Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus/Malware causing limited to internet connection?


  • This topic is locked This topic is locked
6 replies to this topic

#1 Its_Practice

Its_Practice

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 19 August 2016 - 11:57 PM

I've reset my router, adapter, etc. Other devices in my household are working fine with great connection except my PC. I'm currently posting from my laptop because my computer is barely able to connect to the internet. I did a google search online and found out it could possibly be a Virus or Malware. So I decided to post here and find out.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-08-2016
Ran by Mitch (administrator) on MITCH-PC (19-08-2016 23:29:23)
Running from J:\SPACE AIDS
Loaded Profiles: Mitch (Available Profiles: Mitch)
Platform: Windows 8 Pro (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(WinZip Computing International, LLC) C:\Program Files\File Association Helper\FAHWindow.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [216248 2013-09-26] (WinZip Computing International, LLC)
HKLM-x32\...\Run: [masqform.exe] => C:\Program Files (x86)\PureEdge\Viewer 6.5\masqform.exe [643072 2005-07-04] (PureEdge™ Solutions Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1110232 2016-06-25] (Adobe Systems Incorporated)
HKU\S-1-5-21-780877103-2327518023-3428101937-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [429120 2014-01-23] (BillP Studios)
HKU\S-1-5-21-780877103-2327518023-3428101937-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2857248 2016-08-16] (Valve Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2016-03-01]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{40F8B619-3219-4403-8AEE-CA82FD1DD984}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-780877103-2327518023-3428101937-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-780877103-2327518023-3428101937-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> DefaultScope value is missing
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
 
FireFox:
========
FF ProfilePath: C:\Users\Mitch\AppData\Roaming\Mozilla\Firefox\Profiles\disjytgs.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-13] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-13] ()
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\Mitch\AppData\Roaming\Mozilla\Firefox\Profiles\disjytgs.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-25] [not signed]
 
Chrome: 
=======
CHR Profile: C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adblock Plus) - C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-06-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Chrome Media Router) - C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-19]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [236832 2015-11-13] (EasyAntiCheat Ltd)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-09-23] ()
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [129168 2015-10-28] (Razer Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-01] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3265256 2013-01-08] (Broadcom Corporation)
S3 RTL8187; C:\Windows\system32\DRIVERS\wg111v2.sys [340992 2007-12-26] (NETGEAR Inc.) [File not signed]
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-09-22] (Razer, Inc.)
S3 ssdevfactory; C:\Windows\System32\drivers\ssdevfactory.sys [32792 2015-09-29] (SteelSeries ApS)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [36288 2013-07-01] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [247216 2013-07-01] (Microsoft Corporation)
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-19 23:27 - 2016-08-19 23:29 - 00000000 ____D C:\FRST
2016-08-12 20:26 - 2016-08-12 20:26 - 00005637 _____ C:\Users\Mitch\Downloads\smime.p7s
2016-08-11 22:52 - 2016-08-11 22:52 - 00000000 ____D C:\Windows\SysWOW64\Cef
2016-08-04 19:30 - 2016-08-04 19:30 - 00002810 _____ C:\Users\Mitch\Documents\reg backup8.reg
2016-08-01 20:40 - 2016-08-01 20:40 - 00000357 _____ C:\Users\Mitch\Documents\naruto stuff.txt
2016-07-28 18:03 - 2016-07-28 18:03 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1e91be32b0018.job
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-19 23:24 - 2012-07-26 04:12 - 00000000 ____D C:\Windows\system32\NDF
2016-08-19 23:03 - 2014-01-20 07:56 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-19 23:01 - 2014-03-12 15:08 - 00000000 ____D C:\Program Files (x86)\Steam
2016-08-19 22:59 - 2015-03-24 12:28 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-08-19 22:59 - 2014-01-20 07:56 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-19 22:59 - 2012-07-26 03:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-19 22:35 - 2012-07-26 01:37 - 00000000 ____D C:\Windows\Inf
2016-08-19 21:47 - 2015-12-05 05:25 - 00002958 _____ C:\Users\Mitch\Documents\KOTOR Build.txt
2016-08-19 19:24 - 2012-07-26 01:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-08-04 19:57 - 2012-07-26 04:12 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-08-03 16:04 - 2014-01-20 07:56 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-07-28 18:03 - 2016-05-10 19:03 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1ab1030933da6.job
2016-07-27 15:25 - 2014-02-11 00:09 - 00504488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 
==================== Files in the root of some directories =======
 
2013-12-10 23:50 - 2013-12-11 23:50 - 0003744 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-08-18 11:46
 
==================== End of FRST.txt ============================Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-08-2016
Ran by Mitch (administrator) on MITCH-PC (19-08-2016 23:29:23)
Running from J:\SPACE AIDS
Loaded Profiles: Mitch (Available Profiles: Mitch)
Platform: Windows 8 Pro (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(WinZip Computing International, LLC) C:\Program Files\File Association Helper\FAHWindow.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [216248 2013-09-26] (WinZip Computing International, LLC)
HKLM-x32\...\Run: [masqform.exe] => C:\Program Files (x86)\PureEdge\Viewer 6.5\masqform.exe [643072 2005-07-04] (PureEdge™ Solutions Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1110232 2016-06-25] (Adobe Systems Incorporated)
HKU\S-1-5-21-780877103-2327518023-3428101937-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [429120 2014-01-23] (BillP Studios)
HKU\S-1-5-21-780877103-2327518023-3428101937-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2857248 2016-08-16] (Valve Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2016-03-01]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{40F8B619-3219-4403-8AEE-CA82FD1DD984}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-780877103-2327518023-3428101937-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-780877103-2327518023-3428101937-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> DefaultScope value is missing
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
 
FireFox:
========
FF ProfilePath: C:\Users\Mitch\AppData\Roaming\Mozilla\Firefox\Profiles\disjytgs.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-13] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-13] ()
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\Mitch\AppData\Roaming\Mozilla\Firefox\Profiles\disjytgs.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-25] [not signed]
 
Chrome: 
=======
CHR Profile: C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adblock Plus) - C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-06-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Chrome Media Router) - C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-19]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [236832 2015-11-13] (EasyAntiCheat Ltd)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-09-23] ()
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [129168 2015-10-28] (Razer Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-01] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3265256 2013-01-08] (Broadcom Corporation)
S3 RTL8187; C:\Windows\system32\DRIVERS\wg111v2.sys [340992 2007-12-26] (NETGEAR Inc.) [File not signed]
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-09-22] (Razer, Inc.)
S3 ssdevfactory; C:\Windows\System32\drivers\ssdevfactory.sys [32792 2015-09-29] (SteelSeries ApS)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [36288 2013-07-01] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [247216 2013-07-01] (Microsoft Corporation)
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-19 23:27 - 2016-08-19 23:29 - 00000000 ____D C:\FRST
2016-08-12 20:26 - 2016-08-12 20:26 - 00005637 _____ C:\Users\Mitch\Downloads\smime.p7s
2016-08-11 22:52 - 2016-08-11 22:52 - 00000000 ____D C:\Windows\SysWOW64\Cef
2016-08-04 19:30 - 2016-08-04 19:30 - 00002810 _____ C:\Users\Mitch\Documents\reg backup8.reg
2016-08-01 20:40 - 2016-08-01 20:40 - 00000357 _____ C:\Users\Mitch\Documents\naruto stuff.txt
2016-07-28 18:03 - 2016-07-28 18:03 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1e91be32b0018.job
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-19 23:24 - 2012-07-26 04:12 - 00000000 ____D C:\Windows\system32\NDF
2016-08-19 23:03 - 2014-01-20 07:56 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-19 23:01 - 2014-03-12 15:08 - 00000000 ____D C:\Program Files (x86)\Steam
2016-08-19 22:59 - 2015-03-24 12:28 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-08-19 22:59 - 2014-01-20 07:56 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-19 22:59 - 2012-07-26 03:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-19 22:35 - 2012-07-26 01:37 - 00000000 ____D C:\Windows\Inf
2016-08-19 21:47 - 2015-12-05 05:25 - 00002958 _____ C:\Users\Mitch\Documents\KOTOR Build.txt
2016-08-19 19:24 - 2012-07-26 01:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-08-04 19:57 - 2012-07-26 04:12 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-08-03 16:04 - 2014-01-20 07:56 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-07-28 18:03 - 2016-05-10 19:03 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1ab1030933da6.job
2016-07-27 15:25 - 2014-02-11 00:09 - 00504488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 
==================== Files in the root of some directories =======
 
2013-12-10 23:50 - 2013-12-11 23:50 - 0003744 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-08-18 11:46
 
==================== End of FRST.txt ============================

 

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:54 PM

Posted 21 August 2016 - 10:25 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-780877103-2327518023-3428101937-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope value is missing
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===
Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

Restart Chrome.
===

Please post the fixlog.txt log and include the Addition.txt file that was created by the Farbar tool.
I need to review it.

---

p.s.

Whan all is well I suggest you upgrade to Windows 8.1

The support for Windows 8. has ended.
http://www.windowscentral.com/microsoft-ends-support-windows-8-asks-users-upgrade-windows-81-or-10

You should Upgrade using the Microsoft Store.

#3 Its_Practice

Its_Practice
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 22 August 2016 - 04:11 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-08-2016 01
Ran by Mitch (22-08-2016 04:52:07) Run:1
Running from J:\SPACE AIDS
Loaded Profiles: Mitch (Available Profiles: Mitch)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-780877103-2327518023-3428101937-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope value is missing
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
C:\Users\Mitch\AppData\Local\Google\Chrome\User
Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
*****************
 
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-780877103-2327518023-3428101937-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => key removed successfully
C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
BRDriver64_1_3_3_E02B25FC => service removed successfully
catchme => service removed successfully
"C:\Users\Mitch\AppData\Local\Google\Chrome\User" => not found.
Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => Error: No automatic fix found for this entry.
 
==== End of Fixlog 04:52:07 ====
 
 
 

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:54 PM

Posted 22 August 2016 - 06:58 AM

Nothing suspicious was found on your Addition.txt log.

If the problem persists please download and run this tool on the compromised computer.

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyclsid;
emptyffcache;
FFdefaults;
emptyiecache;
iedefaults;
emptychrcache;
CHRdefaults;
emptyalltemp;
emptyfolderscheck;delete
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.
===

Also, please provide an update on how the computer is behaving after running the above script.

#5 Its_Practice

Its_Practice
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 22 August 2016 - 11:54 AM

Unfortunately i'm still experiencing the same issues.

 

 
Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Mitch on Mon 08/22/2016 at 11:42:20.27.
Microsoft Windows 8 Pro 6.2.9200  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Mitch\Downloads\zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
8/22/2016 11:43:27 AM Zoek.exe System Restore Point Created Successfully.
 
==== Empty Folders Check ======================
 
C:\PROGRA~2\AVG deleted successfully
C:\PROGRA~2\Malwarebytes' Anti-Malware deleted successfully
C:\Program Files\Nexus Mod Manager deleted successfully
C:\PROGRA~3\HappyCloud deleted successfully
C:\PROGRA~3\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} deleted successfully
C:\Users\Mitch\AppData\Roaming\Malwarebytes deleted successfully
C:\Users\Mitch\AppData\Local\TeamSpeak 3 Client deleted successfully
C:\Users\Mitch\AppData\Local\TERA deleted successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
HKEY_USERS\S-1-5-21-780877103-2327518023-3428101937-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ADEC4155-5AC3-3431-D453-DFEE4C82E4CC} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} deleted successfully
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== FireFox Fix ======================
 
Deleted from C:\Users\Mitch\AppData\Roaming\Mozilla\Firefox\Profiles\disjytgs.default\prefs.js:
 
Added to C:\Users\Mitch\AppData\Roaming\Mozilla\Firefox\Profiles\disjytgs.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
 
==== Batch Command(s) Run By Tool======================
 
 
==== Deleting Files \ Folders ======================
 
C:\PROGRA~2\AVG not found
C:\PROGRA~3\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} not found
C:\found.000 deleted
C:\PROGRA~3\InstallMate deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Mitch\AppData\LocalLow\Unity deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar deleted
C:\end deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
C:\Windows\SysWow64\AI_RecycleBin deleted
C:\Users\Mitch\Documents\Add-in Express deleted
"C:\Users\Mitch\AppData\Roaming\enchant\en_US.dic" deleted
"C:\Users\Mitch\AppData\Roaming\enchant\en_US.exc" deleted
"C:\Users\Mitch\AppData\Roaming\enchant" deleted
 
==== Firefox Start and Search pages ======================
 
ProfilePath: C:\Users\Mitch\AppData\Roaming\Mozilla\Firefox\Profiles\disjytgs.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
 
==== Firefox Extensions ======================
 
ProfilePath: C:\Users\Mitch\AppData\Roaming\Mozilla\Firefox\Profiles\disjytgs.default
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
 
==== Firefox Plugins ======================
 
 
==== Chromium Look ======================
 
Google Chrome Version: 46.0.2490.86
 
 
Chrome Media Router - Mitch\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
==== All HKLM and HKCU SearchScopes ======================
 
HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
 
==== Reset Google Chrome ======================
 
C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\Preferences.bad was reset successfully
C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences.bad was reset successfully
C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
 
==== Deleting Registry Keys ======================
 
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{84481A87-2316-4923-8FAB-3BA8CA29323D} deleted successfully
 
==== Empty IE Cache ======================
 
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Mitch\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Mitch\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
 
==== Empty FireFox Cache ======================
 
No FireFox Cache found
 
==== Empty Chrome Cache ======================
 
C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=159 folders=75 60665690 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Mitch\AppData\Local\temp will be emptied at reboot
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\Windows\Temp successfully emptied
C:\Users\Mitch\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== EOF on Mon 08/22/2016 at 11:54:33.84 ======================


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:54 PM

Posted 23 August 2016 - 07:41 AM

Please Download and run the ComboFix tool.

How to use ComboFix
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Follow the instructions on the page.

Post the content of the C:\ComboFix.txt file for my review.

p.s.
When all is well you can remove the tool by following the Uninstall instructions on the same page.

====

p.s.
ComboFix is compatible with Windows 8. but not 8.1.

#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:54 PM

Posted 29 August 2016 - 08:58 AM

Are you still with me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users