Scheduled maintenance: Monday, March 30, between 3:30pm and 5:30pm UTC. This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn’t solve your issue and you want to ask a question, we have our support community waiting to help you at @firefox on Twitter

# Support Forum

## Firefox attempting to access malicious IP?

Posted

I recently started running Malwarebytes and it has been telling me that there's a Firefox process that keeps trying to access a supposedly malicious site. The IP address is 109 163 230 92. It's not that a website is trying to access my computer; it's that my computer keeps trying to access the site. Malwarebytes has blocked this, but it keeps trying different ports in the 60000 range. Has anyone else ever had this problem? Or does anyone know what this is about or what is causing this? I have a number of plugins installed and I'll provide troubleshooting info. I tried looking up the WhoIs but couldn't make much sense of it. Thanks in advance for help with this.

I recently started running Malwarebytes and it has been telling me that there's a Firefox process that keeps trying to access a supposedly malicious site. The IP address is 109 163 230 92. It's not that a website is trying to access my computer; it's that my computer keeps trying to access the site. Malwarebytes has blocked this, but it keeps trying different ports in the 60000 range. Has anyone else ever had this problem? Or does anyone know what this is about or what is causing this? I have a number of plugins installed and I'll provide troubleshooting info. I tried looking up the WhoIs but couldn't make much sense of it. Thanks in advance for help with this.

# Additional System Details

## This happened

A few times a week

## This started when...

April 29, 2 weeks after I installed Malwarebytes

## Installed Plug-ins

• Shockwave Flash 11.2 r202
• Adobe PDF Plug-In For Firefox and Netscape "9.5.1"
• Google Update
• iTunes Detector Plug-in
• Next Generation Java Plug-in 1.6.0_31 for Mozilla browsers
• NPRuntime Script Plug-in Library for Java(TM) Deploy
• 4.1.10111.0
• The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the QuickTime Web site.
• Winamp Application Detector
• Provides additional functionality on Facebook. See our web site for details.
• RealJukebox Netscape Plugin
• RealPlayer(tm) LiveConnect-Enabled Plug-In
• 6.0.12.448
• Windows Presentation Foundation (WPF) plug-in for Mozilla browsers
• np-mswmp
• Yahoo! activeX Plug-in Bridge
• Office Plugin for Netscape Navigator

## Application

• User Agent: Mozilla/5.0 (Windows NT 6.0; rv:12.0) Gecko/20100101 Firefox/12.0

## More Information

Application Basics
Name
Firefox
Version
12.0
User Agent
Mozilla/5.0 (Windows NT 6.0; rv:12.0) Gecko/20100101 Firefox/12.0
Profile Directory
Show Folder
Enabled Plugins
about:plugins
Build Configuration
about:buildconfig
Crash Reports
about:crashes
Memory Use
about:memory
Extensions
Name
Version
Enabled
ID
Adblock Plus
2.0.3
true
{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
ColorZilla
2.6.4
true
{6AC85730-7D0F-4de0-B3FA-21142DD85326}
Element Hiding Helper for Adblock Plus
1.2.2
true
elemhidehelper@adblockplus.org
Firebug
1.9.1
true
firebug@software.joehewitt.com
Flashblock
1.5.15.1
true
{3d7eb24f-2740-49df-8937-200b1cc08f8a}
Forecastfox
2.0.21
true
{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
Googlebar Lite
4.8.2
true
{79c50f9a-2ffe-4ee0-8a37-fae4f5dacd4f}
Html Validator
0.9.5.1
true
{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}
PageRank Client
1.2
true
pagerank-client@koeniglich.ch
Remove Cookies for Site
0.62
true
{06997db0-c027-4d5f-bd37-b0d9230226ea}
Social Fixer
6.502
true
socialfixer@mattkruse.com
Toolbar Buttons
1.0
true
{03B08592-E5B4-45ff-A0BE-C1D975458688}
Web Developer
1.1.9
true
{c45c406e-ab73-11d8-be73-000a95be3b12}
WebRank Toolbar
4.1.3
true
webrank-toolbar@probcomp.com
Microsoft .NET Framework Assistant
0.0.0
false
{20a82645-c095-46ed-80e3-08825760534b}
Total Validator
7.2.1
false
validator@totalvalidator.com
Important Modified Preferences
Name
Value
accessibility.typeaheadfind
true
accessibility.typeaheadfind.flashBar
0
browser.cache.disk.capacity
1048576
browser.cache.disk.smart_size.first_run
false
browser.cache.disk.smart_size_cached_value
1048576
browser.fixup.alternate.enabled
false
browser.history_expire_days.mirror
180
browser.places.importBookmarksHTML
false
browser.places.importDefaults
false
browser.places.leftPaneFolderId
-1
browser.places.migratePostDataAnnotations
false
browser.places.smartBookmarksVersion
2
browser.places.updateRecentTagsUri
false
browser.startup.homepage
http://apod.nasa.gov/apod/|http://www.kevinandkell.com/|http://my.yahoo.com/|https://www.facebook.com/EvolvingDoorAstrol…
browser.startup.homepage_override.buildID
20120420145725
browser.startup.homepage_override.mstone
rv:12.0
browser.tabs.loadInBackground
false
browser.tabs.onTop
false
browser.tabs.warnOnClose
false
browser.zoom.full
false
extensions.lastAppVersion
12.0
general.useragent.extra.microsoftdotnet
( .NET CLR 3.5.30729; .NET4.0C)
network.cookie.prefsMigrated
true
places.database.lastMaintenance
1335627342
places.history.expiration.transient_current_max_pages
80443
places.history.expiration.transient_optimal_database_size
128707952
places.last_vacuum
1306198853
print.print_printer
HP Deskjet 6940 series
print.printer_Bullzip_PDF_Printer.print_bgcolor
false
print.printer_Bullzip_PDF_Printer.print_bgimages
false
print.printer_Bullzip_PDF_Printer.print_command
print.printer_Bullzip_PDF_Printer.print_downloadfonts
false
print.printer_Bullzip_PDF_Printer.print_edge_bottom
0
print.printer_Bullzip_PDF_Printer.print_edge_left
0
print.printer_Bullzip_PDF_Printer.print_edge_right
0
print.printer_Bullzip_PDF_Printer.print_edge_top
0
print.printer_Bullzip_PDF_Printer.print_evenpages
true
print.printer_Bullzip_PDF_Printer.print_footercenter
print.printer_Bullzip_PDF_Printer.print_footerleft
&PT
print.printer_Bullzip_PDF_Printer.print_footerright
&D
print.printer_Bullzip_PDF_Printer.print_headercenter
print.printer_Bullzip_PDF_Printer.print_headerleft
&T
print.printer_Bullzip_PDF_Printer.print_headerright
&U
print.printer_Bullzip_PDF_Printer.print_in_color
true
print.printer_Bullzip_PDF_Printer.print_margin_bottom
0.5
print.printer_Bullzip_PDF_Printer.print_margin_left
0.5
print.printer_Bullzip_PDF_Printer.print_margin_right
0.5
print.printer_Bullzip_PDF_Printer.print_margin_top
0.5
print.printer_Bullzip_PDF_Printer.print_oddpages
true
print.printer_Bullzip_PDF_Printer.print_orientation
0
print.printer_Bullzip_PDF_Printer.print_pagedelay
500
print.printer_Bullzip_PDF_Printer.print_paper_data
1
print.printer_Bullzip_PDF_Printer.print_paper_height
11.00
print.printer_Bullzip_PDF_Printer.print_paper_size_type
0
print.printer_Bullzip_PDF_Printer.print_paper_size_unit
0
print.printer_Bullzip_PDF_Printer.print_paper_width
8.50
print.printer_Bullzip_PDF_Printer.print_reversed
false
print.printer_Bullzip_PDF_Printer.print_scaling
0.85
print.printer_Bullzip_PDF_Printer.print_shrink_to_fit
false
print.printer_Bullzip_PDF_Printer.print_to_file
false
print.printer_Bullzip_PDF_Printer.print_unwriteable_margin_bottom
0
print.printer_Bullzip_PDF_Printer.print_unwriteable_margin_left
0
print.printer_Bullzip_PDF_Printer.print_unwriteable_margin_right
0
print.printer_Bullzip_PDF_Printer.print_unwriteable_margin_top
0
print.printer_FinePrint.print_bgcolor
false
print.printer_FinePrint.print_bgimages
false
print.printer_FinePrint.print_command
print.printer_FinePrint.print_downloadfonts
false
print.printer_FinePrint.print_edge_bottom
0
print.printer_FinePrint.print_edge_left
0
print.printer_FinePrint.print_edge_right
0
print.printer_FinePrint.print_edge_top
0
print.printer_FinePrint.print_evenpages
true
print.printer_FinePrint.print_footercenter
print.printer_FinePrint.print_footerleft
&PT
print.printer_FinePrint.print_footerright
&D
print.printer_FinePrint.print_headercenter
print.printer_FinePrint.print_headerleft
&T
print.printer_FinePrint.print_headerright
&U
print.printer_FinePrint.print_in_color
true
print.printer_FinePrint.print_margin_bottom
0.5
print.printer_FinePrint.print_margin_left
0.5
print.printer_FinePrint.print_margin_right
0.5
print.printer_FinePrint.print_margin_top
0.5
print.printer_FinePrint.print_oddpages
true
print.printer_FinePrint.print_orientation
0
print.printer_FinePrint.print_pagedelay
500
print.printer_FinePrint.print_paper_data
1
print.printer_FinePrint.print_paper_height
11.00
print.printer_FinePrint.print_paper_size_type
0
print.printer_FinePrint.print_paper_size_unit
0
print.printer_FinePrint.print_paper_width
8.50
print.printer_FinePrint.print_reversed
false
print.printer_FinePrint.print_scaling
1.00
print.printer_FinePrint.print_shrink_to_fit
true
print.printer_FinePrint.print_to_file
false
print.printer_FinePrint.print_unwriteable_margin_bottom
0
print.printer_FinePrint.print_unwriteable_margin_left
0
print.printer_FinePrint.print_unwriteable_margin_right
0
print.printer_FinePrint.print_unwriteable_margin_top
0
print.printer_HP_Deskjet_6940_series.print_bgcolor
false
print.printer_HP_Deskjet_6940_series.print_bgimages
false
print.printer_HP_Deskjet_6940_series.print_command
print.printer_HP_Deskjet_6940_series.print_downloadfonts
false
print.printer_HP_Deskjet_6940_series.print_edge_bottom
0
print.printer_HP_Deskjet_6940_series.print_edge_left
0
print.printer_HP_Deskjet_6940_series.print_edge_right
0
print.printer_HP_Deskjet_6940_series.print_edge_top
0
print.printer_HP_Deskjet_6940_series.print_evenpages
true
print.printer_HP_Deskjet_6940_series.print_footercenter
print.printer_HP_Deskjet_6940_series.print_footerleft
&PT
print.printer_HP_Deskjet_6940_series.print_footerright
&D
print.printer_HP_Deskjet_6940_series.print_headercenter
print.printer_HP_Deskjet_6940_series.print_headerleft
&T
print.printer_HP_Deskjet_6940_series.print_headerright
&U
print.printer_HP_Deskjet_6940_series.print_in_color
true
print.printer_HP_Deskjet_6940_series.print_margin_bottom
0.5
print.printer_HP_Deskjet_6940_series.print_margin_left
0.5
print.printer_HP_Deskjet_6940_series.print_margin_right
0.5
print.printer_HP_Deskjet_6940_series.print_margin_top
0.5
print.printer_HP_Deskjet_6940_series.print_oddpages
true
print.printer_HP_Deskjet_6940_series.print_orientation
0
print.printer_HP_Deskjet_6940_series.print_page_delay
50
print.printer_HP_Deskjet_6940_series.print_pagedelay
500
print.printer_HP_Deskjet_6940_series.print_paper_data
1
print.printer_HP_Deskjet_6940_series.print_paper_height
11.00
print.printer_HP_Deskjet_6940_series.print_paper_size_type
0
print.printer_HP_Deskjet_6940_series.print_paper_size_unit
0
print.printer_HP_Deskjet_6940_series.print_paper_width
8.50
print.printer_HP_Deskjet_6940_series.print_reversed
false
print.printer_HP_Deskjet_6940_series.print_scaling
0.85
print.printer_HP_Deskjet_6940_series.print_shrink_to_fit
false
print.printer_HP_Deskjet_6940_series.print_to_file
false
print.printer_HP_Deskjet_6940_series.print_unwriteable_margin_bottom
0
print.printer_HP_Deskjet_6940_series.print_unwriteable_margin_left
0
print.printer_HP_Deskjet_6940_series.print_unwriteable_margin_right
0
print.printer_HP_Deskjet_6940_series.print_unwriteable_margin_top
0
privacy.clearOnShutdown.cookies
false
privacy.clearOnShutdown.formdata
false
privacy.clearOnShutdown.history
false
privacy.clearOnShutdown.offlineApps
true
privacy.clearOnShutdown.sessions
false
privacy.cpd.cookies
false
privacy.cpd.downloads
false
privacy.cpd.formdata
false
privacy.cpd.history
false
privacy.cpd.sessions
false
privacy.item.formdata
false
privacy.item.history
false
privacy.item.offlineApps
true
privacy.item.sessions
false
privacy.sanitize.migrateFx3Prefs
true
privacy.sanitize.sanitizeOnShutdown
true
privacy.sanitize.timeSpan
0
security.warn_viewing_mixed
false
Graphics
Adapter Description
NVIDIA GeForce 7050 / NVIDIA nForce 610i
Vendor ID
0x10de
Device ID
0x07e3
Adapter RAM
256
Adapter Drivers
nvd3dum
Driver Version
8.17.12.9573
Driver Date
2-9-2012
Direct2D Enabled
false
DirectWrite Enabled
false (7.0.6002.18582)
ClearType Parameters
ClearType parameters not found
WebGL Renderer
Google Inc. -- ANGLE (NVIDIA GeForce 7050 / NVIDIA nForce 610i) -- OpenGL ES 2.0 (ANGLE 1.0.0.963)
GPU Accelerated Windows
1/1 Direct3D 9

philipp
• Top 25 Contributor
• Moderator
5348 solutions 23617 answers

can you test if these connections also happen when you launch & run firefox in safemode (first close all other firefox windows & then press the shift key while you open firefox)

can you test if these connections also happen when you launch & run firefox in [[Safe Mode|safemode]] (first close all other firefox windows & then press the shift key while you open firefox)

### Question owner

I can try that, madperson, although it means I'd have to leave it in safe mode for several days. It doesn't seem to happen every day, but when it does there are several attempts spaced a few minutes apart. The problem is that I'm doing work that I need some of the plugins for, so I don't know if this will work for that amount of time. I'll see what I can do though. Maybe I could disable all but the most essential plugins for now and see what happens.

I can try that, madperson, although it means I'd have to leave it in safe mode for several days. It doesn't seem to happen every day, but when it does there are several attempts spaced a few minutes apart. The problem is that I'm doing work that I need some of the plugins for, so I don't know if this will work for that amount of time. I'll see what I can do though. Maybe I could disable all but the most essential plugins for now and see what happens.
philipp
• Top 25 Contributor
• Moderator
5348 solutions 23617 answers

the following site locates the ip-adress in russia/romania & lists 3 domains that are hosted there: http://www.plotip.com/ip/109.163.230.92 have you visited any of these intentionally?

the following site locates the ip-adress in russia/romania & lists 3 domains that are hosted there: [http://www.plotip.com/ip/109.163.230.92] have you visited any of these intentionally?

### Question owner

Nope.

Nope.
philipp
• Top 25 Contributor
• Moderator
5348 solutions 23617 answers

does a full scan of your system by malwarebytes or another anti-virus software bring up any suspicious results?

does a full scan of your system by malwarebytes or another anti-virus software bring up any suspicious results? [https://support.mozilla.org/en-US/kb/Is%20my%20Firefox%20problem%20a%20result%20of%20malware#w_how-do-i-get-rid-of-malware]

### Question owner

Malwarebytes and my anti-virus ESET found a few critters in the last couple of weeks, but they were quarantined and I zapped them. The outgoing calls are still happening.

Malwarebytes and my anti-virus ESET found a few critters in the last couple of weeks, but they were quarantined and I zapped them. The outgoing calls are still happening.

### Question owner

Okay, I waited until I saw more of those messages, since these out-calling attempts seem to come in waves. I just saw one and I restarted Firefox right away in Safe Mode with all add-ons disabled. First thing I saw after it had reloaded was another warning message that a call-out attempt by process firefox.exe had been blocked. So presumably it's not coming from one of my add-ons. What can I try next in trying to diagnose this? Again, thanks for your help.

Okay, I waited until I saw more of those messages, since these out-calling attempts seem to come in waves. I just saw one and I restarted Firefox right away in Safe Mode with all add-ons disabled. First thing I saw after it had reloaded was another warning message that a call-out attempt by process firefox.exe had been blocked. So presumably it's not coming from one of my add-ons. What can I try next in trying to diagnose this? Again, thanks for your help.
philipp
• Top 25 Contributor
• Moderator
5348 solutions 23617 answers

can you post a hijack-this log here?

can you post a hijack-this log here? [http://sourceforge.net/projects/hjt/]

### Question owner

Thanks for the suggestion. I've run a scan with log, which I'll paste below. By the way, this seems to happen either a lot or only when I access my own website. My website was hacked about a month or two ago and I cleaned it out right away, but I'm wondering if maybe there's something that got downloaded to my computer inadvertently that's trying to "phone home."

The log, with my comments, exceeds the maximum character count, so I'll divide it into running processes first, and then the rest of the log in a separate post. Here's part 1 of the log:

```Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:30:12 AM, on 2012-05-06
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\BOINC\boinctray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ChronosXP\ChronosXP.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\LG Soft India\fortePivot\bin\fortePivot.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\PayPal Payment Request Wizard\Outlook Wizard\OEHook.exe
C:\Program Files\Lunabar\Lunabar.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conime.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\zabkat\xplorer2\xplorer2_UC.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Owner\Downloads\SoftwareFree\HijackThis.exe```
Thanks for the suggestion. I've run a scan with log, which I'll paste below. By the way, this seems to happen either a lot or only when I access my own website. My website was hacked about a month or two ago and I cleaned it out right away, but I'm wondering if maybe there's something that got downloaded to my computer inadvertently that's trying to "phone home." The log, with my comments, exceeds the maximum character count, so I'll divide it into running processes first, and then the rest of the log in a separate post. Here's part 1 of the log:<br /> <br /> <pre><nowiki>Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:30:12 AM, on 2012-05-06 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\BOINC\boinctray.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\ChronosXP\ChronosXP.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\FinePixViewer\QuickDCF2.exe C:\Program Files\LG Soft India\fortePivot\bin\fortePivot.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\PayPal Payment Request Wizard\Outlook Wizard\OEHook.exe C:\Program Files\Lunabar\Lunabar.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\conime.exe C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\zabkat\xplorer2\xplorer2_UC.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Owner\Downloads\SoftwareFree\HijackThis.exe</nowiki></pre>

Modified by cor-el

### Question owner

Here's part 2 of the log:

```R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://value-exchange.sitesell.com/value-hq.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [boincmgr] "C:\Program Files\BOINC\boincmgr.exe" /a /s
O4 - HKLM\..\Run: [boinctray] "C:\Program Files\BOINC\boinctray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\windows sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ChronosXP] "C:\Program Files\ChronosXP\ChronosXP.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3941292943-3776173302-198126923-1008\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'UpdatusUser')
O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe
O4 - Startup: Lunabar Taskbar Icon.lnk = C:\Program Files\Lunabar\Lunabar.exe
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O4 - Global Startup: fortePivot.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Outlook Plugin.lnk = C:\Program Files\PayPal Payment Request Wizard\Outlook Wizard\OEHook.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Toggle Flash - {93089660-AD23-44F1-AF37-54011A1A5A22} - C:\Program Files\Toggle Flash\togflash.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://staplescanada.webprint.com
O16 - DPF: CosNet_VideoPlugin - http://www.instantpresenter.com/components/CosNet_VideoPlugin.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://oas.support.microsoft.com/ActiveX/MSDcode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1253379198927
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E901098E-6B97-485A-B712-9908683F5E9E} (CosNetWebConference Control) - http://www.instantpresenter.com/components/CosNetWebConference.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

--
End of file - 11398 bytes```
Here's part 2 of the log:<br /> <br /> <pre><nowiki>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://value-exchange.sitesell.com/value-hq.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [boincmgr] "C:\Program Files\BOINC\boincmgr.exe" /a /s O4 - HKLM\..\Run: [boinctray] "C:\Program Files\BOINC\boinctray.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKCU\..\Run: [Sidebar] C:\Program Files\windows sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ChronosXP] "C:\Program Files\ChronosXP\ChronosXP.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Google Update] "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-3941292943-3776173302-198126923-1008\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'UpdatusUser') O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe O4 - Startup: Lunabar Taskbar Icon.lnk = C:\Program Files\Lunabar\Lunabar.exe O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe O4 - Global Startup: fortePivot.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Outlook Plugin.lnk = C:\Program Files\PayPal Payment Request Wizard\Outlook Wizard\OEHook.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Toggle Flash - {93089660-AD23-44F1-AF37-54011A1A5A22} - C:\Program Files\Toggle Flash\togflash.exe O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: http://staplescanada.webprint.com O16 - DPF: CosNet_VideoPlugin - http://www.instantpresenter.com/components/CosNet_VideoPlugin.cab O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://oas.support.microsoft.com/ActiveX/MSDcode.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1253379198927 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E901098E-6B97-485A-B712-9908683F5E9E} (CosNetWebConference Control) - http://www.instantpresenter.com/components/CosNetWebConference.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- End of file - 11398 bytes</nowiki></pre>

Modified by cor-el

### Question owner

I hope that part 2 isn't too messy. If it's impossible to read, let me know and I'll space it out.

I hope that part 2 isn't too messy. If it's impossible to read, let me know and I'll space it out.
user633449 1539 solutions 10745 answers

Download and Run TDSSKiller http://support.kaspersky.com/faq/?qid=208283363

Download and Install Microsoft Security Essentials http://windows.microsoft.com/en-US/windows/products/security-essentials (not an official endorsement, but I personally recommend MSE as an awesome permanent anti-virus)

Double check for all Windows Updates.

If you are still having problems with Malware after that, I would recommend either http://www.bleepingcomputer.com/virus-removal/, or having your computer cleaned by a professional. Diagnosing virus infections is a bit beyond the scope of this forum.

Download and Run TDSSKiller [http://support.kaspersky.com/faq/?qid=208283363 http://support.kaspersky.com/faq/?qid=208283363] Download and Install Microsoft Security Essentials [http://windows.microsoft.com/en-US/windows/products/security-essentials http://windows.microsoft.com/en-US/windows/products/security-essentials] (not an official endorsement, but I personally recommend MSE as an awesome permanent anti-virus) Double check for all Windows Updates. If you are still having problems with Malware after that, I would recommend either [http://www.bleepingcomputer.com/virus-removal/ http://www.bleepingcomputer.com/virus-removal/], or having your computer cleaned by a professional. Diagnosing virus infections is a bit beyond the scope of this forum.

### Question owner

Hi Tylerdowner, thanks for the suggestions. I'll check out TDSSKiller. I don't think I have essentials running, although I do have their anti-spyware one (can't think of the name). I always make sure all Windows updates are installed, and if there are any waiting that MS hasn't notified me about yet, ESET throws a hissy fit until I update it. ;-)

Hi Tylerdowner, thanks for the suggestions. I'll check out TDSSKiller. I don't think I have essentials running, although I do have their anti-spyware one (can't think of the name). I always make sure all Windows updates are installed, and if there are any waiting that MS hasn't notified me about yet, ESET throws a hissy fit until I update it. ;-)
philipp
• Top 25 Contributor
• Moderator
5348 solutions 23617 answers

nothing too obvious in the log - however

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe

is flagged as malicious on two sites. you might want to remove this entry & uninstall this software if you don't need it

nothing too obvious in the log - however ''O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe'' is flagged as malicious on two sites. you might want to remove this entry & uninstall this software if you don't need it

Modified by philipp

### Question owner

Tylerdowner: TDSSKiller came up with nothing.

Madperson: I "repaired" that item and tried accessing my website and got the same outcall warning from MB.

On a hunch, I tested my site on IE9 and got the same warning message, but giving IE as the source process. So I guess this isn't a Mozilla issue, as such. And the warning message is coming up pretty consistently when I access a page on my website, so I suspect this is related to the hack attack I got, which probably coincides with when I started seeing those warnings.

I'm not quite sure what to try next. I could try scrubbing my webspace and reinstalling, but if it's an outgoing call from my computer that suggests the problem is on my computer, not (any longer) on my website, so it might not help. Maybe I'll try bleepingcomputer, as suggested by Tylerdowner.

I really appreciate all the help. :-) Any other suggestions are most welcome.

Tylerdowner: TDSSKiller came up with nothing. Madperson: I "repaired" that item and tried accessing my website and got the same outcall warning from MB. On a hunch, I tested my site on IE9 and got the same warning message, but giving IE as the source process. So I guess this isn't a Mozilla issue, as such. And the warning message is coming up pretty consistently when I access a page on my website, so I suspect this is related to the hack attack I got, which probably coincides with when I started seeing those warnings. I'm not quite sure what to try next. I could try scrubbing my webspace and reinstalling, but if it's an outgoing call from my computer that suggests the problem is on my computer, not (any longer) on my website, so it might not help. Maybe I'll try bleepingcomputer, as suggested by Tylerdowner. I really appreciate all the help. :-) Any other suggestions are most welcome.
philipp
• Top 25 Contributor
• Moderator
5348 solutions 23617 answers

the problem is most likely on you pc - mcafee website lists a few trojan variants that communicate with this ip: https://www.google.com/search?q=109.163.230.***+mcafee.com

you can also use this microsoft tool (uses the engine of ms security essentials) to create a bootable cd/dvd/usb-stick with up do date sigantures to scan your pc for rootkits etc: http://windows.microsoft.com/en-US/wi.../what-is-windows-defender-offline

as tylerdowner has already suggested, if all those suggestions don't work it would be better to consult a specialised forum like the ones that are listed in the link of my third answer.

the problem is most likely on you pc - mcafee website lists a few trojan variants that communicate with this ip: [https://www.google.com/search?q=109.163.230.***+mcafee.com] you can also use this microsoft tool (uses the engine of ms security essentials) to create a bootable cd/dvd/usb-stick with up do date sigantures to scan your pc for rootkits etc: [http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline] as tylerdowner has already suggested, if all those suggestions don't work it would be better to consult a specialised forum like the ones that are listed in the link of my third answer.
philipp
• Top 25 Contributor
• Moderator
5348 solutions 23617 answers

sorry, i didn't read the part before, where you said its mainly happening when you visit your site & then with all browsers. so doesn't have to necessarily be something local - maybe still some leftover code/links from the hacking attack - then your browser would be triggered to contact the ip and therefore the traffic is shown as originating from the browser

sorry, i didn't read the part before, where you said its mainly happening when you visit your site & then with all browsers. so doesn't have to necessarily be something local - maybe still some leftover code/links from the hacking attack - then your browser would be triggered to contact the ip and therefore the traffic is shown as originating from the browser

### Question owner

Hi Madperson, thanks very much for your thoughts. I keep running various scans and nothing shows up. I even ran an antivirus scan on my webspace (provided by cPanel) and it didn't show anything. I've now put in a support ticket to my webhost and hope that they can help. Thanks for mentioning that the problem isn't necessarily on my computer. I feel like I'm running in circles with this, so it could make sense that I'm looking in the wrong place. For the sake of anyone else reading this who is having similar issues, I'll report back anything I find out about this. Again, many thanks for all your help. :-)

Hi Madperson, thanks very much for your thoughts. I keep running various scans and nothing shows up. I even ran an antivirus scan on my webspace (provided by cPanel) and it didn't show anything. I've now put in a support ticket to my webhost and hope that they can help. Thanks for mentioning that the problem isn't necessarily on my computer. I feel like I'm running in circles with this, so it could make sense that I'm looking in the wrong place. For the sake of anyone else reading this who is having similar issues, I'll report back anything I find out about this. Again, many thanks for all your help. :-)

### Question owner

I found out what was causing the problem. It was a link to a 3rd party website that I used to create my Facebook badge. It's apparently involved in servers that aren't exactly picky about their users, if you get my drift, so Malwarebytes considers their IP address a dirty one and blocks it. I've removed the link and it's fine now.

Thanks again for the help! :-)

I found out what was causing the problem. It was a link to a 3rd party website that I used to create my Facebook badge. It's apparently involved in servers that aren't exactly picky about their users, if you get my drift, so Malwarebytes considers their IP address a dirty one and blocks it. I've removed the link and it's fine now. Thanks again for the help! :-)