Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DNS Problem and Ad Malware/Virus


  • This topic is locked This topic is locked
20 replies to this topic

#1 Silverfox123

Silverfox123

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:28 PM

Posted 23 March 2015 - 05:13 PM

Good Day,

 

I have been having a problem with a Ad malware /virus that has infected mine and my room mates devices (computers and phones). This led me to believe that it had something to do with my DNS. I am not a pro however I have googled my problem and found it is almost exactly the same as this persons on your website:

 

http://www.bleepingcomputer.com/forums/t/570912/dns-changer-virus-infected-all-my-laptops-and-mobiles-on-wifi-network/ 

 

This malware/virus basically creates a pop up everytime you try to browse.

 

I am currently not sure whether the thread is still active and if following it is going to give me joy. However, I am willing to try anything at this point. I tried many things such as installing Malwarebytes malware detection program, Avast does not seem to solve the problem either. I have uninstalled a lot of the programs I did not recognise in my programs list. I have been around computers for a long time so these problems are not uncommon however I cannot fix this one on my own. 

 

I have noticed that clearing my cookies on my browsers as well as removing all embedded add ons does help, however it does not fix the problem. As I am typing the Malwarebytes keeps blocking outbound access from my PC to a specific IP 91.194.254.105 - I am sure that this seems to be part of the main issue however I do not have the know how to fix yet.

 

I have followed your steps (except the backup) - I do not have much to backup on my OS so I do not see the need*. Please find attached the FRST and addition files inclusion as part of this message below.

 

My room mate has picked up trojans on his PC (which I think are linked to the same issue) they are DHCPchanging trojans. This leads me to believe that a trojan/virus has infected all our devices through our interconnected wireless at my residence.

 

I use avast, he uses Kaspersky so I may have the same trojan and avast may not be picking it up.

 

I am not sure if any of the information I have shared may be able to help but if you have any insight on how i can get rid of this problem please let me know or if you can help please do! I am growing tired of this pop up issue.

 

Patiently awaiting your reply,

 

Silverfox123

 

*I am running an OS off an External drive which my work IT guy has installed for me. I use it solely for gaming purposes so losing the drive would mean a reinstall (which would be sad however the problem lies more in all our other devices). I first noticed the problem when playing Dota2 and the browser within the game had a pop up. This was shocking to me as it means that even steam isn't (even with the steam guard) as secure as one would think seeing as credit cards and peoples bank accounts can be linked to them. I am willing to explain anything else you request regarding this matter if anything is unclear please let me know and I will try to explain.

Attached Files



BC AdBot (Login to Remove)

 


m

#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,875 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:28 PM

Posted 25 March 2015 - 09:47 AM

Can you please post all the logs directly into the thread rather than attaching them? :)

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 Silverfox123

Silverfox123
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:28 PM

Posted 25 March 2015 - 11:16 AM

Not a problem, Thank you for the assistance!

 

Please find included below. Also note that the power in my area will be cut off for the next 4 hours due to load shedding so I will only be able to respond after that.

 

FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Silverfox (administrator) on PRASHANT on 23-03-2015 23:39:43
Running from C:\Users\Silverfox\Downloads
Loaded Profiles: Silverfox (Available profiles: Silverfox)
Platform: Microsoft Windows 8 Enterprise (X86) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o.) E:\AVAST Software\Avast\AvastSvc.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Malwarebytes Corporation) E:\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) E:\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) E:\Malwarebytes Anti-Malware\mbam.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Avast Software s.r.o.) E:\AVAST Software\Avast\avastui.exe
(Sony) C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
(Avast Software) E:\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
() C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Avast Software s.r.o.) E:\AVAST Software\Avast\avastui.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [YTDownloader] => "C:\Program Files\YTDownloader\YTDownloader.exe" /boot
HKLM\...\Run: [MouseDriver] => C:\windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Pixart Imaging Inc)
HKLM\...\Run: [AvastUI.exe] => E:\AVAST Software\Avast\AvastUI.exe [5511352 2015-03-21] (Avast Software s.r.o.)
HKU\S-1-5-21-3267236624-799216426-3129378542-1001\...\Run: [uTorrent] => C:\Users\Silverfox\AppData\Roaming\uTorrent\uTorrent.exe [1385808 2014-12-24] (BitTorrent Inc.)
HKU\S-1-5-21-3267236624-799216426-3129378542-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-3267236624-799216426-3129378542-1001\...\Run: [Sony PC Companion] => C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [466144 2014-11-27] (Sony)
HKU\S-1-5-21-3267236624-799216426-3129378542-1001\...\MountPoints2: {9355166a-88be-11e4-b0d5-e89d87f11832} - "G:\startme.exe"
HKU\S-1-5-21-3267236624-799216426-3129378542-1001\...\MountPoints2: {ce387a36-a161-11e3-afc4-e89d87f11832} - "I:\sources\SetupError.exe" x64
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => E:\AVAST Software\Avast\ashShell.dll (Avast Software s.r.o.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-3267236624-799216426-3129378542-1001] => proxy.eskom.co.za:8080
HKU\S-1-5-21-3267236624-799216426-3129378542-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.howzit.msn.com/?rd=1&ucc=ZA&dcc=ZA&opt=0
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> E:\AVAST Software\Avast\aswWebRepIE.dll [2015-03-21] (Avast Software s.r.o.)
Tcpip\Parameters: [DhcpNameServer] 91.194.254.105 8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\Silverfox\AppData\Roaming\Mozilla\Firefox\Profiles\cknto12n.default
FF SearchEngineOrder.1: default-search.net
FF Homepage: https://www.google.co.za/
FF NetworkProxy: "backup.ftp", ""
FF NetworkProxy: "backup.ftp_port", 0
FF NetworkProxy: "backup.socks", ""
FF NetworkProxy: "backup.socks_port", 0
FF NetworkProxy: "backup.ssl", ""
FF NetworkProxy: "backup.ssl_port", 0
FF NetworkProxy: "ftp", "proxy.eskom.co.za"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "proxy.eskom.co.za"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "proxy.eskom.co.za"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "proxy.eskom.co.za"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 0
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> E:\VLC\npvlc.dll [2013-12-08] (VideoLAN)
FF user.js: detected! => C:\Users\Silverfox\AppData\Roaming\Mozilla\Firefox\Profiles\cknto12n.default\user.js [2014-04-11]
FF Extension: DownloadHelper - C:\Users\Silverfox\AppData\Roaming\Mozilla\Firefox\Profiles\cknto12n.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-07]
FF Extension: YouTube Video and Audio Downloader - C:\Users\Silverfox\AppData\Roaming\Mozilla\Firefox\Profiles\cknto12n.default\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2014-04-13]
FF Extension: Personas Plus - C:\Users\Silverfox\AppData\Roaming\Mozilla\Firefox\Profiles\cknto12n.default\Extensions\personas@christopher.beard.xpi [2013-11-29]
FF Extension: FastestFox - C:\Users\Silverfox\AppData\Roaming\Mozilla\Firefox\Profiles\cknto12n.default\Extensions\smarterwiki@wikiatic.com.xpi [2013-11-29]
FF Extension: Soundcloud SUPER +2: Downloader and Recommender - C:\Users\Silverfox\AppData\Roaming\Mozilla\Firefox\Profiles\cknto12n.default\Extensions\{988da70d-b78d-44a1-a9c7-ed11832a9e2e}.xpi [2014-04-13]
FF Extension: StumbleUpon - C:\Users\Silverfox\AppData\Roaming\Mozilla\Firefox\Profiles\cknto12n.default\Extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi [2014-04-13]
FF Extension: DownThemAll! - C:\Users\Silverfox\AppData\Roaming\Mozilla\Firefox\Profiles\cknto12n.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-11-29]
FF Extension: Greasemonkey - C:\Users\Silverfox\AppData\Roaming\Mozilla\Firefox\Profiles\cknto12n.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-11-29]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - E:\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - E:\AVAST Software\Avast\WebRep\FF [2015-03-21]

Chrome:
=======
CHR Profile: C:\Users\Silverfox\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Silverfox\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-29]
CHR Extension: (Google Drive) - C:\Users\Silverfox\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-29]
CHR Extension: (YouTube) - C:\Users\Silverfox\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-29]
CHR Extension: (Google Search) - C:\Users\Silverfox\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-29]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Silverfox\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-20]
CHR Extension: (Google Wallet) - C:\Users\Silverfox\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-29]
CHR Extension: (Gmail) - C:\Users\Silverfox\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-29]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - E:\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-21]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; E:\AVAST Software\Avast\AvastSvc.exe [343336 2015-03-21] (Avast Software s.r.o.)
R3 AvastVBoxSvc; E:\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3205216 2015-03-21] (Avast Software)
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451416 2014-12-31] (Garmin Ltd or its subsidiaries)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; E:\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; E:\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13864 2012-07-25] (Microsoft Corporation)
S2 SLSvc; C:\windows\sppsvc.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\windows\system32\drivers\aswHwid.sys [24144 2015-03-21] ()
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [73440 2015-03-21] (Avast Software s.r.o.)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [81728 2015-03-21] (Avast Software s.r.o.)
R0 aswRvrt; C:\windows\system32\Drivers\aswRvrt.sys [49904 2015-03-21] ()
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [788272 2015-03-21] (Avast Software s.r.o.)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [427480 2015-03-21] (Avast Software s.r.o.)
R2 aswStm; C:\windows\system32\drivers\aswStm.sys [106912 2015-03-21] (Avast Software s.r.o.)
R0 aswVmm; C:\windows\system32\Drivers\aswVmm.sys [206976 2015-03-21] ()
R1 BasicRender; C:\windows\System32\drivers\BasicRender.sys [24576 2012-07-25] (Microsoft Corporation)
S3 ggsomc; C:\windows\System32\drivers\ggsomc.sys [26328 2014-12-20] (Sony Mobile Communications)
S3 HTCAND32; C:\windows\System32\Drivers\ANDROIDUSB.sys [25088 2009-10-27] (HTC, Corporation) [File not signed]
S3 HtcVCom32; C:\windows\system32\DRIVERS\HtcVComV32.sys [105984 2009-10-27] (QUALCOMM Incorporated) [File not signed]
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-03-23] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation)
R3 NETwNs32; C:\windows\system32\DRIVERS\NETwNs32.sys [7518208 2012-06-02] (Intel Corporation)
R3 rixdpcie; C:\windows\System32\drivers\rixdpe86.sys [46080 2012-10-15] (REDC)
R3 Thotkey; C:\windows\System32\drivers\Thotkey.sys [25560 2012-08-02] (Windows ® Win 7 DDK provider)
S3 t_mouse.sys; C:\windows\system32\DRIVERS\t_mouse.sys [5120 2012-12-19] ()
R2 VBoxAswDrv; E:\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220240 2015-03-21] (Avast Software)
R1 wStLibG; C:\windows\System32\drivers\wStLibG.sys [52920 2014-03-28] (StdLib)
R3 WUDFWpdMtp; C:\windows\system32\DRIVERS\WUDFRd.sys [155136 2012-07-25] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-23 23:39 - 2015-03-23 23:40 - 00012938 _____ () C:\Users\Silverfox\Downloads\FRST.txt
2015-03-23 23:38 - 2015-03-23 23:39 - 00000000 ____D () C:\FRST
2015-03-23 23:38 - 2015-03-23 23:38 - 01135104 _____ (Farbar) C:\Users\Silverfox\Downloads\FRST.exe
2015-03-23 23:18 - 2015-03-23 23:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-22 18:14 - 2015-03-22 18:14 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-22 02:45 - 2015-03-21 00:05 - 00074514 _____ () C:\Users\Silverfox\Desktop\50 foolish tracks of EDM 20-03-2015 21-24.mmp
2015-03-21 13:37 - 2015-03-23 23:01 - 00000000 ____D () C:\Users\Silverfox\AppData\Roaming\Dropbox
2015-03-21 13:26 - 2015-03-21 13:26 - 00000000 ____D () C:\Users\Silverfox\AppData\Roaming\AVAST Software
2015-03-21 13:25 - 2015-03-21 13:25 - 00000000 ____D () C:\windows\system32\vbox
2015-03-21 13:24 - 2015-03-21 13:24 - 00000822 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-03-21 13:24 - 2015-03-21 13:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-03-21 13:24 - 2015-03-21 13:23 - 00788272 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswSnx.sys
2015-03-21 13:24 - 2015-03-21 13:23 - 00427480 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswSP.sys
2015-03-21 13:24 - 2015-03-21 13:23 - 00291312 _____ (Avast Software s.r.o.) C:\windows\system32\aswBoot.exe
2015-03-21 13:24 - 2015-03-21 13:23 - 00206976 _____ () C:\windows\system32\Drivers\aswVmm.sys
2015-03-21 13:24 - 2015-03-21 13:23 - 00106912 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswStm.sys
2015-03-21 13:24 - 2015-03-21 13:23 - 00081728 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswRdr2.sys
2015-03-21 13:24 - 2015-03-21 13:23 - 00073440 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswMonFlt.sys
2015-03-21 13:24 - 2015-03-21 13:23 - 00049904 _____ () C:\windows\system32\Drivers\aswRvrt.sys
2015-03-21 13:24 - 2015-03-21 13:23 - 00024144 _____ () C:\windows\system32\Drivers\aswHwid.sys
2015-03-21 13:23 - 2015-03-21 13:23 - 00043112 _____ (Avast Software s.r.o.) C:\windows\avastSS.scr
2015-03-21 13:17 - 2015-03-21 13:17 - 05475064 _____ (Avast Software s.r.o.) C:\Users\Silverfox\Downloads\avast_free_antivirus_setup_online_10_2_2214.exe
2015-03-21 13:17 - 2015-03-21 13:17 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-03-21 11:21 - 2015-03-23 23:36 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-21 11:21 - 2015-03-21 11:21 - 00000629 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-21 11:21 - 2015-03-21 11:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-21 11:21 - 2015-03-21 11:21 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-21 11:21 - 2015-03-17 06:15 - 00092888 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-03-21 11:21 - 2015-03-17 06:15 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-03-21 11:21 - 2015-03-17 06:15 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-03-21 11:19 - 2015-03-21 11:19 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Silverfox\Downloads\mbam-setup-2.1.4.1018.exe
2015-02-21 13:44 - 2015-02-21 13:44 - 00001858 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2015-02-21 13:44 - 2015-02-21 13:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-02-21 13:39 - 2015-02-21 13:39 - 00000000 ____D () C:\Users\Silverfox\AppData\Local\Steam

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2018-08-26 23:11 - 2012-06-02 07:33 - 00132165 _____ () C:\windows\system32\slmgr.vbs
2015-03-23 23:32 - 2013-11-29 21:50 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-23 23:18 - 2014-09-26 18:30 - 00000000 ____D () C:\Users\Silverfox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-03-23 23:12 - 2013-11-29 21:46 - 00848230 _____ () C:\windows\system32\PerfStringBackup.INI
2015-03-23 23:05 - 2013-11-29 21:50 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-23 23:05 - 2013-11-29 13:31 - 00606730 _____ () C:\windows\PFRO.log
2015-03-23 23:05 - 2012-07-25 23:04 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-03-23 23:00 - 2015-01-31 00:48 - 00000000 ____D () C:\Users\Silverfox\AppData\Roaming\MixMeister Technology
2015-03-23 23:00 - 2015-01-31 00:48 - 00000000 ____D () C:\Program Files\MixMeister Studio
2015-03-23 23:00 - 2012-07-25 23:53 - 00000000 ____D () C:\windows\system32\sru
2015-03-23 22:51 - 2013-11-29 21:48 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-22 13:12 - 2013-12-28 11:32 - 00000000 ____D () C:\Users\Silverfox\AppData\Roaming\vlc
2015-03-22 02:45 - 2012-07-25 23:03 - 00054256 _____ () C:\windows\setupact.log
2015-03-21 17:37 - 2013-11-29 21:56 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-21 16:59 - 2012-07-25 23:53 - 00000000 ____D () C:\windows\Vss
2015-03-21 13:07 - 2013-12-30 18:56 - 00000000 ____D () C:\Users\Silverfox\Documents\Install
2015-03-21 13:07 - 2012-07-25 23:53 - 00000000 ____D () C:\windows\Branding
2015-03-21 11:50 - 2014-09-27 13:16 - 00000000 ____D () C:\Program Files\Settings Manager
2015-03-21 11:50 - 2012-07-25 23:53 - 00000000 ____D () C:\windows\Help
2015-03-21 11:49 - 2012-07-25 21:17 - 00262144 ___SH () C:\windows\system32\config\BBI
2015-03-21 11:47 - 2014-09-27 13:16 - 00000000 ____D () C:\Users\Silverfox\AppData\Roaming\FirefoxToolbar
2015-03-21 11:47 - 2013-11-29 22:44 - 00000000 ____D () C:\Users\Silverfox\AppData\Local\CRE
2015-03-20 16:58 - 2012-07-25 23:53 - 00000000 ____D () C:\windows\Microsoft.NET
2015-03-14 11:31 - 2014-12-20 10:23 - 00001972 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2015-03-14 11:31 - 2014-12-20 10:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-03-14 11:31 - 2013-12-31 16:23 - 00200638 _____ () C:\windows\DPINST.LOG
2015-03-14 11:30 - 2014-12-20 10:23 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-02-22 07:08 - 2013-11-29 22:01 - 00000000 ____D () C:\Program Files\Common Files\Steam
2015-02-21 13:54 - 2013-11-29 13:45 - 01410459 _____ () C:\windows\WindowsUpdate.log
2015-02-21 13:44 - 2014-07-15 19:04 - 00000000 ____D () C:\ProgramData\Garmin
2015-02-21 13:44 - 2014-07-15 19:04 - 00000000 ____D () C:\Program Files\Garmin
2015-02-21 13:44 - 2014-07-15 19:03 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-21 13:43 - 2012-07-25 23:53 - 00000000 ____D () C:\windows\AUInstallAgent

==================== Files in the root of some directories =======

2014-12-20 20:18 - 2014-12-20 20:22 - 28488056 _____ (Sony Mobile Communications                                  ) C:\Users\Silverfox\AppData\Local\pcc.exe
2014-09-26 19:15 - 2014-09-27 12:50 - 0007597 _____ () C:\Users\Silverfox\AppData\Local\resmon.resmoncfg

Some content of TEMP:
====================
C:\Users\Silverfox\AppData\Local\Temp\avgnt.exe
C:\Users\Silverfox\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprjsytt.dll
C:\Users\Silverfox\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
C:\Users\Silverfox\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Silverfox\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Silverfox\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Silverfox\AppData\Local\Temp\MouseKeyboardCenterx86_1033.exe
C:\Users\Silverfox\AppData\Local\Temp\setup_3.2.20.exe
C:\Users\Silverfox\AppData\Local\Temp\uttB7CA.tmp.exe
C:\Users\Silverfox\AppData\Local\Temp\YTDUninst.exe
C:\Users\Silverfox\AppData\Local\Temp\ytd_bu10_setup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-14 01:42

==================== End Of Log ============================

 

 

ADDITION:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by Silverfox at 2015-03-23 23:40:19
Running from C:\Users\Silverfox\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3267236624-799216426-3129378542-1001\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.2.2214 - AVAST Software)
Convert MP4 to MP3 (HKLM\...\{5067397A-2935-4290-AE14-1BE2863B00A3}_is1) (Version:  - ConvertMP4toMP3.com)
Elevated Installer (Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM\...\{855d8086-4275-4bd3-a7a8-b44da3a56d7a}) (Version: 3.2.27.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 36.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 36.0.3 (x86 en-US)) (Version: 36.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Sony Mobile Update Engine (HKLM\...\Update Engine) (Version: 2.14.17.201412121559 - Sony Mobile Communications Inc.)
Sony PC Companion 2.10.251 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.251 - Sony)
Steam (HKLM\...\Steam) (Version:  - Valve Corporation)
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3267236624-799216426-3129378542-1001_Classes\CLSID\{b2b568c8-3712-4a75-b806-4b3c2fdb06d5}\localserver32 -> C:\Users\Silverfox\AppData\Local\Temp\{e9513610-f218-4dda-b954-2c7e6ba7cabb}\IDriver.NonElevated.exe (Macrovision Corporation)

==================== Restore Points  =========================

20-03-2015 19:07:46 Scheduled Checkpoint
23-03-2015 22:55:21 Removed GEAR 32bit Driver Installer

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-25 21:17 - 2012-07-25 21:17 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {19AA4FD9-1116-482D-89EB-6CB72D710240} - System32\Tasks\WPD\SqmUpload_S-1-5-21-3267236624-799216426-3129378542-1001
Task: {1E84DCB8-8C84-4436-A108-209A65086823} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask
Task: {1F706E2D-6195-473C-B103-39FAA724D72B} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Uploader
Task: {2D77B0CB-DE07-4328-9B79-0B88B2F20C73} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent
Task: {38FBD8C6-6C6D-4B5C-985B-4ACE4DF6E2F6} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector
Task: {40EE95A0-9690-468F-B421-56F8158C72E5} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: {4346C170-5A59-4935-8ED4-9ED4FABF6E03} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {4F896B01-F28F-4966-A220-61E8F0F2C317} - System32\Tasks\avast! Emergency Update => E:\AVAST Software\Avast\AvastEmUpdate.exe [2015-03-21] (Avast Software s.r.o.)
Task: {56F59500-C4D1-4720-859F-13B4998AA792} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask
Task: {600CBAC8-F824-4925-BE23-69B0D808CBB9} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater
Task: {699AF4D3-98F6-4407-B08C-9B1742B37115} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-12-31] ()
Task: {70F85AB3-66C5-44E8-A831-6008BE83AE72} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator
Task: {8E6052DF-75F9-4690-A5F1-1605187EE91D} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver
Task: {99768757-32DC-4E02-BE1E-2FE4783695EE} - System32\Tasks\Microsoft\Windows\WS\License Validation
Task: {A86177DB-DAE1-4380-A4F6-99F5DABE66D9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-11-29] (Google Inc.)
Task: {B7BF53D1-DE70-441A-B513-5CF062681D28} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-11-29] (Google Inc.)
Task: {BD3EFFBD-7FC4-4D21-91F5-17156A2AAE2D} - System32\Tasks\SMupdate1 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update1 <==== ATTENTION
Task: {D1759810-05BD-4346-BA4F-544834D399FA} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {DF2D6074-8317-4050-890F-116E54CFAAD9} - System32\Tasks\Microsoft\Windows\Autochk\Proxy

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2015-03-21 13:23 - 2015-03-21 13:23 - 00104400 _____ () E:\AVAST Software\Avast\log.dll
2015-03-21 13:23 - 2015-03-21 13:23 - 00081728 _____ () E:\AVAST Software\Avast\JsonRpcServer.dll
2015-03-23 22:57 - 2015-03-23 22:57 - 02922496 _____ () E:\AVAST Software\Avast\defs\15032301\algo.dll
2015-03-21 13:23 - 2015-03-21 13:23 - 40540672 _____ () E:\AVAST Software\Avast\libcef.dll
2014-12-20 10:23 - 2012-04-30 10:57 - 00039936 _____ () C:\Program Files\Sony\Sony PC Companion\TMonitorAPI.dll
2014-12-20 10:23 - 2014-12-04 14:18 - 00241152 _____ () C:\Program Files\Sony\Sony PC Companion\MExplorer.dll
2011-07-07 15:54 - 2011-07-07 15:54 - 00233984 _____ () C:\Program Files\Sony\Sony PC Companion\Report.dll
2014-12-20 10:23 - 2013-05-20 11:58 - 00620718 _____ () C:\Program Files\Sony\Sony PC Companion\sqlite3.dll
2014-12-20 10:23 - 2010-01-11 15:44 - 00053248 _____ () C:\Program Files\Sony\Sony PC Companion\VObject.dll
2014-11-21 13:31 - 2014-11-21 13:31 - 00663040 _____ () C:\Program Files\Sony\Sony PC Companion\PhoneUpdate.dll
2014-12-20 10:23 - 2014-06-23 08:07 - 00113376 _____ () C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
2015-03-21 13:23 - 2015-03-21 13:23 - 01359872 _____ () E:\AVAST Software\Avast\libglesv2.dll
2015-03-21 13:23 - 2015-03-21 13:23 - 00212992 _____ () E:\AVAST Software\Avast\libegl.dll
2015-03-21 17:36 - 2015-03-14 03:12 - 01174856 _____ () C:\Program Files\Google\Chrome\Application\41.0.2272.101\libglesv2.dll
2015-03-21 17:36 - 2015-03-14 03:12 - 00080200 _____ () C:\Program Files\Google\Chrome\Application\41.0.2272.101\libegl.dll
2015-03-21 17:36 - 2015-03-14 03:12 - 09278792 _____ () C:\Program Files\Google\Chrome\Application\41.0.2272.101\pdf.dll
2015-03-21 17:36 - 2015-03-14 03:12 - 14974280 _____ () C:\Program Files\Google\Chrome\Application\41.0.2272.101\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3267236624-799216426-3129378542-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Silverfox\Pictures\redirect.jpg
DNS Servers: 91.194.254.105 - 8.8.8.8

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run: => "YTDownloader"
HKU\S-1-5-21-3267236624-799216426-3129378542-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-3267236624-799216426-3129378542-1001\...\StartupApproved\Run: => "GarminExpressTrayApp"

==================== Accounts: =============================

Administrator (S-1-5-21-3267236624-799216426-3129378542-500 - Administrator - Disabled)
Guest (S-1-5-21-3267236624-799216426-3129378542-501 - Limited - Disabled)
Silverfox (S-1-5-21-3267236624-799216426-3129378542-1001 - Administrator - Enabled) => C:\Users\Silverfox

==================== Faulty Device Manager Devices =============

Name: Fingerprint Sensor
Description: Fingerprint Sensor
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/23/2015 10:57:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe, version: 6.2.9200.16384, time stamp: 0x50109e4e
Faulting module name: SysMenu.dll, version: 1.0.0.4, time stamp: 0x5293152d
Exception code: 0xc0000005
Fault offset: 0x0006c24c
Faulting process id: 0x320
Faulting application start time: 0xrundll32.exe0
Faulting application path: rundll32.exe1
Faulting module path: rundll32.exe2
Report Id: rundll32.exe3
Faulting package full name: rundll32.exe4
Faulting package-relative application ID: rundll32.exe5

Error: (03/22/2015 04:00:07 PM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: )
Description: 80004005

Error: (03/22/2015 02:45:06 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.2.9200.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: d24

Start Time: 01d0643335eb3013

Termination Time: 1277

Application Path: C:\windows\Explorer.EXE

Report Id: 16ab901e-d078-11e4-b11a-e89d87f11832

Faulting package full name:

Faulting package-relative application ID:

Error: (03/21/2015 09:00:09 PM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: )
Description: 80004005

Error: (03/21/2015 05:06:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe, version: 6.2.9200.16384, time stamp: 0x50109e4e
Faulting module name: SysMenu.dll, version: 1.0.0.4, time stamp: 0x5293152d
Exception code: 0xc0000005
Fault offset: 0x0006c24c
Faulting process id: 0x105c
Faulting application start time: 0xrundll32.exe0
Faulting application path: rundll32.exe1
Faulting module path: rundll32.exe2
Report Id: rundll32.exe3
Faulting package full name: rundll32.exe4
Faulting package-relative application ID: rundll32.exe5

Error: (03/21/2015 11:22:02 AM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: )
Description: 80004005

Error: (03/20/2015 04:36:54 PM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: )
Description: 80004005

Error: (03/20/2015 04:36:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe, version: 6.2.9200.16384, time stamp: 0x50109e4e
Faulting module name: SysMenu.dll, version: 1.0.0.4, time stamp: 0x5293152d
Exception code: 0xc0000005
Fault offset: 0x0006c24c
Faulting process id: 0xb1c
Faulting application start time: 0xrundll32.exe0
Faulting application path: rundll32.exe1
Faulting module path: rundll32.exe2
Report Id: rundll32.exe3
Faulting package full name: rundll32.exe4
Faulting package-relative application ID: rundll32.exe5

Error: (03/15/2015 03:21:43 AM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: )
Description: 80004005

Error: (03/14/2015 11:36:08 AM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: )
Description: 80004005


System errors:
=============
Error: (03/23/2015 11:06:41 PM) (Source: DCOM) (EventID: 10005) (User: Prashant)
Description: 1053WSearchUnavailable{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (03/23/2015 11:06:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053

Error: (03/23/2015 11:06:41 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Error: (03/23/2015 11:06:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Software Protection service failed to start due to the following error:
%%2

Error: (03/23/2015 11:05:13 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (03/23/2015 11:04:12 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Group Policy Client service did not shut down properly after receiving a preshutdown control.

Error: (03/23/2015 11:03:15 PM) (Source: DCOM) (EventID: 10001) (User: Prashant)
Description: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe -Embedding740{E9513610-F218-4DDA-B954-2C7E6BA7CABB}UnavailableUnavailable

Error: (03/23/2015 10:52:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Software Protection service failed to start due to the following error:
%%2

Error: (03/23/2015 10:51:46 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (03/22/2015 00:51:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Software Protection service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (03/23/2015 10:57:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe6.2.9200.1638450109e4eSysMenu.dll1.0.0.45293152dc00000050006c24c32001d065f765a40826C:\windows\system32\rundll32.exeC:\PROGRA~1\COMMON~1\System\SysMenu.dllad204a4d-d1ea-11e4-b11c-e89d87f11832

Error: (03/22/2015 04:00:07 PM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: )
Description: 80004005

Error: (03/22/2015 02:45:06 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.2.9200.16384d2401d0643335eb30131277C:\windows\Explorer.EXE16ab901e-d078-11e4-b11a-e89d87f11832

Error: (03/21/2015 09:00:09 PM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: )
Description: 80004005

Error: (03/21/2015 05:06:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe6.2.9200.1638450109e4eSysMenu.dll1.0.0.45293152dc00000050006c24c105c01d06433e8efea3fC:\windows\system32\rundll32.exeC:\PROGRA~1\COMMON~1\System\SysMenu.dll4266e9f5-d027-11e4-b11a-e89d87f11832

Error: (03/21/2015 11:22:02 AM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: )
Description: 80004005

Error: (03/20/2015 04:36:54 PM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: )
Description: 80004005

Error: (03/20/2015 04:36:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe6.2.9200.1638450109e4eSysMenu.dll1.0.0.45293152dc00000050006c24cb1c01d06366b20fecd0C:\windows\system32\rundll32.exeC:\PROGRA~1\COMMON~1\System\SysMenu.dllf3e8a123-cf59-11e4-b116-e89d87f11832

Error: (03/15/2015 03:21:43 AM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: )
Description: 80004005

Error: (03/14/2015 11:36:08 AM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: )
Description: 80004005


CodeIntegrity Errors:
===================================
  Date: 2015-03-23 23:05:23.427
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\smss.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\shell32.dll with signing level Unsigned while the system requires signing level Windows or better to load.

  Date: 2015-03-23 22:51:53.584
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\smss.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\shell32.dll with signing level Unsigned while the system requires signing level Windows or better to load.

  Date: 2015-03-22 12:50:38.660
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\smss.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\shell32.dll with signing level Unsigned while the system requires signing level Windows or better to load.

  Date: 2015-03-21 16:59:24.490
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\smss.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\shell32.dll with signing level Unsigned while the system requires signing level Windows or better to load.

  Date: 2015-03-21 11:50:12.490
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\smss.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\shell32.dll with signing level Unsigned while the system requires signing level Windows or better to load.

  Date: 2015-03-21 11:12:30.661
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\smss.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\shell32.dll with signing level Unsigned while the system requires signing level Windows or better to load.

  Date: 2015-03-20 16:46:50.615
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\smss.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\shell32.dll with signing level Unsigned while the system requires signing level Windows or better to load.

  Date: 2015-03-20 16:33:21.365
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\smss.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\shell32.dll with signing level Unsigned while the system requires signing level Windows or better to load.

  Date: 2015-03-15 03:18:08.224
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\smss.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\shell32.dll with signing level Unsigned while the system requires signing level Windows or better to load.

  Date: 2015-03-14 09:56:42.224
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\smss.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\shell32.dll with signing level Unsigned while the system requires signing level Windows or better to load.
 



#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,875 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:28 PM

Posted 25 March 2015 - 11:18 AM

Hey,
no problem. :)

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
  • Note: The log can also be found in here: C:\AdwCleaner\

    Step 2: Malwarebytes

    Iconic_normal.png Please download Malwarebytes Anti-Malware to your desktop
    • Double-click mbam-setup-version.exe and follow the prompts to install the program.
    • At the end, be sure a check-mark is placed next to the following:
      • Enable free trial of Malwarebytes Anti-Malware Premium
      • Launch Malwarebytes Anti-Malware
    • Then click Finish.
    • If an update is found, you will be prompted to download and install the latest version.
    • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
    • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
    • Reboot your computer if prompted.
    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

    The log is available throughout History ->Application logs. Please post it contents in your next reply.

    Step 3: Junkware Removal Tool

    thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
    Step 4: FRST Scan
    • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
    • Click Scan to start FRST.
    • When FRST finishes scanning, a log, FRST.txt, will open.
    • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 Silverfox123

Silverfox123
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:28 PM

Posted 25 March 2015 - 11:24 AM

Will do this will take a while so will respond to you as soon as i can. Thanks again! :thumbup2:



#6 Silverfox123

Silverfox123
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:28 PM

Posted 25 March 2015 - 12:20 PM

Hi!

 

I have completed all the scans (already had malwarebytes installed and scanned previously so the results this time came up with zero issues). Please find results below:

 

STEP1

 

# AdwCleaner v4.113 - Logfile created 25/03/2015 at 18:28:31
# Updated 22/03/2015 by Xplode
# Database : 2015-03-23.1 [Server]
# Operating system : Windows 8 Enterprise  (x86)
# Username : Silverfox - PRASHANT
# Running from : C:\Users\Silverfox\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

Service Deleted : wStLibG

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\predm
Folder Deleted : C:\Program Files\Settings Manager
Folder Deleted : C:\Users\SILVER~1\AppData\Local\Temp\NativeMessaging
Folder Deleted : C:\Users\Silverfox\AppData\Local\Conduit
Folder Deleted : C:\Users\Silverfox\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\Silverfox\AppData\Local\WhiteListing
Folder Deleted : C:\Users\Silverfox\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Silverfox\AppData\Roaming\FirefoxToolbar
Folder Deleted : C:\Users\Silverfox\AppData\Roaming\RHEng
File Deleted : C:\windows\system32\drivers\wStLibG.sys
File Deleted : C:\Users\Silverfox\AppData\Roaming\Mozilla\Firefox\Profiles\cknto12n.default\invalidprefs.js
File Deleted : C:\Users\Silverfox\AppData\Roaming\Mozilla\Firefox\Profiles\cknto12n.default\user.js

***** [ Scheduled tasks ] *****

Task Deleted : SMupdate1

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [YTDownloader]
Key Deleted : HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\SysMenuExt
Key Deleted : HKLM\SOFTWARE\Classes\AppID\SysMenu.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D813D5BB-EBC7-45F9-B8A4-36A305168069}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{020B1D4B-5738-4C77-9E19-4F173DD9B486}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\GOffers
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\free_soft_to_day
Key Deleted : HKLM\SOFTWARE\Uniblue
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - proxy.eskom.co.za:8080

***** [ Web browsers ] *****

-\\ Internet Explorer v10.0.9200.16384


-\\ Mozilla Firefox v36.0.4 (x86 en-US)

[cknto12n.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "default-search.net");

-\\ Google Chrome v41.0.2272.101

[C:\Users\Silverfox\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Silverfox\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

-\\ Chromium v

[C:\Users\Silverfox\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Silverfox\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [3254 bytes] - [25/03/2015 18:26:02]
AdwCleaner[S0].txt - [3564 bytes] - [25/03/2015 18:28:31]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3623  bytes] ##########
 

 

STEP 2

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/25/2015
Scan Time: 6:41:03 PM
Logfile: malwarebytes.txt
Administrator: Yes

Version: 2.01.4.1018
Malware Database: v2015.03.09.05
Rootkit Database: v2015.02.25.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8
CPU: x86
File System: NTFS
User: Silverfox

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 306252
Time Elapsed: 22 min, 25 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

STEP 3

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.6 (03.22.2015:1)
OS: Windows 8 Enterprise x86
Ran by Silverfox on Wed 03/25/2015 at 19:07:10.13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3267236624-799216426-3129378542-1001\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3267236624-799216426-3129378542-1001
Successfully deleted: [File] C:\windows\prefetch\SPEEDUPMYPC-ROW-P2.TMP-D41212D2.pf
Successfully deleted: [File] C:\windows\prefetch\SPEEDUPMYPC-STANDALONE-SETUP.-751750EF.pf



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Silverfox\Local Settings\Application Data\cre"



~~~ FireFox

Successfully deleted the following from C:\Users\Silverfox\AppData\Roaming\mozilla\firefox\profiles\cknto12n.default\prefs.js

user_pref("stumble.19479641.recently_seen_publicids", "1EmL40.2YF2n4.2Iph9A.5pIRp2.A4B8BG.2waIm0.5Ns733.1j2oei.3xKCaK.7lWvnZ.6o3P3k.9KN8hN.2brs2o.1xPzob.241roB.2ZFVfO.1mLhPK.2
Emptied folder: C:\Users\Silverfox\AppData\Roaming\mozilla\firefox\profiles\cknto12n.default\minidumps [25 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 03/25/2015 at 19:10:28.54
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

STEP 4

 

FRST

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Silverfox (administrator) on PRASHANT on 25-03-2015 19:12:13
Running from C:\Users\Silverfox\Desktop
Loaded Profiles: Silverfox (Available profiles: Silverfox)
Platform: Microsoft Windows 8 Enterprise (X86) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o.) E:\AVAST Software\Avast\AvastSvc.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Avast Software) E:\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Avast Software s.r.o.) E:\AVAST Software\Avast\avastui.exe
(Sony) C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
() C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
(Avast Software s.r.o.) E:\AVAST Software\Avast\avastui.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MouseDriver] => C:\windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Pixart Imaging Inc)
HKLM\...\Run: [AvastUI.exe] => E:\AVAST Software\Avast\AvastUI.exe [5511352 2015-03-21] (Avast Software s.r.o.)
HKLM\...\Run: [Malwarebytes Anti-Exploit] => E:\Malwarebytes Anti-Exploit\mbae.exe
HKU\S-1-5-21-3267236624-799216426-3129378542-1001\...\Run: [uTorrent] => C:\Users\Silverfox\AppData\Roaming\uTorrent\uTorrent.exe [1385808 2014-12-24] (BitTorrent Inc.)
HKU\S-1-5-21-3267236624-799216426-3129378542-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-3267236624-799216426-3129378542-1001\...\Run: [Sony PC Companion] => C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [466144 2014-11-27] (Sony)
HKU\S-1-5-21-3267236624-799216426-3129378542-1001\...\MountPoints2: {9355166a-88be-11e4-b0d5-e89d87f11832} - "G:\startme.exe"
HKU\S-1-5-21-3267236624-799216426-3129378542-1001\...\MountPoints2: {ce387a36-a161-11e3-afc4-e89d87f11832} - "I:\sources\SetupError.exe" x64
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => E:\AVAST Software\Avast\ashShell.dll (Avast Software s.r.o.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3267236624-799216426-3129378542-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.howzit.msn.com/?rd=1&ucc=ZA&dcc=ZA&opt=0
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> E:\AVAST Software\Avast\aswWebRepIE.dll [2015-03-21] (Avast Software s.r.o.)
Tcpip\Parameters: [DhcpNameServer] 91.194.254.105 8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\Silverfox\AppData\Roaming\Mozilla\Firefox\Profiles\cknto12n.default
FF Homepage: https://www.google.co.za/
FF NetworkProxy: "backup.ftp", ""
FF NetworkProxy: "backup.ftp_port", 0
FF NetworkProxy: "backup.socks", ""
FF NetworkProxy: "backup.socks_port", 0
FF NetworkProxy: "backup.ssl", ""
FF NetworkProxy: "backup.ssl_port", 0
FF NetworkProxy: "ftp", "proxy.eskom.co.za"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "proxy.eskom.co.za"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "proxy.eskom.co.za"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "proxy.eskom.co.za"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 0
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> E:\VLC\npvlc.dll [2013-12-08] (VideoLAN)
FF Extension: YouTube Video and Audio Downloader - C:\Users\Silverfox\AppData\Roaming\Mozilla\Firefox\Profiles\cknto12n.default\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2014-04-13]
FF Extension: Personas Plus - C:\Users\Silverfox\AppData\Roaming\Mozilla\Firefox\Profiles\cknto12n.default\Extensions\personas@christopher.beard.xpi [2013-11-29]
FF Extension: FastestFox - C:\Users\Silverfox\AppData\Roaming\Mozilla\Firefox\Profiles\cknto12n.default\Extensions\smarterwiki@wikiatic.com.xpi [2013-11-29]
FF Extension: Soundcloud SUPER +2: Downloader and Recommender - C:\Users\Silverfox\AppData\Roaming\Mozilla\Firefox\Profiles\cknto12n.default\Extensions\{988da70d-b78d-44a1-a9c7-ed11832a9e2e}.xpi [2014-04-13]
FF Extension: StumbleUpon - C:\Users\Silverfox\AppData\Roaming\Mozilla\Firefox\Profiles\cknto12n.default\Extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi [2014-04-13]
FF Extension: Video DownloadHelper - C:\Users\Silverfox\AppData\Roaming\Mozilla\Firefox\Profiles\cknto12n.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-23]
FF Extension: DownThemAll! - C:\Users\Silverfox\AppData\Roaming\Mozilla\Firefox\Profiles\cknto12n.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-11-29]
FF Extension: Greasemonkey - C:\Users\Silverfox\AppData\Roaming\Mozilla\Firefox\Profiles\cknto12n.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-11-29]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - E:\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - E:\AVAST Software\Avast\WebRep\FF [2015-03-21]

Chrome:
=======
CHR Profile: C:\Users\Silverfox\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Silverfox\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-29]
CHR Extension: (Google Drive) - C:\Users\Silverfox\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-29]
CHR Extension: (YouTube) - C:\Users\Silverfox\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-29]
CHR Extension: (Google Search) - C:\Users\Silverfox\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-29]
CHR Extension: (Google Wallet) - C:\Users\Silverfox\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-29]
CHR Extension: (Gmail) - C:\Users\Silverfox\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-29]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - E:\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-21]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; E:\AVAST Software\Avast\AvastSvc.exe [343336 2015-03-21] (Avast Software s.r.o.)
R3 AvastVBoxSvc; E:\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3205216 2015-03-21] (Avast Software)
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451416 2014-12-31] (Garmin Ltd or its subsidiaries)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13864 2012-07-25] (Microsoft Corporation)
S2 SLSvc; C:\windows\sppsvc.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\windows\system32\drivers\aswHwid.sys [24144 2015-03-21] ()
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [73440 2015-03-21] (Avast Software s.r.o.)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [81728 2015-03-21] (Avast Software s.r.o.)
R0 aswRvrt; C:\windows\system32\Drivers\aswRvrt.sys [49904 2015-03-21] ()
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [788272 2015-03-21] (Avast Software s.r.o.)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [427480 2015-03-21] (Avast Software s.r.o.)
S2 aswStm; C:\windows\system32\drivers\aswStm.sys [106912 2015-03-21] (Avast Software s.r.o.)
R0 aswVmm; C:\windows\system32\Drivers\aswVmm.sys [206976 2015-03-21] ()
R1 BasicRender; C:\windows\System32\drivers\BasicRender.sys [24576 2012-07-25] (Microsoft Corporation)
S3 ggsomc; C:\windows\System32\drivers\ggsomc.sys [26328 2014-12-20] (Sony Mobile Communications)
S3 HTCAND32; C:\windows\System32\Drivers\ANDROIDUSB.sys [25088 2009-10-27] (HTC, Corporation) [File not signed]
S3 HtcVCom32; C:\windows\system32\DRIVERS\HtcVComV32.sys [105984 2009-10-27] (QUALCOMM Incorporated) [File not signed]
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation)
R3 NETwNs32; C:\windows\system32\DRIVERS\NETwNs32.sys [7518208 2012-06-02] (Intel Corporation)
R3 rixdpcie; C:\windows\System32\drivers\rixdpe86.sys [46080 2012-10-15] (REDC)
R3 Thotkey; C:\windows\System32\drivers\Thotkey.sys [25560 2012-08-02] (Windows ® Win 7 DDK provider)
R3 t_mouse.sys; C:\windows\system32\DRIVERS\t_mouse.sys [5120 2012-12-19] ()
R2 VBoxAswDrv; E:\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220240 2015-03-21] (Avast Software)
R3 WUDFWpdMtp; C:\windows\system32\DRIVERS\WUDFRd.sys [155136 2012-07-25] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-25 19:12 - 2015-03-25 19:12 - 00011508 _____ () C:\Users\Silverfox\Desktop\FRST.txt
2015-03-25 19:10 - 2015-03-25 19:10 - 00002208 _____ () C:\Users\Silverfox\Desktop\JRT.txt
2015-03-25 19:05 - 2015-03-25 19:05 - 00001052 _____ () C:\Users\Silverfox\Desktop\malwarebytes.txt
2015-03-25 18:40 - 2015-03-25 18:40 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-25 18:40 - 2015-03-25 18:40 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-25 18:40 - 2015-03-25 18:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-25 18:40 - 2015-03-25 18:40 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-03-25 18:40 - 2015-03-17 06:15 - 00092888 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-03-25 18:40 - 2015-03-17 06:15 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-03-25 18:40 - 2015-03-17 06:15 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-03-25 18:34 - 2015-03-25 18:34 - 00003703 _____ () C:\Users\Silverfox\Desktop\AdwCleaner[S0].txt
2015-03-25 18:25 - 2015-03-25 18:28 - 00000000 ____D () C:\AdwCleaner
2015-03-25 18:25 - 2015-03-25 18:22 - 01388782 _____ (Thisisu) C:\Users\Silverfox\Desktop\JRT.exe
2015-03-25 18:25 - 2015-03-25 18:19 - 02168320 _____ () C:\Users\Silverfox\Desktop\AdwCleaner.exe
2015-03-25 18:22 - 2015-03-25 18:22 - 01388782 _____ (Thisisu) C:\Users\Silverfox\Downloads\JRT.exe
2015-03-25 18:19 - 2015-03-25 18:19 - 02168320 _____ () C:\Users\Silverfox\Downloads\AdwCleaner.exe
2015-03-24 18:30 - 2015-03-24 22:45 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2015-03-24 18:29 - 2015-03-24 18:29 - 02967032 _____ (Malwarebytes ) C:\Users\Silverfox\Downloads\mbae-setup.exe
2015-03-24 18:06 - 2015-03-24 18:06 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-23 23:40 - 2015-03-23 23:40 - 00023024 _____ () C:\Users\Silverfox\Downloads\Addition.txt
2015-03-23 23:39 - 2015-03-23 23:40 - 00021891 _____ () C:\Users\Silverfox\Downloads\FRST.txt
2015-03-23 23:38 - 2015-03-25 19:12 - 00000000 ____D () C:\FRST
2015-03-23 23:38 - 2015-03-23 23:38 - 01135104 _____ (Farbar) C:\Users\Silverfox\Desktop\FRST.exe
2015-03-23 23:18 - 2015-03-23 23:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-22 02:45 - 2015-03-21 00:05 - 00074514 _____ () C:\Users\Silverfox\Desktop\50 foolish tracks of EDM 20-03-2015 21-24.mmp
2015-03-21 13:37 - 2015-03-23 23:01 - 00000000 ____D () C:\Users\Silverfox\AppData\Roaming\Dropbox
2015-03-21 13:26 - 2015-03-21 13:26 - 00000000 ____D () C:\Users\Silverfox\AppData\Roaming\AVAST Software
2015-03-21 13:25 - 2015-03-21 13:25 - 00000000 ____D () C:\windows\system32\vbox
2015-03-21 13:24 - 2015-03-21 13:24 - 00000822 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-03-21 13:24 - 2015-03-21 13:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-03-21 13:24 - 2015-03-21 13:23 - 00788272 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswSnx.sys
2015-03-21 13:24 - 2015-03-21 13:23 - 00427480 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswSP.sys
2015-03-21 13:24 - 2015-03-21 13:23 - 00291312 _____ (Avast Software s.r.o.) C:\windows\system32\aswBoot.exe
2015-03-21 13:24 - 2015-03-21 13:23 - 00206976 _____ () C:\windows\system32\Drivers\aswVmm.sys
2015-03-21 13:24 - 2015-03-21 13:23 - 00106912 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswStm.sys
2015-03-21 13:24 - 2015-03-21 13:23 - 00081728 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswRdr2.sys
2015-03-21 13:24 - 2015-03-21 13:23 - 00073440 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswMonFlt.sys
2015-03-21 13:24 - 2015-03-21 13:23 - 00049904 _____ () C:\windows\system32\Drivers\aswRvrt.sys
2015-03-21 13:24 - 2015-03-21 13:23 - 00024144 _____ () C:\windows\system32\Drivers\aswHwid.sys
2015-03-21 13:23 - 2015-03-21 13:23 - 00043112 _____ (Avast Software s.r.o.) C:\windows\avastSS.scr
2015-03-21 13:17 - 2015-03-21 13:17 - 05475064 _____ (Avast Software s.r.o.) C:\Users\Silverfox\Downloads\avast_free_antivirus_setup_online_10_2_2214.exe
2015-03-21 13:17 - 2015-03-21 13:17 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-03-21 11:21 - 2015-03-21 11:21 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-21 11:19 - 2015-03-21 11:19 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Silverfox\Desktop\mbam-setup-2.1.4.1018.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2018-08-26 23:11 - 2012-06-02 07:33 - 00132165 _____ () C:\windows\system32\slmgr.vbs
2015-03-25 19:00 - 2012-07-25 23:53 - 00000000 ____D () C:\windows\system32\sru
2015-03-25 18:33 - 2013-11-29 21:50 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-25 18:33 - 2012-07-25 23:04 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-03-25 18:10 - 2013-11-29 21:48 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-24 22:32 - 2013-11-29 21:50 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-24 19:59 - 2012-07-25 23:53 - 00000000 ____D () C:\windows\Microsoft.NET
2015-03-24 17:58 - 2013-11-29 13:31 - 00607340 _____ () C:\windows\PFRO.log
2015-03-23 23:18 - 2014-09-26 18:30 - 00000000 ____D () C:\Users\Silverfox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-03-23 23:12 - 2013-11-29 21:46 - 00848230 _____ () C:\windows\system32\PerfStringBackup.INI
2015-03-23 23:00 - 2015-01-31 00:48 - 00000000 ____D () C:\Users\Silverfox\AppData\Roaming\MixMeister Technology
2015-03-23 23:00 - 2015-01-31 00:48 - 00000000 ____D () C:\Program Files\MixMeister Studio
2015-03-22 13:12 - 2013-12-28 11:32 - 00000000 ____D () C:\Users\Silverfox\AppData\Roaming\vlc
2015-03-22 02:45 - 2012-07-25 23:03 - 00054256 _____ () C:\windows\setupact.log
2015-03-21 17:37 - 2013-11-29 21:56 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-21 16:59 - 2012-07-25 23:53 - 00000000 ____D () C:\windows\Vss
2015-03-21 13:07 - 2013-12-30 18:56 - 00000000 ____D () C:\Users\Silverfox\Documents\Install
2015-03-21 13:07 - 2012-07-25 23:53 - 00000000 ____D () C:\windows\Branding
2015-03-21 11:50 - 2012-07-25 23:53 - 00000000 ____D () C:\windows\Help
2015-03-21 11:49 - 2012-07-25 21:17 - 00262144 ___SH () C:\windows\system32\config\BBI
2015-03-14 11:31 - 2014-12-20 10:23 - 00001972 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2015-03-14 11:31 - 2014-12-20 10:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-03-14 11:31 - 2013-12-31 16:23 - 00200638 _____ () C:\windows\DPINST.LOG
2015-03-14 11:30 - 2014-12-20 10:23 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information

==================== Files in the root of some directories =======

2014-12-20 20:18 - 2014-12-20 20:22 - 28488056 _____ (Sony Mobile Communications                                  ) C:\Users\Silverfox\AppData\Local\pcc.exe
2014-09-26 19:15 - 2014-09-27 12:50 - 0007597 _____ () C:\Users\Silverfox\AppData\Local\resmon.resmoncfg

Some content of TEMP:
====================
C:\Users\Silverfox\AppData\Local\Temp\avgnt.exe
C:\Users\Silverfox\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprjsytt.dll
C:\Users\Silverfox\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
C:\Users\Silverfox\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Silverfox\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Silverfox\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Silverfox\AppData\Local\Temp\MouseKeyboardCenterx86_1033.exe
C:\Users\Silverfox\AppData\Local\Temp\Quarantine.exe
C:\Users\Silverfox\AppData\Local\Temp\setup_3.2.20.exe
C:\Users\Silverfox\AppData\Local\Temp\sqlite3.dll
C:\Users\Silverfox\AppData\Local\Temp\uttB7CA.tmp.exe
C:\Users\Silverfox\AppData\Local\Temp\YTDUninst.exe
C:\Users\Silverfox\AppData\Local\Temp\ytd_bu10_setup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-24 18:24

==================== End Of Log ============================

 

ADDITION log

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by Silverfox at 2015-03-25 19:12:46
Running from C:\Users\Silverfox\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3267236624-799216426-3129378542-1001\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.2.2214 - AVAST Software)
Convert MP4 to MP3 (HKLM\...\{5067397A-2935-4290-AE14-1BE2863B00A3}_is1) (Version:  - ConvertMP4toMP3.com)
Elevated Installer (Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM\...\{855d8086-4275-4bd3-a7a8-b44da3a56d7a}) (Version: 3.2.27.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 36.0.4 (x86 en-US) (HKLM\...\Mozilla Firefox 36.0.4 (x86 en-US)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Sony Mobile Update Engine (HKLM\...\Update Engine) (Version: 2.14.17.201412121559 - Sony Mobile Communications Inc.)
Sony PC Companion 2.10.251 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.251 - Sony)
Steam (HKLM\...\Steam) (Version:  - Valve Corporation)
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3267236624-799216426-3129378542-1001_Classes\CLSID\{b2b568c8-3712-4a75-b806-4b3c2fdb06d5}\localserver32 -> C:\Users\Silverfox\AppData\Local\Temp\{e9513610-f218-4dda-b954-2c7e6ba7cabb}\IDriver.NonElevated.exe (Macrovision Corporation)

==================== Restore Points  =========================

20-03-2015 19:07:46 Scheduled Checkpoint
23-03-2015 22:55:21 Removed GEAR 32bit Driver Installer

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-25 21:17 - 2012-07-25 21:17 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {19AA4FD9-1116-482D-89EB-6CB72D710240} - System32\Tasks\WPD\SqmUpload_S-1-5-21-3267236624-799216426-3129378542-1001
Task: {1E84DCB8-8C84-4436-A108-209A65086823} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask
Task: {1F706E2D-6195-473C-B103-39FAA724D72B} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Uploader
Task: {2D77B0CB-DE07-4328-9B79-0B88B2F20C73} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent
Task: {38FBD8C6-6C6D-4B5C-985B-4ACE4DF6E2F6} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector
Task: {40EE95A0-9690-468F-B421-56F8158C72E5} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: {4346C170-5A59-4935-8ED4-9ED4FABF6E03} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {4F896B01-F28F-4966-A220-61E8F0F2C317} - System32\Tasks\avast! Emergency Update => E:\AVAST Software\Avast\AvastEmUpdate.exe [2015-03-21] (Avast Software s.r.o.)
Task: {56F59500-C4D1-4720-859F-13B4998AA792} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask
Task: {600CBAC8-F824-4925-BE23-69B0D808CBB9} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater
Task: {699AF4D3-98F6-4407-B08C-9B1742B37115} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-12-31] ()
Task: {70F85AB3-66C5-44E8-A831-6008BE83AE72} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator
Task: {895FE873-49D1-42CA-B35B-E873C1361468} - \Optimize Start Menu Cache Files-S-1-5-21-3267236624-799216426-3129378542-1001 No Task File <==== ATTENTION
Task: {8E6052DF-75F9-4690-A5F1-1605187EE91D} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver
Task: {99768757-32DC-4E02-BE1E-2FE4783695EE} - System32\Tasks\Microsoft\Windows\WS\License Validation
Task: {A86177DB-DAE1-4380-A4F6-99F5DABE66D9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-11-29] (Google Inc.)
Task: {B7BF53D1-DE70-441A-B513-5CF062681D28} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-11-29] (Google Inc.)
Task: {D1759810-05BD-4346-BA4F-544834D399FA} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {DF2D6074-8317-4050-890F-116E54CFAAD9} - System32\Tasks\Microsoft\Windows\Autochk\Proxy

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2015-03-21 13:23 - 2015-03-21 13:23 - 00104400 _____ () E:\AVAST Software\Avast\log.dll
2015-03-21 13:23 - 2015-03-21 13:23 - 00081728 _____ () E:\AVAST Software\Avast\JsonRpcServer.dll
2015-03-25 18:13 - 2015-03-25 18:13 - 02923008 _____ () E:\AVAST Software\Avast\defs\15032500\algo.dll
2015-03-21 13:23 - 2015-03-21 13:23 - 40540672 _____ () E:\AVAST Software\Avast\libcef.dll
2014-12-20 10:23 - 2012-04-30 10:57 - 00039936 _____ () C:\Program Files\Sony\Sony PC Companion\TMonitorAPI.dll
2014-12-20 10:23 - 2014-12-04 14:18 - 00241152 _____ () C:\Program Files\Sony\Sony PC Companion\MExplorer.dll
2011-07-07 15:54 - 2011-07-07 15:54 - 00233984 _____ () C:\Program Files\Sony\Sony PC Companion\Report.dll
2014-12-20 10:23 - 2013-05-20 11:58 - 00620718 _____ () C:\Program Files\Sony\Sony PC Companion\sqlite3.dll
2014-12-20 10:23 - 2010-01-11 15:44 - 00053248 _____ () C:\Program Files\Sony\Sony PC Companion\VObject.dll
2014-11-21 13:31 - 2014-11-21 13:31 - 00663040 _____ () C:\Program Files\Sony\Sony PC Companion\PhoneUpdate.dll
2014-12-20 10:23 - 2014-06-23 08:07 - 00113376 _____ () C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
2015-03-21 13:23 - 2015-03-21 13:23 - 01359872 _____ () E:\AVAST Software\Avast\libglesv2.dll
2015-03-21 13:23 - 2015-03-21 13:23 - 00212992 _____ () E:\AVAST Software\Avast\libegl.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3267236624-799216426-3129378542-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Silverfox\Pictures\redirect.jpg
DNS Servers: 91.194.254.105 - 8.8.8.8

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run: => "YTDownloader"
HKU\S-1-5-21-3267236624-799216426-3129378542-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-3267236624-799216426-3129378542-1001\...\StartupApproved\Run: => "GarminExpressTrayApp"

==================== Accounts: =============================

Administrator (S-1-5-21-3267236624-799216426-3129378542-500 - Administrator - Disabled)
Guest (S-1-5-21-3267236624-799216426-3129378542-501 - Limited - Disabled)
Silverfox (S-1-5-21-3267236624-799216426-3129378542-1001 - Administrator - Enabled) => C:\Users\Silverfox

==================== Faulty Device Manager Devices =============

Name: Fingerprint Sensor
Description: Fingerprint Sensor
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (03/25/2015 07:12:54 PM) (Source: DCOM) (EventID: 10010) (User: Prashant)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (03/25/2015 07:12:24 PM) (Source: DCOM) (EventID: 10010) (User: Prashant)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (03/25/2015 07:11:54 PM) (Source: DCOM) (EventID: 10010) (User: Prashant)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (03/25/2015 07:11:24 PM) (Source: DCOM) (EventID: 10010) (User: Prashant)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel® Core™ i7 CPU M 640 @ 2.80GHz
Percentage of memory in use: 32%
Total physical RAM: 3056.42 MB
Available physical RAM: 2054.92 MB
Total Pagefile: 3568.42 MB
Available Pagefile: 2462.22 MB
Total Virtual: 2047.88 MB
Available Virtual: 1892.97 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:29.3 GB) (Free:11.01 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (OSDisk) (Fixed) (Total:298.09 GB) (Free:24.67 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: () (Fixed) (Total:902.21 GB) (Free:439.97 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: D4E68D62)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C8B9A29A)
Partition 1: (Active) - (Size=29.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=902.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

 

Thank you!



#7 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,875 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:28 PM

Posted 25 March 2015 - 03:30 PM

Hey,
Well done. :)

Step 1: FRST Fix
  • Please open Notepad.exe. Make sure that you don't use any other software than Notepad.exe!
  • Copy and Paste the content of the codebox below into the empty textfile:

    HKU\S-1-5-21-3267236624-799216426-3129378542-1001\...\MountPoints2: {9355166a-88be-11e4-b0d5-e89d87f11832} - "G:\startme.exe"
    HKU\S-1-5-21-3267236624-799216426-3129378542-1001\...\MountPoints2: {ce387a36-a161-11e3-afc4-e89d87f11832} - "I:\sources\SetupError.exe" x64
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    FF NetworkProxy: "backup.ftp", ""
    FF NetworkProxy: "backup.ftp_port", 0
    FF NetworkProxy: "backup.socks", ""
    FF NetworkProxy: "backup.socks_port", 0
    FF NetworkProxy: "backup.ssl", ""
    FF NetworkProxy: "backup.ssl_port", 0
    FF NetworkProxy: "ftp", "proxy.eskom.co.za"
    FF NetworkProxy: "ftp_port", 8080
    FF NetworkProxy: "http", "proxy.eskom.co.za"
    FF NetworkProxy: "http_port", 8080
    FF NetworkProxy: "share_proxy_settings", true
    FF NetworkProxy: "socks", "proxy.eskom.co.za"
    FF NetworkProxy: "socks_port", 8080
    FF NetworkProxy: "ssl", "proxy.eskom.co.za"
    FF NetworkProxy: "ssl_port", 8080
    FF NetworkProxy: "type", 0
    Task: {40EE95A0-9690-468F-B421-56F8158C72E5} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
    Task: {4346C170-5A59-4935-8ED4-9ED4FABF6E03} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
    EmptyTemp:
  • Then click on File >> Save as
    • File Name: Fixlist.txt
    • From the Save as type drop down list, choose All Files
  • It is very important that you save this textfile on your Desktop!
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe (Note: If FRST advises there is a new updated version to be downloaded, allow this.)and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Step 2: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Step 3: ESET

Please run a free online scan with the ESET Online Scanner:

IMPORTANT: You MUST use Internet Explorer for this step!
  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.
Step 4: Question

How is your PC running?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#8 Silverfox123

Silverfox123
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:28 PM

Posted 26 March 2015 - 01:38 PM

Hey! i have run the scans as you said. Step 4, though im not sure if you are asking how my system is or how i run my system. It seems to be running the same to be honest every now and then malwarebytes still blocks outbound traffic from 91.194.254.105 - so i feel like the problem is still there and we still get pop ups when you use our browsers. Although the ESET found a few things which we never found before.

 

Step 1

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by Silverfox at 2015-03-26 15:26:48 Run:1
Running from C:\Users\Silverfox\Desktop
Loaded Profiles: Silverfox &  (Available profiles: Silverfox)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-3267236624-799216426-3129378542-1001\...\MountPoints2: {9355166a-88be-11e4-b0d5-e89d87f11832} - "G:\startme.exe"
HKU\S-1-5-21-3267236624-799216426-3129378542-1001\...\MountPoints2: {ce387a36-a161-11e3-afc4-e89d87f11832} - "I:\sources\SetupError.exe" x64
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF NetworkProxy: "backup.ftp", ""
FF NetworkProxy: "backup.ftp_port", 0
FF NetworkProxy: "backup.socks", ""
FF NetworkProxy: "backup.socks_port", 0
FF NetworkProxy: "backup.ssl", ""
FF NetworkProxy: "backup.ssl_port", 0
FF NetworkProxy: "ftp", "proxy.eskom.co.za"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "proxy.eskom.co.za"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "proxy.eskom.co.za"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "proxy.eskom.co.za"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 0
Task: {40EE95A0-9690-468F-B421-56F8158C72E5} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: {4346C170-5A59-4935-8ED4-9ED4FABF6E03} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
EmptyTemp:
*****************

"HKU\S-1-5-21-3267236624-799216426-3129378542-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9355166a-88be-11e4-b0d5-e89d87f11832}" => Key deleted successfully.
HKCR\CLSID\{9355166a-88be-11e4-b0d5-e89d87f11832} => Key not found.
"HKU\S-1-5-21-3267236624-799216426-3129378542-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce387a36-a161-11e3-afc4-e89d87f11832}" => Key deleted successfully.
HKCR\CLSID\{ce387a36-a161-11e3-afc4-e89d87f11832} => Key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{40EE95A0-9690-468F-B421-56F8158C72E5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{40EE95A0-9690-468F-B421-56F8158C72E5}" => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Multimedia\SMupdate3" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4346C170-5A59-4935-8ED4-9ED4FABF6E03}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4346C170-5A59-4935-8ED4-9ED4FABF6E03}" => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\SMupdate2" => Key deleted successfully.
EmptyTemp: => Removed 1.5 GB temporary data.


The system needed a reboot.

==== End of Fixlog 15:27:41 ====

 

STEP 2

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Silverfox (administrator) on PRASHANT on 26-03-2015 15:33:57
Running from C:\Users\Silverfox\Desktop
Loaded Profiles: Silverfox (Available profiles: Silverfox)
Platform: Microsoft Windows 8 Enterprise (X86) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o.) E:\AVAST Software\Avast\AvastSvc.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Avast Software) E:\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Avast Software s.r.o.) E:\AVAST Software\Avast\avastui.exe
(Sony) C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
() C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
(Avast Software s.r.o.) E:\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MouseDriver] => C:\windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Pixart Imaging Inc)
HKLM\...\Run: [AvastUI.exe] => E:\AVAST Software\Avast\AvastUI.exe [5511352 2015-03-21] (Avast Software s.r.o.)
HKLM\...\Run: [Malwarebytes Anti-Exploit] => E:\Malwarebytes Anti-Exploit\mbae.exe
HKU\S-1-5-21-3267236624-799216426-3129378542-1001\...\Run: [uTorrent] => C:\Users\Silverfox\AppData\Roaming\uTorrent\uTorrent.exe [1385808 2014-12-24] (BitTorrent Inc.)
HKU\S-1-5-21-3267236624-799216426-3129378542-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-3267236624-799216426-3129378542-1001\...\Run: [Sony PC Companion] => C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [466144 2014-11-27] (Sony)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => E:\AVAST Software\Avast\ashShell.dll (Avast Software s.r.o.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3267236624-799216426-3129378542-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.howzit.msn.com/?rd=1&ucc=ZA&dcc=ZA&opt=0
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> E:\AVAST Software\Avast\aswWebRepIE.dll [2015-03-21] (Avast Software s.r.o.)
Tcpip\Parameters: [DhcpNameServer] 91.194.254.105 8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\Silverfox\AppData\Roaming\Mozilla\Firefox\Profiles\cknto12n.default
FF Homepage: https://www.google.co.za/
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> E:\VLC\npvlc.dll [2013-12-08] (VideoLAN)
FF Extension: YouTube Video and Audio Downloader - C:\Users\Silverfox\AppData\Roaming\Mozilla\Firefox\Profiles\cknto12n.default\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2014-04-13]
FF Extension: Personas Plus - C:\Users\Silverfox\AppData\Roaming\Mozilla\Firefox\Profiles\cknto12n.default\Extensions\personas@christopher.beard.xpi [2013-11-29]
FF Extension: FastestFox - C:\Users\Silverfox\AppData\Roaming\Mozilla\Firefox\Profiles\cknto12n.default\Extensions\smarterwiki@wikiatic.com.xpi [2013-11-29]
FF Extension: Soundcloud SUPER +2: Downloader and Recommender - C:\Users\Silverfox\AppData\Roaming\Mozilla\Firefox\Profiles\cknto12n.default\Extensions\{988da70d-b78d-44a1-a9c7-ed11832a9e2e}.xpi [2014-04-13]
FF Extension: StumbleUpon - C:\Users\Silverfox\AppData\Roaming\Mozilla\Firefox\Profiles\cknto12n.default\Extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi [2014-04-13]
FF Extension: Video DownloadHelper - C:\Users\Silverfox\AppData\Roaming\Mozilla\Firefox\Profiles\cknto12n.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-23]
FF Extension: DownThemAll! - C:\Users\Silverfox\AppData\Roaming\Mozilla\Firefox\Profiles\cknto12n.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-11-29]
FF Extension: Greasemonkey - C:\Users\Silverfox\AppData\Roaming\Mozilla\Firefox\Profiles\cknto12n.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-11-29]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - E:\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - E:\AVAST Software\Avast\WebRep\FF [2015-03-21]

Chrome:
=======
CHR Profile: C:\Users\Silverfox\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Silverfox\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-29]
CHR Extension: (Google Drive) - C:\Users\Silverfox\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-29]
CHR Extension: (YouTube) - C:\Users\Silverfox\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-29]
CHR Extension: (Google Search) - C:\Users\Silverfox\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-29]
CHR Extension: (Google Wallet) - C:\Users\Silverfox\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-29]
CHR Extension: (Gmail) - C:\Users\Silverfox\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-29]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - E:\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-21]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; E:\AVAST Software\Avast\AvastSvc.exe [343336 2015-03-21] (Avast Software s.r.o.)
R3 AvastVBoxSvc; E:\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3205216 2015-03-21] (Avast Software)
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451416 2014-12-31] (Garmin Ltd or its subsidiaries)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13864 2012-07-25] (Microsoft Corporation)
S2 SLSvc; C:\windows\sppsvc.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\windows\system32\drivers\aswHwid.sys [24144 2015-03-21] ()
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [73440 2015-03-21] (Avast Software s.r.o.)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [81728 2015-03-21] (Avast Software s.r.o.)
R0 aswRvrt; C:\windows\system32\Drivers\aswRvrt.sys [49904 2015-03-21] ()
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [788272 2015-03-21] (Avast Software s.r.o.)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [427480 2015-03-21] (Avast Software s.r.o.)
R2 aswStm; C:\windows\system32\drivers\aswStm.sys [106912 2015-03-21] (Avast Software s.r.o.)
R0 aswVmm; C:\windows\system32\Drivers\aswVmm.sys [206976 2015-03-21] ()
R1 BasicRender; C:\windows\System32\drivers\BasicRender.sys [24576 2012-07-25] (Microsoft Corporation)
S3 ggsomc; C:\windows\System32\drivers\ggsomc.sys [26328 2014-12-20] (Sony Mobile Communications)
S3 HTCAND32; C:\windows\System32\Drivers\ANDROIDUSB.sys [25088 2009-10-27] (HTC, Corporation) [File not signed]
S3 HtcVCom32; C:\windows\system32\DRIVERS\HtcVComV32.sys [105984 2009-10-27] (QUALCOMM Incorporated) [File not signed]
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-03-26] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation)
R3 NETwNs32; C:\windows\system32\DRIVERS\NETwNs32.sys [7518208 2012-06-02] (Intel Corporation)
R3 rixdpcie; C:\windows\System32\drivers\rixdpe86.sys [46080 2012-10-15] (REDC)
R3 Thotkey; C:\windows\System32\drivers\Thotkey.sys [25560 2012-08-02] (Windows ® Win 7 DDK provider)
R3 t_mouse.sys; C:\windows\system32\DRIVERS\t_mouse.sys [5120 2012-12-19] ()
R2 VBoxAswDrv; E:\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220240 2015-03-21] (Avast Software)
R3 WUDFWpdMtp; C:\windows\system32\DRIVERS\WUDFRd.sys [155136 2012-07-25] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-25 19:17 - 2015-03-25 19:17 - 00029355 _____ () C:\Users\Silverfox\Desktop\mal2.txt
2015-03-25 19:17 - 2015-03-25 19:17 - 00001044 _____ () C:\Users\Silverfox\Desktop\mal1.txt
2015-03-25 19:12 - 2015-03-26 15:33 - 00010823 _____ () C:\Users\Silverfox\Desktop\FRST.txt
2015-03-25 19:12 - 2015-03-25 19:12 - 00012933 _____ () C:\Users\Silverfox\Desktop\Addition.txt
2015-03-25 19:10 - 2015-03-25 19:10 - 00002208 _____ () C:\Users\Silverfox\Desktop\JRT.txt
2015-03-25 19:05 - 2015-03-25 19:05 - 00001052 _____ () C:\Users\Silverfox\Desktop\malwarebytes.txt
2015-03-25 18:40 - 2015-03-26 15:32 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-25 18:40 - 2015-03-25 18:40 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-25 18:40 - 2015-03-25 18:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-25 18:40 - 2015-03-25 18:40 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-03-25 18:40 - 2015-03-17 06:15 - 00092888 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-03-25 18:40 - 2015-03-17 06:15 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-03-25 18:40 - 2015-03-17 06:15 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-03-25 18:34 - 2015-03-25 18:34 - 00003703 _____ () C:\Users\Silverfox\Desktop\AdwCleaner[S0].txt
2015-03-25 18:25 - 2015-03-25 18:28 - 00000000 ____D () C:\AdwCleaner
2015-03-25 18:25 - 2015-03-25 18:22 - 01388782 _____ (Thisisu) C:\Users\Silverfox\Desktop\JRT.exe
2015-03-25 18:25 - 2015-03-25 18:19 - 02168320 _____ () C:\Users\Silverfox\Desktop\AdwCleaner.exe
2015-03-25 18:22 - 2015-03-25 18:22 - 01388782 _____ (Thisisu) C:\Users\Silverfox\Downloads\JRT.exe
2015-03-25 18:19 - 2015-03-25 18:19 - 02168320 _____ () C:\Users\Silverfox\Downloads\AdwCleaner.exe
2015-03-24 18:30 - 2015-03-24 22:45 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2015-03-24 18:29 - 2015-03-24 18:29 - 02967032 _____ (Malwarebytes ) C:\Users\Silverfox\Downloads\mbae-setup.exe
2015-03-24 18:06 - 2015-03-24 18:06 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-23 23:40 - 2015-03-23 23:40 - 00023024 _____ () C:\Users\Silverfox\Downloads\Addition.txt
2015-03-23 23:39 - 2015-03-23 23:40 - 00021891 _____ () C:\Users\Silverfox\Downloads\FRST.txt
2015-03-23 23:38 - 2015-03-26 15:33 - 00000000 ____D () C:\FRST
2015-03-23 23:38 - 2015-03-23 23:38 - 01135104 _____ (Farbar) C:\Users\Silverfox\Desktop\FRST.exe
2015-03-23 23:18 - 2015-03-23 23:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-22 02:45 - 2015-03-21 00:05 - 00074514 _____ () C:\Users\Silverfox\Desktop\50 foolish tracks of EDM 20-03-2015 21-24.mmp
2015-03-21 13:37 - 2015-03-23 23:01 - 00000000 ____D () C:\Users\Silverfox\AppData\Roaming\Dropbox
2015-03-21 13:26 - 2015-03-21 13:26 - 00000000 ____D () C:\Users\Silverfox\AppData\Roaming\AVAST Software
2015-03-21 13:25 - 2015-03-21 13:25 - 00000000 ____D () C:\windows\system32\vbox
2015-03-21 13:24 - 2015-03-21 13:24 - 00000822 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-03-21 13:24 - 2015-03-21 13:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-03-21 13:24 - 2015-03-21 13:23 - 00788272 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswSnx.sys
2015-03-21 13:24 - 2015-03-21 13:23 - 00427480 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswSP.sys
2015-03-21 13:24 - 2015-03-21 13:23 - 00291312 _____ (Avast Software s.r.o.) C:\windows\system32\aswBoot.exe
2015-03-21 13:24 - 2015-03-21 13:23 - 00206976 _____ () C:\windows\system32\Drivers\aswVmm.sys
2015-03-21 13:24 - 2015-03-21 13:23 - 00106912 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswStm.sys
2015-03-21 13:24 - 2015-03-21 13:23 - 00081728 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswRdr2.sys
2015-03-21 13:24 - 2015-03-21 13:23 - 00073440 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswMonFlt.sys
2015-03-21 13:24 - 2015-03-21 13:23 - 00049904 _____ () C:\windows\system32\Drivers\aswRvrt.sys
2015-03-21 13:24 - 2015-03-21 13:23 - 00024144 _____ () C:\windows\system32\Drivers\aswHwid.sys
2015-03-21 13:23 - 2015-03-21 13:23 - 00043112 _____ (Avast Software s.r.o.) C:\windows\avastSS.scr
2015-03-21 13:17 - 2015-03-21 13:17 - 05475064 _____ (Avast Software s.r.o.) C:\Users\Silverfox\Downloads\avast_free_antivirus_setup_online_10_2_2214.exe
2015-03-21 13:17 - 2015-03-21 13:17 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-03-21 11:21 - 2015-03-21 11:21 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-21 11:19 - 2015-03-21 11:19 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Silverfox\Desktop\mbam-setup-2.1.4.1018.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2018-08-26 23:11 - 2012-06-02 07:33 - 00132165 _____ () C:\windows\system32\slmgr.vbs
2015-03-26 15:33 - 2013-11-29 21:50 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-26 15:31 - 2013-11-29 21:50 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-26 15:31 - 2012-07-25 23:04 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-03-26 01:00 - 2012-07-25 23:53 - 00000000 ____D () C:\windows\system32\sru
2015-03-25 22:36 - 2013-11-29 13:31 - 00607704 _____ () C:\windows\PFRO.log
2015-03-25 18:10 - 2013-11-29 21:48 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-25 18:00 - 2012-07-25 23:53 - 00000000 ____D () C:\windows\Microsoft.NET
2015-03-23 23:18 - 2014-09-26 18:30 - 00000000 ____D () C:\Users\Silverfox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-03-23 23:12 - 2013-11-29 21:46 - 00848230 _____ () C:\windows\system32\PerfStringBackup.INI
2015-03-23 23:00 - 2015-01-31 00:48 - 00000000 ____D () C:\Users\Silverfox\AppData\Roaming\MixMeister Technology
2015-03-23 23:00 - 2015-01-31 00:48 - 00000000 ____D () C:\Program Files\MixMeister Studio
2015-03-22 13:12 - 2013-12-28 11:32 - 00000000 ____D () C:\Users\Silverfox\AppData\Roaming\vlc
2015-03-22 02:45 - 2012-07-25 23:03 - 00054256 _____ () C:\windows\setupact.log
2015-03-21 17:37 - 2013-11-29 21:56 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-21 16:59 - 2012-07-25 23:53 - 00000000 ____D () C:\windows\Vss
2015-03-21 13:07 - 2013-12-30 18:56 - 00000000 ____D () C:\Users\Silverfox\Documents\Install
2015-03-21 13:07 - 2012-07-25 23:53 - 00000000 ____D () C:\windows\Branding
2015-03-21 11:50 - 2012-07-25 23:53 - 00000000 ____D () C:\windows\Help
2015-03-21 11:49 - 2012-07-25 21:17 - 00262144 ___SH () C:\windows\system32\config\BBI
2015-03-14 11:31 - 2014-12-20 10:23 - 00001972 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2015-03-14 11:31 - 2014-12-20 10:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-03-14 11:31 - 2013-12-31 16:23 - 00200638 _____ () C:\windows\DPINST.LOG
2015-03-14 11:30 - 2014-12-20 10:23 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information

==================== Files in the root of some directories =======

2014-12-20 20:18 - 2014-12-20 20:22 - 28488056 _____ (Sony Mobile Communications                                  ) C:\Users\Silverfox\AppData\Local\pcc.exe
2014-09-26 19:15 - 2014-09-27 12:50 - 0007597 _____ () C:\Users\Silverfox\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-24 18:24

==================== End Of Log ============================

 

STEP 3

 

C:\AdwCleaner\Quarantine\C\Program Files\Conduit\CT3289075\plugins\TBVerifier.dll.vir    a variant of Win32/Toolbar.Conduit.AM potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Silverfox\AppData\Local\Conduit\Chrome\CT3289075\CHUninstaller.exe.vir    a variant of Win32/Conduit.SearchProtect.N potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Silverfox\AppData\Local\Conduit\Chrome\CT3289075\UninstallerUI.exe.vir    a variant of Win32/Toolbar.Conduit.AJ potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Silverfox\AppData\Local\NativeMessaging\CT3289075\1_0_0_4\TBMessagingHost.exe.vir    Win32/Toolbar.Conduit.AH potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Silverfox\AppData\Local\NativeMessaging\CT3289075\1_0_0_6\TBMessagingHost.exe.vir    a variant of Win32/Toolbar.Conduit.AH potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Silverfox\AppData\Local\NativeMessaging\CT3289075\1_0_0_7\TBMessagingHost.exe.vir    a variant of Win32/Toolbar.Conduit.AH potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Silverfox\AppData\Local\NativeMessaging\CT3289075\1_0_0_9\TBMessagingHost.exe.vir    Win32/Toolbar.Conduit.AH potentially unwanted application    deleted - quarantined
C:\Program Files\Common Files\System\SysMenu.dll    a variant of Win32/SBWatchman.D potentially unwanted application    deleted - quarantined
 

 

STEP 4

 

Do you wish to know if there have been changes or how i run this system?

 

Thank you!



#9 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,875 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:28 PM

Posted 26 March 2015 - 03:25 PM

I'm asking if you still have issues with your PC? Still redirects? Still adds?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#10 Silverfox123

Silverfox123
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:28 PM

Posted 26 March 2015 - 03:40 PM

Actually no! I havent fully tested it out (like i havent been to any dodgy websites) however it seems to be fine now. Thank you!

 

However this thing seems to still be attacking my room mates computer as well as our phones, do i do the same thing for those devices as well? how do I do these checks for mobile devices? Would you bne able to help in this regard? Is there a specific file or set of files we need to get rid of?



#11 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,875 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:28 PM

Posted 26 March 2015 - 04:08 PM

Do a Router reset.

Then run this on your system:

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#12 Silverfox123

Silverfox123
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:28 PM

Posted 27 March 2015 - 09:36 AM

Hey!

 

Please find included the minitoolbox results:

 

MiniToolBox by Farbar  Version: 09-03-2015
Ran by Silverfox (administrator) on 27-03-2015 at 16:35:10
Running from "C:\Users\Silverfox\Desktop"
Microsoft Windows 8 Enterprise  (X86)
Model: TECRA S11 Manufacturer: TOSHIBA
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Intel® 82577LM Gigabit Network Connection = Ethernet (Connected)
Intel® Centrino® Advanced-N 6200 AGN = Wi-Fi (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 9" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Prashant
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wi-Fi:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel® Centrino® Advanced-N 6200 AGN
   Physical Address. . . . . . . . . : 18-3D-A2-AC-B0-58
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel® 82577LM Gigabit Network Connection
   Physical Address. . . . . . . . . : E8-9D-87-F1-18-32
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::d034:a56d:5f4a:4c72%12(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.9(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Friday, March 27, 2015 4:30:43 PM
   Lease Expires . . . . . . . . . . : Monday, March 30, 2015 4:30:43 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 266902919
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-2A-B2-76-E8-9D-87-F1-18-32
   DNS Servers . . . . . . . . . . . : 91.194.254.105
                                       8.8.8.8
   NetBIOS over Tcpip. . . . . . . . : Enabled
Server:  UnKnown
Address:  91.194.254.105


Pinging google.com [216.58.223.14] with 32 bytes of data:
Reply from 216.58.223.14: bytes=32 time=8ms TTL=56
Reply from 216.58.223.14: bytes=32 time=8ms TTL=56

Ping statistics for 216.58.223.14:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 8ms, Maximum = 8ms, Average = 8ms
Server:  UnKnown
Address:  91.194.254.105


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=355ms TTL=48
Reply from 98.139.183.24: bytes=32 time=317ms TTL=48

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 317ms, Maximum = 355ms, Average = 336ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 13...18 3d a2 ac b0 58 ......Intel® Centrino® Advanced-N 6200 AGN
 12...e8 9d 87 f1 18 32 ......Intel® 82577LM Gigabit Network Connection
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.9     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.9    276
      192.168.1.9  255.255.255.255         On-link       192.168.1.9    276
    192.168.1.255  255.255.255.255         On-link       192.168.1.9    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.9    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.9    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 12    276 fe80::/64                On-link
 12    276 fe80::d034:a56d:5f4a:4c72/128
                                    On-link
  1    306 ff00::/8                 On-link
 12    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\windows\system32\pnrpnsp.dll [67584] (Microsoft Corporation)
Catalog5 03 C:\windows\system32\pnrpnsp.dll [67584] (Microsoft Corporation)
Catalog5 04 C:\windows\system32\NLAapi.dll [55296] (Microsoft Corporation)
Catalog5 05 C:\windows\system32\mswsock.dll [289280] (Microsoft Corporation)
Catalog5 06 C:\windows\system32\winrnr.dll [21504] (Microsoft Corporation)
Catalog9 01 C:\windows\system32\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 02 C:\windows\system32\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 03 C:\windows\system32\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 04 C:\windows\system32\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 05 C:\windows\system32\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 06 C:\windows\system32\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 07 C:\windows\system32\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 08 C:\windows\system32\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 09 C:\windows\system32\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 10 C:\windows\system32\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 11 C:\windows\system32\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 12 C:\windows\system32\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 13 C:\windows\system32\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 14 C:\windows\system32\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 15 C:\windows\system32\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 16 C:\windows\system32\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 17 C:\windows\system32\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 18 C:\windows\system32\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 19 C:\windows\system32\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 20 C:\windows\system32\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 21 C:\windows\system32\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 22 C:\windows\system32\mswsock.dll [289280] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/27/2015 04:35:06 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (03/25/2015 08:00:06 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005


System errors:
=============
Error: (03/27/2015 04:31:10 PM) (Source: Service Control Manager) (User: )
Description: The Software Protection service failed to start due to the following error:
%%2

Error: (03/27/2015 04:30:12 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (03/26/2015 10:29:00 PM) (Source: Service Control Manager) (User: )
Description: The Software Protection service failed to start due to the following error:
%%2

Error: (03/26/2015 10:28:16 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (03/26/2015 03:31:49 PM) (Source: Service Control Manager) (User: )
Description: The Software Protection service failed to start due to the following error:
%%2

Error: (03/26/2015 03:31:05 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (03/26/2015 03:22:22 PM) (Source: Service Control Manager) (User: )
Description: The Software Protection service failed to start due to the following error:
%%2

Error: (03/26/2015 03:21:39 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (03/25/2015 10:37:02 PM) (Source: Service Control Manager) (User: )
Description: The Software Protection service failed to start due to the following error:
%%2

Error: (03/25/2015 10:36:17 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
Description: 0xc000014d0


Microsoft Office Sessions:
=========================
Error: (03/27/2015 04:35:06 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (03/25/2015 08:00:06 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005


CodeIntegrity Errors:
===================================
  Date: 2015-03-27 16:30:21.660
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\smss.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\shell32.dll with signing level Unsigned while the system requires signing level Windows or better to load.

  Date: 2015-03-26 22:28:24.099
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\smss.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\shell32.dll with signing level Unsigned while the system requires signing level Windows or better to load.

  Date: 2015-03-26 15:31:14.677
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\smss.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\shell32.dll with signing level Unsigned while the system requires signing level Windows or better to load.

  Date: 2015-03-26 15:21:47.177
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\smss.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\shell32.dll with signing level Unsigned while the system requires signing level Windows or better to load.

  Date: 2015-03-25 22:36:24.349
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\smss.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\shell32.dll with signing level Unsigned while the system requires signing level Windows or better to load.



=========================== Installed Programs ============================
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.2.2214 - AVAST Software)
Convert MP4 to MP3 (HKLM\...\{5067397A-2935-4290-AE14-1BE2863B00A3}_is1) (Version:  - ConvertMP4toMP3.com)
Elevated Installer (Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Garmin Express (HKLM\...\{855d8086-4275-4bd3-a7a8-b44da3a56d7a}) (Version: 3.2.27.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Mozilla Firefox 36.0.4 (x86 en-US) (HKLM\...\Mozilla Firefox 36.0.4 (x86 en-US)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Sony Mobile Update Engine (HKLM\...\Update Engine) (Version: 2.14.17.201412121559 - Sony Mobile Communications Inc.)
Sony PC Companion 2.10.251 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.251 - Sony)
Steam (HKLM\...\Steam) (Version:  - Valve Corporation)
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

========================= Devices: ================================

Name: Fingerprint Sensor
Description: Fingerprint Sensor
Class Guid:
Manufacturer:
Service:
Device ID: USB\VID_08FF&PID_168B\6&AECB780&0&2
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


========================= Memory info: ===================================

Percentage of memory in use: 28%
Total physical RAM: 3056.42 MB
Available physical RAM: 2194 MB
Total Pagefile: 3568.42 MB
Available Pagefile: 2570.24 MB
Total Virtual: 2047.88 MB
Available Virtual: 1937.1 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:29.3 GB) (Free:13.17 GB) NTFS
2 Drive d: (OSDisk) (Fixed) (Total:298.09 GB) (Free:24.26 GB) NTFS
3 Drive e: () (Fixed) (Total:902.21 GB) (Free:287.94 GB) NTFS

========================= Users: ========================================

User accounts for \\PRASHANT

Administrator            Guest                    Silverfox                

========================= Minidump Files ==================================

No minidump file found


**** End of log ****
 



#13 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,875 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:28 PM

Posted 27 March 2015 - 12:29 PM

Still issues?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#14 Silverfox123

Silverfox123
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:28 PM

Posted 28 March 2015 - 08:31 AM

Hey there! Now that you mention it I have not had any pop ups! Well other than the malwarebytes blocking outbound access to 91.194.254.105 IP address, I am not sure what that is too. Also how do i ensure this doesn't happen again? All in all though thank you for the assistance! You have been a great help!



#15 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,875 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:28 PM

Posted 28 March 2015 - 08:42 AM

Please do a new FRST Scan and post the logs here.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users