Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

302 moved here redirect firefox google only after windows[not firefox] update


  • Please log in to reply
6 replies to this topic

#1 Skillful

Skillful

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 18 November 2017 - 12:44 PM

Hey,

 

I had windows 8.1 pro x64 "needs to restart in  xyz mins" I could restart now, or restart later. I restarted now, and it said dont turn off pc, updating or downloading %,and similar thing when it restarted.

 

However, after the reset, firefox now, if I typed something into the top right search bar,would go "302 this has moved here." and the "here." would be a hyperlink. The hyperlink was the same link I was meant to goto except with HTTPS:// in front of it. Similar if I try and click a hyperlink on here that has the word "here." as the clickable link. Once it said "301 has moved here."

 

When I tried logging into bleepingcomputer, it went to login=do or whatever ,but just displayed a white blank page. I then hit back button, to the bleepingcomputer  site or search, and I went to bleepingcomputer and it says I'm logged in. So the data was sent, but the page on my end was just blank white. No 302 error that time. This blank white happened and the 302 error a couple times, also once was a 301 this has moved here error.

 

Also, I noticed that noscript and adblock still seemed to be working except, when looking at the noscript pulldown menu, and there is only
about, options, allow scripts globally,temp allow all this page,xss.

 

There is NO revoke this inidvidual permission or that individual perimssion script eg xyz.com or xyzcdn.com etc that I had previously, temporarily allowed.

Clicked options, ticked temp open permissions menu when mouse hovers over icon, click ok, but doesn't do anything? click cancel, now only options,allow,xss, where is about noscript gone? ok clicking OK does give a little arrow pull down,but the options eg abotu are still missing from the pulldown menu when hover mouse over noscript as well. So this *windows*update has somehow interfered with firefox? or firefox addon?

 

I do not think it updated firefox, although that is a possiblity... or isit, does automatic windows updates update firefox, or just internet explorer?

 

Another thing, even though I did the reset at 2:30am or something, the "last update " was yesterday at 3pm. So how does that work? Something odd going on? The yesterdays update was defender update only, so no reset needed I assume. EDIT: End of this post, this update does not show up in update history, but does show up in control panel>programs>view installed updates.
 

I programs and features, remove firefox, then install firefox from internet explorer, and now have firefox quantum. got adblockplus this time , but no script blocker. I notice this firefox has "square" edges onthe tabs, I did not notice this after the windows update,so in that case Idont think firefox itself had been updated.

 

Can a virus or something give  a windows update and restart now / restart later message, or is coincidence?

 

Since this new firefox, have not noticed this issue[yet], but am using duckduckgo instead of google but unsure if that means was just some error or if something was infected but hasn't caught up to new FF yet? eg could still be infected?

 

EDIT: I went to a hyperlink that had "here." in it that also produced same problem,and the problem so far has not come back on quantum firefox. It does not guarantee that there was something bad going on so am happy to run some programs if needed.

 

https://www.bleepingcomputer.com/forums/t/588399/firefox-302-moved-error-and-google-this-document-has-been-moved-here-error/page-2

EG see how he has a "here." link, before that would cause the same issue, but now its not an issue. The other issue of searching, and getting redirected to "302 has moved here." with "here." being the same hyperlink but with https:// infront of it as one example, so far has not reoccured with quantum. Perhaps old firefox got infected and its still there?

 

EDIT2: After doing a search, KB4048958 security update for microwoft windows WAS installed on the 19/11/2017. I found this by going control panel > programs> view installed updates. It annoying that it doesnt show up in 'normal' update history. See 'workaround'. Yes I'm on win8.1,but this workaround shows an update for today when it reset the computer. Double checked in the windows update history view update history, this todays update is still not listed. Guessing this bug will not be fixed by microsoft or they don't know about it yet?

https://support.microsoft.com/en-us/help/4034658/windows-10-update-kb4034658

https://support.microsoft.com/en-au/help/4048958/windows-81-update-kb4048958


Edited by Skillful, 18 November 2017 - 04:30 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:55 AM

Posted 23 November 2017 - 12:45 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> https://www.bleepingcomputer.com/logreply/663206 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Skillful

Skillful
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 24 November 2017 - 10:49 AM

The problem went away after uninstalling firefox whateverversion I was on, andinstalling firefox Quantumm.

 

To be safe, I downloaded Malwarebytes and it found nothing. Ran windows defender it found nothing. Links below give different answers for the cause.Even though the problem is now gone, I wanted to find out if anything waswrong, to be sure. I may do a HDD wipe,but I also ran FRST to see if anything shows up? :)

 

This seems like an addon causing it

https://support.mozilla.org/en-US/questions/976216

 

But then this seems like the issue caused by malware?

https://www.cnet.com/forums/discussions/cant-use-google-search-engine-comes-up-302-moved-374707/

 

I checked my hosts file it had theusual #that it comes with, but no extra lines if I remember correctly.

https://productforums.google.com/forum/#!topic/websearch/hvkhGWCfNsE

 

 

 

 

 

 

Here are the FRST logs

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-11-2017
Ran by Skilly (administrator) on SKILLED (25-11-2017 01:38:52)
Running from C:\Users\Skilly\Downloads
Loaded Profiles: Skilly (Available Profiles: Skilly)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17044_x64__8wekyb3d8bbwe\glcnd.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

"Path" (%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\ -> %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SystemRoot%\System32\WindowsPowerShell\v1.0;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\) <==== Repaired successfully
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{358892A0-967C-4826-A19C-C44DE1CB0BE3}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
HKU\S-1-5-21-525647286-2010405465-138830124-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.au/
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2017-01-03] (Eyeo GmbH)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2017-01-03] (Eyeo GmbH)

FireFox:
========
FF DefaultProfile: nu0r3vax.default-1511022892110
FF ProfilePath: C:\Users\Skilly\AppData\Roaming\Mozilla\Firefox\Profiles\nu0r3vax.default-1511022892110 [2017-11-25]
FF Homepage: Mozilla\Firefox\Profiles\nu0r3vax.default-1511022892110 -> hxxps://duckduckgo.com/
FF Extension: (uBlock Origin) - C:\Users\Skilly\AppData\Roaming\Mozilla\Firefox\Profiles\nu0r3vax.default-1511022892110\Extensions\uBlock0@raymondhill.net.xpi [2017-11-19]
FF Extension: (Adblock Plus) - C:\Users\Skilly\AppData\Roaming\Mozilla\Firefox\Profiles\nu0r3vax.default-1511022892110\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-11-19]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-13] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-13] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [118848 2016-08-09] (Advanced Micro Devices)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77432 2017-11-01] ()
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193464 2017-11-22] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\DRIVERS\farflt.sys [110016 2017-11-23] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [46008 2017-11-23] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2017-11-23] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [94144 2017-11-25] (Malwarebytes)
R1 MpKsl41748a31; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1FE7068F-96F3-4CAE-B214-82B797359445}\MpKsl41748a31.sys [58120 2017-11-24] (Microsoft Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [46600 2017-02-11] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [274776 2017-01-13] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-13] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [54344 2016-11-22] (Intel Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-25 01:38 - 2017-11-25 01:38 - 000006665 _____ C:\Users\Skilly\Downloads\FRST.txt
2017-11-25 01:37 - 2017-11-25 01:38 - 000000000 ____D C:\FRST
2017-11-25 01:37 - 2017-11-25 01:37 - 002393088 _____ (Farbar) C:\Users\Skilly\Downloads\FRST64.exe
2017-11-22 09:44 - 2017-11-22 09:44 - 000000000 ____D C:\Users\Skilly\AppData\LocalLow\AMD
2017-11-22 09:44 - 2017-11-22 09:44 - 000000000 ____D C:\Users\Skilly\AppData\Local\AMD
2017-11-22 09:43 - 2017-11-23 00:17 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2017-11-22 09:43 - 2017-11-22 09:43 - 000003160 _____ C:\Windows\System32\Tasks\StartCN
2017-11-22 09:43 - 2017-11-22 09:43 - 000000000 ____D C:\Windows\LastGood.Tmp
2017-11-22 09:43 - 2017-11-22 09:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2017-11-22 09:43 - 2017-11-22 09:43 - 000000000 ____D C:\Program Files (x86)\AMD
2017-11-22 09:42 - 2017-11-22 09:42 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2017-11-22 09:42 - 2017-01-28 08:05 - 000103936 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2017-11-22 09:42 - 2017-01-28 08:04 - 000326656 _____ C:\Windows\SysWOW64\vulkan-1.dll
2017-11-22 09:42 - 2017-01-28 08:02 - 000118272 _____ C:\Windows\system32\vulkaninfo.exe
2017-11-22 09:42 - 2017-01-28 08:01 - 000322560 _____ C:\Windows\system32\vulkan-1.dll
2017-11-22 09:41 - 2017-11-22 09:41 - 000000000 ____D C:\ProgramData\Package Cache
2017-11-22 09:38 - 2017-11-22 09:38 - 041034432 _____ (AMD Inc.) C:\Users\Skilly\Downloads\radeon-crimson-relive-17.11.2-minimalsetup-171116_web.exe
2017-11-22 09:38 - 2017-11-22 09:38 - 000000000 ____D C:\Users\Skilly\AppData\Local\RadeonInstaller
2017-11-22 08:10 - 2017-11-25 00:31 - 000094144 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-11-22 08:10 - 2017-11-23 00:17 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2017-11-22 08:10 - 2017-11-23 00:17 - 000110016 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-11-22 08:10 - 2017-11-23 00:17 - 000046008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-11-22 08:10 - 2017-11-22 08:10 - 000193464 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2017-11-22 08:10 - 2017-11-22 08:10 - 000001883 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-11-22 08:10 - 2017-11-22 08:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-11-22 08:10 - 2017-11-22 08:10 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-11-22 08:10 - 2017-11-22 08:10 - 000000000 ____D C:\Program Files\Malwarebytes
2017-11-22 08:10 - 2017-11-01 08:54 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-11-22 08:09 - 2017-11-22 08:10 - 078346672 _____ (Malwarebytes ) C:\Users\Skilly\Downloads\mb3-setup-consumer-3.3.1.2183.exe
2017-11-19 05:47 - 2017-11-22 05:48 - 000000000 ____D C:\Users\Skilly\AppData\LocalLow\Adblock Plus for IE
2017-11-19 05:47 - 2017-11-19 05:47 - 000000000 ____D C:\Program Files\Adblock Plus for IE
2017-11-19 05:44 - 2017-11-19 05:44 - 006263976 _____ ( ) C:\Users\Skilly\Downloads\adblockplusie-1.6.exe
2017-11-19 02:34 - 2017-11-19 02:34 - 000000948 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-11-19 02:34 - 2017-11-19 02:34 - 000000936 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-11-19 02:34 - 2017-11-19 02:34 - 000000000 ____D C:\Users\Skilly\Desktop\Old Firefox Data
2017-11-19 02:34 - 2017-11-19 02:34 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-11-19 02:34 - 2017-11-19 02:34 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-11-19 02:33 - 2017-11-19 02:33 - 000311176 _____ (Mozilla) C:\Users\Skilly\Downloads\Firefox Installer.exe
2017-11-15 10:36 - 2017-10-18 05:11 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2017-11-15 10:36 - 2017-10-17 04:38 - 002013016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-11-15 10:36 - 2017-10-14 23:04 - 001548624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-11-15 10:36 - 2017-10-14 18:38 - 025731584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-11-15 10:36 - 2017-10-14 18:23 - 004168704 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-11-15 10:36 - 2017-10-14 18:13 - 002903552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-11-15 10:36 - 2017-10-14 18:11 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-11-15 10:36 - 2017-10-14 18:09 - 005979648 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-11-15 10:36 - 2017-10-14 18:01 - 000816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-11-15 10:36 - 2017-10-14 17:36 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-11-15 10:36 - 2017-10-14 17:31 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-11-15 10:36 - 2017-10-14 17:30 - 015266816 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-11-15 10:36 - 2017-10-14 17:30 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-11-15 10:36 - 2017-10-14 17:30 - 000380416 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-11-15 10:36 - 2017-10-14 17:29 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-11-15 10:36 - 2017-10-14 17:27 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-11-15 10:36 - 2017-10-14 17:21 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-11-15 10:36 - 2017-10-14 17:14 - 020269056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-11-15 10:36 - 2017-10-14 17:09 - 001544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-11-15 10:36 - 2017-10-14 17:05 - 015431680 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2017-11-15 10:36 - 2017-10-14 16:58 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-11-15 10:36 - 2017-10-14 16:53 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-11-15 10:36 - 2017-10-14 16:50 - 002293760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-11-15 10:36 - 2017-10-14 16:45 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-11-15 10:36 - 2017-10-14 16:33 - 004542464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-11-15 10:36 - 2017-10-14 16:28 - 013680128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-11-15 10:36 - 2017-10-14 16:28 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-11-15 10:36 - 2017-10-14 16:25 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-11-15 10:36 - 2017-10-14 16:24 - 000694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-11-15 10:36 - 2017-10-14 16:24 - 000331776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-11-15 10:36 - 2017-10-14 16:23 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-11-15 10:36 - 2017-10-14 16:14 - 013317632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2017-11-15 10:36 - 2017-10-14 16:10 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-11-15 10:36 - 2017-10-14 16:07 - 001314304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-11-15 10:36 - 2017-10-14 16:04 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-11-15 10:36 - 2017-10-11 02:36 - 000124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys
2017-11-15 10:36 - 2017-10-11 01:38 - 003631616 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-11-15 10:36 - 2017-10-11 01:38 - 000425984 _____ (Microsoft Corporation) C:\Windows\system32\PCPTpm12.dll
2017-11-15 10:36 - 2017-10-11 01:11 - 002749952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-11-15 10:36 - 2017-10-11 01:08 - 000367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCPTpm12.dll
2017-11-15 10:36 - 2017-10-05 17:17 - 000380248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2017-11-15 10:36 - 2017-09-15 09:52 - 000986968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2017-11-15 10:36 - 2017-09-09 03:14 - 003084288 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2017-11-15 10:36 - 2017-09-09 02:50 - 002471424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2017-11-15 10:36 - 2017-09-08 13:31 - 000685440 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-11-15 10:36 - 2017-09-08 13:28 - 000507176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-11-15 10:36 - 2017-09-08 07:31 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\mgmtapi.dll
2017-11-15 10:36 - 2017-09-08 05:20 - 000018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mgmtapi.dll
2017-11-15 10:36 - 2017-09-08 03:20 - 000513456 _____ C:\Windows\SysWOW64\locale.nls
2017-11-15 10:36 - 2017-09-08 03:20 - 000513456 _____ C:\Windows\system32\locale.nls
2017-11-15 10:36 - 2017-09-07 23:40 - 000995272 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-11-15 10:36 - 2017-09-07 23:40 - 000922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-11-15 10:36 - 2017-09-07 09:07 - 000158552 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2017-11-15 10:36 - 2017-09-07 07:17 - 000461144 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2017-11-15 10:36 - 2017-09-07 07:17 - 000443224 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2017-11-15 10:36 - 2017-09-07 00:14 - 000166400 _____ (Microsoft Corporation) C:\Windows\system32\regsvc.dll
2017-11-15 10:36 - 2017-08-11 11:39 - 002779136 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2017-11-15 10:36 - 2017-08-11 11:30 - 002464256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2017-11-02 16:51 - 2017-11-02 16:51 - 000383324 _____ C:\Users\Skilly\Downloads\05102017170320-0001.pdf
2017-11-01 15:40 - 2017-11-01 15:40 - 000280324 _____ C:\Users\Skilly\Downloads\Aus Ingredient Summary.pdf
2017-10-26 22:42 - 2017-10-27 23:54 - 000000000 ____D C:\Users\Skilly\Desktop\Today 1
2017-10-26 16:49 - 2017-10-26 16:49 - 018820298 _____ C:\Users\Skilly\Desktop\2017 overB.rar

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-24 12:29 - 2017-07-18 20:04 - 000000000 ____D C:\Users\Skilly\Desktop\2017 overB
2017-11-23 00:29 - 2017-07-19 00:06 - 000003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-525647286-2010405465-138830124-1001
2017-11-23 00:21 - 2014-11-22 11:00 - 000820208 _____ C:\Windows\system32\PerfStringBackup.INI
2017-11-23 00:21 - 2013-08-22 23:36 - 000000000 ____D C:\Windows\Inf
2017-11-23 00:18 - 2017-07-18 15:55 - 000000000 ____D C:\Users\Skilly\AppData\LocalLow\Mozilla
2017-11-23 00:17 - 2017-07-18 15:47 - 000000000 __SHD C:\Users\Skilly\IntelGraphicsProfiles
2017-11-23 00:17 - 2013-08-23 00:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-11-22 09:44 - 2013-08-22 23:25 - 000262144 ___SH C:\Windows\system32\config\BBI
2017-11-22 09:43 - 2017-07-18 15:21 - 000000000 ____D C:\Program Files\AMD
2017-11-22 09:40 - 2017-07-18 15:22 - 000000000 ____D C:\AMD
2017-11-22 08:06 - 2017-08-07 01:20 - 000000000 ____D C:\Users\Skilly\Desktop\PPSR
2017-11-21 06:32 - 2017-07-18 15:27 - 000545440 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-11-19 05:18 - 2013-08-23 01:36 - 000000000 ____D C:\Windows\rescache
2017-11-19 02:35 - 2017-07-18 15:55 - 000000000 ____D C:\Users\Skilly\AppData\Roaming\Mozilla
2017-11-19 01:29 - 2013-08-23 00:44 - 000337808 _____ C:\Windows\system32\FNTCACHE.DAT
2017-11-16 01:15 - 2013-08-23 01:20 - 000000000 ____D C:\Windows\CbsTemp
2017-11-14 05:21 - 2017-09-05 03:39 - 000000000 ____D C:\Users\Skilly\Desktop\Nose
2017-11-05 03:50 - 2017-10-13 21:24 - 000062443 _____ C:\Users\Skilly\Desktop\SICK.txt
2017-11-04 10:41 - 2014-11-22 15:20 - 000835568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-11-04 10:41 - 2014-11-22 15:20 - 000177648 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-11-16 02:49

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-11-2017
Ran by Skilly (25-11-2017 01:39:08)
Running from C:\Users\Skilly\Downloads
Windows 8.1 Pro (Update) (X64) (2017-07-18 14:01:50)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-525647286-2010405465-138830124-500 - Administrator - Disabled)
Guest (S-1-5-21-525647286-2010405465-138830124-501 - Limited - Disabled)
Skilly (S-1-5-21-525647286-2010405465-138830124-1001 - Administrator - Enabled) => C:\Users\Skilly

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{F6FCA281-09CC-4753-990C-937B93A52C94}) (Version: 1.6 - Eyeo GmbH)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Canon MP270 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP270_series) (Version:  - )
Catalyst Control Center Next Localization BR (HKLM\...\{D6823E97-B396-927D-D651-AFB82BE03523}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{4B01C6D5-4693-6CA8-ECF7-A0F9E7FEC6DB}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{50DBC6DD-C2A2-2C38-FE37-A48208474155}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{BF26ACAF-6D09-023B-5FB7-8A848874A724}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{9DB37D05-F855-5D7D-08C2-25E00E2CCDBC}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{87250370-0A99-4ED9-DCE4-970DAC325FA5}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{1F815C78-D31E-53FD-C8BF-3215E4F022A3}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{79F58747-D616-4CDB-7D8B-4BC580D99153}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{02E80355-64BF-6C1E-B0B7-76857D62A86D}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{77158555-E271-A561-ECDA-611639388B5C}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{97673BD1-8CA0-53EF-C4E7-282CD8748F1C}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{F1AD64B3-4114-8EF7-407C-F9F9122EDA68}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{ED28D75F-557C-39C9-5004-F8F17C8BC279}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{41268A73-D680-48C5-DE5E-CF67C05CBBBB}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{9655DE76-0987-9159-5A7E-FCE18409D004}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{CD73EC8B-9F04-5EA1-8FD4-AEE4DAC51267}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{397C2EE5-B514-0CC5-53C3-2FBE46CE6EDF}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{45FA39D2-8AEB-AFF8-2FA6-96891732CB80}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{B3EA6CCB-F44C-DC35-94F5-1B9CC18FE598}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{AEE4C0AE-CDAF-5D37-2DA3-A2B3FDFE6E81}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{BE064737-1F2C-ECDD-916C-798E3D18C263}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4264 - Intel Corporation)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24123 (HKLM-x32\...\{206898cc-4b41-4d98-ac28-9f9ae57f91fe}) (Version: 14.0.24123.0 - Microsoft Corporation)
Mozilla Firefox 57.0 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0 (x64 en-US)) (Version: 57.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0 - Mozilla)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-525647286-2010405465-138830124-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-04-24] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2015-08-09] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {13FDD399-2A43-4C65-AA9A-1ED7DD568A5C} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-04-24] (Advanced Micro Devices, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-11-22 08:10 - 2017-11-01 08:55 - 002299344 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-11-22 08:10 - 2017-11-01 08:54 - 002358736 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-09-14 03:00 - 2016-09-14 03:00 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-09-14 03:00 - 2016-09-14 03:00 - 000739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-14 03:00 - 2016-09-14 03:00 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2016-09-14 03:00 - 2016-09-14 03:00 - 000071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-09-14 02:59 - 2016-09-14 02:59 - 000011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-09-14 02:59 - 2016-09-14 02:59 - 002013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-09-14 03:00 - 2016-09-14 03:00 - 000191488 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 23:25 - 2013-08-22 23:25 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-525647286-2010405465-138830124-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{FD600D46-4946-4C5A-A181-112D02F7FB33}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

04-11-2017 03:56:00 Scheduled Checkpoint
11-11-2017 05:45:48 Scheduled Checkpoint
16-11-2017 01:15:09 Windows Update
19-11-2017 05:47:20 Installed Adblock Plus for IE (32-bit and 64-bit)
22-11-2017 09:40:56 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727

==================== Faulty Device Manager Devices =============

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/25/2017 12:29:39 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\amd\cim\bin64\SetACL64.exe".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/24/2017 01:01:11 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\amd\cim\bin64\SetACL64.exe".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/23/2017 12:26:48 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\amd\cim\bin64\SetACL64.exe".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/22/2017 09:43:23 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\amd\cim\bin64\SetACL64.exe".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/22/2017 09:41:52 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\amd\cim\bin64\SetACL64.exe".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/22/2017 09:41:51 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\amd\cim\bin64\SetACL64.exe".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/22/2017 09:41:31 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\AMD\CIM\Bin64\SetACL64.exe".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/22/2017 09:40:56 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (11/21/2017 05:50:31 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume System Reserved was not optimised because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (11/20/2017 05:42:13 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume System Reserved was not optimised because an error was encountered: The parameter is incorrect. (0x80070057)


System errors:
=============
Error: (11/24/2017 02:44:48 AM) (Source: DCOM) (EventID: 10010) (User: Skilled)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

Error: (11/24/2017 02:44:18 AM) (Source: DCOM) (EventID: 10010) (User: Skilled)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.

Error: (11/23/2017 02:25:38 AM) (Source: DCOM) (EventID: 10010) (User: Skilled)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

Error: (11/23/2017 02:25:08 AM) (Source: DCOM) (EventID: 10010) (User: Skilled)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.

Error: (11/23/2017 12:17:24 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/22/2017 09:27:07 AM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.

Error: (11/22/2017 04:09:38 AM) (Source: DCOM) (EventID: 10010) (User: Skilled)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.

Error: (11/22/2017 04:09:08 AM) (Source: DCOM) (EventID: 10010) (User: Skilled)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

Error: (11/21/2017 06:20:55 AM) (Source: DCOM) (EventID: 10010) (User: Skilled)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

Error: (11/21/2017 06:20:25 AM) (Source: DCOM) (EventID: 10010) (User: Skilled)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.


==================== Memory info ===========================

Processor: Intel® Core™ i7-4770K CPU @ 3.50GHz
Percentage of memory in use: 45%
Total physical RAM: 8076.78 MB
Available physical RAM: 4438.51 MB
Total Virtual: 9356.78 MB
Available Virtual: 4630.77 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.45 GB) (Free:84.45 GB) NTFS
Drive e: () (Removable) (Total:3.76 GB) (Free:2.68 GB) FAT32
Drive f: (ESD-ISO) (Fixed) (Total:58.43 GB) (Free:55.07 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: BD3E9CDE)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 58.4 GB) (Disk ID: 00240DBC)
Partition 1: (Active) - (Size=58.4 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 3.8 GB) (Disk ID: 91F72D24)
Partition 1: (Active) - (Size=3.8 GB) - (Type=0B)

==================== End of Addition.txt ============================



#4 Skillful

Skillful
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 25 November 2017 - 01:10 PM

I can't remember if I posted this in the "am I infected" forum and it moved here, or if I posted it here by mistake, if its in wrong forum could mods please move :)

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:55 AM

Posted 27 November 2017 - 09:52 AM

Greetings and thank you for your patience.

I am happy to report your computer is malware free.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Skillful

Skillful
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 30 November 2017 - 12:33 AM

Hey, Thankyou for having a look :) I believe I did a reboot at one stage recently after making this thread, and MBAM said you are not fully protected. I opened MBAM up and "realtime protection" had been turned off. I did not do this. Unsure if other default settings had been changed. So I said "reset default settings" and real time protection was back on again. Can FRST alter MBAM settings or is something else maybe doing that? Cheers

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:55 AM

Posted 30 November 2017 - 10:29 AM

FRST will not do that. Let's monitor your computer for a day and see if there are any irregularities with MBAM. Touch base tomorrow, or sooner if there is an issue.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users