URL:Mal 188.165.198.52

[REDACTED]

It would appear that I have this MAL problem also.  I have attached the first three files.  I have run AVAST, Malwarebyte and Spybot Search and Destroy.  No help there.

r/Charlie Meyer

[REDACTED]

Here is the MBR file.

[essexboy]

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {CCADCF38-0EA3-4C54-A1FC-1F0AD898A562} URL =
2014-10-20 23:12 - 2014-10-20 23:13 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2014-10-19 09:58 - 2014-10-19 09:58 - 00000000 ____D () C:\Windows\{B7231620-E76C-4C8E-ADD5-594B1C9FF72F}
2014-10-17 18:21 - 2014-10-27 08:03 - 00000000 ___HD () C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}
2014-10-28 21:53 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-10-20 23:12 - 2014-09-12 11:18 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Download to your desktop process explorer from here http://technet.microsoft.com/en-gb/sysinternals/bb896653.aspx
Open process explorer and from the menu bar select View > Lower Pane
Select Explorer.exe
A Lower window will open
As soon as you get an alert
On the menu bar go to File > Save as..
Then select the desktop and click save
On the desktop will then be a text file called explorer please attach that
You may need to edit the file name from explorer.exe.txt  to explorer.txt  to allow it to be attached

[REDACTED]

fixlog is attached.

[REDACTED]

explorer.txt is attached.

[essexboy]

Do you have Daemon tools or something similar on your system and do you use torrents

[REDACTED]

No and No.  But the problem seems to have been resolved.  After running the fixit and a reboot the popups have stopped.  Is there some indication that I should be aware of for Torrents?  I did use them in a different life and on an different PC.  That should not have crossed to this machine.
R/Charlie

[essexboy]

Evidently that site tries to determine whether any torrents are pirated hence my question

If all is well tomorrow let me know and I will tidy up

[REDACTED]

Interesting.  The IP crosses to a site in France.  Go figure.  Seems like if AVAST would catch it, it should be able to do something about it.  Of course Malwarebytes and SSD didn't find it either.

I know that torrents were used for a huge amount of music downloads for a couple of years.  Started a food fight with the FCC and FTC and got some folks very large fines.  They were never secure enough for what we were going to use them for (transfer large files that wouldn't go email) so we just dropped the idea.

Machine has been working fine today so when it hits the magical 24 hour mark I will try a reboot and see what happens then.

[essexboy]

Thanks