Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: "The requested URL was rejected" with only one site, everywhere else is ok

  1. #1
    Junior Member
    Join Date
    Dec 2011
    Posts
    15

    Default "The requested URL was rejected" with only one site, everywhere else is ok

    I did a search first and that came up, but most of the supposed solutions were cleaning cookies & cache from the browser. I do that automatically when I close the browser as I have done for well over 15 years. The other solutions were fare more complicated and seemed to be directed at specific systems or circumstances.

    Details;
    Winy sp1 (no updates purposely)
    Opera Classic v12.18
    Firefox v53 Portable,
    Spectrum Cable Internet (if that matters)
    NO firewall or filters either in the router or software
    Only one site is affected, my banks account login page. Other pages on their site are fine, only the login page; https://onlinebanking.mtb.com/

    Now the kicker is, there is also a problem using Firefox, but I can login, but the "accounts" summary page didn't show the separate accounts as it should. I had to navigate off that specific page, then return for that missing portion of the page to display.

    Now, what I did was to scan using Spybot (of course), CCleaner, HyjackThis, Kaspersky AVZ Toolkit, AVG & Panda. Other than some known false positives, nothing turned up other than some crap CCleaner & Spybot cleaned up but nothing suspecious.

    Anyway, the special message on a blank page (I can't even get to the login page) is below;
    The requested URL was rejected. If you experience issues browsing to this webpage please call the Online & Mobile Banking help line at 1-800-790-9130 and provide the Error Code below.

    Your Error Code is: 6531125852694242027

  2. #2
    Junior Member
    Join Date
    Dec 2011
    Posts
    15

    Default

    To add, I have a 2nd bootable HDD in my main tower with a (close to) mirror install as the drive I normally use. There is NO issue there as there is NO issue on a laptop running XP.

  3. #3
    Junior Member
    Join Date
    Dec 2011
    Posts
    15

    Default

    I forgot to add, after I ran those programs, the problem disappeared last night, only to return this morning. Since I re-ran CCleaner & Spybot again today, the problem has gone away again as I type this. I'll post back when and if it returns, unless I'm lucky I bet it will.


    (It would be nice if one could edit a post instead of adding one. )

    Admin Edit
    http://forums.spybot.info/showthread.php?t=288

    "Can I edit my own posts?


    1. In the Malware Removal Forum, members may not edit their posts."
    Last edited by tashi; 2017-07-04 at 22:13. Reason: Added link to FAQ

  4. #4
    Junior Member
    Join Date
    Dec 2011
    Posts
    15

    Default

    I closed the browser (Opera) and reopened it with the problem returning as it did last night. I tried FF, and as of now that is ok (same site of course). Two things I will add is I do run Ghostery, but that never was a problem here. The other is another 'bank' site login does work ok with Opera.

    All of this is using just my main drive (not backup) in this tower. Ok I give up, ideas please????

  5. #5
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Let's try a couple of things

    Let's try resetting the router since thats a simple task.

    Turn off the computer
    Turn off the router, unplug it. Let it sit for a good 4 to 5 minutes.

    Plug the router back in to electrical, turn on router (if it has an on off switch in the back)

    Boot up computer.

    ~~~
    Following instructions below on how to
    Flush DNS
    http://www.wikihow.com/Flush-DNS


    ~~~

    Farbar Recovery Scan Tool (FRST) Scan
    • Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) andsave the file to your Desktop.
    • Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
    • Right-Click FRST.exe / FRST64.exe and select Run as administrator to run the programme.
    • Click Yes to the disclaimer.
    • Ensure the Addition.txt box is checked.
    • Click the Scan button and let the programme run.
    • Upon completion, click OK, then OK on the Addition.txt pop up screen.
    • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  6. #6
    Junior Member
    Join Date
    Dec 2011
    Posts
    15

    Default

    Sheesh, no wonder M$ writes the worst O/S.
    I almost NEVER run Idiot Exploiter.

    I didn't flush the DNS yet, nor power cycle the router. I will after I post this this.

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-07-2017
    Ran by videoBruce (administrator) on VB1 (04-07-2017 18:01:51)
    Running from F:\Backup Programs 1 16.7GB\_Virus programs
    Loaded Profiles: videoBruce & Administrator (Available Profiles: videoBruce & Administrator)
    Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 8 (Default browser: "C:\Program Files\Opera V1218 x64\Opera.exe" "%1")
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Windows\System32\CISVC.EXE
    (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
    (ITSamples.com) C:\Program Files\NetworkIndicator v17\NetworkIndicator.exe
    ( ) C:\Program Files (x86)\BitMeter v35\BitMeter2.exe
    () C:\Portables in C\ResizeEnable V13 portable\ResizeEnable V14 1203.exe
    (PortableApps.com) C:\Portables in C\Spybot Portable V23\SpybotPortable.exe
    (Safer-Networking Ltd.) C:\Portables in C\Spybot Portable V23\App\Spybot\SDFSSvc.exe
    (Safer-Networking Ltd.) C:\Portables in C\Spybot Portable V23\App\Spybot\SDScan.exe
    (Opera Software) C:\Program Files\Opera V1218 x64\opera.exe
    (Microsoft Corporation) C:\Windows\System32\cmd.exe
    (Farbar) F:\Backup Programs 1 16.7GB\_Virus programs\Farbar Recovery Scan Tool x64.exe

    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9186816 2016-12-23] (Realtek Semiconductor)
    HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161728 2015-11-12] (IvoSoft)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [ReminderApp] => [X]
    HKU\PE_D_USER11\...\Run: [NetworkIndicator] => C:\Program Files\NetworkIndicator V17\NetworkIndicator.exe [367616 2014-12-12] (ITSamples.com)
    HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
    HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
    HKU\S-1-5-21-2248871800-1667375335-2429770600-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
    HKU\S-1-5-21-2248871800-1667375335-2429770600-1000\...\Run: [NetworkIndicator] => C:\Program Files\NetworkIndicator v17\NetworkIndicator.exe [367616 2014-12-12] (ITSamples.com)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bitmeter2.lnk [2017-04-26]
    ShortcutTarget: Bitmeter2.lnk -> C:\Program Files (x86)\BitMeter v35\BitMeter2.exe ( )
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ResizeEnable.lnk [2017-04-26]
    ShortcutTarget: ResizeEnable.lnk -> C:\Portables in C\ResizeEnable V13 portable\ResizeEnable V14 1203.exe ()
    GroupPolicy: Restriction <==== ATTENTION
    GroupPolicy\User: Restriction <==== ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    ProxyServer: [S-1-5-21-2248871800-1667375335-2429770600-1000] => localhost:21320
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\..\Interfaces\{5F2F32C9-E09B-4295-8C37-9D792AD95458}: [NameServer] 192.168.1.1

    Internet Explorer:
    ==================
    HKU\S-1-5-21-2248871800-1667375335-2429770600-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-2248871800-1667375335-2429770600-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
    SearchScopes: HKLM -> {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
    SearchScopes: HKU\.DEFAULT -> {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
    SearchScopes: HKU\PE_D_ADMINISTRATOR1 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
    SearchScopes: HKU\PE_D_ADMINISTRATOR1 -> {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
    SearchScopes: HKU\PE_D_DEFAULT -> {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
    SearchScopes: HKU\PE_D_DEFAULT1 -> {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
    SearchScopes: HKU\PE_D_USER11 -> {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
    SearchScopes: HKU\S-1-5-21-2248871800-1667375335-2429770600-1000 -> {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
    SearchScopes: HKU\S-1-5-21-2248871800-1667375335-2429770600-500 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
    SearchScopes: HKU\S-1-5-21-2248871800-1667375335-2429770600-500 -> {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
    BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-12] (IvoSoft)
    BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft)
    Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-12] (IvoSoft)
    Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft)
    Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
    Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
    Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
    Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)

    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-09] ()
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-09] ()

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 mfevtp; C:\Windows\system32\mfevtps.exe [250672 2017-05-08] (McAfee, Inc.)
    S3 NitroReaderDriverReadSpool5; C:\Program Files\Nitro Reader v559\NitroPDFReaderDriverService5x64.exe [327328 2016-08-02] (Nitro Software, Inc.)
    S3 Panasonic Local Printer Service; C:\Program Files (x86)\Panasonic\LocalCom\LMSRVNT.EXE [49152 2010-01-09] (Panasonic System Networks Co., Ltd.) [File not signed]
    R3 SDScannerService; C:\Portables in C\Spybot Portable V23\App\Spybot\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
    S3 WsDrvInst; C:\Program Files (x86)\KeepVid Pro v61\DriverInstall.exe [123080 2017-03-16] ()

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S0 amdkmafd; C:\Windows\System32\DRIVERS\amdkmafd.sys [23240 2016-05-10] (Advanced Micro Devices, Inc.)
    R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138664 2014-02-15] (SlySoft, Inc.)
    R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [138664 2014-02-15] (SlySoft, Inc.)
    R4 KProcessHacker3; C:\Portables in C\Process Hacker Portable V239\kprocesshacker.sys [45208 2016-03-28] (wj32)
    R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [864072 2017-05-08] (McAfee, Inc.)
    S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106120 2017-05-08] (McAfee, Inc.)
    R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
    S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
    U5 UnlockerDriver5; C:\Program Files\Unlocker v192\UnlockerDriver5.sys [12352 2010-07-01] ()
    R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [225792 2014-10-31] (VIA Technologies, Inc.)
    R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [305664 2014-10-31] (VIA Technologies, Inc.)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-07-04 17:59 - 2017-07-04 18:01 - 00000000 ____D C:\FRST
    2017-07-04 15:14 - 2017-07-04 15:14 - 00000000 ____D C:\Windows\SysWOW64\tmp0000197c
    2017-07-04 14:25 - 2017-07-04 14:25 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy.BackupBySpybotPortable
    2017-07-04 14:24 - 2009-06-10 17:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.20170704-142428.backup
    2017-07-04 14:08 - 2017-07-04 14:08 - 00000000 ____D C:\Program Files\stinger
    2017-07-04 12:45 - 2017-07-04 12:45 - 00182214 _____ C:\TDSSKiller.3.1.0.12_04.07.2017_12.45.19_log.txt
    2017-07-04 12:36 - 2017-07-04 12:36 - 00000000 ____D C:\KVRT_Data
    2017-07-03 00:31 - 2017-07-03 00:31 - 00001206 _____ C:\Users\User1\Desktop\LA Player 4102.lnk
    2017-06-29 07:16 - 2017-06-29 07:16 - 00002089 _____ C:\Users\User1\Desktop\LA Player.lnk
    2017-06-10 08:12 - 2017-06-10 08:12 - 00000000 ____D C:\Users\User1\AppData\Roaming\772
    2017-06-05 15:51 - 2017-06-14 07:23 - 00000954 __RSH C:\Users\User1\ntuser.pol

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-07-04 18:02 - 2016-05-18 08:12 - 00000000 ____D C:\Temp
    2017-07-04 18:01 - 2017-04-26 14:42 - 00000000 ____D C:\ProgramData\Bitmeter2
    2017-07-04 15:03 - 2009-07-14 01:13 - 00785576 _____ C:\Windows\system32\PerfStringBackup.INI
    2017-07-04 15:03 - 2009-07-14 00:45 - 00031088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2017-07-04 15:03 - 2009-07-14 00:45 - 00031088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2017-07-04 15:03 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
    2017-07-04 14:58 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2017-07-04 14:54 - 2017-04-26 08:49 - 00065536 _____ C:\Windows\system32\spu_storage.bin
    2017-07-04 14:35 - 2017-05-10 17:56 - 00000000 ____D C:\Users\User1\AppData\Roaming\Mozilla
    2017-07-04 14:35 - 2017-04-27 11:40 - 00000000 ____D C:\Users\User1\AppData\LocalLow\Mozilla
    2017-07-04 14:13 - 2016-05-18 08:21 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
    2017-07-04 13:10 - 2017-04-26 15:45 - 00000125 ___SH C:\ProgramData\.zreglib
    2017-07-04 13:10 - 2017-04-26 15:43 - 00000000 ____D C:\Program Files (x86)\AnyDVD v744
    2017-07-04 12:41 - 2017-05-09 10:46 - 00000000 ____D C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Virus Programs
    2017-07-04 12:40 - 2016-05-18 08:20 - 00000000 ____D C:\Portables in C
    2017-07-03 19:29 - 2017-04-28 02:18 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
    2017-07-03 19:17 - 2017-04-27 07:45 - 00000000 ____D C:\Program Files\Revo Uninstaller Pro v316
    2017-07-03 15:30 - 2017-05-30 10:00 - 00000000 ____D C:\Users\User1\AppData\Roaming\HandBrake
    2017-06-26 14:11 - 2017-04-26 13:14 - 00000000 ____D C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AV Players
    2017-06-25 08:49 - 2017-04-27 09:08 - 00000000 ____D C:\Users\User1\AppData\Roaming\ThumbsPlus
    2017-06-25 08:49 - 2017-04-27 09:06 - 00000000 ____D C:\Program Files (x86)\ThumbsPlus v8
    2017-06-14 07:23 - 2016-05-18 08:27 - 00000000 ____D C:\Users\User1
    2017-06-13 16:42 - 2017-04-27 10:45 - 00000000 ____D C:\Users\User1\AppData\Roaming\vlc
    2017-06-10 06:53 - 2017-04-29 13:13 - 00000000 ____D C:\Users\User1\AppData\Roaming\dvdcss
    2017-06-09 13:26 - 2017-04-29 12:43 - 00000000 ____D C:\Program Files (x86)\DVDFab v9128
    2017-06-08 07:19 - 2009-07-14 01:08 - 00032614 _____ C:\Windows\Tasks\SCHEDLGU.TXT

    ==================== Files in the root of some directories =======

    2017-05-08 08:57 - 2017-05-08 08:57 - 0000000 _____ () C:\Users\User1\AppData\Roaming\chrtmp
    2017-04-26 15:45 - 2017-07-04 13:10 - 0000125 ___SH () C:\ProgramData\.zreglib
    2016-05-18 08:36 - 2016-05-18 08:36 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2017-07-03 09:31

    ==================== End of FRST.txt ============================

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-07-2017
    Ran by videoBruce (04-07-2017 18:02:23)
    Running from F:\Backup Programs 1 16.7GB\_Virus programs
    Windows 7 Professional Service Pack 1 (X64) (2016-05-18 12:11:58)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2248871800-1667375335-2429770600-500 - Administrator - Enabled) => C:\Users\Administrator
    Guest (S-1-5-21-2248871800-1667375335-2429770600-501 - Limited - Disabled)
    videoBruce (S-1-5-21-2248871800-1667375335-2429770600-1000 - Administrator - Enabled) => C:\Users\User1

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip 16.00 (x64) (HKLM\...\7-Zip) (Version: 16.00 - Igor Pavlov)
    Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
    AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.4.4.0 - SlySoft)
    BitMeter (HKLM-x32\...\BitMeter) (Version: - )
    Classic Shell (HKLM\...\{D4B3454F-7529-4F5F-851D-2C36933F7D64}) (Version: 4.2.5 - IvoSoft)
    CloneDVD2 (HKLM-x32\...\CloneDVD2) (Version: 2.9.3.0 - Elaborate Bytes)
    Directory Tree List Maker (HKLM-x32\...\{0692174B-8402-4896-9A4C-3942A1FC5E02}) (Version: 1.0.0 - Olivier Sangala)
    DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
    DVDFab 9.1.2.8 (19/02/2014) (HKLM-x32\...\DVDFab 9_is1) (Version: - Fengtao Software Inc.)
    Greeting Card Factory Photo Card Maker (HKLM-x32\...\{9C627F78-DBB9-4293-AA89-E83119C39CE9}) (Version: 1.0.0.5 - Nova Development)
    HandBrake 1.0.7 (HKLM-x32\...\HandBrake) (Version: 1.0.7 - )
    ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
    KeepVid Pro(Build 6.1.2.4) (HKLM-x32\...\KeepVid Pro_is1) (Version: 6.1.2.4 - KeepVid Studio)
    MakeMKV v1.10.4 (HKLM-x32\...\MakeMKV) (Version: v1.10.4 - GuinpinSoft inc)
    Microsoft .NET Framework 4.6.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation)
    MX-900 Editor (HKLM-x32\...\{30C6798C-2BA6-47AC-AD99-F60F0EBF665D}) (Version: 1.10.044 - Universal Remote Control, Inc.)
    Myibidder Auction Bid Sniper for eBay 1.1.4 (HKLM-x32\...\myibay eBay bid sniper_is1) (Version: 1.1.4 (Build 551) - Myibidder.com)
    Network Activity Indicator for Windows 7 - 8.1 (HKLM-x32\...\NetworkIndicator_is1) (Version: 1.7 - ITSamples.com)
    Nitro Reader 5 (HKLM\...\{42BEF461-E91D-4C9E-94A2-790D973CE971}) (Version: 5.5.9.2 - Nitro)
    Opera 12.18 (HKU\S-1-5-21-2248871800-1667375335-2429770600-1000\...\Opera 12.18.1873) (Version: 12.18.1873 - Opera Software ASA)
    Panasonic Multi-Function Station software (HKLM-x32\...\{53DE4FAD-F853-44F3-AC39-AD2940E5DD53}) (Version: 1.00 - Panasonic)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8023 - Realtek Semiconductor Corp.)
    Revo Uninstaller Pro 3.1.6 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.6 - VS Revo Group, Ltd.)
    Snagit 9.1.2 (HKLM-x32\...\{B440D659-FECA-4BDD-A12B-5C9F05790FF3}) (Version: 9.1.2.304 - TechSmith Corporation)
    ThumbsPlus (HKLM-x32\...\{AD1FE8DD-0A6A-46E7-9B5F-8A70DD75CA93}) (Version: 8.1.0.3537 - Cerious Software Inc.) Hidden
    ThumbsPlus (HKU\PE_D_USER11\...\ThumbsPlus) (Version: - Cerious Software Inc.)
    ThumbsPlus (HKU\S-1-5-21-2248871800-1667375335-2429770600-1000\...\ThumbsPlus) (Version: - Cerious Software Inc.)
    Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
    VirusTotal Scanner (HKLM-x32\...\{43C5B500-38EB-456F-8C71-CE7B1F7F9976}) (Version: 6.5 - SecurityXploded) Hidden
    VirusTotal Scanner (HKLM-x32\...\VirusTotal Scanner 6.5) (Version: 6.5 - SecurityXploded)
    Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
    WinX DVD Ripper Platinum 8.5.0 (HKLM-x32\...\WinX DVD Ripper Platinum_is1) (Version: - Digiarty Software, Inc.)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-12] (IvoSoft)
    ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft)
    ContextMenuHandlers01: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip v16\7-zip.dll [2016-05-10] (Igor Pavlov)
    ContextMenuHandlers03: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker v192\UnlockerCOM.dll [2010-07-15] ()
    ContextMenuHandlers04: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip v16\7-zip.dll [2016-05-10] (Igor Pavlov)
    ContextMenuHandlers06: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip v16\7-zip.dll [2016-05-10] (Igor Pavlov)
    ContextMenuHandlers06: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\Windows\system32\StartMenuHelper64.dll [2015-11-12] (IvoSoft)
    ContextMenuHandlers06: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker v192\UnlockerCOM.dll [2010-07-15] ()

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {5C0AEEEA-C154-45BE-8499-BEA5F11BAFF6} - System32\Tasks\Microsoft\Windows\Defrag\ScheduledDefrag => C:\Windows\system32\defrag.exe
    Task: {753C47AE-EC5E-44B3-95A9-2C8E553F0E39} - System32\Tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary => C:\Program Files\Windows Media Player\wmpnscfg.exe
    Task: {A1D60D55-A6B8-401B-BC05-2938E02DF2F2} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => d:\program files\windows defender\MpCmdRun.exe
    Task: {A6AF9377-77CE-47AB-AD7D-EC32CAD0C82D} - System32\Tasks\Microsoft\Windows\Location\Notifications => C:\Windows\System32\LocationNotifications.exe
    Task: {C4E8B14A-4159-4C58-BDAD-281DBBFC97E8} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => d:\program files\windows defender\MpCmdRun.exe
    Task: {D0250F3F-6480-484F-B719-42F659AC64D5} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting => C:\Windows\system32\wermgr.exe

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ==================== Loaded Modules (Whitelisted) ==============

    2010-07-15 00:44 - 2010-07-15 00:44 - 00020032 _____ () C:\Program Files\Unlocker v192\UnlockerCOM.dll
    2016-05-18 08:21 - 2003-12-30 19:18 - 00040960 _____ () C:\Portables in C\ResizeEnable V13 portable\ResizeEnable V14 1203.exe
    2017-04-26 11:33 - 2017-04-26 11:33 - 01022464 _____ () C:\Program Files\Opera V1218 x64\gstreamer\gstreamer.dll
    2017-04-26 11:33 - 2017-04-26 11:33 - 00108544 _____ () C:\Program Files\Opera V1218 x64\gstreamer\plugins\gstaudioconvert.dll
    2017-04-26 11:33 - 2017-04-26 11:33 - 00106496 _____ () C:\Program Files\Opera V1218 x64\gstreamer\plugins\gstaudioresample.dll
    2017-04-26 11:33 - 2017-04-26 11:33 - 00062464 _____ () C:\Program Files\Opera V1218 x64\gstreamer\plugins\gstautodetect.dll
    2017-04-26 11:33 - 2017-04-26 11:33 - 00108032 _____ () C:\Program Files\Opera V1218 x64\gstreamer\plugins\gstcoreplugins.dll
    2017-04-26 11:33 - 2017-04-26 11:33 - 00073216 _____ () C:\Program Files\Opera V1218 x64\gstreamer\plugins\gstdecodebin2.dll
    2017-04-26 11:33 - 2017-04-26 11:33 - 00074752 _____ () C:\Program Files\Opera V1218 x64\gstreamer\plugins\gstdirectsound.dll
    2017-04-26 11:33 - 2017-04-26 11:33 - 00201216 _____ () C:\Program Files\Opera V1218 x64\gstreamer\plugins\gstffmpegcolorspace.dll
    2017-04-26 11:33 - 2017-04-26 11:33 - 00340480 _____ () C:\Program Files\Opera V1218 x64\gstreamer\plugins\gstoggdec.dll
    2017-04-26 11:33 - 2017-04-26 11:33 - 00045056 _____ () C:\Program Files\Opera V1218 x64\gstreamer\plugins\gstwaveform.dll
    2017-04-26 11:33 - 2017-04-26 11:33 - 00077312 _____ () C:\Program Files\Opera V1218 x64\gstreamer\plugins\gstwavparse.dll
    2017-04-26 11:33 - 2017-04-26 11:33 - 00115712 _____ () C:\Program Files\Opera V1218 x64\gstreamer\plugins\gstwebmdec.dll
    2016-05-18 08:21 - 2003-12-30 19:18 - 00069632 _____ () C:\Portables in C\ResizeEnable V13 portable\ResizeEnable.dll
    2017-07-04 15:05 - 2017-07-04 15:05 - 00011264 _____ () C:\Temp\nsxBC6D.tmp\System.dll
    2017-07-04 15:05 - 2017-07-04 15:05 - 00013312 _____ () C:\Temp\nsxBC6D.tmp\UAC.dll
    2017-07-04 15:05 - 2017-07-04 15:05 - 00029696 _____ () C:\Temp\nsxBC6D.tmp\registry.dll
    2016-05-18 08:21 - 2014-04-25 14:11 - 00109400 _____ () C:\Portables in C\Spybot Portable V23\App\Spybot\snlThirdParty150.bpl
    2016-05-18 08:21 - 2014-04-25 14:11 - 00416600 _____ () C:\Portables in C\Spybot Portable V23\App\Spybot\DEC150.bpl
    2016-05-18 08:21 - 2014-04-25 14:11 - 00167768 _____ () C:\Portables in C\Spybot Portable V23\App\Spybot\snlFileFormats150.bpl
    2016-05-18 08:21 - 2012-08-23 10:38 - 00574840 _____ () C:\Portables in C\Spybot Portable V23\App\Spybot\sqlite3.dll
    2016-05-18 08:21 - 2012-04-03 17:06 - 00565640 _____ () C:\Portables in C\Spybot Portable V23\App\Spybot\av\BDSmartDB.dll
    2016-05-18 08:21 - 2014-04-25 14:11 - 02972112 _____ () C:\Portables in C\Spybot Portable V23\App\Spybot\NotificationSpreader.dll
    2015-12-02 12:58 - 2015-11-16 14:32 - 00919040 _____ () C:\Windows\mod_frst.exe

    ==================== Alternate Data Streams (Whitelisted) =========

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)

    HKU\S-1-5-21-2248871800-1667375335-2429770600-1000\Software\Classes\.exe: => <==== ATTENTION
    HKU\S-1-5-21-2248871800-1667375335-2429770600-1000\Software\Classes\.scr: => <==== ATTENTION

    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

    There are 7936 more sites.

    IE restricted site: HKU\S-1-5-21-2248871800-1667375335-2429770600-1000\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-2248871800-1667375335-2429770600-1000\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-2248871800-1667375335-2429770600-1000\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-2248871800-1667375335-2429770600-1000\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-2248871800-1667375335-2429770600-1000\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-2248871800-1667375335-2429770600-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-2248871800-1667375335-2429770600-1000\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-2248871800-1667375335-2429770600-1000\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-2248871800-1667375335-2429770600-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-2248871800-1667375335-2429770600-1000\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-2248871800-1667375335-2429770600-1000\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-2248871800-1667375335-2429770600-1000\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-2248871800-1667375335-2429770600-1000\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-2248871800-1667375335-2429770600-1000\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-2248871800-1667375335-2429770600-1000\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-2248871800-1667375335-2429770600-1000\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-2248871800-1667375335-2429770600-1000\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-2248871800-1667375335-2429770600-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-2248871800-1667375335-2429770600-1000\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-2248871800-1667375335-2429770600-1000\...\123simsen.com -> www.123simsen.com

    There are 7936 more sites.


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 22:34 - 2017-07-04 14:24 - 00454512 ____R C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 www.123haustiereundmehr.com
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 123moviedownload.com
    127.0.0.1 www.123moviedownload.com

    There are 15598 more lines.


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\PE_D_ADMINISTRATOR1\Control Panel\Desktop\\Wallpaper ->
    HKU\PE_D_USER11\Control Panel\Desktop\\Wallpaper ->
    HKU\S-1-5-21-2248871800-1667375335-2429770600-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User1\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    HKU\S-1-5-21-2248871800-1667375335-2429770600-500\Control Panel\Desktop\\Wallpaper ->
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 0) (EnableLUA: 0)
    mpsdrv => Firewall Service is not running.
    MpsSvc => Firewall Service is not running.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    MSCONFIG\startupreg: KeepVidProUpdateHelper.exe => C:\Program Files (x86)\KeepVid Pro v61\KeepVidProUpdateHelper.exe
    MSCONFIG\startupreg: Panasonic Device Manager for Multi-Function Station software => C:\Program Files (x86)\Panasonic MFStation V122\PCCMFSDM.exe
    MSCONFIG\startupreg: Panasonic PCFAX for Multi-Function Station software => C:\Program Files (x86)\Panasonic MFStation V122\KmPcFax.exe -1

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [ScanManagement-RCWS-Out-TCP] => (Allow) %SystemRoot%\System32\mmc.exe
    FirewallRules: [ScanManagement-WSD-Out-TCP] => (Allow) %SystemRoot%\System32\mmc.exe

    ==================== Restore Points =========================

    ATTENTION: System Restore is disabled
    Check "winmgmt" service or repair WMI.


    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (07/04/2017 03:00:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (07/04/2017 02:27:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (07/04/2017 02:26:22 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
    Description: The index cannot be initialized.

    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

    Error: (07/04/2017 02:26:22 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
    Description: The application cannot be initialized.

    Context: Windows Application

    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

    Error: (07/04/2017 02:26:22 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
    Description: The gatherer object cannot be initialized.

    Context: Windows Application, SystemIndex Catalog

    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

    Error: (07/04/2017 02:26:22 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
    Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

    Context: Windows Application, SystemIndex Catalog

    Details:
    Element not found. (HRESULT : 0x80070490) (0x80070490)

    Error: (07/04/2017 02:26:22 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
    Description: The plug-in in <Search.JetPropStore> cannot be initialized.

    Context: Windows Application, SystemIndex Catalog

    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

    Error: (07/04/2017 02:26:22 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
    Description: The Windows Search Service cannot load the property store information.

    Context: Windows Application, SystemIndex Catalog

    Details:
    The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)

    Error: (07/04/2017 02:26:22 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
    Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

    Error: (07/04/2017 02:26:22 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
    Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.

    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)


    System errors:
    =============
    Error: (07/04/2017 02:58:23 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    amdkmafd
    storflt

    Error: (07/04/2017 02:58:16 PM) (Source: volmgr) (EventID: 46) (User: )
    Description: Crash dump initialization failed!

    Error: (07/04/2017 02:26:52 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
    Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
    An instance of the service is already running.

    Error: (07/04/2017 02:26:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

    Error: (07/04/2017 02:26:22 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: The Windows Search service terminated with service-specific error %%-1073473535.

    Error: (07/04/2017 02:26:06 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    amdkmafd
    storflt

    Error: (07/04/2017 02:26:00 PM) (Source: volmgr) (EventID: 46) (User: )
    Description: Crash dump initialization failed!

    Error: (07/04/2017 12:00:10 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    amdkmafd
    storflt

    Error: (07/04/2017 12:00:09 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 9:01:42 PM on ‎7/‎3/‎2017 was unexpected.

    Error: (07/04/2017 12:00:04 PM) (Source: volmgr) (EventID: 46) (User: )
    Description: Crash dump initialization failed!


    CodeIntegrity:
    ===================================
    Date: 2017-07-04 15:37:03.908
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\atikmdag.sys because the set of per-page image hashes could not be found on the system.

    Date: 2017-07-04 15:37:03.674
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\atikmdag.sys because the set of per-page image hashes could not be found on the system.

    Date: 2017-07-04 15:37:03.440
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\atikmdag.sys because the set of per-page image hashes could not be found on the system.

    Date: 2017-07-04 15:37:03.097
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\atikmdag.sys because the set of per-page image hashes could not be found on the system.

    Date: 2017-07-04 15:22:39.900
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

    Date: 2017-07-04 15:22:39.885
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

    Date: 2017-07-04 15:22:39.853
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

    Date: 2017-07-04 15:22:39.822
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

    Date: 2017-07-04 12:48:24.483
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\atikmdag.sys because the set of per-page image hashes could not be found on the system.

    Date: 2017-07-04 12:48:24.146
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\atikmdag.sys because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: AMD FX(tm)-8350 Eight-Core Processor
    Percentage of memory in use: 27%
    Total physical RAM: 8158.63 MB
    Available physical RAM: 5894.63 MB
    Total Virtual: 8156.81 MB
    Available Virtual: 5833.15 MB

    ==================== Drives ================================

    Drive c: (Main 1) (Fixed) (Total:31.25 GB) (Free:19.2 GB) NTFS ==>[drive with boot components (obtained from BCD)]
    Drive d: (Backup 1) (Fixed) (Total:30.65 GB) (Free:20.33 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive e: (Direct 1) (Fixed) (Total:201.63 GB) (Free:136.78 GB) NTFS
    Drive f: (Storage 1) (Fixed) (Total:472.48 GB) (Free:299.5 GB) NTFS
    Drive g: (A-V Archive 1) (Fixed) (Total:1359.89 GB) (Free:513.76 GB) NTFS
    Drive j: (Video 1) (Fixed) (Total:1208.56 GB) (Free:678.94 GB) NTFS
    Drive k: (Archive 1) (Fixed) (Total:654.45 GB) (Free:487.96 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: B266878D)
    Partition 1: (Active) - (Size=31.3 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=201.6 GB) - (Type=05)

    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: F1325C4C)
    Partition 1: (Active) - (Size=30.6 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=1832.4 GB) - (Type=05)

    ========================================================
    Disk: 2 (Size: 1863 GB) (Disk ID: 24744FDB)
    Partition 1: (Not Active) - (Size=1863 GB) - (Type=OF Extended)

    ==================== End of Addition.txt ============================
    Attached Files Attached Files
    Last edited by tashi; 2017-07-05 at 04:05. Reason: Copy pasted logs into post

  7. #7
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Let's see if we can turn on system restore to enable the tool so we can create a restore point.
    System Restore - Enable or Disable
    https://www.sevenforums.com/tutorial...e-disable.html
    ***************

    I see a connect by proxy setting, is this something you set on the machine?
    ProxyServer: [S-1-5-21-2248871800-1667375335-2429770600-1000] => localhost:21320

    ***

    Right click on the FRST icon and select Run as administrator.

    copy the text below [beginning with Start:: and finishing with End::]


    Start::
    EndProcesses:
    CreateRestorePoint:
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [ReminderApp] => [X]
    GroupPolicy: Restriction <==== ATTENTION
    GroupPolicy\User: Restriction <==== ATTENTION
    CMD: ipconfig /flushdns
    Emptytemp:
    End::


    Now Press the Fix button.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

    **
    Zemana AntiMalware Free

    download it from here:
    Double-click on the file named “Zemana.AntiMalware.Portable” to perform a system scan with Zemana AntiMalware Free.

    You may be presented with a User Account Control dialog asking you if you want to run this program. If this happens, you should click “Yes” to allow Zemana AntiMalware to run.

    When Zemana AntiMalware starts, click on the “Scan” button to perform a system scan.
    without changing any options, press Scan

    When Zemana has finished finished scanning it will show a screen that displays any malware that has been detected. To remove all the malicious files, click on the “Next” button.

    Zemana AntiMalware will now start to remove all the malicious programs from your computer.

    Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please restart your computer manually.
    • open Zemana AntiMalware again and locate the latest report
    • please paste the contents into your reply


    When the process is complete, you can close Zemana AntiMalware

    ********************

    Malwarebytes AdwCleaner
    • Please download Malwarebytes AdwCleaner and save the file to your Desktop
    • Right-click AdwCleaner.exe and select Run as administrator to run the programme.
    • Follow the prompts.
    • Click Scan.
    • Upon completion, click Logfile. A log (AdwCleaner[S0].txt) will open. Briefly check the log for anything you know to be legitimate.
    • Return to AdwCleaner. Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab.
    • Click [img=http://i.imgur.com/MqHawIb.png] Clean.
    • Follow the prompts and allow your computer to reboot.
    • After the reboot, a log (AdwCleaner[C0].txt) will open. Copy the contents of the log and paste in your next reply.

    -- File, folder and registry backups are made for items removed using this programme. Should a legitimate file, folder or registry item be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[S0].txt.

    **

    Please post these 3 logs when finished.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  8. #8
    Junior Member
    Join Date
    Dec 2011
    Posts
    15

    Default

    First I would like to tank you for your time. I have come across many things in the past 18 or so years, but nothing as bizarre as this.

    I would at least understand if it was a whole slew of security sites (financial etc.), but why just one?? When I searched for a solution, one site had a response to the solution almost exactly as I am responding; "why only one?"

    Anyway, I powered cycled the router, but no change. Another thing I noticed, upon one reboot the probelm sites login page did appear as normal. I didn't login purposely. I rebooted, went back to that page and the redirect blank page was there again.

    I noticed a few entries in those logs which didn't make sense. One; defender is not installed here, but the log showed it was active. Also, those two "Attention" lines you have in your text which I noticed, I use GroupEdit for a few 'tweaks' but used a copy that was modified so it will save the settings that M$ doesn't allow (window size, columns, spacing etc) which are annoying to keep on resetting. I don't know if that is that flagged that or not.

  9. #9
    Junior Member
    Join Date
    Dec 2011
    Posts
    15

    Default

    I just noticed, those previous attachments were only suppose to be 'attachments', I did not check "inline". I was surprised to see them opened within the post.

    I did not add that proxy setting. I'm not versed in that department. Whatever/whenever I have no idea. That got flagged (and now removed) with Zemara.

    Malwarebytes found 6 entries, all named "SecurityXploded".
    Attached Files Attached Files

  10. #10
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    I've heard of only one website being blocked but I didn't find a good fix/cure for it either, and it doesn't happen often from what I've read.

    Let's try resetting browsers.

    Instructions on how to backup your Favourites/Bookmarks and other data can be found below.

    Proceed with the reset once done.


    ~~~

    • Download Emsisoft Emergency Kit and save it to your desktop.
    • Double-click icon then click Install
    • A Window should open highlighting Start Emergency Kit Scanner
    • Right click on the icon and select Run as administrator
    • Click 1. Update now!
    • Once the update is completed select Settings under Scan
    • Uncheck Join the Emsisoft Anti-Malware Network
    • Click Scan at the top
    • Click On scan completion
    • Click Quarantine detected objects, then click OK
    • Click Malware Scan
    • Once completed click View Report
    • Save the file to your Desktop using the default file name
    • Copy and paste the report in your reply

    ===============


    If you would, open Farbar Recovery Scan Tool and run a fresh scan, I'd like to see if host files have changed and if the Proxy settings are still there.

    Open Farbar Recovery Scan Tool
    • Right-Click FRST.exe / FRST64.exe and select Run as administrator to run the programme.
    • Click Yes to the disclaimer.
    • Ensure the Addition.txt box is checked.
    • Click the Scan button and let the programme run.
    • Upon completion, click OK, then OK on the Addition.txt pop up screen.
    • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •