Solved Error mesaage that I have an unsafe Gmail login

Custom / CUSTOM
June 7, 2015 at 08:21:20
Specs: Windows 7, IntelQuadcore 2.8 GHz
On my lenovo G50 series laptop, with win 8.1 64bit, I receive an message when I want to log into my GMail account "your connection is not private" "attackers might be trying......." What is wrong and how do I correct it ?

Thanks for the help


See More: Error mesaage that I have an unsafe Gmail login

Report •

✔ Best Answer
June 7, 2015 at 15:52:50
It is impossible to know what is going on in your computer, without viewing the logs. Copy and Paste the contents of the log/logs after running each program please.


#1
June 7, 2015 at 09:06:16
Does this "message" come with a suggestion on how to fix the alleged problem?

Meanwhile... Download and run:

malwarebytes:

http://filehippo.com/download_malwa...

adwcleaner:

http://www.bleepingcomputer.com/dow...

Junkware Removal Tool (JRT)

http://www.bleepingcomputer.com/dow...

Install each of the above using the manual or custom mode - NOT the automatic mode.

Carefully note each pre-checked box and uncheck everything other than the actual utility itself. Install 'only" the actual utility. Using the automatic option means you will install a load of stuff you don't need or want; and on occasion some of it a real PAI to get rid of... "Always" use the manual option for software downloaded from the web...

Kaspersky Rescue Disk:

http://support.kaspersky.com/viruse...

http://support.kaspersky.co.uk/4162

http://support.kaspersky.co.uk/8092

http://tinyurl.com/373ojxb - this is complete how to guide from another site - re' using Kaspersky; useful to read...

Download/burn the ISO to a DVD boot with the DVD. It will load a Linux based system into RAM only; then it goes online to update itself. After-which it will scan the hard drive fully and deal with anything it finds. There are pests that hide within windows when it's booted up and not easily removed by utilities running within windows. Kaspersky (and others similar) handle those "rather well" as it is not a windows based utility.

All of the above are free; safe to use; regularly recommended here. Retain any logs generated - just incase of need anon...

message edited by trvlr


Report •

#2
June 7, 2015 at 11:22:34
Just to add that the first three programs suggested in #1 are best run in this order:
ADWCleaner, Junkware Removal Tools, then MalwareBytes. This because ADW and JRT tackle browser malware first, which is the outer layer (where the malware usually gets in). MalwareBytes goes deeper down into the system.

Always pop back and let us know the outcome - thanks


Report •

#3
June 7, 2015 at 15:52:13
Useful tip from "Derek" - tak for that...

Report •

Related Solutions

#4
June 7, 2015 at 15:52:50
✔ Best Answer
It is impossible to know what is going on in your computer, without viewing the logs. Copy and Paste the contents of the log/logs after running each program please.

Report •

#5
June 7, 2015 at 18:01:39
GMail starts to block less secure apps - http://www.ghacks.net/2014/07/21/gm...

i_Xp/Vista/W7User


Report •

#6
June 8, 2015 at 04:02:47
Thank you trvlr. Ran the three suggested programs but in the order JRT, Malwarebytes trial version and last ADWCleaner and received the following logs:

Junkware Removal Tool (JRT) by Thisisu
Version: 6.8.9 (06.06.2015:1)
OS: Windows 8.1 x64
Ran by Willem on 07.06.2015 at 21:14:48,17

Services

Successfully stopped: [Service] bdsandbox
Successfully deleted: [Service] bdsandbox

Tasks

Successfully deleted: [Task] C:\windows\system32\tasks\SmartDefrag4_Startup
Successfully deleted: [Task] C:\windows\system32\tasks\Uninstaller_SkipUac_Willem
Successfully deleted: [Task] C:\windows\tasks\Uninstaller_SkipUac_Willem.job

Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_06D8D265122815681BEAC933F95514A2

Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{2A965DDC-C64C-4562-862B-5EE487A7DEFC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A965DDC-C64C-4562-862B-5EE487A7DEFC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{2A965DDC-C64C-4562-862B-5EE487A7DEFC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}

Files

Successfully deleted: [File] C:\windows\system32\drivers\bdsandbox.sys
Successfully deleted: [File] C:\Users\Willem\AppData\Roaming\microsoft\internet explorer\quick launch\goodgame empire.lnk
Successfully deleted: [File] C:\Users\Willem\AppData\Roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\goodgame empire.lnk

Folders

Successfully deleted: [Folder] C:\ProgramData\productdata
Successfully deleted: [Folder] C:\Users\Willem\AppData\Roaming\productdata
Successfully deleted: [Folder] C:\windows\syswow64\ai_recyclebin

FireFox

Successfully deleted the following from C:\Users\Willem\AppData\Roaming\mozilla\firefox\profiles\9p7cprcw.default\prefs.js

user_pref(extensions.iobitascsurfingprotection@iobit.com.install-event-fired, true);

Chrome

[C:\Users\Willem\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Willem\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Willem\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Willem\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:

Scan was completed on 07.06.2015 at 21:21:24,52
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Unfortunately I had not read the David's and JohnW's posting, so I ran Malwarebytes and cleared what it found. There were a great number of PUPs.

The ADWCleaner provided the following result:

# AdwCleaner v4.206 - Logfile created 08/06/2015 at 08:55:56
# Updated 01/06/2015 by Xplode
# Database : 2015-06-05.1 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Willem - WILLEMLAPTOP
# Running from : C:\Users\Willem\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\pokki
Folder Deleted : C:\Program Files (x86)\PriceSparrow
Folder Deleted : C:\Users\Willem\AppData\Local\pokki
Folder Deleted : C:\Users\Willem\AppData\Local\Google\Chrome\User Data\Default\Extensions\ganlifbpkcplnldliibcbegplfmcfigp

***** [ Scheduled tasks ] *****

Task Deleted : pricesparrowSWU

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Classes\pokki
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]
Key Deleted : HKLM\SOFTWARE\Classes\pricesparrow.pricesparrowBHO
Key Deleted : HKLM\SOFTWARE\Classes\pricesparrow.pricesparrowBHO.1
Key Deleted : HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
Key Deleted : HKCU\Software\Classes\Directory\shell\pokki
Key Deleted : HKCU\Software\Classes\Drive\shell\pokki
Key Deleted : HKCU\Software\Classes\lnkfile\shell\pokki
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_04bb6df446330549a2cb8d67fbd1a745025b7bd1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_99756fe89aafd3fade551670cf14cf515b97eb54
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_Start_Menu
Key Deleted : HKCU\Software\Ciuvo
Key Deleted : HKCU\Software\OCS
Key Deleted : HKCU\Software\Pokki
Key Deleted : HKLM\SOFTWARE\VisualDiscovery
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v38.0.5 (x86 en-US)


-\\ Google Chrome v43.0.2357.81

[C:\Users\Willem\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : hxxp://search.conduit.com/?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP1151EEB4-F06E-4208-AB39-5E8A72976FB6&SSPV=
[C:\Users\Willem\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Startup_URLs] : 4FED505A9F8A7DDA62C15751DB6C60C3CF25B56E741B0CCBCB392BE2DCB51962"},"software_reporter":{"prompt_reason":"A2A0F5FF5E1916B7084CAB69D551D9845A08803B9510D41A7F354D43D8EAC795","prompt_seed":"D88238B4F494F5A0716839C405252969FB3340C701C7CBB8F0CC9D3C6469E7A2","prompt_version":"0E2B601C7D88D0ECEEE3A658CF93C8437D4BC6824AEB050B50B198A553181C67"},"sync":{"remaining_rollback_tries":"E25295405A9D36758D1844C0D03EB1926EC10A20742E650B5FD2B30F4FB8853F"}},"super_mac":"85AD53827F7414B677C12766F12F308CD58E6DB07D88387F7780E9764818B3BD"},"session":{"restore_on_startup":5,"startup_urls":["hxxp://search.conduit.com/?ctid=CT3306926&SearchSource=48&CUI=UN71537895711714268&UM=2&sspv=&UP=SP1151EEB4-F06E-4208-AB39-5E8A72976FB6

*************************

AdwCleaner[R0].txt - [3343 bytes] - [08/06/2015 08:12:06]
AdwCleaner[S0].txt - [3112 bytes] - [08/06/2015 08:55:56]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3171 bytes] ##########

After having done that my Chrome browser still gives problems with the message:

"Windows SmartScreen can't be reached right now. Check your Internet connection. Windows SmartScreen is unreachable and can't help you decide if this app is okay to run."

I have tried to find an advice how I can re-install/re-connect this SmartScreen, but found no solution. Un-installed Chrome and re-installed it, but still the problem persists

Thanks for any further suggestions


Report •

#7
June 8, 2015 at 04:04:34
See my reply to your advice

Report •

#8
June 8, 2015 at 06:26:44
"After having done that my Chrome browser still gives problems with the message"
We are on the right track, just a matter of dismantling the nasties bit by bit.

"After having done that my Chrome browser still gives problems with the message"
We will deal with this if it is still appearing, after I have finished the cleanup process.

Please download Farbar Recovery Scan Tool and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://www.bleepingcomputer.com/dow...
If we have to run Farbar more than once, refer this SS.
http://i.imgur.com/yUxNw0j.gif
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the Desktop.
The first time the tool is run, it makes also another log (Addition.txt).
The logs are large, upload them using this, or upload to a site of your choosing. No account needed. Give us the links please.
http://www.zippyshare.com/
Instructions on how to use ZippyShare.
http://i.imgur.com/naG6t2T.gif
http://i.imgur.com/Vi9ZdIh.gif
http://i.imgur.com/1IZu5kP.gif

message edited by Johnw


Report •

#9
June 8, 2015 at 09:49:17
After registration I have uploaded to zippyshare.com files with the following link/names
First.txt link : http://www90.zippyshare.com/v/iM4mA...
Addition.txt link : http://www90.zippyshare.com/v/m0l4L...

message edited by willem1933


Report •

#10
Report •

#11
June 8, 2015 at 09:59:33
Just to say that Johnw is in Australia, so he'll hopefully be fast asleep for the next few hours. Keep watching.

Always pop back and let us know the outcome - thanks


Report •

#12
June 8, 2015 at 16:13:03
Next step.

Download ComboFix onto your Desktop & then run. If your default download location is not the Desktop, drag it out of it's location onto the Desktop. Copy & Paste the contents of the log in your next post please. ComboFix's log should be located at C:\COMBOFIX.TXT.
The logs are large, upload them using this, or upload to a site of your choosing. No account needed. Give us the links please.
http://www.zippyshare.com/
Instructions on how to use ZippyShare.
http://i.imgur.com/naG6t2T.gif
http://i.imgur.com/Vi9ZdIh.gif
http://i.imgur.com/1IZu5kP.gif
http://www.bleepingcomputer.com/dow...
http://download.bleepingcomputer.co...
http://www.forospyware.com/sUBs/Com...
A guide and tutorial on using ComboFix
http://www.bleepingcomputer.com/com...
http://www.winhelp.us/index.php/gen...
Manually restoring the Internet connection
http://www.bleepingcomputer.com/com...
There are circumstances ComboFix will hang, crash or stall at various stages due to malware interference, failure to disable other real-time protection tools or the presence of CD Emulators (Daemon Tools, Alchohol 120%, Astroburn, AnyDVD) so that it does not complete successfully. Also, depending on how badly a system is infected, ComboFix may take longer to complete its routine than it normally does or fail to run properly. While that is not normal behavior, it is not unusual"
If you think it's frozen, look at the computer clock.
If it's running, Combofix is still working.
NOTE: Do not mouseclick combofix's window while it is running. That may cause it to stall.
NOTE: ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
**Please Note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes.
If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.
Can't Install an Antivirus - Windows Security Center still detects previous AV
http://www.experts-exchange.com/Vir...
We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found in this topic.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Once these two steps have been completed, double-click on the ComboFix icon found on your Desktop.
Please Note: Once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.


Report •

#13
June 9, 2015 at 04:02:12
This sounds scary. I hope I don't end up with a unusable computer. This is a two month old Lenovo G50 laptop with win 8.1 pre-installed intended for use when I am in Africa. I have not made any major adaptations yet. At home in Belgium I have a custom built PC with win 7. My data are safe in the cloud. So, when I read about the recovery console I searched the web and found the following statement in the Microsoft Community. Is it not possible to just go back to factory settings with the tool that seems to be already installed ?

Answer from Andre Da Costa, MVP Community Moderator - With Windows 8, Microsoft has changed from stickers that have the product key that the user has to type in when installing the operating system to new BIOS embedded product keys. The idea is that by eliminating the sticker, you eliminate one of the easier ways for nefarious users to get a legitimate product key. Eliminating the product key sticker also removes any worry that the sticker might get damaged while at the same time eliminating the long and irritating process of typing in various letters and numbers when installing the operating system.

If the user has to reinstall the operating system on a machine that came with Windows 8, the installation process automatically grabs the software product key from the motherboard BIOS with no input from the user. This means that those familiar Windows product key stickers will no longer appear on the Windows 8 computers.

See instructions in the following article how to use the recovery partition to reinstall Windows 8 or to create your own recovery media.

To initiat reinstallation:
Press Windows key + i
Click Change PC Settings
Click Update and Recovery
Click Recovery
· Under Remove everything and reinstall Windows, click Get started


Report •

#14
June 9, 2015 at 04:20:15
"I hope I don't end up with a unusable computer."
I have made a mistake, Combofix will not run on W8.1 & it would have told you so.

Run ESET Online Scanner, Copy and Paste the contents of the log in your reply please. This scan may take a very long while, so please be patient. Maybe start it before going to work or bed.
http://www.eset.com/us/online-scann...
http://www.eset.com/home/products/o...
If your comp is unbootable, or won't let you download, you will have to download ESET from a good computer, put it on a flash/thumb/pen/usb drive & run it from there.
Create a ESET SysRescue CD or USB drive
http://kb.eset.com/esetkb/index?pag...
How do I use my ESET SysRescue CD or USB flash drive to scan and clean my system?
http://kb.eset.com/esetkb/index?pag...
Configure ESET this way & disable your AV.
http://i.imgur.com/3U7YC.gif
How to Temporarily Disable your Anti-virus
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Which web browsers are compatible with ESET Online Scanner?
http://www.nod32.fi/eset-online-sca...
http://kb.eset.com/esetkb/index?pag...
Online Scanner not working
http://kb.eset.com/esetkb/index?pag...
My ESET product detected a threat—what should I do?
http://kb.eset.com/esetkb/index?pag...
Why Would I Ever Need an Online Virus Scanner? I already have an antivirus program installed, isn't that enough?
http://www.squidoo.com/the-best-fre...
Once onto a machine, malware can disable antivirus programs, prevent antimalware programs from downloading updates, or prevent a user from running antivirus scans or installing new antivirus software or malware removal tools. At this point even though you are aware the computer is infected, removal is very difficult.
5: Why does the ESET Online Scanner run slowly on my computer?
If you have other antivirus, antispyware or anti-malware programs running on your computer, they may intercept the scan being performed by the ESET Online Scanner and hinder performance. You may wish to disable the real-time protection components of your other security software before running the ESET Online Scanner. Remember to turn them back on after you are finished.
17: How can I view the log file from ESET Online Scanner?
http://kb.eset.com/esetkb/index?pag...
http://www.eset.com/home/products/o...
The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. The path to the log file is "C:\Program Files\EsetOnlineScanner\log.txt". You can view this file by navigating to the directory and double-clicking on it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start ? Run dialog box from the Start Menu on the Desktop.
If no threats are found, you will simply see an information window that no threats were found.
http://www.trishtech.com/security/s...


Report •

#15
June 9, 2015 at 23:37:46
Copy & Paste the text in Blue below & save it into Notepad on your Desktop & name it fixlist.txt
NOTE:It is important that Notepad is used. The fix will not work if Word or some other program is used.
NOTE: It is important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

closeprocesses:
emptytemp:
PriceSparrow (HKLM-x32\...\{2A965DDC-C64C-4562-862B-5EE487A7DEFC}) (Version: 1.4.42 - Adspired GmbH) <==== ATTENTION
Task: {0D21BBCE-5FF6-4613-B62C-48148CA6EAA1} - \Microsoft\Windows\RAC\RacTask No Task File <==== ATTENTION
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator No Task File <==== ATTENTION
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance No Task File <==== ATTENTION
Task: {64D343C8-8D37-45A7-AE67-F0CA541739C3} - \SmartDefrag4_Startup No Task File <==== ATTENTION
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance No Task File <==== ATTENTION
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance No Task File <==== ATTENTION
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask No Task File <==== ATTENTION
AlternateDataStreams: C:\windows:nlsPreferences
AlternateDataStreams: C:\windows\SysWOW64\cards.dll:BDU
AlternateDataStreams: C:\windows\SysWOW64\freecell.exe:BDU
AlternateDataStreams: C:\Users\Willem\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Willem\Desktop\AdwCleaner.exe:BDU
AlternateDataStreams: C:\Users\Willem\Desktop\FRST64.exe:BDU
AlternateDataStreams: C:\Users\Willem\Desktop\JRT.exe:BDU
AlternateDataStreams: C:\Users\Willem\Desktop\mbam-setup-2.1.6.1022.exe:BDU
AlternateDataStreams: C:\Users\Willem\Downloads\BackupperFull.exe:BDU
AlternateDataStreams: C:\Users\Willem\Downloads\BDPUARLauncher.exe:BDU
AlternateDataStreams: C:\Users\Willem\Downloads\ChromeSetup(1).exe:BDU
AlternateDataStreams: C:\Users\Willem\Downloads\ChromeSetup.exe:BDU
AlternateDataStreams: C:\Users\Willem\Downloads\free_freecell_solitaire2015_v300_setup.exe:BDU
AlternateDataStreams: C:\Users\Willem\Downloads\FRST64.exe:BDU
AlternateDataStreams: C:\Users\Willem\Downloads\Opera_NI_stable(1).exe:BDU
AlternateDataStreams: C:\Users\Willem\Downloads\Opera_NI_stable(2).exe:BDU
AlternateDataStreams: C:\Users\Willem\Downloads\Opera_NI_stable.exe:BDU
AlternateDataStreams: C:\Users\Willem\Downloads\Rarmaradio_setup.exe:BDU
AlternateDataStreams: C:\Users\Willem\Downloads\setupVoipConnect.exe:BDU
AlternateDataStreams: C:\Users\Willem\Downloads\Windows10InsiderPreview.exe:BDU
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3414800070-2706189083-702097070-1001\...\Run: [*LABAL*] => [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3414800070-2706189083-702097070-1001 -> {5B53121A-9DB5-44AB-984C-97CDB1B09735} URL =
BHO: PriceSparrow BHO -> {2A965DDC-C64C-4562-862B-5EE487A7DEFC} -> C:\Program Files (x86)\pricesparrow\Internet Explorer\pricesparrow64.dll No File
Toolbar: HKU\S-1-5-21-3414800070-2706189083-702097070-1001 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - No File

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that, let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply.


Report •

#16
June 10, 2015 at 01:41:07
Ran the ESET Online scanner. The only possible unwanted program that showed up was the internet radio program RARMA Radio, which I put there myself.

Then I made a fixlist.txt and ran FRST64 which resulted in the disappearance of the fixlist.txt file and the following fix.log:

Fix result of Farbar Recovery Scan Tool (x64) Version:07-06-2015
Ran by Willem at 2015-06-10 10:25:32 Run:1
Running from C:\Users\Willem\Desktop
Loaded Profiles: Willem (Available Profiles: Willem)
Boot Mode: Normal
==============================================

fixlist content:
*****************
closeprocesses:
emptytemp:
PriceSparrow (HKLM-x32\...\{2A965DDC-C64C-4562-862B-5EE487A7DEFC}) (Version: 1.4.42 - Adspired GmbH) <==== ATTENTION
Task: {0D21BBCE-5FF6-4613-B62C-48148CA6EAA1} - \Microsoft\Windows\RAC\RacTask No Task File <==== ATTENTION
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator No Task File <==== ATTENTION
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance No Task File <==== ATTENTION
Task: {64D343C8-8D37-45A7-AE67-F0CA541739C3} - \SmartDefrag4_Startup No Task File <==== ATTENTION
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance No Task File <==== ATTENTION
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance No Task File <==== ATTENTION
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask No Task File <==== ATTENTION
AlternateDataStreams: C:\windows:nlsPreferences
AlternateDataStreams: C:\windows\SysWOW64\cards.dll:BDU
AlternateDataStreams: C:\windows\SysWOW64\freecell.exe:BDU
AlternateDataStreams: C:\Users\Willem\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Willem\Desktop\AdwCleaner.exe:BDU
AlternateDataStreams: C:\Users\Willem\Desktop\FRST64.exe:BDU
AlternateDataStreams: C:\Users\Willem\Desktop\JRT.exe:BDU
AlternateDataStreams: C:\Users\Willem\Desktop\mbam-setup-2.1.6.1022.exe:BDU
AlternateDataStreams: C:\Users\Willem\Downloads\BackupperFull.exe:BDU
AlternateDataStreams: C:\Users\Willem\Downloads\BDPUARLauncher.exe:BDU
AlternateDataStreams: C:\Users\Willem\Downloads\ChromeSetup(1).exe:BDU
AlternateDataStreams: C:\Users\Willem\Downloads\ChromeSetup.exe:BDU
AlternateDataStreams: C:\Users\Willem\Downloads\free_freecell_solitaire2015_v300_setup.exe:BDU
AlternateDataStreams: C:\Users\Willem\Downloads\FRST64.exe:BDU
AlternateDataStreams: C:\Users\Willem\Downloads\Opera_NI_stable(1).exe:BDU
AlternateDataStreams: C:\Users\Willem\Downloads\Opera_NI_stable(2).exe:BDU
AlternateDataStreams: C:\Users\Willem\Downloads\Opera_NI_stable.exe:BDU
AlternateDataStreams: C:\Users\Willem\Downloads\Rarmaradio_setup.exe:BDU
AlternateDataStreams: C:\Users\Willem\Downloads\setupVoipConnect.exe:BDU
AlternateDataStreams: C:\Users\Willem\Downloads\Windows10InsiderPreview.exe:BDU
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3414800070-2706189083-702097070-1001\...\Run: [*LABAL*] => [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3414800070-2706189083-702097070-1001 -> {5B53121A-9DB5-44AB-984C-97CDB1B09735} URL =
BHO: PriceSparrow BHO -> {2A965DDC-C64C-4562-862B-5EE487A7DEFC} -> C:\Program Files (x86)\pricesparrow\Internet Explorer\pricesparrow64.dll No File
Toolbar: HKU\S-1-5-21-3414800070-2706189083-702097070-1001 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - No File
*****************

Processes closed successfully.
PriceSparrow (HKLM-x32\...\{2A965DDC-C64C-4562-862B-5EE487A7DEFC}) (Version: 1.4.42 - Adspired GmbH) <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{0D21BBCE-5FF6-4613-B62C-48148CA6EAA1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D21BBCE-5FF6-4613-B62C-48148CA6EAA1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\RAC\RacTask" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1274336E-AB06-46B6-A48C-0671C5557CC6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1274336E-AB06-46B6-A48C-0671C5557CC6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Maintenance Configurator" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1687544D-7247-4F5A-965A-A6E920E55278}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1687544D-7247-4F5A-965A-A6E920E55278}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Manual Maintenance" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{64D343C8-8D37-45A7-AE67-F0CA541739C3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{64D343C8-8D37-45A7-AE67-F0CA541739C3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartDefrag4_Startup" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6F02587F-8A2B-4552-97F6-DEEF229E335B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F02587F-8A2B-4552-97F6-DEEF229E335B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Idle Maintenance" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B7992938-01F1-4F40-A0EC-0D23D2F0F152}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B7992938-01F1-4F40-A0EC-0D23D2F0F152}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Regular Maintenance" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CFD7C21A-808B-487B-A6EC-8A10E44E8360}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFD7C21A-808B-487B-A6EC-8A10E44E8360}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SettingSync\BackupTask" => key removed successfully
C:\windows => ":nlsPreferences" ADS removed successfully.
C:\windows\SysWOW64\cards.dll => ":BDU" ADS removed successfully.
C:\windows\SysWOW64\freecell.exe => ":BDU" ADS removed successfully.
"C:\Users\Willem\OneDrive" => ":ms-properties" ADS not found.
C:\Users\Willem\Desktop\AdwCleaner.exe => ":BDU" ADS removed successfully.
C:\Users\Willem\Desktop\FRST64.exe => ":BDU" ADS removed successfully.
C:\Users\Willem\Desktop\JRT.exe => ":BDU" ADS removed successfully.
C:\Users\Willem\Desktop\mbam-setup-2.1.6.1022.exe => ":BDU" ADS removed successfully.
C:\Users\Willem\Downloads\BackupperFull.exe => ":BDU" ADS removed successfully.
C:\Users\Willem\Downloads\BDPUARLauncher.exe => ":BDU" ADS removed successfully.
C:\Users\Willem\Downloads\ChromeSetup(1).exe => ":BDU" ADS removed successfully.
C:\Users\Willem\Downloads\ChromeSetup.exe => ":BDU" ADS removed successfully.
C:\Users\Willem\Downloads\free_freecell_solitaire2015_v300_setup.exe => ":BDU" ADS removed successfully.
C:\Users\Willem\Downloads\FRST64.exe => ":BDU" ADS removed successfully.
C:\Users\Willem\Downloads\Opera_NI_stable(1).exe => ":BDU" ADS removed successfully.
C:\Users\Willem\Downloads\Opera_NI_stable(2).exe => ":BDU" ADS removed successfully.
C:\Users\Willem\Downloads\Opera_NI_stable.exe => ":BDU" ADS removed successfully.
"C:\Users\Willem\Downloads\Rarmaradio_setup.exe" => ":BDU" ADS not found.
C:\Users\Willem\Downloads\setupVoipConnect.exe => ":BDU" ADS removed successfully.
C:\Users\Willem\Downloads\Windows10InsiderPreview.exe => ":BDU" ADS removed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-3414800070-2706189083-702097070-1001\Software\Microsoft\Windows\CurrentVersion\Run\\*LABAL* => value removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-3414800070-2706189083-702097070-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5B53121A-9DB5-44AB-984C-97CDB1B09735}" => key removed successfully
HKCR\CLSID\{5B53121A-9DB5-44AB-984C-97CDB1B09735} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A965DDC-C64C-4562-862B-5EE487A7DEFC}" => key removed successfully
"HKCR\CLSID\{2A965DDC-C64C-4562-862B-5EE487A7DEFC}" => key removed successfully
HKU\S-1-5-21-3414800070-2706189083-702097070-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} => value removed successfully
"HKCR\CLSID\{724D43A0-0D85-11D4-9908-00400523E39A}" => key removed successfully
EmptyTemp: => 319.2 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 10:26:21 ====


Report •

#17
June 10, 2015 at 01:55:50
Now lets deal with your SmartScreen issue.

Turn On Security Features of your Internet Browser
Internet Explorer - Activate SmartScreen Filter

Internet Explorer versions 8 and 9 has this feature called SmartScreen Filter. It helps detect phishing web sites and protect you from downloading malicious files online. You may have avoided
1. Please open Internet Explorer.
2. On top menu, select Tools (IE 9). For IE 8, please look for Safety menu.
3. Select SmartScreen Filter from the drop-down list and click on Turn on SmartScreen Filter.

IE SmartScreen Filter
http://i.imgur.com/ENTRKBl.png
4. Please restart Internet Explorer.
+ See comprehensive steps to activate SmartScreen Filter
Google Chrome's Enable Phishing and Malware Protection

With Google Chrome's Phishing and Malware Detection feature, you will have lesser risks browsing the web. It will display a warning when the site you are trying to visit is suspicious. To enable Phishing and Malware Protection, please do these steps:

1. Open Google Chrome.
2. Click on the Customize and control Google Chrome (3-Bars Icon) located on top right corner of the browser.
3. Select Settings from the drop-down list.
4. Once on the settings page, click on Show advanced settings... at the bottom of the page to see the rest of the Chrome setup.
5. Locate Privacy section and mark 'Enable phishing and malware protection'.

Chrome Security Settings
http://i.imgur.com/FsDcdOW.png
6. Please restart Google Chrome. New settings keep your browser safe while surfing the web.
+ See comprehensive steps to enable Phishing and Malware Protection
Mozilla Firefox - Block Attack Sites and Web Forgeries

Phishing and Malware Protection is a built-in feature on Firefox version 3 or later. It warns you when a page you are trying to visit contains phishing content or an attack site designed to drop threats on the computer. To help you keep safe while browsing the Internet using Firefox, please follow this guide:

1. Open Mozilla Firefox browser.
2. On top menu, click on Tools. Then select Options from the list.
3. Select Security and put a check mark on the following items:

Warn me when sites try to install add-ons
Block reported attack sites
Block reported web forgeries
http://i.imgur.com/x8LVIzV.png


Report •

#18
June 10, 2015 at 09:24:25
In IE, I assume that on a 2 months old laptop it is version 11, the smartscreen is already turned on, but it gives an error message that the connection is not safe.

In Chrome, 'Enable phishing and malware protection' was already on, but still it gives an error message that the connection is not safe.

In Firefox v. 38.0.5 everything works without a hitch and no unsafe connection message is given.

In Opera the message is also "connection is not safe"

There must be something in Win 8.1 that is not right if you ask me.


Report •

#19
June 10, 2015 at 17:18:07
"connection is not safe"
Upload screenshots of that message in IE, Opera & Chrome please.

Report •

#20
June 11, 2015 at 02:56:25
Strange things are happening on my laptop. One moment these "connection is not safe" messages come, another time they don't. Maybe when Chrome opens very slowly it comes, when it opens normally it doesn't. In this session IE 11, Chrome, Opera all come without it. I was able to make a screenshot with snipping tool in the last session and uploaded it in zippyshare - http://www26.zippyshare.com/v/aw8NA...

It must be something in Windows. Could it have to do with the history ? Some days after I bought my laptop, I changed it to a trial with Windows 10. I am used to Win 7 and was used to XP. Didn't like 8.1. To be eligible to an automatic update to Win 10 later this month, I reverted the laptop to 8.1, which I suspect did not go properly. Maybe reverting to factory reset ?


Report •

#21
June 11, 2015 at 03:22:00
"connection is not safe"
There is no magic to tracking down the trillions of error combinations problems, the error message must be EXACT. Rarely are you the first in the world to have a problem.

your connection is not private
https://www.google.com.au/webhp?hl=...

message edited by Johnw


Report •

#22
June 11, 2015 at 03:22:51
Have you the latest Windows service pack?

Is your clock showing the correct time?

Do you happen to be using Avast virus checker?

Always pop back and let us know the outcome - thanks


Report •

#23
June 12, 2015 at 06:10:00
Have automatic updates on, so I assume I have.
Clock shows exact time.
Am using Bitdefender Internet Security.

Report •

#24
June 12, 2015 at 07:53:25
OK, was just checking some things that were known to cause this issue.

Always pop back and let us know the outcome - thanks


Report •

#25
June 13, 2015 at 09:12:25
Like to thank you all that took part in this long search. I've leaned a lot.

Report •

#26
June 13, 2015 at 18:29:03
"Like to thank you all that took part in this long search. I've leaned a lot"
Thanks willem1933, yep the learning never stops.


Report •

Ask Question