Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to open or install all AV programs


  • This topic is locked This topic is locked
20 replies to this topic

#1 Magroth

Magroth

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 27 April 2015 - 09:16 PM

Hey i have found that my computer will send me to some random webpages at times so i tried to get rid of what was doing it by using anti-virus software but whenever i try and install the software nothing happens.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2015 01
Ran by Jesse (administrator) on MAGROTH on 28-04-2015 04:39:34
Running from X:\Downloads\frst
Loaded Profiles: Jesse (Available profiles: Jesse & Guest)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Beepa P/L) C:\Fraps\fraps.exe
(FinalWire Ltd.) C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe
(Beepa P/L) C:\Fraps\fraps64.dat
() C:\Program Files (x86)\puush\puush.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2229728079-1512514131-1465750254-1000\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [568904 2015-03-30] ()
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/?LinkId=69157
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.news.net/index.php?referid=118
HKU\S-1-5-21-2229728079-1512514131-1465750254-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-au/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL =
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Winsock: Catalog9 01 C:\Windows\SysWOW64\BfLLR.dll [196096 2013-05-07] (Bigfoot Networks, Inc.)
Winsock: Catalog9 02 C:\Windows\SysWOW64\BfLLR.dll [196096 2013-05-07] (Bigfoot Networks, Inc.)
Winsock: Catalog9 03 C:\Windows\SysWOW64\BfLLR.dll [196096 2013-05-07] (Bigfoot Networks, Inc.)
Winsock: Catalog9 04 C:\Windows\SysWOW64\BfLLR.dll [196096 2013-05-07] (Bigfoot Networks, Inc.)
Winsock: Catalog9 15 C:\Windows\SysWOW64\BfLLR.dll [196096 2013-05-07] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 01 C:\Windows\system32\BfLLR.dll [216064 2013-05-07] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 02 C:\Windows\system32\BfLLR.dll [216064 2013-05-07] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 03 C:\Windows\system32\BfLLR.dll [216064 2013-05-07] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 04 C:\Windows\system32\BfLLR.dll [216064 2013-05-07] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 15 C:\Windows\system32\BfLLR.dll [216064 2013-05-07] (Bigfoot Networks, Inc.)
Tcpip\..\Interfaces\{7BEB7AED-04E9-4372-ACB2-F109CB3AB7BE}: [NameServer] 203.12.160.35,203.12.160.37

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll [2013-10-09] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-24] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll [2013-10-09] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-17] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-17] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-04-09] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-04-09] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Jesse\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-05-27] (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-09-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "https://www.google.com.au/?gws_rd=cr&ei=4SdUUo-iEcqikgXIv4HgDw"
CHR Profile: C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-07]
CHR Extension: (YouTube) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-07]
CHR Extension: (Google Search) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-07]
CHR Extension: (AdBlock) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-10-07]
CHR Extension: (Bookmark Manager) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-19]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-28]
CHR Extension: (Google Wallet) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-07]
CHR Extension: (Gmail) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-07]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [448384 2015-01-18] ()
S4 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-04-09] (NVIDIA Corporation)
S4 hasplms; C:\Windows\system32\hasplms.exe [3750400 2009-12-16] (SafeNet Inc.)
S4 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S4 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
S4 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-17] (Intel Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-05-17] (Intel Corporation)
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-04-09] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-04-09] (NVIDIA Corporation)
S4 Qualcomm Atheros Killer Service; C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [503296 2013-05-07] () [File not signed]
S4 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [329920 2014-04-30] ()
S4 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-11] (Razer, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S3 WMZuneComm; X:\Music\WMZuneComm.exe [X]
S3 ZuneNetworkSvc; X:\Music\ZuneNss.exe [X]
S3 ZuneWlanCfgSvc; X:\Music\ZuneWlanCfgSvc.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AIDA64Driver; C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\kerneld.x64 [30624 2012-08-21] ()
R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [66928 2013-05-07] (Qualcomm Atheros, Inc.)
R3 GUKBFLTR; C:\Windows\System32\drivers\GUKBFLTR.sys [29440 2010-02-05] ()
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
R3 Ke2200; C:\Windows\System32\DRIVERS\e22w7x64.sys [165824 2013-05-07] (Qualcomm Atheros, Inc.)
S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [115272 2012-03-25] (MotioninJoy) [File not signed]
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-04-09] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-04-09] (NVIDIA Corporation)
S3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [33448 2013-11-15] (Razer Inc)
R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-11] (Razer, Inc.)
R1 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2014-04-11] (Razer, Inc.)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-04-30] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129856 2014-04-26] (Razer, Inc.)
S3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [30888 2013-11-15] (Razer Inc)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-06] (Scarlet.Crush Productions)
S3 BS3391319504; \??\C:\Users\Jesse\AppData\Local\Temp\NTFS.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-28 04:20 - 2015-04-28 04:39 - 00000000 ____D () C:\FRST
2015-04-28 04:06 - 2015-04-28 04:06 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Jesse\Downloads\iexplorer.exe
2015-04-28 02:37 - 2015-04-28 02:37 - 00000000 ____D () C:\Users\Jesse\AppData\Roaming\TrojanHunter
2015-04-28 01:13 - 2015-04-28 02:39 - 00000000 ____D () C:\Program Files (x86)\TrojanHunter 5.6
2015-04-28 01:13 - 2015-04-28 01:13 - 00059392 ____R () C:\Windows\SysWOW64\streamhlp.dll
2015-04-28 01:05 - 2015-04-28 02:49 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2015-04-28 01:04 - 2015-04-28 01:10 - 00000000 ____D () C:\ProgramData\Panda Security
2015-04-17 16:26 - 2015-04-17 16:26 - 00000085 _____ () C:\Windows\wininit.ini
2015-04-17 16:26 - 2015-04-17 16:26 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-04-17 16:23 - 2015-04-17 16:27 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-04-17 16:16 - 2015-04-17 16:16 - 00002948 _____ () C:\Windows\System32\Tasks\{A03396D1-E1B9-4E19-B134-AF79B40A8BD2}
2015-04-17 16:16 - 2015-04-17 16:16 - 00002948 _____ () C:\Windows\System32\Tasks\{84771067-8EA7-4DA8-B8EF-A7C57059E3A9}
2015-04-17 16:16 - 2015-04-17 16:16 - 00002948 _____ () C:\Windows\System32\Tasks\{4124D5FD-B944-4A37-9985-333A2289CB68}
2015-04-17 16:16 - 2015-04-17 16:16 - 00002948 _____ () C:\Windows\System32\Tasks\{167472E4-14CA-4FF0-8F9F-41AC411A1EF1}
2015-04-17 14:41 - 2015-04-28 02:52 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-17 14:41 - 2015-04-17 16:58 - 00000000 ____D () C:\Users\Jesse\AppData\Local\NVIDIA Corporation
2015-04-17 14:41 - 2015-04-17 16:58 - 00000000 ____D () C:\Users\Jesse\AppData\Local\NVIDIA
2015-04-17 14:41 - 2015-04-17 14:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-04-17 14:41 - 2015-04-09 10:58 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-04-17 14:41 - 2015-04-09 10:58 - 01570672 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-04-17 14:41 - 2015-04-09 10:58 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-04-17 14:41 - 2015-04-09 10:58 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-04-17 14:41 - 2015-04-09 07:30 - 06841488 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-04-17 14:41 - 2015-04-09 07:30 - 03478344 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-04-17 14:41 - 2015-04-09 07:30 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-04-17 14:41 - 2015-04-09 07:30 - 00936264 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-04-17 14:41 - 2015-04-09 07:30 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-04-17 14:41 - 2015-04-09 07:30 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-04-17 14:41 - 2015-04-09 06:32 - 00560968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-04-17 14:41 - 2015-04-09 03:52 - 04336074 _____ () C:\Windows\system32\nvcoproc.bin
2015-04-17 14:40 - 2015-04-17 14:42 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-04-17 14:40 - 2015-04-09 10:58 - 31570064 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-04-17 14:40 - 2015-04-09 10:58 - 30397072 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-04-17 14:40 - 2015-04-09 10:58 - 25375048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-04-17 14:40 - 2015-04-09 10:58 - 24053576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-04-17 14:40 - 2015-04-09 10:58 - 17176128 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-04-17 14:40 - 2015-04-09 10:58 - 15818528 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-04-17 14:40 - 2015-04-09 10:58 - 15716232 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-04-17 14:40 - 2015-04-09 10:58 - 14617288 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-04-17 14:40 - 2015-04-09 10:58 - 14006752 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-04-17 14:40 - 2015-04-09 10:58 - 12852784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-04-17 14:40 - 2015-04-09 10:58 - 12689592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-04-17 14:40 - 2015-04-09 10:58 - 11380728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-04-17 14:40 - 2015-04-09 10:58 - 10423952 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-04-17 14:40 - 2015-04-09 10:58 - 03317344 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-04-17 14:40 - 2015-04-09 10:58 - 02935416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-04-17 14:40 - 2015-04-09 10:58 - 02896528 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-04-17 14:40 - 2015-04-09 10:58 - 02573456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-04-17 14:40 - 2015-04-09 10:58 - 01895568 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435012.dll
2015-04-17 14:40 - 2015-04-09 10:58 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435012.dll
2015-04-17 14:40 - 2015-04-09 10:58 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-04-17 14:40 - 2015-04-09 10:58 - 01086424 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-04-17 14:40 - 2015-04-09 10:58 - 01047368 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-04-17 14:40 - 2015-04-09 10:58 - 01037640 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-04-17 14:40 - 2015-04-09 10:58 - 00970568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-04-17 14:40 - 2015-04-09 10:58 - 00962192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-04-17 14:40 - 2015-04-09 10:58 - 00927440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-04-17 14:40 - 2015-04-09 10:58 - 00499344 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-04-17 14:40 - 2015-04-09 10:58 - 00402576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-04-17 14:40 - 2015-04-09 10:58 - 00390472 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-04-17 14:40 - 2015-04-09 10:58 - 00346256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-04-17 14:40 - 2015-04-09 10:58 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-04-17 14:40 - 2015-04-09 10:58 - 00175880 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-04-17 14:40 - 2015-04-09 10:58 - 00154256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-04-17 14:40 - 2015-04-09 10:58 - 00150648 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-04-17 14:40 - 2015-04-09 10:58 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-04-17 14:40 - 2015-04-09 10:58 - 00078480 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-04-17 14:40 - 2015-04-09 10:58 - 00066704 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-04-17 14:40 - 2015-04-09 10:58 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-04-17 14:40 - 2015-04-09 10:58 - 00035472 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2015-04-17 14:40 - 2015-04-09 10:58 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-04-17 14:40 - 2015-04-09 10:58 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-04-17 14:40 - 2015-04-09 10:58 - 00029329 _____ () C:\Windows\system32\nvinfo.pb
2015-04-17 13:42 - 2015-04-28 00:25 - 00000080 _____ () C:\Users\Jesse\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
2015-04-17 13:42 - 2015-04-17 13:42 - 00000000 ____D () C:\Users\Jesse\AppData\Local\Rockstar Games
2015-04-17 13:41 - 2015-04-21 20:45 - 00000000 ____D () C:\Program Files\Rockstar Games
2015-04-16 20:43 - 2015-04-16 20:43 - 00002948 _____ () C:\Windows\System32\Tasks\{D7ADC2EE-7DCB-4572-9418-C27939313391}
2015-04-16 20:43 - 2015-04-16 20:43 - 00002948 _____ () C:\Windows\System32\Tasks\{59C06F85-698C-49A1-A076-B7758C220789}
2015-04-16 20:43 - 2015-04-16 20:43 - 00002948 _____ () C:\Windows\System32\Tasks\{2884EB0E-4FF2-4B0C-A03B-C40259EC267E}
2015-04-16 20:43 - 2015-04-16 20:43 - 00002948 _____ () C:\Windows\System32\Tasks\{056CBA13-918D-49EC-9113-C0D92C8BA13B}
2015-04-16 20:42 - 2015-04-16 20:42 - 00002948 _____ () C:\Windows\System32\Tasks\{1A9C7107-47E4-430E-A17E-FE64CEB709DD}
2015-04-16 20:42 - 2015-04-16 20:42 - 00002948 _____ () C:\Windows\System32\Tasks\{0A09ACC9-CBE8-43A9-A635-8C14F019E407}
2015-04-10 22:08 - 2015-04-10 22:08 - 00000000 ____D () C:\Users\Jesse\Documents\NBGI
2015-04-10 22:08 - 2015-04-10 22:08 - 00000000 ____D () C:\Users\Jesse\AppData\Local\NBGI
2015-04-10 22:04 - 2015-04-10 22:04 - 00001476 _____ () C:\Users\Jesse\Desktop\Dark Souls - Prepare to Die Edition.lnk
2015-04-10 22:04 - 2015-04-10 22:04 - 00000000 ____D () C:\Users\Jesse\AppData\Roaming\Dark Souls - Prepare to Die Edition
2015-04-10 22:04 - 2015-04-10 22:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2015-04-09 13:36 - 2015-04-09 13:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-09 12:48 - 2015-04-17 16:23 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-04-09 12:48 - 2015-04-09 12:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2015-04-09 12:48 - 2015-04-09 12:48 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2015-04-09 03:17 - 2015-04-09 03:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2
2015-04-09 03:13 - 2015-04-09 03:15 - 00000000 ____D () C:\Users\Jesse\AppData\Roaming\Guild Wars 2
2015-04-06 02:27 - 2015-04-06 02:27 - 00000000 ____D () C:\Users\Jesse\New folder
2015-04-06 02:25 - 2015-04-06 02:25 - 00000000 ___HD () C:\Users\Jesse\InstallAnywhere
2015-04-02 17:25 - 2015-04-03 18:02 - 00000000 ____D () C:\Users\Jesse\AppData\Local\NFS Underground 2
2015-04-02 17:25 - 2015-04-02 17:25 - 00000833 _____ () C:\Users\Jesse\AppData\Roaming\Microsoft\Windows\Start Menu\Need for Speed Underground 2.lnk
2015-04-02 17:08 - 2015-04-02 17:08 - 00000000 ____D () C:\Users\Jesse\AppData\Local\Microsoft Games
2015-04-02 16:53 - 2015-04-02 16:53 - 00000961 _____ () C:\Users\Public\Desktop\Minecraft.lnk
2015-04-02 16:53 - 2015-04-02 16:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2015-04-02 16:53 - 2015-04-02 16:53 - 00000000 ____D () C:\Program Files (x86)\Minecraft
2015-04-02 00:35 - 2015-04-02 00:36 - 00015872 _____ () C:\Users\Jesse\Documents\Thumbs.db
2015-03-30 20:24 - 2015-04-02 16:01 - 00000000 ____D () C:\Users\Jesse\AppData\Roaming\tor

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-28 04:30 - 2009-07-14 14:45 - 00020832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-28 04:30 - 2009-07-14 14:45 - 00020832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-28 04:04 - 2014-04-08 02:33 - 00000000 ____D () C:\Users\Jesse\AppData\Local\CrashDumps
2015-04-28 03:50 - 2013-10-07 22:56 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-28 03:37 - 2013-10-07 18:24 - 01789927 _____ () C:\Windows\WindowsUpdate.log
2015-04-28 03:30 - 2013-10-08 20:21 - 00003136 _____ () C:\Windows\System32\Tasks\FRAPS
2015-04-28 03:30 - 2013-10-08 20:21 - 00000000 ____D () C:\Fraps
2015-04-28 03:30 - 2013-10-08 20:18 - 00003222 _____ () C:\Windows\System32\Tasks\AIDA64 AutoStart
2015-04-28 03:30 - 2013-10-07 22:56 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-28 03:29 - 2009-07-14 15:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-28 03:29 - 2009-07-14 14:51 - 00150341 _____ () C:\Windows\setupact.log
2015-04-28 02:53 - 2013-10-07 22:56 - 00067888 _____ () C:\Users\Jesse\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-28 02:50 - 2015-02-17 17:51 - 00000020 _____ () C:\Users\Jesse\AppData\Roaming\appdataFr3.bin
2015-04-28 02:49 - 2010-11-21 13:47 - 00252942 _____ () C:\Windows\PFRO.log
2015-04-28 02:49 - 2009-07-14 14:45 - 00326296 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-28 02:48 - 2014-02-15 15:10 - 00000000 ____D () C:\Windows\pss
2015-04-28 01:06 - 2013-10-07 19:17 - 00000000 ____D () C:\ProgramData\Bigfoot Networks
2015-04-28 00:32 - 2013-10-13 16:13 - 00000000 ____D () C:\Users\Jesse\AppData\Roaming\Skype
2015-04-27 13:30 - 2015-03-27 10:16 - 00022324 _____ () C:\Windows\system32\CFG3391319504
2015-04-24 12:05 - 2013-10-08 23:51 - 00000000 ____D () C:\Users\Jesse\AppData\Roaming\vlc
2015-04-21 20:45 - 2014-04-25 22:03 - 00000000 ____D () C:\Program Files (x86)\Rockstar Games
2015-04-18 22:33 - 2013-10-13 10:04 - 00000000 ____D () C:\Users\Jesse\AppData\Roaming\Azureus
2015-04-18 17:52 - 2013-10-07 22:57 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-18 16:54 - 2014-03-05 08:39 - 00000000 ____D () C:\Users\Jesse\Desktop\Games
2015-04-18 13:35 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-17 21:28 - 2009-07-14 15:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-17 16:20 - 2014-10-03 10:37 - 00000000 ____D () C:\Users\Jesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-04-17 15:50 - 2015-01-09 12:50 - 00000000 ____D () C:\Games
2015-04-17 15:11 - 2015-02-26 13:00 - 00000000 ____D () C:\Users\Jesse\AppData\Local\PokerStars
2015-04-17 14:41 - 2013-10-07 19:20 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-04-17 14:41 - 2013-10-07 19:20 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-04-17 14:41 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\Help
2015-04-17 13:42 - 2014-04-25 22:04 - 00000000 ____D () C:\Users\Jesse\Documents\Rockstar Games
2015-04-17 13:42 - 2014-02-19 00:21 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-13 16:35 - 2014-12-22 10:35 - 00000000 ____D () C:\Users\Jesse\AppData\Roaming\.technic
2015-04-10 22:04 - 2013-10-08 15:05 - 00339658 _____ () C:\Windows\DirectX.log
2015-04-10 21:49 - 2014-09-27 16:50 - 00000000 ____D () C:\Program Files (x86)\R.G. Mechanics
2015-04-09 13:42 - 2014-12-15 19:26 - 00000000 ____D () C:\Users\Jesse\AppData\Roaming\Spotify
2015-04-09 13:42 - 2014-12-15 19:26 - 00000000 ____D () C:\Users\Jesse\AppData\Local\Spotify
2015-04-09 12:21 - 2014-12-15 19:26 - 00001804 _____ () C:\Users\Jesse\Desktop\Spotify.lnk
2015-04-09 12:21 - 2014-12-15 19:26 - 00001790 _____ () C:\Users\Jesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-04-07 11:50 - 2009-07-14 15:08 - 00032548 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-06 02:42 - 2013-10-07 18:25 - 00000000 ____D () C:\Users\Jesse
2015-04-06 02:42 - 2009-07-14 15:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-04-06 02:32 - 2013-10-17 16:47 - 00000000 ____D () C:\Users\Jesse\Documents\Ubisoft
2015-04-02 17:25 - 2015-02-26 19:59 - 00000000 ____D () C:\Users\Jesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-04-02 17:01 - 2013-10-09 18:08 - 00000000 ____D () C:\Users\Jesse\AppData\Roaming\.minecraft
2015-03-30 14:25 - 2014-09-02 15:15 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
2015-03-30 13:13 - 2013-12-10 14:06 - 00000000 ____D () C:\Users\Jesse\AppData\Roaming\puush
2015-03-30 13:13 - 2013-12-10 14:06 - 00000000 ____D () C:\Program Files (x86)\puush

==================== Files in the root of some directories =======

2015-02-17 17:51 - 2015-04-28 02:50 - 0000020 _____ () C:\Users\Jesse\AppData\Roaming\appdataFr3.bin
2014-03-31 12:37 - 2014-06-03 11:49 - 0108544 _____ () C:\Users\Jesse\AppData\Roaming\RZR_0010bd134456be81350ce5a711dd.db
2013-10-07 19:17 - 2013-10-07 19:20 - 0000318 _____ () C:\Users\Jesse\AppData\Local\killertool.log
2014-02-21 23:50 - 2014-02-21 23:50 - 0000017 _____ () C:\Users\Jesse\AppData\Local\resmon.resmoncfg
2014-02-15 15:18 - 2014-02-15 15:18 - 0024944 _____ () C:\ProgramData\dxdiag.txt

Files to move or delete:
====================
C:\Users\Jesse\jagex_cl_oldschool_LIVE.dat
C:\Users\Jesse\jagex_cl_runescape_LIVE.dat
C:\Users\Jesse\random.dat


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-25 21:32

==================== End Of Log ============================

Attached Files


Edited by nasdaq, 01 May 2015 - 08:21 AM.
FRST log pasted


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:39 AM

Posted 01 May 2015 - 08:21 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove these programs in bold using the Add/Remove programs applet.
TerminusDefender (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{da3f04c5}) (Version: - Software Publisher) <==== ATTENTION
YTD Video Downloader 4.7.2 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.7.2 - GreenTree Applications SRL) <==== ATTENTION

====

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CloseProcesses:

HKLM-x32\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
S3 WMZuneComm; X:\Music\WMZuneComm.exe [X]
S3 ZuneNetworkSvc; X:\Music\ZuneNss.exe [X]
S3 ZuneWlanCfgSvc; X:\Music\ZuneWlanCfgSvc.exe [X]
S3 BS3391319504; \??\C:\Users\Jesse\AppData\Local\Temp\NTFS.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
AlternateDataStreams: C:\ProgramData\TEMP:054203E4

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===


CHR dev: Chrome dev build detected! <======= ATTENTION

Chrome was compromised remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Before you do Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

Re-install Chrome and the Bookmarks.

If you want to save all your settings refer to this page.
Follow the instructions before removing Chrome.
http://juan2geek.com/how-to-backup-and-restore-entire-google-chrome-setting/
<<<>>>

How is the computer running now?

#3 Magroth

Magroth
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 01 May 2015 - 10:32 PM

Thanks for getting back to me.

 

i have been able to do everything that you asked, besides being unable to remove TerminusDefender through Add/Remove programs. my chrome seems to be a lot better but i am still unable to run or install any AV programs.

 

Here is the fixlog.txt: 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-04-2015 01
Ran by Jesse at 2015-05-02 13:11:02 Run:1
Running from X:\Downloads\frst
Loaded Profiles: Jesse (Available profiles: Jesse & Guest)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
CloseProcesses:
 
HKLM-x32\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
S3 WMZuneComm; X:\Music\WMZuneComm.exe [X]
S3 ZuneNetworkSvc; X:\Music\ZuneNss.exe [X]
S3
ZuneWlanCfgSvc; X:\Music\ZuneWlanCfgSvc.exe [X]
S3 BS3391319504; \??\C:\Users\Jesse\AppData\Local\Temp\NTFS.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
AlternateDataStreams: C:\ProgramData\TEMP:054203E4
 
End
*****************
 
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully.
WMZuneComm => Service deleted successfully.
ZuneNetworkSvc => Service deleted successfully.
S3 => Error: No automatic fix found for this entry.
ZuneWlanCfgSvc; X:\Music\ZuneWlanCfgSvc.exe [X] => Error: No automatic fix found for this entry.
BS3391319504 => Service deleted successfully.
EagleX64 => Service deleted successfully.
MBAMSwissArmy => Service deleted successfully.
VGPU => Service deleted successfully.
C:\ProgramData\TEMP => ":054203E4" ADS removed successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog 13:11:02 ====
 
Here is the AdwCleaner log:
# AdwCleaner v4.203 - Logfile created 02/05/2015 at 13:15:51
# Updated 30/04/2015 by Xplode
# Database : 2015-04-30.2 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Jesse - MAGROTH
# Running from : X:\Downloads\adwcleaner_4.203.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\4594113249776783940
Folder Deleted : C:\ProgramData\{f4604b1a-c496-897e-f460-04b1ac492c6b}
Folder Deleted : C:\Program Files (x86)\GreenTree Applications
Folder Deleted : C:\Program Files (x86)\lucky leap
Folder Deleted : C:\Program Files (x86)\MiniamuimPraice
Folder Deleted : C:\Program Files (x86)\RoboiSaver
File Deleted : C:\END
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\Jesse\AppData\LocalLow\SkwConfig.bin
File Deleted : C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
File Deleted : C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
File Deleted : C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Deleted : C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Deleted : HKLM\SOFTWARE\09db90c7-91d8-17eb-9524-465f4351bfe6
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{da3f04c5}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{41F978F3-431A-4464-A789-5C0692D562FB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{57B0DCF0-8B40-4449-8AA4-E297D6E779D4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\Wajam
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKU\.DEFAULT\Software\ImInstaller
Key Deleted : HKU\.DEFAULT\Software\lucky leap
Key Deleted : HKU\.DEFAULT\Software\Wajam
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\EFEE0228DC83E77358593193D847A0EC
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\EFEE0228DC83E77358593193D847A0EC
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EFEE0228DC83E77358593193D847A0EC
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17728
 
 
-\\ Google Chrome v42.0.2311.135
 
[C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : eiimolhnbbbdagljikeckdkldgemmmlj
[C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : jpmbfleldcgkldadpdinhjjopdfpjfjp
 
-\\ Chromium v
 
 
*************************
 
AdwCleaner[R0].txt - [3852 bytes] - [02/05/2015 13:13:47]
AdwCleaner[S0].txt - [3713 bytes] - [02/05/2015 13:15:51]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3772  bytes] ##########
 

 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:39 AM

Posted 02 May 2015 - 07:10 AM

Download Farbar's Service Scanner utility
http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/
and Save to your Desktop.
If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Administrator.
If using XP, double-click to start.
Answer Yes to ok when prompted.
If your firewall then puts out a prompt, again, allow it to run.
Once FSS is on-screen, be sure the following items are checkmarked:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender


Click on "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Copy & Paste contents of FSS.txt into your reply.

#5 Magroth

Magroth
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 02 May 2015 - 12:32 PM

Farbar Service Scanner Version: 17-01-2015
Ran by Jesse (administrator) on 03-05-2015 at 03:30:43
Running from "C:\Users\Jesse\Downloads"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:39 AM

Posted 03 May 2015 - 07:02 AM

Nothing suspicious was found.

Try to install Microsoft Security Essentials from this page.
http://windows.microsoft.com/en-us/windows/security-essentials-download

If you get any error message please post it in you next reply.
===

Need to see this also.

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

#7 Magroth

Magroth
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 03 May 2015 - 09:45 AM

 Results of screen317's Security Check version 1.001  
   x64   
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 31  
 Java version 32-bit out of Date! 
  Adobe Flash Player 11.9.900.117 Flash Player out of Date!  
 Google Chrome (42.0.2311.135) 
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 


#8 Magroth

Magroth
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 03 May 2015 - 09:47 AM

still unable to open or install any AV programs, including Microsoft Security Essentials



#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:39 AM

Posted 03 May 2015 - 01:36 PM

Do you get an error message when you try to install an AV programs.

If you ever had a working AV which was it?

#10 Magroth

Magroth
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 03 May 2015 - 07:40 PM

No error message comes up, nothing comes up it just doesn't open. The only AV that may have been on this computer previously would have been malwarebytes but I don't think it has been

#11 Magroth

Magroth
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 03 May 2015 - 07:45 PM

This message has been sent by my ISP also, if that helps.

A summary of the last few detected issues have been provided below:

[2015-05-01 22:31:34] [60.241.91.7] Malware: Rovnix - local_port: 49575,
remote_ip: 217.160.165.207, remote_port: 80, domain_name:
m6fsgwj4gupqp6rgvb. com, data: /host. dat
[2015-05-01 22:31:34] [60.241.91.7] Malware: Rovnix - local_port: 49575,
remote_ip: 217.160.165.207, remote_port: 80, domain_name:
m6fsgwj4gupqp6rgvb. com
[2015-04-30 17:01:39] [60.241.91.7] Malware: Rovnix - remote_ip:
217.160.165.207, remote_port: 80, domain_name: m6fsgwj4gupqp6rgvb. com,
data: /host. dat
[2015-04-30 17:01:39] [60.241.91.7] Malware: Rovnix - local_port: 49236,
remote_ip: 217.160.165.207, remote_port: 80, domain_name:
m6fsgwj4gupqp6rgvb. com

#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:39 AM

Posted 04 May 2015 - 06:43 AM

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

#13 Magroth

Magroth
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 04 May 2015 - 07:38 PM

RougeKiller will not open



#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:39 AM

Posted 05 May 2015 - 07:32 AM

Lets find out if you have policy restrictions on this computer.


Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe
  • to run it.
  • Copy and paste the content
  • of the following bold text into the main textfield:
    :reg
    HKCU\Software\Policies /sub
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  • Note: The log can also be found on your Desktop entitled SystemLook.txt.
  • ===

    The log may be long attach it if needed.
    You may also have to break the log in 2 or 3 sections if it's to long.

    ===

    p.s.
    Was this compute ever connected to a company server?

Edited by nasdaq, 05 May 2015 - 01:02 PM.


#15 Magroth

Magroth
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 05 May 2015 - 10:33 AM

no this computer has never been connected to a company server.

 

SystemLook 30.07.11 by jpshortstuff
Log created at 01:31 on 06/05/2015 by Jesse
Administrator - Elevation successful
 
========== reg ==========
 
[HKEY_CURRENT_USER\Software\Policies]
(No values found)
 
[HKEY_CURRENT_USER\Software\Policies\Microsoft]
(No values found)
 
[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates]
(No values found)
 
[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA]
(No values found)
 
[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA\Certificates]
(No values found)
 
[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA\CRLs]
(No values found)
 
[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA\CTLs]
(No values found)
 
[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed]
(No values found)
 
[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates]
(No values found)
 
[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs]
(No values found)
 
[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs]
(No values found)
 
[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust]
(No values found)
 
[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust\Certificates]
(No values found)
 
[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust\CRLs]
(No values found)
 
[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust\CTLs]
(No values found)
 
[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople]
(No values found)
 
[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates]
(No values found)
 
[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs]
(No values found)
 
[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs]
(No values found)
 
[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher]
(No values found)
 
[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Certificates]
(No values found)
 
[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\CRLs]
(No values found)
 
[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\CTLs]
(No values found)
 
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows]
(No values found)
 
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion]
(No values found)
 
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings]
(No values found)
 
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0]
(No values found)
 
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache]
(No values found)
 
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Cache]
(No values found)
 
[HKEY_CURRENT_USER\Software\Policies\Power]
(No values found)
 
[HKEY_CURRENT_USER\Software\Policies\Power\PowerSettings]
(No values found)
 
 
-= EOF =-





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users