Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

chrome crashed, can't run or install anti-malware or anti-virus

chrome crashed cant run malwarebytes unable to install antivirus frst cant install anti-malware

  • Please log in to reply

#1
rajinikanths

rajinikanths

    Member

  • Member
  • PipPip
  • 82 posts

PLEASE HELP.

I've a problem similar to the post http://www.geekstogo...-run-antivirus/

 

After leaving my PC (desktop) ON for several days, i happen to find that chrome started to crash. As soon as I open it, it will crash. Then when I first try to open AVG 2014, it didn't. I was for some reason able to run Windows Malware Removal Tool from USB drive and it detected 2 infections and cleaned. I tried to restart my PC and open chrome, it still gives the same crashing problem. Again I ran the Windows Malware Removal Tool but this time there was no infections at all. Except that, none of the anti-malware like malwarebytes, tsskiller, etc was able to install or run. When I double-click those EXEs,nothing happens.

 

FRST Scan ran from Repair Your Computer mode -> Command Prompt is attached.

 

Please help fix this issue.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by SYSTEM on MININT-O8HV9CU (10-11-2015 02:44:34)
Running from G:\
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 9
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13374568 2011-12-13] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-24] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [AllShareAgent] => C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe [285072 2012-03-01] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [PowerDVD12DMREngine] => C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe [505872 2012-07-25] (CyberLink)
HKLM-x32\...\Run: [PowerDVD12Agent] => C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe [374560 2012-07-25] (CyberLink Corp.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-10-01] (Raptr, Inc)
HKU\Deploy\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] => "C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe"  /PROMPT /CMPID=JUNE2013_TB
HKU\Deploy\...\Run: [AVG-Secure-Search-Update_JUNE2013_HP] => "C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_HP.exe"  /PROMPT /CMPID=JUNE2013_HP
HKU\Rajinikanth\...\Run: [Google Update] => C:\Users\Rajinikanth\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
HKU\Rajinikanth\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG)
HKU\Rajinikanth\...\Run: [uTorrent] => C:\Users\Rajinikanth\AppData\Roaming\uTorrent\uTorrent.exe [1822048 2015-10-13] (BitTorrent Inc.)
HKU\Rajinikanth\...\Run: [AVG-Secure-Search-Update_0913a] => C:\Users\Rajinikanth\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid e9ece8404a8f47d1a8d3d15a0f75730d-ad1491be2ce6c122f6b66faa90e70c2decf7d34c --CMPID 0913a
HKU\Rajinikanth\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
HKU\Rajinikanth\...\Run: [{CFFFBDCC-1501-472A-A4AB-EAB831FF0BF6}] => regsvr32.exe "C:\Users\Rajinikanth\AppData\Roaming\IebaFqej\YuwuWsiw.dll"
HKU\Rajinikanth\...\Run: [BackUp2228303646] => C:\Users\Rajinikanth\AppData\Roaming\BackUp2228303646.exe [581632 2009-07-13] ()
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3645456 2014-04-18] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.)
S2 CLHNServiceForPowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [90640 2012-07-25] (CyberLink Corp.)
S2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [78352 2012-07-25] (CyberLink)
S2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [295440 2012-07-25] (CyberLink)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-24] (NVIDIA Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1868432 2015-06-24] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-24] (NVIDIA Corporation)
S2 RalinkRegistryWriter; C:\Program Files (x86)\TP-LINK\COMMON\RaRegistry.exe [374112 2011-03-14] (Ralink Technology, Corp.)
S2 RalinkRegistryWriter64; C:\Program Files (x86)\TP-LINK\COMMON\RaRegistry64.exe [451936 2011-03-14] (Ralink Technology, Corp.)
S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-08-09] ()
S3 TpMediaServer; C:\Program Files (x86)\TP-LINK\COMMON\RaMediaServer.exe [619872 2011-03-14] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-03-27] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [237336 2014-04-18] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192792 2014-03-27] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [236824 2014-03-27] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [324376 2014-03-27] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130840 2014-03-31] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [32536 2014-03-27] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-03-31] (AVG Technologies CZ, s.r.o.)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [172760 2014-12-28] (Broadcom Corporation.)
S1 BIOS; C:\Windows\system32\drivers\BIOS64.sys [14136 2009-06-17] (BIOSTAR Group)
S1 BIOS; C:\Windows\SysWOW64\drivers\BIOS64.sys [14136 2009-06-17] (BIOSTAR Group)
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-06-20] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S1 MpKslb6c95284; C:\Windows\system32\MpEngineStore\MpKslb6c95284.sys [44928 2015-11-09] (Microsoft Corporation)
S1 MpKslcf41a2e4; C:\Windows\system32\MpEngineStore\MpKslcf41a2e4.sys [44928 2015-11-09] (Microsoft Corporation)
S3 MPMFL; C:\Windows\System32\DRIVERS\MPMFL.sys [23272 2012-12-17] (Windows ® Server 2003 DDK provider)
S2 ntk_PowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [83704 2012-06-20] (Cyberlink Corp.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-24] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46768 2015-05-18] (NVIDIA Corporation)
S3 xb1usb; C:\Windows\System32\DRIVERS\xb1usb.sys [34016 2014-05-26] (Microsoft Corporation)
S3 ZG760_64; C:\Windows\System32\DRIVERS\WlanGZ64.SYS [493696 2006-08-17] (ZyDAS Technology Corporation)
S3 ZG760_64; C:\Windows\SysWOW64\DRIVERS\WlanGZ64.SYS [493696 2006-08-17] (ZyDAS Technology Corporation)
S2 {73526619-C24F-470B-9BED-53D455FBB5C6}; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [147704 2012-08-10] (CyberLink Corp.)
S3 ALSysIO; \??\C:\Users\RAJINI~1\AppData\Local\Temp\ALSysIO64.sys [X]
S3 BS2228303646; \??\C:\Users\RAJINI~1\AppData\Local\Temp\NTFS.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-09 17:03 - 2015-11-09 21:16 - 00000000 ____D C:\Windows\System32\MpEngineStore
2015-11-09 05:49 - 2015-11-09 05:49 - 00003380 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1873260180-584723267-4080468776-1000
2015-11-09 05:49 - 2015-11-09 05:49 - 00003258 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1873260180-584723267-4080468776-1000
2015-11-08 21:24 - 2015-11-08 21:24 - 00000036 _____ C:\Users\Rajinikanth\AppData\Local\housecall.guid.cache
2015-11-08 21:14 - 2015-11-08 21:14 - 00000000 ____D C:\Users\Rajinikanth\AppData\Roaming\QuickScan
2015-11-08 15:53 - 2015-11-08 15:54 - 00037596 _____ C:\Users\Rajinikanth\Desktop\Addition.txt
2015-11-08 15:51 - 2015-11-10 02:44 - 00000000 ____D C:\FRST
2015-11-08 15:51 - 2015-11-08 15:54 - 00024936 _____ C:\Users\Rajinikanth\Desktop\FRST.txt
2015-11-08 15:36 - 2015-11-08 15:44 - 00000000 ____D C:\Users\Rajinikanth\AppData\Roaming\tor
2015-11-08 14:42 - 2015-11-08 14:42 - 00007626 _____ C:\Users\Rajinikanth\AppData\Local\Resmon.ResmonCfg
2015-11-08 14:36 - 2015-11-08 14:36 - 00000137 _____ C:\Users\Rajinikanth\Desktop\debug.log
2015-11-08 12:37 - 2015-11-09 09:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-08 12:37 - 2015-11-09 09:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-08 12:37 - 2015-11-08 13:24 - 00000000 ____D C:\Users\Rajinikanth\AppData\Local\Mozilla
2015-11-08 12:37 - 2015-11-08 12:37 - 00000000 ____D C:\Users\Rajinikanth\AppData\Roaming\Mozilla
2015-11-08 00:23 - 2015-11-09 05:48 - 00000000 ____D C:\Users\Rajinikanth\AppData\LocalLow\uTorrent
2015-10-23 18:26 - 2015-11-09 08:12 - 03471692 _____ C:\Windows\System32\CFG2228303646
2015-10-23 18:14 - 2015-10-23 18:14 - 00329496 _____ C:\Windows\Minidump\102315-55536-01.dmp
2015-10-23 18:12 - 2015-11-09 09:08 - 00000000 ____D C:\Users\Rajinikanth\AppData\Roaming\IebaFqej
2015-10-23 18:11 - 2015-10-23 18:12 - 00000000 ___HD C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2015-10-13 18:32 - 2015-10-13 18:32 - 00020679 _____ C:\Users\Rajinikanth\Downloads\32415815A0B4621400688F0BF2966D7FD3435D93.torrent
2015-10-13 18:31 - 2015-10-13 18:31 - 00019703 _____ C:\Users\Rajinikanth\Downloads\D6525C8CB07CBC6CE001A97541DAD408D4F1FFF0.torrent
2015-10-13 18:30 - 2015-10-13 18:30 - 00019715 _____ C:\Users\Rajinikanth\Downloads\81BA198ED92739B4BCEE99C90FF5EFA0B71069D4.torrent
2015-10-13 18:28 - 2015-10-13 18:28 - 00017607 _____ C:\Users\Rajinikanth\Downloads\D5A14DD9675E85750E60051FC86F0AB402E9443F.torrent
2015-10-13 18:24 - 2015-10-13 18:24 - 00013303 _____ C:\Users\Rajinikanth\Downloads\www.TamilRockers.com - Unnale Unnale 2006 Tamil 720p DVDRip x264 1.2GB ESubs.torrent
2015-10-13 18:23 - 2015-10-13 18:23 - 00012075 _____ C:\Users\Rajinikanth\Downloads\www.TamilRockers.com - VSOP (2015)1080p v2 HD - AVC - MP4 - 5.1 - 4.4GB - Tamil.mp4.torrent
2015-10-13 18:21 - 2015-10-13 18:21 - 00016196 _____ C:\Users\Rajinikanth\Downloads\www.TamilRockers.com - Baahubali (2015)1080p DVDRip - Tamil AAC 5.1 (Original) - 3GB ESubs.torrent
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-09 23:58 - 2012-01-31 23:41 - 01066723 _____ C:\Windows\WindowsUpdate.log
2015-11-09 23:57 - 2012-09-08 18:28 - 00000000 ____D C:\Users\Rajinikanth\AppData\Roaming\uTorrent
2015-11-09 23:57 - 2009-07-13 20:51 - 00111608 _____ C:\Windows\setupact.log
2015-11-09 23:51 - 2009-07-13 21:13 - 00778834 _____ C:\Windows\System32\PerfStringBackup.INI
2015-11-09 23:00 - 2012-02-10 20:09 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1873260180-584723267-4080468776-1000UA.job
2015-11-09 19:46 - 2015-06-21 22:51 - 00000000 ____D C:\Users\Rajinikanth\AppData\Roaming\Raptr
2015-11-09 18:00 - 2012-02-10 20:09 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1873260180-584723267-4080468776-1000Core.job
2015-11-09 16:58 - 2015-06-19 22:12 - 00000000 ____D C:\Users\Rajinikanth\AppData\Local\CrashDumps
2015-11-09 09:08 - 2015-07-18 20:43 - 00000000 ____D C:\Program Files (x86)\Google
2015-11-09 09:08 - 2014-07-23 15:07 - 00000000 ____D C:\Program Files (x86)\Acrok
2015-11-09 09:08 - 2012-08-24 13:37 - 00000000 ____D C:\Users\Rajinikanth\AppData\Roaming\vlc
2015-11-09 09:08 - 2012-08-01 10:42 - 00000000 ____D C:\users\Deploy
2015-11-09 09:08 - 2012-02-10 20:09 - 00000000 ____D C:\Users\Rajinikanth\AppData\Local\Google
2015-11-09 09:08 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2015-11-09 09:08 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2015-11-09 09:08 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2015-11-09 09:07 - 2014-01-20 23:24 - 00000000 ____D C:\ProgramData\RealNetworks
2015-11-09 05:56 - 2009-07-13 20:45 - 00026000 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-09 05:56 - 2009-07-13 20:45 - 00026000 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-09 05:44 - 2013-06-07 14:59 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2015-11-09 05:44 - 2013-06-03 02:33 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2015-11-09 05:44 - 2012-01-31 23:40 - 00000000 ____D C:\users\Rajinikanth
2015-11-09 05:43 - 2012-02-01 00:10 - 00000000 ____D C:\ProgramData\NVIDIA
2015-11-09 05:43 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-08 17:23 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\FxsTmp
2015-11-08 12:32 - 2012-02-10 20:09 - 00000000 ____D C:\Users\Rajinikanth\AppData\Local\Deployment
2015-10-23 18:14 - 2012-02-15 22:10 - 00000000 ____D C:\Windows\Minidump
2015-10-23 18:10 - 2012-02-10 21:53 - 00000000 ____D C:\ProgramData\MFAData
2015-10-21 12:37 - 2015-06-23 06:54 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
 
Files to move or delete:
====================
C:\ProgramData\uninstaller.exe
 
 
==================== Known DLLs (Whitelisted) =========================
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE Association (Whitelisted) =============
 
 
==================== Restore Points =========================
 
Restore point date: 2015-10-24 10:04
Restore point date: 2015-11-03 23:00
Restore point date: 2015-11-09 22:48
 
==================== Memory info =========================== 
 
Percentage of memory in use: 9%
Total physical RAM: 8191.37 MB
Available physical RAM: 7394.27 MB
Total Virtual: 8189.57 MB
Available Virtual: 7381.75 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:984.01 GB) (Free:13.48 GB) NTFS
Drive e: () (Fixed) (Total:878.91 GB) (Free:289.32 GB) NTFS
Drive g: (USB20FD) (Removable) (Total:14.92 GB) (Free:14.84 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: B65E26BF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=984 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=878.9 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 14.9 GB) (Disk ID: 04030201)
Partition 1: (Not Active) - (Size=14.9 GB) - (Type=0C)
 
 
LastRegBack: 2015-11-03 22:53
 
==================== End of FRST.txt ============================

Attached Files

  • Attached File  FRST.txt   17.32KB   205 downloads

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,458 posts
  • MVP
Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that.  
 
(If it boots run FRST from Windows )  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.

  • 0

#3
rajinikanths

rajinikanths

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts

Thanks a ton. I'll follow these steps and share the log files.


  • 0

#4
rajinikanths

rajinikanths

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts

From the 'Repair Computer's Command Prompt' - I ran the fix. The fix log is: Fixlog_11102015_1.txt

Next I rebooted the machine.

From Windows, I reran the FRST from USB Drive selecting 'Additions' options and the files are attached.

 with tags

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by Rajinikanth (administrator) on SARVESH-DSK (10-11-2015 17:55:21)
Running from G:\
Loaded Profiles: Rajinikanth (Available Profiles: Rajinikanth & Deploy)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\TP-LINK\COMMON\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\TP-LINK\COMMON\RaRegistry64.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(BitTorrent Inc.) C:\Users\Rajinikanth\AppData\Roaming\uTorrent\uTorrent.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(TP-LINK Technology, Corp.) C:\Program Files (x86)\TP-LINK\COMMON\TWCU.exe
() C:\Windows\VID_0e8f&PID_0003\Watchps3.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(BitTorrent Inc.) C:\Users\Rajinikanth\AppData\Roaming\uTorrent\updates\3.4.5_41202\utorrentie.exe
(BitTorrent Inc.) C:\Users\Rajinikanth\AppData\Roaming\uTorrent\updates\3.4.5_41202\utorrentie.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
() C:\ProgramData\igfxext_64.dll
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13374568 2011-12-13] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-24] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [igfxEM_64] => C:\ProgramData\igfxEM_64.exe [4096 2015-11-10] ()
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [AllShareAgent] => C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe [285072 2012-03-01] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [PowerDVD12DMREngine] => C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe [505872 2012-07-25] (CyberLink)
HKLM-x32\...\Run: [PowerDVD12Agent] => C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe [374560 2012-07-25] (CyberLink Corp.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-10-01] (Raptr, Inc)
HKU\S-1-5-21-1873260180-584723267-4080468776-1000\...\Run: [Google Update] => C:\Users\Rajinikanth\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
HKU\S-1-5-21-1873260180-584723267-4080468776-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG)
HKU\S-1-5-21-1873260180-584723267-4080468776-1000\...\Run: [uTorrent] => C:\Users\Rajinikanth\AppData\Roaming\uTorrent\uTorrent.exe [1822048 2015-10-13] (BitTorrent Inc.)
HKU\S-1-5-21-1873260180-584723267-4080468776-1000\...\Run: [AVG-Secure-Search-Update_0913a] => C:\Users\Rajinikanth\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid e9ece8404a8f47d1a8d3d15a0f75730d-ad1491be2ce6c122f6b66faa90e70c2decf7d34c --CMPID 0913a
HKU\S-1-5-21-1873260180-584723267-4080468776-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-1873260180-584723267-4080468776-1000\...\MountPoints2: {e9594a04-17cf-11e5-9834-98588a039dc4} - F:\setup.exe
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2014-12-28]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Client Utility.lnk [2012-07-05]
ShortcutTarget: TP-LINK Wireless Client Utility.lnk -> C:\Program Files (x86)\TP-LINK\COMMON\TWCU.exe (TP-LINK Technology, Corp.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Watchps3.exe.lnk [2015-08-11]
ShortcutTarget: Watchps3.exe.lnk -> C:\Windows\VID_0e8f&PID_0003\Watchps3.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{0B29B12F-5142-4420-935D-3E17F0E6FDDB}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{492BB5EE-2F43-4084-A03B-2BF7904C8544}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{69C927DF-D948-467A-8720-6ED730F92778}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKU\S-1-5-21-1873260180-584723267-4080468776-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-1873260180-584723267-4080468776-1000 -> {78CC8F23-5F76-4711-9F10-B19F78179064} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll => No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18] (Adobe Systems Incorporated)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2012-08-09] (RealDownloader)
BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssie.dll => No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-22] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-22] (Oracle Corporation)
Toolbar: HKLM - s1 Search.us.com Toolbar - {8211CED8-A242-48B3-A191-234BEBB7F509} - C:\Users\Rajinikanth\AppData\Local\TNT2\2.0.0.1057\IEToolbar64.dll No File
Toolbar: HKU\S-1-5-21-1873260180-584723267-4080468776-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-1873260180-584723267-4080468776-1000 -> s1 Search.us.com Toolbar - {8211CED8-A242-48B3-A191-234BEBB7F509} - C:\Users\Rajinikanth\AppData\Local\TNT2\2.0.0.1057\IEToolbar64.dll No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
 
FireFox:
========
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-22] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll [2012-03-29] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-08-25] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-08-25] (NVIDIA Corporation)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.2.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2012-08-09] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.2.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2012-08-09] (RealNetworks, Inc.)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2012-08-09] (RealDownloader)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-07-19] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-02-15] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1873260180-584723267-4080468776-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Rajinikanth\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-1873260180-584723267-4080468776-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Rajinikanth\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{B1FC07E1-E05B-4567-8891-E63FBE545BA8}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2015-11-09] [not signed]
 
Chrome: 
=======
CHR Profile: C:\Users\Rajinikanth\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Rajinikanth\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-09]
CHR Extension: (No Name) - C:\Users\Rajinikanth\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-09]
CHR Extension: (No Name) - C:\Users\Rajinikanth\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-09]
CHR Extension: (No Name) - C:\Users\Rajinikanth\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2015-11-09]
CHR Extension: (No Name) - C:\Users\Rajinikanth\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-09]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-08-09]
StartMenuInternet: Google Chrome - C:\Users\Rajinikanth\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3645456 2014-04-18] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.)
R2 CLHNServiceForPowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [90640 2012-07-25] (CyberLink Corp.)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [78352 2012-07-25] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [295440 2012-07-25] (CyberLink)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-24] (NVIDIA Corporation)
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1868432 2015-06-24] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-24] (NVIDIA Corporation)
R2 RalinkRegistryWriter; C:\Program Files (x86)\TP-LINK\COMMON\RaRegistry.exe [374112 2011-03-14] (Ralink Technology, Corp.)
R2 RalinkRegistryWriter64; C:\Program Files (x86)\TP-LINK\COMMON\RaRegistry64.exe [451936 2011-03-14] (Ralink Technology, Corp.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-08-09] ()
S3 TpMediaServer; C:\Program Files (x86)\TP-LINK\COMMON\RaMediaServer.exe [619872 2011-03-14] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [237336 2014-04-18] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192792 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [236824 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [324376 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130840 2014-03-31] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [32536 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-03-31] (AVG Technologies CZ, s.r.o.)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [172760 2014-12-28] (Broadcom Corporation.)
R1 BIOS; C:\Windows\system32\drivers\BIOS64.sys [14136 2009-06-17] (BIOSTAR Group)
R1 BIOS; C:\Windows\SysWOW64\drivers\BIOS64.sys [14136 2009-06-17] (BIOSTAR Group)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-06-20] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 MpKslb6c95284; C:\Windows\system32\MpEngineStore\MpKslb6c95284.sys [44928 2015-11-09] (Microsoft Corporation)
R1 MpKslcf41a2e4; C:\Windows\system32\MpEngineStore\MpKslcf41a2e4.sys [44928 2015-11-09] (Microsoft Corporation)
S3 MPMFL; C:\Windows\System32\DRIVERS\MPMFL.sys [23272 2012-12-17] (Windows ® Server 2003 DDK provider)
R2 ntk_PowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [83704 2012-06-20] (Cyberlink Corp.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-24] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46768 2015-05-18] (NVIDIA Corporation)
S3 xb1usb; C:\Windows\System32\DRIVERS\xb1usb.sys [34016 2014-05-27] (Microsoft Corporation)
S3 ZG760_64; C:\Windows\System32\DRIVERS\WlanGZ64.SYS [493696 2006-08-17] (ZyDAS Technology Corporation)
S3 ZG760_64; C:\Windows\SysWOW64\DRIVERS\WlanGZ64.SYS [493696 2006-08-17] (ZyDAS Technology Corporation)
R2 {73526619-C24F-470B-9BED-53D455FBB5C6}; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [147704 2012-08-10] (CyberLink Corp.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-10 17:44 - 2015-11-10 17:44 - 00004096 _____ C:\ProgramData\igfxEM_64.exe
2015-11-10 17:43 - 2015-11-10 17:43 - 00004096 _____ C:\ProgramData\igfxext_64.dll
2015-11-09 19:03 - 2015-11-09 23:16 - 00000000 ____D C:\Windows\system32\MpEngineStore
2015-11-09 07:49 - 2015-11-10 17:40 - 00003380 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1873260180-584723267-4080468776-1000
2015-11-09 07:49 - 2015-11-10 17:40 - 00003258 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1873260180-584723267-4080468776-1000
2015-11-08 23:24 - 2015-11-08 23:24 - 00000036 _____ C:\Users\Rajinikanth\AppData\Local\housecall.guid.cache
2015-11-08 23:14 - 2015-11-08 23:14 - 00000000 ____D C:\Users\Rajinikanth\AppData\Roaming\QuickScan
2015-11-08 17:53 - 2015-11-08 17:54 - 00037596 _____ C:\Users\Rajinikanth\Desktop\Addition.txt
2015-11-08 17:51 - 2015-11-10 17:55 - 00000000 ____D C:\FRST
2015-11-08 17:51 - 2015-11-08 17:54 - 00024936 _____ C:\Users\Rajinikanth\Desktop\FRST.txt
2015-11-08 17:36 - 2015-11-08 17:44 - 00000000 ____D C:\Users\Rajinikanth\AppData\Roaming\tor
2015-11-08 16:42 - 2015-11-08 16:42 - 00007626 _____ C:\Users\Rajinikanth\AppData\Local\Resmon.ResmonCfg
2015-11-08 16:36 - 2015-11-08 16:36 - 00000137 _____ C:\Users\Rajinikanth\Desktop\debug.log
2015-11-08 14:37 - 2015-11-09 11:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-08 14:37 - 2015-11-09 11:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-08 14:37 - 2015-11-08 15:24 - 00000000 ____D C:\Users\Rajinikanth\AppData\Local\Mozilla
2015-11-08 14:37 - 2015-11-08 14:37 - 00000000 ____D C:\Users\Rajinikanth\AppData\Roaming\Mozilla
2015-11-08 02:23 - 2015-11-10 17:42 - 00000000 ____D C:\Users\Rajinikanth\AppData\LocalLow\uTorrent
2015-10-23 20:26 - 2015-11-09 10:12 - 03471692 _____ C:\Windows\system32\CFG2228303646
2015-10-23 20:14 - 2015-10-23 20:14 - 00329496 _____ C:\Windows\Minidump\102315-55536-01.dmp
2015-10-23 20:11 - 2015-10-23 20:12 - 00000000 ___HD C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2015-10-13 20:32 - 2015-10-13 20:32 - 00020679 _____ C:\Users\Rajinikanth\Downloads\32415815A0B4621400688F0BF2966D7FD3435D93.torrent
2015-10-13 20:31 - 2015-10-13 20:31 - 00019703 _____ C:\Users\Rajinikanth\Downloads\D6525C8CB07CBC6CE001A97541DAD408D4F1FFF0.torrent
2015-10-13 20:30 - 2015-10-13 20:30 - 00019715 _____ C:\Users\Rajinikanth\Downloads\81BA198ED92739B4BCEE99C90FF5EFA0B71069D4.torrent
2015-10-13 20:28 - 2015-10-13 20:28 - 00017607 _____ C:\Users\Rajinikanth\Downloads\D5A14DD9675E85750E60051FC86F0AB402E9443F.torrent
2015-10-13 20:24 - 2015-10-13 20:24 - 00013303 _____ C:\Users\Rajinikanth\Downloads\www.TamilRockers.com - Unnale Unnale 2006 Tamil 720p DVDRip x264 1.2GB ESubs.torrent
2015-10-13 20:23 - 2015-10-13 20:23 - 00012075 _____ C:\Users\Rajinikanth\Downloads\www.TamilRockers.com - VSOP (2015)1080p v2 HD - AVC - MP4 - 5.1 - 4.4GB - Tamil.mp4.torrent
2015-10-13 20:21 - 2015-10-13 20:21 - 00016196 _____ C:\Users\Rajinikanth\Downloads\www.TamilRockers.com - Baahubali (2015)1080p DVDRip - Tamil AAC 5.1 (Original) - 3GB ESubs.torrent
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-10 17:55 - 2012-09-08 20:28 - 00000000 ____D C:\Users\Rajinikanth\AppData\Roaming\uTorrent
2015-11-10 17:52 - 2009-07-13 22:45 - 00026000 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-10 17:52 - 2009-07-13 22:45 - 00026000 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-10 17:51 - 2012-02-01 01:41 - 01088688 _____ C:\Windows\WindowsUpdate.log
2015-11-10 17:47 - 2009-07-13 23:13 - 00778834 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-10 17:43 - 2015-06-22 00:51 - 00000000 ____D C:\Users\Rajinikanth\AppData\Roaming\Raptr
2015-11-10 17:40 - 2013-06-07 16:59 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2015-11-10 17:40 - 2013-06-03 04:33 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2015-11-10 17:40 - 2012-02-01 02:10 - 00000000 ____D C:\ProgramData\NVIDIA
2015-11-10 17:40 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-10 17:40 - 2009-07-13 22:51 - 00111776 _____ C:\Windows\setupact.log
2015-11-10 01:00 - 2012-02-10 22:09 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1873260180-584723267-4080468776-1000UA.job
2015-11-09 20:00 - 2012-02-10 22:09 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1873260180-584723267-4080468776-1000Core.job
2015-11-09 18:58 - 2015-06-20 00:12 - 00000000 ____D C:\Users\Rajinikanth\AppData\Local\CrashDumps
2015-11-09 11:08 - 2015-07-18 22:43 - 00000000 ____D C:\Program Files (x86)\Google
2015-11-09 11:08 - 2014-07-23 17:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrok
2015-11-09 11:08 - 2014-07-23 17:07 - 00000000 ____D C:\Program Files (x86)\Acrok
2015-11-09 11:08 - 2012-08-24 15:37 - 00000000 ____D C:\Users\Rajinikanth\AppData\Roaming\vlc
2015-11-09 11:08 - 2012-08-01 12:42 - 00000000 ____D C:\Users\Deploy
2015-11-09 11:08 - 2012-02-10 22:09 - 00000000 ____D C:\Users\Rajinikanth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-11-09 11:08 - 2012-02-10 22:09 - 00000000 ____D C:\Users\Rajinikanth\AppData\Local\Google
2015-11-09 11:08 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\NDF
2015-11-09 11:08 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\registration
2015-11-09 11:08 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\AppCompat
2015-11-09 11:07 - 2014-01-21 01:24 - 00000000 ____D C:\ProgramData\RealNetworks
2015-11-09 07:44 - 2012-02-01 01:40 - 00000000 ____D C:\Users\Rajinikanth
2015-11-08 19:23 - 2009-07-13 23:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-11-08 14:32 - 2012-02-10 22:09 - 00000000 ____D C:\Users\Rajinikanth\AppData\Local\Deployment
2015-10-23 20:14 - 2012-02-16 00:10 - 00000000 ____D C:\Windows\Minidump
2015-10-23 20:10 - 2012-02-10 23:53 - 00000000 ____D C:\ProgramData\MFAData
2015-10-21 14:37 - 2015-06-23 08:54 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
 
==================== Files in the root of some directories =======
 
2009-07-13 17:19 - 2009-07-13 19:14 - 0581632 _____ () C:\Users\Rajinikanth\AppData\Roaming\BackUp2228303646.exe
2012-08-01 23:29 - 2012-09-29 14:45 - 0015872 _____ () C:\Users\Rajinikanth\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-11-08 23:24 - 2015-11-08 23:24 - 0000036 _____ () C:\Users\Rajinikanth\AppData\Local\housecall.guid.cache
2015-11-08 16:42 - 2015-11-08 16:42 - 0007626 _____ () C:\Users\Rajinikanth\AppData\Local\Resmon.ResmonCfg
2015-11-10 17:44 - 2015-11-10 17:44 - 0004096 _____ () C:\ProgramData\igfxEM_64.exe
2015-11-10 17:43 - 2015-11-10 17:43 - 0004096 _____ () C:\ProgramData\igfxext_64.dll
2012-08-07 12:49 - 2012-08-07 12:49 - 4608000 _____ () C:\ProgramData\ReadOnlyInstaller.msi
2012-08-24 15:22 - 2012-08-24 15:22 - 0033958 _____ () C:\ProgramData\uninstaller.exe
 
Files to move or delete:
====================
C:\ProgramData\igfxEM_64.exe
C:\ProgramData\igfxext_64.dll
C:\ProgramData\uninstaller.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-11-04 00:53
 
==================== End of FRST.txt ============================

Attached Files


  • 0

#5
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,458 posts
  • MVP

One more fixlist just as before but run it from Windows.

 
Download aswMBR.exe  to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and  click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply
 

After the FRST fixlist does Chrome open?  

 

IF AVG won't run I would 

 

Download and Save the free Avast installer.
 

 
Download and save the AVG removal tool
 
(Both files are immediate downloads so they should start downloading after you click on the links)
 
Uninstall AVG
 
Run the Avg Remover (right click and Run As Administrator)
 
Reboot
 
Install Avast.
 
Does it run?  IF so after it updates:

do a boot-time scan while you sleep:
First mute the speakers so it won't wake you up when Windows loads.  Click on the Orange ball.  Click on Scan, then Scan for Viruses and wait a couple of minutes for the page to change.  Change Quickscan to Boot-time Scan.  Click on Settings.  Where it says Heuristic Sensitivity click on the last rectangle so that all of them are  orange and it says High.  Check both boxes.  Then change When a threat is found ... to:  Move to Chest.  OK.  Now click on Start.  Close the Avast window and then reboot.  The scan will start.  It will tell you where it will save the report.  Usually it's 
C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.  When Windows loads Click on the Orange Ball then Scan, Then Scan History (at the bottom of the page). Click on the last scan and then Detailed Report.  If it found anything then open the aswBoot.txt file and copy and paste it.  You may need to enable seeing hidden files in order to see the file so: Open the Control Panel menu and click Folder Options.
    After the new window appears select the View tab.
    Put a checkmark in the checkbox labeled Display the contents of system folders.
    Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
    Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
    Remove the checkmark from the checkbox labeled Hide protected operating system files.
    Press the Apply button and then the OK button
 
If you can't find it then take a screen shot of the Detailed Report
 
If you can't get AVG or Avast to run try the free ESET online scan:
 

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner.  Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).  
 
# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.
 
 
Let's also try the bitdefender quickscan.
 
 
When it finishes there is a View Report option at the bottom.  Click on it and copy and paste the report (even if it says nothing found).
 
 

  • 0

#6
rajinikanths

rajinikanths

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts

Sure, i'll try now. Thank you.


  • 0

#7
rajinikanths

rajinikanths

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts

1. I ran the FixList from Windows.

2. Downloaded aswmbr.exe from a different machine. Copied to desktop. Right-Clicked and selected Run As Administrator. Nothing happened.

3. Restarted PC. Right-Clicked and selected Run As Administrator. Nothing happened this time.

4. Tried to open Chrome. Immediately crashed. Earlier (before reporting), chrome will open and in a second or less, it will crash. 

5. Now tried to open AVG 2014. No reaction.

6. Went to Control Panel to Uninstall. Selected AVG Uninstall. No reaction.

 

Please advise next step.

Thanks.


  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,458 posts
  • MVP

See if the AVG removal tool will work.


  • 0

#9
rajinikanths

rajinikanths

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts

Not working.

Tried from Desktop as well as USB Drive. No response when I try to run it with 'Run as administrator'.

 

Thanks.


  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,458 posts
  • MVP

Try combofix.exe  but before you run it, rename it to george.exe then boot into Safe Mode with Networking and run george.exe by right click and Run As ADmin.


  • 0

Advertisements


#11
rajinikanths

rajinikanths

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts

On it. Trying now by booting in safemode. I will update you shortly. Thank you.


  • 0

#12
rajinikanths

rajinikanths

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts

It is running. Currently trying to create new system restore point. Once it is complete should I send the log file(s)? Anything else?

Please advise.

 

Thanks again.


  • 0

#13
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,458 posts
  • MVP

IF you get a log please post it.  Sometimes it can't show you the log but it is still there in the c:\Combofix folder.


  • 0

#14
rajinikanths

rajinikanths

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts

Sure. Meanwhile, when the scan was running, my PC just abruptly shutdown. I guess it is due to overheat. I'm going to cool it with fan and restart. Is it OK to reboot into SafeMode with Networking and rerun ComboFix? 


  • 0

#15
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,458 posts
  • MVP

Yes.  


  • 0






Similar Topics


Also tagged with one or more of these keywords: chrome crashed, cant run malwarebytes, unable to install antivirus, frst, cant install anti-malware

1 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


    Google (1)

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP