Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

chrome crashed, can't run or install anti-malware or anti-virus

chrome crashed cant run malwarebytes unable to install antivirus frst cant install anti-malware

  • Please log in to reply

#16
rajinikanths

rajinikanths

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts

ComboFix just finished. Please find the log attached.

Thank you.

 

ComboFix 15-11-09.01 - Rajinikanth 11/10/2015  23:17:53.1.3 - x64 NETWORK
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8191.6848 [GMT -6:00]
Running from: c:\users\Rajinikanth\Desktop\george.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Outdated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Outdated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\downloads\Setup\1BluToothDriver\Tools\Driver\_desktop.ini
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Watchps3.exe.lnk
c:\programdata\ReadOnlyInstaller.msi
c:\users\Rajinikanth\AppData\Local\Microsoft\Windows\Temporary Internet Files\Silverlight.exe
c:\windows\inf\_desktop.ini
c:\windows\SysWOW64\_desktop.ini
c:\windows\SysWOW64\drivers\_desktop.ini
.
.
(((((((((((((((((((((((((   Files Created from 2015-10-11 to 2015-11-11  )))))))))))))))))))))))))))))))
.
.
2015-11-11 05:29 . 2015-11-11 05:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-11-11 05:29 . 2015-11-11 05:29 -------- d-----w- c:\users\Deploy\AppData\Local\temp
2015-11-11 05:01 . 2015-11-11 05:15 -------- d-----w- C:\george
2015-11-10 01:03 . 2015-11-11 00:10 -------- d-----w- c:\windows\system32\MpEngineStore
2015-11-09 05:14 . 2015-11-09 05:14 -------- d-----w- c:\users\Rajinikanth\AppData\Roaming\QuickScan
2015-11-08 23:51 . 2015-11-11 06:37 -------- d-----w- C:\FRST
2015-11-08 23:36 . 2015-11-08 23:44 -------- d-----w- c:\users\Rajinikanth\AppData\Roaming\tor
2015-11-08 20:37 . 2015-11-08 21:24 -------- d-----w- c:\users\Rajinikanth\AppData\Local\Mozilla
2015-11-08 20:37 . 2015-11-09 17:08 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2015-10-24 02:16 . 2015-10-24 02:16 -------- d-----w- c:\program files\Common Files\Microsoft
2015-10-24 02:11 . 2015-10-24 02:12 -------- d--h--w- c:\programdata\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-10-02 18:09 . 2013-03-22 05:26 143481208 ----a-w- c:\windows\system32\MRT.exe
2015-08-25 18:46 . 2015-09-08 06:16 945456 ----a-w- c:\windows\SysWow64\NvFBC.dll
2015-08-25 18:46 . 2015-09-08 06:16 944736 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2015-08-25 18:46 . 2015-09-08 06:16 2627704 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2015-08-25 18:46 . 2015-09-08 06:16 17082392 ----a-w- c:\windows\system32\nvwgf2umx.dll
2015-08-25 18:46 . 2015-09-08 06:16 14936264 ----a-w- c:\windows\system32\nvcuda.dll
2015-08-25 18:46 . 2015-09-08 06:16 11089200 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2015-08-25 18:46 . 2015-09-08 06:16 986232 ----a-w- c:\windows\SysWow64\NvIFR.dll
2015-08-25 18:46 . 2015-09-08 06:16 42840368 ----a-w- c:\windows\system32\nvcompiler.dll
2015-08-25 18:46 . 2015-09-08 06:16 37819184 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2015-08-25 18:46 . 2015-09-08 06:16 2940720 ----a-w- c:\windows\system32\nvcuvid.dll
2015-08-25 18:46 . 2015-09-08 06:16 22525560 ----a-w- c:\windows\system32\nvoglv64.dll
2015-08-25 18:46 . 2015-09-08 06:16 1898288 ----a-w- c:\windows\system32\nvdispco6435582.dll
2015-08-25 18:46 . 2015-09-08 06:16 18543736 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2015-08-25 18:46 . 2015-09-08 06:16 176904 ----a-w- c:\windows\system32\nvinitx.dll
2015-08-25 18:46 . 2015-09-08 06:16 16637336 ----a-w- c:\windows\system32\nvopencl.dll
2015-08-25 18:46 . 2015-09-08 06:16 1558648 ----a-w- c:\windows\system32\nvdispgenco6435582.dll
2015-08-25 18:46 . 2015-09-08 06:16 155792 ----a-w- c:\windows\SysWow64\nvinit.dll
2015-08-25 18:46 . 2015-09-08 06:16 15512888 ----a-w- c:\windows\system32\nvd3dumx.dll
2015-08-25 18:46 . 2015-09-08 06:16 150832 ----a-w- c:\windows\system32\nvoglshim64.dll
2015-08-25 18:46 . 2015-09-08 06:16 128512 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2015-08-25 18:46 . 2015-09-08 06:16 12185152 ----a-w- c:\windows\SysWow64\nvcuda.dll
2015-08-25 18:46 . 2015-09-08 06:16 1106672 ----a-w- c:\windows\system32\nvumdshimx.dll
2015-08-25 18:46 . 2015-09-08 06:16 1075320 ----a-w- c:\windows\system32\NvFBC64.dll
2015-08-25 18:46 . 2015-09-08 06:16 1064752 ----a-w- c:\windows\system32\NvIFR64.dll
2015-08-25 18:46 . 2015-06-20 17:27 14635792 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2015-08-25 18:46 . 2015-06-20 17:27 13661160 ----a-w- c:\windows\SysWow64\nvopencl.dll
2015-08-25 18:46 . 2014-07-25 05:29 112760 ----a-w- c:\windows\system32\OpenCL.dll
2015-08-25 18:46 . 2014-07-25 05:29 105264 ----a-w- c:\windows\SysWow64\OpenCL.dll
2015-08-25 18:46 . 2014-07-25 05:27 3527696 ----a-w- c:\windows\system32\nvapi64.dll
2015-08-25 18:46 . 2014-07-25 05:27 3112904 ----a-w- c:\windows\SysWow64\nvapi.dll
2015-08-25 18:46 . 2014-07-25 05:27 12515016 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2015-08-25 14:24 . 2014-12-27 06:36 2558584 ----a-w- c:\windows\system32\nvsvcr.dll
2015-08-25 14:24 . 2014-07-25 05:29 62584 ----a-w- c:\windows\system32\nvshext.dll
2015-08-25 14:24 . 2014-07-25 05:29 3496752 ----a-w- c:\windows\system32\nvsvc64.dll
2015-08-25 14:24 . 2014-07-25 05:29 937776 ----a-w- c:\windows\system32\nvvsvc.exe
2015-08-25 14:24 . 2014-07-25 05:29 385144 ----a-w- c:\windows\system32\nvmctray.dll
2015-08-25 14:24 . 2014-07-25 05:29 6884984 ----a-w- c:\windows\system32\nvcpl.dll
2015-08-25 14:08 . 2015-09-08 06:18 574072 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2015-08-25 12:35 . 2014-07-25 05:29 5165808 ----a-w- c:\windows\system32\nvcoproc.bin
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]
"uTorrent"="c:\users\Rajinikanth\AppData\Roaming\uTorrent\uTorrent.exe" [2015-10-13 1822048]
"DAEMON Tools Lite Automount"="c:\program files\DAEMON Tools Lite\DTAgent.exe" [2015-06-18 4468056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2014-04-07 5180432]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"AllShareAgent"="c:\program files (x86)\Samsung\AllShare\AllShareAgent.exe" [2012-03-02 285072]
"PowerDVD12DMREngine"="c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe" [2012-07-25 505872]
"PowerDVD12Agent"="c:\program files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe" [2012-07-25 374560]
"Raptr"="c:\program files (x86)\Raptr\raptrstub.exe" [2015-10-01 56080]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2014-7-17 1396992]
TP-LINK Wireless Client Utility.lnk - c:\program files (x86)\TP-LINK\COMMON\TWCU.exe -s [2012-7-5 10918400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ   scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
R1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
R1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS64.sys;c:\windows\SYSNATIVE\drivers\BIOS64.sys [x]
R2 {73526619-C24F-470B-9BED-53D455FBB5C6};Power Control [2014/07/22 20:15];c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl;c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
R2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [x]
R2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [x]
R2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
R2 ntk_PowerDVD12;ntk_PowerDVD12;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [x]
R2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
R2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
R2 RalinkRegistryWriter64;Ralink Registry Writer 64;c:\program files (x86)\TP-LINK\COMMON\RaRegistry64.exe;c:\program files (x86)\TP-LINK\COMMON\RaRegistry64.exe [x]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
R2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe;c:\program files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [x]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 MPMFL;Usb device Game dev Controller Amd64 Driver;c:\windows\system32\DRIVERS\MPMFL.sys;c:\windows\SYSNATIVE\DRIVERS\MPMFL.sys [x]
R3 netr7364;ZyXEL RT73 Wireless Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys;c:\windows\SYSNATIVE\DRIVERS\netr7364.sys [x]
R3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
R3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files (x86)\Samsung\AllShare\AllShareSlideShowService.exe;c:\program files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [x]
R3 TpMediaServer;TpMediaServer;c:\program files (x86)\TP-LINK\COMMON\RaMediaServer.exe;c:\program files (x86)\TP-LINK\COMMON\RaMediaServer.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 xb1usb;Microsoft Xbox One Controller Driver;c:\windows\system32\DRIVERS\xb1usb.sys;c:\windows\SYSNATIVE\DRIVERS\xb1usb.sys [x]
R3 ZG760_64;ZyXEL 802.11g XG762 1211 Driver;c:\windows\system32\DRIVERS\WlanGZ64.SYS;c:\windows\SYSNATIVE\DRIVERS\WlanGZ64.SYS [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-13 13374568]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-06-24 2754704]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-06-24 1571696]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AVG-Secure-Search-Update_0913a - c:\users\Rajinikanth\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe
HKLM-Run-igfxEM_64 - c:\progra~3\igfxEM_64.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{73526619-C24F-470B-9BED-53D455FBB5C6}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-11-10  23:31:18
ComboFix-quarantined-files.txt  2015-11-11 05:31
.
Pre-Run: 27,486,670,848 bytes free
Post-Run: 29,720,215,552 bytes free
.
- - End Of File - - 26870FBCEC6A8C86184891D4773E0BF6
A36C5E4F47E84449FF07ED3517B43A31

Attached Files


  • 0

Advertisements


#17
rajinikanths

rajinikanths

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts

By the way, I did not reboot my PC after ComboFix. It is still in Safe Mode with networking.

Thanks.


  • 0

#18
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,038 posts
  • MVP

Combofix doesn't look bad.  I wonder if it would run in regular mode?  Before you do that see if aswMBR will run.

 

 

 

Let's check and see if there are other problems since you said it got hot:

 

Get the free version of Speccy:
 
http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Download, Save and Install it.  
 
Close all browsers and open progrms before running Speccy.  Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  (It will be near the top about 10 lines down.)  Save the file and close notepad  Attach the file to your next post as it is usually too large for the forum (Click on More Reply Options then Choose file, select the file, Open, Attach this File) Uninstall Speccy.
 
Got to go to bed now.

  • 0

#19
rajinikanths

rajinikanths

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts

Yes I understand. We will catch up tomorrow.

I'll finish the above steps (aswMBR & speccy) and share you the detailed udpates.

 

Thanks again for your support.


  • 0

#20
rajinikanths

rajinikanths

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts

aswMBR is not running in the Safe Mode with Networking (using Run as Admin).

Downloading Speccy in a different machine.


  • 0

#21
rajinikanths

rajinikanths

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts

Please find attached Speccy's Log. 

Attached Files


  • 0

#22
rajinikanths

rajinikanths

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts

Thanks again. See you tomorrow.


  • 0

#23
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,038 posts
  • MVP

I've got to go to Orlando today but will be back tonight.

 

Your Speccy report is not good.  It can't get a temp reading and your hard drive has a lot of problems.:

 

Attribute name Read Error Rate
Real value 0
Current 111
Worst 99
Threshold 6
Raw Value 0001C39580
Status Good
 
....
 
Attribute name Seek Error Rate
Real value 0
Current 77
Worst 60
Threshold 30
Raw Value 000E1D9938
Status Good
 
...
 
Attribute name Command Timeout
Real value 8,590,065,955
Current 100
Worst 98
Threshold 0
Raw Value 0000020123
Status Good
 
...
 
 
 
Attribute name Hardware ECC Recovered
Real value 0
Current 37
Worst 6
Threshold 0
Raw Value 0001C39580
Status Good

 

 
 
I know it says Status Good for all values but I can't believe these values are good.  You may want to clone it before it dies. My experience with these 2 GB and larger drives has not been good.  They don't seem to last as long as the smaller drives.  
 
I'm thinking that what looked like a virus was the Daemon tools driver.  I know they do funny things.  Try uninstalling Daemon Tools then rerun FRST scan.
 
Since we are seeing errors in the hard drive:
 
1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.
 
Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs.  Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.
 
 
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
 
sfc /scannow
 
(SPACE after sfc.  This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
 
Copy the next two lines:
 
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
notepad \windows\logs\cbs\junk.txt 
 
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.  Close nOtepad.  Close the Command Window.
 
 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application. (Second time you run vew it will overwrite the first log so copy it to a reply or rename it first.)
 
 
Let's get Speedfan:
 
 
Download, save and Install it (Win 7 or Vista right click and Run As Admin.) then run it (Win 7 or Vista right click and Run As Admin)
 
It will tell you your temps in real time. (If you click on Configure then on Core you can check Show in Tray then OK  and even when minimized it will show the Core temp in the system tray (near the clock),  If you don't see it then Windows is hiding it.  Click on the up arrow to the left of the icons near the clock and  Customize.  Find Speedfan and change it to Show Icons and Notifications.  ) Leave it up and run something like a video or a scan or maybe sfc /scannow again and see if the temps climb into the 70s or higher.
 
 
Speed fan also has a neat hard drive quality section.  Click on S.M.A.R.T, use the dropdown arrow to select the drive and it will show you the stats on the drive and also analyse it for you.
 

  • 0

#24
rajinikanths

rajinikanths

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
I've done everything. Let me share step by step.
 
Last night, after CompuFix is run and shared, I felt to retry Uninstalling AVG. I went to Control Panel and clicked AVG 2014 to uninstall. Last time when I did, it 
 
reacted nothing. But this time little further luck. It opened a dialog stating it is going to change/uninstall feature and immediately closed. I retried, but back to 
 
earlier issue. Clicked AVG 2014 to uninstall but no reaction. Something must have triggered it to suppress.
 
Now, I moved on to your next list of items.
 
Daemon Tools - This was installed back in June, I think. However, as you recommended I uninstalled it.
 
Disk Checck Utility - I choose recommended options. It suggested to restart but I didn't.
Then, I cleared event log - both - system and application.
Restarted and choose Safe with Networking. It ran for a long time so I left. When I'm back it was in Windows Desktop Screen.
 
I restarted and came to normal windows.
From CMD prompt, ran sfc command.
It completed successfully without errors. Please see screenshot attached.
 
Event Viewer Tool by Vino Rosso - ran both options. Both logs are attached.
 
Speed Fan: I've downloaded and installed with Run as Admin option. It shows GPU 44 and Core 39C by default. I ran SFC and it stayed there.
 
I want to share an update about abrupt system shutdown - My CPU usually shutsdown when I have it running for mutliple days. Usually when I put a fan facing right into 
 
the CPU box, it sustains longer. And, when I play powerful games, it shutsdown sooner. So I've kept CPU Processor Utilization in Power Manager to 98% and not 100%. 
 
This my history of Shutdown events and what I have been doing. Please recommend as you may prefer, now or later.
 
Thanks again.

Attached Thumbnails

  • sfc scan.jpg

Attached Files


  • 0

#25
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,038 posts
  • MVP

Appears you may be running low on hard drive Space on C:  Can you free up a few gigs?

 

Can you get the Windows Readiness Tool to run?

 

https://www.microsof...s.aspx?id=20858

 

We are seeing a problem with Windows Updates - sometimes that will help.  Also in the Search box type:

 

services.msc and hit Enter.  It should open the Services window.  Scroll down to the bottom where it says Windows Update and double click on it.  It should normally be set to Automatic (Delayed Start) and it should be Started.  If it  isn't Started try Starting it.  What error do you get?


  • 0

Advertisements


#26
rajinikanths

rajinikanths

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts

Let me now do that. Thanks. By the way my chrome is still crashing.


  • 0

#27
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,038 posts
  • MVP

See if you can edit the preference file to disable all extensions in chrome:

 

http://superuser.com...bled-turned-off (where it has the green check)


  • 0

#28
rajinikanths

rajinikanths

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts

From your earlier advise, I've freed up around 64Gigs space.

I got the Windows Readiness Tool Installed and ran. It recommended a hotfix for Windows 7 and I allowed it to install. See screenshot attached.

Then in Services Console, I noticed Windows Update's status is 'Started'.

 

I'll try the chrome advise and update you shortly.

Attached Thumbnails

  • Windows_Update_StandAlone_Installer.png

  • 0

#29
rajinikanths

rajinikanths

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts

Regarding Chrome: I tried running with option --disable-extensions and it didnt' help.

Next I tried to look for preferences file but i don't see it there.                                                            


  • 0

#30
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,038 posts
  • MVP

OK.  I think it may be in Secure preferences now but let's do it a different way:  First tell Windows to let you see hidden Files:

 

Open the Control Panel menu and click Folder Options.
    After the new window appears select the View tab.
    Put a checkmark in the checkbox labeled Display the contents of system folders.
    Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
    Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
    Remove the checkmark from the checkbox labeled Hide protected operating system files.
    Press the Apply button and then the OK button
 
Make sure Chrome is not running in the background.  Right click on the clock and Start Task Manager.  Then Processes.  If you see Chrome.exe or Chrome32.exe  click on each and End Process.
 
Press Windows Key + R then paste in the box the code below then click OK.

%USERPROFILE%\Local Settings\Application Data\Google\Chrome\User Data

Then right click on the Default folder and Cut.  Move to your desktop and Paste.  
 
Uninstall Chrome
 
Download a new copy from https://www.google.c...rowser/desktop/ and install it.  Does the new copy work?  
 
Let's see if things look better in VEW.
 
 
Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
 
Reboot. 
 
 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.
 
 (Second time you run vew it will overwrite the first log so copy it to a reply or rename it first.)
 
Right click on Speedfan & Run As Admin if it's not running.  then once it settles down, click on the S.M.A.R.T. tab and then on the Down Arrow to the right of Hard Drive.  Select your hard drive.  Click on Perform an In Depth Analysis of this Hard Drive.  A new web page will open.  Right click on the word this at the end of where it says:  "The link to get back and see a new report about this hard disk in the future is this." (It's near the bottom of the page)  Copy Link Location.  Move to a reply and Ctrl + v to paste it into the reply.  That way I can see what your hard drive looks like now.
 

  • 0






Similar Topics


Also tagged with one or more of these keywords: chrome crashed, cant run malwarebytes, unable to install antivirus, frst, cant install anti-malware

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP