Over 1 million tech questions and answers.

Email hijacked by fake WhatsApp link in a received email

Q: Email hijacked by fake WhatsApp link in a received email

I hope I am posting in the correct forum.... I wasn't sure if I should post in the "am I infected" forum or here.
 
Anyway, I received an email from a trusted contact with a WhatsApp link in it, saying "You have new messages". I clicked it (accidentally, not that it matters) and thought it was just a dodgy email trying to sell fat-busting remedies. Then, immediately, my email was hijacked and started sending similar "WhatsApp" emails out to addresses I knew as well as other random ones.
 
I changed my email password and this seems to have cured that problem of emails being sent out. However I'm not sure if anything else has been put on my computer, so I'm hoping someone can help me check that it's all ok, and if not, help me get rid of anything bad my laptop has caught. Also whether you can advise if my other passwords are likely to have been compromised, as I do use a password manager (note most of my passwords are different to the email password I had when this happened). I also restored to a previous restore point, in the hope that would also help fix anything.
 
I'm running Windows 8.1, 64-bit. Windows firewall is on (and has been the whole time).
I scanned my computer using NOD32 Antivirus 8 and nil threats were located. Then I ran the system restore function to roll back to a point from yesterday.
I then came here and followed the instructions and the FRST64 logs are as follows:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-02-2015
Ran by L (administrator) on NUDIBRANCH on 15-02-2015 00:08:58
Running from C:\Users\L\Desktop
Loaded Profiles: L (Available profiles: L)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Maxthon)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\avfaudiosw.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Maxthon) C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe
() C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe
() C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tposd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Pokki) C:\Users\L\AppData\Local\Pokki\Engine\HostAppService.exe
(Pokki) C:\Users\L\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Pokki) C:\Users\L\AppData\Local\Pokki\Engine\HostAppService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\extapsup.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Password Manager\password_manager.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Password Manager\pwm_ie_helper_desktop.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Password Manager\pwm_ie_helper_metro.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Password Manager\password_manager.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Pokki) C:\Users\L\AppData\Local\Pokki\Engine\StartMenuIndexer.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Users\L\AppData\Roaming\Dropbox\bin\Dropbox.exe
(MyHeritage) C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe
(Marek Wróbel) C:\Users\L\Downloads\tpmiddle-0.6.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\tpknrres.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [LenovoOptMouseUpdate] => C:\Program Files\Lenovo\HOTKEY\extapsup.exe [255480 2013-06-20] (Lenovo Group Limited)
HKLM\...\Run: [TpShocks] => C:\windows\system32\TpShocks.exe [384344 2014-02-18] (Lenovo.)
HKLM\...\Run: [MFACApp] => C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\mfac.exe [5449544 2014-10-16] (Nok Nok Labs, Inc.)
HKLM\...\Run: [LENOVO.TPKNRRES] => rundll32.exe "C:\Program Files\Lenovo\Communications Utility\LibStartStub.dll",AVStartupStub
HKLM\...\Run: [PasswordManager] => C:\Program Files\Lenovo\Password Manager\password_manager.exe [1665824 2014-06-23] (Lenovo Group Limited)
HKLM\...\Run: [LnvMobHotspotClient] => C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe [938032 2014-03-05] (Lenovo)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5595336 2014-10-01] (ESET)
HKLM-x32\...\Run: [Integrated Camera_Monitor] => C:\Program Files (x86)\Integrated Camera\monitor.exe [1719968 2014-02-20] (SunplusIT, Inc.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [134616 2013-12-03] (Intel Corporation)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-11-19] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3084288 2012-07-31] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Family Tree Builder Update] => C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe [2534400 2014-05-14] (MyHeritage)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3111617019-1482112788-3391721557-1001\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
HKU\S-1-5-21-3111617019-1482112788-3391721557-1001\...\Run: [GoogleChromeAutoLaunch_20C3476E9F850696941C9C56497DE747] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)
HKU\S-1-5-21-3111617019-1482112788-3391721557-1001\...\RunOnce: [Application Restart #1] => C:\Users\L\AppData\Local\Pokki\Engine\HostAppService.exe [7846216 2015-02-01] (Pokki)
Startup: C:\Users\L\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\L\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\L\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tpmiddle-0.6.exe - Shortcut.lnk
ShortcutTarget: tpmiddle-0.6.exe - Shortcut.lnk -> C:\Users\L\Downloads\tpmiddle-0.6.exe (Marek Wróbel)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\L\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\L\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\L\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\L\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\L\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\L\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\L\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\L\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-3111617019-1482112788-3391721557-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
HKU\S-1-5-21-3111617019-1482112788-3391721557-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13-comm.msn.com/?pc=LNJB
HKU\S-1-5-21-3111617019-1482112788-3391721557-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3111617019-1482112788-3391721557-1001 -> DefaultScope {415957DE-BE63-481E-8DA5-9B7A7C9F9367} URL = 
SearchScopes: HKU\S-1-5-21-3111617019-1482112788-3391721557-1001 -> {415957DE-BE63-481E-8DA5-9B7A7C9F9367} URL = 
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\L\AppData\Roaming\Mozilla\Firefox\Profiles\vfuwrb4r.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @update.noknok.com/Nok Nok Labs MFACUpdater;version=3 -> C:\Program Files (x86)\Nok Nok Labs\MFACUpdater\1.3.27.0\npGoogleUpdate3.dll (Nok Nok Labs Inc.)
FF Plugin-x32: @update.noknok.com/Nok Nok Labs MFACUpdater;version=9 -> C:\Program Files (x86)\Nok Nok Labs\MFACUpdater\1.3.27.0\npGoogleUpdate3.dll (Nok Nok Labs Inc.)
FF Extension: Xmarks - C:\Users\L\AppData\Roaming\Mozilla\Firefox\Profiles\vfuwrb4r.default\Extensions\[email protected] [2014-12-12]
FF Extension: S3 Firefox Organizer(S3Fox) - C:\Users\L\AppData\Roaming\Mozilla\Firefox\Profiles\vfuwrb4r.default\Extensions\{7CEA821D-3DAB-4238-B424-BF7324531750}.xpi [2014-08-01]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\firefox\x86\FIDOaddon
FF Extension: MFAC Extension - C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\firefox\x86\FIDOaddon [2014-07-07]
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\firefox\x86\FIDOaddon
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKU\S-1-5-21-3111617019-1482112788-3391721557-1001\...\Firefox\Extensions: [{F74D5734-46F5-4B16-96F0-1E7FBF41B750}] - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension\2.0b12
FF Extension: ThinkVantage Password Manager - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension\2.0b12 [2014-07-23]
 
Chrome: 
=======
CHR Profile: C:\Users\L\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\L\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2014-07-23]
CHR Extension: (Google Docs) - C:\Users\L\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-23]
CHR Extension: (Google Drive) - C:\Users\L\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-23]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\L\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-05]
CHR Extension: (YouTube) - C:\Users\L\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-23]
CHR Extension: (Google Search) - C:\Users\L\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-23]
CHR Extension: (AdBlock) - C:\Users\L\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-07-23]
CHR Extension: (Pin It Button) - C:\Users\L\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-02-04]
CHR Extension: (ThinkVantage Password Manager) - C:\Users\L\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpdfbkehegfmedglgemnhbnpmfmioggj [2014-07-23]
CHR Extension: (MFAC) - C:\Users\L\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbgbpjganndfjjmlamggkkkjafblbahl [2014-07-23]
CHR Extension: (Google Wallet) - C:\Users\L\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-23]
CHR Extension: (Gmail) - C:\Users\L\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-23]
CHR HKLM-x32\...\Chrome\Extension: [lpdfbkehegfmedglgemnhbnpmfmioggj] - No Path
CHR HKLM-x32\...\Chrome\Extension: [mbgbpjganndfjjmlamggkkkjafblbahl] - C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\Chrome\x86\FidoExtension.crx [2014-10-16]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVControlCenter; C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe [629192 2014-10-28] (Lenovo Corporation)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [270336 2012-07-13] (Brother Industries, Ltd.) [File not signed]
R3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [321024 2013-08-22] (Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1349576 2014-10-01] (ESET)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-28] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-28] (Intel® Corporation)
S2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [200168 2013-12-05] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-03] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [559872 2014-08-06] (Lenovo)
R2 Lenovo Settings Service; C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [2016472 2015-01-23] (Lenovo Group Limited)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-11-21] (LENOVO INCORPORATED.)
S3 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [714696 2014-12-01] (Lenovo Corporation)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-11] (Lenovo Group Limited)
R2 lnvDiscoveryWinSvc; C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe [22576 2014-02-21] (Lenovo)
S3 LnvHotSpotSvc; C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe [474160 2014-03-05] (Lenovo)
R2 LocationTaskManager; C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe [469720 2015-01-09] ()
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] ()
R2 MaxthonUpdateSvc; C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [1851192 2014-11-22] (Maxthon)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-05-29] ()
S2 omaha; C:\Program Files (x86)\Nok Nok Labs\MFACUpdater\MFACUpdate.exe [148272 2014-07-07] (Nok Nok Labs Inc.)
S3 omaham; C:\Program Files (x86)\Nok Nok Labs\MFACUpdater\MFACUpdate.exe [148272 2014-07-07] (Nok Nok Labs Inc.)
S2 QuickControlMasterSvc; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe [61936 2014-06-11] (Lenovo Group Limited)
R3 QuickControlService; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe [327152 2014-06-11] (Lenovo Group Limited)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-06-18] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-05-29] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32640 2013-08-22] (Microsoft Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-05] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2014-03-26] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1424184 2014-04-22] (Motorola Solutions, Inc.)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [457496 2014-03-05] (Intel Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [243440 2014-08-18] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [241368 2014-08-18] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [169280 2014-08-18] (ESET)
R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [158968 2014-09-18] (ESET)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [199624 2014-06-06] (Intel Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-14] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-14] ()
R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [77992 2013-10-04] (Intel Corporation)
S3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-14] ()
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100824 2013-12-03] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3446240 2014-06-18] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-19] (Intel Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [423128 2013-07-24] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-04-07] (Synaptics Incorporated)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1521312 2014-03-18] (Sunplus)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-15 00:08 - 2015-02-15 00:09 - 00022084 _____ () C:\Users\L\Desktop\FRST.txt
2015-02-15 00:08 - 2015-02-15 00:09 - 00000000 ____D () C:\FRST
2015-02-15 00:07 - 2015-02-15 00:06 - 02134528 _____ (Farbar) C:\Users\L\Desktop\FRST64.exe
2015-02-15 00:06 - 2015-02-15 00:06 - 02134528 _____ (Farbar) C:\Users\L\Downloads\FRST64.exe
2015-02-14 22:47 - 2015-02-14 23:52 - 00000000 ____D () C:\AdwCleaner
2015-02-11 20:18 - 2015-01-16 09:43 - 00563504 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-02-11 20:18 - 2015-01-16 09:43 - 00177984 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-02-11 20:18 - 2015-01-14 15:22 - 00445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2015-02-11 20:18 - 2015-01-14 14:53 - 00324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2015-02-11 20:18 - 2015-01-14 09:11 - 01762840 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-02-11 20:18 - 2015-01-14 09:04 - 01489072 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2015-02-11 20:18 - 2015-01-12 14:09 - 25056256 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-02-11 20:18 - 2015-01-12 13:48 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-02-11 20:18 - 2015-01-12 13:48 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-02-11 20:18 - 2015-01-12 13:47 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-02-11 20:18 - 2015-01-12 13:34 - 00816128 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-02-11 20:18 - 2015-01-12 13:32 - 06041088 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-02-11 20:18 - 2015-01-12 13:25 - 19740160 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-02-11 20:18 - 2015-01-12 13:21 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-02-11 20:18 - 2015-01-12 13:08 - 00503296 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-02-11 20:18 - 2015-01-12 13:07 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-02-11 20:18 - 2015-01-12 13:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-02-11 20:18 - 2015-01-12 13:02 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-02-11 20:18 - 2015-01-12 12:58 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2015-02-11 20:18 - 2015-01-12 12:55 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-02-11 20:18 - 2015-01-12 12:51 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2015-02-11 20:18 - 2015-01-12 12:48 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-02-11 20:18 - 2015-01-12 12:48 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-02-11 20:18 - 2015-01-12 12:48 - 00374272 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-02-11 20:18 - 2015-01-12 12:46 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-02-11 20:18 - 2015-01-12 12:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-02-11 20:18 - 2015-01-12 12:43 - 14401024 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-02-11 20:18 - 2015-01-12 12:34 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2015-02-11 20:18 - 2015-01-12 12:30 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2015-02-11 20:18 - 2015-01-12 12:29 - 04300800 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-02-11 20:18 - 2015-01-12 12:27 - 02865152 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
2015-02-11 20:18 - 2015-01-12 12:27 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-02-11 20:18 - 2015-01-12 12:25 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2015-02-11 20:18 - 2015-01-12 12:23 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-02-11 20:18 - 2015-01-12 12:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-02-11 20:18 - 2015-01-12 12:23 - 00327168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-02-11 20:18 - 2015-01-12 12:14 - 12829184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-02-11 20:18 - 2015-01-12 12:14 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-02-11 20:18 - 2015-01-12 12:02 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-02-11 20:18 - 2015-01-12 12:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-02-11 20:18 - 2015-01-12 11:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-02-11 20:18 - 2015-01-12 11:55 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-02-11 20:18 - 2015-01-10 20:10 - 07472960 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-02-11 20:18 - 2015-01-10 20:10 - 01733440 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-02-11 20:18 - 2015-01-10 19:28 - 01498360 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-02-11 20:18 - 2015-01-10 18:00 - 00430080 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-02-11 20:18 - 2015-01-10 17:38 - 00359424 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-02-11 20:18 - 2014-12-09 14:45 - 00393728 _____ (Microsoft Corporation) C:\windows\SysWOW64\scesrv.dll
2015-02-11 20:18 - 2014-12-09 12:56 - 00538624 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll
2015-02-11 20:18 - 2014-10-29 13:51 - 00154112 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-02-11 20:18 - 2014-10-29 13:50 - 00736768 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-02-11 20:18 - 2014-10-29 13:06 - 00736768 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-02-11 20:18 - 2014-10-29 13:06 - 00154112 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-02-11 20:18 - 2014-10-29 13:02 - 00285184 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-02-11 20:18 - 2014-10-29 13:02 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-02-11 20:18 - 2014-10-29 12:57 - 00016896 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-02-11 20:18 - 2014-10-29 12:31 - 01441792 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-02-11 20:18 - 2014-10-29 12:15 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-02-11 20:18 - 2014-10-29 12:15 - 00005632 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-02-11 20:18 - 2014-10-29 12:14 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-02-11 20:18 - 2014-10-29 12:13 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-02-11 20:18 - 2014-10-29 12:13 - 00008704 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-02-11 20:17 - 2015-01-10 19:22 - 04175872 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-02-06 03:31 - 2015-02-06 03:31 - 00003664 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore1d0416122fda050
2015-02-06 03:31 - 2015-02-06 03:31 - 00000924 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore1d0416122fda050.job
2015-02-03 13:57 - 2015-02-03 13:57 - 00000000 ____D () C:\Users\L\AppData\Roaming\PDF Writer
2015-02-03 13:57 - 2015-02-03 13:57 - 00000000 ____D () C:\Users\L\AppData\Local\PDF Writer
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-15 00:04 - 2014-07-23 11:33 - 00000000 ____D () C:\Users\L\AppData\Local\Pokki
2015-02-15 00:03 - 2013-08-23 02:36 - 00000000 ____D () C:\windows\system32\sru
2015-02-15 00:01 - 2013-08-23 01:46 - 00099026 _____ () C:\windows\setupact.log
2015-02-14 23:56 - 2014-07-23 11:39 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3111617019-1482112788-3391721557-1001
2015-02-14 23:54 - 2013-10-08 05:27 - 00863592 _____ () C:\windows\system32\PerfStringBackup.INI
2015-02-14 23:51 - 2015-01-12 21:40 - 00000000 ___RD () C:\Users\L\Dropbox
2015-02-14 23:51 - 2015-01-12 21:38 - 00000000 ____D () C:\Users\L\AppData\Roaming\Dropbox
2015-02-14 23:51 - 2014-07-23 12:21 - 00000924 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-14 23:51 - 2014-07-23 11:37 - 00000000 ___DO () C:\Users\L\OneDrive
2015-02-14 23:51 - 2014-07-23 11:33 - 00000000 ____D () C:\Users\L
2015-02-14 23:51 - 2014-07-07 04:43 - 00000988 _____ () C:\windows\Tasks\Nok Nok LabsMFACUpdaterTaskMachineCore.job
2015-02-14 23:50 - 2014-07-07 04:12 - 01637781 _____ () C:\windows\WindowsUpdate.log
2015-02-14 23:48 - 2014-07-06 12:52 - 00000000 ____D () C:\ProgramData\Lenovo
2015-02-14 23:48 - 2013-08-23 02:36 - 00000000 __RSD () C:\windows\Media
2015-02-14 23:48 - 2013-08-23 02:36 - 00000000 ____D () C:\windows\PolicyDefinitions
2015-02-14 23:48 - 2013-08-23 01:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-02-14 23:48 - 2013-08-23 00:36 - 00000000 ____D () C:\windows\system32\Sysprep
2015-02-14 23:47 - 2013-08-23 02:36 - 00000000 ____D () C:\windows\registration
2015-02-14 23:44 - 2014-08-01 21:58 - 00150528 ___SH () C:\Users\L\Desktop\Thumbs.db
2015-02-14 22:46 - 2015-01-14 19:34 - 00001803 _____ () C:\Users\L\Documents\gladioli.txt
2015-02-13 14:59 - 2013-08-23 02:20 - 00000000 ____D () C:\windows\CbsTemp
2015-02-13 14:48 - 2014-07-07 04:43 - 00000992 _____ () C:\windows\Tasks\Nok Nok LabsMFACUpdaterTaskMachineUA.job
2015-02-13 14:40 - 2014-12-31 19:59 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-02-13 14:36 - 2014-11-13 07:31 - 00000928 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA1cffeb7b4fcb9c4.job
2015-02-13 14:36 - 2014-10-18 14:26 - 00000928 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA1cfea8358e1a9ab.job
2015-02-13 14:31 - 2014-07-23 12:21 - 00000928 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-13 13:34 - 2014-07-23 11:37 - 00002342 _____ () C:\Users\L\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2015-02-13 13:33 - 2013-08-23 01:44 - 00410392 _____ () C:\windows\system32\FNTCACHE.DAT
2015-02-13 13:32 - 2013-10-08 05:23 - 00479304 _____ () C:\windows\PFRO.log
2015-02-13 13:32 - 2013-08-23 00:25 - 00262144 ___SH () C:\windows\system32\config\BBI
2015-02-12 14:59 - 2015-01-12 21:40 - 00001069 _____ () C:\Users\L\Desktop\Dropbox.lnk
2015-02-12 14:59 - 2015-01-12 21:40 - 00000000 ____D () C:\Users\L\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-12 12:39 - 2014-09-05 22:52 - 00000000 ____D () C:\Users\L\Documents\Photos
2015-02-12 05:29 - 2013-08-23 02:36 - 00000000 ____D () C:\windows\rescache
2015-02-11 20:39 - 2014-07-22 22:01 - 00000000 ____D () C:\windows\system32\MRT
2015-02-11 20:39 - 2013-08-23 02:36 - 00000000 ____D () C:\windows\AppReadiness
2015-02-11 20:37 - 2014-07-22 22:00 - 116773704 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-02-10 21:23 - 2015-01-06 21:36 - 00026112 ___SH () C:\Users\L\Documents\Thumbs.db
2015-02-10 20:42 - 2015-01-10 18:38 - 00000000 ____D () C:\Users\L\Documents\Arundel St
2015-02-08 20:45 - 2014-07-23 12:37 - 00000000 ____D () C:\Users\L\AppData\Roaming\Skype
2015-02-06 18:37 - 2014-07-23 12:22 - 00002214 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-06 03:31 - 2014-07-23 12:21 - 00003664 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 05:40 - 2014-12-31 19:59 - 00003718 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-02-04 06:31 - 2013-08-23 02:38 - 00714720 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-02-04 06:31 - 2013-08-23 02:38 - 00106976 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-02 15:18 - 2014-08-05 20:30 - 00000350 _____ () C:\windows\BRRBCOM.INI
2015-02-02 13:43 - 2014-07-23 11:34 - 00000000 ____D () C:\Users\L\AppData\Local\Packages
2015-02-01 15:19 - 2013-08-23 02:36 - 00000000 ____D () C:\windows\system32\NDF
2015-01-24 22:11 - 2014-12-11 19:39 - 00000000 ____D () C:\Users\L\Documents\Photos 2
2015-01-22 02:39 - 2014-07-07 04:26 - 00000000 ____D () C:\Program Files (x86)\Lenovo
2015-01-16 07:49 - 2014-07-07 04:44 - 00020736 _____ (Lenovo Group Limited) C:\windows\system32\Drivers\TPPWR64V.SYS
 
==================== Files in the root of some directories =======
 
2014-07-23 11:34 - 2014-07-23 11:34 - 0000193 _____ () C:\Users\L\AppData\Local\RegisteredPackageInformation.xml
2014-07-07 04:29 - 2014-07-07 04:29 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some content of TEMP:
====================
C:\Users\L\AppData\Local\Temp\1_flashplayer.exe
C:\Users\L\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp63qnje.dll
C:\Users\L\AppData\Local\Temp\InstHelper.exe
C:\Users\L\AppData\Local\Temp\oct4247.tmp.exe
C:\Users\L\AppData\Local\Temp\oct5D8A.tmp.exe
C:\Users\L\AppData\Local\Temp\octAF2F.tmp.exe
C:\Users\L\AppData\Local\Temp\octB213.tmp.exe
C:\Users\L\AppData\Local\Temp\octBE95.tmp.exe
C:\Users\L\AppData\Local\Temp\ose00000.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-06 05:20
 
==================== End Of Log ============================

RELEVANCY SCORE 200
Preferred Solution: Email hijacked by fake WhatsApp link in a received email

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Email hijacked by fake WhatsApp link in a received email

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. 
start

CloseProcesses:

(Pokki) C:\Users\L\AppData\Local\Pokki\Engine\HostAppService.exe
(Pokki) C:\Users\L\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe
(Pokki) C:\Users\L\AppData\Local\Pokki\Engine\HostAppService.exe
(Pokki) C:\Users\L\AppData\Local\Pokki\Engine\StartMenuIndexer.exe
HKU\S-1-5-21-3111617019-1482112788-3391721557-1001\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
HKU\S-1-5-21-3111617019-1482112788-3391721557-1001\...\RunOnce: [Application Restart #1] => C:\Users\L\AppData\Local\Pokki\Engine\HostAppService.exe [7846216 2015-02-01] (Pokki)
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR HKLM-x32\...\Chrome\Extension: [lpdfbkehegfmedglgemnhbnpmfmioggj] - No Path
C:\Users\L\AppData\Local\Pokki
C:\Users\L\AppData\Local\Temp\1_flashplayer.exe
C:\Users\L\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp63qnje.dll
C:\Users\L\AppData\Local\Temp\InstHelper.exe
C:\Users\L\AppData\Local\Temp\oct4247.tmp.exe
C:\Users\L\AppData\Local\Temp\oct5D8A.tmp.exe
C:\Users\L\AppData\Local\Temp\octAF2F.tmp.exe
C:\Users\L\AppData\Local\Temp\octB213.tmp.exe
C:\Users\L\AppData\Local\Temp\octBE95.tmp.exe
C:\Users\L\AppData\Local\Temp\ose00000.exe

End
Save the files as fixlist.txt into the same folder as FRSTRun FRST and click Fix only once and wait.Restart the computer normally to reset the registry.The tool will create a log (Fixlog.txt) please post it to your reply.===Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the Report button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).===How is the computer running now?

Read other 7 answers
RELEVANCY SCORE 102.8

I can't do the DDS logs - I'm getting a message that says Your Current Security Settings Do Not Allow This File To Be Downloaded   and I think that has everything to do with the Worm I think we have on the network.
 
I've spent the last couple of days trying to figure out what's going on w/my laptop and PC.  They've been slow, erratic, tons of security messages, etc.  I've narrowed it down to this WhatsApp fake email I opened 2 days ago on the PC.  Since then, both computers have taken on a mind of their own and just about made me lose MY mind!!  I finally got Emsisoft to scan on the Laptop this afternoon, and it found 14 threats.  I'll copy the log at the bottom of this post.  I just checked the PC again.  I can't get online anymore, I can't get Emsisoft to scan, I can't get MBAM to scan.  There is an alert on the screen referring to a threat:  Email-Worm.JS.Gigger and it states where the attack is coming from - should I post that url here?
 
Please help me! Thank you!
 
Emsisoft Anti-Malware - Version 9.0
quarantine log
Date Source Action Detection
10/28/2014 2:52:15 PM C:\ProgramData\datamngr Moved to quarantine Application.AppInstall (A)
10/28/2014 2:51:56 PM C:\Program Files (x86)\coupons File locked, removal on reboot Application.AppInstall (A)
10/28/2014 2:51:56 PM C:\Windows\couponprinter.ocx Moved to quarantine Application.AdCoup (A)
10/28... Read more

A:Worm From WhatsApp Fake Email Infected My Network

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/553709 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 2 answers
RELEVANCY SCORE 95.6

I received an email saying I had a new reply to a thread I had started.
 
But when I came to the site, there was no new reply.
When I read the text of the messge, it was nothing but a line from a dictionary.
 
It seems the purpose of the email was to get me to click on the link, to facilitate someone hacking into my system.
 
Someone here undoubtedly knows more about this than I.
Maybe you can suggest a fix:
Wiping the HDD with DBAN?
and reinstalling?
 
I have a screenshot of the message if there is a way to post it.

A:Fake Bleeping Email Received

If you wish to attach the screenshot simply use the "More Reply Options" button at the lower left of the compose area and the full featured compose will come up.  There is an attachment option and you can choose, once the image is attached, to add it to your actual post via a link.
 
I suspect I know what thread this might have been from and if I'm correct the notification you got wasn't fake, but was for someone who was banned as a spammer before you ever saw the notification and, thus, the original post with the dictionary definition had been removed.  There would then be nothing to click-through to after the removal, but we can't reach out into someone's e-mail inbox to remove previously received notifications.
 

Read other 14 answers
RELEVANCY SCORE 94

http://asurein.com/wp-content/plugins/akismet/nba.php?pmifco812ukq
 
Can clicking links like this give me viruses?  It did not look like anything downloaded and installed, after I foolishly clicked it.  But it took me to a "work from home" type of seminar site when I clicked it, which looked pretty phishy...
 
Can somebody educate me a bit or point me to something i should read?  ps I ran my Microsoft Security Essentials and it didn't find anything.
 
Thank you much in advance.

A:I received this link in email and it went to my spam

Looks like it was just spam in this case. . . I checked out the link. . . no malicious action. So you ought to be fine; you don't need to do anything special in this case.Would recommend being more careful in the future though.

Read other 2 answers
RELEVANCY SCORE 93.6

I have a Vista Dell xps M1530. I receiced an email to my yahoo account from fake amazon saing my order was successfullycancelled. I clicked on link and realized iit was a scam since it took me to fake ad site. I did a MBAM and spyscan. No malware was found but the spware found and quaranteened several things. Today when I went to boot up, I get the Dell splash open sceen but it goes to the black "failed to start screen". When I try to open with any of the options, it just goes to black screen. I got a blue screen with white writing but it clicked off fast I ried to do a factory restore from the f12 screen but would not advance forward. Tried using the restore disc where you click f12 to open the cd disc, but all it did was say "loading files" and then nothng else.
Any help would be greatly appreciated. Know you guys are probably swamped.
:-)

A:Clicked on Link in fake email from fake Amazon. Wont boot up!

sorry for typos, i am typing with two fingers from my tablet

Read other 78 answers
RELEVANCY SCORE 92

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz, Intel64 Family 6 Model 23 Stepping 10
Processor Count: 2
RAM: 4061 Mb
Graphics Card: Mobile Intel(R) 4 Series Express Chipset Family, 1806 Mb
Hard Drives: C: Total - 461940 MB, Free - 415889 MB; D: Total - 953835 MB, Free - 953323 MB;
Motherboard: ASUSTeK Computer Inc., K60IJ
Antivirus: Kaspersky Anti-Virus, Updated and Enabled

Did not have this problem until several weeks ago.
Each time attempt to access a link, receive the following dialogue box: "This file does not have a program associated with it for performing this action. Please install a program, or, if one is already installed, create an association in the Default Programs control panel." Am using Windows Live Mail 2011, version 15.4.3555.0308. Have checked Windows Update (current) and run Windows Live Essentials 2011 repair. Also, under Windows Live Mail, made the application the default mail handler. None of these actions resolved the problem. Can access same emails through Roadrunner, a Time Warner (my internet provider) system, and am able to utilize the web links within that system. Please advise.
 

Read other answers
RELEVANCY SCORE 90.8

How can I active a link received in a message in Outlook express by double clicking, without having to copy and paste to the explorer address box?
 

A:Activate internet link received in Outlook Express email

Read other 6 answers
RELEVANCY SCORE 84.4

Hello,

I work for an investment company and by law ALL emails sent and received, must be read and initialed by me daily. Currently I am having to get all the emails from each individual in the office. Thank goodness its a small office of 4 or this might take much longer than it currently does. Is there any way that I could set something up so that all emails incoming and outgoing, from all individuals in the office, could be sent to my account? Any help on this would be greatly appreciated!

Thanks
 

A:receiving both sent and received email from the office on one email account

You could have email rules set up on each account that auto forwards a copy of both incoming and outgoing to your account.
 

Read other 3 answers
RELEVANCY SCORE 84.4

We currently use aPlus to host our website and provide email services. For the past few months, we have been experiencing problems where we will send email (via Outlook) and everything looked good on our end only to find out the recipient did not receive the email. aPlus kept asking for the email header and I kept telling them sent mails don't have headers.

Has any one experience such a problem? This is causing us major problems.

Since they are so unresponsive, can someone recommend a web/email service provider?
 

A:Email not being received or need help finding a new Email Service Provider

Read other 10 answers
RELEVANCY SCORE 84.4

I have had my Stream since Oct. To receive email I would open and then minimize and do some web surfing and then come back to check inbox. I haven't checked my email since early Jan. on the Stream.  Today I checked email. There is no email since I last checked in early Jan. Even the email still on my desktop are not here.  Thank you for the help.

Read other answers
RELEVANCY SCORE 79.6

Within the last 48 hours, 3 customers and 1 employee of our company have received emails that mimic our E-commerce transaction receipt email very closely. The email is off very slightly but there's an attachment - extension ending is .MHT. The only thing these 4 individuals have in common that I know of is our company.
 
Has anyone seen this sort of email behavior recently and any ideas where to dig to root it out? I'm quite sure it's either malware, ransomware, or a phishing attempt.
 
Thanks in advance for any help.

A:Fake Email to Customers Mimicking Email from our Company

Have you submitted the file to VirusTotal? If so, can you share the link here?

Read other 3 answers
RELEVANCY SCORE 78.4

Hi.
The other day, a friend contacted me with a problem; here is what she said:
 
I received an email this morning from people I know in the village and it turned out to be a message from yahoo app mail
saying if I couldn't open it  put it in my in box.  I left it alone and within a very short space of time I received many many undeliverable notifications.
However I also received a couple of people saying they had received this mail from me and was it OK?
Obviously it's not as its used my address book.
Have you heard of it, and what is it doing.
 
She's on a W8.1 system using gmail through the Thunderbird client.
 
I ran a bunch of scans:
RKILL - nothing
MBAM - nothing (although it ran for 3-1/2 hours on a 500gig drive and seemed to stall, never finishing)
Superantispyware - cookies and leftover bits of search protect (old AVG toolbar)
ESET online scan - nothing much, just install files for ccleaner and a few other programs I had downloaded from C|NET, and leftover search protect entries.
 
I received this rogue email (says you have a WhatsApp voice mail) from her; I scanned the link address in the email with Virus Total and it had no detections.
 
She was using ZoneAlarm. When I got to the computer, ZoneAlarm was malfunctioning and would not update virus definitions, no matter what I did. I eventually uninstalled it and put Avast! AV Free on, and Malwarebytes with the 30-day trial. I also added CryptoPrevent. I then changed her password in ... Read more

A:Need Advice Please-Rogue WhatsApp voice email

From what you've mentioned Imo it's possible that your friends email account was hacked, and used to send out spam.
Email account password has already been changed which is good thinking.
 
1) I suggest your friend report the incident to Gmail and the local police.
2) Then please follow the notes and instructions in my next post.

Read other 12 answers
RELEVANCY SCORE 78.4

Hi BleepingComputer
 
This morning my mom received an email from what seemed to be from Whatsapp. It was something along the lines of "Someone you know sent you a picture..click here to open!" She is not tech savvy so she opened it, seconds before I told her not to...
 
Anyway, I told her that stuff is dangerous and could be some malware/virus etc. And I was right. My computer has been acting very strangely ever since, trying to open command prompt...minimizing every single thing I have....
 
I will tell you what I have done so far, bleeping. The knowledge I used in doing this was gained from Bleepincomputer a few years ago when I first asked for help here, I also learned many valuable experiences in dealing with viruses etc. So here ges:
 
 
 
 
I have restarted my computer, and went into safe mode. From there, I went to (user)->app data-> Roaming and deleted the crazy weird folders with random names like dejiju.exe, qesyzy.exe, etc. Now they are not present anymore, even though my computer is still acting strange.
 
Right now, as I type this post, I am running avast full scan, MBAM, SuperSAS, and ESET online scanner. Now I feel quite relaxed and calm, even though I can see some infections from those antivirus. That is, until I saw a win32/ramnit.H virus from ESET and I did some google research and I stumbled upon this.....
 
http://www.bleepingcomputer.com/forums/t/449347/please-help-ramnit-virus/
 
boopme, one of the ... Read more

A:Whatsapp email attachment virus and Ramnit.H

What action did Eset take ...can you post the log here please ?
 
 
 
 
Also....click on the "FOLLOW THIS TOPIC" button located on the right hand side towards the top of the page ....that will ensure that replies go to your in box immediately.

Read other 11 answers
RELEVANCY SCORE 78

Here is the problem: I have my email client (PocoMail) set as my default email client. It shows up as default client in the "Default Program section" in IE7.
When I click on a email link, whether it's in another program or on a website, my email client doesn't open the compose window with the address entered BUT IE7 starts and opens about 80 windows which need to be killed with Task Manager. By the way, this has nothing to do with PocoMail because it also happens when Thunderbird is set as default.

I am stumped. Any ideas?

Thanks,
Mentallo

A:Opening Email Client Via Email Link Problem

Has this been resolved?

you could try the following : START RUN type : regsrvr32 urlmon

Read other 1 answers
RELEVANCY SCORE 78

I've been running XP for some years and recently set up Win 7 on a new SSD. In XP and using Opera browser, if I clicked on an web page's email link, my email client (Sylpheed) would open with the address inserted. With Win 7 and the email defaults set, it won't. Instead, it always returns an "Internal communication error" page (example link: Contact Us | PCWorld). Any ideas what else to try? Thanks,

Below are screenshots of my Win 7 email defaults and Opera preferences setting. One thing I'm not sure about, if it's at all relevant, is where Opera is picking up the default application from. In XP, it picked up Opera email as the default. The Other Application file location shown is exactly the same in both, except for the drive letter.

A:Email settings not recognized when using web page email link

In the middle picture of your post it shows the normal way the window opens with "use my current...". Now select your choice "Opera Next" for browser and email, "ok" out. That should fix it, hopefully.

Read other 9 answers
RELEVANCY SCORE 78

Using XP, IE6, Incredimail. When I click on an email link, it doesn't open my email, it just sends an email immediatly.
 

Read other answers
RELEVANCY SCORE 73.6

I am using MS Office 2000 Proefessional, all current with updates, on Windows XP (also 100% current).

The problem: some type of malware, virus, etc. that removes what I send and replaces it with a completely different email. generally is has to do with male enhancement and a link is provided (never tried the link....)

Here's the kicker, most of the time the emails I send are fine, this appears to be some kind of random problem.

I have a current version of Panda AV running, Ad Aware Se (all current), and the Windows Firewall is turned on.

Also, I did have a problem getting "blacklisted" on XBL, but never PBL or SPL.

I assume I have some type of exploit malware but cannot seem to get rid of it.

Help!!
 

A:email received is not email sent!

Hi, Welcome to TSG!!
Click here to download HJTInstall.exe

Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

 

Read other 1 answers
RELEVANCY SCORE 71.6

Has anyone else here received this email?

From: DRAM Settlement Administrator
Sent: ‎6/‎11/‎2014 12:04 PM
To: [email protected]
Subject: DRAM Antitrust Litigation
Thank you for filing a Claim Form in the DRAM Antitrust Litigation. Your friends, family, and co-workers can also get up to $25, $50 or more if they bought a computer, printer, video game console or other electronic device between 1998 and 2002. Please tell them to file a claim at www.DRAMclaims.com. As you know, it is easy and takes only about 5 minutes.
The deadline for filing a claim is August 1, 2014 and we want to ensure that everyone gets a chance to participate in the settlement. If you have questions or want more information, please contact the Claims Administrator toll-free at 1-800-589-1425.
Thank you,
Claims Administrator
DRAM Indirect Settlements
P.O. Box 8097
Faribault, MN 55021-9497
Email: [email protected]
Toll-Free: 1-800-589-1425

A:Has anyone else here received this email?

Not that particular one , but I get about a dozen similar ones for various 'accident claim' , 'court action' , 'domain registration complaint' emails every month....

Read other 5 answers
RELEVANCY SCORE 70.8

I use Mozilla Thunderbird as my email client with my gmail addresses. How do I get to know when the emails I send are opened at the receiving end. Any options in Thunderbird or any add-on software available?

Read other answers
RELEVANCY SCORE 70.8

Can anyone explain why I would have judt received, on 10/3/06, an email that says it is dated 9/2/06? I have not opened it cause it looks to be similar to those that I receive in my Bulk Folder. In the inbox it shows the Sender, recipient, and date sent. That is where it says 9/2/06. I didn't bother to keep it so I can not tell what it says inside, nor do I really want to take that chance. Thanks
 

A:Just received email dated 9/2/06

It could be that the date is set incorrectly (back by one month maybe) on the sender's computer. I just set my date back by one month and sent myself an e-mail using Outlook 2003. I just checked the account that I sent it to and the test message is shown as being sent on September 3, 2006.

EDIT: I have also received SPAM that was sent a few years into the future. I suspect that in that case the spammers were trying to make sure that their message appeared at the top of my inbox list.
 

Read other 1 answers
RELEVANCY SCORE 70.8

Has to have been from my personal address book info.

I am unsure of what to do.

The email is from someomne using a contacts info trying to get me to send them money in Spain. The return email is from the persons yahoo account, but I looked in the properties and found an IP that Fast IP Search says is Nigeria. I didn't figure that it was legit anyway.

Now what? Whomever was in my machine before the reinstall I just did has my email contacts info. Does that mean they can just access my email when they like?
I guess I should change the passwords on the ISP sight to be safe.
 

A:Just got all fixed then received an email that..

Read other 10 answers
RELEVANCY SCORE 70.8

Whenever I receive emails that include a link, I have to copy and paste it into browser. If the link is a "click here", I simply cannot access it. The banner above the email turns dark blue, but no link. Any suggestions would be greatly appreciated.
 

A:cannot use links in received email

Start/Run, and type: REGSVR32 URLMON.DLL Then open IE, Tools menu, Options, Program Tab, and click the "Reset Web Settings" button.

joan
 

Read other 1 answers
RELEVANCY SCORE 70.8

We use a third party to send emails for our customers who are signed up for paperless billing. We send an email out to new customers, the customer confirmed he got the email then changed the email address on his account. We sent a new confirmation to the new email address, which the customer got and confirmed. All of this was on 6/17. THEN...on 6/20 we got a bounced email notification that the original email confirmation we sent was not deliverable-how do we get a bounce notice 3 days after they confirmed they got the email?...Our third party vendor doesn't have any clues.
TIA,
Marge
 

A:Email received then bounced? How?

Can you copy and paste the message that your got?
 

Read other 1 answers
RELEVANCY SCORE 70.8

Operating system: Windows XP. Email Client: Outlook Express 6. I recently received a "junk" email that when I try to delete it produces a pop up message that says " this email cannot be deleted". Even my limited knowlege tells me this not a good thing, what can do to to get rid of this unwanted email and more worrisome is what it brought with it? Any help will be very much appreciated. Thank you.
 

A:Received email will NOT delete

Read other 6 answers
RELEVANCY SCORE 70.8

I have received an email today which has an attatchment, I have not opened it for obvious reasons but on clicking on it to see what it was it seems to be some sort of update that they wish me to install. The email has come from [email protected] and I have never sent any emails from my computer to these people, I dont even know who they are.
I have googled their address and it takes me to some foreign page which I cant understand although there are bits of english thrown inbetween the foreign words. Can someone please take a look at the email below and let me know what they think. Is this a virus??

Mail server report.

Our firewall determined the e-mails containing worm copies are being sent from your computer.

Nowadays it happens from many computers, because this is a new virus type (Network Worms).
Using the new bug in the Windows, these viruses infect the computer unnoticeably.
After the penetrating into the computer the virus harvests all the e-mail addresses and sends the copies of itself to these e-mail
addresses

Please install updates for worm elimination and your computer restoring.

Best regards,
Customers support service

Many thanks anais
 

A:Email received Is this a virus???

Read other 15 answers
RELEVANCY SCORE 70.8

Its has attached itself to my contact list and people are getting ads saying its from me and its not. and sometimes my computer screen go blank and then go to the site?
I completed the ark.txt and the dds and zip compressed the files. Awaiting further instructions. Thank you.

A:Received Virus through email

Hello, edukame2003
Welcome to TSF

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:In the meantime, please refrain from making any changes to your computer.
Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
Finally, please reply using the button in the lower left hand corner of your screen.
Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" .

This time, please make sure you have the DDS.TXT in your post lol :P

We need to run a Scan with DDSPlease download DDS, and save it to your desktop, from one of the following mirrors:This is a mirror
This is another mirror

Disable any type of "Scr... Read more

Read other 2 answers
RELEVANCY SCORE 70.8

Symantec Email Proxy deleted the following email message:

From: "Woodrow Bolton" <[email protected]>
To: I DELETED THIS ADDRESS. IT WAS A ONE I ONCE THOUGHT ABOUT USING.
Subject: Re: blathering, there'll be a

I received this into one of my mail accounts a couple of days ago. I have never seen such an interception by Nortons; nor any other antivirus software. I am running NIS 2002 with NAV.
Any thoughts from anyone about it? Maybe I should let 188mail.com know that one of it's users is doing "something" but I haven't and probably won't.
 

Read other answers
RELEVANCY SCORE 70.8

I am using Windows 10 and 2016 MS Outlook email. When I receive a message that contains web site link, all I receive is a small box with a red X telling me to download a picture or web site by right clicking the box. My Gmail screen just allows the picture to appear. How can I fix this?
Thanks Merry Christmas
 

Read other answers
RELEVANCY SCORE 70.8

Hi, I am not sure if this is where I should post?
I received an email from a friend which contained an attachment and when I click on it to open it, I get the following error:

"The file does not have a program associated with it for performing the action. Create an association in the folder options CP.""

I don't understand the message nor do I know where the folder options CP is nor do I know what "program" I should be creating to read the attachment". It is simply a pic with some prose.

I would appreciate comments, thankyou.

A:Received Email From Friend

It's telling you that it doesn't know which program, to open the attachment, with.
What is the file type, of the attachment (doc, txt, jpg, etc.)?

Read other 15 answers
RELEVANCY SCORE 70.8

I have a problem with one (supplier) contact. He is unable to read any Email coming from me as "it is encoded gibberish". All he can read is my Email address to know it is me sending.

I do not have a problem with any other contact. I receive and send many Emails a day. I have sent mail to him from two differing computers located 70 miles apart using two differing OS, two different EMail clients and two differing ISPs. ALL fail. His business uses AOL.com. Even his website contact form fails in the same way, he gets an unreadable message. He says no other customers/contacts have the same trouble. This has been going on for months now.

Any (polite!) thoughts on what it might be and how to re-establish EMail communication please?
 

A:Email corrupt when received

If you are sending mail as HTML try Plain Text instead. If you are using Thunderbird: Tools - Options - Composition - Send Options... - select Send messages as plain text if possible - and add AOL.com (or his specific address) to the Plain Text Domains section.
 

Read other 1 answers
RELEVANCY SCORE 70.8

When I send an email to one recipient it is not received.

When I send one to myself it is received.

When I send one to another recipient it is received. The reply comes back as spam

Can someone please help

A:Email sent to one recipient not being received

Welcome
The ISP of your friend has decided that your email ( the email provider, not you) sends too much spam, it is being blocked by your friends ISP. You can TRY to overcome the problem, by your friend putting your addy in the safe mail designation.

Read other 8 answers
RELEVANCY SCORE 70

Hi all,

I recently upgraded my mobile phone to a Motorola Atrix, and, although it's a very good phone, it has a tendency to high-jack my emails!

What I mean is, basically when I get an email sent to me and don't have Windows Live Mail open, then the mail goes to my phone - due to the nature of the phone being permanently online. Then when I do open my Live Mail it doesn't receive those emails as they've already been sent once all be it to a different device.

Of course I can access these mails from my ISP's website (virgin), but it's a little inconvenient.

I know I could just delete my email account from my phone, but it does come in handy when away from the PC so I'd rather not.

Is there a setting were I can get the mails sent to each device, regardless of which one gets it first?

Cheers

A:[SOLVED] Email only received on 1 device!

Leave the Emails on the Server

Read other 4 answers
RELEVANCY SCORE 70

Ok, here we go. I am a volunteer firefighter that we are starting to use a website called i am responding. We have to have the pc that runs it in our office and a large tv in our engine room to show the display. We have it set to a screensaver to prevent the screen from being burned in. We have the ability to have the i am responding website send an email to any address when we get a fire call. I was wondering if there was any extension or add on that would be able to wake the system from the screensaver when an email is received? I would be able to setup a gmail account really easy. I know this sounds like such a simple task, but i am having such problems trying to find how to do this. Any help would be greatly appreciated. Thanks

A:Wake from screensaver when email is received???

What you would probably want to do is look for some kind of program that checks an email account, and will then pop up some big obnoxious dialog box that should kick the screensaver out.

Another option might be to see if there are any screensavers which will actually integrate this mail checking functionality. So something similar to the marquee or floating clock screensavers, it shows maybe the subject and sender of any messages, or even just a "You have X messages" message. I would also look for a program that can provide a repeating audio alert to new messages.

Read other 2 answers
RELEVANCY SCORE 70

We have had an ongoing problem with our email account. We seem to "lose" incoming and outgoing email. When we did a test and sent 5 emails to 10 people using various email (eg. Outlook, yahoo, hotmail, etc) 32% of them were not received, or the replies were not received by us. This is causing many problems as we rely on our email for important communication at times.

We are using Windows 98 Second Edition, IE 5.5, Outlook Express, and have 2 computers networked with wireless networking.
 

A:Email not transmitted or received at times

You can repair IE or try another email client to isolate the problem .

Try choice 2 .

http://www.windows-help.net/windows98/ie50-11.shtml
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q194177
W95 you have 3 choices . With W98 , if you have IE5.1 or higher & you
still have IE4 installed the following applies . No IE4 only 2 choices .
IE5.5 if over the top of 5.1 , offers 3 choices .

You can install IE5.1 straight over 4 . A big feature with IE5 is that
it can be repaired without uninstalling . Here is how to do it . Open
Control Panel , Add / Remove , click on Microsoft Internet Explorer ,
then click on add / remove down the bottom . This opens a window with
3 choices .

Choice 1. Add , insert your IE5 install program & you can find other
items you may not have installed 1st time .

Choice 2. Repair , fixes problems that may crop up with IE5 / Outlook

Choice 3. If unfixable , removes IE5 & goes back to IE4 , now if you
want to you can reinstall IE5 or a later version or another browser
altogether .

No Microsoft Internet Explorer in Control Panel !
http://www.windows-help.net/windows98/ie50-11.shtml
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q194177
Start > Run , key in msinfo32 and press Enter . Click on Tools > IE Repair Tool or Start >
Programs > Accessories > System Tools > System Information . Click on Tools > IE Repair Tool .

Internet Explorer Repair tool from a command prompt:
http://www.windows-hel... Read more

Read other 1 answers
RELEVANCY SCORE 70

Whenever I receive an email with a link it doesn't work. I can click on it all day and nothing happens. I'm using MS Outlook w/ WinME. I've also switched to OE and the same thing happens. This is for every email I receive and I receive a lot. Thanks!!
 

A:Links in my received email don't work!!

Read other 6 answers
RELEVANCY SCORE 70

Hi all,

Just hoping to be pointed in the right direction with an issue I have when receiving some email in Outlook.

Every now and then I will receive an email that does not show a sender, subject or sent time. The body of the email with show, but below a bunch of code? See below

------=_NextPart_000_001E_01CC6956.A0312120
Content-Type: multipart/related;
boundary="----=_NextPart_001_001F_01CC6956.A0312120"
------=_NextPart_001_001F_01CC6956.A0312120
Content-Type: multipart/alternative;
boundary="----=_NextPart_002_0020_01CC6956.A0312120"
------=_NextPart_002_0020_01CC6956.A0312120
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit

​After the email body, where say either an image that the sender has put in the email or an image that the signature includes, a huge amount of html code followed by a massive amount of letters, numbers and symbols appears.

Not sure if anyone would be able to provide a fix, cause it is pretty hard to describe the issue. But is there a way of perhaps testing if this is an outlook related/the PC used related problem or if this is an issue i need to take up with my domain email provider.

Thanks
 

Read other answers
RELEVANCY SCORE 70

I have received a photo from a friend as an attatchment in Microsoft Outlook...............Can you tell me how I can use my Photoshop CS to work on the photo???..........at the moment, I dont know how to transfer it so I can work on it. thanks.
I have windows XP.
 

A:photo's received in email (MOutlook)

Right click on the attachment and choose 'Save As..'.
Save it to a folder (my pictures).
Run your Photoshop, File Open.. Browse to my pictures and select the file to open it.

 

Read other 2 answers
RELEVANCY SCORE 70

Hi, I received this email in my AOL mailbox today. Don't know who it's from, or what it's purpose is. I did see it contained my screen password, which I promptly changed after reading the email. Could someone please tell me what this email is all about--I am not smart when it comes to malicious intent, but I think it must be involved somewhat in this email. What harm can opening that email cause? I am ok, since I changed my password? Do I need to change the password on all my AOL screen names? Also, I 've heard about firewalls, but don't know much about them, do I need to install something like this? Could anyone recommend a free one? I don't want to open the email again to post it here, but it says something like this:

To:
Subject: Your Requested Information
From: AOL Instant Messenger <[email protected]>
This is an automatically-generated response from the AOL Instant
Messenger(SM)
service. The information you requested is "xxxxx".

Did you know that you can use your AIM(SM) service screen name to sign onto other great AOL Web Products?

Thank you, I apreciate the assistance!
 

A:Email received--malicious intent?

HI Narnie

Looks innocent enough to me - did you forget your password or something and ask them to send it to you ?

If you are worried about a possible virus - do an on-line scan Here :-

http://www.pandasoftware.com/activescan/

or here :-

http://housecall.trendmicro.com/

You do need a firewall - Zonealarm is popular and easy to use

http://www.free-firewall.org/

steam
 

Read other 3 answers
RELEVANCY SCORE 70

I right click, get the drop down menu, click on "Email picture . . . " What I get is a message box with the following, "There is no email program associated to perform the requested action." So when I go to defaults program control there are email programs listed. I installed gmail notifier thinking thhat would help but it did not.

So, I'm betting this is an easy fix and not worth the frustration. My intuition isn"t working today, please help!

A:Trying to send an image from a received email.

Download the image, save it to your computer...compose new email, attach image? Maybe I am missing something?

Read other 4 answers
RELEVANCY SCORE 70

Some how I have a box checked to notify me when my emails are read. how do I turn it off.
 

A:turn off 'notify when email has been received'

OE tools/options/receipts, untick requiest a read receipt for sent mail
 

Read other 1 answers
RELEVANCY SCORE 70

Hi,

I am trying to ascertain the identity of a virus perpetrator. The individual sent an email message that contained a virus. I have been receiving these messages almost daily.

Assumably it's difficult to ascertain the culprit. Any help is appreciated.

Sincerely, Joe

******************

Here's info I received from MICROSOFT OUTLOOK ( please note that even though the originating address claims to be [email protected].. it is not)>>>

Return-Path: <[email protected]>
Delivery-Date: Thu, 10 Nov 2005 15:49:29 -0500
Received: from [70.106.80.83] (helo=lift985.com)
by mx.perfora.net (node=mxus0) with ESMTP (Nemesis),
id 0MKuxu-1EaJMG3wmd-0004lY for [email protected]; Thu, 10 Nov 2005 15:49:29 -0500
From: [email protected]
To: [email protected]
Subject: You have successfully updated your password
Date: Thu, 10 Nov 2005 14:49:18 -0600
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0011_BD00C201.42C50F90"
X-Priority: 3
X-MSMail-Priority: Normal
Message-ID: <[email protected]>
X-RBL-Warning: warn.bl.perfora.net says: Dynamic IP Addresses See: http://www.sorbs.net/lookup.shtml?70.106.80.83
Envelope-To: [email protected]

This is a multi-part message in MIME format.

------=_NextPart_000_0011_BD00C201.42C50F90
Content-Type: text/html;
charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
 

A:virus received in EMAIL message.. help

Trying to actually identify the person sending the viruses is more trouble than it's worth. My guess its that it is nobody that you know. Any time you receive a message like that "your password has been changed successfully" you have to be suspicios and DO NOT open the attachment. Are you actually infected? Do you have an active virus scanner running that is failing to detect that these messages contain a virus?

If you don't have a virus scanner running...get one immediately. There are several free ones available that are very effective. If you want to go the free route, I would recommend AVG from Grisoft. It is very effective...and best of all it's free!
 

Read other 1 answers
RELEVANCY SCORE 70

I am new to this computer and windows 10. I am trying to use as WALLPAPER a picture I received in an email but i cannot even save it.
A right click only gives me the COPY option.

A:Cannot download a picture received in an email

Which E-Mail program? Do you have an option to save an attachment? Does the Copy allow you to select a location where you can Paste it? Or is it just copying the image for the paste into a program such as Paint [Start, All Apps, W, Windows Accessories] which then would allow saving.

Read other 1 answers
RELEVANCY SCORE 70

i have a client,s computer with windows xp and office 2003 she is facing promblem in using outlook as she has bellsouth.net
account i configured the setting for pop3 but still she is not able as it is not taken username and password

 

A:Solved: outlook email not sent or received

Double check your settings. From the BellSouth email support page: http://www.support.com/email/isp/bellsouth

How Do I Set Up My BellSouth Account On An Email Client?

You can set up your BellSouth account on any Email client, such as Microsoft Office Outlook, Outlook Express, Thunderbird, Apple Mail, and so on. Use the following information to set up the account:
Email address: [email protected]
Incoming mail server (POP3): pop.att.yahoo.com
Incoming mail server SSL: enabled
Incoming mail port: 995
Outgoing mail server (SMTP): smtp.att.yahoo.com
Outgoing mail server SSL: enabled
Outgoing mail port: 465
Username: your username
Password: your password
For further assistance, simply call 1-800-PC-Support and a Personal Technology Expert® will setup your BellSouth account for you.
Hope it helps!
 

Read other 2 answers
RELEVANCY SCORE 70

received an email today.

i did NOT open it. it had no sender name ,nor did it have a subject. (using a yahoo email account).

i'm assuming strongly its a virus email and will be deleting it away,without opening it.
does it sound like a virus email? if ur familar with yahoo mail,its very usual for a a email to arrive without a sender's name.
also, do i notifie yahoo at all?
thanks,sharky
 

A:received a suspecious email today

Read other 14 answers
RELEVANCY SCORE 70

In the last two/three weeks emails sent from my Aol to Ntlworld addresses have not been received. The Aol address book appears to have been corrupted. In the address of the recipient between n and t of ntlworld a non-printed character has been inserted but I'm unable to find out what it is. This may account for the non-delivery but the mail has not bounced and so I was unaware of the non-delivery until just a couple of days ago. I'm also not sure if only Ntlworld accounts are involved. Suspiciously just recently most of my saved email was deleted and I had to sift through the recently deleted email and manually restore the important stuff. This happened twice. My virus checker (Microsoft Security Essentials) didn't find any viruses. This may be unrelated to the current problem. I'm beginning to think that I must have a virus or something rather than it being an AOL or Ntlworld problem. Has anyone any ideas?

Read other answers
RELEVANCY SCORE 70

Hello,
I was delighted to receive an email this morning from my dear niece, which had a link (www.wagnershredder.at/blankbath/markmoreSL/). I clicked on it without thinking twice, and it was a bad site. Well, not really sure what the site was, because I hit control-alt-delete too quick to know. When I pulled mozilla back up it still had the same site on, which I saw long enough to see a message saying I've been infected and need to try some sort of product to remove it, but I got out just as quickly. I proceeded to run a battery of antivirus and such software (Auslogics, CCleaner, Glary Utilities, Malwarebytes, Spyware Blaster, SuperAntiSpyware Free, Spybot, gmer, and Hijack This. The scans revealed very little Super Anti showed tracking cookies, Glary had Infected Registry Cleaner (159 problems) and Temp File Cleaner (8.87 problem), and that was about it. I can tell my computer is running slower, and if I'm typing an email on my yahoo, every now and then I can type and it takes a minute for the words to show up. This has happened in a previous infection. Other than than I have no problems, but I'm trying to make sure I'm not missing anything. I'm grateful for whatever you may be able to lend.

A:Received and Opened Infected email

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

Read other 9 answers