Infection blocked from http://blackled.info and epictory.com?

So when I leave the PC on for a few hours and I come back, usually get about 10 messages saying that an infection was blocked. Here is an example of a common one: http://imgur.com/RpqgJc6

I also get infections from epictory.com and they are caused by svchost.exe apparently. I have attached the FRST logs. I ran a scan and it showed no viruses, can someone help?

Yeah, certainly will get someone to help you. Hang tight.

-_-: 2015-04-22 00:19 - 2015-04-22 00:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent

Is this a cracked copy of windows ?

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION Startup: C:\Users\Shyam PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KMSPico 11.0.1 Update.lnk [2015-04-21] ShortcutTarget: KMSPico 11.0.1 Update.lnk -> C:\ProgramData\{0b8e89be-d140-ae4b-0b8e-e89bed1426fb}\KMSPico 11.0.1 Update.exe ()

2015-05-01 05:31 - 2015-05-01 05:31 - 00000000 __SHD () C:\Users\Shyam PC\AppData\Local\EmieUserList
2015-05-01 05:31 - 2015-05-01 05:31 - 00000000 __SHD () C:\Users\Shyam PC\AppData\Local\EmieSiteList
2015-05-01 05:31 - 2015-05-01 05:31 - 00000000 __SHD () C:\Users\Shyam PC\AppData\Local\EmieBrowserModeList
2015-04-21 20:39 - 2015-04-21 20:39 - 00003154 _____ () C:\Windows\System32\Tasks{0F4E2826-78BB-4E4A-A955-B7AA6236726D}
2015-04-21 20:27 - 2015-04-21 20:34 - 00000000 ____D () C:\Users\Shyam PC\AppData\Local\12381
2015-04-21 20:19 - 2015-04-21 20:19 - 00003984 _____ () C:\Windows\System32\Tasks\LaunchPreSignup
2015-04-21 20:17 - 2015-04-21 21:05 - 00000000 ____D () C:\ProgramData{0b8e89be-d140-ae4b-0b8e-e89bed1426fb}
2015-04-21 20:17 - 2015-04-21 20:18 - 00000000 ____D () C:\ProgramData\13208990596936177423
2015-04-21 20:01 - 2015-05-01 17:01 - 00000374 _____ () C:\Windows\Tasks\Bidaily Synchronize Task.job
2015-04-21 20:01 - 2015-04-26 17:01 - 00000000 ____D () C:\ProgramData{1f9409c5-4493-0a48-1f94-409c54492715}
2015-04-21 20:01 - 2015-04-21 20:01 - 00003268 _____ () C:\Windows\System32\Tasks\Bidaily Synchronize Task
2015-04-15 00:28 - 2015-04-15 00:28 - 00004387 _____ () C:\Users\Shyam PC\AppData\Roaming\SyXrHDp6j5Hu2ZCcPYIdR4KSjv3
Task: {D42C2283-57B9-4DB9-9824-1D97BFCC1FD2} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe <==== ATTENTION
Task: {3B2347A9-3045-40EC-B63B-5BA63D36508F} - System32\Tasks\Bidaily Synchronize Task => C:\ProgramData{1f9409c5-4493-0a48-1f94-409c54492715}\KMSPico 11.0.1 Update.exe [2015-04-21] ()
Task: {C0093F5F-59A2-4D23-83E1-CA38B19B920D} - System32\Tasks{0F4E2826-78BB-4E4A-A955-B7AA6236726D} => pcalua.exe -a “C:\Users\Shyam PC\AppData\Roaming\istartsurf\UninstallManager.exe” -c -ptid=obw
C:\Users\Shyam PC\AppData\Roaming\istartsurf
C:\ProgramData{1f9409c5-4493-0a48-1f94-409c54492715}
C:\ProgramData{0b8e89be-d140-ae4b-0b8e-e89bed1426fb}
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

Thanks for the reply! About my copy of windows…guilty as charged…

Anyway, here is the fixlog, hopefully its fixed.

Well when windows 10 comes out I believe you will be able to get a legitimate copy

Yeah I heard. I’m waiting for that.

Youre wrong Martin :slight_smile:

You will NOT get a legit license, in case youre running an illegal copy.