Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Attempted browser changes/Dramatic Data Internet Usage


  • Please log in to reply
7 replies to this topic

#1 dudewithaclue

dudewithaclue

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 06 August 2015 - 11:39 AM

I have received multiple notifications that an attempt was made to change my Chrome browser settings and I have used 130 Gb of internet data in 5 days.

 

I have made multiple attempts to post my FRST and Addition texts to this forum but the Bleeping Computer Website keeps timing out and I receive an Error 524.

 

Adam has requested that I attach one file and try to post and then reply with the second file attached.

Attached Files

  • Attached File  FRST.txt   517.05KB   8 downloads


BC AdBot (Login to Remove)

 


#2 dudewithaclue

dudewithaclue
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 06 August 2015 - 11:41 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version:02-08-2015 01

Ran by Robert (2015-08-05 19:07:40)
Running from C:\Users\Robert\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1559428009-3516506085-3046359019-500 - Administrator - Disabled)
Guest (S-1-5-21-1559428009-3516506085-3046359019-501 - Limited - Disabled)
Robert (S-1-5-21-1559428009-3516506085-3046359019-1001 - Administrator - Enabled) => C:\Users\Robert
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\AmUStor) (Version: 20.26.3317.04170 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver  (x32 Version: 20.26.3317.04170 - Alcor Micro Corp.) Hidden
AMD Catalyst Install Manager (HKLM\...\{6B755ED9-C2D3-BFB1-7BFE-DDD01D088BC6}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden
Barn Yarn Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 3.0.2.59 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 6.30.223.232 - Broadcom Corporation)
Broadcom Bluetooth Drivers (HKLM\...\{0A1B4690-E176-4533-8058-939480AEE1D0}) (Version: 12.0.0.9850 - Broadcom Corporation)
Build-a-lot Mysteries (x32 Version: 3.0.2.51 - WildTangent) Hidden
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Citrix Online Launcher (HKLM-x32\...\{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}) (Version: 1.0.335 - Citrix)
Curse at Twilight (x32 Version: 3.0.2.51 - WildTangent) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.7.4023 - CyberLink Corp.)
CyberLink MediaEspresso 6.7 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.7.2.5214 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.2.5426 - CyberLink Corp.)
Cyberlink PhotoDirector (Version: 5.0.2.5426 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.7.4016 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.1.3004 - CyberLink Corp.)
CyberLink PowerDirector 12 (Version: 12.0.1.3004 - CyberLink Corp.) Hidden
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.4.4119 - CyberLink Corp.)
Delicious - Emily's Wonder Wedding Premium Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Evernote v. 5.3 (HKLM-x32\...\{E461B1AC-BC3C-11E3-B5B8-00163E98E7D6}) (Version: 5.3.0.3360 - Evernote Corp.)
Farm Frenzy (x32 Version: 3.0.2.59 - WildTangent) Hidden
Farmington Tales 2 - Winter Crop (x32 Version: 3.0.2.59 - WildTangent) Hidden
Fishdom 3: Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden
Fort Defense (x32 Version: 3.0.2.51 - WildTangent) Hidden
Foxit PhantomPDF (HKLM-x32\...\{00CD7D62-056A-4F0F-9143-44522D44E6DD}) (Version: 6.0.32.507 - Foxit Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.130 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Documentation (HKLM-x32\...\{4B4EDB7B-4F54-4B86-8A4A-E1C5803CA374}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7745.4851 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{7FE016CC-DAA9-4E21-BD2F-98390D1E6F3F}) (Version: 7.6.23.8 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6496.0 - IDT)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Jewel Match 3 (x32 Version: 3.0.2.59 - WildTangent) Hidden
Joining Hands 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden
Jo's Dream Organic Coffee 2 (x32 Version: 3.0.2.59 - WildTangent) Hidden
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
Lost in Reefs 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden
LUXOR Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Exploit version 1.07.1.1015 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.07.1.1015 - Malwarebytes)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 39.0 - Mozilla)
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 3.0.2.59 - WildTangent) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 3.0.2.59 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 3.0.2.51 - WildTangent) Hidden
Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.7316 - CyberLink Corp.) Hidden
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Solitaire Mystery Four Seasons (x32 Version: 3.0.2.51 - WildTangent) Hidden
Sparkle 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Viking Saga (x32 Version: 3.0.2.48 - WildTangent) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App for HP (x32 Version: 4.0.11.9 - WildTangent) Hidden
WinPatrol (HKLM-x32\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.6.2015.1 - Ruiware)
XnConvert 1.66 (HKLM\...\XnConvert_is1) (Version: 1.66 - Gougelet Pierre-e)
Youda Jewel Shop (x32 Version: 3.0.2.51 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
28-07-2015 12:48:33 JRT Pre-Junkware Removal
01-08-2015 11:24:25 JRT Pre-Junkware Removal
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {391279E7-3424-48CD-88D2-217A82F8A490} - System32\Tasks\HPCeeScheduleForRobert => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {3BEE14E9-D838-4C97-9A36-EEC3C3CBA75F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-07-21] (Hewlett-Packard)
Task: {5674D27F-AFEF-404B-8451-7B57B0870AEC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-06-03] (Hewlett-Packard Company)
Task: {56E6C08A-0373-4548-B37D-F815253847E6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-19] (Google Inc.)
Task: {5BB45712-E7F0-426C-8FDF-380FF2E57D6A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-06-03] (Hewlett-Packard Company)
Task: {7F9A81CF-5D9C-40E2-BFF6-B10F50615F38} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-07-03] (Microsoft Corporation)
Task: {A3C2F763-48D2-4F7C-B1A7-B2A967E39767} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {EB0E1030-A94C-4C5F-A0B4-872188057267} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-07-21] (Hewlett-Packard)
Task: {FBC3F569-57E1-4D44-95F7-227B008B0D2C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-19] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleForRobert.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-03-19 18:37 - 2014-04-14 18:59 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-02-07 10:37 - 2014-02-07 10:37 - 00098304 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingNet4.dll
2015-07-29 13:03 - 2015-07-25 01:46 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.125\libglesv2.dll
2015-07-29 13:03 - 2015-07-25 01:46 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.125\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Robert\OneDrive:ms-properties
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1559428009-3516506085-3046359019-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Robert\Pictures\My Best July 2015.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{764039DC-BFB1-4D46-9A12-35D5CA308919}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{8492704F-8038-43EF-A0F8-0B1F4A5F7DB8}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{B1FCF24E-1B4F-4C9D-B8D2-667968A46F85}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{551C738E-1168-4F54-95A2-96C3DE94E648}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{1EC251AA-760D-4AD9-8BDB-4B87D65F259D}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{AB427204-41D5-4A20-BA8E-3E80195CE798}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{83794BC5-EAB6-41BC-A594-1F204119114E}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{0D7FEB46-E742-4051-819E-614B5F0B225C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FF4C2807-EE80-4296-B070-247BE7D98F7E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{958B73F4-CC19-40BE-BD4E-5B173B701029}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D3300D8D-1DE3-4BA0-9EE3-08AA86FED818}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{44DADB96-D80D-4D52-BC74-E260AACA96CD}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{9F6C9110-C153-4D86-AC94-226C313D81FD}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{62924B91-518D-403A-8C0C-192D70466035}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{782593D7-FF25-4F08-ADD8-F5E97F681112}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{790FE569-2B39-47A5-82B2-A82292A60DB5}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{37841F7A-E29A-4C4A-B499-2AF199FC14A3}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{15CD6794-8BBD-464D-B45D-526565BC6C40}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FF323D9B-BE40-4B84-A2B4-52CA72692AFB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{15F185AF-1BD0-4D17-87DD-0EFE270B35DE}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{5FC5A3F2-F9BC-4C0D-9634-D50DD4FFA990}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/04/2015 03:20:23 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\windows\system32\mscoree.dll8
 
Error: (08/02/2015 10:16:59 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
 
Error: (07/28/2015 12:46:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 023893~1.EXE, version: 7.8.703.2, time stamp: 0x51f80503
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x676f7250
Faulting process id: 0x68c
Faulting application start time: 0x023893~1.EXE0
Faulting application path: 023893~1.EXE1
Faulting module path: 023893~1.EXE2
Report Id: 023893~1.EXE3
Faulting package full name: 023893~1.EXE4
Faulting package-relative application ID: 023893~1.EXE5
 
Error: (07/28/2015 02:27:40 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\windows\system32\mscoree.dll8
 
Error: (07/27/2015 12:18:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 44.0.2403.107 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 404
 
Start Time: 01d0c7413ea54c24
 
Termination Time: 4294967295
 
Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
Report Id: 373d33ca-3494-11e5-8262-7429aff9a9e0
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (07/25/2015 06:13:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 023893~1.EXE, version: 7.8.703.2, time stamp: 0x51f80503
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x676f7250
Faulting process id: 0x6a0
Faulting application start time: 0x023893~1.EXE0
Faulting application path: 023893~1.EXE1
Faulting module path: 023893~1.EXE2
Report Id: 023893~1.EXE3
Faulting package full name: 023893~1.EXE4
Faulting package-relative application ID: 023893~1.EXE5
 
Error: (07/23/2015 02:17:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 023893~1.EXE, version: 7.8.703.2, time stamp: 0x51f80503
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x72676f72
Faulting process id: 0x600
Faulting application start time: 0x023893~1.EXE0
Faulting application path: 023893~1.EXE1
Faulting module path: 023893~1.EXE2
Report Id: 023893~1.EXE3
Faulting package full name: 023893~1.EXE4
Faulting package-relative application ID: 023893~1.EXE5
 
Error: (07/21/2015 02:11:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MsMpEng.exe, version: 4.7.205.0, time stamp: 0x54cb5aeb
Faulting module name: mpengine.dll, version: 1.1.10401.0, time stamp: 0x53194e31
Exception code: 0xc0000005
Fault offset: 0x00000000005fc212
Faulting process id: 0x10ec
Faulting application start time: 0xMsMpEng.exe0
Faulting application path: MsMpEng.exe1
Faulting module path: MsMpEng.exe2
Report Id: MsMpEng.exe3
Faulting package full name: MsMpEng.exe4
Faulting package-relative application ID: MsMpEng.exe5
 
Error: (07/21/2015 02:05:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MsMpEng.exe, version: 4.7.205.0, time stamp: 0x54cb5aeb
Faulting module name: mpengine.dll, version: 1.1.10401.0, time stamp: 0x53194e31
Exception code: 0xc0000005
Fault offset: 0x00000000005fc212
Faulting process id: 0x770
Faulting application start time: 0xMsMpEng.exe0
Faulting application path: MsMpEng.exe1
Faulting module path: MsMpEng.exe2
Report Id: MsMpEng.exe3
Faulting package full name: MsMpEng.exe4
Faulting package-relative application ID: MsMpEng.exe5
 
Error: (07/20/2015 03:06:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 023893~1.EXE, version: 7.8.703.2, time stamp: 0x51f80503
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x72676f72
Faulting process id: 0x5dc
Faulting application start time: 0x023893~1.EXE0
Faulting application path: 023893~1.EXE1
Faulting module path: 023893~1.EXE2
Report Id: 023893~1.EXE3
Faulting package full name: 023893~1.EXE4
Faulting package-relative application ID: 023893~1.EXE5
 
 
System errors:
=============
Error: (08/05/2015 08:17:22 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Home.
 
Error: (08/04/2015 11:22:38 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Home.
 
Error: (08/03/2015 03:11:39 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Home.
 
Error: (08/03/2015 12:35:10 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Home.
 
Error: (08/03/2015 12:19:29 PM) (Source: DCOM) (EventID: 10010) (User: ROBERT_PC)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 
Error: (08/03/2015 12:19:29 PM) (Source: DCOM) (EventID: 10010) (User: ROBERT_PC)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 
Error: (08/02/2015 10:17:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275
 
Error: (08/02/2015 10:17:22 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Robert\AppData\Local\Temp\ehdrv.sys
 
Error: (08/02/2015 10:17:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275
 
Error: (08/02/2015 10:17:22 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Robert\AppData\Local\Temp\ehdrv.sys
 
 
Microsoft Office:
=========================
Error: (08/04/2015 03:20:23 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\windows\system32\mscoree.dll8
 
Error: (08/02/2015 10:16:59 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\Robert\AppData\Local\Temp\IDC2.tmp\ESETSmartInstaller.exe
 
Error: (07/28/2015 12:46:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: 023893~1.EXE7.8.703.251f80503unknown0.0.0.000000000c0000005676f725068c01d0c96e0b977ca0C:\Users\Robert\AppData\Local\Temp\023893~1.EXEunknown4e720a15-3561-11e5-8263-7429aff9a9e0
 
Error: (07/28/2015 02:27:40 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\windows\system32\mscoree.dll8
 
Error: (07/27/2015 12:18:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe44.0.2403.10740401d0c7413ea54c244294967295C:\Program Files (x86)\Google\Chrome\Application\chrome.exe373d33ca-3494-11e5-8262-7429aff9a9e0
 
Error: (07/25/2015 06:13:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: 023893~1.EXE7.8.703.251f80503unknown0.0.0.000000000c0000005676f72506a001d0c740493b530aC:\Users\Robert\AppData\Local\Temp\023893~1.EXEunknown8ae6a2b3-3333-11e5-8262-7429aff9a9e0
 
Error: (07/23/2015 02:17:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: 023893~1.EXE7.8.703.251f80503unknown0.0.0.000000000c000000572676f7260001d0c58d038792fdC:\Users\Robert\AppData\Local\Temp\023893~1.EXEunknown461c499f-3180-11e5-8261-7429aff9a9e0
 
Error: (07/21/2015 02:11:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: MsMpEng.exe4.7.205.054cb5aebmpengine.dll1.1.10401.053194e31c000000500000000005fc21210ec01d0c394818c80bdC:\Program Files\Windows Defender\MsMpEng.exeC:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default\mpengine.dll79d20c37-2f88-11e5-8260-7429aff9a9e0
 
Error: (07/21/2015 02:05:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: MsMpEng.exe4.7.205.054cb5aebmpengine.dll1.1.10401.053194e31c000000500000000005fc21277001d0c3384c59eee2C:\Program Files\Windows Defender\MsMpEng.exeC:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default\mpengine.dll9b66f595-2f87-11e5-8260-7429aff9a9e0
 
Error: (07/20/2015 03:06:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: 023893~1.EXE7.8.703.251f80503unknown0.0.0.000000000c000000572676f725dc01d0c33849fba72cC:\Users\Robert\AppData\Local\Temp\023893~1.EXEunknown8c109b6b-2f2b-11e5-8260-7429aff9a9e0
 
 
CodeIntegrity:
===================================
  Date: 2015-08-02 19:04:59.645
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-02 19:04:59.492
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: AMD A10-7700K Radeon R7, 10 Compute Cores 4C+6G
Percentage of memory in use: 30%
Total physical RAM: 11188.84 MB
Available physical RAM: 7789.3 MB
Total Virtual: 12916.84 MB
Available Virtual: 8015.71 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:1845.64 GB) (Free:1765.99 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:15.89 GB) (Free:2.02 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 71199D70)
 
Partition: GPT Partition Type.
 
==================== End of log ============================


#3 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:07:12 PM

Posted 08 August 2015 - 12:52 PM

hi,

 

Lets see if adwcleaner can dig up anythng. Probably a third party addon that came with a download.

 

Please download adwcleaner and save to your desktop.

 

    http://www.bleepingcomputer.com/download/adwcleaner/

 

    Right click AdwCleaner.exe and select "run as admin"

    Accept the disclaimer

    Click on the Scan button.

    Once the scan is done, Click the Clean button

    Press OK when asked to close all programs and follow the onscreen prompts.

    Press OK again to allow AdwCleaner to restart the computer and complete the removal process.

    After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically

    Copy and paste the contents of that logfile in your next reply.

    A copy of that logfile will also be saved in the C:\AdwCleaner folder.


How Can I Reduce My Risk to Malware?


#4 dudewithaclue

dudewithaclue
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 08 August 2015 - 01:49 PM

Hello and thank you kindly for your assistance. As instructed........
 
# AdwCleaner v4.208 - Logfile created 08/08/2015 at 11:45:03
# Updated 09/07/2015 by Xplode
# Database : 2015-07-09.2 [Local]
# Operating system : Windows 8.1  (x64)
# Username : Robert - ROBERT_PC
# Running from : C:\Users\Robert\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17840
 
 
-\\ Mozilla Firefox v39.0 (x86 en-US)
 
 
-\\ Google Chrome v44.0.2403.130
 
 
*************************
 
AdwCleaner[R0].txt - [1146 bytes] - [28/07/2015 12:44:38]
AdwCleaner[R1].txt - [1178 bytes] - [01/08/2015 11:21:39]
AdwCleaner[R2].txt - [1002 bytes] - [08/08/2015 11:44:24]
AdwCleaner[S0].txt - [1216 bytes] - [28/07/2015 12:45:16]
AdwCleaner[S1].txt - [1247 bytes] - [01/08/2015 11:22:15]
AdwCleaner[S2].txt - [929 bytes] - [08/08/2015 11:45:03]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [987  bytes] ##########


#5 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:07:12 PM

Posted 08 August 2015 - 03:22 PM

Ok. not much there really. You still getting the notifications? Is it Winpatrol that provides the notification? could you get anymore info from Winpatrol, like a log with more informaton or anything? Not really familiar with it.


How Can I Reduce My Risk to Malware?


#6 dudewithaclue

dudewithaclue
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 08 August 2015 - 03:39 PM

Hi shelf life,

 

I had previously run AdwCleaner AND JRT. Didn't see anything myself, but I'm not the professional like you guys here. That's why I submitted the FRST logs. I had a horrible time with FRST.txt. It would NOT upload via copy and paste. Had to attach it and that took several attempts. The difficulty I had posting my logs made me extremely suspicious. Along with the data usage and the Chrome notifications.

 

The notifications I receive are from the Chrome browser itself when I open the Settings page. I have received several notifications but Chrome doesn't tell me what program is responsible for making the attempts. I haven't received any notifications from Winpatrol about any unauthorized or suspicious change attempts. I have not received any new notifications since I posted my topic here - and I check several times a day.

 

I greatly appreciate your time more than I can ever say, sir and I would hate to waste your time. If my logs are clean, I don't want to keep you from helping others who have legit problems.



#7 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:07:12 PM

Posted 08 August 2015 - 03:52 PM

hi,

 

No problem, your not wasting my time. Your logs look ok as far as malware goes and you have run several tools also. As far as the data usage, looks like you are a gamer so I guess that amount is possible over 5 days. Not to mention all the other usuage that goes on along with it.


How Can I Reduce My Risk to Malware?


#8 dudewithaclue

dudewithaclue
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 08 August 2015 - 04:09 PM

If you say my logs look okay, than I will breathe a huge sigh of relief and thank you for your time.

 

Thank you so very much, shelf life.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users