Jump to content

Possible Trojan, Slow Computer


Recommended Posts

I installed a program called VisualStyler.Net made by a company called SkinSoft and I'm now thinking it was malware. It's a program to reskin/customize your UIs in Visual Studio to make them more visually pleasing. It(The program) was installing via an installer, and I canceled it due to the fact that I felt like it was too suspicious. My Visual Studio 2013 was very slow, groggy, and overall a pain to work with as it was now crashing. Keep in mind VS2013 was running like a charm up until this incident. My explorer.exe was crashing, and I knew something was wrong. The only program that caught anything left behind was Adwcleaner which removed three registry keys. I'm now scared that I still have remnants of it, but MBAM and avast! scans have both come back clean. I uninstalled VS2013, and am now attaching logs that hopefully will remove the rest of this program's remnants. Cheers.

Link to post
Share on other sites

Hello Valor! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Please follow the instructions here and then post your log files in a new reply in this thread:

https://forums.malwarebytes.org/index.php?/topic/9573-im-infected-what-do-i-do-now/

Link to post
Share on other sites

Here you go, that first post where I attached logs was my fault.

As you requested-

Malwarebytes Log:

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 5/29/2015

Scan Time: 9:53:34 AM

Logfile:

Administrator: Yes

Version: 2.01.6.1022

Malware Database: v2015.05.29.04

Rootkit Database: v2015.05.24.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Enabled

OS: Windows 8.1

CPU: x64

File System: NTFS

User: J

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 446216

Time Elapsed: 55 min, 45 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 0

(No malicious items detected)

Registry Values: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

Folders: 0

(No malicious items detected)

Files: 0

(No malicious items detected)

Physical Sectors: 0

(No malicious items detected)

(end)

FRST Logs

-FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015 01

Ran by J (administrator) on J-PC on 29-05-2015 11:12:33

Running from C:\Users\J\Desktop\Cleaning

Loaded Profiles: J (Available Profiles: J & DefaultAppPool)

Platform: Windows 8.1 (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.wireshark.org)

Workflow Manager Client 1.0 (Version: 2.0.40131.0 - Microsoft Corporation) Hidden

Workflow Manager Tools 1.0 for Visual Studio (Version: 2.0.40326.0 - Microsoft Corporation) Hidden

Пакет Visual Studio 2012 Verification SDK - rus (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

18-05-2015 16:17:46 Removed Microsoft Visual Studio 2012 Devenv

18-05-2015 16:18:25 Removed Microsoft Visual Studio 2010 Office Developer Tools (x64)

18-05-2015 16:19:36 Removed Microsoft ASP.NET MVC 4 - Visual Studio 2012 Tools

18-05-2015 16:20:58 Removed Microsoft ASP.NET Web Pages 2 - Visual Studio 2012 Tools

18-05-2015 16:22:59 Removed Microsoft ASP.NET Web Pages - Visual Studio 2012 Tools

18-05-2015 16:24:01 Removed Microsoft Report Viewer Add-On for Visual Studio 2012

18-05-2015 16:25:03 Removed Blend for Visual Studio 2012 ENU resources

18-05-2015 16:25:47 Removed Microsoft LightSwitch for Visual Studio 2012 CoreRes - ENU

18-05-2015 16:26:56 Removed Visual Studio Extensions for Windows Library for JavaScript

18-05-2015 16:28:52 Removed Microsoft Web Developer Tools - Visual Studio 2012

18-05-2015 16:30:04 Removed Blend for Visual Studio 2012

18-05-2015 16:31:23 Removed Visual Studio 2012 Prerequisites - ENU Language Pack

18-05-2015 16:32:19 Removed PreEmptive Analytics Visual Studio Components

18-05-2015 16:32:59 Removed Microsoft LightSwitch for Visual Studio 2012 Core

18-05-2015 16:34:38 Removed Microsoft ASP.NET MVC 3 - Visual Studio 2012 Tools Update

18-05-2015 16:36:34 Removed Microsoft NuGet - Visual Studio 2012

18-05-2015 16:37:15 Removed Visual Studio 2012 Prerequisites

18-05-2015 16:38:38 Removed Prerequisites for SSDT

18-05-2015 16:41:38 Removed Prerequisites for SSDT

18-05-2015 16:43:58 Removed Microsoft Web Deploy dbSqlPackage Provider - enu

18-05-2015 16:44:42 Removed Microsoft SQL Server Data Tools - enu (11.1.20627.00)

18-05-2015 16:45:45 Removed Microsoft SQL Server 2012 Command Line Utilities

18-05-2015 16:46:28 Removed Microsoft SQL Server 2012 Data-Tier App Framework

18-05-2015 16:47:09 Removed Microsoft SQL Server 2012 Data-Tier App Framework (x64)

18-05-2015 16:47:56 Removed Microsoft SQL Server 2012 Express LocalDB

18-05-2015 16:48:47 Removed Microsoft SQL Server 2012 Native Client

18-05-2015 16:49:53 Removed Microsoft SQL Server 2014 Express LocalDB

18-05-2015 16:50:45 Removed Microsoft SQL Server System CLR Types

18-05-2015 16:51:40 Removed Microsoft System CLR Types for SQL Server 2014

18-05-2015 16:56:19 Removed Microsoft System CLR Types for SQL Server 2014

18-05-2015 16:57:02 Removed Microsoft SQL Server Compact 4.0 SP1 x64 ENU

18-05-2015 16:58:26 Removed Microsoft SQL Server 2012 Transact-SQL ScriptDom

18-05-2015 16:59:32 Removed Microsoft System CLR Types for SQL Server 2014

18-05-2015 17:02:40 Removed Microsoft SQL Server 2014 T-SQL Language Service

18-05-2015 17:03:49 Removed Microsoft SQL Server System CLR Types (x64)

18-05-2015 17:04:43 Removed Microsoft SQL Server 2012 Management Objects (x64)

18-05-2015 17:05:42 Removed Microsoft SQL Server 2012 Management Objects

18-05-2015 17:06:43 Removed Microsoft SQL Server 2014 Management Objects

18-05-2015 17:07:49 Removed Microsoft SQL Server 2014 Management Objects (x64)

18-05-2015 17:08:48 Removed Microsoft System CLR Types for SQL Server 2012

18-05-2015 17:09:35 Removed Microsoft System CLR Types for SQL Server 2012 (x64)

18-05-2015 17:10:37 Removed Microsoft SQL Server 2012 T-SQL Language Service

18-05-2015 17:11:22 Removed Microsoft SQL Server 2014 Transact-SQL ScriptDom

18-05-2015 17:12:03 Removed Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00)

18-05-2015 17:12:43 Removed Microsoft SQL Server 2012 Transact-SQL Compiler Service

18-05-2015 17:13:22 Removed Microsoft Web Platform Installer 4.0

18-05-2015 17:14:13 Removed Microsoft XNA Framework Redistributable 4.0 Refresh

18-05-2015 17:15:08 Removed Microsoft XNA Game Studio Platform Tools

18-05-2015 17:18:25 Windows Modules Installer

18-05-2015 23:05:41 Windows Modules Installer

21-05-2015 16:49:36 Removed Java 8 Update 40 (64-bit)

21-05-2015 16:50:32 Removed Java 8 Update 40 (64-bit)

21-05-2015 16:51:16 Removed Java 8 Update 45

21-05-2015 16:55:14 Removed Java 8 Update 45

21-05-2015 16:56:40 Installed Java 7 Update 67 (64-bit)

21-05-2015 17:00:57 Removed Java 7 Update 67 (64-bit)

21-05-2015 17:05:06 Installed Java 7 Update 79

27-05-2015 16:35:00 zoek.exe restore point

28-05-2015 12:36:47 Windows Modules Installer

28-05-2015 12:40:20 Windows Modules Installer

28-05-2015 12:41:46 Windows Modules Installer

28-05-2015 12:44:01 Restore Operation

28-05-2015 13:13:21 Windows Modules Installer

28-05-2015 23:44:03 Restore Point Created by FRST

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2015-05-29 11:07 - 00001916 ____A C:\WINDOWS\system32\Drivers\etc\hosts

0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly

0.0.0.0 tracking.opencandy.com.s3.amazonaws.com

0.0.0.0 media.opencandy.com

0.0.0.0 cdn.opencandy.com

0.0.0.0 tracking.opencandy.com

0.0.0.0 api.opencandy.com

0.0.0.0 installer.betterinstaller.com

0.0.0.0 installer.filebulldog.com

0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net

0.0.0.0 inno.bisrv.com

0.0.0.0 nsis.bisrv.com

0.0.0.0 cdn.file2desktop.com

0.0.0.0 cdn.goateastcach.us

0.0.0.0 cdn.guttastatdk.us

0.0.0.0 cdn.inskinmedia.com

0.0.0.0 cdn.insta.oibundles2.com

0.0.0.0 cdn.insta.playbryte.com

0.0.0.0 cdn.llogetfastcach.us

0.0.0.0 cdn.montiera.com

0.0.0.0 cdn.msdwnld.com

0.0.0.0 cdn.mypcbackup.com

0.0.0.0 cdn.ppdownload.com

0.0.0.0 cdn.riceateastcach.us

0.0.0.0 cdn.shyapotato.us

0.0.0.0 cdn.solimba.com

0.0.0.0 cdn.tuto4pc.com

0.0.0.0 cdn.appround.biz

0.0.0.0 cdn.bigspeedpro.com

0.0.0.0 cdn.bispd.com

There are 4 more lines.

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {4E359AF4-5CF4-4133-A6B2-96503A0AFE60} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)

Task: {67804067-E2EE-4529-833A-61CAD255FB68} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-05-14] (Microsoft Corporation)

Task: {73992560-4BDA-47E9-9E36-20C39B28A830} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe

Task: {85EE00BA-3FEF-4AFA-BCD4-7BBE98C02C2F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-23] (Avast Software s.r.o.)

Task: {89388CEA-076A-4409-88E7-8AA214693171} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)

Task: {ACA76F49-F065-4A95-A83A-78A4CE8056B9} - System32\Tasks\{7A2657A7-9A34-4DCE-8B29-EF6B66A29D14} => pcalua.exe -a "C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\pbsvc_fc3.exe" -c -u

Task: {C540F8F3-89F0-432E-819D-CFD4128A6180} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)

Task: {E01BA71E-DB7C-47B3-BA55-7D078707D699} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)

==================== Loaded Modules (Whitelisted) ==============

2015-04-17 07:36 - 2015-05-11 22:30 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2015-03-17 09:21 - 2015-03-17 09:21 - 00216576 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe

2014-05-13 18:57 - 2014-05-13 18:57 - 00210648 _____ () C:\Program Files (x86)\NETGEAR\A6210\NetgearSwitchUSB.exe

2013-12-16 11:29 - 2013-08-28 10:24 - 00920736 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe

2015-04-23 23:15 - 2015-04-23 23:15 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll

2015-04-23 23:15 - 2015-04-23 23:15 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll

2015-05-29 09:54 - 2015-05-29 09:54 - 02950656 _____ () C:\Program Files\AVAST Software\Avast\defs\15052900\algo.dll

2015-03-17 09:07 - 2015-03-17 09:07 - 00221184 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll

2015-03-17 08:54 - 2015-03-17 08:54 - 00050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll

2015-03-17 09:07 - 2015-03-17 09:07 - 00070656 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll

2015-03-17 09:10 - 2015-03-17 09:10 - 00744448 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-20.dll

2015-03-17 09:01 - 2015-03-17 09:01 - 00038400 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll

2015-04-17 07:29 - 2015-05-01 11:52 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll

2015-03-12 13:07 - 2015-03-12 13:07 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

2013-12-16 11:29 - 2015-05-29 11:09 - 00026624 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll

2013-12-16 11:29 - 2010-06-28 21:58 - 00104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll

2013-12-16 11:22 - 2013-08-19 14:10 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\03733015.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\07704620.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\36189129.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\37082435.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\37396852.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\64035711.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\67683272.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\72717616.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\73141419.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\03733015.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\07704620.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\36189129.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\37082435.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\37396852.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\64035711.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\67683272.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\72717616.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\73141419.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-570464586-119374992-2394123655-1002\...\clonewarsadventures.com -> clonewarsadventures.com

IE trusted site: HKU\S-1-5-21-570464586-119374992-2394123655-1002\...\freerealms.com -> freerealms.com

IE trusted site: HKU\S-1-5-21-570464586-119374992-2394123655-1002\...\soe.com -> soe.com

IE trusted site: HKU\S-1-5-21-570464586-119374992-2394123655-1002\...\sony.com -> sony.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-570464586-119374992-2394123655-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme1\img4.jpg

DNS Servers: 8.8.8.8 - 208.67.222.222

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "NETGEAR A6210 Genie.lnk"

HKLM\...\StartupApproved\Run: => "RTHDVCPL"

HKLM\...\StartupApproved\Run: => "RtHDVBg"

HKLM\...\StartupApproved\Run: => "NvBackend"

HKLM\...\StartupApproved\Run: => "ShadowPlay"

HKLM\...\StartupApproved\Run: => "BtServer"

HKLM\...\StartupApproved\Run32: => "ASUSPRP"

HKLM\...\StartupApproved\Run32: => "KeyScrambler"

HKLM\...\StartupApproved\Run32: => "RemoteControl10"

HKLM\...\StartupApproved\Run32: => "NvBackend"

HKLM\...\StartupApproved\Run32: => "IAStorIcon"

HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"

HKLM\...\StartupApproved\Run32: => "Razer Synapse"

HKU\S-1-5-21-570464586-119374992-2394123655-1002\...\StartupApproved\StartupFolder: => "PureVPN.lnk"

HKU\S-1-5-21-570464586-119374992-2394123655-1002\...\StartupApproved\Run: => "Skype"

HKU\S-1-5-21-570464586-119374992-2394123655-1002\...\StartupApproved\Run: => "Steam"

HKU\S-1-5-21-570464586-119374992-2394123655-1002\...\StartupApproved\Run: => "Spotify"

HKU\S-1-5-21-570464586-119374992-2394123655-1002\...\StartupApproved\Run: => "CCleaner Monitoring"

HKU\S-1-5-21-570464586-119374992-2394123655-1002\...\StartupApproved\Run: => "Spotify Web Helper"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (05/29/2015 10:35:19 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: herdProtectScan.exe, version: 1.0.3.9, time stamp: 0x549300f9

Faulting module name: LSASRV.dll, version: 6.3.9600.17784, time stamp: 0x5514c4f0

Exception code: 0xc0000005

Fault offset: 0x000000000005036a

Faulting process id: 0x15ac

Faulting application start time: 0xherdProtectScan.exe0

Faulting application path: herdProtectScan.exe1

Faulting module path: herdProtectScan.exe2

Report Id: herdProtectScan.exe3

Faulting package full name: herdProtectScan.exe4

Faulting package-relative application ID: herdProtectScan.exe5

Error: (05/29/2015 09:56:25 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: herdProtectScan.exe, version: 1.0.3.9, time stamp: 0x549300f9

Faulting module name: LSASRV.dll, version: 6.3.9600.17784, time stamp: 0x5514c4f0

Exception code: 0xc0000005

Fault offset: 0x000000000005036a

Faulting process id: 0x15ac

Faulting application start time: 0xherdProtectScan.exe0

Faulting application path: herdProtectScan.exe1

Faulting module path: herdProtectScan.exe2

Report Id: herdProtectScan.exe3

Faulting package full name: herdProtectScan.exe4

Faulting package-relative application ID: herdProtectScan.exe5

Error: (05/29/2015 01:02:53 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: herdProtectScan.exe, version: 1.0.3.9, time stamp: 0x549300f9

Faulting module name: LSASRV.dll, version: 6.3.9600.17784, time stamp: 0x5514c4f0

Exception code: 0xc0000005

Fault offset: 0x000000000005036a

Faulting process id: 0x1558

Faulting application start time: 0xherdProtectScan.exe0

Faulting application path: herdProtectScan.exe1

Faulting module path: herdProtectScan.exe2

Report Id: herdProtectScan.exe3

Faulting package full name: herdProtectScan.exe4

Faulting package-relative application ID: herdProtectScan.exe5

Error: (05/29/2015 00:50:13 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program CCleaner64.exe version 5.3.0.5128 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 125c

Start Time: 01d099cc34538791

Termination Time: 6968

Application Path: C:\Program Files\CCleaner\CCleaner64.exe

Report Id: 8cb91475-05c6-11e5-831f-6c71d9d9cfd2

Faulting package full name:

Faulting package-relative application ID:

Error: (05/29/2015 00:39:59 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: herdProtectScan.exe, version: 1.0.3.9, time stamp: 0x549300f9

Faulting module name: LSASRV.dll, version: 6.3.9600.17784, time stamp: 0x5514c4f0

Exception code: 0xc0000005

Fault offset: 0x000000000005036a

Faulting process id: 0x148c

Faulting application start time: 0xherdProtectScan.exe0

Faulting application path: herdProtectScan.exe1

Faulting module path: herdProtectScan.exe2

Report Id: herdProtectScan.exe3

Faulting package full name: herdProtectScan.exe4

Faulting package-relative application ID: herdProtectScan.exe5

Error: (05/28/2015 11:59:20 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: herdProtectScan.exe, version: 1.0.3.9, time stamp: 0x549300f9

Faulting module name: LSASRV.dll, version: 6.3.9600.17784, time stamp: 0x5514c4f0

Exception code: 0xc0000005

Fault offset: 0x000000000005036a

Faulting process id: 0x148c

Faulting application start time: 0xherdProtectScan.exe0

Faulting application path: herdProtectScan.exe1

Faulting module path: herdProtectScan.exe2

Report Id: herdProtectScan.exe3

Faulting package full name: herdProtectScan.exe4

Faulting package-relative application ID: herdProtectScan.exe5

Error: (05/28/2015 11:44:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:

AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.

System Error:

The system cannot find the file specified.

.

Error: (05/28/2015 11:44:03 PM) (Source: VSS) (EventID: 8194) (User: )

Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.

.

This is often caused by incorrect security settings in either the writer or requestor process.

Operation:

Gathering Writer Data

Context:

Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}

Writer Name: System Writer

Writer Instance ID: {7ec5e394-2888-47cf-af20-b1e590d75c14}

Error: (05/28/2015 11:31:07 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: herdProtectScan.exe, version: 1.0.3.9, time stamp: 0x549300f9

Faulting module name: LSASRV.dll, version: 6.3.9600.17784, time stamp: 0x5514c4f0

Exception code: 0xc0000005

Fault offset: 0x000000000005036a

Faulting process id: 0x1588

Faulting application start time: 0xherdProtectScan.exe0

Faulting application path: herdProtectScan.exe1

Faulting module path: herdProtectScan.exe2

Report Id: herdProtectScan.exe3

Faulting package full name: herdProtectScan.exe4

Faulting package-relative application ID: herdProtectScan.exe5

Error: (05/28/2015 11:31:04 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: herdProtectScan.exe, version: 1.0.3.9, time stamp: 0x549300f9

Faulting module name: LSASRV.dll, version: 6.3.9600.17784, time stamp: 0x5514c4f0

Exception code: 0xc0000005

Fault offset: 0x000000000005036a

Faulting process id: 0x1588

Faulting application start time: 0xherdProtectScan.exe0

Faulting application path: herdProtectScan.exe1

Faulting module path: herdProtectScan.exe2

Report Id: herdProtectScan.exe3

Faulting package full name: herdProtectScan.exe4

Faulting package-relative application ID: herdProtectScan.exe5

System errors:

=============

Error: (05/29/2015 11:05:38 AM) (Source: DCOM) (EventID: 10005) (User: J-PC)

Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030}

Error: (05/29/2015 11:05:38 AM) (Source: DCOM) (EventID: 10005) (User: J-PC)

Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (05/29/2015 11:01:49 AM) (Source: DCOM) (EventID: 10005) (User: J-PC)

Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (05/29/2015 10:52:31 AM) (Source: DCOM) (EventID: 10005) (User: J-PC)

Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (05/29/2015 10:52:29 AM) (Source: DCOM) (EventID: 10005) (User: J-PC)

Description: 1084dpsUnavailable{7022A3B3-D004-4F52-AF11-E9E987FEE25F}

Error: (05/29/2015 10:52:29 AM) (Source: DCOM) (EventID: 10005) (User: J-PC)

Description: 1084dpsUnavailable{7022A3B3-D004-4F52-AF11-E9E987FEE25F}

Error: (05/29/2015 10:52:29 AM) (Source: DCOM) (EventID: 10005) (User: J-PC)

Description: 1084dpsUnavailable{7022A3B3-D004-4F52-AF11-E9E987FEE25F}

Error: (05/29/2015 10:52:29 AM) (Source: DCOM) (EventID: 10005) (User: J-PC)

Description: 1084dpsUnavailable{7022A3B3-D004-4F52-AF11-E9E987FEE25F}

Error: (05/29/2015 10:52:29 AM) (Source: DCOM) (EventID: 10005) (User: J-PC)

Description: 1084dpsUnavailable{7022A3B3-D004-4F52-AF11-E9E987FEE25F}

Error: (05/29/2015 10:52:29 AM) (Source: DCOM) (EventID: 10005) (User: J-PC)

Description: 1084dpsUnavailable{7022A3B3-D004-4F52-AF11-E9E987FEE25F}

Microsoft Office:

=========================

==================== Memory info ===========================

Processor: Intel® Core i7-4770S CPU @ 3.10GHz

Percentage of memory in use: 18%

Total physical RAM: 12227.29 MB

Available physical RAM: 10013.91 MB

Total Pagefile: 24515.29 MB

Available Pagefile: 22101.5 MB

Total Virtual: 131072 MB

Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:1848.58 GB) (Free:1453.5 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (Size: 1863 GB) (Disk ID: F56D093E)

Partition: GPT Partition Type.

==================== End of log ============================

Link to post
Share on other sites

I'm very sorry about the post above, I messed up on a pasting portion of it, should be fixed now.

As you requested-
Malwarebytes Log:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/29/2015
Scan Time: 9:53:34 AM
Logfile:
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.05.29.04
Rootkit Database: v2015.05.24.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: J

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 446216
Time Elapsed: 55 min, 45 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


FRST Logs
-FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015 01
Ran by J (administrator) on J-PC on 29-05-2015 11:12:33
Running from C:\Users\J\Desktop\Cleaning
Loaded Profiles: J (Available Profiles: J & DefaultAppPool)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.wireshark.org)
Workflow Manager Client 1.0 (Version: 2.0.40131.0 - Microsoft Corporation) Hidden
Workflow Manager Tools 1.0 for Visual Studio (Version: 2.0.40326.0 - Microsoft Corporation) Hidden
Пакет Visual Studio 2012 Verification SDK - rus (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

18-05-2015 16:17:46 Removed Microsoft Visual Studio 2012 Devenv
18-05-2015 16:18:25 Removed Microsoft Visual Studio 2010 Office Developer Tools (x64)
18-05-2015 16:19:36 Removed Microsoft ASP.NET MVC 4 - Visual Studio 2012 Tools
18-05-2015 16:20:58 Removed Microsoft ASP.NET Web Pages 2 - Visual Studio 2012 Tools
18-05-2015 16:22:59 Removed Microsoft ASP.NET Web Pages - Visual Studio 2012 Tools
18-05-2015 16:24:01 Removed Microsoft Report Viewer Add-On for Visual Studio 2012
18-05-2015 16:25:03 Removed Blend for Visual Studio 2012 ENU resources
18-05-2015 16:25:47 Removed Microsoft LightSwitch for Visual Studio 2012 CoreRes - ENU
18-05-2015 16:26:56 Removed Visual Studio Extensions for Windows Library for JavaScript
18-05-2015 16:28:52 Removed Microsoft Web Developer Tools - Visual Studio 2012
18-05-2015 16:30:04 Removed Blend for Visual Studio 2012
18-05-2015 16:31:23 Removed Visual Studio 2012 Prerequisites - ENU Language Pack
18-05-2015 16:32:19 Removed PreEmptive Analytics Visual Studio Components
18-05-2015 16:32:59 Removed Microsoft LightSwitch for Visual Studio 2012 Core
18-05-2015 16:34:38 Removed Microsoft ASP.NET MVC 3 - Visual Studio 2012 Tools Update
18-05-2015 16:36:34 Removed Microsoft NuGet - Visual Studio 2012
18-05-2015 16:37:15 Removed Visual Studio 2012 Prerequisites
18-05-2015 16:38:38 Removed Prerequisites for SSDT
18-05-2015 16:41:38 Removed Prerequisites for SSDT
18-05-2015 16:43:58 Removed Microsoft Web Deploy dbSqlPackage Provider - enu
18-05-2015 16:44:42 Removed Microsoft SQL Server Data Tools - enu (11.1.20627.00)
18-05-2015 16:45:45 Removed Microsoft SQL Server 2012 Command Line Utilities
18-05-2015 16:46:28 Removed Microsoft SQL Server 2012 Data-Tier App Framework
18-05-2015 16:47:09 Removed Microsoft SQL Server 2012 Data-Tier App Framework  (x64)
18-05-2015 16:47:56 Removed Microsoft SQL Server 2012 Express LocalDB
18-05-2015 16:48:47 Removed Microsoft SQL Server 2012 Native Client
18-05-2015 16:49:53 Removed Microsoft SQL Server 2014 Express LocalDB
18-05-2015 16:50:45 Removed Microsoft SQL Server System CLR Types
18-05-2015 16:51:40 Removed Microsoft System CLR Types for SQL Server 2014
18-05-2015 16:56:19 Removed Microsoft System CLR Types for SQL Server 2014
18-05-2015 16:57:02 Removed Microsoft SQL Server Compact 4.0 SP1 x64 ENU
18-05-2015 16:58:26 Removed Microsoft SQL Server 2012 Transact-SQL ScriptDom
18-05-2015 16:59:32 Removed Microsoft System CLR Types for SQL Server 2014
18-05-2015 17:02:40 Removed Microsoft SQL Server 2014 T-SQL Language Service
18-05-2015 17:03:49 Removed Microsoft SQL Server System CLR Types (x64)
18-05-2015 17:04:43 Removed Microsoft SQL Server 2012 Management Objects  (x64)
18-05-2015 17:05:42 Removed Microsoft SQL Server 2012 Management Objects
18-05-2015 17:06:43 Removed Microsoft SQL Server 2014 Management Objects
18-05-2015 17:07:49 Removed Microsoft SQL Server 2014 Management Objects  (x64)
18-05-2015 17:08:48 Removed Microsoft System CLR Types for SQL Server 2012
18-05-2015 17:09:35 Removed Microsoft System CLR Types for SQL Server 2012 (x64)
18-05-2015 17:10:37 Removed Microsoft SQL Server 2012 T-SQL Language Service
18-05-2015 17:11:22 Removed Microsoft SQL Server 2014 Transact-SQL ScriptDom
18-05-2015 17:12:03 Removed Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00)
18-05-2015 17:12:43 Removed Microsoft SQL Server 2012 Transact-SQL Compiler Service
18-05-2015 17:13:22 Removed Microsoft Web Platform Installer 4.0
18-05-2015 17:14:13 Removed Microsoft XNA Framework Redistributable 4.0 Refresh
18-05-2015 17:15:08 Removed Microsoft XNA Game Studio Platform Tools
18-05-2015 17:18:25 Windows Modules Installer
18-05-2015 23:05:41 Windows Modules Installer
21-05-2015 16:49:36 Removed Java 8 Update 40 (64-bit)
21-05-2015 16:50:32 Removed Java 8 Update 40 (64-bit)
21-05-2015 16:51:16 Removed Java 8 Update 45
21-05-2015 16:55:14 Removed Java 8 Update 45
21-05-2015 16:56:40 Installed Java 7 Update 67 (64-bit)
21-05-2015 17:00:57 Removed Java 7 Update 67 (64-bit)
21-05-2015 17:05:06 Installed Java 7 Update 79
27-05-2015 16:35:00 zoek.exe restore point
28-05-2015 12:36:47 Windows Modules Installer
28-05-2015 12:40:20 Windows Modules Installer
28-05-2015 12:41:46 Windows Modules Installer
28-05-2015 12:44:01 Restore Operation
28-05-2015 13:13:21 Windows Modules Installer
28-05-2015 23:44:03 Restore Point Created by FRST

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2015-05-29 11:07 - 00001916 ____A C:\WINDOWS\system32\Drivers\etc\hosts
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com

There are 4 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {4E359AF4-5CF4-4133-A6B2-96503A0AFE60} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {67804067-E2EE-4529-833A-61CAD255FB68} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-05-14] (Microsoft Corporation)
Task: {73992560-4BDA-47E9-9E36-20C39B28A830} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe
Task: {85EE00BA-3FEF-4AFA-BCD4-7BBE98C02C2F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-23] (Avast Software s.r.o.)
Task: {89388CEA-076A-4409-88E7-8AA214693171} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)
Task: {ACA76F49-F065-4A95-A83A-78A4CE8056B9} - System32\Tasks\{7A2657A7-9A34-4DCE-8B29-EF6B66A29D14} => pcalua.exe -a "C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\pbsvc_fc3.exe" -c -u
Task: {C540F8F3-89F0-432E-819D-CFD4128A6180} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {E01BA71E-DB7C-47B3-BA55-7D078707D699} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)

==================== Loaded Modules (Whitelisted) ==============

2015-04-17 07:36 - 2015-05-11 22:30 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-03-17 09:21 - 2015-03-17 09:21 - 00216576 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
2014-05-13 18:57 - 2014-05-13 18:57 - 00210648 _____ () C:\Program Files (x86)\NETGEAR\A6210\NetgearSwitchUSB.exe
2013-12-16 11:29 - 2013-08-28 10:24 - 00920736 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2015-04-23 23:15 - 2015-04-23 23:15 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-04-23 23:15 - 2015-04-23 23:15 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-05-29 09:54 - 2015-05-29 09:54 - 02950656 _____ () C:\Program Files\AVAST Software\Avast\defs\15052900\algo.dll
2015-03-17 09:07 - 2015-03-17 09:07 - 00221184 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
2015-03-17 08:54 - 2015-03-17 08:54 - 00050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
2015-03-17 09:07 - 2015-03-17 09:07 - 00070656 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
2015-03-17 09:10 - 2015-03-17 09:10 - 00744448 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-20.dll
2015-03-17 09:01 - 2015-03-17 09:01 - 00038400 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll
2015-04-17 07:29 - 2015-05-01 11:52 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-03-12 13:07 - 2015-03-12 13:07 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-12-16 11:29 - 2015-05-29 11:09 - 00026624 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2013-12-16 11:29 - 2010-06-28 21:58 - 00104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
2013-12-16 11:22 - 2013-08-19 14:10 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\03733015.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\07704620.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\36189129.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\37082435.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\37396852.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\64035711.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\67683272.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\72717616.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\73141419.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\03733015.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\07704620.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\36189129.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\37082435.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\37396852.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\64035711.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\67683272.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\72717616.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\73141419.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-570464586-119374992-2394123655-1002\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-570464586-119374992-2394123655-1002\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-570464586-119374992-2394123655-1002\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-570464586-119374992-2394123655-1002\...\sony.com -> sony.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-570464586-119374992-2394123655-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme1\img4.jpg
DNS Servers: 8.8.8.8 - 208.67.222.222

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "NETGEAR A6210 Genie.lnk"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "RtHDVBg"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "BtServer"
HKLM\...\StartupApproved\Run32: => "ASUSPRP"
HKLM\...\StartupApproved\Run32: => "KeyScrambler"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "NvBackend"
HKLM\...\StartupApproved\Run32: => "IAStorIcon"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKU\S-1-5-21-570464586-119374992-2394123655-1002\...\StartupApproved\StartupFolder: => "PureVPN.lnk"
HKU\S-1-5-21-570464586-119374992-2394123655-1002\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-570464586-119374992-2394123655-1002\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-570464586-119374992-2394123655-1002\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-570464586-119374992-2394123655-1002\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-570464586-119374992-2394123655-1002\...\StartupApproved\Run: => "Spotify Web Helper"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/29/2015 10:35:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: herdProtectScan.exe, version: 1.0.3.9, time stamp: 0x549300f9
Faulting module name: LSASRV.dll, version: 6.3.9600.17784, time stamp: 0x5514c4f0
Exception code: 0xc0000005
Fault offset: 0x000000000005036a
Faulting process id: 0x15ac
Faulting application start time: 0xherdProtectScan.exe0
Faulting application path: herdProtectScan.exe1
Faulting module path: herdProtectScan.exe2
Report Id: herdProtectScan.exe3
Faulting package full name: herdProtectScan.exe4
Faulting package-relative application ID: herdProtectScan.exe5

Error: (05/29/2015 09:56:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: herdProtectScan.exe, version: 1.0.3.9, time stamp: 0x549300f9
Faulting module name: LSASRV.dll, version: 6.3.9600.17784, time stamp: 0x5514c4f0
Exception code: 0xc0000005
Fault offset: 0x000000000005036a
Faulting process id: 0x15ac
Faulting application start time: 0xherdProtectScan.exe0
Faulting application path: herdProtectScan.exe1
Faulting module path: herdProtectScan.exe2
Report Id: herdProtectScan.exe3
Faulting package full name: herdProtectScan.exe4
Faulting package-relative application ID: herdProtectScan.exe5

Error: (05/29/2015 01:02:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: herdProtectScan.exe, version: 1.0.3.9, time stamp: 0x549300f9
Faulting module name: LSASRV.dll, version: 6.3.9600.17784, time stamp: 0x5514c4f0
Exception code: 0xc0000005
Fault offset: 0x000000000005036a
Faulting process id: 0x1558
Faulting application start time: 0xherdProtectScan.exe0
Faulting application path: herdProtectScan.exe1
Faulting module path: herdProtectScan.exe2
Report Id: herdProtectScan.exe3
Faulting package full name: herdProtectScan.exe4
Faulting package-relative application ID: herdProtectScan.exe5

Error: (05/29/2015 00:50:13 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program CCleaner64.exe version 5.3.0.5128 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 125c

Start Time: 01d099cc34538791

Termination Time: 6968

Application Path: C:\Program Files\CCleaner\CCleaner64.exe

Report Id: 8cb91475-05c6-11e5-831f-6c71d9d9cfd2

Faulting package full name:

Faulting package-relative application ID:

Error: (05/29/2015 00:39:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: herdProtectScan.exe, version: 1.0.3.9, time stamp: 0x549300f9
Faulting module name: LSASRV.dll, version: 6.3.9600.17784, time stamp: 0x5514c4f0
Exception code: 0xc0000005
Fault offset: 0x000000000005036a
Faulting process id: 0x148c
Faulting application start time: 0xherdProtectScan.exe0
Faulting application path: herdProtectScan.exe1
Faulting module path: herdProtectScan.exe2
Report Id: herdProtectScan.exe3
Faulting package full name: herdProtectScan.exe4
Faulting package-relative application ID: herdProtectScan.exe5

Error: (05/28/2015 11:59:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: herdProtectScan.exe, version: 1.0.3.9, time stamp: 0x549300f9
Faulting module name: LSASRV.dll, version: 6.3.9600.17784, time stamp: 0x5514c4f0
Exception code: 0xc0000005
Fault offset: 0x000000000005036a
Faulting process id: 0x148c
Faulting application start time: 0xherdProtectScan.exe0
Faulting application path: herdProtectScan.exe1
Faulting module path: herdProtectScan.exe2
Report Id: herdProtectScan.exe3
Faulting package full name: herdProtectScan.exe4
Faulting package-relative application ID: herdProtectScan.exe5

Error: (05/28/2015 11:44:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.

System Error:
The system cannot find the file specified.
.

Error: (05/28/2015 11:44:03 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {7ec5e394-2888-47cf-af20-b1e590d75c14}

Error: (05/28/2015 11:31:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: herdProtectScan.exe, version: 1.0.3.9, time stamp: 0x549300f9
Faulting module name: LSASRV.dll, version: 6.3.9600.17784, time stamp: 0x5514c4f0
Exception code: 0xc0000005
Fault offset: 0x000000000005036a
Faulting process id: 0x1588
Faulting application start time: 0xherdProtectScan.exe0
Faulting application path: herdProtectScan.exe1
Faulting module path: herdProtectScan.exe2
Report Id: herdProtectScan.exe3
Faulting package full name: herdProtectScan.exe4
Faulting package-relative application ID: herdProtectScan.exe5

Error: (05/28/2015 11:31:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: herdProtectScan.exe, version: 1.0.3.9, time stamp: 0x549300f9
Faulting module name: LSASRV.dll, version: 6.3.9600.17784, time stamp: 0x5514c4f0
Exception code: 0xc0000005
Fault offset: 0x000000000005036a
Faulting process id: 0x1588
Faulting application start time: 0xherdProtectScan.exe0
Faulting application path: herdProtectScan.exe1
Faulting module path: herdProtectScan.exe2
Report Id: herdProtectScan.exe3
Faulting package full name: herdProtectScan.exe4
Faulting package-relative application ID: herdProtectScan.exe5


System errors:
=============
Error: (05/29/2015 11:05:38 AM) (Source: DCOM) (EventID: 10005) (User: J-PC)
Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030}

Error: (05/29/2015 11:05:38 AM) (Source: DCOM) (EventID: 10005) (User: J-PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (05/29/2015 11:01:49 AM) (Source: DCOM) (EventID: 10005) (User: J-PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (05/29/2015 10:52:31 AM) (Source: DCOM) (EventID: 10005) (User: J-PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (05/29/2015 10:52:29 AM) (Source: DCOM) (EventID: 10005) (User: J-PC)
Description: 1084dpsUnavailable{7022A3B3-D004-4F52-AF11-E9E987FEE25F}

Error: (05/29/2015 10:52:29 AM) (Source: DCOM) (EventID: 10005) (User: J-PC)
Description: 1084dpsUnavailable{7022A3B3-D004-4F52-AF11-E9E987FEE25F}

Error: (05/29/2015 10:52:29 AM) (Source: DCOM) (EventID: 10005) (User: J-PC)
Description: 1084dpsUnavailable{7022A3B3-D004-4F52-AF11-E9E987FEE25F}

Error: (05/29/2015 10:52:29 AM) (Source: DCOM) (EventID: 10005) (User: J-PC)
Description: 1084dpsUnavailable{7022A3B3-D004-4F52-AF11-E9E987FEE25F}

Error: (05/29/2015 10:52:29 AM) (Source: DCOM) (EventID: 10005) (User: J-PC)
Description: 1084dpsUnavailable{7022A3B3-D004-4F52-AF11-E9E987FEE25F}

Error: (05/29/2015 10:52:29 AM) (Source: DCOM) (EventID: 10005) (User: J-PC)
Description: 1084dpsUnavailable{7022A3B3-D004-4F52-AF11-E9E987FEE25F}


Microsoft Office:
=========================

==================== Memory info ===========================

Processor: Intel® Core i7-4770S CPU @ 3.10GHz
Percentage of memory in use: 18%
Total physical RAM: 12227.29 MB
Available physical RAM: 10013.91 MB
Total Pagefile: 24515.29 MB
Available Pagefile: 22101.5 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:1848.58 GB) (Free:1453.5 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: F56D093E)

Partition: GPT Partition Type.

==================== End of log ============================

Link to post
Share on other sites

Step 1

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Step 2

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan button. Wait until is finished.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.
In your next reply, post the following log files:
  • Junkware Removal Tool log
  • AdwCleaner log
  • FRST log

fixlist.txt

Link to post
Share on other sites

# AdwCleaner v4.205 - Logfile created 30/05/2015 at 15:54:38
# Updated 21/05/2015 by Xplode
# Database : 2015-05-21.2 [Local]
# Operating system : Windows 8.1  (x64)
# Username : J - J-PC
# Running from : C:\Users\J\Desktop\Cleaning\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****

***** [ Registry ] *****


***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v38.0.1 (x86 en-US)

*************************

AdwCleaner[R0].txt - [731 bytes] - [10/05/2015 19:50:01]
AdwCleaner[R10].txt - [1378 bytes] - [23/05/2015 02:12:33]
AdwCleaner[R11].txt - [1438 bytes] - [25/05/2015 04:37:55]
AdwCleaner[R12].txt - [1498 bytes] - [26/05/2015 23:18:11]
AdwCleaner[R13].txt - [1558 bytes] - [26/05/2015 23:33:09]
AdwCleaner[R14].txt - [1618 bytes] - [27/05/2015 15:22:04]
AdwCleaner[R15].txt - [1678 bytes] - [28/05/2015 00:02:25]
AdwCleaner[R16].txt - [344 bytes] - [28/05/2015 14:00:36]
AdwCleaner[R17].txt - [2107 bytes] - [28/05/2015 14:04:21]
AdwCleaner[R18].txt - [1851 bytes] - [28/05/2015 14:08:51]
AdwCleaner[R19].txt - [2227 bytes] - [28/05/2015 14:09:42]
AdwCleaner[R1].txt - [789 bytes] - [10/05/2015 19:55:57]
AdwCleaner[R20].txt - [274 bytes] - [28/05/2015 14:13:18]
AdwCleaner[R21].txt - [2090 bytes] - [28/05/2015 14:13:48]
AdwCleaner[R22].txt - [2150 bytes] - [28/05/2015 23:18:29]
AdwCleaner[R23].txt - [2731 bytes] - [30/05/2015 15:52:12]
AdwCleaner[R24].txt - [1542 bytes] - [30/05/2015 15:54:38]
AdwCleaner[R2].txt - [847 bytes] - [11/05/2015 23:54:04]
AdwCleaner[R3].txt - [905 bytes] - [13/05/2015 07:04:52]
AdwCleaner[R4].txt - [963 bytes] - [14/05/2015 22:54:15]
AdwCleaner[R5].txt - [1021 bytes] - [17/05/2015 01:15:11]
AdwCleaner[R6].txt - [1140 bytes] - [18/05/2015 00:15:06]
AdwCleaner[R7].txt - [1200 bytes] - [19/05/2015 00:01:23]
AdwCleaner[R8].txt - [1259 bytes] - [19/05/2015 22:37:37]
AdwCleaner[R9].txt - [1318 bytes] - [21/05/2015 13:10:32]
AdwCleaner[s0].txt - [1086 bytes] - [17/05/2015 01:18:18]
AdwCleaner[s1].txt - [2296 bytes] - [28/05/2015 14:10:23]

########## EOF - C:\AdwCleaner\AdwCleaner[R24].txt - [2189 bytes] ##########

Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.8.5 (05.30.2015:1)
OS: Windows 8.1 x64
Ran by J on Sat 05/30/2015 at 15:57:58.61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 


~~~ Services

 

~~~ Tasks

 

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-570464586-119374992-2394123655-1002\Software\Microsoft\Internet Explorer\Main\\Start Page

~~~ Registry Keys

~~~ Files

~~~ Folders

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 05/30/2015 at 16:02:46.49
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to post
Share on other sites

Fix result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015 01
Ran by J at 2015-05-30 16:04:31 Run:2
Running from C:\Users\J\Desktop
Loaded Profiles: J & DefaultAppPool (Available Profiles: J & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CloseProcesses:

FF Extension: Ghostery - C:\Users\J\AppData\Roaming\Mozilla\Firefox\Profiles\az34cp28.default\Extensions\firefox@ghostery.com.xpi [ 2015-05-27]

EmptyTemp:

Hosts:

Reboot:

end
*****************

Processes closed successfully.
C:\Users\J\AppData\Roaming\Mozilla\Firefox\Profiles\az34cp28.default\Extensions\firefox@ghostery.com.xpi => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts restored successfully.
EmptyTemp: => Removed 864.8 MB temporary data.

The system needed a reboot.

==== End of Fixlog 16:04:36 ====

Link to post
Share on other sites

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites

It's running great, except for Visual Studio 2013. It was still lagging and crashing, I couldn't even load projects! I'm thinking that the program corrupted something. I've tried repairing via installer, clean uninstall and reinstall, and /uninstall /force. Nothing has worked, so I force uninstalled and just upgraded to VS2015 Community RC. Thank you very much for your help! It is greatly appreciated!

Link to post
Share on other sites

You're welcome! :)

Step 1

  • Please download Delfix.exe by Xplode and save it to your desktop.
  • Please start it and check the box next to "Remove disinfection tools" and click on the Run button.
  • The tool will delete itself once it finishes.
Step 2

Malware preventions:

https://forums.malwarebytes.org/index.php?/topic/81386-so-how-did-i-get-infected-in-the-first-place/

Safe surfing! :)

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.