Jump to content

Valor

Members
  • Posts

    38
  • Joined

  • Last visited

Everything posted by Valor

  1. Nothing has come up. Thanks very much, Borislav! I'll post some final FRST logs, just to make sure everything is clean, and if so, I'll be on my way! FRST.txt Addition.txt
  2. Sorry for the late response, I was busy recently and haven't had time on the PC. It hasn't happened yet, but I'll update if it happens again.
  3. ESET scan came back entirely clean, 0 detections 320,000+ files scanned. Attached are the FRST logs that you requested. FRST.txt Addition.txt
  4. Disregard those last logs. After a reboot, the logs looked very different. FRST.txt Addition.txt
  5. I scanned again with FRST and noticed some strange things under registry. Has my (possible) infection gotten worse? FRST.txt Addition.txt
  6. Hello Borislav, I'm sorry to tell you but I cannot run Combofix due to my operating system(Windows 8.1).
  7. Can do. I was just saying what he said thinking it might have been something you overlooked, or something that you were planning on helping me with in the future. mbamscan.txt
  8. I don't think it attached correctly, so I'm doing it again. Fixlog.txt
  9. I got a popup right before I ran the fix. Detection, 6/18/2015 4:04:21 AM, SYSTEM, J-PC, Protection, Malicious Website Protection, IP, 89.248.171.135, 1900, Inbound, C:\Windows\System32\svchost.exe, Detection, 6/18/2015 4:04:21 AM, SYSTEM, J-PC, Protection, Malicious Website Protection, IP, 89.248.171.135, 1900, Inbound, C:\Windows\System32\svchost.exe, Attached log it the fix.
  10. Thank you, Borislav. MBAM scan came back clean, about to run the Fixlist. I received a PM from a user telling me that he inspected the FRST logs and noticed that the DNS server was 192.168.0.1. Could this mean that my router has an infection on it? Please help. Have a good day.
  11. Detection, 6/16/2015 12:48:53 PM, SYSTEM, J-PC, Protection, Malicious Website Protection, IP, 89.248.171.135, 1900, Inbound, C:\Windows\System32\svchost.exe, Detection, 6/16/2015 12:48:54 PM, SYSTEM, J-PC, Protection, Malicious Website Protection, IP, 89.248.171.135, 1900, Inbound, C:\Windows\System32\svchost.exe, Detection, 6/16/2015 12:54:57 PM, SYSTEM, J-PC, Protection, Malicious Website Protection, IP, 89.248.171.135, 1900, Inbound, C:\Windows\System32\svchost.exe, I got these three, and maybe more to come, very close together. I know that this is Malwarebytes doing it's job(blocking the connections), but I want to get rid of the source of whatever is causing these pop-ups. Is this anything to be concered about in the first place? I am grateful for your assistance. Cheers. FRST.txt Addition.txt
  12. It's running great, except for Visual Studio 2013. It was still lagging and crashing, I couldn't even load projects! I'm thinking that the program corrupted something. I've tried repairing via installer, clean uninstall and reinstall, and /uninstall /force. Nothing has worked, so I force uninstalled and just upgraded to VS2015 Community RC. Thank you very much for your help! It is greatly appreciated!
  13. I don't think the screenshot posted, but it was just showing scan details. 300,000+ files scanned and no threats.
  14. Because no threats were found, I couldn't export. But I did get this screen shot.
  15. Fix result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015 01 Ran by J at 2015-05-30 16:04:31 Run:2 Running from C:\Users\J\Desktop Loaded Profiles: J & DefaultAppPool (Available Profiles: J & DefaultAppPool) Boot Mode: Normal ============================================== fixlist content: ***************** start CloseProcesses: FF Extension: Ghostery - C:\Users\J\AppData\Roaming\Mozilla\Firefox\Profiles\az34cp28.default\Extensions\firefox@ghostery.com.xpi [ 2015-05-27] EmptyTemp: Hosts: Reboot: end ***************** Processes closed successfully. C:\Users\J\AppData\Roaming\Mozilla\Firefox\Profiles\az34cp28.default\Extensions\firefox@ghostery.com.xpi => Moved successfully. C:\Windows\System32\Drivers\etc\hosts => Moved successfully. Hosts restored successfully. EmptyTemp: => Removed 864.8 MB temporary data. The system needed a reboot. ==== End of Fixlog 16:04:36 ====
  16. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.8.5 (05.30.2015:1) OS: Windows 8.1 x64 Ran by J on Sat 05/30/2015 at 15:57:58.61 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Tasks ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-570464586-119374992-2394123655-1002\Software\Microsoft\Internet Explorer\Main\\Start Page ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sat 05/30/2015 at 16:02:46.49 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  17. # AdwCleaner v4.205 - Logfile created 30/05/2015 at 15:54:38 # Updated 21/05/2015 by Xplode # Database : 2015-05-21.2 [Local] # Operating system : Windows 8.1 (x64) # Username : J - J-PC # Running from : C:\Users\J\Desktop\Cleaning\AdwCleaner.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Scheduled tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Web browsers ] ***** -\\ Internet Explorer v11.0.9600.17416 -\\ Mozilla Firefox v38.0.1 (x86 en-US) ************************* AdwCleaner[R0].txt - [731 bytes] - [10/05/2015 19:50:01] AdwCleaner[R10].txt - [1378 bytes] - [23/05/2015 02:12:33] AdwCleaner[R11].txt - [1438 bytes] - [25/05/2015 04:37:55] AdwCleaner[R12].txt - [1498 bytes] - [26/05/2015 23:18:11] AdwCleaner[R13].txt - [1558 bytes] - [26/05/2015 23:33:09] AdwCleaner[R14].txt - [1618 bytes] - [27/05/2015 15:22:04] AdwCleaner[R15].txt - [1678 bytes] - [28/05/2015 00:02:25] AdwCleaner[R16].txt - [344 bytes] - [28/05/2015 14:00:36] AdwCleaner[R17].txt - [2107 bytes] - [28/05/2015 14:04:21] AdwCleaner[R18].txt - [1851 bytes] - [28/05/2015 14:08:51] AdwCleaner[R19].txt - [2227 bytes] - [28/05/2015 14:09:42] AdwCleaner[R1].txt - [789 bytes] - [10/05/2015 19:55:57] AdwCleaner[R20].txt - [274 bytes] - [28/05/2015 14:13:18] AdwCleaner[R21].txt - [2090 bytes] - [28/05/2015 14:13:48] AdwCleaner[R22].txt - [2150 bytes] - [28/05/2015 23:18:29] AdwCleaner[R23].txt - [2731 bytes] - [30/05/2015 15:52:12] AdwCleaner[R24].txt - [1542 bytes] - [30/05/2015 15:54:38] AdwCleaner[R2].txt - [847 bytes] - [11/05/2015 23:54:04] AdwCleaner[R3].txt - [905 bytes] - [13/05/2015 07:04:52] AdwCleaner[R4].txt - [963 bytes] - [14/05/2015 22:54:15] AdwCleaner[R5].txt - [1021 bytes] - [17/05/2015 01:15:11] AdwCleaner[R6].txt - [1140 bytes] - [18/05/2015 00:15:06] AdwCleaner[R7].txt - [1200 bytes] - [19/05/2015 00:01:23] AdwCleaner[R8].txt - [1259 bytes] - [19/05/2015 22:37:37] AdwCleaner[R9].txt - [1318 bytes] - [21/05/2015 13:10:32] AdwCleaner[s0].txt - [1086 bytes] - [17/05/2015 01:18:18] AdwCleaner[s1].txt - [2296 bytes] - [28/05/2015 14:10:23] ########## EOF - C:\AdwCleaner\AdwCleaner[R24].txt - [2189 bytes] ##########
  18. I'm very sorry about the post above, I messed up on a pasting portion of it, should be fixed now. As you requested- Malwarebytes Log: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 5/29/2015 Scan Time: 9:53:34 AM Logfile: Administrator: Yes Version: 2.01.6.1022 Malware Database: v2015.05.29.04 Rootkit Database: v2015.05.24.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Enabled OS: Windows 8.1 CPU: x64 File System: NTFS User: J Scan Type: Threat Scan Result: Completed Objects Scanned: 446216 Time Elapsed: 55 min, 45 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) FRST Logs -FRST.txt: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015 01 Ran by J (administrator) on J-PC on 29-05-2015 11:12:33 Running from C:\Users\J\Desktop\Cleaning Loaded Profiles: J (Available Profiles: J & DefaultAppPool) Platform: Windows 8.1 (X64) OS Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.wireshark.org) Workflow Manager Client 1.0 (Version: 2.0.40131.0 - Microsoft Corporation) Hidden Workflow Manager Tools 1.0 for Visual Studio (Version: 2.0.40326.0 - Microsoft Corporation) Hidden Пакет Visual Studio 2012 Verification SDK - rus (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 18-05-2015 16:17:46 Removed Microsoft Visual Studio 2012 Devenv 18-05-2015 16:18:25 Removed Microsoft Visual Studio 2010 Office Developer Tools (x64) 18-05-2015 16:19:36 Removed Microsoft ASP.NET MVC 4 - Visual Studio 2012 Tools 18-05-2015 16:20:58 Removed Microsoft ASP.NET Web Pages 2 - Visual Studio 2012 Tools 18-05-2015 16:22:59 Removed Microsoft ASP.NET Web Pages - Visual Studio 2012 Tools 18-05-2015 16:24:01 Removed Microsoft Report Viewer Add-On for Visual Studio 2012 18-05-2015 16:25:03 Removed Blend for Visual Studio 2012 ENU resources 18-05-2015 16:25:47 Removed Microsoft LightSwitch for Visual Studio 2012 CoreRes - ENU 18-05-2015 16:26:56 Removed Visual Studio Extensions for Windows Library for JavaScript 18-05-2015 16:28:52 Removed Microsoft Web Developer Tools - Visual Studio 2012 18-05-2015 16:30:04 Removed Blend for Visual Studio 2012 18-05-2015 16:31:23 Removed Visual Studio 2012 Prerequisites - ENU Language Pack 18-05-2015 16:32:19 Removed PreEmptive Analytics Visual Studio Components 18-05-2015 16:32:59 Removed Microsoft LightSwitch for Visual Studio 2012 Core 18-05-2015 16:34:38 Removed Microsoft ASP.NET MVC 3 - Visual Studio 2012 Tools Update 18-05-2015 16:36:34 Removed Microsoft NuGet - Visual Studio 2012 18-05-2015 16:37:15 Removed Visual Studio 2012 Prerequisites 18-05-2015 16:38:38 Removed Prerequisites for SSDT 18-05-2015 16:41:38 Removed Prerequisites for SSDT 18-05-2015 16:43:58 Removed Microsoft Web Deploy dbSqlPackage Provider - enu 18-05-2015 16:44:42 Removed Microsoft SQL Server Data Tools - enu (11.1.20627.00) 18-05-2015 16:45:45 Removed Microsoft SQL Server 2012 Command Line Utilities 18-05-2015 16:46:28 Removed Microsoft SQL Server 2012 Data-Tier App Framework 18-05-2015 16:47:09 Removed Microsoft SQL Server 2012 Data-Tier App Framework (x64) 18-05-2015 16:47:56 Removed Microsoft SQL Server 2012 Express LocalDB 18-05-2015 16:48:47 Removed Microsoft SQL Server 2012 Native Client 18-05-2015 16:49:53 Removed Microsoft SQL Server 2014 Express LocalDB 18-05-2015 16:50:45 Removed Microsoft SQL Server System CLR Types 18-05-2015 16:51:40 Removed Microsoft System CLR Types for SQL Server 2014 18-05-2015 16:56:19 Removed Microsoft System CLR Types for SQL Server 2014 18-05-2015 16:57:02 Removed Microsoft SQL Server Compact 4.0 SP1 x64 ENU 18-05-2015 16:58:26 Removed Microsoft SQL Server 2012 Transact-SQL ScriptDom 18-05-2015 16:59:32 Removed Microsoft System CLR Types for SQL Server 2014 18-05-2015 17:02:40 Removed Microsoft SQL Server 2014 T-SQL Language Service 18-05-2015 17:03:49 Removed Microsoft SQL Server System CLR Types (x64) 18-05-2015 17:04:43 Removed Microsoft SQL Server 2012 Management Objects (x64) 18-05-2015 17:05:42 Removed Microsoft SQL Server 2012 Management Objects 18-05-2015 17:06:43 Removed Microsoft SQL Server 2014 Management Objects 18-05-2015 17:07:49 Removed Microsoft SQL Server 2014 Management Objects (x64) 18-05-2015 17:08:48 Removed Microsoft System CLR Types for SQL Server 2012 18-05-2015 17:09:35 Removed Microsoft System CLR Types for SQL Server 2012 (x64) 18-05-2015 17:10:37 Removed Microsoft SQL Server 2012 T-SQL Language Service 18-05-2015 17:11:22 Removed Microsoft SQL Server 2014 Transact-SQL ScriptDom 18-05-2015 17:12:03 Removed Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00) 18-05-2015 17:12:43 Removed Microsoft SQL Server 2012 Transact-SQL Compiler Service 18-05-2015 17:13:22 Removed Microsoft Web Platform Installer 4.0 18-05-2015 17:14:13 Removed Microsoft XNA Framework Redistributable 4.0 Refresh 18-05-2015 17:15:08 Removed Microsoft XNA Game Studio Platform Tools 18-05-2015 17:18:25 Windows Modules Installer 18-05-2015 23:05:41 Windows Modules Installer 21-05-2015 16:49:36 Removed Java 8 Update 40 (64-bit) 21-05-2015 16:50:32 Removed Java 8 Update 40 (64-bit) 21-05-2015 16:51:16 Removed Java 8 Update 45 21-05-2015 16:55:14 Removed Java 8 Update 45 21-05-2015 16:56:40 Installed Java 7 Update 67 (64-bit) 21-05-2015 17:00:57 Removed Java 7 Update 67 (64-bit) 21-05-2015 17:05:06 Installed Java 7 Update 79 27-05-2015 16:35:00 zoek.exe restore point 28-05-2015 12:36:47 Windows Modules Installer 28-05-2015 12:40:20 Windows Modules Installer 28-05-2015 12:41:46 Windows Modules Installer 28-05-2015 12:44:01 Restore Operation 28-05-2015 13:13:21 Windows Modules Installer 28-05-2015 23:44:03 Restore Point Created by FRST ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 08:25 - 2015-05-29 11:07 - 00001916 ____A C:\WINDOWS\system32\Drivers\etc\hosts 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com 0.0.0.0 media.opencandy.com 0.0.0.0 cdn.opencandy.com 0.0.0.0 tracking.opencandy.com 0.0.0.0 api.opencandy.com 0.0.0.0 installer.betterinstaller.com 0.0.0.0 installer.filebulldog.com 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net 0.0.0.0 inno.bisrv.com 0.0.0.0 nsis.bisrv.com 0.0.0.0 cdn.file2desktop.com 0.0.0.0 cdn.goateastcach.us 0.0.0.0 cdn.guttastatdk.us 0.0.0.0 cdn.inskinmedia.com 0.0.0.0 cdn.insta.oibundles2.com 0.0.0.0 cdn.insta.playbryte.com 0.0.0.0 cdn.llogetfastcach.us 0.0.0.0 cdn.montiera.com 0.0.0.0 cdn.msdwnld.com 0.0.0.0 cdn.mypcbackup.com 0.0.0.0 cdn.ppdownload.com 0.0.0.0 cdn.riceateastcach.us 0.0.0.0 cdn.shyapotato.us 0.0.0.0 cdn.solimba.com 0.0.0.0 cdn.tuto4pc.com 0.0.0.0 cdn.appround.biz 0.0.0.0 cdn.bigspeedpro.com 0.0.0.0 cdn.bispd.com There are 4 more lines. ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {4E359AF4-5CF4-4133-A6B2-96503A0AFE60} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation) Task: {67804067-E2EE-4529-833A-61CAD255FB68} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-05-14] (Microsoft Corporation) Task: {73992560-4BDA-47E9-9E36-20C39B28A830} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe Task: {85EE00BA-3FEF-4AFA-BCD4-7BBE98C02C2F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-23] (Avast Software s.r.o.) Task: {89388CEA-076A-4409-88E7-8AA214693171} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd) Task: {ACA76F49-F065-4A95-A83A-78A4CE8056B9} - System32\Tasks\{7A2657A7-9A34-4DCE-8B29-EF6B66A29D14} => pcalua.exe -a "C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\pbsvc_fc3.exe" -c -u Task: {C540F8F3-89F0-432E-819D-CFD4128A6180} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {E01BA71E-DB7C-47B3-BA55-7D078707D699} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation) ==================== Loaded Modules (Whitelisted) ============== 2015-04-17 07:36 - 2015-05-11 22:30 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2015-03-17 09:21 - 2015-03-17 09:21 - 00216576 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe 2014-05-13 18:57 - 2014-05-13 18:57 - 00210648 _____ () C:\Program Files (x86)\NETGEAR\A6210\NetgearSwitchUSB.exe 2013-12-16 11:29 - 2013-08-28 10:24 - 00920736 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe 2015-04-23 23:15 - 2015-04-23 23:15 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2015-04-23 23:15 - 2015-04-23 23:15 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2015-05-29 09:54 - 2015-05-29 09:54 - 02950656 _____ () C:\Program Files\AVAST Software\Avast\defs\15052900\algo.dll 2015-03-17 09:07 - 2015-03-17 09:07 - 00221184 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll 2015-03-17 08:54 - 2015-03-17 08:54 - 00050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll 2015-03-17 09:07 - 2015-03-17 09:07 - 00070656 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll 2015-03-17 09:10 - 2015-03-17 09:10 - 00744448 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-20.dll 2015-03-17 09:01 - 2015-03-17 09:01 - 00038400 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll 2015-04-17 07:29 - 2015-05-01 11:52 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2015-03-12 13:07 - 2015-03-12 13:07 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2013-12-16 11:29 - 2015-05-29 11:09 - 00026624 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll 2013-12-16 11:29 - 2010-06-28 21:58 - 00104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll 2013-12-16 11:22 - 2013-08-19 14:10 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\03733015.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\07704620.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\36189129.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\37082435.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\37396852.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\64035711.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\67683272.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\72717616.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\73141419.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\03733015.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\07704620.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\36189129.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\37082435.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\37396852.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\64035711.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\67683272.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\72717616.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\73141419.sys => ""="Driver" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-570464586-119374992-2394123655-1002\...\clonewarsadventures.com -> clonewarsadventures.com IE trusted site: HKU\S-1-5-21-570464586-119374992-2394123655-1002\...\freerealms.com -> freerealms.com IE trusted site: HKU\S-1-5-21-570464586-119374992-2394123655-1002\...\soe.com -> soe.com IE trusted site: HKU\S-1-5-21-570464586-119374992-2394123655-1002\...\sony.com -> sony.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-570464586-119374992-2394123655-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme1\img4.jpg DNS Servers: 8.8.8.8 - 208.67.222.222 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\StartupFolder: => "NETGEAR A6210 Genie.lnk" HKLM\...\StartupApproved\Run: => "RTHDVCPL" HKLM\...\StartupApproved\Run: => "RtHDVBg" HKLM\...\StartupApproved\Run: => "NvBackend" HKLM\...\StartupApproved\Run: => "ShadowPlay" HKLM\...\StartupApproved\Run: => "BtServer" HKLM\...\StartupApproved\Run32: => "ASUSPRP" HKLM\...\StartupApproved\Run32: => "KeyScrambler" HKLM\...\StartupApproved\Run32: => "RemoteControl10" HKLM\...\StartupApproved\Run32: => "NvBackend" HKLM\...\StartupApproved\Run32: => "IAStorIcon" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run32: => "Razer Synapse" HKU\S-1-5-21-570464586-119374992-2394123655-1002\...\StartupApproved\StartupFolder: => "PureVPN.lnk" HKU\S-1-5-21-570464586-119374992-2394123655-1002\...\StartupApproved\Run: => "Skype" HKU\S-1-5-21-570464586-119374992-2394123655-1002\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-570464586-119374992-2394123655-1002\...\StartupApproved\Run: => "Spotify" HKU\S-1-5-21-570464586-119374992-2394123655-1002\...\StartupApproved\Run: => "CCleaner Monitoring" HKU\S-1-5-21-570464586-119374992-2394123655-1002\...\StartupApproved\Run: => "Spotify Web Helper" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/29/2015 10:35:19 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: herdProtectScan.exe, version: 1.0.3.9, time stamp: 0x549300f9 Faulting module name: LSASRV.dll, version: 6.3.9600.17784, time stamp: 0x5514c4f0 Exception code: 0xc0000005 Fault offset: 0x000000000005036a Faulting process id: 0x15ac Faulting application start time: 0xherdProtectScan.exe0 Faulting application path: herdProtectScan.exe1 Faulting module path: herdProtectScan.exe2 Report Id: herdProtectScan.exe3 Faulting package full name: herdProtectScan.exe4 Faulting package-relative application ID: herdProtectScan.exe5 Error: (05/29/2015 09:56:25 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: herdProtectScan.exe, version: 1.0.3.9, time stamp: 0x549300f9 Faulting module name: LSASRV.dll, version: 6.3.9600.17784, time stamp: 0x5514c4f0 Exception code: 0xc0000005 Fault offset: 0x000000000005036a Faulting process id: 0x15ac Faulting application start time: 0xherdProtectScan.exe0 Faulting application path: herdProtectScan.exe1 Faulting module path: herdProtectScan.exe2 Report Id: herdProtectScan.exe3 Faulting package full name: herdProtectScan.exe4 Faulting package-relative application ID: herdProtectScan.exe5 Error: (05/29/2015 01:02:53 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: herdProtectScan.exe, version: 1.0.3.9, time stamp: 0x549300f9 Faulting module name: LSASRV.dll, version: 6.3.9600.17784, time stamp: 0x5514c4f0 Exception code: 0xc0000005 Fault offset: 0x000000000005036a Faulting process id: 0x1558 Faulting application start time: 0xherdProtectScan.exe0 Faulting application path: herdProtectScan.exe1 Faulting module path: herdProtectScan.exe2 Report Id: herdProtectScan.exe3 Faulting package full name: herdProtectScan.exe4 Faulting package-relative application ID: herdProtectScan.exe5 Error: (05/29/2015 00:50:13 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program CCleaner64.exe version 5.3.0.5128 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 125c Start Time: 01d099cc34538791 Termination Time: 6968 Application Path: C:\Program Files\CCleaner\CCleaner64.exe Report Id: 8cb91475-05c6-11e5-831f-6c71d9d9cfd2 Faulting package full name: Faulting package-relative application ID: Error: (05/29/2015 00:39:59 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: herdProtectScan.exe, version: 1.0.3.9, time stamp: 0x549300f9 Faulting module name: LSASRV.dll, version: 6.3.9600.17784, time stamp: 0x5514c4f0 Exception code: 0xc0000005 Fault offset: 0x000000000005036a Faulting process id: 0x148c Faulting application start time: 0xherdProtectScan.exe0 Faulting application path: herdProtectScan.exe1 Faulting module path: herdProtectScan.exe2 Report Id: herdProtectScan.exe3 Faulting package full name: herdProtectScan.exe4 Faulting package-relative application ID: herdProtectScan.exe5 Error: (05/28/2015 11:59:20 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: herdProtectScan.exe, version: 1.0.3.9, time stamp: 0x549300f9 Faulting module name: LSASRV.dll, version: 6.3.9600.17784, time stamp: 0x5514c4f0 Exception code: 0xc0000005 Fault offset: 0x000000000005036a Faulting process id: 0x148c Faulting application start time: 0xherdProtectScan.exe0 Faulting application path: herdProtectScan.exe1 Faulting module path: herdProtectScan.exe2 Report Id: herdProtectScan.exe3 Faulting package full name: herdProtectScan.exe4 Faulting package-relative application ID: herdProtectScan.exe5 Error: (05/28/2015 11:44:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL. System Error: The system cannot find the file specified. . Error: (05/28/2015 11:44:03 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {7ec5e394-2888-47cf-af20-b1e590d75c14} Error: (05/28/2015 11:31:07 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: herdProtectScan.exe, version: 1.0.3.9, time stamp: 0x549300f9 Faulting module name: LSASRV.dll, version: 6.3.9600.17784, time stamp: 0x5514c4f0 Exception code: 0xc0000005 Fault offset: 0x000000000005036a Faulting process id: 0x1588 Faulting application start time: 0xherdProtectScan.exe0 Faulting application path: herdProtectScan.exe1 Faulting module path: herdProtectScan.exe2 Report Id: herdProtectScan.exe3 Faulting package full name: herdProtectScan.exe4 Faulting package-relative application ID: herdProtectScan.exe5 Error: (05/28/2015 11:31:04 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: herdProtectScan.exe, version: 1.0.3.9, time stamp: 0x549300f9 Faulting module name: LSASRV.dll, version: 6.3.9600.17784, time stamp: 0x5514c4f0 Exception code: 0xc0000005 Fault offset: 0x000000000005036a Faulting process id: 0x1588 Faulting application start time: 0xherdProtectScan.exe0 Faulting application path: herdProtectScan.exe1 Faulting module path: herdProtectScan.exe2 Report Id: herdProtectScan.exe3 Faulting package full name: herdProtectScan.exe4 Faulting package-relative application ID: herdProtectScan.exe5 System errors: ============= Error: (05/29/2015 11:05:38 AM) (Source: DCOM) (EventID: 10005) (User: J-PC) Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030} Error: (05/29/2015 11:05:38 AM) (Source: DCOM) (EventID: 10005) (User: J-PC) Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC} Error: (05/29/2015 11:01:49 AM) (Source: DCOM) (EventID: 10005) (User: J-PC) Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC} Error: (05/29/2015 10:52:31 AM) (Source: DCOM) (EventID: 10005) (User: J-PC) Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC} Error: (05/29/2015 10:52:29 AM) (Source: DCOM) (EventID: 10005) (User: J-PC) Description: 1084dpsUnavailable{7022A3B3-D004-4F52-AF11-E9E987FEE25F} Error: (05/29/2015 10:52:29 AM) (Source: DCOM) (EventID: 10005) (User: J-PC) Description: 1084dpsUnavailable{7022A3B3-D004-4F52-AF11-E9E987FEE25F} Error: (05/29/2015 10:52:29 AM) (Source: DCOM) (EventID: 10005) (User: J-PC) Description: 1084dpsUnavailable{7022A3B3-D004-4F52-AF11-E9E987FEE25F} Error: (05/29/2015 10:52:29 AM) (Source: DCOM) (EventID: 10005) (User: J-PC) Description: 1084dpsUnavailable{7022A3B3-D004-4F52-AF11-E9E987FEE25F} Error: (05/29/2015 10:52:29 AM) (Source: DCOM) (EventID: 10005) (User: J-PC) Description: 1084dpsUnavailable{7022A3B3-D004-4F52-AF11-E9E987FEE25F} Error: (05/29/2015 10:52:29 AM) (Source: DCOM) (EventID: 10005) (User: J-PC) Description: 1084dpsUnavailable{7022A3B3-D004-4F52-AF11-E9E987FEE25F} Microsoft Office: ========================= ==================== Memory info =========================== Processor: Intel® Core i7-4770S CPU @ 3.10GHz Percentage of memory in use: 18% Total physical RAM: 12227.29 MB Available physical RAM: 10013.91 MB Total Pagefile: 24515.29 MB Available Pagefile: 22101.5 MB Total Virtual: 131072 MB Available Virtual: 131071.84 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:1848.58 GB) (Free:1453.5 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 1863 GB) (Disk ID: F56D093E) Partition: GPT Partition Type. ==================== End of log ============================
  19. Here you go, that first post where I attached logs was my fault. As you requested- Malwarebytes Log: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 5/29/2015 Scan Time: 9:53:34 AM Logfile: Administrator: Yes Version: 2.01.6.1022 Malware Database: v2015.05.29.04 Rootkit Database: v2015.05.24.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Enabled OS: Windows 8.1 CPU: x64 File System: NTFS User: J Scan Type: Threat Scan Result: Completed Objects Scanned: 446216 Time Elapsed: 55 min, 45 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) FRST Logs -FRST.txt: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015 01 Ran by J (administrator) on J-PC on 29-05-2015 11:12:33 Running from C:\Users\J\Desktop\Cleaning Loaded Profiles: J (Available Profiles: J & DefaultAppPool) Platform: Windows 8.1 (X64) OS Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.wireshark.org) Workflow Manager Client 1.0 (Version: 2.0.40131.0 - Microsoft Corporation) Hidden Workflow Manager Tools 1.0 for Visual Studio (Version: 2.0.40326.0 - Microsoft Corporation) Hidden Пакет Visual Studio 2012 Verification SDK - rus (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 18-05-2015 16:17:46 Removed Microsoft Visual Studio 2012 Devenv 18-05-2015 16:18:25 Removed Microsoft Visual Studio 2010 Office Developer Tools (x64) 18-05-2015 16:19:36 Removed Microsoft ASP.NET MVC 4 - Visual Studio 2012 Tools 18-05-2015 16:20:58 Removed Microsoft ASP.NET Web Pages 2 - Visual Studio 2012 Tools 18-05-2015 16:22:59 Removed Microsoft ASP.NET Web Pages - Visual Studio 2012 Tools 18-05-2015 16:24:01 Removed Microsoft Report Viewer Add-On for Visual Studio 2012 18-05-2015 16:25:03 Removed Blend for Visual Studio 2012 ENU resources 18-05-2015 16:25:47 Removed Microsoft LightSwitch for Visual Studio 2012 CoreRes - ENU 18-05-2015 16:26:56 Removed Visual Studio Extensions for Windows Library for JavaScript 18-05-2015 16:28:52 Removed Microsoft Web Developer Tools - Visual Studio 2012 18-05-2015 16:30:04 Removed Blend for Visual Studio 2012 18-05-2015 16:31:23 Removed Visual Studio 2012 Prerequisites - ENU Language Pack 18-05-2015 16:32:19 Removed PreEmptive Analytics Visual Studio Components 18-05-2015 16:32:59 Removed Microsoft LightSwitch for Visual Studio 2012 Core 18-05-2015 16:34:38 Removed Microsoft ASP.NET MVC 3 - Visual Studio 2012 Tools Update 18-05-2015 16:36:34 Removed Microsoft NuGet - Visual Studio 2012 18-05-2015 16:37:15 Removed Visual Studio 2012 Prerequisites 18-05-2015 16:38:38 Removed Prerequisites for SSDT 18-05-2015 16:41:38 Removed Prerequisites for SSDT 18-05-2015 16:43:58 Removed Microsoft Web Deploy dbSqlPackage Provider - enu 18-05-2015 16:44:42 Removed Microsoft SQL Server Data Tools - enu (11.1.20627.00) 18-05-2015 16:45:45 Removed Microsoft SQL Server 2012 Command Line Utilities 18-05-2015 16:46:28 Removed Microsoft SQL Server 2012 Data-Tier App Framework 18-05-2015 16:47:09 Removed Microsoft SQL Server 2012 Data-Tier App Framework (x64) 18-05-2015 16:47:56 Removed Microsoft SQL Server 2012 Express LocalDB 18-05-2015 16:48:47 Removed Microsoft SQL Server 2012 Native Client 18-05-2015 16:49:53 Removed Microsoft SQL Server 2014 Express LocalDB 18-05-2015 16:50:45 Removed Microsoft SQL Server System CLR Types 18-05-2015 16:51:40 Removed Microsoft System CLR Types for SQL Server 2014 18-05-2015 16:56:19 Removed Microsoft System CLR Types for SQL Server 2014 18-05-2015 16:57:02 Removed Microsoft SQL Server Compact 4.0 SP1 x64 ENU 18-05-2015 16:58:26 Removed Microsoft SQL Server 2012 Transact-SQL ScriptDom 18-05-2015 16:59:32 Removed Microsoft System CLR Types for SQL Server 2014 18-05-2015 17:02:40 Removed Microsoft SQL Server 2014 T-SQL Language Service 18-05-2015 17:03:49 Removed Microsoft SQL Server System CLR Types (x64) 18-05-2015 17:04:43 Removed Microsoft SQL Server 2012 Management Objects (x64) 18-05-2015 17:05:42 Removed Microsoft SQL Server 2012 Management Objects 18-05-2015 17:06:43 Removed Microsoft SQL Server 2014 Management Objects 18-05-2015 17:07:49 Removed Microsoft SQL Server 2014 Management Objects (x64) 18-05-2015 17:08:48 Removed Microsoft System CLR Types for SQL Server 2012 18-05-2015 17:09:35 Removed Microsoft System CLR Types for SQL Server 2012 (x64) 18-05-2015 17:10:37 Removed Microsoft SQL Server 2012 T-SQL Language Service 18-05-2015 17:11:22 Removed Microsoft SQL Server 2014 Transact-SQL ScriptDom 18-05-2015 17:12:03 Removed Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00) 18-05-2015 17:12:43 Removed Microsoft SQL Server 2012 Transact-SQL Compiler Service 18-05-2015 17:13:22 Removed Microsoft Web Platform Installer 4.0 18-05-2015 17:14:13 Removed Microsoft XNA Framework Redistributable 4.0 Refresh 18-05-2015 17:15:08 Removed Microsoft XNA Game Studio Platform Tools 18-05-2015 17:18:25 Windows Modules Installer 18-05-2015 23:05:41 Windows Modules Installer 21-05-2015 16:49:36 Removed Java 8 Update 40 (64-bit) 21-05-2015 16:50:32 Removed Java 8 Update 40 (64-bit) 21-05-2015 16:51:16 Removed Java 8 Update 45 21-05-2015 16:55:14 Removed Java 8 Update 45 21-05-2015 16:56:40 Installed Java 7 Update 67 (64-bit) 21-05-2015 17:00:57 Removed Java 7 Update 67 (64-bit) 21-05-2015 17:05:06 Installed Java 7 Update 79 27-05-2015 16:35:00 zoek.exe restore point 28-05-2015 12:36:47 Windows Modules Installer 28-05-2015 12:40:20 Windows Modules Installer 28-05-2015 12:41:46 Windows Modules Installer 28-05-2015 12:44:01 Restore Operation 28-05-2015 13:13:21 Windows Modules Installer 28-05-2015 23:44:03 Restore Point Created by FRST ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 08:25 - 2015-05-29 11:07 - 00001916 ____A C:\WINDOWS\system32\Drivers\etc\hosts 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com 0.0.0.0 media.opencandy.com 0.0.0.0 cdn.opencandy.com 0.0.0.0 tracking.opencandy.com 0.0.0.0 api.opencandy.com 0.0.0.0 installer.betterinstaller.com 0.0.0.0 installer.filebulldog.com 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net 0.0.0.0 inno.bisrv.com 0.0.0.0 nsis.bisrv.com 0.0.0.0 cdn.file2desktop.com 0.0.0.0 cdn.goateastcach.us 0.0.0.0 cdn.guttastatdk.us 0.0.0.0 cdn.inskinmedia.com 0.0.0.0 cdn.insta.oibundles2.com 0.0.0.0 cdn.insta.playbryte.com 0.0.0.0 cdn.llogetfastcach.us 0.0.0.0 cdn.montiera.com 0.0.0.0 cdn.msdwnld.com 0.0.0.0 cdn.mypcbackup.com 0.0.0.0 cdn.ppdownload.com 0.0.0.0 cdn.riceateastcach.us 0.0.0.0 cdn.shyapotato.us 0.0.0.0 cdn.solimba.com 0.0.0.0 cdn.tuto4pc.com 0.0.0.0 cdn.appround.biz 0.0.0.0 cdn.bigspeedpro.com 0.0.0.0 cdn.bispd.com There are 4 more lines. ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {4E359AF4-5CF4-4133-A6B2-96503A0AFE60} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation) Task: {67804067-E2EE-4529-833A-61CAD255FB68} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-05-14] (Microsoft Corporation) Task: {73992560-4BDA-47E9-9E36-20C39B28A830} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe Task: {85EE00BA-3FEF-4AFA-BCD4-7BBE98C02C2F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-23] (Avast Software s.r.o.) Task: {89388CEA-076A-4409-88E7-8AA214693171} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd) Task: {ACA76F49-F065-4A95-A83A-78A4CE8056B9} - System32\Tasks\{7A2657A7-9A34-4DCE-8B29-EF6B66A29D14} => pcalua.exe -a "C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\pbsvc_fc3.exe" -c -u Task: {C540F8F3-89F0-432E-819D-CFD4128A6180} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {E01BA71E-DB7C-47B3-BA55-7D078707D699} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation) ==================== Loaded Modules (Whitelisted) ============== 2015-04-17 07:36 - 2015-05-11 22:30 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2015-03-17 09:21 - 2015-03-17 09:21 - 00216576 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe 2014-05-13 18:57 - 2014-05-13 18:57 - 00210648 _____ () C:\Program Files (x86)\NETGEAR\A6210\NetgearSwitchUSB.exe 2013-12-16 11:29 - 2013-08-28 10:24 - 00920736 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe 2015-04-23 23:15 - 2015-04-23 23:15 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2015-04-23 23:15 - 2015-04-23 23:15 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2015-05-29 09:54 - 2015-05-29 09:54 - 02950656 _____ () C:\Program Files\AVAST Software\Avast\defs\15052900\algo.dll 2015-03-17 09:07 - 2015-03-17 09:07 - 00221184 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll 2015-03-17 08:54 - 2015-03-17 08:54 - 00050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll 2015-03-17 09:07 - 2015-03-17 09:07 - 00070656 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll 2015-03-17 09:10 - 2015-03-17 09:10 - 00744448 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-20.dll 2015-03-17 09:01 - 2015-03-17 09:01 - 00038400 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll 2015-04-17 07:29 - 2015-05-01 11:52 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2015-03-12 13:07 - 2015-03-12 13:07 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2013-12-16 11:29 - 2015-05-29 11:09 - 00026624 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll 2013-12-16 11:29 - 2010-06-28 21:58 - 00104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll 2013-12-16 11:22 - 2013-08-19 14:10 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\03733015.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\07704620.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\36189129.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\37082435.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\37396852.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\64035711.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\67683272.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\72717616.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\73141419.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\03733015.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\07704620.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\36189129.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\37082435.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\37396852.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\64035711.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\67683272.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\72717616.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\73141419.sys => ""="Driver" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-570464586-119374992-2394123655-1002\...\clonewarsadventures.com -> clonewarsadventures.com IE trusted site: HKU\S-1-5-21-570464586-119374992-2394123655-1002\...\freerealms.com -> freerealms.com IE trusted site: HKU\S-1-5-21-570464586-119374992-2394123655-1002\...\soe.com -> soe.com IE trusted site: HKU\S-1-5-21-570464586-119374992-2394123655-1002\...\sony.com -> sony.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-570464586-119374992-2394123655-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme1\img4.jpg DNS Servers: 8.8.8.8 - 208.67.222.222 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\StartupFolder: => "NETGEAR A6210 Genie.lnk" HKLM\...\StartupApproved\Run: => "RTHDVCPL" HKLM\...\StartupApproved\Run: => "RtHDVBg" HKLM\...\StartupApproved\Run: => "NvBackend" HKLM\...\StartupApproved\Run: => "ShadowPlay" HKLM\...\StartupApproved\Run: => "BtServer" HKLM\...\StartupApproved\Run32: => "ASUSPRP" HKLM\...\StartupApproved\Run32: => "KeyScrambler" HKLM\...\StartupApproved\Run32: => "RemoteControl10" HKLM\...\StartupApproved\Run32: => "NvBackend" HKLM\...\StartupApproved\Run32: => "IAStorIcon" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run32: => "Razer Synapse" HKU\S-1-5-21-570464586-119374992-2394123655-1002\...\StartupApproved\StartupFolder: => "PureVPN.lnk" HKU\S-1-5-21-570464586-119374992-2394123655-1002\...\StartupApproved\Run: => "Skype" HKU\S-1-5-21-570464586-119374992-2394123655-1002\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-570464586-119374992-2394123655-1002\...\StartupApproved\Run: => "Spotify" HKU\S-1-5-21-570464586-119374992-2394123655-1002\...\StartupApproved\Run: => "CCleaner Monitoring" HKU\S-1-5-21-570464586-119374992-2394123655-1002\...\StartupApproved\Run: => "Spotify Web Helper" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/29/2015 10:35:19 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: herdProtectScan.exe, version: 1.0.3.9, time stamp: 0x549300f9 Faulting module name: LSASRV.dll, version: 6.3.9600.17784, time stamp: 0x5514c4f0 Exception code: 0xc0000005 Fault offset: 0x000000000005036a Faulting process id: 0x15ac Faulting application start time: 0xherdProtectScan.exe0 Faulting application path: herdProtectScan.exe1 Faulting module path: herdProtectScan.exe2 Report Id: herdProtectScan.exe3 Faulting package full name: herdProtectScan.exe4 Faulting package-relative application ID: herdProtectScan.exe5 Error: (05/29/2015 09:56:25 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: herdProtectScan.exe, version: 1.0.3.9, time stamp: 0x549300f9 Faulting module name: LSASRV.dll, version: 6.3.9600.17784, time stamp: 0x5514c4f0 Exception code: 0xc0000005 Fault offset: 0x000000000005036a Faulting process id: 0x15ac Faulting application start time: 0xherdProtectScan.exe0 Faulting application path: herdProtectScan.exe1 Faulting module path: herdProtectScan.exe2 Report Id: herdProtectScan.exe3 Faulting package full name: herdProtectScan.exe4 Faulting package-relative application ID: herdProtectScan.exe5 Error: (05/29/2015 01:02:53 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: herdProtectScan.exe, version: 1.0.3.9, time stamp: 0x549300f9 Faulting module name: LSASRV.dll, version: 6.3.9600.17784, time stamp: 0x5514c4f0 Exception code: 0xc0000005 Fault offset: 0x000000000005036a Faulting process id: 0x1558 Faulting application start time: 0xherdProtectScan.exe0 Faulting application path: herdProtectScan.exe1 Faulting module path: herdProtectScan.exe2 Report Id: herdProtectScan.exe3 Faulting package full name: herdProtectScan.exe4 Faulting package-relative application ID: herdProtectScan.exe5 Error: (05/29/2015 00:50:13 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program CCleaner64.exe version 5.3.0.5128 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 125c Start Time: 01d099cc34538791 Termination Time: 6968 Application Path: C:\Program Files\CCleaner\CCleaner64.exe Report Id: 8cb91475-05c6-11e5-831f-6c71d9d9cfd2 Faulting package full name: Faulting package-relative application ID: Error: (05/29/2015 00:39:59 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: herdProtectScan.exe, version: 1.0.3.9, time stamp: 0x549300f9 Faulting module name: LSASRV.dll, version: 6.3.9600.17784, time stamp: 0x5514c4f0 Exception code: 0xc0000005 Fault offset: 0x000000000005036a Faulting process id: 0x148c Faulting application start time: 0xherdProtectScan.exe0 Faulting application path: herdProtectScan.exe1 Faulting module path: herdProtectScan.exe2 Report Id: herdProtectScan.exe3 Faulting package full name: herdProtectScan.exe4 Faulting package-relative application ID: herdProtectScan.exe5 Error: (05/28/2015 11:59:20 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: herdProtectScan.exe, version: 1.0.3.9, time stamp: 0x549300f9 Faulting module name: LSASRV.dll, version: 6.3.9600.17784, time stamp: 0x5514c4f0 Exception code: 0xc0000005 Fault offset: 0x000000000005036a Faulting process id: 0x148c Faulting application start time: 0xherdProtectScan.exe0 Faulting application path: herdProtectScan.exe1 Faulting module path: herdProtectScan.exe2 Report Id: herdProtectScan.exe3 Faulting package full name: herdProtectScan.exe4 Faulting package-relative application ID: herdProtectScan.exe5 Error: (05/28/2015 11:44:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL. System Error: The system cannot find the file specified. . Error: (05/28/2015 11:44:03 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {7ec5e394-2888-47cf-af20-b1e590d75c14} Error: (05/28/2015 11:31:07 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: herdProtectScan.exe, version: 1.0.3.9, time stamp: 0x549300f9 Faulting module name: LSASRV.dll, version: 6.3.9600.17784, time stamp: 0x5514c4f0 Exception code: 0xc0000005 Fault offset: 0x000000000005036a Faulting process id: 0x1588 Faulting application start time: 0xherdProtectScan.exe0 Faulting application path: herdProtectScan.exe1 Faulting module path: herdProtectScan.exe2 Report Id: herdProtectScan.exe3 Faulting package full name: herdProtectScan.exe4 Faulting package-relative application ID: herdProtectScan.exe5 Error: (05/28/2015 11:31:04 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: herdProtectScan.exe, version: 1.0.3.9, time stamp: 0x549300f9 Faulting module name: LSASRV.dll, version: 6.3.9600.17784, time stamp: 0x5514c4f0 Exception code: 0xc0000005 Fault offset: 0x000000000005036a Faulting process id: 0x1588 Faulting application start time: 0xherdProtectScan.exe0 Faulting application path: herdProtectScan.exe1 Faulting module path: herdProtectScan.exe2 Report Id: herdProtectScan.exe3 Faulting package full name: herdProtectScan.exe4 Faulting package-relative application ID: herdProtectScan.exe5 System errors: ============= Error: (05/29/2015 11:05:38 AM) (Source: DCOM) (EventID: 10005) (User: J-PC) Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030} Error: (05/29/2015 11:05:38 AM) (Source: DCOM) (EventID: 10005) (User: J-PC) Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC} Error: (05/29/2015 11:01:49 AM) (Source: DCOM) (EventID: 10005) (User: J-PC) Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC} Error: (05/29/2015 10:52:31 AM) (Source: DCOM) (EventID: 10005) (User: J-PC) Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC} Error: (05/29/2015 10:52:29 AM) (Source: DCOM) (EventID: 10005) (User: J-PC) Description: 1084dpsUnavailable{7022A3B3-D004-4F52-AF11-E9E987FEE25F} Error: (05/29/2015 10:52:29 AM) (Source: DCOM) (EventID: 10005) (User: J-PC) Description: 1084dpsUnavailable{7022A3B3-D004-4F52-AF11-E9E987FEE25F} Error: (05/29/2015 10:52:29 AM) (Source: DCOM) (EventID: 10005) (User: J-PC) Description: 1084dpsUnavailable{7022A3B3-D004-4F52-AF11-E9E987FEE25F} Error: (05/29/2015 10:52:29 AM) (Source: DCOM) (EventID: 10005) (User: J-PC) Description: 1084dpsUnavailable{7022A3B3-D004-4F52-AF11-E9E987FEE25F} Error: (05/29/2015 10:52:29 AM) (Source: DCOM) (EventID: 10005) (User: J-PC) Description: 1084dpsUnavailable{7022A3B3-D004-4F52-AF11-E9E987FEE25F} Error: (05/29/2015 10:52:29 AM) (Source: DCOM) (EventID: 10005) (User: J-PC) Description: 1084dpsUnavailable{7022A3B3-D004-4F52-AF11-E9E987FEE25F} Microsoft Office: ========================= ==================== Memory info =========================== Processor: Intel® Core i7-4770S CPU @ 3.10GHz Percentage of memory in use: 18% Total physical RAM: 12227.29 MB Available physical RAM: 10013.91 MB Total Pagefile: 24515.29 MB Available Pagefile: 22101.5 MB Total Virtual: 131072 MB Available Virtual: 131071.84 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:1848.58 GB) (Free:1453.5 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 1863 GB) (Disk ID: F56D093E) Partition: GPT Partition Type. ==================== End of log ============================
  20. I installed a program called VisualStyler.Net made by a company called SkinSoft and I'm now thinking it was malware. It's a program to reskin/customize your UIs in Visual Studio to make them more visually pleasing. It(The program) was installing via an installer, and I canceled it due to the fact that I felt like it was too suspicious. My Visual Studio 2013 was very slow, groggy, and overall a pain to work with as it was now crashing. Keep in mind VS2013 was running like a charm up until this incident. My explorer.exe was crashing, and I knew something was wrong. The only program that caught anything left behind was Adwcleaner which removed three registry keys. I'm now scared that I still have remnants of it, but MBAM and avast! scans have both come back clean. I uninstalled VS2013, and am now attaching logs that hopefully will remove the rest of this program's remnants. Cheers.
  21. I was thinking the same thing. I'm currently using only Avast! Internet Security 2015 and Malwarebytes Anti-Malware Premium and it's working perfectly, just wondering if I have more options for security. Have a good day.
  22. Hello, I was wondering if it was possible to run Avast! Internet Security 2015 + Malwarebytes Anti-Malware Premium + Comodo Firewall without any contradictions or breaks. If anyone else uses this setup, please tell me if it's possible and still provides as much protection as possible.
  23. [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 media.opencandy.com [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.opencandy.com [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 tracking.opencandy.com [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 api.opencandy.com [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 installer.betterinstaller.com [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 installer.filebulldog.com [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 inno.bisrv.com [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 nsis.bisrv.com [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.file2desktop.com [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.goateastcach.us [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.guttastatdk.us [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.inskinmedia.com [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.insta.oibundles2.com [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.insta.playbryte.com [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.llogetfastcach.us [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.montiera.com [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.msdwnld.com [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.mypcbackup.com [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.ppdownload.com [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.riceateastcach.us [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.shyapotato.us [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.solimba.com [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.tuto4pc.com [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.appround.biz [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.bigspeedpro.com [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.bispd.com [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.bisrv.com [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.cdndp.com [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.download.sweetpacks.com [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.dpdownload.com [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.visualbee.net
  24. Nope, I stated I ran it out of paranoia.(I'm very cautious, anything that is even slightly fishy I immmediately go into "lockdown mode") The registry keys were replaces, the only reason I thought maybe they were malicious was because I had just installed Classic Shell a couple weeks ago. The items were deleted, but instantly replaced. I just scanned again, and got a large list of host files, is this normal? [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 media.opencandy.com [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.opencandy.com [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 tracking.opencandy.com [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 api.opencandy.com [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 installer.betterinstaller.com [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 installer.filebulldog.com [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 inno.bisrv.com [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 nsis.bisrv.com [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.file2desktop.com [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.goateastcach.us [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.guttastatdk.us [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.inskinmedia.com [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.insta.oibundles2.com [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.insta.playbryte.com [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.llogetfastcach.us [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.montiera.com [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.msdwnld.com [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.mypcbackup.com [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.ppdownload.com [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.riceateastcach.us [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.shyapotato.us [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.solimba.com [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.tuto4pc.com [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.appround.biz [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.bigspeedpro.com [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.bispd.com [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.bisrv.com [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.cdndp.com [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.download.sweetpacks.com [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.dpdownload.com [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.visualbee.net
  25. I fixed my problem using Malwarebytes RegASSASSIN, please close the thread. I also wanted to thank the people who help others in this section for free, very generous(Not being sarcastic, it kind of sounds like that when I re-read what I typed).
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.