Jump to content


  • Content Count

  • Joined

  • Last visited

About water101

  • Rank

Contact Methods

  • Website URL

Previous Fields

  • Teams:
    Nothing Selected
  1. IT is finally solved thanks for all the help receiving help here http://forums.majorgeeks.com/showthread.php?p=1892664 this topic will be closed.
  2. Had a thread going here http://forums.pcpitstop.com/index.php?/topic/204216-n10adshostnetcom/ Was asked to run a couple more test and post results here. Thanks cant wait to get this fixed mbar-log-2014-11-16 (08-35-50).txt system-log.txt FRST.txt Addition.txt
  3. I will post the result in the Hijack area. Thanks.
  4. Ok I created the host files saved them to my desktop. Renamed the other host files as old and when I did that it created a new on all on it's own. I deleted that one and dragged the one I created as a text file in. It then created another host file and saved it as a file not a text file. Still have the same issue
  5. Did a full test and here are the results http://www.pcpitstop.com/betapit/sec.asp?conid=25711562
  6. This is the hijack this report Logfile of Trend Micro HijackThis v2.0.5 Scan saved at 1:59:00 PM, on 2014-11-15 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.9600.17416) Boot mode: Normal Running processes: C:\Users\Owner\AppData\Local\ContextualODBCRuby\MBRScreenshotWiget.exe C:\Program Files\WindowsApps\SymantecCorporation.NortonStudio_1.5.0.41_x86__v68kp9n051hdp\mmamain.exe C:\Users\Owner\AppData\Local\Microsoft\Windows\INetCache\IE\8ZSR5WRU\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll O4 - HKLM\..\Run: [CLMLServer_For_P2G8] "c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe" O4 - HKLM\..\Run: [CLVirtualDrive] "c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKCU\..\Run: [CloudSystemBooster] "C:\Program Files (x86)\Anvisoft\Cloud System Booster\CloudSystemBooster.exe" /hide /autorun O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Sage Accpac .NET Remoting Service (a4wnetMgrService) - Sage Software, Inc. - C:\Program Files (x86)\Common Files\Sage\Sage Accpac\a4wnetMgrService.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing) O23 - Service: Anvi Cloud System Booster Speed Service (AnviCsbSvc) - Anvisoft - C:\Program Files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: BIOSFreewareMinimal - Unknown owner - C:\WINDOWS\SysWOW64\BIOSFreewareMinimal\BIOSFreewareMinimal.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CodecDatabaseMemory.exe - Unknown owner - C:\Users\Owner\AppData\Local\CodecDatabaseMemory\CodecDatabaseMemory.exe (file missing) O23 - Service: ContextualODBCRuby.exe - Unknown owner - C:\Users\Owner\AppData\Local\ContextualODBCRuby\ContextualODBCRuby.exe O23 - Service: DriverRepositoryScrolling.exe - Unknown owner - C:\Users\Owner\AppData\Local\DriverRepositoryScrolling\DriverRepositoryScrolling.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe O23 - Service: HP Connected Remote Service (HPConnectedRemote) - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing) O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10692 bytes
  7. Tried TFC as well as cloud system boast and still no luck. This is really frustrating
  8. I have reset both browsers and still the same issue. I realize that Conduit was in the system. I did a system restore and Conduit was in the system. I removed it using the above listed programs and have reset the browsers and still no luck. With IE if I set pop up blocker to the highest level it will stop them but always ask if I want to allow it. If you allow it one time you get about 5 new tabs opened with ad's. I have checked for Conduit and SearchProvider in the registry and deleted all of them as well as the ones in App Data. There have been 4 different virus scans done and all came back negative. Any other idea's or programs to try.
  9. # AdwCleaner v4.101 - Report created 15/11/2014 at 00:28:34 # Updated 09/11/2014 by Xplode # Database : 2014-11-13.1 [Live] # Operating System : Windows 8.1 (64 bits) # Username : Owner - HP # Running from : C:\Users\Owner\Downloads\adwcleaner_4.101.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Users\Owner\AppData\Local\CheckCode File Deleted : C:\Program Files (x86)\distribution-installer.exe ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17416 -\\ Google Chrome v38.0.2125.122 [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms} ************************* AdwCleaner[R0].txt - [7253 octets] - [14/11/2014 20:25:41] AdwCleaner[R1].txt - [1413 octets] - [14/11/2014 22:31:00] AdwCleaner[R2].txt - [1477 octets] - [14/11/2014 22:34:58] AdwCleaner[R3].txt - [1537 octets] - [14/11/2014 22:40:57] AdwCleaner[R4].txt - [1597 octets] - [14/11/2014 23:17:33] AdwCleaner[R5].txt - [1695 octets] - [15/11/2014 00:26:42] AdwCleaner[s0].txt - [7137 octets] - [14/11/2014 20:26:43] AdwCleaner[s1].txt - [1630 octets] - [15/11/2014 00:28:34] ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1690 octets] ##########
  10. OK hopefully I don't miss anything here. Trying to help a family member out with a computer issue and I have never run across this one before. When ever you open a web browser and click on anything in that browser a pop up for n10.adshostnet.com pops up. I have reset the browser, and run numerous virus scan and malware scans. The program is not installed any where as I have been to the add and remove programs sections and it is not there. It is not in application data as well.It is not in the browser add on either. I have no idea what else to check. I did the normal google search as well and tried about 5 different steps people suggested with no luck. I have run adwcleaner 4.01 which I will post a report of.I have also run jtr and maleware bytes and hit man pro. My browsers are not hijacked just the pop up which slow things down. I am going to run a full housecall scan as well. The computer is running windows 8 64 bit. Any thoughts would be great. Thanks Water
  11. It was greatly appreciated like always. Seems to be working well this morning. Only issue and not a big one is that it takes a bit of time to open a browser for the first time when reboot or waking up from sleep. Fast after the first time so I can live with that little issue Thanks again
  12. Me too but again thank you very much for all the help
  13. WOT seems very good I think it may become a go to program now. Thanks for that. I think I will go to AVG for my normal virus scanner
  14. Yes I think I have ever other update turned off. Which free antivirus works best with windows 7 64 bit???
  • Create New...