Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think I am infected or have a Windows 7 problem.


  • This topic is locked This topic is locked
28 replies to this topic

#1 Lucius31

Lucius31

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 12 June 2015 - 04:57 AM

Hi everyone (again).

 

First and foremost I want to thank all the help I have had here over the past year or two. I have sincere appreciation for the free help you guys give.

 

Well last time out, I thought I had a virus and it turned out I hadn't after getting a slow running pc, slow boot up and lots of crashes in which I never had over the years with the same pc and same windows install.

 

A few nights ago, my pc took a very long time to boot up. It usually boots up in 25-30 seconds, thanks to Raid 0 of two SD drives.

 

Anyhow, there were no updates installing or configuring - it just booted the same as ever, but it was very slow when it got tot he Windows logos. It took probably 2-3 minutes to finally get to my desktop and a popup came up saying some windows file was corrupt. Sadly I pressed a button by accident and I didn't get the message.

 

I ran check disc and all was fine, no windows errors. So I proceeded to run my avast and also got no viruses. However I tried running some of my other virus scanners and they wont run, coming up with windows error popups saying the file cannot be run for whaetver reason. I tried using tdskiller and malwarebytes and these windows errors would pop up.

 

My games, music and movies all run fine! The only errors I get are from my soccer game which happens when I exit it every time and that is a known issue from a mod I use, so nothing related to my pc.

 

Any help would be great. I kinda feel it's suspicious that files I download from this site to virus check all get similar erors.

 

Thanks!

 

 

 



BC AdBot (Login to Remove)

 


#2 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:10:16 PM

Posted 15 June 2015 - 09:07 AM

Hello,

Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.

If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.


Edited by jntkwx, 15 June 2015 - 09:08 AM.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#3 Lucius31

Lucius31
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 15 June 2015 - 02:21 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by Antonio (administrator) on ANTONIO-PC on 16-06-2015 05:13:51
Running from C:\Users\Antonio\Downloads
Loaded Profiles: Antonio (Available Profiles: Antonio)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(SteelSeries) C:\Program Files (x86)\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMHID.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(SteelSeries) C:\Program Files (x86)\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMTray.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Users\Antonio\AppData\Roaming\Mozilla\Firefox\Profiles\g3pj7jpa.default\extensions\adbhelper@mozilla.org\win32\adb.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [590656 2015-05-15] (Razer Inc.)
HKLM-x32\...\Run: [SteelSeries World of Warcraft MMO Gaming Mouse] => C:\Program Files (x86)\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMHID.exe [1651200 2011-08-18] (SteelSeries)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-13] (Avast Software s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-2993283589-2562158505-2121891784-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [] => [X]
AppInit_DLLs: => File not found
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-05] (Avast Software s.r.o.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2993283589-2562158505-2121891784-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-29] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-09] (Avast Software s.r.o.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-29] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-29] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-09] (Avast Software s.r.o.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-29] (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
Tcpip\Parameters: [DhcpNameServer] 61.9.195.193 61.9.194.49

FireFox:
========
FF ProfilePath: C:\Users\Antonio\AppData\Roaming\Mozilla\Firefox\Profiles\g3pj7jpa.default
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_160.dll [2015-06-14] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-29] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_160.dll [2015-06-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-29] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-07-03] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-07-03] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-02] (Adobe Systems Inc.)
FF Extension: ADB Helper - C:\Users\Antonio\AppData\Roaming\Mozilla\Firefox\Profiles\g3pj7jpa.default\Extensions\adbhelper@mozilla.org [2015-05-27]
FF Extension: Valence - C:\Users\Antonio\AppData\Roaming\Mozilla\Firefox\Profiles\g3pj7jpa.default\Extensions\fxdevtools-adapters@mozilla.org [2015-06-06]
FF Extension: Adblock Plus - C:\Users\Antonio\AppData\Roaming\Mozilla\Firefox\Profiles\g3pj7jpa.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-08-18]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-07-25]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-09]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-05] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-05-05] (Avast Software)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-05] ()
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-05] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-05] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-05] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-05] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-05] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-05-05] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-05] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-05] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-09-01] (Intel Corporation)
R3 Mo3Fltr; C:\Windows\System32\drivers\Mo3Fltr.sys [12800 2010-08-11] ()
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-12-30] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-02-05] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-10-24] (Razer, Inc.)
S3 SSMO3v2Filter; C:\Windows\System32\drivers\MO3v2Driver.sys [23040 2010-12-17] (Sagatek Co. Ltd.) [File not signed]
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-05-05] (Avast Software)
S3 WinRing0_1_2_0; C:\Users\Antonio\Desktop\Utilities\RealTemp_370\WinRing0x64.sys [14544 2008-07-27] (OpenLibSys.org)
S3 Mv_Process; \??\c:\windows\syswow64\mv_process.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-16 05:13 - 2015-06-16 05:13 - 00011071 _____ C:\Users\Antonio\Downloads\FRST.txt
2015-06-16 05:11 - 2015-06-16 05:13 - 00000000 ____D C:\FRST
2015-06-16 05:11 - 2015-06-16 05:11 - 02109952 _____ (Farbar) C:\Users\Antonio\Downloads\FRST64.exe
2015-06-10 11:16 - 2015-06-10 11:16 - 00000000 ____D C:\Windows\CheckSur
2015-06-02 05:49 - 2015-06-02 05:49 - 00000000 ____D C:\Users\Antonio\AppData\Local\GWX
2015-05-27 23:43 - 2015-05-27 23:43 - 00000000 ____D C:\Users\Antonio\.android
2015-05-17 10:11 - 2015-05-17 10:11 - 00000000 ____D C:\Windows\SysWOW64\C2MP
2015-05-17 10:11 - 2015-05-17 10:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Freeware
2015-05-17 10:11 - 2015-05-17 10:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cole2k Media - Codec Pack
2015-05-17 10:11 - 2015-05-17 10:11 - 00000000 ____D C:\Program Files (x86)\Media Freeware

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-16 04:21 - 2014-11-17 23:51 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-16 02:07 - 2009-07-14 14:45 - 00031904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-16 02:07 - 2009-07-14 14:45 - 00031904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-15 19:25 - 2013-07-25 14:21 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-15 17:20 - 2014-04-11 12:41 - 01185132 _____ C:\Windows\WindowsUpdate.log
2015-06-15 17:20 - 2009-07-14 15:13 - 00788656 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-15 17:18 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\registration
2015-06-15 17:16 - 2014-09-23 23:31 - 00023396 _____ C:\Windows\setupact.log
2015-06-15 17:16 - 2014-04-11 12:44 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-15 17:16 - 2009-07-14 15:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-14 17:26 - 2014-11-17 23:51 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-14 17:26 - 2013-08-14 11:36 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-14 17:26 - 2013-07-30 02:41 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-14 17:25 - 2013-07-25 14:20 - 00000000 ____D C:\Users\Antonio\AppData\Local\Adobe
2015-06-13 20:08 - 2015-04-12 17:50 - 00000000 ____D C:\Users\Antonio\AppData\Roaming\uTorrent
2015-06-11 16:41 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\rescache
2015-06-11 13:18 - 2014-09-23 23:31 - 00265104 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-11 13:17 - 2014-12-12 15:04 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-11 13:17 - 2014-05-07 03:00 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-11 13:17 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-11 13:00 - 2013-07-25 18:41 - 00000000 ___RD C:\Users\Antonio\Desktop\Stuff
2015-06-11 12:59 - 2009-07-14 15:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-06-10 23:14 - 2013-07-26 06:41 - 00000000 ____D C:\Windows\system32\MRT
2015-06-10 23:13 - 2013-07-25 18:36 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-04 08:31 - 2014-09-23 01:12 - 00058464 _____ C:\Users\Antonio\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-03 22:06 - 2014-09-25 02:09 - 00162136 _____ C:\Windows\PFRO.log
2015-06-03 22:06 - 2013-08-18 22:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-05-27 23:43 - 2013-07-25 13:51 - 00000000 ____D C:\Users\Antonio
2015-05-21 00:09 - 2015-04-04 23:07 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-05-21 00:09 - 2015-04-04 23:07 - 00000000 ___SD C:\Windows\system32\GWX
2015-05-17 10:11 - 2013-07-25 18:16 - 00000000 ___RD C:\Users\Antonio\Desktop\Utilities

==================== Files in the root of some directories =======

2013-07-28 13:46 - 2013-07-28 13:47 - 0010217 _____ () C:\Users\Antonio\AppData\Local\CleanupUninstall.txt
2013-07-25 18:33 - 2013-07-26 06:46 - 0000079 _____ () C:\Users\Antonio\AppData\Local\CrystalDiskMark30.ini
2013-07-26 13:43 - 2014-04-13 13:12 - 0007606 _____ () C:\Users\Antonio\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-13 02:17

==================== End of log ============================

Attached Files



#4 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:10:16 PM

Posted 15 June 2015 - 03:20 PM

Just to review some Ground Rules:

  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.   :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started   :thumbup2:

===================================================

 

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

 

Note to others: The instructions here are intended for the person who began this topic. If you need help, please create your own topic in the appropriate forum.

 

 

 

Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.

  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-18\...\Run: [] => [X]
    AppInit_DLLs: => File not found
    Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    S3 Mv_Process; \??\c:\windows\syswow64\mv_process.sys [X]
    c:\windows\syswow64\mv_process.sys
    EmptyTemp:
    
  • Click FileSave As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.


After the Reboot:

Step 2

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.

Step 3

frst.pngfrstscan.png

Start FRST with administrator privileges.

  • Make sure the following Addition.txt is unchecked
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#5 Lucius31

Lucius31
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 17 June 2015 - 09:56 AM

Here is the Fixlog.txt

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:13-06-2015

Ran by Antonio at 2015-06-18 00:54:07 Run:1

Running from C:\Users\Antonio\Downloads

Loaded Profiles: Antonio (Available Profiles: Antonio)

Boot Mode: Normal

==============================================

 

fixlist content:

*****************

CloseProcesses:

HKLM-x32\...\Run: [] => [X]

HKU\S-1-5-18\...\Run: [] => [X]

AppInit_DLLs: => File not found

Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

S3 Mv_Process; \??\c:\windows\syswow64\mv_process.sys [X]

c:\windows\syswow64\mv_process.sys

EmptyTemp:

*****************

 

Processes closed successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully

HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully

"AppInit_DLLs: => File not found" => value data not found.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value removed successfully

HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => key not found. 

"HKCR\PROTOCOLS\Handler\skype4com" => key removed successfully

HKCR\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} => key not found. 

"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully

Mv_Process => Service removed successfully

"c:\windows\syswow64\mv_process.sys" => File/Folder not found.

EmptyTemp: => 468.9 MB temporary data Removed.

 

 

The system needed a reboot.. 

 

==== End of Fixlog 00:54:15 ====

Attached Files


Edited by jntkwx, 17 June 2015 - 03:08 PM.
Including log in post (easier to read)


#6 Lucius31

Lucius31
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 17 June 2015 - 10:00 AM

# AdwCleaner v4.206 - Logfile created 18/06/2015 at 00:58:38
# Updated 01/06/2015 by Xplode
# Database : 2015-06-17.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Antonio - ANTONIO-PC
# Running from : C:\Users\Antonio\Downloads\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\Common Files\Innovative Solutions

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17801


-\\ Mozilla Firefox v38.0.5 (x86 en-US)


-\\ Chromium v


*************************

AdwCleaner[R0].txt - [854 bytes] - [18/06/2015 00:57:44]
AdwCleaner[S0].txt - [782 bytes] - [18/06/2015 00:58:38]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [840  bytes] ##########
 



#7 Lucius31

Lucius31
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 17 June 2015 - 10:02 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by Antonio (administrator) on ANTONIO-PC on 18-06-2015 01:01:31
Running from C:\Users\Antonio\Downloads
Loaded Profiles: Antonio (Available Profiles: Antonio)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(SteelSeries) C:\Program Files (x86)\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMHID.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(SteelSeries) C:\Program Files (x86)\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMTray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Users\Antonio\AppData\Roaming\Mozilla\Firefox\Profiles\g3pj7jpa.default\extensions\adbhelper@mozilla.org\win32\adb.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [590656 2015-05-15] (Razer Inc.)
HKLM-x32\...\Run: [SteelSeries World of Warcraft MMO Gaming Mouse] => C:\Program Files (x86)\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMHID.exe [1651200 2011-08-18] (SteelSeries)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-13] (Avast Software s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-2993283589-2562158505-2121891784-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-21] (Microsoft Corporation)
AppInit_DLLs: => File not found
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-05] (Avast Software s.r.o.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2993283589-2562158505-2121891784-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-29] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-09] (Avast Software s.r.o.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-29] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-29] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-09] (Avast Software s.r.o.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-29] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 61.9.195.193 61.9.194.49

FireFox:
========
FF ProfilePath: C:\Users\Antonio\AppData\Roaming\Mozilla\Firefox\Profiles\g3pj7jpa.default
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_160.dll [2015-06-14] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-29] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_160.dll [2015-06-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-29] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-07-03] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-07-03] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-02] (Adobe Systems Inc.)
FF Extension: ADB Helper - C:\Users\Antonio\AppData\Roaming\Mozilla\Firefox\Profiles\g3pj7jpa.default\Extensions\adbhelper@mozilla.org [2015-05-27]
FF Extension: Valence - C:\Users\Antonio\AppData\Roaming\Mozilla\Firefox\Profiles\g3pj7jpa.default\Extensions\fxdevtools-adapters@mozilla.org [2015-06-06]
FF Extension: Adblock Plus - C:\Users\Antonio\AppData\Roaming\Mozilla\Firefox\Profiles\g3pj7jpa.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-08-18]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-07-25]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-09]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-05] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-05-05] (Avast Software)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-05] ()
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-05] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-05] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-05] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-05] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-05] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-05-05] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-05] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-05] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-09-01] (Intel Corporation)
R3 Mo3Fltr; C:\Windows\System32\drivers\Mo3Fltr.sys [12800 2010-08-11] ()
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-12-30] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-02-05] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-10-24] (Razer, Inc.)
S3 SSMO3v2Filter; C:\Windows\System32\drivers\MO3v2Driver.sys [23040 2010-12-17] (Sagatek Co. Ltd.) [File not signed]
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-05-05] (Avast Software)
S3 WinRing0_1_2_0; C:\Users\Antonio\Desktop\Utilities\RealTemp_370\WinRing0x64.sys [14544 2008-07-27] (OpenLibSys.org)
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-18 00:57 - 2015-06-18 00:58 - 00000000 ____D C:\AdwCleaner
2015-06-18 00:57 - 2015-06-18 00:57 - 02231296 _____ C:\Users\Antonio\Downloads\AdwCleaner.exe
2015-06-16 05:14 - 2015-06-16 05:14 - 00033541 _____ C:\Users\Antonio\Downloads\Addition.txt
2015-06-16 05:13 - 2015-06-18 01:01 - 00010685 _____ C:\Users\Antonio\Downloads\FRST.txt
2015-06-16 05:11 - 2015-06-18 01:01 - 00000000 ____D C:\FRST
2015-06-16 05:11 - 2015-06-16 05:11 - 02109952 _____ (Farbar) C:\Users\Antonio\Downloads\FRST64.exe
2015-06-10 11:16 - 2015-06-10 11:16 - 00000000 ____D C:\Windows\CheckSur
2015-06-02 05:49 - 2015-06-02 05:49 - 00000000 ____D C:\Users\Antonio\AppData\Local\GWX
2015-05-27 23:43 - 2015-05-27 23:43 - 00000000 ____D C:\Users\Antonio\.android

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-18 00:59 - 2014-09-23 23:31 - 00023844 _____ C:\Windows\setupact.log
2015-06-18 00:59 - 2014-04-11 12:44 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-18 00:59 - 2009-07-14 15:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-18 00:58 - 2014-04-11 12:41 - 01247179 _____ C:\Windows\WindowsUpdate.log
2015-06-18 00:58 - 2009-07-14 14:45 - 00031904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-18 00:58 - 2009-07-14 14:45 - 00031904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-18 00:58 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\registration
2015-06-18 00:21 - 2014-11-17 23:51 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-17 21:29 - 2013-07-25 14:21 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-17 18:57 - 2009-07-14 15:13 - 00788656 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-14 17:26 - 2014-11-17 23:51 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-14 17:26 - 2013-08-14 11:36 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-14 17:26 - 2013-07-30 02:41 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-14 17:25 - 2013-07-25 14:20 - 00000000 ____D C:\Users\Antonio\AppData\Local\Adobe
2015-06-13 20:08 - 2015-04-12 17:50 - 00000000 ____D C:\Users\Antonio\AppData\Roaming\uTorrent
2015-06-11 16:41 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\rescache
2015-06-11 13:18 - 2014-09-23 23:31 - 00265104 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-11 13:17 - 2014-12-12 15:04 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-11 13:17 - 2014-05-07 03:00 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-11 13:17 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-11 13:00 - 2013-07-25 18:41 - 00000000 ___RD C:\Users\Antonio\Desktop\Stuff
2015-06-11 12:59 - 2009-07-14 15:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-06-10 23:14 - 2013-07-26 06:41 - 00000000 ____D C:\Windows\system32\MRT
2015-06-10 23:13 - 2013-07-25 18:36 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-04 08:31 - 2014-09-23 01:12 - 00058464 _____ C:\Users\Antonio\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-03 22:06 - 2014-09-25 02:09 - 00162136 _____ C:\Windows\PFRO.log
2015-06-03 22:06 - 2013-08-18 22:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-05-27 23:43 - 2013-07-25 13:51 - 00000000 ____D C:\Users\Antonio
2015-05-21 00:09 - 2015-04-04 23:07 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-05-21 00:09 - 2015-04-04 23:07 - 00000000 ___SD C:\Windows\system32\GWX

==================== Files in the root of some directories =======

2013-07-28 13:46 - 2013-07-28 13:47 - 0010217 _____ () C:\Users\Antonio\AppData\Local\CleanupUninstall.txt
2013-07-25 18:33 - 2013-07-26 06:46 - 0000079 _____ () C:\Users\Antonio\AppData\Local\CrystalDiskMark30.ini
2013-07-26 13:43 - 2014-04-13 13:12 - 0007606 _____ () C:\Users\Antonio\AppData\Local\resmon.resmoncfg

Some files in TEMP:
====================
C:\Users\Antonio\AppData\Local\Temp\Quarantine.exe
C:\Users\Antonio\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-13 02:17

==================== End of log ============================



#8 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:10:16 PM

Posted 17 June 2015 - 03:10 PM

Looking good.

 

How is the computer running now? Please be as descriptive as possible.


Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#9 Lucius31

Lucius31
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 17 June 2015 - 04:13 PM

The pc seems to be running fine. It is booting up quickly as per normal. I am playing games with no lag and watching a lot of Youtube videos.

 

I have not tried running Avast, tdskiller, Malwarebytes or a Windows System check (sfc /scannow) as I did initially. Should I try them again? Did I have any problems or any viruses?



#10 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:10:16 PM

Posted 17 June 2015 - 04:17 PM

I don't see any viruses in the logs.

 

Before I let you go I'd like to scan your machine with ESET OnlineScan.

Since Eset could take up to an hour or even more depending on the size of your hard drive and the speed of your computer I suggest that you run this scan at night when you are not there and the computer is idle.

 

  • Please download and the run exe from the link below:
    ESET OnlineScan
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check the option beside: Enable detection of potentially unwanted applications
  • Now click on Advanced Settings and make sure that the option Remove found threats is NOT checked, and select the following:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
    • Click on the Change button and select only Operating memory and drive C:\

fhSji42.png

 

  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the esetBack.png button.
  • Push esetFinish.png

 

 

Also let's check for outdated and vulnerable software on your PC

 

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

And then if there aren't any issues left I'll give you my final recommendations.

 

Let me know if there are remaining issues.


Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#11 Lucius31

Lucius31
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 17 June 2015 - 04:21 PM

Ok I will run these when I go to bed in a few hours and post the results when I get up.

 

Thanks a lot so far!



#12 Lucius31

Lucius31
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 17 June 2015 - 06:15 PM

ESET found no threats.

 

 

 Results of screen317's Security Check version 1.004  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Java 8 Update 31  
 Java version 32-bit out of Date!
 Adobe Flash Player 18.0.0.160  
 Adobe Reader XI  
 Mozilla Firefox (38.0.5)
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
 AVAST Software Avast ng vbox\AvastVBoxSVC.exe
 AVAST Software Avast ng ngservice.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 11% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

 

 

Cheers!



#13 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:10:16 PM

Posted 17 June 2015 - 06:30 PM

Your Java is out of date. Using Java is an unnecessary security risk...especially using older versions which have vulnerabilities that malicious sites can use to exploit and infect your system.

Although Java is commonly used in business environments and many VPN providers still use it, thaverage user does not need to install Java software.

Please follow these steps to remove older version of Java components and upgrade the application.
  • Download the latest version of Java SE 8.
  • Click the Java SE 8u45 "Download JRE" button to the right.
  • Select your Platform, Register and check the box that says: "I agree to the Java SE Runtime Environment 8 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-8u45-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel > Programs, click on Uninstall a program and remove all older versions of Java: 
      Java 8 Update 31
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version. (Vista/Windows 7 users, right click on the jre-8u40-windows-i586.exe and select "Run as an Administrator.")

 

Next please run JavaRa.

  • Please download JavaRa 2.6 and unzip it to your desktop.
  • Double-click on JavaRa.exe to start the program.
  • Choose Remove JRE and since you already uninstalled JAVA skip step 1 and click on the next button.
  • Now click on Perform Removal Routine to remove the older versions of Java installed on your computer.
  • When that's successfully done, please click OK to close the message.
  • Click on Next and skip the downloading processClick Next and now click on Close this wizard and click Finish.
  • From the main menu please choose Additional tasks
  • Place a checkmark beside Remove startup entry, Remove Outdated JRE Firefox Extentions and Clean JRE Temp Files and click RunThe browsers should be closed before running this task.
  • When that's succesfully done you will see a message at the top saying: "Selected tasks completed successfully".
  • A log file should be created in the same directory as JavaRa.
  • Please attach the log to your next reply.
  • Close JavaRa by clicking the red cross button.

 

You can choose between 2 variants:

 

1. If you have applications that require Java to be installed on the computer then uninstall the old version of Java and then run JavaRa to remove all remnants and then go ahead and download & install the latest version of Java (Java SE 8).

 

2. If you want to be on the safe side then go ahead and uninstall the old version of Java, then run JavaRa to remove all remnants and then remove all applications that require Java (time to learn to live without Java and find alternatives to the applications that require Java)... Check this article.

 

 

 

It appears your computer is clean of malware!

 

Clean Upcleanupm.PNG

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and possibly infected system restore points:

  • You can uninstall programs that you had to install (e.g. ESET Onlinescanner) in the control panel if you so wish.
  • Download delfix.pngDelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.

Tips

I recommend to read and follow advice in the "16 simple and easy ways to keep your computer safe and secure on the Internet"  [ Link ] by Lawrence Abrams.


Edited by jntkwx, 17 June 2015 - 06:32 PM.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#14 Lucius31

Lucius31
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 17 June 2015 - 08:00 PM

User initialised redundant data purge.
......................

Removed registry subkey: java.exe
Removed registry subkey: javaw.exe
Removed registry subkey tree: {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
Removed registry subkey tree: {5852F5ED-8BF4-11D4-A245-0080C6F74284}
Removed registry subkey: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
Removed registry subkey: {DBC80044-A445-435b-BC74-9C25C1C588A9}
Removed registry subkey: F60730A4A66673047777F5728467D401
Removed registry subkey tree: F60730A4A66673047777F5728467D401
Removed registry subkey: A5CCAAC40F5B69B47777ACF82566467C
Removed registry subkey tree: {5852F5EC-8BF4-11D4-A245-0080C6F74284}
Removed registry subkey: application/java-deployment-toolkit
Removed registry subkey: application/x-java-applet
Removed registry subkey: application/x-java-jnlp-file
Removed registry subkey tree: {5852F5E0-8BF4-11D4-A245-0080C6F74284}
Removed registry subkey: .jar
Removed registry subkey: .jnlp
Removed registry subkey tree: jarfile
Removed registry subkey tree: JavaWebStart.isInstalled
Removed registry subkey tree: JavaWebStart.isInstalled.1.7.0.0
Removed registry subkey tree: JNLPFile
Removed registry subkey: {5852F5ED-8BF4-11D4-A245-0080C6F74284}
Removed registry subkey: javaws.exe
Removed registry subkey tree: Browser Helper Objects
Removed registry subkey: A5CCAAC40F5B69B47777ACF82566467C
Removed registry subkey: 225FA5D4CDB0C57489E7F511C11D0182
Removed registry subkey: 225FC5D4ADB0C57489E7F511C11D0182
Removed registry subkey: 225FC5D4BDB0C57489E7F511C11D0182
Removed registry subkey: 52AAFD69654C07446983ADA1256FC7A9
Removed registry subkey: AD9BB15F1AC776D49B768EDF5A02B896
Removed registry subkey: E1215CC4312C58A4A8F9D630115FB457
Removed registry subkey tree: F60730A4A66673047777F5728467D401
Exception encountered in module [JavaRa]
Message: Cannot delete a subkey tree because the subkey does not exist.
   at Microsoft.Win32.RegistryKey.DeleteSubKeyTreeInternal(String subkey)
   at Microsoft.Win32.RegistryKey.DeleteSubKeyTree(String subkey)
   at JavaRa.routines_registry.delete_key(String key)

Removed registry subkey: Oracle_JavaAccessBridge
Removed registry subkey tree: JavaPlugin.10402
Removed registry subkey tree: JavaPlugin.10512
Removal routine completed successfully. 34 items have been deleted.
== Cleaning JRE temporary files ==
Deleted file: C:\Users\Antonio\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\lastAccessed
Deleted file: C:\Users\Antonio\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-61a6a996
Deleted file: C:\Users\Antonio\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-61a6a996.idx
 
== Cleaning JRE temporary files ==
Deleted file: C:\Users\Antonio\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\lastAccessed
Deleted file: C:\Users\Antonio\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-61a6a996
Deleted file: C:\Users\Antonio\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-61a6a996.idx
 
== Cleaning JRE temporary files ==
Deleted file: C:\Users\Antonio\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\lastAccessed
Deleted file: C:\Users\Antonio\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-61a6a996
Deleted file: C:\Users\Antonio\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-61a6a996.idx
 
User initialised redundant data purge.
......................

Exception encountered in module [JavaRa]
Message: Cannot delete a subkey tree because the subkey does not exist.
   at Microsoft.Win32.RegistryKey.DeleteSubKeyTreeInternal(String subkey)
   at Microsoft.Win32.RegistryKey.DeleteSubKeyTree(String subkey)
   at JavaRa.routines_registry.delete_key(String key)

Removal routine completed successfully. 0 items have been deleted.
== Cleaning JRE temporary files ==
Exception encountered in module [JavaRa]
Message: Could not find a part of the path 'C:\Users\Antonio\AppData\LocalLow\Sun\Java\Deployment'.
   at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
   at System.IO.Directory.InternalGetFileDirectoryNames(String path, String userPathOriginal, String searchPattern, Boolean includeFiles, Boolean includeDirs, SearchOption searchOption)
   at System.IO.Directory.GetFiles(String path, String searchPattern, SearchOption searchOption)
   at JavaRa.routines_interface.clean_jre_temp_files()

 
== Cleaning JRE temporary files ==
Exception encountered in module [JavaRa]
Message: Could not find a part of the path 'C:\Users\Antonio\AppData\LocalLow\Sun\Java\Deployment'.
   at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
   at System.IO.Directory.InternalGetFileDirectoryNames(String path, String userPathOriginal, String searchPattern, Boolean includeFiles, Boolean includeDirs, SearchOption searchOption)
   at System.IO.Directory.GetFiles(String path, String searchPattern, SearchOption searchOption)
   at JavaRa.routines_interface.clean_jre_temp_files()

 
 


Edited by Lucius31, 17 June 2015 - 08:04 PM.


#15 Lucius31

Lucius31
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 17 June 2015 - 08:07 PM

I think I ran JavaRa twice by accident.

 

 

Does everything seem okay? I first uninstalled the old Java, then put in the new one. Then after reading I decided to remove it as I don't think I use it anymore (I used to use it for modding Skyrim).

 

So then I ran the JavaRa as suggested, but I did it twice I think.

 

Hopefully I didn't break anything...






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users