Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Wireless Internet Only Works on Safe mode


  • This topic is locked This topic is locked
14 replies to this topic

#1 Fullbeat

Fullbeat

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 03 December 2015 - 12:38 PM

Hi everobody and sorry for my bad english i'll try my best

 

Since a windows update last 11/30/15 i can't use my internet in normal mode. I try to restore my system and says windows can't restore after reboot.

I also try uninstall my network drivers and re-install it only works once but i now its the same try again and the same.

Also run adwcleaner for threads and no virruses have been founded

Ah and tryed netish and not working

Hope u guys can help me, cheers!

My computer _:Windows 7 Ultimate 64bit SP!

AMD Athlon x2 Dual Core processor 4800+, 5gbRAM


Edited by Fullbeat, 03 December 2015 - 12:57 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:52 PM

Posted 04 December 2015 - 10:20 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Use Safe Mode to download this tool to your Desktop.

Restart the computer in normal mode and run the tools.
Post the logs for my review.


Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===


Wait for further instructions.

#3 Fullbeat

Fullbeat
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 04 December 2015 - 01:00 PM

Hi nasdaq and thank u for helping me ignore these i ran the program on safe now i'll post the results on normal mode

Attached Files


Edited by Fullbeat, 04 December 2015 - 01:02 PM.


#4 Fullbeat

Fullbeat
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 04 December 2015 - 01:09 PM

here we go:  FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:01-12-2015
Ran by Fullbeat (administrator) on FULLBEAT-PC (04-12-2015 15:04:45)
Running from C:\Users\Fullbeat\Desktop
Loaded Profiles: Fullbeat (Available Profiles: Fullbeat)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Inglés (Estados Unidos)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files (x86)\Advanced SystemCare 8\ASCService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(IObit) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
(IObit) C:\Program Files (x86)\Advanced SystemCare 8\Monitor.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWXUX.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14021336 2015-07-21] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2015-07-21] (Advanced Micro Devices, Inc.)
HKLM\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-4143293169-2872972097-278672978-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3011152 2015-11-10] (Valve Corporation)
HKU\S-1-5-21-4143293169-2872972097-278672978-1000\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2015-07-21] ()
HKU\S-1-5-21-4143293169-2872972097-278672978-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8202008 2015-10-11] (Piriform Ltd)
HKU\S-1-5-21-4143293169-2872972097-278672978-1000\...\Policies\Explorer: [ConfirmFileDelete] 0
HKU\S-1-5-21-4143293169-2872972097-278672978-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-4143293169-2872972097-278672978-1000\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-4143293169-2872972097-278672978-1000\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-4143293169-2872972097-278672978-1000\...\Policies\Explorer: [NoCDBurning] 1
HKU\S-1-5-18\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53271168 2015-06-16] (Skype Technologies S.A.)
HKU\S-1-5-18\...\Run: [Advanced SystemCare 8] => C:\Program Files (x86)\Advanced SystemCare 8\ASCTray.exe [2429728 2015-04-08] (IObit)
HKU\S-1-5-18\...\RunOnce: [WTK_IE_Google_Search] => REG ADD HKCU\Software\Microsoft\Internet Explorer\SearchScopes /v DefaultScope /t REG_SZ /d {637D6E3C-DF93-48A5-8362-159A8AC56B11} /f
HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-18\...\Policies\Explorer: [ConfirmFileDelete] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-18\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoCDBurning] 1

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{A7C8D1FB-F436-439E-B581-15AA123F6C18}: [DhcpNameServer] 192.168.1.1 0.0.0.0

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4143293169-2872972097-278672978-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4143293169-2872972097-278672978-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
HKU\S-1-5-21-4143293169-2872972097-278672978-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4143293169-2872972097-278672978-1000 -> DefaultScope {637D6E3C-DF93-48A5-8362-159A8AC56B11} URL = hxxp://www.google.com/search?hl=en&q={searchTerms}&meta=
SearchScopes: HKU\S-1-5-21-4143293169-2872972097-278672978-1000 -> {637D6E3C-DF93-48A5-8362-159A8AC56B11} URL = hxxp://www.google.com/search?hl=en&q={searchTerms}&meta=

FireFox:
========
FF ProfilePath: C:\Users\Fullbeat\AppData\Roaming\Mozilla\Firefox\Profiles\sa9vqsoy.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-10] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-10] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Fullbeat\AppData\Roaming\Mozilla\Firefox\Profiles\sa9vqsoy.default\extensions\iobitascsurfingprotection@iobit.com [2015-07-21] [not signed]
FF Extension: VKontakte.ru Downloader - C:\Users\Fullbeat\AppData\Roaming\Mozilla\Firefox\Profiles\sa9vqsoy.default\extensions\vk@sergeykolosov.mp.xpi [2015-10-04]
FF Extension: Adblock Plus - C:\Users\Fullbeat\AppData\Roaming\Mozilla\Firefox\Profiles\sa9vqsoy.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-11-25]

Chrome:
=======
CHR Profile: C:\Users\Fullbeat\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (VK Music Downloader) - C:\Users\Fullbeat\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpokhfcmgpipfplgbkiecbpcmplgniam [2015-08-15]
CHR Extension: (AdBlock) - C:\Users\Fullbeat\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-10-10]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Fullbeat\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-13]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Fullbeat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-13]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvancedSystemCareService8; C:\Program Files (x86)\Advanced SystemCare 8\ASCService.exe [814880 2015-04-03] (IObit)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2015-07-21] (Advanced Micro Devices, Inc.) [File not signed]
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-31] (IObit)
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2015-06-30] (Microsoft Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 CmdAgent; no ImagePath
S3 cmdvirth; no ImagePath

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdide64; C:\Windows\System32\DRIVERS\amdide64.sys [11944 2015-07-21] (Advanced Micro Devices Inc.)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [21184 2015-11-18] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [806032 2015-11-18] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [45856 2015-08-04] (COMODO)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-07-21] (REALiX™)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [105096 2015-08-04] (COMODO)
S3 kz1avs; C:\Windows\System32\Drivers\kz1avs.sys [359120 2015-08-24] (Native Instruments GmbH)
S3 kz1usb_svc; C:\Windows\System32\Drivers\kz1usb.sys [83152 2015-08-24] (Native Instruments GmbH)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2015-10-17] (Research In Motion Limited)
R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [926824 2015-07-21] (Realtek Semiconductor Corporation                           )
S3 RtlWlanu; C:\Windows\System32\DRIVERS\RTWlanU.sys [2990808 2015-07-21] (Realtek Semiconductor Corporation                           )
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz137; \??\C:\Users\Fullbeat\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-04 15:04 - 2015-12-04 15:05 - 00010226 _____ C:\Users\Fullbeat\Desktop\FRST.txt
2015-12-04 14:56 - 2015-12-04 14:57 - 00137560 _____ C:\Users\Fullbeat\Documents\Addition.txt
2015-12-04 14:55 - 2015-12-04 15:04 - 00000000 ____D C:\FRST
2015-12-04 14:55 - 2015-12-04 14:57 - 00022856 _____ C:\Users\Fullbeat\Documents\FRST.txt
2015-12-04 14:54 - 2015-12-04 14:54 - 02350080 _____ (Farbar) C:\Users\Fullbeat\Desktop\FRST64.exe
2015-12-03 14:54 - 2015-12-03 14:54 - 01736704 _____ C:\Users\Fullbeat\Downloads\adwcleaner_5.023(1).exe
2015-12-03 14:12 - 2015-12-04 14:51 - 00130526 _____ C:\Windows\ntbtlog.txt
2015-12-03 14:03 - 2015-12-03 14:03 - 00000000 ____H C:\asc_rdflag
2015-12-02 10:28 - 2015-12-02 10:28 - 00000284 _____ C:\Windows\Tasks\Uninstaller_SkipUac_Fullbeat.job
2015-12-01 03:12 - 2015-12-01 03:12 - 00022149 _____ C:\ComboFix.txt
2015-12-01 03:02 - 2015-12-01 03:12 - 00000000 ____D C:\Qoobox
2015-12-01 03:02 - 2015-12-01 03:10 - 00000000 ____D C:\Windows\erdnt
2015-12-01 03:02 - 2011-06-26 03:45 - 00256000 _____ C:\Windows\PEV.exe
2015-12-01 03:02 - 2010-11-07 14:20 - 00208896 _____ C:\Windows\MBR.exe
2015-12-01 03:02 - 2009-04-20 01:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-12-01 03:02 - 2000-08-30 21:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-12-01 03:02 - 2000-08-30 21:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-12-01 03:02 - 2000-08-30 21:00 - 00098816 _____ C:\Windows\sed.exe
2015-12-01 03:02 - 2000-08-30 21:00 - 00080412 _____ C:\Windows\grep.exe
2015-12-01 03:02 - 2000-08-30 21:00 - 00068096 _____ C:\Windows\zip.exe
2015-12-01 03:01 - 2015-12-01 03:02 - 05639299 ____R (Swearware) C:\Users\Fullbeat\Downloads\ComboFix.exe
2015-12-01 02:28 - 2015-12-01 02:28 - 01736704 _____ C:\Users\Fullbeat\Downloads\adwcleaner_5.023.exe
2015-12-01 01:21 - 2015-12-01 01:21 - 00003098 _____ C:\Windows\System32\Tasks\{A4B3CC84-0B47-4FF6-8F00-E30168299A70}
2015-12-01 01:14 - 2015-12-01 01:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK
2015-12-01 00:43 - 2014-04-08 09:42 - 00026624 _____ (Atheros Communications, Inc.) C:\Windows\system32\Drivers\jswpslwfx.sys
2015-11-30 22:50 - 2015-11-30 22:50 - 04947168 _____ (Advanced Micro Devices, Inc.) C:\Users\Fullbeat\Downloads\autodetectutility.exe
2015-11-30 20:43 - 2009-07-13 22:40 - 04030976 _____ C:\Windows\SysWOW64\SETD5F8.tmp
2015-11-30 12:06 - 2015-11-30 12:06 - 00267672 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-30 10:35 - 2015-11-30 10:46 - 78618745 _____ C:\Users\Fullbeat\Downloads\Max (Italy) - Each Other [MSLTD023].rar
2015-11-30 08:15 - 2015-11-30 08:15 - 00627203 _____ C:\Users\Fullbeat\Downloads\search.htm
2015-11-30 08:15 - 2015-11-30 08:15 - 00627203 _____ C:\Users\Fullbeat\Downloads\search(2).htm
2015-11-30 05:18 - 2015-12-03 18:52 - 00000000 ____D C:\Users\Fullbeat\Downloads\TrackPack For DJs 2211
2015-11-30 05:16 - 2015-11-30 05:16 - 00460475 _____ C:\Users\Fullbeat\Downloads\C5F596F0EEF9F2842F236E69BBED79D20604F4D7.torrent
2015-11-30 01:45 - 2015-11-30 01:35 - 06391222 _____ C:\Users\Fullbeat\Desktop\TL-WN821N_V4_140918.zip
2015-11-30 01:45 - 2015-11-30 01:26 - 26242523 _____ C:\Users\Fullbeat\Desktop\TL-WN822N_V3_Utility_140918.zip
2015-11-30 01:06 - 2015-11-30 01:06 - 00058016 _____ C:\Users\Fullbeat\AppData\Local\GDIPFONTCACHEV1.DAT
2015-11-24 04:56 - 2015-11-24 04:56 - 00008894 _____ C:\Users\Fullbeat\Downloads\config.zip
2015-11-24 04:38 - 2015-11-24 04:38 - 00000306 _____ C:\Users\Fullbeat\Downloads\game_fix.bat
2015-11-24 01:25 - 2015-11-24 01:25 - 00000219 _____ C:\Users\Fullbeat\Desktop\Counter-Strike Global Offensive.url
2015-11-24 01:25 - 2015-11-24 01:25 - 00000000 ____D C:\Users\Fullbeat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-11-24 01:15 - 2015-11-24 01:15 - 00000128 _____ C:\Users\Fullbeat\Desktop\launch codes.txt
2015-11-21 19:26 - 2015-11-21 19:26 - 00000000 ____D C:\Users\Fullbeat\Desktop\GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}
2015-11-21 03:37 - 2015-11-21 03:37 - 00000000 ____D C:\Users\Fullbeat\AppData\Roaming\vlc
2015-11-21 03:26 - 2015-11-21 04:07 - 00000000 ____D C:\Users\Fullbeat\Downloads\PopcornTime
2015-11-21 03:26 - 2015-11-21 03:26 - 00000000 ____D C:\Users\Fullbeat\AppData\Local\PopcornTimeDesktop
2015-11-16 21:54 - 2015-11-16 21:54 - 00000574 _____ C:\Users\Fullbeat\Documents\cc_20151116_215420.reg
2015-11-11 01:26 - 2015-11-11 01:26 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-11-11 01:26 - 2015-11-11 01:26 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-11-09 14:04 - 2015-11-29 22:37 - 37867520 _____ C:\Windows\system32\config\COMPONENTS.iodefrag.bak
2015-11-06 05:09 - 2015-11-06 05:09 - 00243912 _____ C:\Users\Fullbeat\Downloads\Firefox Setup Stub 42.0.exe
2015-11-06 03:13 - 2015-11-06 03:31 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2015-11-06 03:03 - 2015-11-06 03:11 - 274585064 _____ (BlueStack Systems Inc.) C:\Users\Fullbeat\Downloads\BlueStacks-Installer_native.exe
2015-11-05 07:03 - 2015-11-05 07:04 - 01713664 _____ C:\Users\Fullbeat\Downloads\adwcleaner_5.018.exe
2015-11-05 00:32 - 2015-11-05 00:32 - 00000000 ____D C:\found.000
2015-11-04 02:29 - 2015-11-04 02:29 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-11-04 02:29 - 2015-11-04 02:29 - 02608128 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-11-04 02:29 - 2015-11-04 02:29 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-04 02:29 - 2015-11-04 02:29 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-11-04 02:29 - 2015-11-04 02:29 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-11-04 02:29 - 2015-11-04 02:29 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-11-04 02:29 - 2015-11-04 02:29 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-11-04 02:29 - 2015-11-04 02:29 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-11-04 02:29 - 2015-11-04 02:29 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-11-04 02:29 - 2015-11-04 02:29 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-11-04 02:29 - 2015-11-04 02:29 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-11-04 02:29 - 2015-11-04 02:29 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-11-04 02:29 - 2015-11-04 02:29 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-11-04 02:29 - 2015-11-04 02:29 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-11-04 02:29 - 2015-11-04 02:29 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-11-04 02:29 - 2015-11-04 02:29 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-04 15:04 - 2015-07-21 02:02 - 00000000 ____D C:\Program Files (x86)\Steam
2015-12-04 15:04 - 2015-07-21 00:45 - 00000000 ____D C:\Program Files (x86)\Advanced SystemCare 8
2015-12-04 15:03 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-04 14:56 - 2009-07-14 00:20 - 00000000 ____D C:\Windows
2015-12-04 14:49 - 2009-07-14 01:45 - 00021280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-04 14:49 - 2009-07-14 01:45 - 00021280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-04 14:48 - 2015-07-24 04:43 - 00000838 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-03 20:25 - 2015-07-21 04:45 - 00744776 _____ C:\Windows\system32\perfh00A.dat
2015-12-03 20:25 - 2015-07-21 04:45 - 00158862 _____ C:\Windows\system32\perfc00A.dat
2015-12-03 20:25 - 2009-07-14 02:13 - 01808612 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-03 20:25 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf
2015-12-03 19:44 - 2009-07-14 02:08 - 00032646 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-12-03 19:41 - 2015-07-21 00:53 - 00000000 ____D C:\ProgramData\ProductData
2015-12-03 19:11 - 2015-07-21 03:27 - 00002886 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (Fullbeat)
2015-12-03 17:37 - 2015-07-21 01:54 - 00000000 ____D C:\Users\Fullbeat\AppData\Roaming\BitTorrent
2015-12-03 16:10 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\system32\NDF
2015-12-03 14:55 - 2015-07-22 13:29 - 00000000 ____D C:\Program Files\Everything
2015-12-03 14:55 - 2015-07-21 05:11 - 00000000 ____D C:\AdwCleaner
2015-12-03 14:03 - 2015-09-10 19:31 - 74670080 _____ C:\Windows\system32\config\SOFTWARE.iodefrag.bak
2015-12-03 14:03 - 2015-09-10 19:31 - 00249856 _____ C:\Windows\system32\config\DEFAULT.iodefrag.bak
2015-12-03 14:03 - 2015-09-10 19:31 - 00065536 _____ C:\Windows\system32\config\SAM.iodefrag.bak
2015-12-03 14:03 - 2015-09-10 19:31 - 00024576 _____ C:\Windows\system32\config\SECURITY.iodefrag.bak
2015-12-02 10:29 - 2015-07-21 00:47 - 00000000 ____D C:\Program Files\COMODO
2015-12-01 03:09 - 2009-07-13 23:34 - 00000215 _____ C:\Windows\system.ini
2015-12-01 02:10 - 2015-07-21 04:22 - 00000000 ____D C:\Users\Fullbeat\AppData\Roaming\MPC-HC
2015-12-01 01:22 - 2015-11-02 10:21 - 00000000 ____D C:\Users\Fullbeat\AppData\Local\ElevatedDiagnostics
2015-12-01 01:14 - 2015-07-21 00:54 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-12-01 01:08 - 2015-07-21 05:19 - 00002916 _____ C:\Windows\System32\Tasks\Uninstaller_SkipUac_Fullbeat
2015-12-01 00:52 - 2015-07-21 00:54 - 00000000 ____D C:\ProgramData\TP-LINK
2015-11-30 23:57 - 2015-07-21 00:48 - 01474832 _____ C:\Windows\system32\Drivers\sfi.dat
2015-11-30 20:42 - 2015-07-21 02:29 - 03733754 _____ C:\Windows\system32\Drivers\fvstore.dat
2015-11-30 11:37 - 2015-07-28 08:42 - 00000969 _____ C:\Users\Fullbeat\Desktop\۞ ۞ ۞۞ ۞۞۞ ۞۞۞۞۞۞.txt
2015-11-26 02:37 - 2015-07-21 00:49 - 00000000 ____D C:\Users\Fullbeat\AppData\Roaming\IObit
2015-11-26 02:37 - 2015-07-21 00:46 - 00000000 ____D C:\Program Files (x86)\IObit
2015-11-23 22:52 - 2015-07-21 07:07 - 00010629 _____ C:\Users\Fullbeat\Desktop\config.cfg
2015-11-18 21:49 - 2015-07-21 02:06 - 00000000 ____D C:\Users\Fullbeat\AppData\Local\Steam
2015-11-18 14:14 - 2015-06-05 14:35 - 00806032 _____ (COMODO) C:\Windows\system32\Drivers\cmdguard.sys
2015-11-18 14:14 - 2015-06-05 14:35 - 00021184 _____ (COMODO) C:\Windows\system32\Drivers\cmderd.sys
2015-11-11 03:12 - 2015-06-10 07:44 - 00000000 ____D C:\Windows\system32\MRT
2015-11-11 03:07 - 2015-06-10 07:44 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-11-10 16:48 - 2015-07-24 04:43 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-10 16:48 - 2015-07-24 04:43 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-10 16:48 - 2015-07-24 04:43 - 00003776 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-11-10 10:24 - 2015-10-11 06:16 - 00000000 ____D C:\Program Files\CCleaner
2015-11-07 19:36 - 2015-07-21 04:15 - 00000000 ____D C:\Users\Fullbeat\Downloads\VK audio
2015-11-06 08:58 - 2009-07-14 00:20 - 00000000 __RHD C:\Users\Public\Libraries
2015-11-06 05:36 - 2015-07-24 04:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-06 05:12 - 2015-10-16 00:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-06 05:12 - 2015-07-24 04:36 - 00001175 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-11-05 02:17 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\rescache

==================== Files in the root of some directories =======

2015-08-05 04:58 - 2015-08-05 04:58 - 0007605 _____ () C:\Users\Fullbeat\AppData\Local\Resmon.ResmonCfg
2015-07-21 03:23 - 2015-07-21 03:23 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Fullbeat\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe
[2015-06-29 23:14] - [2011-02-25 03:19] - 2252800 ____A (Microsoft Corporation) F5EC65BAD2DD56866C91B2F6C8AFF5DA

C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-30 16:59

==================== End of FRST.txt ============================

Attached Files



#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:52 PM

Posted 05 December 2015 - 08:19 AM

Remove this process in bold via the Programs and Features applet.
Driver Booster 2.4 (HKLM-x32\...\Driver Booster_is1) (Version: 2.4 - IObit)

p.s.
I also notice you have other software installed by the Chinese company called iObit.

The company behind this product was found to be stealing Malwarebybes' database.
Personally I would not trust installing any software from a company that resorts to stealing someone's technology to sell their product.
Please see the following links and make up your own mind if you want to keep this on your system. If needed I can help you remove it.
IOBit Steals Malwarebytes' Intellectual Property http://www.malwarebytes.org/forums/index.php?showtopic=29681
IOBit's Denial of Theft Unconvincing http://www.malwarebytes.org/forums/index.php?showtopic=30989
IOBit Theft Conclusion http://www.malwarebytes.org/forums/index.php?showtopic=30989
IObit: Trusting Your Antivirus Vendor http://antivirus.about.com/od/antivirussoftwarereviews/a/iobittrustingantivirus.htm
Malwarebytes: IObit Stole Our Signatures Database http://news.softpedia.com/news/Malwarebytes-IObit-Stole-Our-Signatures-Database-125928.shtml
IObit accused of stealing from Malwarebytes http://blogs.computerworld.com/15026/iobit_accused_of_stealing_from_malwarebytes
IOBit sucks at ethics http://thewebatom.net/blog/iobit-is-a-sucky-company/
Beware: IObit Malware Fighter http://www.davescomputertips.com/beware-iobit-malware-fighter/
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(IObit) C:Program Files (x86)IObitDriver BoosterAutoUpdate.exe
HKLMSOFTWAREPoliciesMicrosoftInternet Explorer: Restriction <======= ATTENTION
HKUS-1-5-21-4143293169-2872972097-278672978-1000SOFTWAREPoliciesMicrosoftInternet Explorer: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S2 CmdAgent; no ImagePath
S3 cmdvirth; no ImagePath
S3 catchme; ??C:ComboFixcatchme.sys [X]
S3 cpuz137; ??C:UsersFullbeatAppDataLocalTempcpuz137cpuz137_x64.sys [X]
S3 MBAMSwissArmy; ??C:Windowssystem32driversMBAMSwissArmy.sys [X]
S3 VGPU; System32drivers
dvgkmd.sys [X]
Task: {18F66AEA-8F75-46F1-87F8-CACABDFD2B15} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [2015-07-21] (IObit)

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now?

#6 Fullbeat

Fullbeat
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 05 December 2015 - 12:08 PM

Done fix but internet still not workin on normal mode after fix, i unintall via control panel from windows all iobit programs but not sure if there's some files that are maybe corromping system, please let me know how uninstall completaly. Here's the fixlog.txt

Waiting further instructions, ty

 

Ps: something to have in mind when i let computer on on normal mode and reboot windows instals windows updates 1 of 8 and when completes installing its back on says windows can't install update reverting changes and reboots again

Attached Files


Edited by Fullbeat, 05 December 2015 - 12:11 PM.


#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:52 PM

Posted 06 December 2015 - 07:37 AM

Looks like you Internet Explorer has been compromised. (fixlog.txe)

HKUS-1-5-21-4143293169-2872972097-278672978-1000SOFTWAREPoliciesMicrosoftInternet Explorer: Restriction <======= ATTENTION => Error: No automatic fix found for this entry.



Follow the removal and re-installation of IE 11 on your Windows 10 computer.
https://support.microsoft.com/en-us/kb/318378

Keep me posted.

#8 Fullbeat

Fullbeat
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 06 December 2015 - 09:42 AM

Internet explorer 11 has been re-insalled works ok on safe, but the problem persist limited conection on normal mode..



#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:52 PM

Posted 06 December 2015 - 11:07 AM

How to perform a clean boot in Windows Vista, W7, W8.
http://support.microsoft.com/kb/929135

Read and follow the instructions on the page before proceeding.

Did you find any conflicting issues?
===

#10 Fullbeat

Fullbeat
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 06 December 2015 - 11:50 AM

Done, not finding any conflicting issues,but the problem persists



#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:52 PM

Posted 07 December 2015 - 08:16 AM

I was going to suggest that your disable your Antivirus protection, but found only this in your Additional.txt log.

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


Withs some entries in your startup folder referring to Comodo.

Something to me is wrong.
Comodo should also be in your Security Center list.

I sugges you remove comodo by following the instructions on this page.
https://forums.comodo.com/install-setup-configuration-faq-cis-b141.0/-t71897.0.html

Restart the computer and reinstall the application.

Keep me posted.

#12 Fullbeat

Fullbeat
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 07 December 2015 - 12:47 PM

Yes i uninstalled comodo before, its ok im gonna reinstall it now



#13 Fullbeat

Fullbeat
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 09 December 2015 - 05:33 PM

Fixed!! Ran the application rebooted and re installed drivers on safe mode rebooted again and worked, thank u very much 

nasdaq

#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:52 PM

Posted 10 December 2015 - 08:51 AM

Glad we could help.


If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:52 PM

Posted 16 December 2015 - 11:23 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users