Jump to content

Valor

Members
  • Posts

    38
  • Joined

  • Last visited

Posts posted by Valor

  1. I got a popup right before I ran the fix.

    Detection, 6/18/2015 4:04:21 AM, SYSTEM, J-PC, Protection, Malicious Website Protection, IP, 89.248.171.135, 1900, Inbound, C:\Windows\System32\svchost.exe,
    Detection, 6/18/2015 4:04:21 AM, SYSTEM, J-PC, Protection, Malicious Website Protection, IP, 89.248.171.135, 1900, Inbound, C:\Windows\System32\svchost.exe,

    Attached log it the fix.

  2. Detection, 6/16/2015 12:48:53 PM, SYSTEM, J-PC, Protection, Malicious Website Protection, IP, 89.248.171.135, 1900, Inbound, C:\Windows\System32\svchost.exe,
    Detection, 6/16/2015 12:48:54 PM, SYSTEM, J-PC, Protection, Malicious Website Protection, IP, 89.248.171.135, 1900, Inbound, C:\Windows\System32\svchost.exe,
    Detection, 6/16/2015 12:54:57 PM, SYSTEM, J-PC, Protection, Malicious Website Protection, IP, 89.248.171.135, 1900, Inbound, C:\Windows\System32\svchost.exe,

     

     

    I got these three, and maybe more to come, very close together. I know that this is Malwarebytes doing it's job(blocking the connections), but I want to get rid of the source of whatever is causing these pop-ups. Is this anything to be concered about in the first place? I am grateful for your assistance. Cheers. :D

     

     

    FRST.txt

    Addition.txt

  3. It's running great, except for Visual Studio 2013. It was still lagging and crashing, I couldn't even load projects! I'm thinking that the program corrupted something. I've tried repairing via installer, clean uninstall and reinstall, and /uninstall /force. Nothing has worked, so I force uninstalled and just upgraded to VS2015 Community RC. Thank you very much for your help! It is greatly appreciated!

  4. Fix result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015 01
    Ran by J at 2015-05-30 16:04:31 Run:2
    Running from C:\Users\J\Desktop
    Loaded Profiles: J & DefaultAppPool (Available Profiles: J & DefaultAppPool)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    start

    CloseProcesses:

    FF Extension: Ghostery - C:\Users\J\AppData\Roaming\Mozilla\Firefox\Profiles\az34cp28.default\Extensions\firefox@ghostery.com.xpi [ 2015-05-27]

    EmptyTemp:

    Hosts:

    Reboot:

    end
    *****************

    Processes closed successfully.
    C:\Users\J\AppData\Roaming\Mozilla\Firefox\Profiles\az34cp28.default\Extensions\firefox@ghostery.com.xpi => Moved successfully.
    C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
    Hosts restored successfully.
    EmptyTemp: => Removed 864.8 MB temporary data.

    The system needed a reboot.

    ==== End of Fixlog 16:04:36 ====

  5. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.8.5 (05.30.2015:1)
    OS: Windows 8.1 x64
    Ran by J on Sat 05/30/2015 at 15:57:58.61
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     


    ~~~ Services

     

    ~~~ Tasks

     

    ~~~ Registry Values

    Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-570464586-119374992-2394123655-1002\Software\Microsoft\Internet Explorer\Main\\Start Page

    ~~~ Registry Keys

    ~~~ Files

    ~~~ Folders

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sat 05/30/2015 at 16:02:46.49
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  6. # AdwCleaner v4.205 - Logfile created 30/05/2015 at 15:54:38
    # Updated 21/05/2015 by Xplode
    # Database : 2015-05-21.2 [Local]
    # Operating system : Windows 8.1  (x64)
    # Username : J - J-PC
    # Running from : C:\Users\J\Desktop\Cleaning\AdwCleaner.exe
    # Option : Scan

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    ***** [ Scheduled tasks ] *****


    ***** [ Shortcuts ] *****

    ***** [ Registry ] *****


    ***** [ Web browsers ] *****

    -\\ Internet Explorer v11.0.9600.17416


    -\\ Mozilla Firefox v38.0.1 (x86 en-US)

    *************************

    AdwCleaner[R0].txt - [731 bytes] - [10/05/2015 19:50:01]
    AdwCleaner[R10].txt - [1378 bytes] - [23/05/2015 02:12:33]
    AdwCleaner[R11].txt - [1438 bytes] - [25/05/2015 04:37:55]
    AdwCleaner[R12].txt - [1498 bytes] - [26/05/2015 23:18:11]
    AdwCleaner[R13].txt - [1558 bytes] - [26/05/2015 23:33:09]
    AdwCleaner[R14].txt - [1618 bytes] - [27/05/2015 15:22:04]
    AdwCleaner[R15].txt - [1678 bytes] - [28/05/2015 00:02:25]
    AdwCleaner[R16].txt - [344 bytes] - [28/05/2015 14:00:36]
    AdwCleaner[R17].txt - [2107 bytes] - [28/05/2015 14:04:21]
    AdwCleaner[R18].txt - [1851 bytes] - [28/05/2015 14:08:51]
    AdwCleaner[R19].txt - [2227 bytes] - [28/05/2015 14:09:42]
    AdwCleaner[R1].txt - [789 bytes] - [10/05/2015 19:55:57]
    AdwCleaner[R20].txt - [274 bytes] - [28/05/2015 14:13:18]
    AdwCleaner[R21].txt - [2090 bytes] - [28/05/2015 14:13:48]
    AdwCleaner[R22].txt - [2150 bytes] - [28/05/2015 23:18:29]
    AdwCleaner[R23].txt - [2731 bytes] - [30/05/2015 15:52:12]
    AdwCleaner[R24].txt - [1542 bytes] - [30/05/2015 15:54:38]
    AdwCleaner[R2].txt - [847 bytes] - [11/05/2015 23:54:04]
    AdwCleaner[R3].txt - [905 bytes] - [13/05/2015 07:04:52]
    AdwCleaner[R4].txt - [963 bytes] - [14/05/2015 22:54:15]
    AdwCleaner[R5].txt - [1021 bytes] - [17/05/2015 01:15:11]
    AdwCleaner[R6].txt - [1140 bytes] - [18/05/2015 00:15:06]
    AdwCleaner[R7].txt - [1200 bytes] - [19/05/2015 00:01:23]
    AdwCleaner[R8].txt - [1259 bytes] - [19/05/2015 22:37:37]
    AdwCleaner[R9].txt - [1318 bytes] - [21/05/2015 13:10:32]
    AdwCleaner[s0].txt - [1086 bytes] - [17/05/2015 01:18:18]
    AdwCleaner[s1].txt - [2296 bytes] - [28/05/2015 14:10:23]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R24].txt - [2189 bytes] ##########

  7. I'm very sorry about the post above, I messed up on a pasting portion of it, should be fixed now.

    As you requested-
    Malwarebytes Log:

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 5/29/2015
    Scan Time: 9:53:34 AM
    Logfile:
    Administrator: Yes

    Version: 2.01.6.1022
    Malware Database: v2015.05.29.04
    Rootkit Database: v2015.05.24.01
    License: Premium
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Enabled

    OS: Windows 8.1
    CPU: x64
    File System: NTFS
    User: J

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 446216
    Time Elapsed: 55 min, 45 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)


    FRST Logs
    -FRST.txt:

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015 01
    Ran by J (administrator) on J-PC on 29-05-2015 11:12:33
    Running from C:\Users\J\Desktop\Cleaning
    Loaded Profiles: J (Available Profiles: J & DefaultAppPool)
    Platform: Windows 8.1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.wireshark.org)
    Workflow Manager Client 1.0 (Version: 2.0.40131.0 - Microsoft Corporation) Hidden
    Workflow Manager Tools 1.0 for Visual Studio (Version: 2.0.40326.0 - Microsoft Corporation) Hidden
    Пакет Visual Studio 2012 Verification SDK - rus (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Restore Points =========================

    18-05-2015 16:17:46 Removed Microsoft Visual Studio 2012 Devenv
    18-05-2015 16:18:25 Removed Microsoft Visual Studio 2010 Office Developer Tools (x64)
    18-05-2015 16:19:36 Removed Microsoft ASP.NET MVC 4 - Visual Studio 2012 Tools
    18-05-2015 16:20:58 Removed Microsoft ASP.NET Web Pages 2 - Visual Studio 2012 Tools
    18-05-2015 16:22:59 Removed Microsoft ASP.NET Web Pages - Visual Studio 2012 Tools
    18-05-2015 16:24:01 Removed Microsoft Report Viewer Add-On for Visual Studio 2012
    18-05-2015 16:25:03 Removed Blend for Visual Studio 2012 ENU resources
    18-05-2015 16:25:47 Removed Microsoft LightSwitch for Visual Studio 2012 CoreRes - ENU
    18-05-2015 16:26:56 Removed Visual Studio Extensions for Windows Library for JavaScript
    18-05-2015 16:28:52 Removed Microsoft Web Developer Tools - Visual Studio 2012
    18-05-2015 16:30:04 Removed Blend for Visual Studio 2012
    18-05-2015 16:31:23 Removed Visual Studio 2012 Prerequisites - ENU Language Pack
    18-05-2015 16:32:19 Removed PreEmptive Analytics Visual Studio Components
    18-05-2015 16:32:59 Removed Microsoft LightSwitch for Visual Studio 2012 Core
    18-05-2015 16:34:38 Removed Microsoft ASP.NET MVC 3 - Visual Studio 2012 Tools Update
    18-05-2015 16:36:34 Removed Microsoft NuGet - Visual Studio 2012
    18-05-2015 16:37:15 Removed Visual Studio 2012 Prerequisites
    18-05-2015 16:38:38 Removed Prerequisites for SSDT
    18-05-2015 16:41:38 Removed Prerequisites for SSDT
    18-05-2015 16:43:58 Removed Microsoft Web Deploy dbSqlPackage Provider - enu
    18-05-2015 16:44:42 Removed Microsoft SQL Server Data Tools - enu (11.1.20627.00)
    18-05-2015 16:45:45 Removed Microsoft SQL Server 2012 Command Line Utilities
    18-05-2015 16:46:28 Removed Microsoft SQL Server 2012 Data-Tier App Framework
    18-05-2015 16:47:09 Removed Microsoft SQL Server 2012 Data-Tier App Framework  (x64)
    18-05-2015 16:47:56 Removed Microsoft SQL Server 2012 Express LocalDB
    18-05-2015 16:48:47 Removed Microsoft SQL Server 2012 Native Client
    18-05-2015 16:49:53 Removed Microsoft SQL Server 2014 Express LocalDB
    18-05-2015 16:50:45 Removed Microsoft SQL Server System CLR Types
    18-05-2015 16:51:40 Removed Microsoft System CLR Types for SQL Server 2014
    18-05-2015 16:56:19 Removed Microsoft System CLR Types for SQL Server 2014
    18-05-2015 16:57:02 Removed Microsoft SQL Server Compact 4.0 SP1 x64 ENU
    18-05-2015 16:58:26 Removed Microsoft SQL Server 2012 Transact-SQL ScriptDom
    18-05-2015 16:59:32 Removed Microsoft System CLR Types for SQL Server 2014
    18-05-2015 17:02:40 Removed Microsoft SQL Server 2014 T-SQL Language Service
    18-05-2015 17:03:49 Removed Microsoft SQL Server System CLR Types (x64)
    18-05-2015 17:04:43 Removed Microsoft SQL Server 2012 Management Objects  (x64)
    18-05-2015 17:05:42 Removed Microsoft SQL Server 2012 Management Objects
    18-05-2015 17:06:43 Removed Microsoft SQL Server 2014 Management Objects
    18-05-2015 17:07:49 Removed Microsoft SQL Server 2014 Management Objects  (x64)
    18-05-2015 17:08:48 Removed Microsoft System CLR Types for SQL Server 2012
    18-05-2015 17:09:35 Removed Microsoft System CLR Types for SQL Server 2012 (x64)
    18-05-2015 17:10:37 Removed Microsoft SQL Server 2012 T-SQL Language Service
    18-05-2015 17:11:22 Removed Microsoft SQL Server 2014 Transact-SQL ScriptDom
    18-05-2015 17:12:03 Removed Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00)
    18-05-2015 17:12:43 Removed Microsoft SQL Server 2012 Transact-SQL Compiler Service
    18-05-2015 17:13:22 Removed Microsoft Web Platform Installer 4.0
    18-05-2015 17:14:13 Removed Microsoft XNA Framework Redistributable 4.0 Refresh
    18-05-2015 17:15:08 Removed Microsoft XNA Game Studio Platform Tools
    18-05-2015 17:18:25 Windows Modules Installer
    18-05-2015 23:05:41 Windows Modules Installer
    21-05-2015 16:49:36 Removed Java 8 Update 40 (64-bit)
    21-05-2015 16:50:32 Removed Java 8 Update 40 (64-bit)
    21-05-2015 16:51:16 Removed Java 8 Update 45
    21-05-2015 16:55:14 Removed Java 8 Update 45
    21-05-2015 16:56:40 Installed Java 7 Update 67 (64-bit)
    21-05-2015 17:00:57 Removed Java 7 Update 67 (64-bit)
    21-05-2015 17:05:06 Installed Java 7 Update 79
    27-05-2015 16:35:00 zoek.exe restore point
    28-05-2015 12:36:47 Windows Modules Installer
    28-05-2015 12:40:20 Windows Modules Installer
    28-05-2015 12:41:46 Windows Modules Installer
    28-05-2015 12:44:01 Restore Operation
    28-05-2015 13:13:21 Windows Modules Installer
    28-05-2015 23:44:03 Restore Point Created by FRST

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 08:25 - 2015-05-29 11:07 - 00001916 ____A C:\WINDOWS\system32\Drivers\etc\hosts
    0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
    0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
    0.0.0.0 media.opencandy.com
    0.0.0.0 cdn.opencandy.com
    0.0.0.0 tracking.opencandy.com
    0.0.0.0 api.opencandy.com
    0.0.0.0 installer.betterinstaller.com
    0.0.0.0 installer.filebulldog.com
    0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
    0.0.0.0 inno.bisrv.com
    0.0.0.0 nsis.bisrv.com
    0.0.0.0 cdn.file2desktop.com
    0.0.0.0 cdn.goateastcach.us
    0.0.0.0 cdn.guttastatdk.us
    0.0.0.0 cdn.inskinmedia.com
    0.0.0.0 cdn.insta.oibundles2.com
    0.0.0.0 cdn.insta.playbryte.com
    0.0.0.0 cdn.llogetfastcach.us
    0.0.0.0 cdn.montiera.com
    0.0.0.0 cdn.msdwnld.com
    0.0.0.0 cdn.mypcbackup.com
    0.0.0.0 cdn.ppdownload.com
    0.0.0.0 cdn.riceateastcach.us
    0.0.0.0 cdn.shyapotato.us
    0.0.0.0 cdn.solimba.com
    0.0.0.0 cdn.tuto4pc.com
    0.0.0.0 cdn.appround.biz
    0.0.0.0 cdn.bigspeedpro.com
    0.0.0.0 cdn.bispd.com

    There are 4 more lines.


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {4E359AF4-5CF4-4133-A6B2-96503A0AFE60} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
    Task: {67804067-E2EE-4529-833A-61CAD255FB68} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-05-14] (Microsoft Corporation)
    Task: {73992560-4BDA-47E9-9E36-20C39B28A830} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe
    Task: {85EE00BA-3FEF-4AFA-BCD4-7BBE98C02C2F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-23] (Avast Software s.r.o.)
    Task: {89388CEA-076A-4409-88E7-8AA214693171} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)
    Task: {ACA76F49-F065-4A95-A83A-78A4CE8056B9} - System32\Tasks\{7A2657A7-9A34-4DCE-8B29-EF6B66A29D14} => pcalua.exe -a "C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\pbsvc_fc3.exe" -c -u
    Task: {C540F8F3-89F0-432E-819D-CFD4128A6180} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
    Task: {E01BA71E-DB7C-47B3-BA55-7D078707D699} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)

    ==================== Loaded Modules (Whitelisted) ==============

    2015-04-17 07:36 - 2015-05-11 22:30 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2015-03-17 09:21 - 2015-03-17 09:21 - 00216576 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
    2014-05-13 18:57 - 2014-05-13 18:57 - 00210648 _____ () C:\Program Files (x86)\NETGEAR\A6210\NetgearSwitchUSB.exe
    2013-12-16 11:29 - 2013-08-28 10:24 - 00920736 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
    2015-04-23 23:15 - 2015-04-23 23:15 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
    2015-04-23 23:15 - 2015-04-23 23:15 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2015-05-29 09:54 - 2015-05-29 09:54 - 02950656 _____ () C:\Program Files\AVAST Software\Avast\defs\15052900\algo.dll
    2015-03-17 09:07 - 2015-03-17 09:07 - 00221184 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
    2015-03-17 08:54 - 2015-03-17 08:54 - 00050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
    2015-03-17 09:07 - 2015-03-17 09:07 - 00070656 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
    2015-03-17 09:10 - 2015-03-17 09:10 - 00744448 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-20.dll
    2015-03-17 09:01 - 2015-03-17 09:01 - 00038400 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll
    2015-04-17 07:29 - 2015-05-01 11:52 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
    2015-03-12 13:07 - 2015-03-12 13:07 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2013-12-16 11:29 - 2015-05-29 11:09 - 00026624 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
    2013-12-16 11:29 - 2010-06-28 21:58 - 00104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
    2013-12-16 11:22 - 2013-08-19 14:10 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

    ==================== Safe Mode (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\03733015.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\07704620.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\36189129.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\37082435.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\37396852.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\64035711.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\67683272.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\72717616.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\73141419.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\03733015.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\07704620.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\36189129.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\37082435.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\37396852.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\64035711.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\67683272.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\72717616.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\73141419.sys => ""="Driver"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-570464586-119374992-2394123655-1002\...\clonewarsadventures.com -> clonewarsadventures.com
    IE trusted site: HKU\S-1-5-21-570464586-119374992-2394123655-1002\...\freerealms.com -> freerealms.com
    IE trusted site: HKU\S-1-5-21-570464586-119374992-2394123655-1002\...\soe.com -> soe.com
    IE trusted site: HKU\S-1-5-21-570464586-119374992-2394123655-1002\...\sony.com -> sony.com


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-570464586-119374992-2394123655-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme1\img4.jpg
    DNS Servers: 8.8.8.8 - 208.67.222.222

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    HKLM\...\StartupApproved\StartupFolder: => "NETGEAR A6210 Genie.lnk"
    HKLM\...\StartupApproved\Run: => "RTHDVCPL"
    HKLM\...\StartupApproved\Run: => "RtHDVBg"
    HKLM\...\StartupApproved\Run: => "NvBackend"
    HKLM\...\StartupApproved\Run: => "ShadowPlay"
    HKLM\...\StartupApproved\Run: => "BtServer"
    HKLM\...\StartupApproved\Run32: => "ASUSPRP"
    HKLM\...\StartupApproved\Run32: => "KeyScrambler"
    HKLM\...\StartupApproved\Run32: => "RemoteControl10"
    HKLM\...\StartupApproved\Run32: => "NvBackend"
    HKLM\...\StartupApproved\Run32: => "IAStorIcon"
    HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
    HKLM\...\StartupApproved\Run32: => "Razer Synapse"
    HKU\S-1-5-21-570464586-119374992-2394123655-1002\...\StartupApproved\StartupFolder: => "PureVPN.lnk"
    HKU\S-1-5-21-570464586-119374992-2394123655-1002\...\StartupApproved\Run: => "Skype"
    HKU\S-1-5-21-570464586-119374992-2394123655-1002\...\StartupApproved\Run: => "Steam"
    HKU\S-1-5-21-570464586-119374992-2394123655-1002\...\StartupApproved\Run: => "Spotify"
    HKU\S-1-5-21-570464586-119374992-2394123655-1002\...\StartupApproved\Run: => "CCleaner Monitoring"
    HKU\S-1-5-21-570464586-119374992-2394123655-1002\...\StartupApproved\Run: => "Spotify Web Helper"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (05/29/2015 10:35:19 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: herdProtectScan.exe, version: 1.0.3.9, time stamp: 0x549300f9
    Faulting module name: LSASRV.dll, version: 6.3.9600.17784, time stamp: 0x5514c4f0
    Exception code: 0xc0000005
    Fault offset: 0x000000000005036a
    Faulting process id: 0x15ac
    Faulting application start time: 0xherdProtectScan.exe0
    Faulting application path: herdProtectScan.exe1
    Faulting module path: herdProtectScan.exe2
    Report Id: herdProtectScan.exe3
    Faulting package full name: herdProtectScan.exe4
    Faulting package-relative application ID: herdProtectScan.exe5

    Error: (05/29/2015 09:56:25 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: herdProtectScan.exe, version: 1.0.3.9, time stamp: 0x549300f9
    Faulting module name: LSASRV.dll, version: 6.3.9600.17784, time stamp: 0x5514c4f0
    Exception code: 0xc0000005
    Fault offset: 0x000000000005036a
    Faulting process id: 0x15ac
    Faulting application start time: 0xherdProtectScan.exe0
    Faulting application path: herdProtectScan.exe1
    Faulting module path: herdProtectScan.exe2
    Report Id: herdProtectScan.exe3
    Faulting package full name: herdProtectScan.exe4
    Faulting package-relative application ID: herdProtectScan.exe5

    Error: (05/29/2015 01:02:53 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: herdProtectScan.exe, version: 1.0.3.9, time stamp: 0x549300f9
    Faulting module name: LSASRV.dll, version: 6.3.9600.17784, time stamp: 0x5514c4f0
    Exception code: 0xc0000005
    Fault offset: 0x000000000005036a
    Faulting process id: 0x1558
    Faulting application start time: 0xherdProtectScan.exe0
    Faulting application path: herdProtectScan.exe1
    Faulting module path: herdProtectScan.exe2
    Report Id: herdProtectScan.exe3
    Faulting package full name: herdProtectScan.exe4
    Faulting package-relative application ID: herdProtectScan.exe5

    Error: (05/29/2015 00:50:13 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program CCleaner64.exe version 5.3.0.5128 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 125c

    Start Time: 01d099cc34538791

    Termination Time: 6968

    Application Path: C:\Program Files\CCleaner\CCleaner64.exe

    Report Id: 8cb91475-05c6-11e5-831f-6c71d9d9cfd2

    Faulting package full name:

    Faulting package-relative application ID:

    Error: (05/29/2015 00:39:59 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: herdProtectScan.exe, version: 1.0.3.9, time stamp: 0x549300f9
    Faulting module name: LSASRV.dll, version: 6.3.9600.17784, time stamp: 0x5514c4f0
    Exception code: 0xc0000005
    Fault offset: 0x000000000005036a
    Faulting process id: 0x148c
    Faulting application start time: 0xherdProtectScan.exe0
    Faulting application path: herdProtectScan.exe1
    Faulting module path: herdProtectScan.exe2
    Report Id: herdProtectScan.exe3
    Faulting package full name: herdProtectScan.exe4
    Faulting package-relative application ID: herdProtectScan.exe5

    Error: (05/28/2015 11:59:20 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: herdProtectScan.exe, version: 1.0.3.9, time stamp: 0x549300f9
    Faulting module name: LSASRV.dll, version: 6.3.9600.17784, time stamp: 0x5514c4f0
    Exception code: 0xc0000005
    Fault offset: 0x000000000005036a
    Faulting process id: 0x148c
    Faulting application start time: 0xherdProtectScan.exe0
    Faulting application path: herdProtectScan.exe1
    Faulting module path: herdProtectScan.exe2
    Report Id: herdProtectScan.exe3
    Faulting package full name: herdProtectScan.exe4
    Faulting package-relative application ID: herdProtectScan.exe5

    Error: (05/28/2015 11:44:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


    Details:
    AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.

    System Error:
    The system cannot find the file specified.
    .

    Error: (05/28/2015 11:44:03 PM) (Source: VSS) (EventID: 8194) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
       Gathering Writer Data

    Context:
       Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
       Writer Name: System Writer
       Writer Instance ID: {7ec5e394-2888-47cf-af20-b1e590d75c14}

    Error: (05/28/2015 11:31:07 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: herdProtectScan.exe, version: 1.0.3.9, time stamp: 0x549300f9
    Faulting module name: LSASRV.dll, version: 6.3.9600.17784, time stamp: 0x5514c4f0
    Exception code: 0xc0000005
    Fault offset: 0x000000000005036a
    Faulting process id: 0x1588
    Faulting application start time: 0xherdProtectScan.exe0
    Faulting application path: herdProtectScan.exe1
    Faulting module path: herdProtectScan.exe2
    Report Id: herdProtectScan.exe3
    Faulting package full name: herdProtectScan.exe4
    Faulting package-relative application ID: herdProtectScan.exe5

    Error: (05/28/2015 11:31:04 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: herdProtectScan.exe, version: 1.0.3.9, time stamp: 0x549300f9
    Faulting module name: LSASRV.dll, version: 6.3.9600.17784, time stamp: 0x5514c4f0
    Exception code: 0xc0000005
    Fault offset: 0x000000000005036a
    Faulting process id: 0x1588
    Faulting application start time: 0xherdProtectScan.exe0
    Faulting application path: herdProtectScan.exe1
    Faulting module path: herdProtectScan.exe2
    Report Id: herdProtectScan.exe3
    Faulting package full name: herdProtectScan.exe4
    Faulting package-relative application ID: herdProtectScan.exe5


    System errors:
    =============
    Error: (05/29/2015 11:05:38 AM) (Source: DCOM) (EventID: 10005) (User: J-PC)
    Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030}

    Error: (05/29/2015 11:05:38 AM) (Source: DCOM) (EventID: 10005) (User: J-PC)
    Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

    Error: (05/29/2015 11:01:49 AM) (Source: DCOM) (EventID: 10005) (User: J-PC)
    Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

    Error: (05/29/2015 10:52:31 AM) (Source: DCOM) (EventID: 10005) (User: J-PC)
    Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

    Error: (05/29/2015 10:52:29 AM) (Source: DCOM) (EventID: 10005) (User: J-PC)
    Description: 1084dpsUnavailable{7022A3B3-D004-4F52-AF11-E9E987FEE25F}

    Error: (05/29/2015 10:52:29 AM) (Source: DCOM) (EventID: 10005) (User: J-PC)
    Description: 1084dpsUnavailable{7022A3B3-D004-4F52-AF11-E9E987FEE25F}

    Error: (05/29/2015 10:52:29 AM) (Source: DCOM) (EventID: 10005) (User: J-PC)
    Description: 1084dpsUnavailable{7022A3B3-D004-4F52-AF11-E9E987FEE25F}

    Error: (05/29/2015 10:52:29 AM) (Source: DCOM) (EventID: 10005) (User: J-PC)
    Description: 1084dpsUnavailable{7022A3B3-D004-4F52-AF11-E9E987FEE25F}

    Error: (05/29/2015 10:52:29 AM) (Source: DCOM) (EventID: 10005) (User: J-PC)
    Description: 1084dpsUnavailable{7022A3B3-D004-4F52-AF11-E9E987FEE25F}

    Error: (05/29/2015 10:52:29 AM) (Source: DCOM) (EventID: 10005) (User: J-PC)
    Description: 1084dpsUnavailable{7022A3B3-D004-4F52-AF11-E9E987FEE25F}


    Microsoft Office:
    =========================

    ==================== Memory info ===========================

    Processor: Intel® Core i7-4770S CPU @ 3.10GHz
    Percentage of memory in use: 18%
    Total physical RAM: 12227.29 MB
    Available physical RAM: 10013.91 MB
    Total Pagefile: 24515.29 MB
    Available Pagefile: 22101.5 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.84 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:1848.58 GB) (Free:1453.5 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 1863 GB) (Disk ID: F56D093E)

    Partition: GPT Partition Type.

    ==================== End of log ============================

  8. Here you go, that first post where I attached logs was my fault.

    As you requested-

    Malwarebytes Log:

    Malwarebytes Anti-Malware

    www.malwarebytes.org

    Scan Date: 5/29/2015

    Scan Time: 9:53:34 AM

    Logfile:

    Administrator: Yes

    Version: 2.01.6.1022

    Malware Database: v2015.05.29.04

    Rootkit Database: v2015.05.24.01

    License: Premium

    Malware Protection: Enabled

    Malicious Website Protection: Enabled

    Self-protection: Enabled

    OS: Windows 8.1

    CPU: x64

    File System: NTFS

    User: J

    Scan Type: Threat Scan

    Result: Completed

    Objects Scanned: 446216

    Time Elapsed: 55 min, 45 sec

    Memory: Enabled

    Startup: Enabled

    Filesystem: Enabled

    Archives: Enabled

    Rootkits: Enabled

    Heuristics: Enabled

    PUP: Enabled

    PUM: Enabled

    Processes: 0

    (No malicious items detected)

    Modules: 0

    (No malicious items detected)

    Registry Keys: 0

    (No malicious items detected)

    Registry Values: 0

    (No malicious items detected)

    Registry Data: 0

    (No malicious items detected)

    Folders: 0

    (No malicious items detected)

    Files: 0

    (No malicious items detected)

    Physical Sectors: 0

    (No malicious items detected)

    (end)

    FRST Logs

    -FRST.txt:

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015 01

    Ran by J (administrator) on J-PC on 29-05-2015 11:12:33

    Running from C:\Users\J\Desktop\Cleaning

    Loaded Profiles: J (Available Profiles: J & DefaultAppPool)

    Platform: Windows 8.1 (X64) OS Language: English (United States)

    Internet Explorer Version 11 (Default browser: FF)

    Boot Mode: Normal

    Tutorial for Farbar Recovery Scan Tool: http://www.wireshark.org)

    Workflow Manager Client 1.0 (Version: 2.0.40131.0 - Microsoft Corporation) Hidden

    Workflow Manager Tools 1.0 for Visual Studio (Version: 2.0.40326.0 - Microsoft Corporation) Hidden

    Пакет Visual Studio 2012 Verification SDK - rus (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ==================== Restore Points =========================

    18-05-2015 16:17:46 Removed Microsoft Visual Studio 2012 Devenv

    18-05-2015 16:18:25 Removed Microsoft Visual Studio 2010 Office Developer Tools (x64)

    18-05-2015 16:19:36 Removed Microsoft ASP.NET MVC 4 - Visual Studio 2012 Tools

    18-05-2015 16:20:58 Removed Microsoft ASP.NET Web Pages 2 - Visual Studio 2012 Tools

    18-05-2015 16:22:59 Removed Microsoft ASP.NET Web Pages - Visual Studio 2012 Tools

    18-05-2015 16:24:01 Removed Microsoft Report Viewer Add-On for Visual Studio 2012

    18-05-2015 16:25:03 Removed Blend for Visual Studio 2012 ENU resources

    18-05-2015 16:25:47 Removed Microsoft LightSwitch for Visual Studio 2012 CoreRes - ENU

    18-05-2015 16:26:56 Removed Visual Studio Extensions for Windows Library for JavaScript

    18-05-2015 16:28:52 Removed Microsoft Web Developer Tools - Visual Studio 2012

    18-05-2015 16:30:04 Removed Blend for Visual Studio 2012

    18-05-2015 16:31:23 Removed Visual Studio 2012 Prerequisites - ENU Language Pack

    18-05-2015 16:32:19 Removed PreEmptive Analytics Visual Studio Components

    18-05-2015 16:32:59 Removed Microsoft LightSwitch for Visual Studio 2012 Core

    18-05-2015 16:34:38 Removed Microsoft ASP.NET MVC 3 - Visual Studio 2012 Tools Update

    18-05-2015 16:36:34 Removed Microsoft NuGet - Visual Studio 2012

    18-05-2015 16:37:15 Removed Visual Studio 2012 Prerequisites

    18-05-2015 16:38:38 Removed Prerequisites for SSDT

    18-05-2015 16:41:38 Removed Prerequisites for SSDT

    18-05-2015 16:43:58 Removed Microsoft Web Deploy dbSqlPackage Provider - enu

    18-05-2015 16:44:42 Removed Microsoft SQL Server Data Tools - enu (11.1.20627.00)

    18-05-2015 16:45:45 Removed Microsoft SQL Server 2012 Command Line Utilities

    18-05-2015 16:46:28 Removed Microsoft SQL Server 2012 Data-Tier App Framework

    18-05-2015 16:47:09 Removed Microsoft SQL Server 2012 Data-Tier App Framework (x64)

    18-05-2015 16:47:56 Removed Microsoft SQL Server 2012 Express LocalDB

    18-05-2015 16:48:47 Removed Microsoft SQL Server 2012 Native Client

    18-05-2015 16:49:53 Removed Microsoft SQL Server 2014 Express LocalDB

    18-05-2015 16:50:45 Removed Microsoft SQL Server System CLR Types

    18-05-2015 16:51:40 Removed Microsoft System CLR Types for SQL Server 2014

    18-05-2015 16:56:19 Removed Microsoft System CLR Types for SQL Server 2014

    18-05-2015 16:57:02 Removed Microsoft SQL Server Compact 4.0 SP1 x64 ENU

    18-05-2015 16:58:26 Removed Microsoft SQL Server 2012 Transact-SQL ScriptDom

    18-05-2015 16:59:32 Removed Microsoft System CLR Types for SQL Server 2014

    18-05-2015 17:02:40 Removed Microsoft SQL Server 2014 T-SQL Language Service

    18-05-2015 17:03:49 Removed Microsoft SQL Server System CLR Types (x64)

    18-05-2015 17:04:43 Removed Microsoft SQL Server 2012 Management Objects (x64)

    18-05-2015 17:05:42 Removed Microsoft SQL Server 2012 Management Objects

    18-05-2015 17:06:43 Removed Microsoft SQL Server 2014 Management Objects

    18-05-2015 17:07:49 Removed Microsoft SQL Server 2014 Management Objects (x64)

    18-05-2015 17:08:48 Removed Microsoft System CLR Types for SQL Server 2012

    18-05-2015 17:09:35 Removed Microsoft System CLR Types for SQL Server 2012 (x64)

    18-05-2015 17:10:37 Removed Microsoft SQL Server 2012 T-SQL Language Service

    18-05-2015 17:11:22 Removed Microsoft SQL Server 2014 Transact-SQL ScriptDom

    18-05-2015 17:12:03 Removed Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00)

    18-05-2015 17:12:43 Removed Microsoft SQL Server 2012 Transact-SQL Compiler Service

    18-05-2015 17:13:22 Removed Microsoft Web Platform Installer 4.0

    18-05-2015 17:14:13 Removed Microsoft XNA Framework Redistributable 4.0 Refresh

    18-05-2015 17:15:08 Removed Microsoft XNA Game Studio Platform Tools

    18-05-2015 17:18:25 Windows Modules Installer

    18-05-2015 23:05:41 Windows Modules Installer

    21-05-2015 16:49:36 Removed Java 8 Update 40 (64-bit)

    21-05-2015 16:50:32 Removed Java 8 Update 40 (64-bit)

    21-05-2015 16:51:16 Removed Java 8 Update 45

    21-05-2015 16:55:14 Removed Java 8 Update 45

    21-05-2015 16:56:40 Installed Java 7 Update 67 (64-bit)

    21-05-2015 17:00:57 Removed Java 7 Update 67 (64-bit)

    21-05-2015 17:05:06 Installed Java 7 Update 79

    27-05-2015 16:35:00 zoek.exe restore point

    28-05-2015 12:36:47 Windows Modules Installer

    28-05-2015 12:40:20 Windows Modules Installer

    28-05-2015 12:41:46 Windows Modules Installer

    28-05-2015 12:44:01 Restore Operation

    28-05-2015 13:13:21 Windows Modules Installer

    28-05-2015 23:44:03 Restore Point Created by FRST

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 08:25 - 2015-05-29 11:07 - 00001916 ____A C:\WINDOWS\system32\Drivers\etc\hosts

    0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly

    0.0.0.0 tracking.opencandy.com.s3.amazonaws.com

    0.0.0.0 media.opencandy.com

    0.0.0.0 cdn.opencandy.com

    0.0.0.0 tracking.opencandy.com

    0.0.0.0 api.opencandy.com

    0.0.0.0 installer.betterinstaller.com

    0.0.0.0 installer.filebulldog.com

    0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net

    0.0.0.0 inno.bisrv.com

    0.0.0.0 nsis.bisrv.com

    0.0.0.0 cdn.file2desktop.com

    0.0.0.0 cdn.goateastcach.us

    0.0.0.0 cdn.guttastatdk.us

    0.0.0.0 cdn.inskinmedia.com

    0.0.0.0 cdn.insta.oibundles2.com

    0.0.0.0 cdn.insta.playbryte.com

    0.0.0.0 cdn.llogetfastcach.us

    0.0.0.0 cdn.montiera.com

    0.0.0.0 cdn.msdwnld.com

    0.0.0.0 cdn.mypcbackup.com

    0.0.0.0 cdn.ppdownload.com

    0.0.0.0 cdn.riceateastcach.us

    0.0.0.0 cdn.shyapotato.us

    0.0.0.0 cdn.solimba.com

    0.0.0.0 cdn.tuto4pc.com

    0.0.0.0 cdn.appround.biz

    0.0.0.0 cdn.bigspeedpro.com

    0.0.0.0 cdn.bispd.com

    There are 4 more lines.

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {4E359AF4-5CF4-4133-A6B2-96503A0AFE60} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)

    Task: {67804067-E2EE-4529-833A-61CAD255FB68} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-05-14] (Microsoft Corporation)

    Task: {73992560-4BDA-47E9-9E36-20C39B28A830} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe

    Task: {85EE00BA-3FEF-4AFA-BCD4-7BBE98C02C2F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-23] (Avast Software s.r.o.)

    Task: {89388CEA-076A-4409-88E7-8AA214693171} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)

    Task: {ACA76F49-F065-4A95-A83A-78A4CE8056B9} - System32\Tasks\{7A2657A7-9A34-4DCE-8B29-EF6B66A29D14} => pcalua.exe -a "C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\pbsvc_fc3.exe" -c -u

    Task: {C540F8F3-89F0-432E-819D-CFD4128A6180} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)

    Task: {E01BA71E-DB7C-47B3-BA55-7D078707D699} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)

    ==================== Loaded Modules (Whitelisted) ==============

    2015-04-17 07:36 - 2015-05-11 22:30 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

    2015-03-17 09:21 - 2015-03-17 09:21 - 00216576 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe

    2014-05-13 18:57 - 2014-05-13 18:57 - 00210648 _____ () C:\Program Files (x86)\NETGEAR\A6210\NetgearSwitchUSB.exe

    2013-12-16 11:29 - 2013-08-28 10:24 - 00920736 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe

    2015-04-23 23:15 - 2015-04-23 23:15 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll

    2015-04-23 23:15 - 2015-04-23 23:15 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll

    2015-05-29 09:54 - 2015-05-29 09:54 - 02950656 _____ () C:\Program Files\AVAST Software\Avast\defs\15052900\algo.dll

    2015-03-17 09:07 - 2015-03-17 09:07 - 00221184 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll

    2015-03-17 08:54 - 2015-03-17 08:54 - 00050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll

    2015-03-17 09:07 - 2015-03-17 09:07 - 00070656 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll

    2015-03-17 09:10 - 2015-03-17 09:10 - 00744448 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-20.dll

    2015-03-17 09:01 - 2015-03-17 09:01 - 00038400 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll

    2015-04-17 07:29 - 2015-05-01 11:52 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll

    2015-03-12 13:07 - 2015-03-12 13:07 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

    2013-12-16 11:29 - 2015-05-29 11:09 - 00026624 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll

    2013-12-16 11:29 - 2010-06-28 21:58 - 00104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll

    2013-12-16 11:22 - 2013-08-19 14:10 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

    ==================== Safe Mode (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\03733015.sys => ""="Driver"

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\07704620.sys => ""="Driver"

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\36189129.sys => ""="Driver"

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\37082435.sys => ""="Driver"

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\37396852.sys => ""="Driver"

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\64035711.sys => ""="Driver"

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\67683272.sys => ""="Driver"

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\72717616.sys => ""="Driver"

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\73141419.sys => ""="Driver"

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\03733015.sys => ""="Driver"

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\07704620.sys => ""="Driver"

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\36189129.sys => ""="Driver"

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\37082435.sys => ""="Driver"

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\37396852.sys => ""="Driver"

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\64035711.sys => ""="Driver"

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\67683272.sys => ""="Driver"

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\72717616.sys => ""="Driver"

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\73141419.sys => ""="Driver"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)

    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-570464586-119374992-2394123655-1002\...\clonewarsadventures.com -> clonewarsadventures.com

    IE trusted site: HKU\S-1-5-21-570464586-119374992-2394123655-1002\...\freerealms.com -> freerealms.com

    IE trusted site: HKU\S-1-5-21-570464586-119374992-2394123655-1002\...\soe.com -> soe.com

    IE trusted site: HKU\S-1-5-21-570464586-119374992-2394123655-1002\...\sony.com -> sony.com

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-570464586-119374992-2394123655-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme1\img4.jpg

    DNS Servers: 8.8.8.8 - 208.67.222.222

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    HKLM\...\StartupApproved\StartupFolder: => "NETGEAR A6210 Genie.lnk"

    HKLM\...\StartupApproved\Run: => "RTHDVCPL"

    HKLM\...\StartupApproved\Run: => "RtHDVBg"

    HKLM\...\StartupApproved\Run: => "NvBackend"

    HKLM\...\StartupApproved\Run: => "ShadowPlay"

    HKLM\...\StartupApproved\Run: => "BtServer"

    HKLM\...\StartupApproved\Run32: => "ASUSPRP"

    HKLM\...\StartupApproved\Run32: => "KeyScrambler"

    HKLM\...\StartupApproved\Run32: => "RemoteControl10"

    HKLM\...\StartupApproved\Run32: => "NvBackend"

    HKLM\...\StartupApproved\Run32: => "IAStorIcon"

    HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"

    HKLM\...\StartupApproved\Run32: => "Razer Synapse"

    HKU\S-1-5-21-570464586-119374992-2394123655-1002\...\StartupApproved\StartupFolder: => "PureVPN.lnk"

    HKU\S-1-5-21-570464586-119374992-2394123655-1002\...\StartupApproved\Run: => "Skype"

    HKU\S-1-5-21-570464586-119374992-2394123655-1002\...\StartupApproved\Run: => "Steam"

    HKU\S-1-5-21-570464586-119374992-2394123655-1002\...\StartupApproved\Run: => "Spotify"

    HKU\S-1-5-21-570464586-119374992-2394123655-1002\...\StartupApproved\Run: => "CCleaner Monitoring"

    HKU\S-1-5-21-570464586-119374992-2394123655-1002\...\StartupApproved\Run: => "Spotify Web Helper"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ==================== Faulty Device Manager Devices =============

    ==================== Event log errors: =========================

    Application errors:

    ==================

    Error: (05/29/2015 10:35:19 AM) (Source: Application Error) (EventID: 1000) (User: )

    Description: Faulting application name: herdProtectScan.exe, version: 1.0.3.9, time stamp: 0x549300f9

    Faulting module name: LSASRV.dll, version: 6.3.9600.17784, time stamp: 0x5514c4f0

    Exception code: 0xc0000005

    Fault offset: 0x000000000005036a

    Faulting process id: 0x15ac

    Faulting application start time: 0xherdProtectScan.exe0

    Faulting application path: herdProtectScan.exe1

    Faulting module path: herdProtectScan.exe2

    Report Id: herdProtectScan.exe3

    Faulting package full name: herdProtectScan.exe4

    Faulting package-relative application ID: herdProtectScan.exe5

    Error: (05/29/2015 09:56:25 AM) (Source: Application Error) (EventID: 1000) (User: )

    Description: Faulting application name: herdProtectScan.exe, version: 1.0.3.9, time stamp: 0x549300f9

    Faulting module name: LSASRV.dll, version: 6.3.9600.17784, time stamp: 0x5514c4f0

    Exception code: 0xc0000005

    Fault offset: 0x000000000005036a

    Faulting process id: 0x15ac

    Faulting application start time: 0xherdProtectScan.exe0

    Faulting application path: herdProtectScan.exe1

    Faulting module path: herdProtectScan.exe2

    Report Id: herdProtectScan.exe3

    Faulting package full name: herdProtectScan.exe4

    Faulting package-relative application ID: herdProtectScan.exe5

    Error: (05/29/2015 01:02:53 AM) (Source: Application Error) (EventID: 1000) (User: )

    Description: Faulting application name: herdProtectScan.exe, version: 1.0.3.9, time stamp: 0x549300f9

    Faulting module name: LSASRV.dll, version: 6.3.9600.17784, time stamp: 0x5514c4f0

    Exception code: 0xc0000005

    Fault offset: 0x000000000005036a

    Faulting process id: 0x1558

    Faulting application start time: 0xherdProtectScan.exe0

    Faulting application path: herdProtectScan.exe1

    Faulting module path: herdProtectScan.exe2

    Report Id: herdProtectScan.exe3

    Faulting package full name: herdProtectScan.exe4

    Faulting package-relative application ID: herdProtectScan.exe5

    Error: (05/29/2015 00:50:13 AM) (Source: Application Hang) (EventID: 1002) (User: )

    Description: The program CCleaner64.exe version 5.3.0.5128 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 125c

    Start Time: 01d099cc34538791

    Termination Time: 6968

    Application Path: C:\Program Files\CCleaner\CCleaner64.exe

    Report Id: 8cb91475-05c6-11e5-831f-6c71d9d9cfd2

    Faulting package full name:

    Faulting package-relative application ID:

    Error: (05/29/2015 00:39:59 AM) (Source: Application Error) (EventID: 1000) (User: )

    Description: Faulting application name: herdProtectScan.exe, version: 1.0.3.9, time stamp: 0x549300f9

    Faulting module name: LSASRV.dll, version: 6.3.9600.17784, time stamp: 0x5514c4f0

    Exception code: 0xc0000005

    Fault offset: 0x000000000005036a

    Faulting process id: 0x148c

    Faulting application start time: 0xherdProtectScan.exe0

    Faulting application path: herdProtectScan.exe1

    Faulting module path: herdProtectScan.exe2

    Report Id: herdProtectScan.exe3

    Faulting package full name: herdProtectScan.exe4

    Faulting package-relative application ID: herdProtectScan.exe5

    Error: (05/28/2015 11:59:20 PM) (Source: Application Error) (EventID: 1000) (User: )

    Description: Faulting application name: herdProtectScan.exe, version: 1.0.3.9, time stamp: 0x549300f9

    Faulting module name: LSASRV.dll, version: 6.3.9600.17784, time stamp: 0x5514c4f0

    Exception code: 0xc0000005

    Fault offset: 0x000000000005036a

    Faulting process id: 0x148c

    Faulting application start time: 0xherdProtectScan.exe0

    Faulting application path: herdProtectScan.exe1

    Faulting module path: herdProtectScan.exe2

    Report Id: herdProtectScan.exe3

    Faulting package full name: herdProtectScan.exe4

    Faulting package-relative application ID: herdProtectScan.exe5

    Error: (05/28/2015 11:44:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:

    AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.

    System Error:

    The system cannot find the file specified.

    .

    Error: (05/28/2015 11:44:03 PM) (Source: VSS) (EventID: 8194) (User: )

    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.

    .

    This is often caused by incorrect security settings in either the writer or requestor process.

    Operation:

    Gathering Writer Data

    Context:

    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}

    Writer Name: System Writer

    Writer Instance ID: {7ec5e394-2888-47cf-af20-b1e590d75c14}

    Error: (05/28/2015 11:31:07 PM) (Source: Application Error) (EventID: 1000) (User: )

    Description: Faulting application name: herdProtectScan.exe, version: 1.0.3.9, time stamp: 0x549300f9

    Faulting module name: LSASRV.dll, version: 6.3.9600.17784, time stamp: 0x5514c4f0

    Exception code: 0xc0000005

    Fault offset: 0x000000000005036a

    Faulting process id: 0x1588

    Faulting application start time: 0xherdProtectScan.exe0

    Faulting application path: herdProtectScan.exe1

    Faulting module path: herdProtectScan.exe2

    Report Id: herdProtectScan.exe3

    Faulting package full name: herdProtectScan.exe4

    Faulting package-relative application ID: herdProtectScan.exe5

    Error: (05/28/2015 11:31:04 PM) (Source: Application Error) (EventID: 1000) (User: )

    Description: Faulting application name: herdProtectScan.exe, version: 1.0.3.9, time stamp: 0x549300f9

    Faulting module name: LSASRV.dll, version: 6.3.9600.17784, time stamp: 0x5514c4f0

    Exception code: 0xc0000005

    Fault offset: 0x000000000005036a

    Faulting process id: 0x1588

    Faulting application start time: 0xherdProtectScan.exe0

    Faulting application path: herdProtectScan.exe1

    Faulting module path: herdProtectScan.exe2

    Report Id: herdProtectScan.exe3

    Faulting package full name: herdProtectScan.exe4

    Faulting package-relative application ID: herdProtectScan.exe5

    System errors:

    =============

    Error: (05/29/2015 11:05:38 AM) (Source: DCOM) (EventID: 10005) (User: J-PC)

    Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030}

    Error: (05/29/2015 11:05:38 AM) (Source: DCOM) (EventID: 10005) (User: J-PC)

    Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

    Error: (05/29/2015 11:01:49 AM) (Source: DCOM) (EventID: 10005) (User: J-PC)

    Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

    Error: (05/29/2015 10:52:31 AM) (Source: DCOM) (EventID: 10005) (User: J-PC)

    Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

    Error: (05/29/2015 10:52:29 AM) (Source: DCOM) (EventID: 10005) (User: J-PC)

    Description: 1084dpsUnavailable{7022A3B3-D004-4F52-AF11-E9E987FEE25F}

    Error: (05/29/2015 10:52:29 AM) (Source: DCOM) (EventID: 10005) (User: J-PC)

    Description: 1084dpsUnavailable{7022A3B3-D004-4F52-AF11-E9E987FEE25F}

    Error: (05/29/2015 10:52:29 AM) (Source: DCOM) (EventID: 10005) (User: J-PC)

    Description: 1084dpsUnavailable{7022A3B3-D004-4F52-AF11-E9E987FEE25F}

    Error: (05/29/2015 10:52:29 AM) (Source: DCOM) (EventID: 10005) (User: J-PC)

    Description: 1084dpsUnavailable{7022A3B3-D004-4F52-AF11-E9E987FEE25F}

    Error: (05/29/2015 10:52:29 AM) (Source: DCOM) (EventID: 10005) (User: J-PC)

    Description: 1084dpsUnavailable{7022A3B3-D004-4F52-AF11-E9E987FEE25F}

    Error: (05/29/2015 10:52:29 AM) (Source: DCOM) (EventID: 10005) (User: J-PC)

    Description: 1084dpsUnavailable{7022A3B3-D004-4F52-AF11-E9E987FEE25F}

    Microsoft Office:

    =========================

    ==================== Memory info ===========================

    Processor: Intel® Core i7-4770S CPU @ 3.10GHz

    Percentage of memory in use: 18%

    Total physical RAM: 12227.29 MB

    Available physical RAM: 10013.91 MB

    Total Pagefile: 24515.29 MB

    Available Pagefile: 22101.5 MB

    Total Virtual: 131072 MB

    Available Virtual: 131071.84 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:1848.58 GB) (Free:1453.5 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================

    Disk: 0 (Size: 1863 GB) (Disk ID: F56D093E)

    Partition: GPT Partition Type.

    ==================== End of log ============================

  9. I installed a program called VisualStyler.Net made by a company called SkinSoft and I'm now thinking it was malware. It's a program to reskin/customize your UIs in Visual Studio to make them more visually pleasing. It(The program) was installing via an installer, and I canceled it due to the fact that I felt like it was too suspicious. My Visual Studio 2013 was very slow, groggy, and overall a pain to work with as it was now crashing. Keep in mind VS2013 was running like a charm up until this incident. My explorer.exe was crashing, and I knew something was wrong. The only program that caught anything left behind was Adwcleaner which removed three registry keys. I'm now scared that I still have remnants of it, but MBAM and avast! scans have both come back clean. I uninstalled VS2013, and am now attaching logs that hopefully will remove the rest of this program's remnants. Cheers.

  10.  

    the use of the comodo firewall would be redundant and may cause problems as well as slowing the machine a bit .

     

    I was thinking the same thing. I'm currently using only Avast! Internet Security 2015 and Malwarebytes Anti-Malware Premium and it's working perfectly, just wondering if I have more options for security. Have a good day.

  11. Hello,

    I was wondering if it was possible to run Avast! Internet Security 2015 + Malwarebytes Anti-Malware Premium + Comodo Firewall without any contradictions or breaks. If anyone else uses this setup, please tell me if it's possible and still provides as much protection as possible.

    • [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly

    [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com

    [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 media.opencandy.com

    [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.opencandy.com

    [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 tracking.opencandy.com

    [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 api.opencandy.com

    [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 installer.betterinstaller.com

    [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 installer.filebulldog.com

    [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net

    [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 inno.bisrv.com

    [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 nsis.bisrv.com

    [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.file2desktop.com

    [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.goateastcach.us

    [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.guttastatdk.us

    [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.inskinmedia.com

    [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.insta.oibundles2.com

    [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.insta.playbryte.com

    [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.llogetfastcach.us

    [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.montiera.com

    [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.msdwnld.com

    [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.mypcbackup.com

    [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.ppdownload.com

    [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.riceateastcach.us

    [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.shyapotato.us

    [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.solimba.com

    [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.tuto4pc.com

    [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.appround.biz

    [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.bigspeedpro.com

    [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.bispd.com

    [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.bisrv.com

    [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.cdndp.com

    [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.download.sweetpacks.com

    [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.dpdownload.com

    [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.visualbee.net

  12. Nope, I stated I ran it out of paranoia.(I'm very cautious, anything that is even slightly fishy I immmediately go into "lockdown mode")

    The registry keys were replaces, the only reason I thought maybe they were malicious was because I had just installed Classic Shell a couple weeks ago. The items were deleted, but instantly replaced. I just scanned again, and got a large list of host files, is this normal?

    [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly

    [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com

    [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 media.opencandy.com

    [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.opencandy.com

    [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 tracking.opencandy.com

    [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 api.opencandy.com

    [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 installer.betterinstaller.com

    [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 installer.filebulldog.com

    [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net

    [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 inno.bisrv.com

    [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 nsis.bisrv.com

    [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.file2desktop.com

    [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.goateastcach.us

    [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.guttastatdk.us

    [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.inskinmedia.com

    [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.insta.oibundles2.com

    [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.insta.playbryte.com

    [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.llogetfastcach.us

    [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.montiera.com

    [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.msdwnld.com

    [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.mypcbackup.com

    [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.ppdownload.com

    [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.riceateastcach.us

    [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.shyapotato.us

    [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.solimba.com

    [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.tuto4pc.com

    [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.appround.biz

    [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.bigspeedpro.com

    [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.bispd.com

    [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.bisrv.com

    [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.cdndp.com

    [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.download.sweetpacks.com

    [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.dpdownload.com

    [C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.visualbee.net

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.