Jump to content

timerfree

Members
 View Profile  See their activity

  • Posts

    10

  • Joined

  • Last visited

 Content Type 

Everything posted by timerfree

  1. timerfree
    ComboFix hung up on creating a Log File. I let it run over night when I went to bed.
  2. timerfree
    Still can't get it to load, tried a clean download and re-install. Seeing if ComboFix will run now.
  3. timerfree
    I pressed clean and couldnt get it to stop. Log after I cleaned. # AdwCleaner v3.002 - Report created 03/09/2013 at 19:06:14# Updated 01/09/2013 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Tim - TIM-MSI# Running from : C:\Users\Tim\Downloads\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\AVG Secure SearchFolder Deleted : C:\Program Files (x86)\AVG Secure SearchFolder Deleted : C:\Program Files (x86)\comcasttbFolder Deleted : C:\Program Files (x86)\xfin_portalFolder Deleted : C:\Program Files (x86)\Common Files\AVG Secure SearchFolder Deleted : C:\Users\Tim\AppData\Local\AVG Secure SearchFolder Deleted : C:\Users\Tim\AppData\LocalLow\AVG Secure SearchFolder Deleted : C:\Users\Tim\AppData\LocalLow\xfin_portal ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\{49BC4DD1-0E69-4611-9164-0009538C5E46}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{08635077-8829-49E2-B338-C968817EB460}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{20A3F109-F7C1-47B4-8098-8E654B264B1D}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8C7478AB-3155-463E-936F-55F91F0F10D0}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9E1B65EE-A131-42B4-94CA-847505E2F611}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A11A6BD-7880-49BD-92D4-6F09D0BD3250}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{68DE31F7-43FF-4EE2-B88B-10665016970D}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}]Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}Key Deleted : HKCU\Software\AVG Secure SearchKey Deleted : HKCU\Software\pdfforgeKey Deleted : HKCU\Software\Search SettingsKey Deleted : HKCU\Software\AppDataLow\Software\xfin_portalKey Deleted : HKLM\Software\pdfforgeKey Deleted : HKLM\Software\Search SettingsKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\xfin_portal ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16660 -\\ Google Chrome v [ File : C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [4929 octets] - [03/09/2013 18:43:46]AdwCleaner[s0].txt - [4689 octets] - [03/09/2013 19:06:14] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4749 octets] ##########
  4. timerfree
    The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it. I don't see anything I want to keep in that log file.
  5. timerfree
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.5.7 (09.01.2013:1) OS: Windows 7 Home Premium x64 Ran by Tim on Mon 09/02/2013 at 21:33:59.74 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-97007975-1818910891-625548559-1001\Software\Microsoft\Internet Explorer\Main\\Start Page ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\igearsettings Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs ~~~ Files Successfully deleted: [File] C:\windows\syswow64\sho1D50.tmp Successfully deleted: [File] C:\windows\syswow64\sho3F87.tmp Successfully deleted: [File] C:\windows\syswow64\sho6B2F.tmp ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess" Successfully deleted: [Folder] "C:\Users\Tim\AppData\Roaming\opencandy" Successfully deleted: [Folder] "C:\Users\Tim\AppData\Roaming\pdfforge" Successfully deleted: [Folder] "C:\Users\Tim\appdata\locallow\comcasttb" Successfully deleted: [Folder] "C:\Users\Tim\appdata\locallow\pdfforge" Successfully deleted: [Folder] "C:\Users\Tim\appdata\locallow\search settings" Failed to delete: [Folder] "C:\Program Files (x86)\comcasttb" Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\spigot" Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{111784C1-44E3-46F6-8FE9-3C3656C8D85B} Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{29735976-2D02-4B89-B2C8-4D69C4A3CCE1} Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{6E5B01A1-0F45-49FD-AAE7-F091D253DA21} Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{7BCCB8B3-3467-420A-805C-895372D3DF2C} Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{BA6165D6-FA29-40A2-A63B-BB916D64E562} Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{CC2DF14C-33E4-4A8F-B7F3-E16B67039499} Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{FE149A39-37F2-4D51-A069-826BF978F0DD} ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Mon 09/02/2013 at 21:47:58.06 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v3.002 - Report created 03/09/2013 at 18:43:46 # Updated 01/09/2013 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Tim - TIM-MSI # Running from : C:\Users\Tim\Downloads\AdwCleaner.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Found C:\Program Files (x86)\AVG Secure Search Folder Found C:\Program Files (x86)\comcasttb Folder Found C:\Program Files (x86)\Common Files\AVG Secure Search Folder Found C:\Program Files (x86)\xfin_portal Folder Found C:\ProgramData\AVG Secure Search Folder Found C:\Users\Tim\AppData\Local\AVG Secure Search Folder Found C:\Users\Tim\AppData\LocalLow\AVG Secure Search Folder Found C:\Users\Tim\AppData\LocalLow\xfin_portal ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\AppDataLow\Software\xfin_portal Key Found : HKCU\Software\AVG Secure Search Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Found : HKCU\Software\pdfforge Key Found : HKCU\Software\Search Settings Key Found : [x64] HKCU\Software\AVG Secure Search Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : [x64] HKCU\Software\pdfforge Key Found : [x64] HKCU\Software\Search Settings Key Found : HKLM\SOFTWARE\Classes\AppID\{49BC4DD1-0E69-4611-9164-0009538C5E46} Key Found : HKLM\SOFTWARE\Classes\CLSID\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E} Key Found : HKLM\SOFTWARE\Classes\CLSID\{08635077-8829-49E2-B338-C968817EB460} Key Found : HKLM\SOFTWARE\Classes\CLSID\{20A3F109-F7C1-47B4-8098-8E654B264B1D} Key Found : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339} Key Found : HKLM\SOFTWARE\Classes\CLSID\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F} Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Found : HKLM\SOFTWARE\Classes\CLSID\{8C7478AB-3155-463E-936F-55F91F0F10D0} Key Found : HKLM\SOFTWARE\Classes\CLSID\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA} Key Found : HKLM\SOFTWARE\Classes\CLSID\{9E1B65EE-A131-42B4-94CA-847505E2F611} Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Found : HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E} Key Found : HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4A11A6BD-7880-49BD-92D4-6F09D0BD3250} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{68DE31F7-43FF-4EE2-B88B-10665016970D} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\xfin_portal Key Found : HKLM\Software\pdfforge Key Found : HKLM\Software\Search Settings Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46} Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}] ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16660 -\\ Google Chrome v [ File : C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [4757 octets] - [03/09/2013 18:43:46] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4817 octets] ##########
  6. timerfree
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-09-2013 06 Ran by Tim at 2013-09-02 21:20:54 Run:1 Running from C:\Users\Tim\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** HKLM\...\Policies\Explorer: [NoActiveDesktop] 1 MountPoints2: {521a86c6-0e1c-11e1-85ef-6c626d32b329} - F:\setup.exe -a HKLM-x32\...\Run: [updReg] - C:\windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) HKLM-x32\...\Run: [] - [x] HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo....&type=827316&p={searchTerms} SearchScopes: HKCU - {180780f0-b348-4b44-8210-94a8f3ee15b2} URL = http://search.comcas...&con=toolbar&q={searchTerms} SearchScopes: HKCU - {82595393-3FC2-42D4-9DA9-6B09513F66A0} URL = SearchScopes: HKCU - {8465751E-7E0D-48CC-B97E-D2D9E883DAA9} URL = http://isearch.avg.com/search?cid={7A86C772-4F87-41A4-B749-AE8C6E84A7E0}&mid=376955acf07347d089d1bd2b2bd65ada-ad1491be2ce6c122f6b66faa90e70c2decf7d34c〈=en&ds=od011&pr=sa&d=2012-06-24 22:53:30&v=11.1.0.7&sap=dsp&q={searchTerms} BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO-x32: No Name - {B922D405-6D13-4A2B-AE89-08A030DA4402} - No File BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) C:\Users\Tim\AppData\Local\Temp\nswF21E.tmp\System.dll C:\Users\Tim\AppData\Local\Temp\nswF21E.tmp\UserInfo.dll C:\Users\Tim\AppData\Local\Temp\nsg67D0.tmp\ExecCmd.dll C:\Users\Tim\AppData\Local\Temp\nsg67D0.tmp\nsExec.dll C:\Users\Tim\AppData\Local\Temp\nsg67D0.tmp\NSISdl.dll C:\Users\Tim\AppData\Local\Temp\nsg67D0.tmp\nsProcess.dll C:\Users\Tim\AppData\Local\Temp\nsg67D0.tmp\System.dll C:\Users\Tim\AppData\Local\Temp\nsg67D0.tmp\UserInfo.dll Task: {CEED875B-AA59-488D-AB45-36D43A1E73B0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-97007975-1818910891-625548559-1001UA => C:\Users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-17] (Google Inc.) Task: {8EA19BB4-FA52-47D4-BC2C-900FDAB861F8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-97007975-1818910891-625548559-1001Core => C:\Users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-17] (Google Inc.) Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-97007975-1818910891-625548559-1001Core.job => C:\Users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-97007975-1818910891-625548559-1001UA.job => C:\Users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe ***************** HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoActiveDesktop => Value deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{521a86c6-0e1c-11e1-85ef-6c626d32b329} => Key deleted successfully. HKCR\CLSID\{521a86c6-0e1c-11e1-85ef-6c626d32b329} => Key not found. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\UpdReg => Value deleted successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value deleted successfully. HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\\{B922D405-6D13-4A2B-AE89-08A030DA4402} => Value deleted successfully. HKCR\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402} => Key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully. HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0A2F3328-B226-4329-9DDB-11D9C7F33FF2} => Key deleted successfully. HKCR\CLSID\{0A2F3328-B226-4329-9DDB-11D9C7F33FF2} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{180780f0-b348-4b44-8210-94a8f3ee15b2} => Key deleted successfully. HKCR\CLSID\{180780f0-b348-4b44-8210-94a8f3ee15b2} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{82595393-3FC2-42D4-9DA9-6B09513F66A0} => Key deleted successfully. HKCR\CLSID\{82595393-3FC2-42D4-9DA9-6B09513F66A0} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8465751E-7E0D-48CC-B97E-D2D9E883DAA9} => Key deleted successfully. HKCR\CLSID\{8465751E-7E0D-48CC-B97E-D2D9E883DAA9} => Key not found. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully. HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully. C:\Users\Tim\AppData\Local\Temp\nswF21E.tmp\System.dll => Moved successfully. C:\Users\Tim\AppData\Local\Temp\nswF21E.tmp\UserInfo.dll => Moved successfully. C:\Users\Tim\AppData\Local\Temp\nsg67D0.tmp\ExecCmd.dll => Moved successfully. C:\Users\Tim\AppData\Local\Temp\nsg67D0.tmp\nsExec.dll => Moved successfully. C:\Users\Tim\AppData\Local\Temp\nsg67D0.tmp\NSISdl.dll => Moved successfully. C:\Users\Tim\AppData\Local\Temp\nsg67D0.tmp\nsProcess.dll => Moved successfully. C:\Users\Tim\AppData\Local\Temp\nsg67D0.tmp\System.dll => Moved successfully. C:\Users\Tim\AppData\Local\Temp\nsg67D0.tmp\UserInfo.dll => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CEED875B-AA59-488D-AB45-36D43A1E73B0} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEED875B-AA59-488D-AB45-36D43A1E73B0} => Key deleted successfully. C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-97007975-1818910891-625548559-1001UA => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-97007975-1818910891-625548559-1001UA => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8EA19BB4-FA52-47D4-BC2C-900FDAB861F8} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8EA19BB4-FA52-47D4-BC2C-900FDAB861F8} => Key deleted successfully. C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-97007975-1818910891-625548559-1001Core => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-97007975-1818910891-625548559-1001Core => Key deleted successfully. C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-97007975-1818910891-625548559-1001Core.job => Moved successfully. C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-97007975-1818910891-625548559-1001UA.job => Moved successfully. ==== End of Fixlog ====
  7. timerfree
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-09-2013 06 Ran by Tim (administrator) on TIM-MSI on 02-09-2013 20:45:23 Running from C:\Users\Tim\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Normal ==================== Could not list processes =============== ==================== Registry (Whitelisted) ================== HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-06-10] (ELAN Microelectronic Corp.) HKLM\...\Run: [THXCfg64] - C:\windows\system32\THXCfg64.dll [17920 2009-10-15] (Creative Technology Ltd.) HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11697768 2010-12-14] (Realtek Semiconductor) HKLM\...\Policies\Explorer: [NoActiveDesktop] 1 HKCU\...\Run: [Google Update] - C:\Users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-10-17] (Google Inc.) HKCU\...\Run: [sUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6581488 2013-08-14] (SUPERAntiSpyware) MountPoints2: {521a86c6-0e1c-11e1-85ef-6c626d32b329} - F:\setup.exe -a HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-16] (Renesas Electronics Corporation) HKLM-x32\...\Run: [THX Audio Control Panel] - C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe [1351680 2010-11-18] (Creative Technology Ltd) HKLM-x32\...\Run: [updReg] - C:\windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) HKLM-x32\...\Run: [NortonOnlineBackup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1112920 2010-03-05] (Symantec Corporation) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated) HKLM-x32\...\Run: [] - [x] HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation) AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KEYCRY~4.DLL,C:\windows\system32\nvinitx.dll [226920 2011-02-09] (NVIDIA Corporation) AppInit_DLLs-x32: C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL,C:\windows\SysWOW64\nvinit.dll [226920 2011-02-09] () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Constant Guard.lnk ShortcutTarget: Constant Guard.lnk -> C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe (White Sky, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=UP21&ocid=UP21DHP&dt=051413 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://msi.msn.com URLSearchHook: (No Name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - No File SearchScopes: HKLM - DefaultScope {3861D2E6-7ABB-4511-888F-A70B42B22AB2} URL = http://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAM3&src=IE-SearchBox SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - DefaultScope {82595393-3FC2-42D4-9DA9-6B09513F66A0} URL = http://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAM3&src=IE-SearchBox SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://www.bing.com/search?FORM=UP21DF&PC=UP21&dt=051413&q={searchTerms}&src=IE-SearchBox SearchScopes: HKCU - {0A2F3328-B226-4329-9DDB-11D9C7F33FF2} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} SearchScopes: HKCU - {180780f0-b348-4b44-8210-94a8f3ee15b2} URL = http://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms} SearchScopes: HKCU - {82595393-3FC2-42D4-9DA9-6B09513F66A0} URL = SearchScopes: HKCU - {8465751E-7E0D-48CC-B97E-D2D9E883DAA9} URL = http://isearch.avg.com/search?cid={7A86C772-4F87-41A4-B749-AE8C6E84A7E0}&mid=376955acf07347d089d1bd2b2bd65ada-ad1491be2ce6c122f6b66faa90e70c2decf7d34c〈=en&ds=od011&pr=sa&d=2012-06-24 22:53:30&v=11.1.0.7&sap=dsp&q={searchTerms} BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) BHO-x32: XFINITY Toolbar - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll () BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Constant Guard Protection Suite - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.13.820.2\NativeBHO.dll (WhiteSky) BHO-x32: No Name - {B922D405-6D13-4A2B-AE89-08A030DA4402} - No File BHO-x32: Updater For XFIN_PORTAL - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll (Visicom Media) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) Toolbar: HKLM-x32 - XFINITY Toolbar - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll () Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation) Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Chrome: ======= CHR Extension: (Google Drive) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR Extension: (YouTube) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (Skype Click to Call) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.8.0.12323_0 CHR Extension: (Norton Identity Protection) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_0 CHR Extension: (Chrome In-App Payments service) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0 CHR Extension: (Gmail) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\Exts\Chrome.crx CHR StartMenuInternet: Google Chrome - C:\Users\Tim\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ================= R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [143120 2013-05-23] (SUPERAntiSpyware.com) R2 AntiSpywareService; C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [616408 2009-06-17] () R2 ITMRTSVC; C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe [283912 2007-09-26] (CA, Inc.) S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 Micro Star SCM; C:\Program Files (x86)\S-Bar\MSIService.exe [160768 2011-03-04] (Micro-Star International Co., Ltd.) R2 MSI Foundation Service; C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe [12800 2010-07-16] (MSI) R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation) R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2782552 2010-03-05] (Symantec Corporation) ==================== Drivers (Whitelisted) ==================== R1 AntiLog32; C:\windows\system32\drivers\AntiLog64.sys [49240 2013-08-31] (Zemana Ltd.) R1 AntiLog32; C:\windows\system32\drivers\AntiLog64.sys [49240 2013-08-31] (Zemana Ltd.) R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation) R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation) R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-27] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-27] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-08-27] (Symantec Corporation) R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130830.001\IDSvia64.sys [520280 2013-08-19] (Symantec Corporation) R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130830.001\IDSvia64.sys [520280 2013-08-19] (Symantec Corporation) R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [25056 2013-07-24] (Zemana Ltd.) S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130902.002\ENG64.SYS [126040 2013-08-28] (Symantec Corporation) R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130902.002\ENG64.SYS [126040 2013-08-28] (Symantec Corporation) R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130902.002\EX64.SYS [2099288 2013-08-28] (Symantec Corporation) R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130902.002\EX64.SYS [2099288 2013-08-28] (Symantec Corporation) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\N360x64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\N360x64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation) R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-07-17] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS [224416 2012-07-27] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) S3 MGHwCtrl; \??\C:\Program Files\msi\msi Software Install\MGHwCtrl.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-02 20:44 - 2013-09-02 20:44 - 01951862 _____ (Farbar) C:\Users\Tim\Downloads\FRST64.exe 2013-09-01 17:19 - 2013-09-01 17:19 - 00001818 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk 2013-09-01 17:19 - 2013-09-01 17:19 - 00000000 ____D C:\Users\Tim\AppData\Roaming\SUPERAntiSpyware.com 2013-09-01 17:19 - 2013-09-01 17:19 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com 2013-09-01 17:19 - 2013-09-01 17:19 - 00000000 ____D C:\Program Files\SUPERAntiSpyware 2013-09-01 17:18 - 2013-09-01 17:19 - 27382608 _____ (SUPERAntiSpyware) C:\Users\Tim\Downloads\SUPERAntiSpyware.exe 2013-09-01 17:11 - 2013-09-01 17:11 - 00002715 _____ C:\Users\Tim\Desktop\RKreport[0]_S_09012013_171136.txt 2013-09-01 17:08 - 2013-09-01 17:42 - 00000000 ____D C:\Users\Tim\Desktop\RK_Quarantine 2013-09-01 17:08 - 2013-09-01 17:08 - 03771904 _____ C:\Users\Tim\Downloads\RogueKillerX64.exe 2013-09-01 16:52 - 2013-09-02 15:00 - 00000000 ___SD C:\32788R22FWJFW 2013-09-01 16:52 - 2013-09-01 16:52 - 00000000 ____D C:\windows\erdnt 2013-09-01 16:51 - 2013-09-02 14:59 - 05119472 ____R (Swearware) C:\Users\Tim\Downloads\ComboFix.exe 2013-09-01 16:50 - 2013-09-01 16:50 - 02748256 _____ (Kaspersky Lab ZAO) C:\Users\Tim\Downloads\tdsskiller.exe 2013-09-01 16:40 - 2013-09-01 16:40 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Tim\Downloads\wtf.exe 2013-09-01 16:30 - 2013-09-01 16:55 - 00002494 _____ C:\Users\Tim\Desktop\Rkill.txt 2013-09-01 16:30 - 2013-09-01 16:30 - 00000000 ____D C:\Users\Tim\Desktop\rkill 2013-09-01 16:29 - 2013-09-01 16:29 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\Tim\Downloads\rkill.exe 2013-09-01 16:21 - 2013-09-01 16:21 - 00000000 ____D C:\Users\Tim\Downloads\mbam-chameleon-1.62.1.1000 2013-09-01 16:20 - 2013-09-01 16:20 - 01440846 _____ C:\Users\Tim\Downloads\mbam-chameleon-1.62.1.1000.zip 2013-09-01 16:18 - 2013-09-01 16:18 - 00011229 _____ C:\Users\Tim\Desktop\attach.txt 2013-09-01 16:18 - 2013-09-01 16:17 - 00023203 _____ C:\Users\Tim\Desktop\dds.txt 2013-09-01 16:15 - 2013-09-01 16:15 - 00688992 ____R (Swearware) C:\Users\Tim\Downloads\dds.com 2013-08-26 21:25 - 2013-08-26 21:25 - 00000000 _____ C:\windows\SysWOW64\sho3F87.tmp 2013-08-19 21:25 - 2013-08-19 21:25 - 00000000 _____ C:\windows\SysWOW64\sho6B2F.tmp 2013-08-17 09:53 - 2013-08-17 09:53 - 01624064 _____ (Bandoo Media Inc) C:\Users\Tim\Downloads\iLividSetup-r367-n-bc.exe 2013-08-15 21:13 - 2013-07-26 01:13 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2013-08-15 21:13 - 2013-07-26 01:13 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2013-08-15 21:13 - 2013-07-26 01:13 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2013-08-15 21:13 - 2013-07-26 01:12 - 19239424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2013-08-15 21:13 - 2013-07-26 01:12 - 15405056 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2013-08-15 21:13 - 2013-07-26 01:12 - 03958784 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2013-08-15 21:13 - 2013-07-26 01:12 - 02647040 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2013-08-15 21:13 - 2013-07-26 01:12 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2013-08-15 21:13 - 2013-07-26 01:12 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2013-08-15 21:13 - 2013-07-26 01:12 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2013-08-15 21:13 - 2013-07-26 01:12 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll 2013-08-15 21:13 - 2013-07-26 01:12 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2013-08-15 21:13 - 2013-07-26 01:12 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2013-08-15 21:13 - 2013-07-26 01:12 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2013-08-15 21:13 - 2013-07-25 23:35 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2013-08-15 21:13 - 2013-07-25 23:13 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2013-08-15 21:13 - 2013-07-25 23:13 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2013-08-15 21:13 - 2013-07-25 23:12 - 14329344 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2013-08-15 21:13 - 2013-07-25 23:12 - 02877440 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2013-08-15 21:13 - 2013-07-25 23:12 - 02048512 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2013-08-15 21:13 - 2013-07-25 23:12 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll 2013-08-15 21:13 - 2013-07-25 23:12 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2013-08-15 21:13 - 2013-07-25 23:12 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2013-08-15 21:13 - 2013-07-25 23:12 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll 2013-08-15 21:13 - 2013-07-25 23:12 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2013-08-15 21:13 - 2013-07-25 23:12 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2013-08-15 21:13 - 2013-07-25 23:11 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2013-08-15 21:13 - 2013-07-25 23:11 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2013-08-15 21:13 - 2013-07-25 22:49 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2013-08-15 21:13 - 2013-07-25 22:39 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe 2013-08-15 21:13 - 2013-07-25 21:59 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe 2013-08-15 21:03 - 2013-08-15 21:07 - 00000000 ____D C:\windows\system32\MRT 2013-08-14 21:10 - 2013-07-18 21:58 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll 2013-08-14 21:10 - 2013-07-18 21:41 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll 2013-08-14 21:10 - 2013-07-09 01:52 - 00224256 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll 2013-08-14 21:10 - 2013-07-09 01:46 - 01472512 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll 2013-08-14 21:10 - 2013-07-09 01:46 - 00184320 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll 2013-08-14 21:10 - 2013-07-09 01:46 - 00139776 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll 2013-08-14 21:10 - 2013-07-09 00:52 - 00175104 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll 2013-08-14 21:10 - 2013-07-09 00:46 - 01166848 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll 2013-08-14 21:10 - 2013-07-09 00:46 - 00140288 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll 2013-08-14 21:10 - 2013-07-09 00:46 - 00103936 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll 2013-08-14 21:09 - 2013-07-25 05:25 - 01888768 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL 2013-08-14 21:09 - 2013-07-25 04:57 - 01620992 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL 2013-08-14 21:09 - 2013-07-09 02:03 - 05550528 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe 2013-08-14 21:09 - 2013-07-09 01:54 - 01732032 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll 2013-08-14 21:09 - 2013-07-09 01:53 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll 2013-08-14 21:09 - 2013-07-09 01:51 - 01217024 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll 2013-08-14 21:09 - 2013-07-09 01:03 - 03968960 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe 2013-08-14 21:09 - 2013-07-09 01:03 - 03913664 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe 2013-08-14 21:09 - 2013-07-09 00:53 - 01292192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll 2013-08-14 21:09 - 2013-07-09 00:52 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll 2013-08-14 21:09 - 2013-07-09 00:52 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll 2013-08-14 21:09 - 2013-07-08 22:49 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe 2013-08-14 21:09 - 2013-07-08 22:49 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll 2013-08-14 21:09 - 2013-07-08 22:49 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe 2013-08-14 21:09 - 2013-07-08 22:49 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe 2013-08-14 21:09 - 2013-07-06 02:03 - 01910208 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys 2013-08-14 21:09 - 2013-06-15 00:32 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys 2013-08-09 14:37 - 2013-08-09 14:38 - 00288712 _____ C:\Users\Tim\Downloads\Setup (2).exe 2013-08-09 14:36 - 2013-08-09 14:37 - 00208944 _____ (Jottix) C:\Users\Tim\Downloads\video-media-download_setup.exe ==================== One Month Modified Files and Folders ======= 2013-09-02 20:45 - 2013-09-02 20:45 - 00000000 ____D C:\FRST 2013-09-02 20:44 - 2013-09-02 20:44 - 01951862 _____ (Farbar) C:\Users\Tim\Downloads\FRST64.exe 2013-09-02 20:38 - 2011-10-17 16:17 - 00000900 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-97007975-1818910891-625548559-1001UA.job 2013-09-02 19:53 - 2011-10-17 14:10 - 01293771 _____ C:\windows\WindowsUpdate.log 2013-09-02 18:23 - 2011-12-22 00:13 - 00000000 ____D C:\Users\Tim\AppData\Roaming\ID Vault 2013-09-02 15:00 - 2013-09-01 16:52 - 00000000 ___SD C:\32788R22FWJFW 2013-09-02 14:59 - 2013-09-01 16:51 - 05119472 ____R (Swearware) C:\Users\Tim\Downloads\ComboFix.exe 2013-09-02 14:38 - 2011-10-17 16:17 - 00000848 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-97007975-1818910891-625548559-1001Core.job 2013-09-02 13:00 - 2011-12-03 15:19 - 00000542 _____ C:\windows\Tasks\MATLAB R2011b Startup Accelerator.job 2013-09-01 17:58 - 2011-10-22 19:42 - 00000000 ____D C:\Users\Tim\AppData\Local\CrashDumps 2013-09-01 17:52 - 2009-07-14 00:45 - 00024656 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-09-01 17:52 - 2009-07-14 00:45 - 00024656 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-09-01 17:45 - 2013-05-20 20:20 - 00003136 _____ C:\windows\setupact.log 2013-09-01 17:45 - 2013-05-20 20:19 - 00014640 _____ C:\windows\PFRO.log 2013-09-01 17:45 - 2013-01-29 21:02 - 00000000 ____D C:\Program Files (x86)\KeyCryptSDK 2013-09-01 17:45 - 2011-03-13 12:11 - 00000000 ____D C:\ProgramData\NVIDIA 2013-09-01 17:45 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT 2013-09-01 17:42 - 2013-09-01 17:08 - 00000000 ____D C:\Users\Tim\Desktop\RK_Quarantine 2013-09-01 17:19 - 2013-09-01 17:19 - 00001818 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk 2013-09-01 17:19 - 2013-09-01 17:19 - 00000000 ____D C:\Users\Tim\AppData\Roaming\SUPERAntiSpyware.com 2013-09-01 17:19 - 2013-09-01 17:19 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com 2013-09-01 17:19 - 2013-09-01 17:19 - 00000000 ____D C:\Program Files\SUPERAntiSpyware 2013-09-01 17:19 - 2013-09-01 17:18 - 27382608 _____ (SUPERAntiSpyware) C:\Users\Tim\Downloads\SUPERAntiSpyware.exe 2013-09-01 17:11 - 2013-09-01 17:11 - 00002715 _____ C:\Users\Tim\Desktop\RKreport[0]_S_09012013_171136.txt 2013-09-01 17:08 - 2013-09-01 17:08 - 03771904 _____ C:\Users\Tim\Downloads\RogueKillerX64.exe 2013-09-01 16:55 - 2013-09-01 16:30 - 00002494 _____ C:\Users\Tim\Desktop\Rkill.txt 2013-09-01 16:52 - 2013-09-01 16:52 - 00000000 ____D C:\windows\erdnt 2013-09-01 16:50 - 2013-09-01 16:50 - 02748256 _____ (Kaspersky Lab ZAO) C:\Users\Tim\Downloads\tdsskiller.exe 2013-09-01 16:48 - 2012-08-01 21:28 - 00001115 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-09-01 16:48 - 2012-07-06 20:14 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-09-01 16:40 - 2013-09-01 16:40 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Tim\Downloads\wtf.exe 2013-09-01 16:30 - 2013-09-01 16:30 - 00000000 ____D C:\Users\Tim\Desktop\rkill 2013-09-01 16:29 - 2013-09-01 16:29 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\Tim\Downloads\rkill.exe 2013-09-01 16:21 - 2013-09-01 16:21 - 00000000 ____D C:\Users\Tim\Downloads\mbam-chameleon-1.62.1.1000 2013-09-01 16:20 - 2013-09-01 16:20 - 01440846 _____ C:\Users\Tim\Downloads\mbam-chameleon-1.62.1.1000.zip 2013-09-01 16:18 - 2013-09-01 16:18 - 00011229 _____ C:\Users\Tim\Desktop\attach.txt 2013-09-01 16:17 - 2013-09-01 16:18 - 00023203 _____ C:\Users\Tim\Desktop\dds.txt 2013-09-01 16:15 - 2013-09-01 16:15 - 00688992 ____R (Swearware) C:\Users\Tim\Downloads\dds.com 2013-08-31 11:17 - 2011-12-22 00:14 - 00000000 ____D C:\Users\Tim\AppData\Local\ID Vault 2013-08-31 11:16 - 2013-01-29 21:02 - 00049240 _____ (Zemana Ltd.) C:\windows\system32\Drivers\AntiLog64.sys 2013-08-31 11:16 - 2013-01-29 21:02 - 00000000 ____D C:\windows\SysWOW64\ZALSDK_uninst 2013-08-31 11:16 - 2011-12-22 00:12 - 00000000 ____D C:\Program Files (x86)\Constant Guard Protection Suite 2013-08-31 11:15 - 2011-12-22 00:12 - 00002199 _____ C:\Users\Public\Desktop\Constant Guard.lnk 2013-08-30 12:58 - 2013-06-19 19:18 - 00000003 _____ C:\windows\system32\HRUPPROG.TXT 2013-08-30 08:38 - 2011-10-17 14:15 - 00000000 ___RD C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-08-30 08:18 - 2011-10-17 16:17 - 00002361 _____ C:\Users\Tim\Desktop\Google Chrome.lnk 2013-08-29 18:42 - 2012-04-11 18:15 - 00000000 ____D C:\Users\Tim\AppData\Roaming\Dropbox 2013-08-29 18:41 - 2012-04-11 18:17 - 00000000 ___RD C:\Users\Tim\Dropbox 2013-08-28 20:05 - 2011-10-25 15:34 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-08-26 21:25 - 2013-08-26 21:25 - 00000000 _____ C:\windows\SysWOW64\sho3F87.tmp 2013-08-19 21:25 - 2013-08-19 21:25 - 00000000 _____ C:\windows\SysWOW64\sho6B2F.tmp 2013-08-17 09:53 - 2013-08-17 09:53 - 01624064 _____ (Bandoo Media Inc) C:\Users\Tim\Downloads\iLividSetup-r367-n-bc.exe 2013-08-15 21:09 - 2009-07-14 01:13 - 00741680 _____ C:\windows\system32\PerfStringBackup.INI 2013-08-15 21:07 - 2013-08-15 21:03 - 00000000 ____D C:\windows\system32\MRT 2013-08-15 21:02 - 2011-10-18 17:46 - 78161360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2013-08-09 14:38 - 2013-08-09 14:37 - 00288712 _____ C:\Users\Tim\Downloads\Setup (2).exe 2013-08-09 14:37 - 2013-08-09 14:36 - 00208944 _____ (Jottix) C:\Users\Tim\Downloads\video-media-download_setup.exe Files to move or delete: ==================== C:\Users\Tim\AppData\Local\Temp\nswF21E.tmp\System.dll C:\Users\Tim\AppData\Local\Temp\nswF21E.tmp\UserInfo.dll C:\Users\Tim\AppData\Local\Temp\nsg67D0.tmp\ExecCmd.dll C:\Users\Tim\AppData\Local\Temp\nsg67D0.tmp\nsExec.dll C:\Users\Tim\AppData\Local\Temp\nsg67D0.tmp\NSISdl.dll C:\Users\Tim\AppData\Local\Temp\nsg67D0.tmp\nsProcess.dll C:\Users\Tim\AppData\Local\Temp\nsg67D0.tmp\System.dll C:\Users\Tim\AppData\Local\Temp\nsg67D0.tmp\UserInfo.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-05-18 13:39 ==================== End Of Log ============================ Addition.txt
  8. timerfree
    ComboFix seems like it has been stalled on creating Output folder: C32788R22FWJFW\N_ it's been on this for around 3 hours now. I disabled my Norton Security Suite, turned off the Malware Bytes icon that was already not opening and closed out Super Antispyware, I'm not sure what else to close to get it running
  9. timerfree
    Rogue killer log attached. RKreport0_S_09012013_171136.txt
  10. timerfree
    Attached DDS file and attach file dds.txt attach.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.