Jump to content

Search the Community

Showing results for tags 'pop-ups'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 14 results

  1. More than once a day I get a pop-up from Malwarebytes urging me to get the premium version, but I'm satisfied with the free version. All those pop-ups are very annoying. Can you stop them? Please! Don Hooser
  2. I run a computer repair shop here in Central Florida and we are also an affiliate with CleverBridge to push Malwarebytes to our customers on a regular basis, because it is an excellent product and we stand by it 100%. The only thing that's a bugger are the non-stop notifications that pop up for those that use the free version. With previous editions of Malwarebytes it was never, ever this bad. I understand you want people to purchase your product, but please take my advice on this one — these "UPGRADE NOW" notifications just annoy people and make them want to uninstall it. This practice isn't anything new, especially with anti-malware software, I get that. Even if you could just reduce the notifications to purchase the premium version to just once within the 14 days would be an improvement, not every single time they turn on their computer. We explain to every customer that after the 14 days they'll need to manually run scans periodically to ensure they're free from malware — and majority are ok with that — the pop-ups are what they can't deal with. Just some friendly advice, and I hope you take it into serious consideration. Cheers!
  3. My Mac is up to date with High Sierra and Firefox Quantum. Since the installation of Quantum I've had a flurry of problems. For some of those, I was advised to download MWB in case some had resulted from malware. I know exactly how rare those are on a Mac anyway, but was told it wouldn't hurt. The recommendation specifically mentioned adwcleaner, which I can't find for Mac - only an .exe file for Windows. So I opted fro MWB for Mac. I've installed it twice now, and - there's no MWB. That's to say, I complete all the installation steps, and I get the confirmation that it's been installed. I look for MWB anywhere on the computer, and it's just not there. Spotlight can't find it; I've done manual searches; nothing. It doesn't exist. All that's left is the installer package. I did download MWB free once in the past, but that's nowhere to be found either. And I'm not getting any messages that - for example - I can only download it once. Questions: Where might MWB be lurking, and if it's truly not on the machine - what's happening with the false installation? Is adwcleaner part of the total Mac MWB package? If I do successfully install this, will it kill the floating/sticky video windows that follow me down the page on news sites? That was the original question that led to the advice (and you can see why I doubted this was the solution). Thanks for any help you can offer.
  4. Today I noticed some aggressive pop up ads on my PC, mostly on google results, once they displayed all over your forum. I have attached an image with them pictures. The right is the pop out, the left is the ad that displays above or below sponsored ads and other places. This is in the Google Chrome browser. I ran Malwarebytes and Super Anti Spiware and they did not find anything. I run them both regularly. Can you help me? I leave town tomorrow at around noon until Sunday, just so you know if I do not reply during that time. Thank you.
  5. I have ccleaner and avast, my avast scans for virus once per week so far I'm good in that end and from time to time I run ccleaner. A few weeks ago I ran into what I found to be a malware browser hijacker, 2 of them to be exact, I use chrome and have add-block on it, my avast tells me what sites are safe and what sites are not when I search for something in google, and one day it redirected me to another page once I searched for something and also when I click somewhere in a "safe" page it opened a random link, some of those "safe" pages are youtube, facebook, yahoo, twitter, google, and so on it always opened a random link when I clicked anywhere on that page being a link, or an image or in youtube when I click to watch a video it also opened and random add page. I remember one of the malware I had was querryrouter, anyways I search online for some way to fix it and found a solution, with 3 steps: First use Zemana AntiMalware Portable to remove browser redirects. Second Scan and clean my computer with Malwarebytes Lastly Double-check for malicious programs with HitmanPro I did that and it actually worked didn't get any redirects nor random link pop-ups. Today I find myself with the 'Nova.rambler.ru' is also a browser hijacker and I did all the steps I mentioned and it actually found some issues and it clean them or so I thought but still persists, what I found it does is that when I search anything in google is redirects and shows me my results in the rambler page, also it opens adds when I click anywhere in any page and when I click to enter a page or a link in a page it open the link I clicked in another tab and redirects the current page to a random add. I tried to search for recently installed items or something in my extensions,and even in my files but nothing, I ever tried to see in my registy and tried the Kaspersky TDSSkiller but still nothing, I have also tried other methods I found to pinpoint this malware but nothing so that is why I decided to ask for help since here I will find people that have dealt with this same problem or have experience with these kind of issues.
  6. So as many users know, today for a few hours Malwarebytes was throwing up several pop-ups about 'gstatic.com'. They say it has been fixed as in no pop-ups anymore. But what was it blocking? Some people have said it is a Google domain for serving static content like images etc. Yet some pages state it is a piece of malware that can redirect browser entries and create malicious pop-up ads. So I just wanted to know were the pop-ups about blocking the Google domain or blocking a legitimate piece of malware? Thanks
  7. Hi all, I have something that is creating pop-ups, randomly through out the day, opens chrome and directs to a money making scam site or the like. Malwarebytes blocks it, and gives the following log. I can't figure out how to stop it, remove it, etc. Any help appreciated. Thanks. Malwarebytes Anti-Malware www.malwarebytes.org Detection, 2/12/2016 1:16 AM, SYSTEM, KONSEPT-LAPTOPM, Protection, Malicious Website Protection, Domain, 185.17.184.11, beautyfile.info, 61990, Outbound, C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, Detection, 2/12/2016 1:16 AM, SYSTEM, KONSEPT-LAPTOPM, Protection, Malicious Website Protection, Domain, 185.17.184.11, beautyfile.info, 61990, Outbound, C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, Scan, 2/12/2016 2:36 AM, SYSTEM, KONSEPT-LAPTOPM, Context, Start:2/12/2016 2:17 AM, Duration:19 min 31 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, Update, 2/12/2016 6:25 AM, SYSTEM, KONSEPT-LAPTOPM, Scheduler, Malware Database, 2016.2.12.1, 2016.2.12.2, Protection, 2/12/2016 6:25 AM, SYSTEM, KONSEPT-LAPTOPM, Protection, Refresh, Starting, Protection, 2/12/2016 6:25 AM, SYSTEM, KONSEPT-LAPTOPM, Protection, Malicious Website Protection, Stopping, Protection, 2/12/2016 6:25 AM, SYSTEM, KONSEPT-LAPTOPM, Protection, Malicious Website Protection, Stopped, Protection, 2/12/2016 6:25 AM, SYSTEM, KONSEPT-LAPTOPM, Protection, Refresh, Success, Protection, 2/12/2016 6:25 AM, SYSTEM, KONSEPT-LAPTOPM, Protection, Malicious Website Protection, Starting, Protection, 2/12/2016 6:25 AM, SYSTEM, KONSEPT-LAPTOPM, Protection, Malicious Website Protection, Started, Update, 2/12/2016 7:35 AM, SYSTEM, KONSEPT-LAPTOPM, Scheduler, Domain Database, 2016.2.11.15, 2016.2.12.1, Protection, 2/12/2016 7:35 AM, SYSTEM, KONSEPT-LAPTOPM, Protection, Refresh, Starting, Protection, 2/12/2016 7:35 AM, SYSTEM, KONSEPT-LAPTOPM, Protection, Malicious Website Protection, Stopping, Protection, 2/12/2016 7:35 AM, SYSTEM, KONSEPT-LAPTOPM, Protection, Malicious Website Protection, Stopped, Protection, 2/12/2016 7:35 AM, SYSTEM, KONSEPT-LAPTOPM, Protection, Refresh, Success, Protection, 2/12/2016 7:35 AM, SYSTEM, KONSEPT-LAPTOPM, Protection, Malicious Website Protection, Starting, Protection, 2/12/2016 7:35 AM, SYSTEM, KONSEPT-LAPTOPM, Protection, Malicious Website Protection, Started, Update, 2/12/2016 8:26 AM, SYSTEM, KONSEPT-LAPTOPM, Scheduler, Domain Database, 2016.2.12.1, 2016.2.12.2, Protection, 2/12/2016 8:26 AM, SYSTEM, KONSEPT-LAPTOPM, Protection, Refresh, Starting, Protection, 2/12/2016 8:26 AM, SYSTEM, KONSEPT-LAPTOPM, Protection, Malicious Website Protection, Stopping, Protection, 2/12/2016 8:26 AM, SYSTEM, KONSEPT-LAPTOPM, Protection, Malicious Website Protection, Stopped, Protection, 2/12/2016 8:26 AM, SYSTEM, KONSEPT-LAPTOPM, Protection, Refresh, Success, Protection, 2/12/2016 8:26 AM, SYSTEM, KONSEPT-LAPTOPM, Protection, Malicious Website Protection, Starting, Protection, 2/12/2016 8:26 AM, SYSTEM, KONSEPT-LAPTOPM, Protection, Malicious Website Protection, Started, Detection, 2/12/2016 9:16 AM, SYSTEM, KONSEPT-LAPTOPM, Protection, Malicious Website Protection, Domain, 185.17.184.11, beautyfile.info, 49616, Outbound, C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, Detection, 2/12/2016 9:16 AM, SYSTEM, KONSEPT-LAPTOPM, Protection, Malicious Website Protection, Domain, 185.17.184.11, beautyfile.info, 49616, Outbound, C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, Update, 2/12/2016 10:34 AM, SYSTEM, KONSEPT-LAPTOPM, Scheduler, Malware Database, 2016.2.12.2, 2016.2.12.3, Protection, 2/12/2016 10:34 AM, SYSTEM, KONSEPT-LAPTOPM, Protection, Refresh, Starting, Protection, 2/12/2016 10:34 AM, SYSTEM, KONSEPT-LAPTOPM, Protection, Malicious Website Protection, Stopping, Protection, 2/12/2016 10:34 AM, SYSTEM, KONSEPT-LAPTOPM, Protection, Malicious Website Protection, Stopped, Protection, 2/12/2016 10:34 AM, SYSTEM, KONSEPT-LAPTOPM, Protection, Refresh, Success, Protection, 2/12/2016 10:34 AM, SYSTEM, KONSEPT-LAPTOPM, Protection, Malicious Website Protection, Starting, Protection, 2/12/2016 10:34 AM, SYSTEM, KONSEPT-LAPTOPM, Protection, Malicious Website Protection, Started, Update, 2/12/2016 11:34 AM, SYSTEM, KONSEPT-LAPTOPM, Scheduler, Domain Database, 2016.2.12.2, 2016.2.12.3, Protection, 2/12/2016 11:34 AM, SYSTEM, KONSEPT-LAPTOPM, Protection, Refresh, Starting, Protection, 2/12/2016 11:34 AM, SYSTEM, KONSEPT-LAPTOPM, Protection, Malicious Website Protection, Stopping, Protection, 2/12/2016 11:34 AM, SYSTEM, KONSEPT-LAPTOPM, Protection, Malicious Website Protection, Stopped, Protection, 2/12/2016 11:34 AM, SYSTEM, KONSEPT-LAPTOPM, Protection, Refresh, Success, Protection, 2/12/2016 11:34 AM, SYSTEM, KONSEPT-LAPTOPM, Protection, Malicious Website Protection, Starting, Protection, 2/12/2016 11:34 AM, SYSTEM, KONSEPT-LAPTOPM, Protection, Malicious Website Protection, Started, Update, 2/12/2016 12:34 PM, SYSTEM, KONSEPT-LAPTOPM, Scheduler, Malware Database, 2016.2.12.3, 2016.2.12.4, Protection, 2/12/2016 12:34 PM, SYSTEM, KONSEPT-LAPTOPM, Protection, Refresh, Starting, Protection, 2/12/2016 12:34 PM, SYSTEM, KONSEPT-LAPTOPM, Protection, Malicious Website Protection, Stopping, Protection, 2/12/2016 12:34 PM, SYSTEM, KONSEPT-LAPTOPM, Protection, Malicious Website Protection, Stopped, Protection, 2/12/2016 12:34 PM, SYSTEM, KONSEPT-LAPTOPM, Protection, Refresh, Success, Protection, 2/12/2016 12:34 PM, SYSTEM, KONSEPT-LAPTOPM, Protection, Malicious Website Protection, Starting, Protection, 2/12/2016 12:34 PM, SYSTEM, KONSEPT-LAPTOPM, Protection, Malicious Website Protection, Started, Update, 2/12/2016 1:24 PM, SYSTEM, KONSEPT-LAPTOPM, Scheduler, Domain Database, 2016.2.12.3, 2016.2.12.4, Protection, 2/12/2016 1:24 PM, SYSTEM, KONSEPT-LAPTOPM, Protection, Refresh, Starting, Protection, 2/12/2016 1:24 PM, SYSTEM, KONSEPT-LAPTOPM, Protection, Malicious Website Protection, Stopping, Protection, 2/12/2016 1:24 PM, SYSTEM, KONSEPT-LAPTOPM, Protection, Malicious Website Protection, Stopped, Protection, 2/12/2016 1:24 PM, SYSTEM, KONSEPT-LAPTOPM, Protection, Refresh, Success, Protection, 2/12/2016 1:24 PM, SYSTEM, KONSEPT-LAPTOPM, Protection, Malicious Website Protection, Starting, Protection, 2/12/2016 1:24 PM, SYSTEM, KONSEPT-LAPTOPM, Protection, Malicious Website Protection, Started, Update, 2/12/2016 2:26 PM, SYSTEM, KONSEPT-LAPTOPM, Scheduler, Domain Database, 2016.2.12.4, 2016.2.12.6, Update, 2/12/2016 2:26 PM, SYSTEM, KONSEPT-LAPTOPM, Scheduler, Malware Database, 2016.2.12.4, 2016.2.12.5, Protection, 2/12/2016 2:26 PM, SYSTEM, KONSEPT-LAPTOPM, Protection, Refresh, Starting, Protection, 2/12/2016 2:26 PM, SYSTEM, KONSEPT-LAPTOPM, Protection, Malicious Website Protection, Stopping, Protection, 2/12/2016 2:26 PM, SYSTEM, KONSEPT-LAPTOPM, Protection, Malicious Website Protection, Stopped, Protection, 2/12/2016 2:26 PM, SYSTEM, KONSEPT-LAPTOPM, Protection, Refresh, Success, Protection, 2/12/2016 2:26 PM, SYSTEM, KONSEPT-LAPTOPM, Protection, Malicious Website Protection, Starting, Protection, 2/12/2016 2:26 PM, SYSTEM, KONSEPT-LAPTOPM, Protection, Malicious Website Protection, Started, Update, 2/12/2016 2:29 PM, SYSTEM, KONSEPT-LAPTOPM, Scheduler, Remediation Database, 2016.2.10.1, 2016.2.12.1, Protection, 2/12/2016 2:29 PM, SYSTEM, KONSEPT-LAPTOPM, Protection, Refresh, Starting, Protection, 2/12/2016 2:29 PM, SYSTEM, KONSEPT-LAPTOPM, Protection, Malicious Website Protection, Stopping, Protection, 2/12/2016 2:29 PM, SYSTEM, KONSEPT-LAPTOPM, Protection, Malicious Website Protection, Stopped, Protection, 2/12/2016 2:29 PM, SYSTEM, KONSEPT-LAPTOPM, Protection, Refresh, Success, Protection, 2/12/2016 2:29 PM, SYSTEM, KONSEPT-LAPTOPM, Protection, Malicious Website Protection, Starting, Protection, 2/12/2016 2:29 PM, SYSTEM, KONSEPT-LAPTOPM, Protection, Malicious Website Protection, Started, Update, 2/12/2016 4:25 PM, SYSTEM, KONSEPT-LAPTOPM, Scheduler, Domain Database, 2016.2.12.6, 2016.2.12.7, Protection, 2/12/2016 4:25 PM, SYSTEM, KONSEPT-LAPTOPM, Protection, Refresh, Starting, Protection, 2/12/2016 4:25 PM, SYSTEM, KONSEPT-LAPTOPM, Protection, Malicious Website Protection, Stopping, Protection, 2/12/2016 4:25 PM, SYSTEM, KONSEPT-LAPTOPM, Protection, Malicious Website Protection, Stopped, Protection, 2/12/2016 4:25 PM, SYSTEM, KONSEPT-LAPTOPM, Protection, Refresh, Success, Protection, 2/12/2016 4:25 PM, SYSTEM, KONSEPT-LAPTOPM, Protection, Malicious Website Protection, Starting, Protection, 2/12/2016 4:25 PM, SYSTEM, KONSEPT-LAPTOPM, Protection, Malicious Website Protection, Started, Protection, 2/12/2016 4:42 PM, SYSTEM, KONSEPT-LAPTOPM, Protection, Malware Protection, Starting, Protection, 2/12/2016 4:42 PM, SYSTEM, KONSEPT-LAPTOPM, Protection, Malware Protection, Started, Protection, 2/12/2016 4:42 PM, SYSTEM, KONSEPT-LAPTOPM, Protection, Malicious Website Protection, Starting, Protection, 2/12/2016 4:42 PM, SYSTEM, KONSEPT-LAPTOPM, Protection, Malicious Website Protection, Started, Detection, 2/12/2016 5:16 PM, SYSTEM, KONSEPT-LAPTOPM, Protection, Malicious Website Protection, Domain, 185.17.184.11, beautyfile.info, 50405, Outbound, C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, Detection, 2/12/2016 5:16 PM, SYSTEM, KONSEPT-LAPTOPM, Protection, Malicious Website Protection, Domain, 185.17.184.11, beautyfile.info, 50405, Outbound, C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, (end)
  8. I have Windows XP and recently upgraded Malwarebytes to v 2.2.0.1024. The SCAN NOW screen pops up very frequently, like about once every 15 minutes. Before, I had it set to not pop-up at all and to open only when I opened it myself. How do I get this annoying SCAN NOW screen to stop popping up and set it to manual open ONLY? ScanNow.rtf
  9. Good evening! I am using my computer to attempt to solve popup and redirect issues on my daughter's computer. I am a homeschool mom. No computer whiz here. But... learning is lifelong. The issue: Any attempt to use the internet redirects to "pcfixing2.info" which requires a "quit task" from the task manager. Further, there is a continuous onslaught of popups plaguing the system. I'm usually pretty good at I.D.ing this crap in processes, but I can't find it this time. I attached a screenshot of the scallywag: An image of the virus.PNG Using safe mode yesterday I ran JRT and MBAR and MBAM and Adware Cleaner too, I think, following Double Headed Eagle's plans from other folks, one at a time and retrying the internet. But to no avail. Perhaps I did things in the wrong order. So I'm trying again. The fact that I'm posting means nothing worked, and I need more suggestions. The "order of operations" for today is below. Thank you for any assistance in advance. Sooooo.... The offending computer is windows 8.1. More of Viv's comp info is in the attached screen shot, titled Viv's comp info, because I couldn't copy and paste for some reason. 9/15/2015 5 p.m. MBAM I'm using version 2015.09.14.05 (which looks really like it might be up-to-date, but it says it needs updated.) Alas, safe mode. All disk checks are performed via download from my computer internet to a flash drive, except for MBAM as we're "fancy owners." 5:14 p.m. Ran MBAM w PUP & PUM set to the "terrible entity" setting. Nothing to quarantine. Realized I was supposed to show hidden files and learned how to do that. 5:45 pm Reran MBAM, showing hidden files. It looks REALLY short. Wonder if that's right. Anyway, File attached: VivsMBAM1.txt. 6:11 p.m Ran FRST, addition box checked. FRST.txt Addition.txt I was going to run RogueKiller, then I saw a note that followed about not doing anything further... not everything is bad... la de da de dah... and decided that instead of running anything else, I'll post the things I ran yesterday (before the NOT EEVERYTHING is BAD note) and see where to go from there. You'll see I have logs also attached from MBAR, titled: system-log.txt -- This is an older log when my husband started working on this mess on 9/3/15 JRT, oddly titled: JRT.txt--This is from yesterday AdwCleaner, titled: AdwCleaner C1.txt and S1.txt and also Quarantine. log -- Also from yesterday had to do a few mom things, then: 7pm Thought I had almost fixed it after doing all of the following steps. The pop up started immediately all over the top of my Chrome page, but I just clicked out and it didn't reappear. Then I managed to make it to a couple of sites before the redirect reared its ugly head. And now, since you scared me with the "not everything is bad," I'm going to post all this crap and hopefully you can make sense of it before I screw it up any further. Cyndi sorry the attachments come in all wonky, MBAM is off to the right... AdwCleanerC1.txtAdwCleanerS1.txtFRST.txtJRT.txtQuarantine.logVivsMBAM1.txtsystem-log.txtAddition.txt
  10. Hi, A while back I was getting CloudScout pop-ups and ads in Chrome (no other browser). I did everything I could to remove them, even posting on BleepingComputer, but I just gave up in the end because they were intermittent and eventually disappeared entirely on their own. Now I have the same pop-ups and ads but this time they're marked "Ads by DNSUnlocker". My brother's computer gets the ads at exactly the same time as I do, every time. We're on the same network. Sometimes using Chrome's reset settings feature removes the ads for a few days, but sometimes it does nothing. I've run a fully updated Malwarebytes several times and it has found nothing. Your DNSUnlocker Removal Guide, as with every single other guide on the internet, is completely pointless and just annoying. I have never once seen any virus actually show up as an installed program. That just never happens, which is why I get annoyed at all of those copy-cat, nonsense guides that say to look for the virus in Programs and Features or Task Manager. Our internet setup is a bit unusual because of where we live. We have satellite internet, but it's too delayed (600ms to 2s of ping) for online gaming, so my brother and I have our own separate internet connection using a Samsung Galaxy S3 with a patch lead going to an external antenna. We enable the portable hotspot on the phone and connect that way. It's possible the phone is infected, but I don't know how to find out on Android. Maybe it could be the router - I guess I can test that by not bridging my network at all today (and therefore relying on the separate wifi network from the phone) and seeing if the ads appear. Whatever happens, I can't reinstall Windows. Not until I go to Windows 10, anyway. I have hundreds of programs installed and set up and it would take weeks to get it all back up and running again. Reinstalling Windows is always a nightmare. The following are the FRST logs. In the logs there are a few programs that I know seem suspicious; SoundSwitch, XboxStat, ClipX, Win7 Taskbar Tweaker, DisplayFusion and the shell extension that allows me to remove the shortcut arrows on some symbolic links are all genuine programs - but I can't vouch that they are virus-free. I used to use Acronis TrueImage 2014, but I will admit I illegally pirated it. I no longer use it and it's now removed, but it still has traces on the computer so it's possible it was the cause of the virus because it was pirated. I paid (quite a lot!) for a much better (and not illegal) backup solution (Bvckup 2). At the time of making the logs my network connection was bridged in such a way as to allow me to connect to the 3G internet but still access our home network and 20TB NAS for file sharing. Well, great. The ads have all disappeared. That's annoying. I wish they'd just be consistent. Oh well, here's the FRST logs anyway (hmm, was told the post was too long to post, so Addition.txt is now attached): Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-09-2015 Ran by David (administrator) on HAROLD (06-09-2015 12:36:56) Running from C:\Users\David\Desktop Loaded Profiles: David (Available Profiles: David) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe (Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (RaMMicHaeL) C:\Users\David\AppData\Roaming\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe (Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (Spotify Ltd) C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Corsair Components, Inc.) C:\Program Files (x86)\Corsair\Corsair Headset Software\HeadsetControlPanel.exe (Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe () C:\Program Files (x86)\ClipX\clipx.exe (Codeusa Software) C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe (Pipemetrics SA) C:\Program Files\Bvckup 2\bvckup2.exe (Almico Software (www.almico.com)) C:\Program Files (x86)\SpeedFan\speedfan.exe (Jeroen Pelgrims) C:\Users\David\AppData\Local\Apps\2.0\4G2TEA0W.YEX\HJK8QHO4.E2X\soun..tion_0000000000000000_0002.0004_f839aedc2aa2d7a7\SoundSwitch.exe (Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe (Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6064.exe (Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe () C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe () C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe () C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel® Corporation) C:\Program Files\Intel\NCS2\WMIProv\ncs2prov.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation) HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [samsungRapidApp] => C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [281312 2014-05-19] (Samsung Electronics Co., Ltd.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-24] (NVIDIA Corporation) HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [518424 2013-07-18] (Acronis) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-26] (Adobe Systems Incorporated) HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7805888 2014-08-19] (Acronis) HKLM-x32\...\Run: [Corsair Headset Software] => C:\Program Files (x86)\Corsair\Corsair Headset Software\HeadsetControlPanel.exe [3167544 2014-02-12] (Corsair Components, Inc.) HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1102192 2013-10-10] (Acronis International GmbH) HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2620728 2015-07-22] (Malwarebytes Corporation) HKLM-x32\...\Run: [ClipX] => C:\Program Files (x86)\ClipX\clipx.exe [68608 2005-12-01] () HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKU\S-1-5-21-715575704-4020683070-549173419-1000\...\Run: [7 Taskbar Tweaker] => C:\Users\David\AppData\Roaming\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe [382976 2015-04-08] (RaMMicHaeL) HKU\S-1-5-21-715575704-4020683070-549173419-1000\...\Run: [DisplayFusion] => C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [6886752 2015-01-07] (Binary Fortress Software) HKU\S-1-5-21-715575704-4020683070-549173419-1000\...\Run: [spotify Web Helper] => C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-08-31] (Spotify Ltd) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-06-03] () ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-06-03] () ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-06-03] () ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] () ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] () ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] () ShellIconOverlayIdentifiers: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2014-06-04] (Hermann Schinagl) ShellIconOverlayIdentifiers: [iconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2014-06-04] (Hermann Schinagl) ShellIconOverlayIdentifiers: [iconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2014-06-04] (Hermann Schinagl) ShellIconOverlayIdentifiers-x32: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2014-06-04] (Hermann Schinagl) ShellIconOverlayIdentifiers-x32: [iconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2014-06-04] (Hermann Schinagl) ShellIconOverlayIdentifiers-x32: [iconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2014-06-04] (Hermann Schinagl) Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Borderless Gaming.lnk [2015-08-01] ShortcutTarget: Borderless Gaming.lnk -> C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe (Codeusa Software) Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bvckup2.lnk [2015-07-12] ShortcutTarget: Bvckup2.lnk -> C:\Program Files\Bvckup 2\bvckup2.exe (Pipemetrics SA) Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk [2015-03-09] ShortcutTarget: Samsung Magician.lnk -> C:\Windows\System32\schtasks.exe (Microsoft Corporation) Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SoundSwitch.appref-ms [2015-03-09] () Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpeedFan.lnk [2015-03-09] ShortcutTarget: SpeedFan.lnk -> C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (www.almico.com)) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog5 07 C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26512 2013-05-11] (National Instruments Corporation) Winsock: Catalog5-x64 07 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [28560 2013-05-11] (National Instruments Corporation) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.0.11 Tcpip\..\Interfaces\{4F3C7CA5-7803-41F3-86CC-3327492FE7E6}: [DhcpNameServer] 192.168.0.11 Tcpip\..\Interfaces\{7B1CEF77-DDB6-42E8-B017-8F1562B1DF55}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{B597B79E-1A3E-4CB1-8674-E3D4E441BBA8}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{BBFF37E3-B1E9-4A3F-800F-8FDAE3F72FEE}: [DhcpNameServer] 192.168.43.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-715575704-4020683070-549173419-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-715575704-4020683070-549173419-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-16] (Oracle Corporation) BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-11-11] (LastPass) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-16] (Oracle Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-16] (Oracle Corporation) BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2014-11-11] (LastPass) BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2013-09-13] (FreeDownloadManager.ORG) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-16] (Oracle Corporation) Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-11-11] (LastPass) Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2014-11-11] (LastPass) FireFox: ======== FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\prz90v4y.default FF Plugin: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelogx64.dll [2015-04-23] (EA Digital Illusions CE AB) FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB) FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-16] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-16] (Oracle Corporation) FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2014-11-11] (LastPass) FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-26] (Wacom) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-06-09] (Adobe Systems) FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-26] (Wacom) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll [2014-05-30] (Adobe Systems, Inc.) FF Plugin-x32: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelog.dll [2015-04-23] (EA Digital Illusions CE AB) FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-08] (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-12] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-12] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-16] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-16] (Oracle Corporation) FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2014-11-11] (LastPass) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-04-09] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-04-09] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.) FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-26] (Wacom) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-06-09] (Adobe Systems) FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-26] (Wacom) FF Plugin HKU\S-1-5-21-715575704-4020683070-549173419-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\David\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-22] (Unity Technologies ApS) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2012win32.dll [2013-05-29] (National Instruments) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2013win32.dll [2013-06-20] (National Instruments) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.) FF Extension: LastPass - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\prz90v4y.default\Extensions\support@lastpass.com [2014-11-11] FF Extension: Classic Theme Restorer (Customize UI) - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\prz90v4y.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2015-07-03] FF Extension: Omnibar - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\prz90v4y.default\Extensions\omnibar@ajitk.com.xpi [2015-07-03] FF Extension: FXChrome - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\prz90v4y.default\Extensions\{c0c588b6-b11d-4898-af00-079fed05aa32}.xpi [2015-07-03] FF Extension: Adblock Plus - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\prz90v4y.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-07-03] Chrome: ======= CHR HomePage: Default -> hxxp://google.com/ CHR StartupUrls: Default -> "hxxp://google.com/" CHR DefaultSearchKeyword: Default -> lp CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-07] CHR Extension: (Google Docs) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-07] CHR Extension: (Google Drive) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-07] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-03-07] CHR Extension: (YouTube) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-07] CHR Extension: (Adblock Plus) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-03-07] CHR Extension: (Google Search) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-07] CHR Extension: (Backtick) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\daiejhinmmfgincamkeeobmpffhdljim [2015-03-07] CHR Extension: (Session Buddy) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2015-03-07] CHR Extension: (Google Sheets) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-07] CHR Extension: (Google Docs Offline) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-04] CHR Extension: (LastPass: Free Password Manager) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-03-07] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-07] CHR Extension: (Better YouTube Watch History) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\lleajdkalfbohpinoaekajagdefaeckd [2015-03-09] CHR Extension: (Chrome Web Store Payments) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-07] CHR Extension: (Google Tone) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnckehldicaciogcbchegobnafnjkcne [2015-05-28] CHR Extension: (Gmail) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-07] CHR Extension: (RSS Feed Reader) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp [2015-03-07] CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [680112 2015-06-09] (Adobe Systems Incorporated) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1060352 2015-06-19] () S4 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed] R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [3169648 2015-01-07] (Binary Fortress Software) S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [238376 2015-07-14] (EasyAntiCheat Ltd) S2 Foundry FLEXlm Server; C:\Program Files (x86)\The Foundry\\LicensingTools7.0\bin\FLEXlm\lmgrd.foundry.exe [1392016 2012-10-30] (Acresso Software Inc.) S4 Foundry License Server; C:\Program Files (x86)\The Foundry\\LicensingTools7.0\bin\RLM\rlm.foundry.exe [1474560 2014-04-04] (Reprise Software Inc.) [File not signed] R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-24] (NVIDIA Corporation) S4 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed] S4 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation) S4 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation) S4 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] () S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation) S4 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2010-10-27] (National Instruments, Inc.) S4 lkClassAds; C:\Windows\SysWOW64\lkads.exe [53544 2013-06-12] (National Instruments Corporation) S4 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [63792 2013-06-12] (National Instruments Corporation) R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [713016 2015-07-22] (Malwarebytes Corporation) S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation) S4 NIApplicationWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [57696 2013-06-08] (National Instruments Corporation) S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [81248 2013-06-08] (National Instruments Corporation) S4 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [380720 2013-06-12] (National Instruments Corporation) S4 NILM License Manager; C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1427688 2010-08-02] (Macrovision Corporation) S4 nimDNSResponder; C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [260976 2013-05-11] (National Instruments Corporation) S4 NiSvcLoc; C:\Program Files (x86)\National Instruments\Shared\niSvcLoc\nisvcloc.exe [90440 2013-06-07] (National Instruments Corporation) S4 NISystemWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [57680 2013-06-08] (National Instruments Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1868432 2015-06-24] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-24] (NVIDIA Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1997168 2015-06-02] (Electronic Arts) S4 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed] R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-06-02] () R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-06-03] () S4 RadeonPro Support Service; C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe [20608 2013-11-04] (Mr. John aka japamd) [File not signed] R2 SamsungRapidSvc; C:\Windows\System32\RAPID\SamsungRapidSvc.exe [27872 2014-05-19] (Samsung Electronics Co., Ltd.) S4 SVLAdminServiceX64; C:\Program Files (x86)\Software Verification\SVL Service x64\svlService_x64.exe [21792 2014-06-03] () S4 SVLAdminServiceX86; C:\Program Files (x86)\Software Verification\SVL Service x86\svlService.exe [24928 2014-05-23] () S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-04] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [672024 2015-02-27] (Wacom Technology, Corp.) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) S3 BioNTDrv; C:\Program Files (x86)\Paragon Software\Migrate OS to SSD\program\BioNTDrv.SYS [19024 2011-03-01] (Paragon Software GmbH) R3 CorsairAudioFilter; C:\Windows\System32\DRIVERS\corsveng2kamd64.sys [109912 2014-02-03] (Corsair Components, Inc.) R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [496400 2013-02-26] (Intel Corporation) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-11] (Broadcom Corporation) R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-07-22] () R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-19] () R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-31] (Logitech Inc.) S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [43456 2012-07-26] (http://libusb-win32.sourceforge.net) S3 libusbK; C:\Windows\System32\DRIVERS\libusbK.sys [47200 2014-07-08] (http://libusb-win32.sourceforge.net) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-24] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46768 2015-05-19] (NVIDIA Corporation) S3 RivaTuner64; C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [12288 2009-08-23] () [File not signed] S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [25504 2013-10-21] (Resplendence Software Projects Sp.) R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13480 2014-06-10] () R3 RTL8192cu; C:\Windows\System32\DRIVERS\rtwlanu.sys [986728 2012-02-10] (Realtek Semiconductor Corporation ) R0 SamsungRapidDiskFltr; C:\Windows\System32\DRIVERS\SamsungRapidDiskFltr.sys [265952 2014-05-19] (Samsung Electronics Co., Ltd.) R0 SamsungRapidFSFltr; C:\Windows\System32\DRIVERS\SamsungRapidFSFltr.sys [111328 2014-05-19] (Samsung Electronics Co., Ltd.) R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2015-02-10] (Acronis International GmbH) R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2015-02-10] (Acronis International GmbH) R3 TotRec8; C:\Windows\system32\drivers\TotRec8.sys [125640 2014-04-30] (High Criteria inc.) U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-05-01] () R3 VBAudioVACMME; C:\Windows\System32\DRIVERS\vbaudio_cable64_win7.sys [41192 2013-07-11] (Windows ® Win 7 DDK provider) S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [116296 2014-09-09] (Oracle Corporation) R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2015-02-10] (Acronis International GmbH) R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 moufiltr; system32\DRIVERS\moufiltr.sys [X] S3 vhidmini; system32\DRIVERS\walvhid.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-06 12:36 - 2015-09-06 12:37 - 00035976 _____ C:\Users\David\Desktop\FRST.txt 2015-09-06 12:11 - 2015-09-06 12:12 - 02188800 _____ (Farbar) C:\Users\David\Desktop\FRST64.exe 2015-09-03 10:56 - 2015-09-03 10:57 - 12455424 _____ (Frontier Developments ) C:\Users\David\Desktop\EliteDangerous-Client-Installer.exe 2015-08-31 17:22 - 2015-08-31 17:47 - 255525815 _____ (Fleet Operations Development Team ) C:\Users\David\Desktop\FOSetup327.exe 2015-08-31 17:22 - 2015-08-31 17:28 - 54894709 _____ ( ) C:\Users\David\Desktop\FleetOpsMultimedia3.exe 2015-08-31 17:16 - 2015-08-31 17:17 - 00895868 _____ C:\Users\David\Desktop\3danalyzer-v236.zip 2015-08-30 11:51 - 2015-08-30 11:51 - 00154956 _____ C:\Users\David\Desktop\d l4d2.aup 2015-08-30 11:51 - 2015-08-30 11:51 - 00000000 ____D C:\Users\David\Desktop\d l4d2_data 2015-08-29 16:55 - 2015-08-29 16:55 - 00001679 _____ C:\Users\David\Desktop\left4gore.exe - Shortcut.lnk 2015-08-29 16:55 - 2015-08-29 16:55 - 00001099 _____ C:\Users\David\Desktop\left4dead2.exe - Shortcut.lnk 2015-08-29 15:21 - 2015-08-29 15:21 - 00000785 _____ C:\Users\David\Desktop\Star Citizen Launcher.lnk 2015-08-29 15:21 - 2015-08-29 15:21 - 00000000 ____D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Star Citizen Launcher 2015-08-29 15:21 - 2015-08-29 15:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Star Citizen Launcher 2015-08-23 18:14 - 2015-08-23 18:48 - 00000000 ____D C:\Users\David\Desktop\DSTwo 2015-08-22 13:26 - 2015-08-31 21:22 - 00000000 ____D C:\Users\David\AppData\Local\Spotify 2015-08-22 13:26 - 2015-08-22 13:26 - 00001793 _____ C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk 2015-08-22 13:22 - 2015-08-31 21:22 - 00000000 ____D C:\Users\David\AppData\Roaming\Spotify 2015-08-22 11:47 - 2015-08-22 11:47 - 00077373 _____ C:\Users\David\Desktop\d_rocketleague_3.aup 2015-08-22 11:47 - 2015-08-22 11:47 - 00000000 ____D C:\Users\David\Desktop\d_rocketleague_3_data 2015-08-15 11:33 - 2015-08-15 11:33 - 00078360 _____ C:\Users\David\Desktop\d_minecraft_pp_1.aup 2015-08-15 11:33 - 2015-08-15 11:33 - 00000000 ____D C:\Users\David\Desktop\d_minecraft_pp_1_data 2015-08-07 22:38 - 2015-08-07 22:38 - 00000000 ____D C:\Users\David\Documents\PCSX2 2015-08-07 22:38 - 2015-08-07 22:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2 2015-08-07 21:59 - 2015-08-07 21:59 - 00866384 _____ C:\Users\David\Desktop\OpenPS2Loader 0.9.2.zip 2015-08-07 21:55 - 2015-08-07 21:55 - 00100490 _____ C:\Users\David\Desktop\ESRDiscPatcher.zip 2015-08-07 21:55 - 2015-08-07 21:55 - 00028642 _____ C:\Users\David\Desktop\ESR.zip 2015-08-07 14:55 - 2015-08-07 14:55 - 00000000 ____D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PS2 Save Builder 0.8 2015-08-07 14:54 - 2015-08-07 14:54 - 00000000 ____D C:\Program Files (x86)\PS2 Save Builder 0.8 2015-08-07 14:37 - 2015-08-07 14:38 - 00000000 ____D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyMC 2015-08-07 14:36 - 2015-08-07 14:36 - 00000000 ____D C:\Program Files (x86)\MyMC 2015-08-07 14:24 - 2015-08-07 14:24 - 04710029 _____ C:\Users\David\Desktop\mymc-alpha-2.6.zip 2015-08-07 13:57 - 2015-08-07 13:58 - 05116874 _____ C:\Users\David\Desktop\[140629]FMCB-0194-bin.7z 2015-08-07 13:54 - 2015-08-07 14:12 - 00000000 ____D C:\Users\David\Desktop\PS2 Saves ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-06 12:36 - 2015-03-11 11:11 - 00000000 ____D C:\FRST 2015-09-06 12:35 - 2014-02-28 11:35 - 01150434 _____ C:\Windows\WindowsUpdate.log 2015-09-06 12:21 - 2015-03-07 14:45 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-09-06 12:06 - 2009-07-14 14:45 - 00022784 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-09-06 12:06 - 2009-07-14 14:45 - 00022784 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-09-06 12:05 - 2009-07-14 15:13 - 00801230 _____ C:\Windows\system32\PerfStringBackup.INI 2015-09-06 12:02 - 2014-06-23 14:56 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-09-06 11:59 - 2015-07-12 21:28 - 00000000 ____D C:\Users\David\AppData\Local\Bvckup2 2015-09-06 11:59 - 2015-03-13 13:04 - 00017430 _____ C:\Windows\setupact.log 2015-09-06 11:59 - 2015-03-07 14:45 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-09-06 11:59 - 2015-01-10 12:41 - 00003018 _____ C:\Windows\System32\Tasks\MSIAfterburner 2015-09-06 11:59 - 2015-01-09 22:44 - 00000000 ____D C:\Program Files (x86)\SpeedFan 2015-09-06 11:59 - 2014-10-04 10:02 - 00000000 ____D C:\ProgramData\VMware 2015-09-06 11:59 - 2014-06-23 16:53 - 00000000 ____D C:\ProgramData\NVIDIA 2015-09-06 11:59 - 2014-03-01 08:43 - 01192302 _____ C:\Windows\PFRO.log 2015-09-06 11:59 - 2013-09-26 16:39 - 00000000 ____D C:\Users\David\AppData\Local\Deployment 2015-09-06 11:59 - 2009-07-14 15:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-09-06 00:37 - 2013-10-01 12:36 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner 2015-09-05 23:15 - 2014-11-20 16:21 - 00000000 ____D C:\Program Files (x86)\Steam 2015-09-05 12:43 - 2014-02-28 23:06 - 00000000 ____D C:\ProgramData\Unity 2015-09-04 16:47 - 2015-03-12 08:37 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit 2015-09-04 14:42 - 2015-06-21 21:03 - 00000000 ____D C:\Users\David\Desktop\Keygen-CRD 2015-09-04 14:42 - 2009-07-14 15:32 - 00000000 ____D C:\Windows\Performance 2015-09-04 09:18 - 2014-02-13 12:45 - 00000000 ____D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2015-08-30 21:38 - 2014-11-22 12:00 - 00000000 ____D C:\Users\David\Desktop\Stiff to Sort 2015-08-30 12:05 - 2014-08-07 16:56 - 00000000 ____D C:\Users\David\AppData\Roaming\Audacity 2015-08-30 11:57 - 2014-03-03 11:07 - 00000000 ____D C:\Users\David\AppData\Roaming\HandBrake 2015-08-30 11:53 - 2013-10-06 10:26 - 00000000 ____D C:\Users\David\AppData\Roaming\Mumble 2015-08-29 16:16 - 2015-03-07 14:45 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-08-29 16:16 - 2015-03-07 14:45 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-08-26 09:26 - 2009-07-14 15:08 - 00032656 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-08-24 14:41 - 2013-12-25 23:19 - 00000000 ____D C:\Users\David\AppData\Roaming\.minecraft 2015-08-24 11:34 - 2015-05-24 16:31 - 00000080 _____ C:\Users\David\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦 2015-08-24 07:15 - 2015-03-12 08:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit 2015-08-24 07:15 - 2015-03-12 08:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit 2015-08-23 15:07 - 2015-04-12 09:56 - 00000000 ____D C:\Program Files (x86)\Rockstar Games 2015-08-23 15:07 - 2015-04-12 09:55 - 00000000 ____D C:\Program Files\Rockstar Games 2015-08-22 14:06 - 2013-10-26 23:09 - 00000000 ____D C:\Users\David\AppData\Roaming\Unity 2015-08-22 13:21 - 2013-10-05 10:17 - 00000000 ____D C:\Users\David\AppData\Roaming\vlc 2015-08-22 09:48 - 2015-06-28 11:35 - 00000328 _____ C:\Users\David\Desktop\costs.txt 2015-08-16 16:42 - 2015-03-16 12:26 - 00000000 ____D C:\Users\David\AppData\Local\CrashDumps 2015-08-09 13:42 - 2013-11-09 13:20 - 00007631 _____ C:\Users\David\AppData\Local\Resmon.ResmonCfg 2015-08-07 22:38 - 2014-03-11 09:16 - 00000000 ____D C:\Windows\SysWOW64\directx ==================== Files in the root of some directories ======= 2014-11-11 19:55 - 2014-11-11 19:55 - 14147584 _____ () C:\Program Files (x86)\Common Files\lpuninstall.exe 2015-05-23 00:40 - 2015-05-23 00:43 - 0000132 _____ () C:\Users\David\AppData\Roaming\Adobe PNG Format CS6 Prefs 2013-12-31 22:52 - 2013-12-31 23:02 - 0065617 _____ () C:\Users\David\AppData\Roaming\Camdata.ini 2013-12-31 22:52 - 2013-12-31 23:02 - 0000408 _____ () C:\Users\David\AppData\Roaming\CamLayout.ini 2013-12-31 22:52 - 2013-12-31 23:02 - 0000408 _____ () C:\Users\David\AppData\Roaming\CamShapes.ini 2013-12-31 22:52 - 2013-12-31 23:02 - 0004548 _____ () C:\Users\David\AppData\Roaming\CamStudio.cfg 2015-01-17 13:22 - 2015-01-18 12:18 - 0000699 _____ () C:\Users\David\AppData\Roaming\DriveCalculator Preferences 2014-12-28 09:08 - 2014-12-28 21:57 - 0003982 _____ () C:\Users\David\AppData\Roaming\LTspiceIV.ini 2014-02-07 08:30 - 2014-05-14 17:22 - 0000813 _____ () C:\Users\David\AppData\Roaming\MPQEditor.ini 2013-12-31 22:51 - 2013-12-31 22:52 - 0000096 _____ () C:\Users\David\AppData\Roaming\version2.xml 2014-04-05 14:22 - 2014-04-18 17:18 - 0003584 _____ () C:\Users\David\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-08-14 16:28 - 2014-08-14 16:28 - 1065984 _____ () C:\Users\David\AppData\Local\file__0.localstorage 2013-10-24 10:05 - 2013-10-24 10:05 - 0000093 _____ () C:\Users\David\AppData\Local\fusioncache.dat 2013-10-25 13:19 - 2013-10-25 13:19 - 0000000 ___SH () C:\Users\David\AppData\Local\LumaEmu 2015-07-26 14:16 - 2015-07-26 14:16 - 0006667 _____ () C:\Users\David\AppData\Local\recently-used.xbel 2013-11-09 13:20 - 2015-08-09 13:42 - 0007631 _____ () C:\Users\David\AppData\Local\Resmon.ResmonCfg 2015-02-22 19:52 - 2015-02-22 19:52 - 0000080 _____ () C:\Users\David\AppData\Local\X-Plane Installer.prf 2015-02-22 19:27 - 2015-02-22 19:27 - 0000036 _____ () C:\Users\David\AppData\Local\x-plane_install_10.txt 2014-08-31 11:26 - 2014-08-31 11:26 - 0000044 _____ () C:\ProgramData\.SimImages 2015-04-09 12:49 - 2015-04-09 12:49 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc Some files in TEMP: ==================== C:\Users\David\AppData\Local\Temp\bzfclean.exe C:\Users\David\AppData\Local\Temp\installerdll783592140.dll C:\Users\David\AppData\Local\Temp\jre-8u60-windows-au.exe C:\Users\David\AppData\Local\Temp\sfamcc00001.dll C:\Users\David\AppData\Local\Temp\sfareca00001.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-09-01 00:31 ==================== End of FRST.txt ============================ Addition.txt
  11. hello! hope everyone has had a good holiday, my son's computer has somehow gotten infected by some type of malware. Everytime we get on the internet or his gaming program steam, popups come up inside the browser. I ran malwarebytes and Pum.bad.proxy keeps coming back along with some pup.optional that I delete with ccleaner. I have tried running task manager to see if I could narrow it down to a certain process and manually remove but I don't ever see anything out of the ordinary. I completely uninstalled Steam and Google Chrome but the pop ups show up on Internet Explorer. I am at a loss on how to get rid of this,Please help! We have Microsoft Security Essentials, malwarebytes, ccleaner. After reading some of the posts on this forum I have also downloaded FRST, Rkill, roguekiller. didn't delete anything on roguekiller just ran scan so I could get a report. I will attach files for all of this. malwareexport.txt FRST.txt Addition.txt Rkill.txt RKreport_SCN_12262014_155439.log
  12. When I try to update MB it will not. (Unable to access the update server) I have uninstalled it using your tool and reinstalled it several times with no luck. I have also noticed some unwanted pop ups? Never had them before? I think if I could get the program to up date it would probally clear up the pop-ups? It seems there is something keeping MB from updating? Thanks for any help you could give me.
  13. I keep getting pop-ups telling me that a malicious site has been blocked. I'm very pleased about this, but I don't need to know every single one! Also, it is a pain because the pop-up, which cannot be moved, often blocks the "Save" and other buttons when I am working on documents, and I repeatedly have to press the "Close" button. But a new notification comes up almost immediately, and it is getting VERY wearing to keep doing this. I can see no way of turning off these notifications, and am thinking of ditching the program if I can't do something about them. PLEASE: how can I turn them off??
  14. Reading through the forum, I've seen that other people have also had this problem, but I think my computer could be infected with something. Every couple minutes or so I've been getting pop-ups that say "Successfully blocked access to a potentially malicious website." IP address is 111.111.111.111 This message pops up even when all my browsers are closed and I'm basically doing nothing on the computer. Earlier I downloaded Malwarebytes (this is a new computer and I forgot to download it when I first got it- oops!) because when I opened my computer none of the browsers on my laptop would open. I downloaded Malwarebytes, ran a full scan that said I had two infected items- removed them and restarted my computer. Even after the restart I've been constantly getting those messages. Wondering if this is nothing or if it's something malicious that needs to be fixed. Thank you for any and all help!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.