Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible infection-was directed here from another mod on my post "browser issues


  • This topic is locked This topic is locked
32 replies to this topic

#1 Kalador5

Kalador5

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dayton Texas
  • Local time:06:43 PM

Posted 01 October 2015 - 12:27 PM

I have been having issues with my browser for some time....everytime i try to get online i get the "internet explorer has stopped working and eeds to close" message ...and Firefox crashes immediately ..

chrome still shows black screen in the window

 

i am attaching the logs as i keep getting your post is too long

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:43 PM

Posted 02 October 2015 - 08:39 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3943137102-964934438-4170505578-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.


Clean the Internet Explorer Cache.
https://kb.wisc.edu/page.php?id=15141

For IE 10, 11 follow the following instructions.
http://refreshyourcache.com/en/internet-explorer-11/
===

How is the computer running now?

#3 Kalador5

Kalador5
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dayton Texas
  • Local time:06:43 PM

Posted 02 October 2015 - 11:07 AM

ok i will do that and post the necessary info on my next reply...thanks in advance for the time to help me 



#4 Kalador5

Kalador5
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dayton Texas
  • Local time:06:43 PM

Posted 02 October 2015 - 01:05 PM

as of this post [108pm cst} I am unable to get AdwCleaner to run..



#5 Kalador5

Kalador5
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dayton Texas
  • Local time:06:43 PM

Posted 02 October 2015 - 06:30 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version:30-09-2015
Ran by Eric (2015-10-02 12:01:19)
Running from F:\Users\Eric\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2015-09-28 08:00:17)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3943137102-964934438-4170505578-500 - Administrator - Disabled)
Eric (S-1-5-21-3943137102-964934438-4170505578-1000 - Administrator - Enabled) => F:\Users\Eric
Guest (S-1-5-21-3943137102-964934438-4170505578-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3943137102-964934438-4170505578-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3943137102-964934438-4170505578-1000\...\uTorrent) (Version: 3.4.5.41162 - BitTorrent Inc.)
AMD Catalyst Install Manager (HKLM\...\{1C819A99-37D1-DE8C-68DF-3AEB5A2C9BE6}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
PowerISO (HKLM-x32\...\PowerISO) (Version: 4.8 - PowerISO Computing, Inc.)
Secunia PSI (3.0.0.10004) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.10004 - Secunia)
SlimCleaner Plus (HKLM\...\{C66FE9B8-B7BC-4FBE-A8F9-BB979EFBA47F}) (Version: 2.2.2 - SlimWare Utilities, Inc.)
SlimDrivers (HKLM-x32\...\{746AB259-6474-4111-8966-1C62F9A6E063}) (Version: 2.3.1 - SlimWare Utilities, Inc.)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.5.1 - Tweaking.com)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

01-01-2012 12:57:20 Scheduled Checkpoint
01-01-2012 23:28:30 Installed Microsoft Fix it 50202
28-09-2015 23:35:45 Windows Update
29-09-2015 00:08:48 Windows Update
29-09-2015 00:51:23 Windows Update
29-09-2015 12:06:45 Windows Update
30-09-2015 03:26:41 SlimDrivers Installing Drivers
30-09-2015 04:23:45 Windows Update
30-09-2015 10:12:55 SlimDrivers Installing Drivers
30-09-2015 10:29:18 SlimDrivers Installing Drivers
30-09-2015 13:01:31 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
01-10-2015 03:02:10 Windows Update
02-10-2015 03:00:13 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2012-01-01 23:19 - 00000855 ____A F:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {246E2BFD-E257-4424-9E02-6DF456E3BA4A} - System32\Tasks\SlimDrivers Startup => F:\Program Files (x86)\SlimDrivers\SlimDrivers.exe [2015-08-19] (SlimWare Utilities, Inc.)
Task: {7EBE6673-BB7C-40EB-8585-5A17873F6C82} - System32\Tasks\RunSpeccy => C:\Speccy64.exe
Task: {B3515CBD-9250-4DDE-A1DB-DC658BFE8387} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => F:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-11] (Tweaking.com)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: F:\WINDOWS\Tasks\SlimDrivers Startup.job => F:\Program Files (x86)\SlimDrivers\SlimDrivers.exe

==================== Loaded Modules (Whitelisted) ==============

2012-01-01 03:25 - 2015-02-03 21:21 - 00115400 _____ () F:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3943137102-964934438-4170505578-1000\Control Panel\Desktop\\Wallpaper -> F:\Users\Eric\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{782930CD-6018-43A7-A63A-3C0975CDE429}] => (Allow) F:\Program Files\Internet Explorer\iexplore.exe
FirewallRules: [{CD85813D-3D10-474E-A2D3-807C3203FB36}] => (Allow) F:\Program Files\Internet Explorer\iexplore.exe
FirewallRules: [{BC3808FE-EE45-498F-92E7-53923E027C73}] => (Allow) F:\Program Files\Internet Explorer\iexplore.exe
FirewallRules: [{D3A64E03-F433-403C-B7E3-5CA1A2BADECF}] => (Allow) F:\Program Files\Internet Explorer\iexplore.exe
FirewallRules: [{23CC361F-F19D-451C-BE86-684420CB6282}] => (Allow) F:\WINDOWS\system32\recdisc.exe
FirewallRules: [{5BC671C1-4418-4052-AC09-7C757C54E36C}] => (Allow) F:\WINDOWS\system32\recdisc.exe
FirewallRules: [{6A8B6560-6080-43C8-B7EA-35C9808DBFF7}] => (Allow) F:\WINDOWS\system32\recdisc.exe
FirewallRules: [{7DD767A5-05CF-43C9-8F07-9718A0345EAB}] => (Allow) F:\WINDOWS\system32\recdisc.exe
FirewallRules: [{6B4DEF17-EC95-45EF-9093-4DDFC3062AA1}] => (Allow) F:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{FCE5E08D-1EEA-438C-B90C-7B7540CFFD4A}] => (Allow) F:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{1E509DA7-30E5-40CA-AB32-643EB9B5392C}] => (Allow) F:\Users\Eric\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B6C4C222-31EF-420C-A13E-47081FDF79DE}] => (Allow) F:\Users\Eric\AppData\Roaming\uTorrent\uTorrent.exe

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/02/2015 03:22:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PSIA.exe, version: 3.0.0.10004, time stamp: 0x54784a82
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x7b0
Faulting application start time: 0xPSIA.exe0
Faulting application path: PSIA.exe1
Faulting module path: PSIA.exe2
Report Id: PSIA.exe3

Error: (10/01/2015 07:46:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PSIA.exe, version: 3.0.0.10004, time stamp: 0x54784a82
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x726f7461
Faulting process id: 0x77c
Faulting application start time: 0xPSIA.exe0
Faulting application path: PSIA.exe1
Faulting module path: PSIA.exe2
Report Id: PSIA.exe3

Error: (10/01/2015 03:04:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PSIA.exe, version: 3.0.0.10004, time stamp: 0x54784a82
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x8430a4c2
Faulting process id: 0x570
Faulting application start time: 0xPSIA.exe0
Faulting application path: PSIA.exe1
Faulting module path: PSIA.exe2
Report Id: PSIA.exe3

Error: (10/01/2015 01:38:36 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (10/01/2015 01:38:36 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (10/01/2015 01:38:36 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (10/01/2015 01:38:35 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (10/01/2015 01:38:34 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (10/01/2015 01:38:34 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (10/01/2015 01:38:34 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.


System errors:
=============
Error: (10/02/2015 03:22:23 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Secunia PSI Agent service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/02/2015 02:17:17 AM) (Source: Ntfs) (EventID: 137) (User: )
Description: The default transaction resource manager on volume C: encountered a non-retryable error and could not start.  The data contains the error code.

Error: (10/01/2015 07:46:29 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Secunia PSI Agent service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/01/2015 07:45:55 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Internet Explorer 8 Compatibility View List for Windows 7 for x64-based Systems (KB2598845).

Error: (10/01/2015 07:44:26 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Modules Installer service terminated with the following error:
%%16405

Error: (10/01/2015 07:44:26 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (10/01/2015 07:36:42 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Secunia PSI Agent service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/01/2015 07:35:50 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Update service terminated with the following error:
%%32

Error: (10/01/2015 07:35:48 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Font Cache Service service terminated with the following error:
%%32

Error: (10/01/2015 07:31:22 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Modules Installer service did not shut down properly after receiving a preshutdown control.


CodeIntegrity:
===================================
  Date: 2015-09-29 10:00:54.451
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SIVX64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-29 10:00:54.431
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SIVX64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-29 10:00:53.726
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SIVX64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-29 10:00:53.711
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SIVX64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-29 10:00:53.691
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SIVX64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-29 10:00:53.671
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SIVX64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-29 10:00:53.566
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SIVX64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-29 10:00:53.556
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SIVX64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-29 10:00:53.381
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SIVX64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-29 10:00:53.361
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SIVX64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD A6-3500 APU with Radeon™ HD Graphics
Percentage of memory in use: 35%
Total physical RAM: 4093.43 MB
Available physical RAM: 2655.43 MB
Total Virtual: 8185.05 MB
Available Virtual: 6565.4 MB

==================== Drives ================================

Drive c: (CD_ROM) (Fixed) (Total:7.45 GB) (Free:5.85 GB) NTFS
Drive f: (System Drive) (Fixed) (Total:465.76 GB) (Free:418.96 GB) NTFS
Drive x: (Internal Storage[new]) (Fixed) (Total:931.51 GB) (Free:91.35 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 0956FC80)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: CAA71FD9)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 7.5 GB) (Disk ID: 005A4931)
Partition 1: (Active) - (Size=7.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#6 Kalador5

Kalador5
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dayton Texas
  • Local time:06:43 PM

Posted 02 October 2015 - 06:34 PM

I keep getting error message on adwcleaner...and i cannot run malwarebytes...that program gives me the message.."malwarebytes encountered a problem and needs to close....i tried it twice...on the second time i downloaded those two programs onto a usb stick from a different computer  and moved them over to my computer to try them that way and still no results..any ideas?



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:43 PM

Posted 03 October 2015 - 07:08 AM

Right click on both the AdwCleaner and MBAM and run the programs as an Administrator.

If that fails:

Check the integrity of the operating system files.
How to run sfc /Scannow
http://support.microsoft.com/kb/929833

Keep me posted.

#8 Kalador5

Kalador5
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dayton Texas
  • Local time:06:43 PM

Posted 03 October 2015 - 01:18 PM

Right click on both the AdwCleaner and MBAM and run the programs as an Administrator.

If that fails:

Check the integrity of the operating system files.
How to run sfc /Scannow
http://support.microsoft.com/kb/929833

Keep me posted.

I have done that more than once as for the run as admin on both malwarebytes AND adwcleaner

i am uploading a copy of the cbs logfile for you to look over..and a screenshot of the error i keep getting from adwcleaner

Attached Files



#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:43 PM

Posted 04 October 2015 - 07:11 AM

Try to run this tool to completion.

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.

Also, please provide an update on how the computer is behaving after running the above script.

===

#10 Kalador5

Kalador5
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dayton Texas
  • Local time:06:43 PM

Posted 04 October 2015 - 11:45 AM

will do..and then post any log to here ...thanks again



#11 Kalador5

Kalador5
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dayton Texas
  • Local time:06:43 PM

Posted 05 October 2015 - 12:29 AM

having some trouble running this program...gonna try to do it again..



#12 Kalador5

Kalador5
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dayton Texas
  • Local time:06:43 PM

Posted 05 October 2015 - 11:16 AM

Try to run this tool to completion.

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:

createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.

Also, please provide an update on how the computer is behaving after running the above script.

===

 

how long does this usually take..its been running since last night ..is that normal?



#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:43 PM

Posted 05 October 2015 - 01:41 PM

Close the process.

Start again but this time use only these commands.

autoclean;
emptyalltemp;
ipconfig /flushdns;b

It should not take move than 30 minutes

#14 Kalador5

Kalador5
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dayton Texas
  • Local time:06:43 PM

Posted 05 October 2015 - 01:47 PM

ok...will do that..and try again



#15 Kalador5

Kalador5
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dayton Texas
  • Local time:06:43 PM

Posted 05 October 2015 - 10:54 PM

i am having issue with running this scan...it loads and runs for a very long time with no log to show

any other ideas?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users