Manager, but nothing happens. Task Manager is just full of BS programs too.

So... what can I do? I can't use that PC to access anything helpful, nor can I load up the forum required programs to it.

Is this even possible? I'm stumped.

Also, I respect your technical expertise highly, and would like to comply wi... Read more

Hello, Karnell -

This is a different machine than the one you're being helped on here?

http://www.techsupportforum.com/f50/...am-332211.html

Please note that while you were instructed to use ComboFix on that machine, each situation is different, and ComboFix should not be run unless instructed to by a trained helper. Please delete whatever versions you have.

DDS should run....did it not?

Disable any script blocker, and then double click dds to run the tool.When done, DDS will open two (2) logs: DDS.txt
Attach.txt

Save both reports to your desktop.
-----------------------------------------------------

Attach the Attach.txt to your post by clicking the Manage Attachments button under Additonal Options>Attach Files on the composition page. Browse to where you saved the file, and click Upload.

Open notepad and copy/paste the text in the quotebox below into it:

Quote:

@echo off
copy /y gmer.exe omer.exe
start omer

Save this as run.bat Choose to "Save type as - All Files" next to gmer.exe
It should look like this:
Double click on run.bat & allow i... Read more

2 more replies

I'm sure I have picked up a nasty, invasive bit of malware. I can't change my background/wallpaper which has been changed to an obnoxious "your system is infected" message, I can't access certain websites like twitter, I was blocked from running task manager until i figured away around it and my computer is running incredibly slow.

So, yeah, I've got problems. Thanks for any help that can be provided. I truly appreciate a forum like this.

Here is my DDS log. I will attached zipped attach and ark. I have a Microsoft Windows XP Home Edition Service Pack 2 Reinstallation CD if that will eventually help.

DDS (Ver_09-12-01.01) - NTFSx86
Run by Caitlin Feltes at 21:40:35.26 on Fri 01/15/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.195 [GMT -8:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\rundll32.exe

A:Malware affecting computer background, blocking websites and more...

Hi,

Download Combofix from either of the links below. You must rename it to combo.exe before saving it.
Save it to your desktop. Change the save as file type to "all files"

**Note: In the event you already have Combofix, delete it, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
Set to "Always ask me where to Save the files".