Jump to content

cannot open any security or anti virus programs due to running resource mes

Recommended Posts

Sorry thought you meant this one, you asked if the FRST worked to move driver and I replied yes and then you said to do the Malicious software removal tool scan which is above  I had the scan reults from RKiller still open on desktop so deleted them from there. but running RKiller again.

Edited by Mikey1
missed something
Link to post
Share on other sites
  • Replies 163
  • Created
  • Last Reply

Top Posters In This Topic

Fix result of Farbar Recovery Scan Tool (x64) Version: 16-09-2017
Ran by Micke (17-09-2017 14:58:33) Run:6
Running from F:\Data\Desktop\New folder
Loaded Profiles: Micke (Available Profiles: defaultuser0 & Micke)
Boot Mode: Normal

fixlist content:
FF user.js: detected! => C:\Users\Micke\AppData\Roaming\Mozilla\Firefox\Profiles\0knd2vyl.default\user.js [2017-09-08]
S3 dbx; system32\DRIVERS\dbx.sys [X]
CMD: ipconfig /flushdns


Processes closed successfully.
Restore point was successfully created.
C:\Users\Micke\AppData\Roaming\Mozilla\Firefox\Profiles\0knd2vyl.default\user.js => moved successfully
HKLM\System\CurrentControlSet\Services\dbx => key removed successfully
dbx => service removed successfully
Could not move "C:\Windows\system32\drivers\rdpxaxnt.sys" => Scheduled to move on reboot.
C:\Windows\system32\Drivers\B331E1EE.sys => moved successfully

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

=========== EmptyTemp: ==========

BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 74877845 B
Java, Flash, Steam htmlcache => 379 B
Windows/system/drivers => 15867103 B
Edge => 0 B
Chrome => 0 B
Firefox => 264752228 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 80754 B
NetworkService => 0 B
defaultuser0 => 0 B
Micke => 240059795 B

RecycleBin => 0 B
EmptyTemp: => 568.1 MB temporary data Removed.


Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 17-09-2017 14:59:53)

"C:\Windows\system32\drivers\rdpxaxnt.sys" => Could not move

==== End of Fixlog 14:59:53 ====

Link to post
Share on other sites

I was able to run Adwcleaner and this is the log I also have been able to download and run Malwarebytes and that is scanning at the moment


# AdwCleaner - Logfile created on Sun Sep 17 17:10:53 2017
# Updated on 2017/29/08 by Malwarebytes
# Database: 09-15-2017.1
# Running on Windows 10 Pro (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.AdvancedSystemCare, C:\ProgramData\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Windows\System32\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Users\All Users\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Users\Micke\AppData\LocalLow\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Users\Micke\AppData\Roaming\IObit\Advanced SystemCare
PUP.Optional.Legacy, C:\ProgramData\IObit\ASCDownloader
PUP.Optional.Legacy, C:\Users\All Users\IObit\ASCDownloader

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\IOBIT\ASC
PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.ascplugin.protect
PUP.Optional.Legacy, [Key] - HKU\RK_USUARIO_ON_L_6FF9\Software\UpgSvr
PUP.Optional.Legacy, [Key] - HKU\RK_USUARIO_ON_L_6FF9\Software\PopWnd
PUP.Optional.Legacy, [Key] - HKU\RK_USUARIO_ON_L_6FF9\Software\Yahoo\Companion
PUP.Optional.Legacy, [Key] - HKU\RK_USUARIO_ON_L_6FF9\Software\AppDataLow\Software\Yahoo\Companion
PUP.Optional.Legacy, [Key] - HKU\RK_USUARIO_ON_L_6FF9\Software\fitlr
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\s5m
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1683162545-4236984137-2836460707-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\CloudExtender
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\CloudExtender
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
PUP.Optional.Legacy, [Value] - HKU\S-1-5-21-1683162545-4236984137-2836460707-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run | Advanced SystemCare 10
PUP.Optional.Wajam, [Key] - HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9
PUP.Optional.WindowService, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MeOptimum_x86
PUP.Optional.SwytShop, [Key] - HKU\S-1-5-21-1683162545-4236984137-2836460707-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\SwytShop_Pkg2_is1
PUP.Optional.SwytShop, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SwytShop_Pkg2_is1
PUP.Optional.Downloader, [Key] - HKU\RK_USUARIO_ON_L_6FF9\Software\dlr
PUP.Optional.DragonBranch, [Key] - HKU\S-1-5-21-1683162545-4236984137-2836460707-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\119
PUP.Optional.DragonBranch, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\119
PUP.Optional.WeatherAlerts, [Key] - HKU\RK_USUARIO_ON_L_6FF9\Software\Microsoft\{cc6eb6d8-85b7-435p-8b86-51e4d16ea76d}

***** [ Firefox (and derivatives) ] *****

PUP.Optional.Legacy, Plugin found: SwytShop - SwytShop

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.



########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########

Link to post
Share on other sites


-Log Details-
Scan Date: 9/17/17
Scan Time: 7:11 PM
Log File: 4c71bd7a-9bcb-11e7-ac12-bc5ff49cca3a.json
Administrator: Yes

-Software Information-
Components Version: 1.0.188
Update Package Version: 1.0.2826
License: Trial

-System Information-
OS: Windows 10 (Build 14393.1715)
CPU: x64
File System: NTFS

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 395275
Threats Detected: 17
Threats Quarantined: 17
Time Elapsed: 3 min, 47 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 7
Adware.REOptimizer, HKU\S-1-5-21-1683162545-4236984137-2836460707-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\CloudExtender, Quarantined, [7013], [412223],1.0.2826
PUP.Optional.SwytShop, HKU\S-1-5-21-1683162545-4236984137-2836460707-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SwytShop_Pkg2_is1, Quarantined, [2872], [375414],1.0.2826
Adware.REOptimizer, HKU\S-1-5-21-1683162545-4236984137-2836460707-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\119, Quarantined, [7013], [417947],1.0.2826
PUP.Optional.Wajam, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, Quarantined, [83], [170024],1.0.2826
PUP.Optional.Wajam, HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, Quarantined, [83], [170024],1.0.2826
PUP.Optional.Wajam, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, Quarantined, [83], [170024],1.0.2826

Registry Value: 5
Adware.REOptimizer, HKU\S-1-5-21-1683162545-4236984137-2836460707-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\119|DISPLAYNAME, Quarantined, [7013], [417947],1.0.2826
PUP.Optional.Wajam, HKU\S-1-5-21-1683162545-4236984137-2836460707-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [83], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-21-1683162545-4236984137-2836460707-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYOVERRIDE, Quarantined, [83], [-1],0.0.0

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 2
PUP.Optional.SwytShop, C:\Users\Micke\AppData\Roaming\Mozilla\Firefox\Profiles\0knd2vyl.default\jetpack\323D625D490FE8DD@ext.u\simple-storage, Quarantined, [2872], [375413],1.0.2826
PUP.Optional.SwytShop, C:\USERS\MICKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0KND2VYL.DEFAULT\JETPACK\323D625D490FE8DD@ext.u, Quarantined, [2872], [375413],1.0.2826

File: 3
PUP.Optional.OnlineIO, C:\WINDOWS\INSTALLER\SOURCEHASH{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, Quarantined, [551], [391431],1.0.2826
PUP.Optional.SwytShop, C:\USERS\MICKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0KND2VYL.DEFAULT\EXTENSIONS\323D625D490FE8DD@ext.u.xpi, Quarantined, [2872], [375412],1.0.2826
PUP.Optional.SwytShop, C:\Users\Micke\AppData\Roaming\Mozilla\Firefox\Profiles\0knd2vyl.default\jetpack\323D625D490FE8DD@ext.u\simple-storage\store.json, Quarantined, [2872], [375413],1.0.2826

Physical Sector: 0
(No malicious items detected)


Looks like we've (you've)cracked it windows defender is also running now.

Link to post
Share on other sites

Lets run another scan with FRST, see what a fresh set of logs show:

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt"


Link to post
Share on other sites

Thanks for those logs Mike, continue as follows:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Let me see that log, also tell me if there are any remaining issues or concerns..




Link to post
Share on other sites

You`re very welcome Mike, run the following to clean up:

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

  • Remove disinfection tools <----- this will remove tools we may have used.
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
  • Reset system settings <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection

Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…


Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image
Link to post
Share on other sites

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.