Jump to content

Search the Community

Showing results for tags 'Popups'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

  1. Hello, I have this firefox browser that keeps popping-up every time I'd open up the computer even if I don't have Mozilla Firefox installed. I'll upload the FRST and Addition files along with this post. Anyway, if someone could help me it would be really great. Thank you very much in advance! Addition.txt FRST.txt
  2. I'm getting alot of pop ups, when on websites that are 100% safe like last.fm or myanimelist.net. Please help me, thank you! Malware bytes detects it and blocks the pop up and tells me it comes from "File: C:\Windows\System32\MicrosoftEdgeCP.exe" but this keeps happening every minute or so. *Logs for the popups and scans below* ( also weird thing is i installed adwcleaner but its magically disappeared! after i done a scan using it! ) I followed this guide correctly (screenshotted below) but it did not get rid of this problem. I installed malware bytes and enabled the PUP detection and scanned but no malware or viruses appeared, malware bytes said all files are okay but everytime i browse the web malwarebytes says this (screenshotted below) I want to get rid of this problem and its very annoying and has left me fustrated, in fact I'll soon be buying malwarebytes! Here are logs : Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 8/6/19 Protection Event Time: 8:40 PM Log File: 1bdb321a-b882-11e9-885a-a860b625217b.json -Software Information- Version: 3.8.3.2965 Components Version: 1.0.613 Update Package Version: 1.0.11888 License: Trial -System Information- OS: Windows 10 (Build 18362.30) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Category: Malvertising Domain: badskies.com IP Address: 198.134.112.244 Port: [53901] Type: Outbound File: C:\Windows\System32\MicrosoftEdgeCP.exe (end) LOG 2 : Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 8/7/19 Protection Event Time: 12:30 AM Log File: 25a5586f-b8a2-11e9-a90f-a860b625217b.json -Software Information- Version: 3.8.3.2965 Components Version: 1.0.613 Update Package Version: 1.0.11890 License: Trial -System Information- OS: Windows 10 (Build 18362.30) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Category: Malvertising Domain: mse2v5oglm.com IP Address: 198.134.112.244 Port: [50149] Type: Outbound File: C:\Windows\System32\MicrosoftEdgeCP.exe (end) LOG 3 : Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 8/7/19 Protection Event Time: 12:30 AM Log File: 2b925240-b8a2-11e9-90fa-a860b625217b.json -Software Information- Version: 3.8.3.2965 Components Version: 1.0.613 Update Package Version: 1.0.11890 License: Trial -System Information- OS: Windows 10 (Build 18362.30) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Category: Malvertising Domain: ouh3igaeb.com IP Address: 198.134.112.243 Port: [50224] Type: Outbound File: C:\Windows\System32\MicrosoftEdgeCP.exe (end) *SCAN LOG* Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 8/6/19 Scan Time: 9:51 PM Log File: 030cc550-b88c-11e9-bdd0-a860b625217b.json -Software Information- Version: 3.8.3.2965 Components Version: 1.0.613 Update Package Version: 1.0.11890 License: Trial -System Information- OS: Windows 10 (Build 18362.30) CPU: x64 File System: NTFS User: DESKTOP-A\hotch -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 286758 Threats Detected: 0 Threats Quarantined: 0 Time Elapsed: 5 min, 5 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)
  3. Hello, recently I noticed I started getting popups whenever chrome was open so I ran MWB and Adwcleaner and neither found anything. But I researched it and it's the www1.ecleneue.com pop up virus. Could someone help me get this off my computer? Thank you!
  4. So, I made a really dumb move by trying to downoad a programm that i knew wasn't safe and now, while I'm browsing on chrome, at random times, a new tab opens by itself and redirects me to some sports websites like "stoiximan.gr". I tried scanning my pc with Malwarebytes but it found nothing, windows deffender als finds nothing, and reseting google chrome seems to do nothing. Now I saw an article around here from a guy with the same problem and tried to follow the instructions given to him but, when i try to search for AdwCleaner, as was suggested to him, my browser crashed and, honestly, that kind of freaks me out. This thing that's happening is really annoying and it slows my browser's performance down substancially. Especially after the crashes with AdwCleaner and some other time when my pc was on stand- by and it had opened about 40 tabs on it's own, I'm really starting to freak out. What should I do??? Please HELP!
  5. What is Startpage Tasks? The Malwarebytes research team has determined that Startpage Tasks is adware. These adware applications display advertisements not originating from the sites you are browsing. This particular one creates Scheduled Tasks that open a browser window to an ad-rotator site at set intervals. The site that will be opened is added as an argument to the Scheduled Task. Note that the name of the Scheduled Task contains the letters in the argument. How do I remove Startpage Tasks? Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Startpage Tasks? No, Malwarebytes removes Startpage Tasks completely. This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks. How would the full version of Malwarebytes help protect me? We hope our application and this guide have helped you eradicate this adware. As you can see below the full version of Malwarebytes blocks their domains: Technical details for experts Possible signs in FRST logs: C:\Windows\System32\Tasks\bltopncomhohoj C:\Windows\System32\Tasks\dzopercomjhar Task: {279F95D4-D989-4C6D-931B-A883966304EA} - System32\Tasks\bltopncomhohoj => Chrome.exe bltopn.com/hohoj Task: {C920FE83-1B95-4C76-9AC5-E0B7F51ACB47} - System32\Tasks\dzopercomjhar => Firefox.exe dzoper.com/jhar Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 1/9/18 Scan Time: 8:31 AM Log File: 17bab22e-f50f-11e7-85bd-080027750297.json Administrator: Yes -Software Information- Version: 3.3.1.2183 Components Version: 1.0.262 Update Package Version: 1.0.3654 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 246460 Threats Detected: 10 Threats Quarantined: 10 Time Elapsed: 6 min, 2 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 6 PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\BLTOPNCOMHOHOJ, Quarantined, [39], [474793],1.0.3654 PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{279F95D4-D989-4C6D-931B-A883966304EA}, Quarantined, [39], [474793],1.0.3654 PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{279F95D4-D989-4C6D-931B-A883966304EA}, Quarantined, [39], [474793],1.0.3654 PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\DZOPERCOMJHAR, Quarantined, [39], [475864],1.0.3654 PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{C920FE83-1B95-4C76-9AC5-E0B7F51ACB47}, Quarantined, [39], [475864],1.0.3654 PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{C920FE83-1B95-4C76-9AC5-E0B7F51ACB47}, Quarantined, [39], [475864],1.0.3654 Registry Value: 2 PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{279F95D4-D989-4C6D-931B-A883966304EA}|PATH, Quarantined, [39], [474794],1.0.3654 PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{C920FE83-1B95-4C76-9AC5-E0B7F51ACB47}|PATH, Quarantined, [39], [475863],1.0.3654 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 2 PUP.Optional.StartPage, C:\WINDOWS\SYSTEM32\TASKS\BLTOPNCOMHOHOJ, Quarantined, [39], [474793],1.0.3654 PUP.Optional.StartPage, C:\WINDOWS\SYSTEM32\TASKS\DZOPERCOMJHAR, Quarantined, [39], [475864],1.0.3654 Physical Sector: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  6. I wanted to uninstall malwarebytes the other day so I went to the apps folder and tossed it in the recycling bin and deleted it. Today it asked me to update my software. I restarted my computer but was asked again upon rebooting. I download the unistaller but after installing I couldnt find where it went so now I have to get that off my computer as well. What is up?
  7. My windows 7 desktop seems to be infected with some kind of adware. It has evaded multiple malwarebytes scans as well as bitdefender pro scans. There are several culprits, including puttr18, searchbind.net, pipeschannels, adsh*t, etc. These will open in a new tab at any time, even if I click somewhere random on the screen where there isn't any kind of visible trigger. They will either redirect to some scammy site or just close on their own. I have found NO way to prevent this. There appear to be no fishy programs on my computer, no fishy processes running, nothing. Initially virus scanning yielded a couple results, but the problem persists and they no longer find anything. Another thing that happens is that certain words will be highlighted and clicking on them will open some more scam sites. This works and has been tested with both browsers on my computer (chrome and opera) whether in incognito, private browsing, new sessions and users, doesn't matter. This means it's on my computer and not an extension or anything like that.
  8. So, I've been having some problems recently. As soon as I got on the 14 day free trial for Malwarebytes premium, it's been constantly blocking this website called coinhive, which is reported with many numerous IPs and ports, and sometimes even different URLs. The usual URL is just coinhive but it can sometimes have a ws(Insert randomly generated number here) and then the coinhive URL. Its been continually blocking them non stop for the past 40+ minutes and I am currently running a scan which seems to have not found anything just yet (Its about 80% done.) Please respond as quick as possible, as I may think someone is trying to bitcoin mine off of my PC or infect my PC.
  9. Hellow everyone, some time from now i have been getting this masive popups every time a click anything in the chrome browser. The Malwarebytes points the "kjz.finetuningecapsulating.com" domain everytime it blocks a popups. Thanks everyone, hoping to read you soon. Addition.txt FRST - 2.txt FRST.txt JRT.txt Addition - 2.txt
  10. Currently I use my Laptop often without Internet connection during train travels. And after each logon I am bombed with intrusive Malwarebytes messages about being outdated and not able to connect the server or something like that, which partially even requires to click. I know that, and I can't change that. Please implement a way for the version and update checker to check the Internet connection first and if none is available keep the program silent. Thanks and best greetings from Germany Olaf
  11. System: Windows 10, latest update Browser: Google Chrome I keep getting popups and advertisements on Chrome, but my antivirus software is not detecting anything. I deleted the last file I downloaded, which was a bug fix for a video game, and this did nothing. i reinstalled Chrome, nothing. I ran AdwCleaner and it supposedly deleted something. Still, nothing happened, so I reinstalled Chrome again, but this time deleted my browsing history. This worked until I logged back into my Google account, then the pop ups returned. They do not seem to affect Internet Explorer for some reason, but then again, I haven't used it for that long. Please help, I do not want to have to reboot my computer for this.
  12. Hello, I've tried everything I could find online to solve this, but nothing has actually helped. I do not have any malicious extensions or apps installed, I have tried resetting chrome, I have scanned my mac with ClamXav, Sophos Antivirus, Avast, Combo Cleaner, Kaspersky Internet Security, Bitdefender Adware removal tool and none of these found anything during the scans. Malwarebytes's scan found two things which it removed but all the rest, nothing. And every other scan with Malwarebytes comes clean. My search settings and homepage settings are all intact and there wasn't anything suspicious at all. But when chrome is idle for a while or I'm reading something on a website, there's suddenly a muted tab opened (first it was for a dating site, then betting, and most recently a clean my mac page). I also tried Bitdefender Virus Scanner for Mac, and it found a spigot extension for safari and quarantined it. The file appeared to be stored in ClamXav's folder for some reason. (I do not even use Safari, and when I checked before the scan, no extensions have been installed on that browser, and the same goes for Firefox). I've also checked whether the router has been hijacked (https://campaigns.f-secure.com/router-checker/en_global/) and everything seems to be fine. I tried changing the DNS settings to Google's, but it wouldn't connect for a long time so I left it as it was initially. It seems to have been passed to another Windows laptop at home, but when the PC was scanned with Malwarebytes, Clamwin, and CCcleaner nothing seemed to help and the problem occurs on both computers. Windows Defender found BrowserModifier:Win32/Diplugem and removed it, but the ad tabs keep coming. How can I get rid of this? Is it possible that the specific IP is targeted and it's not one of the two devices actually being infected? PS. I've attached the log file from Malwarebytes and from Bitdefender Virus Scanner.
  13. I upgraded to Premium because I thought it might stop whatever was causing popups in the lower right corner that appeared immediately after installing Norton Antivirus protection that came automatically from my internet provider. The premium version finds nothing although the pop ups continue. I have other pop up blockers activated but none seem to work on these lower right corner popups. Any ideas?
  14. Hi I ran several times Malwarebytes, didn't find anything. My issue is that both of my browsers: Chrome & Safari keeps showing popups every time I surf on the web and some ads on the over the site. (I attached some screenshots) Also in the lower corner keeps loading some site: ads.contextweb.com and "loading" from other sites. This is driving me nuts. I hope you can help me with this. Thanks, JP ps. I deleted all my Chrome extensions. Malwarebytes Anti-Malware 1.2.4.584 system report - October 12, 2016 at 5:25:03 PM CST Mac OS X version Version 10.12 (Build 16A323) System uptime: 0d 09:52:16 Safari extensions ----------------------- Chrome extensions ----------------------- JP Default Name: Google Drive Path: /Users/JP/Library/Application Support/Google/Chrome/Default/Extensions/apdfllckaahabafndbhieahigkjlhalf Modified: 2016-10-02 20:55:06 +0000 Name: YouTube Path: /Users/JP/Library/Application Support/Google/Chrome/Default/Extensions/blpcfgokakmgnkcojhhkbfbldkacnbeo Modified: 2016-10-02 20:55:06 +0000 Name: Chrome Web Store Payments Path: /Users/JP/Library/Application Support/Google/Chrome/Default/Extensions/nmmhkkegccagdldgiimedpiccmgmieda Modified: 2016-10-02 20:54:40 +0000 Name: Gmail Path: /Users/JP/Library/Application Support/Google/Chrome/Default/Extensions/pjkljhegncpnkpknbcohdijeoejaedia Modified: 2016-10-02 20:55:06 +0000 Name: Chrome Media Router Path: /Users/JP/Library/Application Support/Google/Chrome/Default/Extensions/pkedcjkdefgpdelpbcmbmeomcjbeemfm Modified: 2016-10-02 20:54:43 +0000 Firefox extensions ----------------------- Login items ----------------------- iTunesHelper System startup items ----------------------- User launch agents ----------------------- /Users/JP/Library/LaunchAgents/.DS_Store /Users/JP/Library/LaunchAgents/com.apple.CSConfigDotMacCert-MY@EMAIL.COM-SharedServices.Agent.plist /Users/JP/Library/LaunchAgents/com.google.keystone.agent.plist System launch agents ----------------------- /Library/LaunchAgents/com.adobe.AAM.Updater-1.0.plist /Library/LaunchAgents/com.adobe.AdobeCreativeCloud.plist System launch daemons ----------------------- /Library/LaunchDaemons/com.adobe.adobeupdatedaemon.plist /Library/LaunchDaemons/com.adobe.agsservice.plist /Library/LaunchDaemons/com.adobe.fpsaud.plist /Library/LaunchDaemons/com.adobe.SwitchBoard.plist /Library/LaunchDaemons/com.bombich.ccchelper.plist /Library/LaunchDaemons/com.malwarebytes.HelperTool.plist /Library/LaunchDaemons/com.microsoft.office.licensingV2.helper.plist Kernel extensions ----------------------- /Library/Extensions/ACS6x.kext /Library/Extensions/ArcMSR.kext /Library/Extensions/ATTOCelerityFC8.kext /Library/Extensions/ATTOExpressSASHBA2.kext /Library/Extensions/ATTOExpressSASRAID2.kext /Library/Extensions/CalDigitHDProDrv.kext /Library/Extensions/HighPointIOP.kext /Library/Extensions/HighPointRR.kext /Library/Extensions/hp_io_enabler_compound.kext /Library/Extensions/PromiseSTEX.kext /Library/Extensions/SoftRAID.kext /Library/Extensions/TelestreamAudio.kext launchd.conf contents ----------------------- Hosts file ----------------------- ## # Host Database # # localhost is used to configure the loopback interface # when the system is booting. Do not change this entry. ## 127.0.0.1 localhost 255.255.255.255 broadcasthost ::1 localhost fe80::1%lo0 localhost Scan log ----------------------- 2016-09-23 16:44:47 : 2016-09-23 16:44:47 : ----- Scan Started ----- 2016-09-23 16:44:47 : Scanning with signatures version 120 (2016-9-19) 2016-09-23 16:44:53 : *** Scan time: 0d 00:00:06 *** 2016-09-23 16:44:53 : ------ Scan Ended ------ 2016-09-24 11:15:57 : 2016-09-24 11:15:57 : ----- Scan Started ----- 2016-09-24 11:15:57 : Scanning with signatures version 120 (2016-9-19) 2016-09-24 11:16:05 : *** Scan time: 0d 00:00:07 *** 2016-09-24 11:16:05 : ------ Scan Ended ------ 2016-09-25 13:33:40 : 2016-09-25 13:33:40 : ----- Scan Started ----- 2016-09-25 13:33:40 : Scanning with signatures version 120 (2016-9-19) 2016-09-25 13:33:50 : *** Scan time: 0d 00:00:10 *** 2016-09-25 13:33:50 : ------ Scan Ended ------ 2016-10-01 20:43:26 : 2016-10-01 20:43:26 : ----- Scan Started ----- 2016-10-01 20:43:26 : Scanning with signatures version 127 (2016-9-30) 2016-10-01 20:43:34 : *** Scan time: 0d 00:00:07 *** 2016-10-01 20:43:34 : ------ Scan Ended ------ 2016-10-07 23:45:21 : 2016-10-07 23:45:21 : ----- Scan Started ----- 2016-10-07 23:45:21 : Scanning with signatures version 130 (2016-10-7) 2016-10-07 23:45:28 : *** Scan time: 0d 00:00:06 *** 2016-10-07 23:45:28 : ------ Scan Ended ------ 2016-10-12 07:59:08 : 2016-10-12 07:59:08 : ----- Scan Started ----- 2016-10-12 07:59:08 : Scanning with signatures version 131 (2016-10-10) 2016-10-12 07:59:15 : *** Scan time: 0d 00:00:06 *** 2016-10-12 07:59:15 : ------ Scan Ended ------ 2016-10-12 17:07:40 : 2016-10-12 17:07:40 : ----- Scan Started ----- 2016-10-12 17:07:40 : Scanning with signatures version 131 (2016-10-10) 2016-10-12 17:07:46 : *** Scan time: 0d 00:00:06 *** 2016-10-12 17:07:46 : ------ Scan Ended ------
  15. Hello, i thought The problem was easy And small, But i noticed That its getting bigger everyday! Recently,I Was Getting Adfly And Sh.st Popups On My Laptop (Toshiba Windows 8.1) But then i noticed its not only on my laptop, Its on all my devices, My Mom Mobile, My sister mobile Even my mobile ( We all use google chrome) I thought that it was a router virus, I rested my router but still we are getting the same problem, We tried to scan with malware on our devices but we get nothing (we all use samsung devices) This is completely weird and annoying Problem, Please Help Me.
  16. I have the latest premium version of your program. Recently, perhaps after it upgraded, I have been getting constant (every second or two) popups saying a malicious website was blocked -- over and over again. Outbound sites including Joye-Luck.com are shown over and over again as being blocked. Why do I need to see this thousands of times - or at all? These popups so annoying that I have had to shut off malicious website blocking - even though I would prefer to have it on. Before doing that I have spent over three hours using various AV, anti-rootkit, cleaners & removal tools to try to eliminate the sources. I feel that your next revision should have a setting option to allow the protection while not showing the popups for malicious website blocking. If checked it would still display other threats. The popups are huge and distracting about 4"x4" on my 23" screen. They should be made smaller. What can be done to help? Thank you.
  17. Why is this search box (as shown in attached image) keep appearing above the google search. I think its a malware. I tried many anti malware software, also tried resetting Firefox, but no use. I also have recently links redirecting to ads. Its really annoying. Any help please? Also my you-cam app is running in background. I am afraid that someone is watching me through the webcam. So I am currently covering the lens. It would be nice if I could resolve the browser issue.
  18. I am having virtually identical issue. Chrome is almost unusable - completely overrun with banner ads and overlays. Clicking on anything is disastrous - opening multiple tabs to garbage malware sites, launching loud warning messages offering to sell "help" of my Infected PC. I use no proxy to access the net but each time my system boots, a program called privoxy.exe is loaded and appears in task manager. checking internet options in Win 7, i find settings hijacked and changed to the use of a proxy at 127.x.x.x and port 8110. Killing privoxy.exe process, restoring my connection settings to autodetect and removing the proxy entries, going into chrome settings and resetting them to default will usually allow chrome to run normally for the duration of that session only. Mbam, spybot, and avira running detect threats but never this one (other research indicates that this malware may be called "down lite"). In desperation, I tried chameleon but it will not work as described. Any button I push brings the com window but hitting any other key as instructed results in an infinite loop system crash. The com window shows gibberish followed by "failed!" over and over and the system is frozen so that only a hard reboot is possible. I hope this helps as a temporary fix if you have urgent internet needs but I want to know how to permanently remove this monster and prevent it or similar from coming back. Although a 30-year IT professional, I've never used forums and I apologize if I have posted this incorrectly. I did search for down lite and similar searches in the help topics but got zero returns (the same occurs at spybot and avira sites).
  19. Hello, I've never used a forum before, but I read a few of your past posts and was glad to see all the issues were resolved and felt you guys were the ones to approach for my problem. I use a dell inspiron xps 15, windows 10, 64 bit system. I'm having trouble using my google chrome, whenever I open it and do a routine google search, an additional search bar drops down from the address bar and pop ups from various sites open up in new tabs. At first I thought the problem was only limited to google chrome, but I faced similar problems when I tried using Microsoft Edge too. I use webroot as my antivirus software. Additionally, I installed malwarebytes and performed a scan and clean up. I uninstalled and reinstalled google chrome, it still did not help. I read a post on this website on a topic which was exactly like my problem, and I installed AdwCleaner and did a scan and clean with it. I also installed farbar recovery scan tool and performed a scan but did NOT fix anything with it. All these attempts still did not resolve the issue. Can anybody help me fix this problem?
  20. Hello, I've been getting pop-ups when going into my Steam Store page. The popups won't let me click on anything until I close them and when I do another pops up. It's a total of 2 pop-ups each time, and some times it only pops up when I click somewhere on the Store page. The popups are only in steam and I don't get popups anywhere else. It is effecting 2 of my computers one is a Laptop and the other is my Desktop. I've uploaded some picture of the popups and Farbar Recovery Scans of both computers in question. I have run Malwarebytes scan both quick and full as well as Ccleaner and Adwcleaner but none of these have solved my problem. I would appreciate any help you can give. Addition Desktop.txt Addition Laptop.txt FRST Desktop.txt FRST Laptop.txt
  21. Dear Sir, i had several malware problem so i installed advanced system care.I used a cracked version. As popups continued from google Later i used malwarebytes to remove other malware. now after restarting windows 8.1 it goes into black screen. i cant got to safe mode. Please help me.
  22. Hello, I downloaded something that I can't get rid of. I've ran several programs, deleted a few things detected, ran Malwarebytes (been a paying customer for years, it hasn't detected anything) , uninstalled and reinstalled Firefox then removed it. Installed Chrome (which I never had) and it's now doing it on there. I'll click on a link and a pop up new tab will come up. First it says Terraclick.com then it says lp.musicboxnewtab.com with an ad.. This originally started by a browser hi jack/redirect where every time I opened it, it opened into a non set homepage. I got rid of that, now I have this. I ran Farbar just now. This is what I have: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-09-2015Ran by Hypno (administrator) on HYPNORAYGUN (01-10-2015 14:16:03)Running from C:\Users\Hypno\DownloadsLoaded Profiles: Hypno (Available Profiles: Hypno)Platform: Windows 8.1 Connected (X64) Language: English (United States)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe() C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe(DELL Inc.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe(Dell Inc.) C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe() C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\igfxsrvc.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(Waves Audio Ltd.) C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe() C:\Program Files (x86) (x86)\Lexmark 5300 Series\lxdkamon.exe(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRSync.exe(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\imstrayicon.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7543000 2014-03-04] (Realtek Semiconductor)HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-25] (Realtek Semiconductor)HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [519256 2014-02-16] (Waves Audio Ltd.)HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-25] (Realtek Semiconductor)HKLM-x32\...\Run: [lxdkmon.exe] => C:\Program Files (x86) (x86)\Lexmark 5300 Series\lxdkmon.exe [455336 2010-02-15] ()HKLM-x32\...\Run: [lxdkamon] => C:\Program Files (x86) (x86)\Lexmark 5300 Series\lxdkamon.exe [25256 2010-02-15] ()HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [118272 2014-07-11] (LeapFrog Enterprises, Inc.)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKLM\...\Policies\Explorer\Run: [btvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [132736 2013-10-30] (Qualcomm®Atheros®)HKLM\...\Policies\Explorer: [NoFolderOptions] 0HKLM\...\Policies\Explorer: [NoControlPanel] 0ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hypno\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hypno\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hypno\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hypno\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hypno\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hypno\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hypno\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hypno\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2014-12-30] (Softthinks SAS)ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-30] (Softthinks SAS)ShellIconOverlayIdentifiers: [DBRShellOverlayBackupFile] -> {831CEBDD-6BAF-4432-BE76-9E0989C14AEF} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2014-12-30] (Softthinks SAS)ShellIconOverlayIdentifiers: [DBRShellOverlayModifiedBackupFile] -> {275E4FD7-21EF-45CF-A836-832E5D2CC1B3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-30] (Softthinks SAS) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) AutoConfigURL: [s-1-5-21-1188468758-1272634306-373300443-1001] => http://stopblock.me/wpad.dat?6a7e33d7632b2a86907a914d4cfeaf5c177020Tcpip\Parameters: [DhcpNameServer] 71.10.216.1 71.10.216.2Tcpip\..\Interfaces\{36968F8E-9445-4C71-925E-031F5072C6F6}: [DhcpNameServer] 71.10.216.1 71.10.216.2Tcpip\..\Interfaces\{4A1A0DDE-BD5F-421D-9A83-8F193CC8F565}: [DhcpNameServer] 71.10.216.1 71.10.216.2 Internet Explorer:==================HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blankHKU\S-1-5-21-1188468758-1272634306-373300443-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mail.yahoo.com/HKU\S-1-5-21-1188468758-1272634306-373300443-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJBSearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1188468758-1272634306-373300443-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}SearchScopes: HKU\S-1-5-21-1188468758-1272634306-373300443-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}SearchScopes: HKU\S-1-5-21-1188468758-1272634306-373300443-1001 -> {D82486F8-9441-4F09-A262-552F2F035E33} URL = FireFox:========FF ProfilePath: C:\Users\Hypno\AppData\Roaming\Mozilla\Firefox\Profiles\ob4zic6x.default-1443596698055FF DefaultSearchEngine.US: GoogleFF Homepage: hxxps://login.yahoo.com/?.src=ym&.intl=us&.lang=en-US&.done=https%3a//mail.yahoo.comFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2013-12-10] (Nero AG)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-01] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-01] (Google Inc.)FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN) Chrome: =======CHR HomePage: Default -> hxxp://www.yahoo.com/CHR StartupUrls: Default -> "hxxp://yahoo.com/","hxxp://facebook.com/","hxxp://twitter.com/"CHR Profile: C:\Users\Hypno\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Slides) - C:\Users\Hypno\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-01]CHR Extension: (Google Docs) - C:\Users\Hypno\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-01]CHR Extension: (Google Drive) - C:\Users\Hypno\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-01]CHR Extension: (YouTube) - C:\Users\Hypno\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-01]CHR Extension: (Google Search) - C:\Users\Hypno\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-01]CHR Extension: (Google Sheets) - C:\Users\Hypno\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-01]CHR Extension: (Google Docs Offline) - C:\Users\Hypno\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-10-01]CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Hypno\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-10-01]CHR Extension: (Chrome Web Store Payments) - C:\Users\Hypno\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-01]CHR Extension: (Gmail) - C:\Users\Hypno\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-01] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [317568 2013-10-30] (Windows ® Win 7 DDK provider) [File not signed]R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2573520 2015-05-22] (Dell Inc.)R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-05-22] (Dell Inc.)S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [278568 2014-10-31] (Aviata, Inc.)R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7241728 2014-07-11] (LeapFrog Enterprises, Inc.) [File not signed]R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)R2 My Dell Client Framework; C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe [168960 2014-01-10] (Dell Inc.) [File not signed]R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [2005392 2015-02-12] (SoftThinks SAS)R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [20648 2015-06-11] (Dell Inc.)R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] ()R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-17] (Qualcomm Atheros Communications, Inc.)R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-10-30] (Qualcomm Atheros)R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-10-01] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-16] (Intel Corporation)S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-10-01 14:16 - 2015-10-01 14:16 - 00016759 _____ C:\Users\Hypno\Downloads\FRST.txt2015-10-01 14:15 - 2015-10-01 14:16 - 00000000 ____D C:\FRST2015-10-01 14:15 - 2015-10-01 14:15 - 02192384 _____ (Farbar) C:\Users\Hypno\Downloads\FRST64 (1).exe2015-10-01 14:14 - 2015-10-01 14:14 - 02192384 _____ (Farbar) C:\Users\Hypno\Downloads\FRST64.exe2015-10-01 13:17 - 2015-10-01 13:17 - 00000262 _____ C:\Users\Hypno\Downloads\debug.log2015-10-01 10:44 - 2015-10-01 10:44 - 00002277 _____ C:\Users\Public\Desktop\Google Chrome.lnk2015-10-01 10:44 - 2015-10-01 10:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome2015-10-01 10:43 - 2015-10-01 13:48 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2015-10-01 10:43 - 2015-10-01 10:48 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2015-10-01 10:43 - 2015-10-01 10:43 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2015-10-01 10:43 - 2015-10-01 10:43 - 00003656 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2015-10-01 10:42 - 2015-10-01 13:17 - 00000000 ____D C:\Users\Hypno\AppData\Local\Google2015-10-01 10:42 - 2015-10-01 10:42 - 00000000 ____D C:\Users\Hypno\AppData\Local\Deployment2015-09-30 20:16 - 2015-09-30 20:16 - 00000000 ___RD C:\Users\Hypno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices2015-09-30 09:45 - 2015-10-01 10:59 - 00000000 ____D C:\Users\Hypno\AppData\Roaming\AVAST Software2015-09-29 18:52 - 2015-09-29 18:52 - 00001825 _____ C:\Users\Hypno\Desktop\AdwCleaner[C1].txt2015-09-29 18:45 - 2015-09-30 11:00 - 00000000 ____D C:\AdwCleaner2015-09-29 15:58 - 2015-09-29 15:58 - 00463688 _____ (Bleeping Computer, LLC) C:\Users\Hypno\Downloads\sc-cleaner.exe2015-09-24 13:45 - 2015-09-30 19:54 - 00002130 _____ C:\Windows\PFRO.log2015-09-24 13:45 - 2015-09-30 19:54 - 00000464 _____ C:\Windows\setupact.log2015-09-24 13:45 - 2015-09-24 13:45 - 00000000 _____ C:\Windows\setuperr.log2015-09-23 20:45 - 2015-09-23 22:06 - 00000646 _____ C:\Users\Hypno\Downloads\Seneca 1995.mp42015-09-23 16:48 - 2015-10-01 14:14 - 01283803 _____ C:\Windows\WindowsUpdate.log2015-09-23 15:48 - 2015-09-23 15:49 - 06666544 _____ (Piriform Ltd) C:\Users\Hypno\Downloads\ccsetup509pro.exe2015-09-23 15:45 - 2015-10-01 11:00 - 00000000 ____D C:\Program Files (x86)\Adobe2015-09-23 11:08 - 2015-09-23 11:08 - 00000000 ____D C:\ProgramData\Lavasoft2015-09-23 00:03 - 2015-09-30 02:05 - 00000000 ____D C:\Users\Hypno\Desktop\Old Firefox Data2015-09-21 22:49 - 2015-09-21 22:58 - 00000000 ____D C:\Users\Hypno\AppData\Roaming\PTGui2015-09-21 22:34 - 2015-09-21 22:34 - 00000000 ____D C:\Users\Hypno\AppData\Roaming\PTGui Pro2015-09-21 22:20 - 2015-09-21 22:20 - 00000000 ____D C:\Users\Hypno\AppData\Roaming\SpringFiles2015-09-21 13:43 - 2015-09-21 13:43 - 18819272 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe2015-09-15 22:47 - 2015-09-15 22:59 - 14079676 _____ C:\Users\Hypno\Desktop\test.wav2015-09-15 15:18 - 2015-09-15 23:26 - 00000000 ____D C:\Users\Hypno\Documents\Mixpad Projects2015-09-15 14:53 - 2015-09-15 14:53 - 00053672 _____ C:\Users\Hypno\Desktop\newguitar.sfk2015-09-15 14:38 - 2015-09-15 14:50 - 00053672 _____ C:\Users\Hypno\Desktop\EX000_2.sfk2015-09-15 14:38 - 2015-09-15 14:38 - 00055064 _____ C:\Users\Hypno\Desktop\EX000_4.sfk2015-09-08 21:33 - 2015-08-26 21:48 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe2015-09-08 21:33 - 2015-08-26 13:00 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll2015-09-08 21:33 - 2015-08-26 13:00 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll2015-09-08 21:33 - 2015-08-26 13:00 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll2015-09-08 21:33 - 2015-08-26 13:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe2015-09-08 21:33 - 2015-08-26 09:46 - 03705344 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll2015-09-08 21:33 - 2015-08-26 09:29 - 02240512 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll2015-09-08 21:33 - 2015-08-26 09:27 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll2015-09-08 21:33 - 2015-08-26 09:27 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll2015-09-08 21:33 - 2015-08-26 09:26 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll2015-09-08 21:33 - 2015-08-26 09:26 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll2015-09-08 21:33 - 2015-08-26 09:26 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe2015-09-08 21:32 - 2015-08-22 13:19 - 25188352 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2015-09-08 21:32 - 2015-08-22 12:35 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2015-09-08 21:32 - 2015-08-22 12:34 - 00585216 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2015-09-08 21:32 - 2015-08-22 12:22 - 19856384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2015-09-08 21:32 - 2015-08-22 12:21 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2015-09-08 21:32 - 2015-08-22 12:20 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2015-09-08 21:32 - 2015-08-22 11:55 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2015-09-08 21:32 - 2015-08-22 11:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2015-09-08 21:32 - 2015-08-22 11:50 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll2015-09-08 21:32 - 2015-08-22 11:45 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2015-09-08 21:32 - 2015-08-22 11:44 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll2015-09-08 21:32 - 2015-08-22 11:41 - 14451712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2015-09-08 21:32 - 2015-08-22 11:41 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2015-09-08 21:32 - 2015-08-22 11:41 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2015-09-08 21:32 - 2015-08-22 11:41 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2015-09-08 21:32 - 2015-08-22 11:39 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2015-09-08 21:32 - 2015-08-22 11:28 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2015-09-08 21:32 - 2015-08-22 11:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2015-09-08 21:32 - 2015-08-22 11:23 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll2015-09-08 21:32 - 2015-08-22 11:22 - 12857344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2015-09-08 21:32 - 2015-08-22 11:20 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll2015-09-08 21:32 - 2015-08-22 11:18 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2015-09-08 21:32 - 2015-08-22 11:18 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2015-09-08 21:32 - 2015-08-22 11:18 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2015-09-08 21:32 - 2015-08-22 11:14 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2015-09-08 21:32 - 2015-08-22 11:01 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2015-09-08 21:32 - 2015-08-22 11:00 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2015-09-08 21:32 - 2015-08-22 10:56 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2015-09-08 21:32 - 2015-08-22 10:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2015-09-08 21:32 - 2015-07-30 12:18 - 00268288 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll2015-09-08 21:32 - 2015-07-30 11:22 - 00230912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll2015-09-08 21:30 - 2015-09-01 21:56 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2015-09-08 21:30 - 2015-09-01 21:55 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll2015-09-08 21:30 - 2015-09-01 21:50 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll2015-09-08 21:30 - 2015-09-01 21:17 - 00301568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll2015-09-08 21:30 - 2015-09-01 21:13 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll2015-09-08 21:30 - 2015-08-03 16:15 - 00074928 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll2015-09-08 21:30 - 2015-08-03 16:15 - 00065600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll2015-09-08 21:30 - 2015-08-01 09:22 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll2015-09-08 21:30 - 2015-07-31 22:47 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\schtasks.exe2015-09-08 21:30 - 2015-07-31 22:45 - 00182784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe2015-09-08 21:30 - 2015-07-31 22:38 - 01265152 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll2015-09-08 21:30 - 2015-07-31 22:37 - 00468992 _____ (Microsoft Corporation) C:\Windows\system32\taskeng.exe2015-09-08 21:30 - 2015-07-31 22:37 - 00359936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskeng.exe2015-09-08 21:30 - 2015-07-22 09:34 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll2015-09-08 21:30 - 2015-07-22 09:33 - 01728000 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll2015-09-08 21:30 - 2015-07-22 09:25 - 02461184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll2015-09-08 21:30 - 2015-07-22 09:25 - 01546752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll2015-09-08 21:30 - 2015-07-18 13:31 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\shacct.dll2015-09-08 21:30 - 2015-07-18 13:29 - 00655872 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll2015-09-08 21:30 - 2015-07-18 13:29 - 00148480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shacct.dll2015-09-08 21:30 - 2015-07-18 13:27 - 00520192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll2015-09-08 21:30 - 2015-07-13 22:27 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\tzsync.exe2015-09-06 23:40 - 2015-09-06 23:40 - 00000000 ____D C:\Users\Hypno\Desktop\scanned pics ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-10-01 14:14 - 2015-01-28 02:00 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-10-01 11:03 - 2014-11-30 00:14 - 01752064 ___SH C:\Users\Hypno\Downloads\Thumbs.db2015-10-01 11:03 - 2014-11-25 20:54 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1188468758-1272634306-373300443-10012015-10-01 11:01 - 2015-01-02 01:22 - 00000000 ____D C:\Program Files (x86)\NCH Software2015-10-01 10:44 - 2015-02-11 23:49 - 00000000 ____D C:\Program Files (x86)\Google2015-10-01 10:42 - 2015-01-06 00:13 - 00000000 ____D C:\Users\Hypno\AppData\Local\Apps\2.02015-09-30 20:21 - 2014-09-21 02:14 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery2015-09-30 20:15 - 2014-11-28 13:59 - 00367104 ___SH C:\Users\Hypno\Desktop\Thumbs.db2015-09-30 20:15 - 2014-11-25 20:56 - 00000000 ____D C:\Users\Hypno\OneDrive2015-09-30 19:54 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\FileManager2015-09-30 19:54 - 2013-08-22 09:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT2015-09-30 19:53 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\BBI2015-09-30 19:00 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\sru2015-09-30 15:12 - 2014-09-21 02:09 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell2015-09-30 14:18 - 2014-03-18 04:53 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI2015-09-30 10:55 - 2014-12-20 11:28 - 00000000 ____D C:\Users\Hypno\AppData\Roaming\BitTorrent2015-09-29 16:19 - 2014-12-02 14:49 - 00020519 _____ C:\Windows\system32\lvcoinst.log2015-09-23 16:03 - 2015-01-03 07:36 - 00000000 ____D C:\Users\Hypno\AppData\Roaming\MPC-HC2015-09-23 16:02 - 2014-11-28 22:59 - 00000000 ____D C:\Users\Hypno\AppData\Local\CrashDumps2015-09-23 16:02 - 2014-09-21 02:01 - 00000000 ____D C:\Windows\Panther2015-09-23 15:48 - 2014-11-28 13:52 - 00000000 ____D C:\Users\Hypno\AppData\Local\Adobe2015-09-23 15:44 - 2014-12-30 02:11 - 00000000 ____D C:\ProgramData\Adobe2015-09-22 23:47 - 2014-11-25 20:49 - 00001444 _____ C:\Users\Hypno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2015-09-22 15:19 - 2015-01-02 01:22 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software2015-09-21 14:01 - 2013-08-22 10:20 - 00000000 ____D C:\Windows\CbsTemp2015-09-15 22:46 - 2015-01-02 01:22 - 00000000 ____D C:\Users\Hypno\AppData\Roaming\NCH Software2015-09-15 15:18 - 2015-01-02 01:22 - 00000000 ____D C:\ProgramData\NCH Software2015-09-14 20:18 - 2015-04-17 11:04 - 00812008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2015-09-14 20:18 - 2015-04-17 11:04 - 00178152 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2015-09-12 22:16 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\LiveKernelReports2015-09-12 15:29 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\rescache2015-09-09 19:17 - 2013-08-22 09:44 - 00359856 _____ C:\Windows\system32\FNTCACHE.DAT2015-09-08 23:56 - 2014-03-18 04:38 - 00000000 ____D C:\Program Files\Windows Journal2015-09-08 23:56 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\PolicyDefinitions2015-09-08 21:59 - 2014-12-01 01:03 - 00000000 ____D C:\ProgramData\Microsoft Help2015-09-08 21:52 - 2014-11-30 15:19 - 00000000 ____D C:\Windows\system32\MRT2015-09-07 01:30 - 2014-11-25 20:48 - 00000000 ____D C:\Users\Hypno ==================== Files in the root of some directories ======= 2014-09-21 02:04 - 2014-09-21 02:04 - 0000000 ____H () C:\ProgramData\DP45977C.lfl2014-09-21 02:03 - 2014-09-21 02:03 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log2014-09-21 01:59 - 2014-09-21 02:00 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log2014-09-21 02:00 - 2014-09-21 02:02 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log2014-09-21 02:02 - 2014-09-21 02:03 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log2014-09-21 01:58 - 2014-09-21 01:59 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log Some files in TEMP:====================C:\Users\Hypno\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\dnsapi.dll => File is digitally signedC:\Windows\SysWOW64\dnsapi.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-09-29 16:19 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version:30-09-2015Ran by Hypno (2015-10-01 14:17:36)Running from C:\Users\Hypno\DownloadsWindows 8.1 Connected (X64) (2014-11-26 01:48:48)Boot Mode: Normal========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1188468758-1272634306-373300443-500 - Administrator - Disabled)Guest (S-1-5-21-1188468758-1272634306-373300443-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-1188468758-1272634306-373300443-1003 - Limited - Enabled)Hypno (S-1-5-21-1188468758-1272634306-373300443-1001 - Administrator - Enabled) => C:\Users\Hypnosydel_000 (S-1-5-21-1188468758-1272634306-373300443-1004 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.8.1.70 - Dell Inc.)Dell Data Vault (Version: 4.3.4.0 - Dell Inc.) HiddenDell Digital Delivery (HKLM-x32\...\{693A23FB-F28B-4F7A-A720-4C1263F97F43}) (Version: 3.1.1002.0 - Dell Products, LP)Dell Product Registration (HKLM-x32\...\{24F2AD94-CC1B-4294-B184-D4D31A3186A7}) (Version: 2.42.0012 - Aviata Inc.)Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.0.47 - Dell)Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)Dropbox (HKU\S-1-5-21-1188468758-1272634306-373300443-1001\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)Google Earth Pro (HKLM-x32\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) HiddenIntel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3408 - Intel Corporation)K-Lite Codec Pack 10.9.0 Standard (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.9.0 - )LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 6.0.19.19317 - LeapFrog)LeapFrog Connect (x32 Version: 6.0.19.19317 - LeapFrog) HiddenLeapFrog LeapPad Explorer Plugin (x32 Version: 6.0.19.19317 - LeapFrog) HiddenMalwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)Microsoft Sync Framework 2.0 Core Components (x64) ENU (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)Microsoft Sync Framework 2.0 Provider Services (x64) ENU (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)My Dell Client Framework (HKLM-x32\...\InstallShield_{05F1B866-2372-4E82-9AA8-C64FB11CEF8B}) (Version: 1.0.0.3 - Dell)My Dell Client Framework (x32 Version: 1.0.0.3 - Dell) HiddenNero 2014 (HKLM-x32\...\{0128492C-AB60-43BE-9D9A-8CA622CAF06E}) (Version: 15.0.07700 - Nero AG)Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 15.1.0030 - Nero AG)PeaZip 5.5.2 (HKLM-x32\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version: - Giorgio Tani)PocketCloud (HKLM-x32\...\{D9752C7D-A595-4687-A0D5-362E9C311C55}) (Version: 2.7.14 - Wyse Technology)Prerequisite installer (x32 Version: 15.0.0005 - Nero AG) HiddenPrism Video File Converter (HKLM-x32\...\Prism) (Version: 2.25 - NCH Software)Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.308 - Qualcomm Atheros Communications)Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.30174 - Realtek Semiconductor Corp.)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7188 - Realtek Semiconductor Corp.)SketchUp 2015 (HKLM\...\{350488A4-1540-4103-8F01-B27503891EB0}) (Version: 15.3.331 - Trimble Navigation Limited)Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)Sonic Foundry Sound Forge 5.0 (HKLM-x32\...\{F3D6581A-FEA1-11D4-8170-00C04F612EA4}) (Version: 5.0.0.117 - Sonic Foundry)Switch Sound File Converter (HKLM-x32\...\Switch) (Version: - NCH Software)SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin) (HKLM-x32\...\LeapPadExplorerPlugin) (Version: - LeapFrog)Visualizer for SketchUp (HKLM\...\{3758A735-50FD-4033-B3F5-77F30ED63F87}) (Version: 1.3.13.0 - Imagination)VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 6.02 - NCH Software)Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1188468758-1272634306-373300443-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Hypno\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1188468758-1272634306-373300443-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Hypno\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1188468758-1272634306-373300443-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hypno\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1188468758-1272634306-373300443-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hypno\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1188468758-1272634306-373300443-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hypno\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1188468758-1272634306-373300443-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hypno\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1188468758-1272634306-373300443-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hypno\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1188468758-1272634306-373300443-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hypno\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1188468758-1272634306-373300443-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hypno\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1188468758-1272634306-373300443-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hypno\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ==================== Restore Points ========================= 18-09-2015 21:03:51 Scheduled Checkpoint23-09-2015 11:08:27 AA1130-09-2015 15:08:29 AA11 ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0E62425E-B9BE-42CC-8005-CA0C8EF8775A} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exeTask: {10EE6506-8997-4F4E-A67A-37CD9C08DBF5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-01] (Google Inc.)Task: {144F19A1-EA57-4434-81BA-6E171E23EDED} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2013-10-16] (Nero AG)Task: {15D482E8-322C-4BAF-B433-A1ED3ACEC0DF} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-06-11] (Dell Inc.)Task: {29F7DA91-8C96-4AD7-9300-DCBF16C47DC7} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-10-31] (Aviata Inc)Task: {4596C201-2628-4889-B91B-D0BD8A2B7ACB} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-05-25] (PC-Doctor, Inc.)Task: {AE84B036-97E8-4103-8630-2AFA375077D1} - System32\Tasks\PocketCloudVirtualChannel => C:\Program Files (x86)\Wyse\PocketCloud\WPCRDPVirtualChannelServer.exe [2013-08-22] ()Task: {B92C98E1-8C51-47F3-9694-4753FAD43955} - System32\Tasks\PocketCloudUpdater => C:\ProgramTask: {C2999CD8-B496-4022-935F-0E3E8B0848C8} - System32\Tasks\PocketCloud => C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe [2013-08-22] ()Task: {D7CEC631-295E-4D58-A790-E34A6FBA9D25} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-05-25] (PC-Doctor, Inc.)Task: {D8346D27-6119-4C6C-A3CB-8ED9596512A2} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-04] (CyberLink)Task: {DC186D02-EC65-489D-AA6A-4CE6E2ABCF95} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-01] (Google Inc.)Task: {DD6781DB-F70A-49F9-ADE5-36411CF35E2C} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)Task: {F3CBD649-00E7-4839-9B70-42C9EBAAECBE} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-08-26] (Microsoft Corporation)Task: {F8A8E634-C2A1-49B4-BFA9-971F236BFA17} - System32\Tasks\Dell\Dell Product Registration Update => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-10-31] (Aviata Inc) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2013-08-22 13:40 - 2013-08-22 13:40 - 00016176 _____ () C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe2013-08-22 13:40 - 2013-08-22 13:40 - 00040240 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherServiceLib.dll2013-08-22 13:40 - 2013-08-22 13:40 - 00046384 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherHelperLib.dll2014-01-10 16:53 - 2014-01-10 16:53 - 00016384 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.Interfaces.dll2014-01-10 16:53 - 2014-01-10 16:53 - 00081408 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.Objects.dll2014-01-10 16:53 - 2014-01-10 16:53 - 00815616 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.Resources.dll2014-01-10 17:24 - 2014-01-10 17:24 - 00052736 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.Client.Pulse.Agent.Plugins.SelfUpdate.dll2014-01-10 17:24 - 2014-01-10 17:24 - 00019968 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.Client.Pulse.Agent.Common.dll2013-10-30 01:11 - 2013-10-30 01:11 - 00011264 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll2013-10-30 01:07 - 2013-10-30 01:07 - 00086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll2013-10-30 01:15 - 2013-10-30 01:15 - 00012928 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe2014-12-24 14:26 - 2010-02-15 13:26 - 00025256 _____ () C:\Program Files (x86) (x86)\Lexmark 5300 Series\lxdkamon.exe2015-06-25 13:52 - 2015-05-19 20:26 - 00107256 _____ () C:\Program Files\Dell\SupportAssist\libCSharpCommonCS.dll2015-06-25 13:52 - 2015-05-19 20:26 - 00553720 _____ () C:\Program Files\Dell\SupportAssist\libAsapiCSharp.dll2015-03-16 11:28 - 2015-03-16 11:28 - 00155528 _____ () C:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll2014-12-24 14:26 - 2010-02-09 08:41 - 00028672 _____ () C:\Program Files (x86) (x86)\Lexmark 5300 Series\App4R.Monitor.Common.dll2014-12-24 14:26 - 2010-02-09 08:41 - 00036864 _____ () C:\Program Files (x86) (x86)\Lexmark 5300 Series\App4R.Monitor.Core.dll2014-12-24 14:26 - 2010-02-09 08:40 - 00057344 _____ () C:\Program Files (x86) (x86)\Lexmark 5300 Series\app4r.devmons.mcmdevmon.dll2014-12-24 14:26 - 2008-06-06 07:45 - 00011776 _____ () C:\Program Files (x86) (x86)\Lexmark 5300 Series\App4R.DevMons.MCMDevMon.AutoPlayUtil.dll2014-02-01 13:30 - 2014-02-01 13:30 - 00861184 _____ () C:\Program Files (x86)\LeapFrog\LeapFrog Connect\platforms\qwindows.dll2014-09-21 01:59 - 2013-03-04 22:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll2013-03-05 13:41 - 2013-03-05 13:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll2015-02-26 11:07 - 2015-02-09 10:14 - 01905904 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll2014-09-21 02:15 - 2012-11-26 01:19 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll2015-02-26 11:07 - 2014-02-18 13:12 - 00117568 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll2015-10-01 10:44 - 2015-09-23 21:34 - 01501512 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libglesv2.dll2015-10-01 10:44 - 2015-09-23 21:34 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libegl.dll2015-10-01 10:44 - 2015-09-23 21:34 - 16487752 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfmAlternateDataStreams: C:\Users\Hypno\OneDrive:ms-properties ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1188468758-1272634306-373300443-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Hypno\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpgDNS Servers: 71.10.216.1 - 71.10.216.2HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run: => "AdAwareTray" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139FirewallRules: [{383E65B5-108A-458B-8E11-809EE0183915}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exeFirewallRules: [{1357C1E0-7FD2-49F2-B39B-B256F27CB5C7}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\AetherWindowsService.exeFirewallRules: [{59ADB38E-8A52-4249-952D-4F04962D3C12}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exeFirewallRules: [{5DFCAFB9-BB3F-4BBB-B636-C9986FA1D940}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXEFirewallRules: [{259B95C8-2A7A-42C1-A97C-8EC75A84C379}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exeFirewallRules: [{679E6E4A-EECC-471B-80E1-49F83AF09666}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exeFirewallRules: [{6F44041F-DBD4-44DF-AA62-E5552C33A1FF}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exeFirewallRules: [{FCFB9474-DD07-4F0A-94CE-54369B8723B3}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exeFirewallRules: [{89ED3E5C-7937-4417-9684-631BEB559A8F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exeFirewallRules: [{C8EB96E7-41CD-46E6-AC55-F9551754F357}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exeFirewallRules: [{6683267F-3D59-4181-A6D2-0811535700BE}] => (Allow) C:\Windows\SysWOW64\lxdkcoms.exeFirewallRules: [{B421CB7C-9258-4316-9495-76642D720C5A}] => (Allow) C:\Windows\SysWOW64\lxdkcoms.exeFirewallRules: [{38A75B82-EFC5-4673-BEE4-7CA7F6B1DF00}] => (Allow) C:\Program Files (x86) (x86)\Lexmark 5300 Series\lxdkamon.exeFirewallRules: [{7CD468EA-53CE-4D7C-BED9-C8BC6C333AFF}] => (Allow) C:\Program Files (x86) (x86)\Lexmark 5300 Series\lxdkamon.exeFirewallRules: [{38AEFA95-0615-43EB-A4F3-E0E4BA332047}] => (Allow) C:\Program Files (x86) (x86)\Lexmark 5300 Series\frun.exeFirewallRules: [{7528B128-953D-4620-9B07-0A8BFEC86CC1}] => (Allow) C:\Program Files (x86) (x86)\Lexmark 5300 Series\frun.exeFirewallRules: [{D1C18F20-F63F-44ED-B7A8-5864BC6FCD5A}] => (Allow) C:\Program Files (x86) (x86)\Lexmark 5300 Series\lxdkmon.exeFirewallRules: [{3B192F3D-C4B3-4967-B688-6678C9F2FDE7}] => (Allow) C:\Program Files (x86) (x86)\Lexmark 5300 Series\lxdkmon.exeFirewallRules: [{36813081-8EDA-4EEA-B207-27D6B04186E3}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exeFirewallRules: [{5A7CF105-0277-4C0A-905F-5C599EA2FC7F}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exeFirewallRules: [{16B5E429-C15E-472B-9BC9-FE89722ED227}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exeFirewallRules: [{D2C08777-2A95-4F43-B96E-8AF6EBB7543C}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exeFirewallRules: [{80EF4F7C-6AF2-490F-9F61-2DDA1ED59615}] => (Allow) C:\Users\Hypno\AppData\Local\Temp\nssB7D2.tmp\CnetInstaller-10735947.exeFirewallRules: [{ABDD6C01-93A2-430D-813F-C982BB85BF9A}] => (Allow) C:\Users\Hypno\AppData\Local\Temp\nssB7D2.tmp\CnetInstaller-10735947.exeFirewallRules: [{7CE86586-756A-42B9-AE89-5196B48EE9CC}] => (Allow) C:\Users\Hypno\AppData\Local\Temp\nse2E4A.tmp\CnetInstaller-10735947.exeFirewallRules: [{2F32C58D-E333-4356-ABAC-6AF76062DF80}] => (Allow) C:\Users\Hypno\AppData\Local\Temp\nse2E4A.tmp\CnetInstaller-10735947.exeFirewallRules: [{BED5D576-2BB4-4177-933D-7E72BE5E0282}] => (Allow) C:\Users\Hypno\AppData\Roaming\Dropbox\bin\Dropbox.exeFirewallRules: [{C31C22FB-99F4-401F-8DA8-8BB7B830CA35}] => (Allow) C:\Users\Hypno\AppData\Roaming\Dropbox\bin\Dropbox.exeFirewallRules: [{FB3DE7B6-AC1C-4A61-9090-01CD20B1B9E2}] => (Allow) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\LeapfrogConnect.exeFirewallRules: [{E15A7092-62A3-4B20-89DB-76112E66D679}] => (Allow) C:\Program Files (x86)\SpringFiles\SpringFiles.exeFirewallRules: [{6E726B8D-1DBC-4E70-AE84-3FDEA445DC49}] => (Allow) C:\Program Files (x86)\SpringFiles\SpringFiles.exeFirewallRules: [{9C824CA5-DFA9-425D-87F6-4D4A28807D35}] => (Allow) C:\Program Files (x86)\SpringFiles\downloader.exeFirewallRules: [{0E0D26A8-2742-4785-ADF0-86B872985C28}] => (Allow) C:\Program Files (x86)\SpringFiles\downloader.exeFirewallRules: [{4F0C4838-03AC-4B02-9618-4E6716284820}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= Name: Dell Wireless 1705 802.11b/g/n (2.4GHZ)Description: Dell Wireless 1705 802.11b/g/n (2.4GHZ)Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: Atheros Communications Inc.Service: athrProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors:==================Error: (09/30/2015 07:55:11 PM) (Source: Perflib) (EventID: 1008) (User: )Description: BITSC:\Windows\System32\bitsperf.dll8 Error: (09/30/2015 03:12:35 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: HYPNORAYGUN)Description: Application or service 'Dell Update Service' could not be restarted. Error: (09/29/2015 06:52:03 PM) (Source: Perflib) (EventID: 1008) (User: )Description: BITSC:\Windows\System32\bitsperf.dll8 Error: (09/29/2015 02:15:48 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )Description: The Desktop Window Manager has encountered a fatal error (0x8898008d) Error: (09/23/2015 02:11:42 PM) (Source: Perflib) (EventID: 1008) (User: )Description: BITSC:\Windows\System32\bitsperf.dll8 Error: (09/22/2015 03:46:47 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program MixPad.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1efc Start Time: 01d0f573f5a71f58 Termination Time: 569 Application Path: C:\Program Files (x86)\NCH Software\MixPad\MixPad.exe Report Id: ff039ad2-616a-11e5-8277-38b1db634512 Faulting package full name: Faulting package-relative application ID: Error: (09/18/2015 08:22:46 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 510 Start Time: 01d0f278f33cc1f5 Termination Time: 4294967295 Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe Report Id: e8f6c413-5e6c-11e5-8277-38b1db634512 Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1 Error: (09/12/2015 10:11:49 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1a7c Start Time: 01d0edd136c540de Termination Time: 4294967295 Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe Report Id: 2a92dbe7-59c5-11e5-8277-38b1db634512 Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1 Error: (09/09/2015 07:18:29 PM) (Source: Perflib) (EventID: 1008) (User: )Description: BITSC:\Windows\System32\bitsperf.dll8 Error: (09/07/2015 03:02:51 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: mbam.exe, version: 2.3.55.0, time stamp: 0x557a2a02Faulting module name: ntdll.dll, version: 6.3.9600.17936, time stamp: 0x55a68dd1Exception code: 0xc0000374Fault offset: 0x000e5904Faulting process id: 0xce0Faulting application start time: 0xmbam.exe0Faulting application path: mbam.exe1Faulting module path: mbam.exe2Report Id: mbam.exe3Faulting package full name: mbam.exe4Faulting package-relative application ID: mbam.exe5 System errors:=============Error: (09/30/2015 08:20:25 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 80. Error: (09/30/2015 08:20:25 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 80. Error: (09/30/2015 08:15:49 PM) (Source: DCOM) (EventID: 10016) (User: HYPNORAYGUN)Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}HypnoRaygunHypnoS-1-5-21-1188468758-1272634306-373300443-1001LocalHost (Using LRPC)UnavailableUnavailable Error: (09/30/2015 08:15:40 PM) (Source: DCOM) (EventID: 10016) (User: HYPNORAYGUN)Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}HypnoRaygunHypnoS-1-5-21-1188468758-1272634306-373300443-1001LocalHost (Using LRPC)UnavailableUnavailable Error: (09/30/2015 08:15:40 PM) (Source: DCOM) (EventID: 10016) (User: HYPNORAYGUN)Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}HypnoRaygunHypnoS-1-5-21-1188468758-1272634306-373300443-1001LocalHost (Using LRPC)UnavailableUnavailable Error: (09/30/2015 08:15:39 PM) (Source: DCOM) (EventID: 10016) (User: HYPNORAYGUN)Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}HypnoRaygunHypnoS-1-5-21-1188468758-1272634306-373300443-1001LocalHost (Using LRPC)UnavailableUnavailable Error: (09/30/2015 08:15:39 PM) (Source: DCOM) (EventID: 10016) (User: HYPNORAYGUN)Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}HypnoRaygunHypnoS-1-5-21-1188468758-1272634306-373300443-1001LocalHost (Using LRPC)UnavailableUnavailable Error: (09/30/2015 08:15:39 PM) (Source: DCOM) (EventID: 10016) (User: HYPNORAYGUN)Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}HypnoRaygunHypnoS-1-5-21-1188468758-1272634306-373300443-1001LocalHost (Using LRPC)UnavailableUnavailable Error: (09/30/2015 08:15:38 PM) (Source: DCOM) (EventID: 10016) (User: HYPNORAYGUN)Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}HypnoRaygunHypnoS-1-5-21-1188468758-1272634306-373300443-1001LocalHost (Using LRPC)UnavailableUnavailable Error: (09/30/2015 08:15:38 PM) (Source: DCOM) (EventID: 10016) (User: HYPNORAYGUN)Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}HypnoRaygunHypnoS-1-5-21-1188468758-1272634306-373300443-1001LocalHost (Using LRPC)UnavailableUnavailable CodeIntegrity:=================================== Date: 2015-09-30 19:49:34.971 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-30 19:49:34.549 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-30 19:49:34.111 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-30 19:49:17.529 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-30 19:49:17.107 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-30 19:49:16.685 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-30 19:49:15.935 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-30 19:49:15.514 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-30 19:49:15.060 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-30 19:49:13.826 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel® Celeron® CPU J1800 @ 2.41GHzPercentage of memory in use: 51%Total physical RAM: 3987.2 MBAvailable physical RAM: 1915.6 MBTotal Virtual: 5459.2 MBAvailable Virtual: 2469.82 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:456.3 GB) (Free:411.51 GB) NTFSDrive d: (Elements) (Fixed) (Total:1863.01 GB) (Free:921.68 GB) NTFSDrive f: (ESP) (Fixed) (Total:0.48 GB) (Free:0.46 GB) FAT32Drive w: (WINRETOOLS) (Fixed) (Total:0.73 GB) (Free:0.42 GB) NTFSDrive x: (PBR Image) (Fixed) (Total:8.08 GB) (Free:0.7 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 465.8 GB) (Disk ID: 240AD42F) Partition: GPT. ========================================================Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 000F408A)Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
  23. Hi, I've recently installed the microsoft office to my laptop, it comes with the Mircrosoft Toolkit 2.4.3. After when I am done setting up the softwares, I experienced multiple times of running programs not responding, internet pop-ups and having trouble logging into school's site. How can I go about removing the malwares and rectify the situation whereas keeping my mircrosoft offices?
  24. Hi everyone, I'm having the issue now that whilie I'm surfing the internet I'm getting these audio ads that can't be stopped, and some play in specfic tabs that you have to go to and press on the X buttom to cancel them, and on top of that there are these box ads all around the webpages now. How can this malware be eliminated? Thanks
  25. Suspected virus - random Chrome pop ups - Resolved HijackThis Logs - Malwarebytes Forum https://forums.malwarebytes.org/index.php?/topic/124537-suspected-virus-random-chrome-pop-ups/ When clicking on certain websites that are completely safe and I have used before, pop ups such as "make money fast" or "try this miracle product" are appearing in a new tab. took little notice at first but is getting rather regularly now and more common, with sometimes every click for 4-5 clicks in a row opening up a tab. have norton and windows defender active but neither had any success. Note: did a bit of digging myself and found a post that sounds similar, started following the steps but soon realised that it might be different with each computer as I have no idea what to look for. sorry for keeping it short, just feel like the other post sums it up exactly
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.