Kevin Zoll

Thread Closed Reason: Lack of Response PM either Kevin, Elise, or Arthur to have this thread reopened. The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on a system, other than the one they were written for, could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE if you don't we are just going to send you back to this thread

Hello Spartan, Welcome to the Emsisoft Support Forums. Please read the entire instructions below. Yes, they are a bit lengthy and contain necessary administrative instructions as well as technical instructions. All users of the Emsisoft Support Forums who are in need of Malware Removal assistance are required to complete the procedures listed below: NOTE: You will want to print these instructions for reference, as you will perform all scans with all browsers closed. The majority of our support staff work Monday-Friday. We try very hard to answer all posts within 24-hours of the posting, but be aware that if you post anytime in the late afternoon or evening on Friday, or anytime on Saturday or Sunday, you will not receive an answer until Monday. Also, be aware that our support technicians may not be in the same time zone as you, therefore there could be several hours difference between when you post and the technician working your support case is available. The below guidelines are for the Help, my PC is infected! Support Forum. They are intended to help you provide the technician, working your thread, with enough information to start formulating a plan to clean your machine; and for you to leave the Emsisoft Support Forums with a safe, secure, functioning computer. Emsisoft does not condone the use of Pirated/Illegal software. If such software is found on your computer, the technician assisting you will insist that the Pirated/Illegal software be removed. We reserve the right to refuse help to anyone who is unwilling to uninstall Pirated/Illegal software We insist that anyone receiving help, here at the Emsisoft Support Forums, install an Anti-Malware program at a minimum to protect their system. Start only one thread requesting help. Keep all questions in your thread. DO NOT start a new topic. If you don't know, stop and ask! Don't keep going on. Continue to respond until you are given "All Clear" (Just because you can't see a problem doesn't mean it isn't there) Once your case has been solved, the thread will be closed. Your thread will be closed after 72-hours of no activity. DO NOT use any form of Haxor, Leetspeak, Netspeak, IM speak and the such in any postings on this forum. Use only proper spelling, grammar, punctuation, and capitalization. The more time the person helping you has to spend trying to figure out what you are saying, the longer it will take them to formulate a response. DO NOT post any logs without first completing the steps in this guide, they will be deleted. DO NOT copy and paste logs into your threads. All logs are to be attached to your post. Download to your Desktop: Emsisoft Emergency Kit Farbar Recovery Scan Tool NOTE: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. NOTE: If you are unable to download the tools from the infected system, the tools can be saved to and run from a USB flash drive. All scans are to be run in Normal Mode. Do not run anything in "Safe Mode", unless you are instructed to do so by the Malware Removal Specialist handling your case. Do not force Safe Mode. Instructions on How to Boot to "Safe Mode" can be found at http://www.malwarete…kb/SafeMode.php WARNING: The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on a system, other than the one they were written for, could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist. Let's get started: Install and Run Emsisoft Emergency Kit (EEK): Double click EmergencyKitScanner.exe to install EEK When the installation of EEK is complete the Emergency Kit scanner will run. NOTE: Make sure to enable PUPs detection. Click "Yes" to Update Emsisoft Emergency Kit Under "Scan" click-on "Malware Scan". IMPORTANT: Do not quarantine or delete anything. We just want the scan log without anything being quarantined or deleted. Save the scan log somewhere that you can find it. Exit Emsisoft Emergency Kit. Run Farbar Recovery Scan Tool (FRST): Double-click to run it. When the tool opens click Yes to the disclaimer. NOTE: DO NOT change any of the default settings. If you do we will just close your logs and ask for new ones ran with FRST's default settings. Press Scan button. Farbar Recovery Scan Tool will produce the following logs: FRST.txt Addition.txt Attach the following logs to your reply: Emsisoft Emergency Kit log (C:\EEK\Reports) FRST.txt Addition.txt IMPORTANT NOTE: Any logs that are copied and pasted to a post will be removed from the post without being read. Do not alter or change the logs in any way. Once a Malware Removal Specialist has replied to your request for malware removal, they will handle your case from start to finish. You will have 72 hours to reply to any instructions given by the Malware Removal Specialist handling your case. Failure to comply with requests for information or instructions from the Malware Removal Specialist handling your case will result in the locking of your thread.

Thread Closed Reason: Lack of Response PM either Kevin, Elise, or Arthur to have this thread reopened. The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on a system, other than the one they were written for, could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE if you don't we are just going to send you back to this thread

Thread Closed Reason: Lack of Response PM either Kevin, Elise, or Arthur to have this thread reopened. The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on a system, other than the one they were written for, could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE if you don't we are just going to send you back to this thread

Hello, This is likely a false positive detection. To be certain I will need two reports from a third-party tool we use to aid in diagnosing problems. Download to your Desktop: Farbar Recovery Scan Tool NOTE: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. NOTE: If you are unable to download FRST from the infected system, FRST can be saved to and run from a USB flash drive. Run Farbar Recovery Scan Tool (FRST): Double-click to run it. When the tool opens click Yes to the disclaimer. NOTE: DO NOT change any of the default settings. If you do we will just close your logs and ask for new ones ran with FRST's default settings. Press Scan button. Farbar Recovery Scan Tool will produce the following logs: FRST.txt Addition.txt Attach those logs to your reply.

Thread Closed Reason: Lack of Response PM either Kevin, Elise, or Arthur to have this thread reopened. The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on a system, other than the one they were written for, could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE if you don't we are just going to send you back to this thread

Hello, First, try disconnecting the shared folder from Windows Explorer. After the system has removed the share, setup a new shared folder.

Hello, I split your post off into its own topic. Never piggyback someone else's support thread, especially in this particular support forum. Welcome to the Emsisoft Support Forums. Please read the entire instructions below. Yes, they are a bit lengthy and contain necessary administrative instructions as well as technical instructions. All users of the Emsisoft Support Forums who are in need of Malware Removal assistance are required to complete the procedures listed below: NOTE: You will want to print these instructions for reference, as you will perform all scans with all browsers closed. The majority of our support staff work Monday-Friday. We try very hard to answer all posts within 24-hours of the posting, but be aware that if you post anytime in the late afternoon or evening on Friday, or anytime on Saturday or Sunday, you will not receive an answer until Monday. Also, be aware that our support technicians may not be in the same time zone as you, therefore there could be several hours difference between when you post and the technician working your support case is available. The below guidelines are for the Help, my PC is infected! Support Forum. They are intended to help you provide the technician, working your thread, with enough information to start formulating a plan to clean your machine; and for you to leave the Emsisoft Support Forums with a safe, secure, functioning computer. Emsisoft does not condone the use of Pirated/Illegal software. If such software is found on your computer, the technician assisting you will insist that the Pirated/Illegal software be removed. We reserve the right to refuse help to anyone who is unwilling to uninstall Pirated/Illegal software We insist that anyone receiving help, here at the Emsisoft Support Forums, install an Anti-Malware program at a minimum to protect their system. Start only one thread requesting help. Keep all questions in your thread. DO NOT start a new topic. If you don't know, stop and ask! Don't keep going on. Continue to respond until you are given "All Clear" (Just because you can't see a problem doesn't mean it isn't there) Once your case has been solved, the thread will be closed. Your thread will be closed after 72-hours of no activity. DO NOT use any form of Haxor, Leetspeak, Netspeak, IM speak and the such in any postings on this forum. Use only proper spelling, grammar, punctuation, and capitalization. The more time the person helping you has to spend trying to figure out what you are saying, the longer it will take them to formulate a response. DO NOT post any logs without first completing the steps in this guide, they will be deleted. DO NOT copy and paste logs into your threads. All logs are to be attached to your post. Download to your Desktop: Emsisoft Emergency Kit Farbar Recovery Scan Tool NOTE: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. NOTE: If you are unable to download the tools from the infected system, the tools can be saved to and run from a USB flash drive. All scans are to be run in Normal Mode. Do not run anything in "Safe Mode", unless you are instructed to do so by the Malware Removal Specialist handling your case. Do not force Safe Mode. Instructions on How to Boot to "Safe Mode" can be found at http://www.malwarete…kb/SafeMode.php WARNING: The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on a system, other than the one they were written for, could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist. Let's get started: Install and Run Emsisoft Emergency Kit (EEK): Double click EmergencyKitScanner.exe to install EEK When the installation of EEK is complete the Emergency Kit scanner will run. NOTE: Make sure to enable PUPs detection. Click "Yes" to Update Emsisoft Emergency Kit Under "Scan" click-on "Malware Scan". IMPORTANT: Do not quarantine or delete anything. We just want the scan log without anything being quarantined or deleted. Save the scan log somewhere that you can find it. Exit Emsisoft Emergency Kit. Run Farbar Recovery Scan Tool (FRST): Double-click to run it. When the tool opens click Yes to the disclaimer. NOTE: DO NOT change any of the default settings. If you do we will just close your logs and ask for new ones ran with FRST's default settings. Press Scan button. Farbar Recovery Scan Tool will produce the following logs: FRST.txt Addition.txt Attach the following logs to your reply: Emsisoft Emergency Kit log (C:\EEK\Reports) FRST.txt Addition.txt IMPORTANT NOTE: Any logs that are copied and pasted to a post will be removed from the post without being read. Do not alter or change the logs in any way. Once a Malware Removal Specialist has replied to your request for malware removal, they will handle your case from start to finish. You will have 72 hours to reply to any instructions given by the Malware Removal Specialist handling your case. Failure to comply with requests for information or instructions from the Malware Removal Specialist handling your case will result in the locking of your thread.

Susan, You are welcome. Thread Closed Reason: Resolved PM either Kevin, Elise, or Arthur to have this thread reopened. The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on a system, other than the one they were written for, could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE if you don't we are just going to send you back to this thread

Copy the below code to Notepad; Save As fixlist.txt to your Desktop. HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [cpx] => "C:\Users\BizAccnt\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup <==== ATTENTION HKLM-x32\...\Run: [svcvmx] => "C:\Users\BizAccnt\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe" -starup <==== ATTENTION HKU\S-1-5-21-1351472251-1763887738-756014443-1007\...\Policies\system: [DisableChangePassword] 0 HKU\S-1-5-21-1351472251-1763887738-756014443-1007\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-1351472251-1763887738-756014443-1007\...\Policies\system: [NoDispSettingsPage] 0 HKU\S-1-5-21-1351472251-1763887738-756014443-1007\...\Policies\system: [NoDispAppearancePage] 0 HKU\S-1-5-21-1351472251-1763887738-756014443-1007\...\Policies\Explorer: [NoWinKeys] 1 HKU\S-1-5-21-1351472251-1763887738-756014443-1007\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-1351472251-1763887738-756014443-1007\...\Policies\Explorer: [NoFileUrl] 0 HKU\S-1-5-21-1351472251-1763887738-756014443-1007\...\Policies\Explorer: [NoLogoff] 0 HKU\S-1-5-21-1351472251-1763887738-756014443-1007\...\Policies\Explorer: [NoSetFolders] 0 HKU\S-1-5-21-1351472251-1763887738-756014443-1007\...\Policies\Explorer: [NoNetHood] 0 HKU\S-1-5-21-1351472251-1763887738-756014443-1007\...\Policies\Explorer: [NoFileMenu] 0 HKU\S-1-5-21-1351472251-1763887738-756014443-1007\...\Policies\Explorer: [NoFind] 0 HKU\S-1-5-21-1351472251-1763887738-756014443-1007\...\Policies\Explorer: [NoSetTaskBar] 0 HKU\S-1-5-21-1351472251-1763887738-756014443-1007\...\Policies\Explorer: [Nosecuritytab] 0 HKU\S-1-5-21-1351472251-1763887738-756014443-1007\...\Policies\Explorer: [NoUpdateCheck] 0 HKU\S-1-5-21-1351472251-1763887738-756014443-1007\...\Policies\Explorer: [NoWindowsUpdate] 0 GroupPolicy: Restriction - Chrome <==== ATTENTION CHR HKU\S-1-5-21-1351472251-1763887738-756014443-1006\SOFTWARE\Policies\Google: Restriction <==== ATTENTION Winsock: Catalog9 13 %windir%\system32\vsocklib.dll => No File Winsock: Catalog9 14 %windir%\system32\vsocklib.dll => No File Winsock: Catalog9-x64 13 %windir%\system32\vsocklib.dll => No File Winsock: Catalog9-x64 14 %windir%\system32\vsocklib.dll => No File HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = SearchScopes: HKU\.DEFAULT -> DefaultScope {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\.DEFAULT -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = SearchScopes: HKU\.DEFAULT -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = SearchScopes: HKU\S-1-5-21-1351472251-1763887738-756014443-1006 -> {C70A7EE0-4D43-4A2C-86D5-3C80DB3A8C22} URL = SearchScopes: HKU\S-1-5-21-1351472251-1763887738-756014443-1007 -> DefaultScope {7A41E3E5-29C6-4A45-9357-3C292D43EE68} URL = SearchScopes: HKU\S-1-5-21-1351472251-1763887738-756014443-1007 -> {DCFD42FA-A29D-4635-9487-9E97943856CC} URL = BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> No File BHO-x32: IObit Ads Removal -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Adblock\Adblock.dll => No File Toolbar: HKU\S-1-5-21-1351472251-1763887738-756014443-1006 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKU\S-1-5-21-1351472251-1763887738-756014443-1006 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKU\S-1-5-21-1351472251-1763887738-756014443-1007 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\[email protected] => not found S2 Dataup; C:\Users\BizAccnt\AppData\Local\ntuserlitelist\dataup\dataup.exe [X] <==== ATTENTION S1 cctarpcq; \??\C:\WINDOWS\system32\drivers\cctarpcq.sys [X] R5 drmkpro64; <==== ATTENTION: Locked Service <==== ATTENTION S1 drxrsqjb; \??\C:\WINDOWS\system32\drivers\drxrsqjb.sys [X] S1 ikqyktvh; \??\C:\WINDOWS\system32\drivers\ikqyktvh.sys [X] S1 opbqhbnc; \??\C:\WINDOWS\system32\drivers\opbqhbnc.sys [X] S1 oszmpycu; \??\C:\WINDOWS\system32\drivers\oszmpycu.sys [X] S1 snwwpkek; \??\C:\WINDOWS\system32\drivers\snwwpkek.sys [X] 2019-01-30 16:27 - 2019-01-30 16:27 - 000072816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nxwztfjc.sys 2019-01-13 17:37 - 2019-01-30 09:28 - 000000000 ____D C:\Program Files\rempl 2019-01-30 13:11 - 2017-06-19 21:54 - 000000000 ____D C:\Users\BizAccnt\AppData\Local\ntuserlitelist 2015-04-14 08:28 - 2015-04-14 08:28 - 000001171 _____ () C:\Users\BizAccnt\AppData\Roaming\wVhDty4cZ4ikvfz7j2MRh4E0E C:\WINDOWS\system32\drivers\ndistpr64.sys ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll -> No File ContextMenuHandlers1: [SlimShellExt] -> {5421BDAF-6C45-4C3A-8B4B-AE5AF31A65AF} => C:\Program Files (x86)\SlimCleaner\SlimShell64.dll -> No File ContextMenuHandlers3: [SlimShellExt] -> {5421BDAF-6C45-4C3A-8B4B-AE5AF31A65AF} => C:\Program Files (x86)\SlimCleaner\SlimShell64.dll -> No File ContextMenuHandlers4: [EncryptionMenu] -> {A470F8CF-A1E8-4f65-8335-227475AA5C46} => -> No File ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File ContextMenuHandlers4: [SlimShellExt] -> {5421BDAF-6C45-4C3A-8B4B-AE5AF31A65AF} => C:\Program Files (x86)\SlimCleaner\SlimShell64.dll -> No File ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll -> No File ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File Task: {00496BD5-4FC8-4811-9C8F-5A123EB21633} - no filepath Task: {00FA9144-2A7D-421B-A10C-DE8F45FF0A9C} - no filepath Task: {06CDD989-385B-49DA-BF87-73B4CCF77485} - no filepath Task: {0D845C21-1CB7-48C8-B8F8-8A3258ECAC9D} - no filepath Task: {0F3807CF-C051-4AD3-B615-42E61A3052AF} - no filepath Task: {0F95EA6C-1B50-4185-8361-E5F9290F8586} - no filepath Task: {149F7C26-4956-4D84-89FA-C2BAE34FFF79} - no filepath Task: {1712E2EF-0078-4A89-BD90-A93513C45D1B} - \SMW_UpdateTask_Time_34343731353930342d454a2a415034412a4a6c575a -> No File <==== ATTENTION Task: {1825E803-8D2D-423A-870B-8E07E89404C9} - \RealPlayerRealUpgradeScheduledTaskS-1-5-21-1351472251-1763887738-756014443-1003 -> No File <==== ATTENTION Task: {1E3B3107-83EC-484B-9BB4-56B828939B9F} - no filepath Task: {1FD33E8C-4EF3-43CA-8690-A3CE00F9C869} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {20D44214-602C-497F-875D-660AE153DA75} - \HP AR Program Upload - fca025bd50b749d68da04fb1ff3b4620988a36468944423d8cce8ea4f56c99ab -> No File <==== ATTENTION Task: {2224B408-7CEA-4DEC-9173-7A77B4281877} - no filepath Task: {23693835-D5EF-4455-99C6-10819FCAAA16} - \User_Feed_Synchronization-{0C757521-BCAA-4C47-AA2A-1FC97ADE5B98} -> No File <==== ATTENTION Task: {238FC883-0B2A-4E26-9215-40F67C723E12} - \HP AR Program Upload - abecdd93a51a49afa1468ffa6ec97a090df6cb329ddd4f29bd2ce2906e114287 -> No File <==== ATTENTION Task: {27395F70-7C0C-40A4-8DA0-64B99F71702F} - no filepath Task: {2780B42C-50DF-45C6-8A23-D0747CAACECC} - no filepath Task: {30AB8F31-8A04-447F-B737-6F3FC5297F4C} - \RealDownloader Update Check -> No File <==== ATTENTION Task: {31614312-62E6-4AC5-B99B-DF9FAA8E1411} - \RealUpgradeLogonTaskS-1-5-21-1351472251-1763887738-756014443-1000 -> No File <==== ATTENTION Task: {33B286FA-4BC0-4291-B468-836C70E38A30} - no filepath Task: {367B3E61-B2C1-40FD-BA8E-2F4B618918C3} - no filepath Task: {38910B2D-8EAA-444E-857F-2840AFFF93F7} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {3A31BC0B-2D97-4BD0-BEF2-25DF564A2789} - no filepath Task: {3C1625FB-9BD6-4969-8A23-B2D29B000346} - no filepath Task: {3FEF55C6-D994-46D6-BF64-2BEE5B8EEEE8} - \RealPlayerRealUpgradeScheduledTaskS-1-5-21-1351472251-1763887738-756014443-1006 -> No File <==== ATTENTION Task: {426640AF-956A-4458-8792-527E06A441DF} - no filepath Task: {43948049-284B-4F81-9FF4-4793DB658FB3} - \RealUpgradeScheduledTaskS-1-5-21-1351472251-1763887738-756014443-1000 -> No File <==== ATTENTION Task: {47B43310-5FF6-4E53-9BAA-A36E04872F97} - no filepath Task: {48129676-308D-4A1E-AC87-070112EE6C73} - \ConsumerInputUpdateTaskMachineUA -> No File <==== ATTENTION Task: {4871FC7B-817A-4740-B2EF-8C07E84F7272} - no filepath Task: {49022CA2-1E71-4415-96CA-0E10612D3E90} - \ecab37c9-222c-407c-9032-d52647d01a76-5_user -> No File <==== ATTENTION Task: {4CEAAB17-2DA4-4704-A453-995789B5BFA2} - no filepath Task: {5260AA48-AE74-4E00-BFEC-9D2AAAC8DAD4} - \ecab37c9-222c-407c-9032-d52647d01a76-4 -> No File <==== ATTENTION Task: {53157A82-ECF9-4196-BE97-510C9A39E759} - no filepath Task: {555CF9A3-EAB4-45C5-8419-00F201A4367C} - \{8A1D12A2-D5F0-486D-9D81-BA6C4B532C9C} -> No File <==== ATTENTION Task: {5A9F2392-DE9F-4E39-819D-418759F41DAB} - \{6602A39E-3C88-434A-A69C-6876F8CF9E57} -> No File <==== ATTENTION Task: {5D88B756-74A5-4B3A-8A19-EC0AED9928A6} - \HP AR Program Upload - 312935451d694d8fbaf486308e6e7e83b5c6403402754a32b587f4f0236119d2 -> No File <==== ATTENTION Task: {5F03307C-2F03-4786-9A55-E4D36AA80341} - \globalUpdateUpdateTaskMachineCore -> No File <==== ATTENTION Task: {5FBE5D64-3259-4156-9118-099A0DAA78CB} - \MyBrowser -> No File <==== ATTENTION Task: {61F2FC90-E9DA-4849-A1FD-76B997BE0276} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {62E54295-AC99-434E-9726-93B4079D1A58} - \HP AR Program Upload - 4755144799804597acf44ac57ed3eea40696fa3ecee64241ae0ebdae0fcaa22c -> No File <==== ATTENTION Task: {63DF04BD-40DD-4B10-94B8-3930A1D7E33A} - \RealDownloaderDownloaderScheduledTaskS-1-5-21-1351472251-1763887738-756014443-1000 -> No File <==== ATTENTION Task: {6710ED2B-BA7B-4884-B60A-DFC0BC32D22B} - no filepath Task: {6714E4D5-54BE-4051-B1CC-17F88FC5F022} - no filepath Task: {6960CB8A-40C3-4EB3-8547-A554047CCA95} - \{E9BB6EEE-CEEC-4B19-886A-93411063CFC7} -> No File <==== ATTENTION Task: {69C4DD59-89FA-4698-B7C7-6702BF5E8921} - \globalUpdateUpdateTaskMachineUA -> No File <==== ATTENTION Task: {6DF6DC7B-8781-4E61-9BF3-A8048954FC3B} - \RealPlayerRealUpgradeLogonTaskS-1-5-21-1351472251-1763887738-756014443-1000 -> No File <==== ATTENTION Task: {6E5D4A92-196C-4F34-8251-0D7B76F3C674} - \RealDownloaderDownloaderScheduledTaskS-1-5-21-1351472251-1763887738-756014443-1006 -> No File <==== ATTENTION Task: {70A3D6F2-6664-4C8A-B120-B6DB035FD2D1} - \HP AR Program Upload - 31ef0124e0c94edca30de826854e2663949bdf7918004fa99ab0931499a8c8a1 -> No File <==== ATTENTION Task: {735E5C88-6062-4B50-A5E5-8A5985A0C811} - no filepath Task: {7AA19AB2-BB90-454E-A3E5-DCE1C83464EB} - no filepath Task: {7B7C27DC-B0EF-4087-AD2F-B56D70271697} - no filepath Task: {7B8E0C23-2A72-40F1-A58F-BFB9708C578D} - no filepath Task: {7D2516F0-5A50-4C00-9B24-CDE81A50A8E6} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {830CB740-A641-478D-807B-C667D1850024} - no filepath Task: {8362FCD0-6651-4982-ACA6-50C6E16A9328} - no filepath Task: {84A8C7BF-5191-4C38-9ADD-18F781A9D537} - \ecab37c9-222c-407c-9032-d52647d01a76-5 -> No File <==== ATTENTION Task: {899CB99A-3373-4CFE-AF87-03CF7DBB5695} - \ConsumerInputUpdateTaskMachineCore -> No File <==== ATTENTION Task: {8E74EF00-7E76-4042-9441-4B2D71A1364D} - no filepath Task: {8FBE8015-04D4-47BD-9384-FF9A167C49DD} - \RealPlayerRealUpgradeLogonTaskS-1-5-21-1351472251-1763887738-756014443-1003 -> No File <==== ATTENTION Task: {905D7455-5CA1-488B-97D8-1F28E82E0984} - no filepath Task: {914D9F48-1CBC-4BF1-BFEA-6F62C3073A1B} - \One System Care Task -> No File <==== ATTENTION Task: {9694DE57-70E5-4190-A715-30624194CE64} - \{94F40477-69B2-49C2-B665-D9473AAFB803} -> No File <==== ATTENTION Task: {98573CC6-D97C-48FD-9775-6C675CED5825} - no filepath Task: {991A8AE6-2037-4A73-96EE-2F040EC325A7} - no filepath Task: {9A9637F0-83B4-4B4C-8E33-16CE7CB481F9} - no filepath Task: {9AF8210F-4474-4724-81CE-27310161969A} - \RealDownloaderRealUpgradeLogonTaskS-1-5-21-1351472251-1763887738-756014443-1000 -> No File <==== ATTENTION Task: {9D7EBC79-012F-4261-BD06-0EDEF2251C5C} - no filepath Task: {9F22B976-D33C-4E2B-A15C-662E4064EC42} - \SwiftSearch Auto Updater 1.10.0.25 Pending Update -> No File <==== ATTENTION Task: {A090690D-37F6-4F54-BAEB-9EF25B1612F7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {A3C63F6E-E7B8-4E1C-B0F5-122E842E920E} - \{5BEB811E-E6D3-479B-B283-BF2D2E6BE139} -> No File <==== ATTENTION Task: {A7E7619A-C790-4407-BE82-D44408574D2A} - no filepath Task: {A87BFE47-7E81-44D0-85E7-3268CF2C114F} - no filepath Task: {AD488CB4-F5FC-49C2-B4B3-F08BE04C8C61} - no filepath Task: {ADCADCAF-2EDC-48CB-9461-5E5DDB2E9D7E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {B0783751-AFAE-4BFF-B02A-3C74BBADC98E} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe Task: {B3971B7B-828C-47ED-AD63-C94DE5128591} - no filepath Task: {B3F7B1F8-4BE6-443E-B3AE-83118F1C24D5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {B4CB5A15-A4BB-4220-92E4-D0BCE464A479} - no filepath Task: {BE596E98-FB57-4A1D-82D7-6B8C77F091F1} - \RealPlayerRealUpgradeScheduledTaskS-1-5-21-1351472251-1763887738-756014443-1000 -> No File <==== ATTENTION Task: {C084FA60-7325-4DB5-9BAC-97A5FFAC8980} - \User_Feed_Synchronization-{C12A274C-A839-46DD-A526-09B88AB195E1} -> No File <==== ATTENTION Task: {C4C898D3-E47F-4054-AD35-FC6C25646596} - no filepath Task: {C790DDA6-7A99-466E-BF7C-9C87C376E72E} - no filepath Task: {CFE80A2A-DADD-420D-B510-FEE7C753E194} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {D124EFC9-FE72-453D-96C9-43D5AF5C5500} - \Express FilesUpdate -> No File <==== ATTENTION Task: {D13D8333-154B-481D-9768-E00D42A258CF} - \{34E815C4-3AB1-45AC-A5A6-4D16D2CA9A86} -> No File <==== ATTENTION Task: {D1609895-C9B4-4846-8DF6-FED738F7EB50} - no filepath Task: {D3453495-E813-4678-8823-26434CA88277} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {D34A5D11-1075-4660-A35D-3CF5F480BFFE} - \RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1351472251-1763887738-756014443-1000 -> No File <==== ATTENTION Task: {D3626A0E-D197-4429-B923-DEF0263A05F0} - \SwiftSearch Auto Updater 1.10.0.25 Core -> No File <==== ATTENTION Task: {D7A17E60-44CD-4E69-9C5A-8E8B5A50FE6E} - no filepath Task: {D8CADC6A-D874-43F4-BB6C-C52120A2C2BF} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {DF038B73-EC37-4B2E-9BB5-75FE0E5638C9} - no filepath Task: {DFA64BEF-51F4-409B-86B4-7F062EBE42B1} - no filepath Task: {DFD1486E-F040-4CD3-8614-0787845E6B6C} - \HP AR Program Upload - a549b42f3930480087b876a47f516a00dbe67fb4326d43fda3d4adf4c1c4591a -> No File <==== ATTENTION Task: {E4CDE1C8-550D-4BE9-9243-293795574DE5} - no filepath Task: {E91A5D81-A317-4148-89BD-91C5AF428D01} - no filepath Task: {EDEA2C44-F6D4-464D-9926-E2625CD5E07D} - \4673 -> No File <==== ATTENTION Task: {EFF17C07-A840-4D3C-9299-549A52A83C85} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {F1685CA8-93AC-4FF2-B823-3415210B92A1} - \RealPlayerRealUpgradeLogonTaskS-1-5-21-1351472251-1763887738-756014443-1006 -> No File <==== ATTENTION Task: {F25CCAB1-EB83-4201-B660-35E43235FE1E} - \IBUpd -> No File <==== ATTENTION Task: {F3120ED4-342D-4068-A7BA-1B538907F4AF} - no filepath Task: {F77C5132-E870-4E8E-9633-D63C9DB2AFD4} - \RocketTab Update Task -> No File <==== ATTENTION Task: {FB58D978-423C-4317-8323-FCE9E9FFA42C} - no filepath Task: {FB678467-8E8B-44AC-A72B-33008818644F} - no filepath Task: {FC479928-0556-48A8-9FE8-1572AEC355C1} - \RocketTab -> No File <==== ATTENTION Task: {FC75B954-314D-4040-A3A5-E114C9C7800F} - \SmartWeb Upgrade Trigger Task -> No File <==== ATTENTION Task: C:\WINDOWS\Tasks\Yahoo! Powered niref.job => C:\ProgramData\{FE5C3B3F-741E-B1F9-F2D8-2FBB689AA475}\tifo.txt <==== ATTENTION AlternateDataStreams: C:\WINDOWS\system32\Drivers\bssrshar.sys:changelist [448] AlternateDataStreams: C:\WINDOWS\system32\Drivers\nxwztfjc.sys:changelist [448] AlternateDataStreams: C:\ProgramData\Temp:373E1720 [118] MSCONFIG\Services: Dataup => FirewallRules: [{9B8878F3-FBA7-4E82-A5BC-94789C960F5A}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶䵜硹捯潨摮潲慳捲浯牡晩畳屭祍潸档湯牤獯牡潣慭楲獦浵⹟硥e No File FirewallRules: [{BE66EF05-B66E-4213-B500-2D260586BBE5}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶䵜硹捯潨摮潲慳捲浯牡晩畳屭祍潸档湯牤獯牡潣慭楲獦浵攮數 No File FirewallRules: [{8ED1560E-E054-4FE5-BFEA-BB46C8380323}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩灯晴汩整屲敲瑳楷潮瑰楦瑬牥⹟硥e No File FirewallRules: [{ABF18B0F-CC94-4668-BA5B-9028FBF21262}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩灯晴汩整屲楷潮瑰楦瑬牥⹟硥e No File FirewallRules: [{9BBD62DA-0260-459E-A363-23D71B59A6D8}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩灯晴汩整屲敲瑳楷潮瑰楦瑬牥攮數 No File FirewallRules: [{C3532063-99DD-4B9B-875D-3D8C79A1439A}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩灯晴汩整屲楷潮瑰楦瑬牥攮數 No File FirewallRules: [{1C8E07C3-E6ED-4C32-9973-B62603E2FE08}] => (Allow) C:\Program Files (x86)\pandasecuritytb\cleanupie.exe No File FirewallRules: [{ED212BD6-6D65-4E71-B32D-9E55BE785204}] => (Allow) C:\Program Files (x86)\pandasecuritytb\cleanupie.exe No File FirewallRules: [{06361F75-50B3-4E36-975C-702BF4BF6E6E}] => (Allow) C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe No File FirewallRules: [{6BD27039-4739-428E-A63F-6B037736C427}] => (Allow) C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe No File FirewallRules: [{71182C25-1268-4476-9563-597529E598D0}] => (Allow) %ProgramFiles%\Windows MultiPoint Server\Wmssvc.exe No File FirewallRules: [{D72ADEF9-C968-46CB-8651-8F89A1B7CB77}] => (Allow) %ProgramFiles%\Windows MultiPoint Server\WmsSessionAgent.exe No File FirewallRules: [SNMP-In-UDP] => (Allow) %SystemRoot%\system32\snmp.exe No File FirewallRules: [SNMP-Out-UDP] => (Allow) %SystemRoot%\system32\snmp.exe No File FirewallRules: [SNMP-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe No File FirewallRules: [SNMP-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe No File FirewallRules: [WMS-Dashboard] => (Allow) %ProgramFiles%\Windows MultiPoint Server\WmsDashboard.exe No File FirewallRules: [WMS-Session-Agent] => (Allow) %ProgramFiles%\Windows MultiPoint Server\WmsSessionAgent.exe No File FirewallRules: [WMS-Service] => (Allow) %ProgramFiles%\Windows MultiPoint Server\Wmssvc.exe No File FirewallRules: [VIRT-MIGL-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe No File FirewallRules: [VIRT-REMOTEDESKTOP-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe No File FirewallRules: [Microsoft-Windows-NFS-ClientCore-NfsClnt-UDP-Out] => (Allow) %systemroot%\system32\nfsclnt.exe No File FirewallRules: [Microsoft-Windows-NFS-ClientCore-NfsClnt-TCP-Out] => (Allow) %systemroot%\system32\nfsclnt.exe No File FirewallRules: [WMS-Manager] => (Allow) %ProgramFiles%\Windows MultiPoint Server\WmsManager.exe No File C:\WINDOWS\System32\Drivers\ndistpr64.sysClose Notepad. NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST64 and press the Fix button just once and wait. If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply. NOTE: If the tool warns you about an outdated version please download and run the updated version.

Thread Closed PM either Kevin, Elise, or Arthur to have this thread reopened. The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on a system, other than the one they were written for, could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE if you don't we are just going to send you back to this thread

Could be the connection. Been having the same problem for the past couple of days. Happy to help.

Jeff22, The logs did not show any malware, but it did show some policies issues that needed to be corrected. Now to remove most of the tools that we have used in fixing your machine: Download Delfix from here and save it to your Desktop. Ensure Remove disinfection tools is checked. Also place a checkmark next to: Create registry backup Purge system restore Click the Run button. When the tool is finished, a log will open in notepad. I do not need the log. You can close Notepad. Empty the Recycle Bin You can delete and uninstall any programs I had you download, that you do not wish to keep on the system. To Remove EEK simple delete the EEK for in the of your System Drive, normally C:\EEK Run Windows Update and update your Windows Operating System. Articles to Read: How to Protect Your Computer From Malware How to keep you and your Windows PC happy Web, email, chat, password and kids safety How Did I Get Infected? That should take care of everything. Safe Surfing!

Susan, Now to remove most of the tools that we have used in fixing your machine: Download Delfix from here and save it to your Desktop. Ensure Remove disinfection tools is checked. Also place a checkmark next to: Create registry backup Purge system restore Click the Run button. When the tool is finished, a log will open in notepad. I do not need the log. You can close Notepad. Empty the Recycle Bin You can delete and uninstall any programs I had you download, that you do not wish to keep on the system. To Remove EEK simple delete the EEK for in the of your System Drive, normally C:\EEK Run Windows Update and update your Windows Operating System. Articles to Read: How to Protect Your Computer From Malware How to keep you and your Windows PC happy Web, email, chat, password and kids safety How Did I Get Infected? That should take care of everything. Safe Surfing!

Hello Jeff22, Please run FRST again. Next, select and copy the following text, including the words Start:: and End::. Switch back to the FRST program window, and click the Fix button. It should read the fix directly from the clipboard and run the fix. When it is finished, please attach the fixlog.txt file it created in the same folder the FRST program is in.