icemansk

MS just patched Win 10, check your security center settings. Tells you that you have two programs running now for protection, never did before. Once again MS Win 10 patch breaks MWB. Last time, reinstall fixed issue, now it won't.

No blocks since the DNS change on SLT on the 24th. If this solved the problem, I'm good with it as long as it is a fix an not a workaround like the other post stated. I don't see any indications of virus/malware on the three and the scheduled scans over the last couple days are clean (Trend Micro and MBAM). Maybe set the DNS back to auto and see what happens? Any benefit to doing a stack reset on SLT, since it appears to be good? Will continue to monitor SLT for weekend to see if it remains block free. Really appreciate your efforts and support with this issue.

Yes the computer we are working on, SLT has the pop-up issue. My question was regarding the DNS being the source. All three of my computers on the network were having pop-ups, and all three had the same DNS server via Frontier. Keltner-PC was the first one we worked on, it no longer has pop-ups after all steps, stack reset, and DNS change. The computer we are working on, SteveLaptop, has not had a pop-up since the scan yesterday. The third computer, Manroomlaptop, stopped having pop-ups for 198.105.244.114 on the 10th and we did nothing to it. It has stopped some other sites embedded in FBook linked pages and they are one time blocks and do not repeat. I was just wondering why the third computer with the original DNS is not having issues if it is the DNS server being hijacked and redirecting to the malicious site?

Logs from scan. No pop-ups since last scan. MWB Scan 9_24.txt MWB Prot 9_24.txt

If it was the DNS wouldn't any machine that is still using the original DNS have pop-up traffic? Manroomlaptop has not had a pop up since the 10th.

I checked the logs from the last few days, as SLT is used very little. There are pop-ups present even off the network, not in groups like when it is on the network though. The other machines logs are clean. Several hours in between them. Strange entry on this log... Protection, 9/23/2015 5:37:47 PM, SYSTEM, STEVELAPTOP, Protection, Malware Protection, Starting, Protection, 9/23/2015 5:37:47 PM, SYSTEM, STEVELAPTOP, Protection, Malware Protection, Started, Protection, 9/23/2015 5:37:47 PM, SYSTEM, STEVELAPTOP, Protection, Malicious Website Protection, Starting, Protection, 9/23/2015 5:38:37 PM, SYSTEM, STEVELAPTOP, Protection, Malicious Website Protection, Started, Detection, 9/23/2015 9:15:26 PM, SYSTEM, STEVELAPTOP, Protection, Malicious Website Protection, IP, 198.105.244.114, lh-96k6cytch8l0.home, 0, Outbound, (end)

Instant pop-up when SLT put back on network. Same attempted traffic as attached log. Time to do a system flush?

Could not navigate to Java removal file, assume it is issue with IE9? Put SLT back on network, got JavaRa from PC. Once back on network, pop-ups started on SLT. Log attached. After I ran JavaRA a log file did not pop up and I can't find one in the location it specified, using search could not fined any JavaRa txt logs. Fixlist is gone from FRST64.exe location, so I assume it worked. Even though I have FRST as an allowed program, Trend keeps trying to block it. Putting SLT back on network and see if it still has pop-ups. Fixlog.txt MWB Prot.txt

By same location do you mean both on desktop or do I need to put the txt file into the FRST folder or a sub folder? And are you referring to FRST*.exe?

SLT still off network. No pop-ups since 19th after I took it off network. Logs attached for above steps.

SLT still off network. No pop-ups since 19th after I took it off network. Logs attached for above steps. JRT.txt AdwCleanerS2.txt FRST_22-09-2015_17-02-39.txt Addition_22-09-2015_17-02-39.txt ESET.txt mbam-log-2015-09-22 (11-52-46).xml

Took SLT off network. Also, this is an older Asus gaming laptop still using Vista.

Logs for SteveLapTop (SLT). Which step do I start with? SLT MWB protlog 9_18.txt SLT MWB protlog 9_19.txt

No issues with Keltner-PC for more than 24 hours, manroomlaptop issue free for longer, both have clean prot logs and scans for 2 days or more now. pop up on SteveLapTop as soon as Keltner-PC was back on network. Turned off SLTop for night and after start-up this am, two more pop-ups. I will be switching to that machine and posting logs from it. As side note, even though Rootkits is checked for scans, is there a reason Rootkits shows as disabled in the scan log?

No pop-ups since 5pm pst yesterday, almost 24 hours.