Jump to content

Issues running Malware Bytes


Recommended Posts

  • Root Admin

Hello and :welcome:

 

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


 

Link to post
Share on other sites

ComboFix seems like it has been stalled on creating Output  folder: C32788R22FWJFW\N_ it's been on this for around 3 hours now.  I disabled my Norton Security Suite, turned off the Malware Bytes icon that was already not opening and closed out Super Antispyware, I'm not sure what else to close to get it running

Link to post
Share on other sites

  • Root Admin

Okay go ahead and force it to stop and run the following.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-09-2013 06

Ran by Tim (administrator) on TIM-MSI on 02-09-2013 20:45:23

Running from C:\Users\Tim\Downloads

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 10

Boot Mode: Normal

 

==================== Could not list processes ===============

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-06-10] (ELAN Microelectronic Corp.)

HKLM\...\Run: [THXCfg64] - C:\windows\system32\THXCfg64.dll [17920 2009-10-15] (Creative Technology Ltd.)

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11697768 2010-12-14] (Realtek Semiconductor)

HKLM\...\Policies\Explorer: [NoActiveDesktop] 1

HKCU\...\Run: [Google Update] - C:\Users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-10-17] (Google Inc.)

HKCU\...\Run: [sUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6581488 2013-08-14] (SUPERAntiSpyware)

MountPoints2: {521a86c6-0e1c-11e1-85ef-6c626d32b329} - F:\setup.exe -a

HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-16] (Renesas Electronics Corporation)

HKLM-x32\...\Run: [THX Audio Control Panel] - C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe [1351680 2010-11-18] (Creative Technology Ltd)

HKLM-x32\...\Run: [updReg] - C:\windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)

HKLM-x32\...\Run: [NortonOnlineBackup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1112920 2010-03-05] (Symantec Corporation)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [] -  [x]

HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)

AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KEYCRY~4.DLL,C:\windows\system32\nvinitx.dll [226920 2011-02-09] (NVIDIA Corporation)

AppInit_DLLs-x32: C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL,C:\windows\SysWOW64\nvinit.dll [226920 2011-02-09] ()

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Constant Guard.lnk

ShortcutTarget: Constant Guard.lnk -> C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe (White Sky, Inc.)

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=UP21&ocid=UP21DHP&dt=051413

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://msi.msn.com

URLSearchHook: (No Name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} -  No File

SearchScopes: HKLM - DefaultScope {3861D2E6-7ABB-4511-888F-A70B42B22AB2} URL = http://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAM3&src=IE-SearchBox

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM-x32 - DefaultScope {82595393-3FC2-42D4-9DA9-6B09513F66A0} URL = http://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAM3&src=IE-SearchBox

SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://www.bing.com/search?FORM=UP21DF&PC=UP21&dt=051413&q={searchTerms}&src=IE-SearchBox

SearchScopes: HKCU - {0A2F3328-B226-4329-9DDB-11D9C7F33FF2} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}

SearchScopes: HKCU - {180780f0-b348-4b44-8210-94a8f3ee15b2} URL = http://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms}

SearchScopes: HKCU - {82595393-3FC2-42D4-9DA9-6B09513F66A0} URL = 

SearchScopes: HKCU - {8465751E-7E0D-48CC-B97E-D2D9E883DAA9} URL = http://isearch.avg.com/search?cid={7A86C772-4F87-41A4-B749-AE8C6E84A7E0}&mid=376955acf07347d089d1bd2b2bd65ada-ad1491be2ce6c122f6b66faa90e70c2decf7d34c〈=en&ds=od011&pr=sa&d=2012-06-24 22:53:30&v=11.1.0.7&sap=dsp&q={searchTerms}

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)

BHO-x32: XFINITY Toolbar - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll ()

BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)

BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)

BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Constant Guard Protection Suite - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.13.820.2\NativeBHO.dll (WhiteSky)

BHO-x32: No Name - {B922D405-6D13-4A2B-AE89-08A030DA4402} -  No File

BHO-x32: Updater For XFIN_PORTAL - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll (Visicom Media)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

Toolbar: HKLM-x32 - XFINITY Toolbar - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll ()

Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)

Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

 

Chrome: 

=======

CHR Extension: (Google Drive) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0

CHR Extension: (YouTube) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0

CHR Extension: (Google Search) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0

CHR Extension: (Skype Click to Call) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.8.0.12323_0

CHR Extension: (Norton Identity Protection) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_0

CHR Extension: (Chrome In-App Payments service) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0

CHR Extension: (Gmail) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx

CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\Exts\Chrome.crx

CHR StartMenuInternet: Google Chrome - C:\Users\Tim\AppData\Local\Google\Chrome\Application\chrome.exe

 

==================== Services (Whitelisted) =================

 

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [143120 2013-05-23] (SUPERAntiSpyware.com)

R2 AntiSpywareService; C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [616408 2009-06-17] ()

R2 ITMRTSVC; C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe [283912 2007-09-26] (CA, Inc.)

S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 Micro Star SCM; C:\Program Files (x86)\S-Bar\MSIService.exe [160768 2011-03-04] (Micro-Star International Co., Ltd.)

R2 MSI Foundation Service; C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe [12800 2010-07-16] (MSI)

R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)

R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2782552 2010-03-05] (Symantec Corporation)

 

==================== Drivers (Whitelisted) ====================

 

R1 AntiLog32; C:\windows\system32\drivers\AntiLog64.sys [49240 2013-08-31] (Zemana Ltd.)

R1 AntiLog32; C:\windows\system32\drivers\AntiLog64.sys [49240 2013-08-31] (Zemana Ltd.)

R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)

R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)

R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)

R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-27] (Symantec Corporation)

R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-27] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-08-27] (Symantec Corporation)

R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130830.001\IDSvia64.sys [520280 2013-08-19] (Symantec Corporation)

R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130830.001\IDSvia64.sys [520280 2013-08-19] (Symantec Corporation)

R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [25056 2013-07-24] (Zemana Ltd.)

S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130902.002\ENG64.SYS [126040 2013-08-28] (Symantec Corporation)

R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130902.002\ENG64.SYS [126040 2013-08-28] (Symantec Corporation)

R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130902.002\EX64.SYS [2099288 2013-08-28] (Symantec Corporation)

R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130902.002\EX64.SYS [2099288 2013-08-28] (Symantec Corporation)

R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)

R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)

R0 SymDS; C:\Windows\System32\drivers\N360x64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)

R0 SymEFA; C:\Windows\System32\drivers\N360x64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)

R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-07-17] (Symantec Corporation)

R1 SymIRON; C:\Windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS [224416 2012-07-27] (Symantec Corporation)

R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

S3 MGHwCtrl; \??\C:\Program Files\msi\msi Software Install\MGHwCtrl.sys [x]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2013-09-02 20:44 - 2013-09-02 20:44 - 01951862 _____ (Farbar) C:\Users\Tim\Downloads\FRST64.exe

2013-09-01 17:19 - 2013-09-01 17:19 - 00001818 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

2013-09-01 17:19 - 2013-09-01 17:19 - 00000000 ____D C:\Users\Tim\AppData\Roaming\SUPERAntiSpyware.com

2013-09-01 17:19 - 2013-09-01 17:19 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com

2013-09-01 17:19 - 2013-09-01 17:19 - 00000000 ____D C:\Program Files\SUPERAntiSpyware

2013-09-01 17:18 - 2013-09-01 17:19 - 27382608 _____ (SUPERAntiSpyware) C:\Users\Tim\Downloads\SUPERAntiSpyware.exe

2013-09-01 17:11 - 2013-09-01 17:11 - 00002715 _____ C:\Users\Tim\Desktop\RKreport[0]_S_09012013_171136.txt

2013-09-01 17:08 - 2013-09-01 17:42 - 00000000 ____D C:\Users\Tim\Desktop\RK_Quarantine

2013-09-01 17:08 - 2013-09-01 17:08 - 03771904 _____ C:\Users\Tim\Downloads\RogueKillerX64.exe

2013-09-01 16:52 - 2013-09-02 15:00 - 00000000 ___SD C:\32788R22FWJFW

2013-09-01 16:52 - 2013-09-01 16:52 - 00000000 ____D C:\windows\erdnt

2013-09-01 16:51 - 2013-09-02 14:59 - 05119472 ____R (Swearware) C:\Users\Tim\Downloads\ComboFix.exe

2013-09-01 16:50 - 2013-09-01 16:50 - 02748256 _____ (Kaspersky Lab ZAO) C:\Users\Tim\Downloads\tdsskiller.exe

2013-09-01 16:40 - 2013-09-01 16:40 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Tim\Downloads\wtf.exe

2013-09-01 16:30 - 2013-09-01 16:55 - 00002494 _____ C:\Users\Tim\Desktop\Rkill.txt

2013-09-01 16:30 - 2013-09-01 16:30 - 00000000 ____D C:\Users\Tim\Desktop\rkill

2013-09-01 16:29 - 2013-09-01 16:29 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\Tim\Downloads\rkill.exe

2013-09-01 16:21 - 2013-09-01 16:21 - 00000000 ____D C:\Users\Tim\Downloads\mbam-chameleon-1.62.1.1000

2013-09-01 16:20 - 2013-09-01 16:20 - 01440846 _____ C:\Users\Tim\Downloads\mbam-chameleon-1.62.1.1000.zip

2013-09-01 16:18 - 2013-09-01 16:18 - 00011229 _____ C:\Users\Tim\Desktop\attach.txt

2013-09-01 16:18 - 2013-09-01 16:17 - 00023203 _____ C:\Users\Tim\Desktop\dds.txt

2013-09-01 16:15 - 2013-09-01 16:15 - 00688992 ____R (Swearware) C:\Users\Tim\Downloads\dds.com

2013-08-26 21:25 - 2013-08-26 21:25 - 00000000 _____ C:\windows\SysWOW64\sho3F87.tmp

2013-08-19 21:25 - 2013-08-19 21:25 - 00000000 _____ C:\windows\SysWOW64\sho6B2F.tmp

2013-08-17 09:53 - 2013-08-17 09:53 - 01624064 _____ (Bandoo Media Inc) C:\Users\Tim\Downloads\iLividSetup-r367-n-bc.exe

2013-08-15 21:13 - 2013-07-26 01:13 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll

2013-08-15 21:13 - 2013-07-26 01:13 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll

2013-08-15 21:13 - 2013-07-26 01:13 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe

2013-08-15 21:13 - 2013-07-26 01:12 - 19239424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll

2013-08-15 21:13 - 2013-07-26 01:12 - 15405056 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll

2013-08-15 21:13 - 2013-07-26 01:12 - 03958784 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll

2013-08-15 21:13 - 2013-07-26 01:12 - 02647040 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll

2013-08-15 21:13 - 2013-07-26 01:12 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll

2013-08-15 21:13 - 2013-07-26 01:12 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll

2013-08-15 21:13 - 2013-07-26 01:12 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll

2013-08-15 21:13 - 2013-07-26 01:12 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll

2013-08-15 21:13 - 2013-07-26 01:12 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll

2013-08-15 21:13 - 2013-07-26 01:12 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll

2013-08-15 21:13 - 2013-07-26 01:12 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll

2013-08-15 21:13 - 2013-07-25 23:35 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb

2013-08-15 21:13 - 2013-07-25 23:13 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll

2013-08-15 21:13 - 2013-07-25 23:13 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll

2013-08-15 21:13 - 2013-07-25 23:12 - 14329344 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll

2013-08-15 21:13 - 2013-07-25 23:12 - 02877440 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll

2013-08-15 21:13 - 2013-07-25 23:12 - 02048512 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll

2013-08-15 21:13 - 2013-07-25 23:12 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll

2013-08-15 21:13 - 2013-07-25 23:12 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll

2013-08-15 21:13 - 2013-07-25 23:12 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll

2013-08-15 21:13 - 2013-07-25 23:12 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll

2013-08-15 21:13 - 2013-07-25 23:12 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll

2013-08-15 21:13 - 2013-07-25 23:12 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll

2013-08-15 21:13 - 2013-07-25 23:11 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll

2013-08-15 21:13 - 2013-07-25 23:11 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll

2013-08-15 21:13 - 2013-07-25 22:49 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb

2013-08-15 21:13 - 2013-07-25 22:39 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe

2013-08-15 21:13 - 2013-07-25 21:59 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe

2013-08-15 21:03 - 2013-08-15 21:07 - 00000000 ____D C:\windows\system32\MRT

2013-08-14 21:10 - 2013-07-18 21:58 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll

2013-08-14 21:10 - 2013-07-18 21:41 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll

2013-08-14 21:10 - 2013-07-09 01:52 - 00224256 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll

2013-08-14 21:10 - 2013-07-09 01:46 - 01472512 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll

2013-08-14 21:10 - 2013-07-09 01:46 - 00184320 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll

2013-08-14 21:10 - 2013-07-09 01:46 - 00139776 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll

2013-08-14 21:10 - 2013-07-09 00:52 - 00175104 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll

2013-08-14 21:10 - 2013-07-09 00:46 - 01166848 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll

2013-08-14 21:10 - 2013-07-09 00:46 - 00140288 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll

2013-08-14 21:10 - 2013-07-09 00:46 - 00103936 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll

2013-08-14 21:09 - 2013-07-25 05:25 - 01888768 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL

2013-08-14 21:09 - 2013-07-25 04:57 - 01620992 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL

2013-08-14 21:09 - 2013-07-09 02:03 - 05550528 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe

2013-08-14 21:09 - 2013-07-09 01:54 - 01732032 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll

2013-08-14 21:09 - 2013-07-09 01:53 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll

2013-08-14 21:09 - 2013-07-09 01:51 - 01217024 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll

2013-08-14 21:09 - 2013-07-09 01:03 - 03968960 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe

2013-08-14 21:09 - 2013-07-09 01:03 - 03913664 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe

2013-08-14 21:09 - 2013-07-09 00:53 - 01292192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll

2013-08-14 21:09 - 2013-07-09 00:52 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll

2013-08-14 21:09 - 2013-07-09 00:52 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll

2013-08-14 21:09 - 2013-07-08 22:49 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe

2013-08-14 21:09 - 2013-07-08 22:49 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll

2013-08-14 21:09 - 2013-07-08 22:49 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe

2013-08-14 21:09 - 2013-07-08 22:49 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe

2013-08-14 21:09 - 2013-07-06 02:03 - 01910208 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys

2013-08-14 21:09 - 2013-06-15 00:32 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys

2013-08-09 14:37 - 2013-08-09 14:38 - 00288712 _____ C:\Users\Tim\Downloads\Setup (2).exe

2013-08-09 14:36 - 2013-08-09 14:37 - 00208944 _____ (Jottix) C:\Users\Tim\Downloads\video-media-download_setup.exe

 

==================== One Month Modified Files and Folders =======

 

2013-09-02 20:45 - 2013-09-02 20:45 - 00000000 ____D C:\FRST

2013-09-02 20:44 - 2013-09-02 20:44 - 01951862 _____ (Farbar) C:\Users\Tim\Downloads\FRST64.exe

2013-09-02 20:38 - 2011-10-17 16:17 - 00000900 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-97007975-1818910891-625548559-1001UA.job

2013-09-02 19:53 - 2011-10-17 14:10 - 01293771 _____ C:\windows\WindowsUpdate.log

2013-09-02 18:23 - 2011-12-22 00:13 - 00000000 ____D C:\Users\Tim\AppData\Roaming\ID Vault

2013-09-02 15:00 - 2013-09-01 16:52 - 00000000 ___SD C:\32788R22FWJFW

2013-09-02 14:59 - 2013-09-01 16:51 - 05119472 ____R (Swearware) C:\Users\Tim\Downloads\ComboFix.exe

2013-09-02 14:38 - 2011-10-17 16:17 - 00000848 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-97007975-1818910891-625548559-1001Core.job

2013-09-02 13:00 - 2011-12-03 15:19 - 00000542 _____ C:\windows\Tasks\MATLAB R2011b Startup Accelerator.job

2013-09-01 17:58 - 2011-10-22 19:42 - 00000000 ____D C:\Users\Tim\AppData\Local\CrashDumps

2013-09-01 17:52 - 2009-07-14 00:45 - 00024656 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-09-01 17:52 - 2009-07-14 00:45 - 00024656 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-09-01 17:45 - 2013-05-20 20:20 - 00003136 _____ C:\windows\setupact.log

2013-09-01 17:45 - 2013-05-20 20:19 - 00014640 _____ C:\windows\PFRO.log

2013-09-01 17:45 - 2013-01-29 21:02 - 00000000 ____D C:\Program Files (x86)\KeyCryptSDK

2013-09-01 17:45 - 2011-03-13 12:11 - 00000000 ____D C:\ProgramData\NVIDIA

2013-09-01 17:45 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT

2013-09-01 17:42 - 2013-09-01 17:08 - 00000000 ____D C:\Users\Tim\Desktop\RK_Quarantine

2013-09-01 17:19 - 2013-09-01 17:19 - 00001818 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

2013-09-01 17:19 - 2013-09-01 17:19 - 00000000 ____D C:\Users\Tim\AppData\Roaming\SUPERAntiSpyware.com

2013-09-01 17:19 - 2013-09-01 17:19 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com

2013-09-01 17:19 - 2013-09-01 17:19 - 00000000 ____D C:\Program Files\SUPERAntiSpyware

2013-09-01 17:19 - 2013-09-01 17:18 - 27382608 _____ (SUPERAntiSpyware) C:\Users\Tim\Downloads\SUPERAntiSpyware.exe

2013-09-01 17:11 - 2013-09-01 17:11 - 00002715 _____ C:\Users\Tim\Desktop\RKreport[0]_S_09012013_171136.txt

2013-09-01 17:08 - 2013-09-01 17:08 - 03771904 _____ C:\Users\Tim\Downloads\RogueKillerX64.exe

2013-09-01 16:55 - 2013-09-01 16:30 - 00002494 _____ C:\Users\Tim\Desktop\Rkill.txt

2013-09-01 16:52 - 2013-09-01 16:52 - 00000000 ____D C:\windows\erdnt

2013-09-01 16:50 - 2013-09-01 16:50 - 02748256 _____ (Kaspersky Lab ZAO) C:\Users\Tim\Downloads\tdsskiller.exe

2013-09-01 16:48 - 2012-08-01 21:28 - 00001115 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-09-01 16:48 - 2012-07-06 20:14 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-09-01 16:40 - 2013-09-01 16:40 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Tim\Downloads\wtf.exe

2013-09-01 16:30 - 2013-09-01 16:30 - 00000000 ____D C:\Users\Tim\Desktop\rkill

2013-09-01 16:29 - 2013-09-01 16:29 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\Tim\Downloads\rkill.exe

2013-09-01 16:21 - 2013-09-01 16:21 - 00000000 ____D C:\Users\Tim\Downloads\mbam-chameleon-1.62.1.1000

2013-09-01 16:20 - 2013-09-01 16:20 - 01440846 _____ C:\Users\Tim\Downloads\mbam-chameleon-1.62.1.1000.zip

2013-09-01 16:18 - 2013-09-01 16:18 - 00011229 _____ C:\Users\Tim\Desktop\attach.txt

2013-09-01 16:17 - 2013-09-01 16:18 - 00023203 _____ C:\Users\Tim\Desktop\dds.txt

2013-09-01 16:15 - 2013-09-01 16:15 - 00688992 ____R (Swearware) C:\Users\Tim\Downloads\dds.com

2013-08-31 11:17 - 2011-12-22 00:14 - 00000000 ____D C:\Users\Tim\AppData\Local\ID Vault

2013-08-31 11:16 - 2013-01-29 21:02 - 00049240 _____ (Zemana Ltd.) C:\windows\system32\Drivers\AntiLog64.sys

2013-08-31 11:16 - 2013-01-29 21:02 - 00000000 ____D C:\windows\SysWOW64\ZALSDK_uninst

2013-08-31 11:16 - 2011-12-22 00:12 - 00000000 ____D C:\Program Files (x86)\Constant Guard Protection Suite

2013-08-31 11:15 - 2011-12-22 00:12 - 00002199 _____ C:\Users\Public\Desktop\Constant Guard.lnk

2013-08-30 12:58 - 2013-06-19 19:18 - 00000003 _____ C:\windows\system32\HRUPPROG.TXT

2013-08-30 08:38 - 2011-10-17 14:15 - 00000000 ___RD C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2013-08-30 08:18 - 2011-10-17 16:17 - 00002361 _____ C:\Users\Tim\Desktop\Google Chrome.lnk

2013-08-29 18:42 - 2012-04-11 18:15 - 00000000 ____D C:\Users\Tim\AppData\Roaming\Dropbox

2013-08-29 18:41 - 2012-04-11 18:17 - 00000000 ___RD C:\Users\Tim\Dropbox

2013-08-28 20:05 - 2011-10-25 15:34 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-08-26 21:25 - 2013-08-26 21:25 - 00000000 _____ C:\windows\SysWOW64\sho3F87.tmp

2013-08-19 21:25 - 2013-08-19 21:25 - 00000000 _____ C:\windows\SysWOW64\sho6B2F.tmp

2013-08-17 09:53 - 2013-08-17 09:53 - 01624064 _____ (Bandoo Media Inc) C:\Users\Tim\Downloads\iLividSetup-r367-n-bc.exe

2013-08-15 21:09 - 2009-07-14 01:13 - 00741680 _____ C:\windows\system32\PerfStringBackup.INI

2013-08-15 21:07 - 2013-08-15 21:03 - 00000000 ____D C:\windows\system32\MRT

2013-08-15 21:02 - 2011-10-18 17:46 - 78161360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

2013-08-09 14:38 - 2013-08-09 14:37 - 00288712 _____ C:\Users\Tim\Downloads\Setup (2).exe

2013-08-09 14:37 - 2013-08-09 14:36 - 00208944 _____ (Jottix) C:\Users\Tim\Downloads\video-media-download_setup.exe

 

Files to move or delete:

====================

C:\Users\Tim\AppData\Local\Temp\nswF21E.tmp\System.dll

C:\Users\Tim\AppData\Local\Temp\nswF21E.tmp\UserInfo.dll

C:\Users\Tim\AppData\Local\Temp\nsg67D0.tmp\ExecCmd.dll

C:\Users\Tim\AppData\Local\Temp\nsg67D0.tmp\nsExec.dll

C:\Users\Tim\AppData\Local\Temp\nsg67D0.tmp\NSISdl.dll

C:\Users\Tim\AppData\Local\Temp\nsg67D0.tmp\nsProcess.dll

C:\Users\Tim\AppData\Local\Temp\nsg67D0.tmp\System.dll

C:\Users\Tim\AppData\Local\Temp\nsg67D0.tmp\UserInfo.dll

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2013-05-18 13:39

 

==================== End Of Log ============================

Addition.txt

Link to post
Share on other sites

  • Root Admin

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-09-2013 06

Ran by Tim at 2013-09-02 21:20:54 Run:1

Running from C:\Users\Tim\Downloads

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

HKLM\...\Policies\Explorer: [NoActiveDesktop] 1

MountPoints2: {521a86c6-0e1c-11e1-85ef-6c626d32b329} - F:\setup.exe -a

HKLM-x32\...\Run: [updReg] - C:\windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)

HKLM-x32\...\Run: [] -  [x]

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo....&type=827316&p={searchTerms}

SearchScopes: HKCU - {180780f0-b348-4b44-8210-94a8f3ee15b2} URL = http://search.comcas...&con=toolbar&q={searchTerms}

SearchScopes: HKCU - {82595393-3FC2-42D4-9DA9-6B09513F66A0} URL = 

SearchScopes: HKCU - {8465751E-7E0D-48CC-B97E-D2D9E883DAA9} URL = http://isearch.avg.com/search?cid={7A86C772-4F87-41A4-B749-AE8C6E84A7E0}&mid=376955acf07347d089d1bd2b2bd65ada-ad1491be2ce6c122f6b66faa90e70c2decf7d34c〈=en&ds=od011&pr=sa&d=2012-06-24 22:53:30&v=11.1.0.7&sap=dsp&q={searchTerms}

BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

BHO-x32: No Name - {B922D405-6D13-4A2B-AE89-08A030DA4402} -  No File

BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

C:\Users\Tim\AppData\Local\Temp\nswF21E.tmp\System.dll

C:\Users\Tim\AppData\Local\Temp\nswF21E.tmp\UserInfo.dll

C:\Users\Tim\AppData\Local\Temp\nsg67D0.tmp\ExecCmd.dll

C:\Users\Tim\AppData\Local\Temp\nsg67D0.tmp\nsExec.dll

C:\Users\Tim\AppData\Local\Temp\nsg67D0.tmp\NSISdl.dll

C:\Users\Tim\AppData\Local\Temp\nsg67D0.tmp\nsProcess.dll

C:\Users\Tim\AppData\Local\Temp\nsg67D0.tmp\System.dll

C:\Users\Tim\AppData\Local\Temp\nsg67D0.tmp\UserInfo.dll

Task: {CEED875B-AA59-488D-AB45-36D43A1E73B0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-97007975-1818910891-625548559-1001UA => C:\Users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-17] (Google Inc.)

Task: {8EA19BB4-FA52-47D4-BC2C-900FDAB861F8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-97007975-1818910891-625548559-1001Core => C:\Users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-17] (Google Inc.)

Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-97007975-1818910891-625548559-1001Core.job => C:\Users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-97007975-1818910891-625548559-1001UA.job => C:\Users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe

 

*****************

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoActiveDesktop => Value deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{521a86c6-0e1c-11e1-85ef-6c626d32b329} => Key deleted successfully.

HKCR\CLSID\{521a86c6-0e1c-11e1-85ef-6c626d32b329} => Key not found.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\UpdReg => Value deleted successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.

HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value deleted successfully.

HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value deleted successfully.

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\\{B922D405-6D13-4A2B-AE89-08A030DA4402} => Value deleted successfully.

HKCR\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402} => Key not found.

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.

HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0A2F3328-B226-4329-9DDB-11D9C7F33FF2} => Key deleted successfully.

HKCR\CLSID\{0A2F3328-B226-4329-9DDB-11D9C7F33FF2} => Key not found.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{180780f0-b348-4b44-8210-94a8f3ee15b2} => Key deleted successfully.

HKCR\CLSID\{180780f0-b348-4b44-8210-94a8f3ee15b2} => Key not found.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{82595393-3FC2-42D4-9DA9-6B09513F66A0} => Key deleted successfully.

HKCR\CLSID\{82595393-3FC2-42D4-9DA9-6B09513F66A0} => Key not found.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8465751E-7E0D-48CC-B97E-D2D9E883DAA9} => Key deleted successfully.

HKCR\CLSID\{8465751E-7E0D-48CC-B97E-D2D9E883DAA9} => Key not found.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully.

HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key deleted successfully.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402} => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402} => Key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully.

C:\Users\Tim\AppData\Local\Temp\nswF21E.tmp\System.dll => Moved successfully.

C:\Users\Tim\AppData\Local\Temp\nswF21E.tmp\UserInfo.dll => Moved successfully.

C:\Users\Tim\AppData\Local\Temp\nsg67D0.tmp\ExecCmd.dll => Moved successfully.

C:\Users\Tim\AppData\Local\Temp\nsg67D0.tmp\nsExec.dll => Moved successfully.

C:\Users\Tim\AppData\Local\Temp\nsg67D0.tmp\NSISdl.dll => Moved successfully.

C:\Users\Tim\AppData\Local\Temp\nsg67D0.tmp\nsProcess.dll => Moved successfully.

C:\Users\Tim\AppData\Local\Temp\nsg67D0.tmp\System.dll => Moved successfully.

C:\Users\Tim\AppData\Local\Temp\nsg67D0.tmp\UserInfo.dll => Moved successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CEED875B-AA59-488D-AB45-36D43A1E73B0} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEED875B-AA59-488D-AB45-36D43A1E73B0} => Key deleted successfully.

C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-97007975-1818910891-625548559-1001UA => Moved successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-97007975-1818910891-625548559-1001UA => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8EA19BB4-FA52-47D4-BC2C-900FDAB861F8} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8EA19BB4-FA52-47D4-BC2C-900FDAB861F8} => Key deleted successfully.

C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-97007975-1818910891-625548559-1001Core => Moved successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-97007975-1818910891-625548559-1001Core => Key deleted successfully.

C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-97007975-1818910891-625548559-1001Core.job => Moved successfully.

C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-97007975-1818910891-625548559-1001UA.job => Moved successfully.

 

==== End of Fixlog ====

Link to post
Share on other sites

  • Root Admin

Great that looks good.

 

Please run the following scans and post back the logs.

 

 

Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus


 

 

 

 

 

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.


 

Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 5.5.7 (09.01.2013:1)

OS: Windows 7 Home Premium x64

Ran by Tim on Mon 09/02/2013 at 21:33:59.74

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-97007975-1818910891-625548559-1001\Software\Microsoft\Internet Explorer\Main\\Start Page

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\igearsettings

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs

 

 

 

~~~ Files

 

Successfully deleted: [File] C:\windows\syswow64\sho1D50.tmp

Successfully deleted: [File] C:\windows\syswow64\sho3F87.tmp

Successfully deleted: [File] C:\windows\syswow64\sho6B2F.tmp

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"

Successfully deleted: [Folder] "C:\Users\Tim\AppData\Roaming\opencandy"

Successfully deleted: [Folder] "C:\Users\Tim\AppData\Roaming\pdfforge"

Successfully deleted: [Folder] "C:\Users\Tim\appdata\locallow\comcasttb"

Successfully deleted: [Folder] "C:\Users\Tim\appdata\locallow\pdfforge"

Successfully deleted: [Folder] "C:\Users\Tim\appdata\locallow\search settings"

Failed to delete: [Folder] "C:\Program Files (x86)\comcasttb"

Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\spigot"

Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{111784C1-44E3-46F6-8FE9-3C3656C8D85B}

Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{29735976-2D02-4B89-B2C8-4D69C4A3CCE1}

Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{6E5B01A1-0F45-49FD-AAE7-F091D253DA21}

Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{7BCCB8B3-3467-420A-805C-895372D3DF2C}

Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{BA6165D6-FA29-40A2-A63B-BB916D64E562}

Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{CC2DF14C-33E4-4A8F-B7F3-E16B67039499}

Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{FE149A39-37F2-4D51-A069-826BF978F0DD}

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Mon 09/02/2013 at 21:47:58.06

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 


# AdwCleaner v3.002 - Report created 03/09/2013 at 18:43:46

# Updated 01/09/2013 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Tim - TIM-MSI

# Running from : C:\Users\Tim\Downloads\AdwCleaner.exe

# Option : Scan

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Found C:\Program Files (x86)\AVG Secure Search

Folder Found C:\Program Files (x86)\comcasttb

Folder Found C:\Program Files (x86)\Common Files\AVG Secure Search

Folder Found C:\Program Files (x86)\xfin_portal

Folder Found C:\ProgramData\AVG Secure Search

Folder Found C:\Users\Tim\AppData\Local\AVG Secure Search

Folder Found C:\Users\Tim\AppData\LocalLow\AVG Secure Search

Folder Found C:\Users\Tim\AppData\LocalLow\xfin_portal

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Found : HKCU\Software\AppDataLow\Software\xfin_portal

Key Found : HKCU\Software\AVG Secure Search

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Found : HKCU\Software\pdfforge

Key Found : HKCU\Software\Search Settings

Key Found : [x64] HKCU\Software\AVG Secure Search

Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : [x64] HKCU\Software\pdfforge

Key Found : [x64] HKCU\Software\Search Settings

Key Found : HKLM\SOFTWARE\Classes\AppID\{49BC4DD1-0E69-4611-9164-0009538C5E46}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{08635077-8829-49E2-B338-C968817EB460}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{20A3F109-F7C1-47B4-8098-8E654B264B1D}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{8C7478AB-3155-463E-936F-55F91F0F10D0}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{9E1B65EE-A131-42B4-94CA-847505E2F611}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Found : HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}

Key Found : HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4A11A6BD-7880-49BD-92D4-6F09D0BD3250}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{68DE31F7-43FF-4EE2-B88B-10665016970D}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\xfin_portal

Key Found : HKLM\Software\pdfforge

Key Found : HKLM\Software\Search Settings

Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}

Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}]

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v10.0.9200.16660

 

 

-\\ Google Chrome v

 

[ File : C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [4757 octets] - [03/09/2013 18:43:46]

 

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4817 octets] ##########

 

Link to post
Share on other sites

I pressed clean and couldnt get it to stop.  Log after I cleaned.

 

# AdwCleaner v3.002 - Report created 03/09/2013 at 19:06:14
# Updated 01/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Tim - TIM-MSI
# Running from : C:\Users\Tim\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\comcasttb
Folder Deleted : C:\Program Files (x86)\xfin_portal
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Tim\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Tim\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Tim\AppData\LocalLow\xfin_portal
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{08635077-8829-49E2-B338-C968817EB460}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{20A3F109-F7C1-47B4-8098-8E654B264B1D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8C7478AB-3155-463E-936F-55F91F0F10D0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9E1B65EE-A131-42B4-94CA-847505E2F611}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A11A6BD-7880-49BD-92D4-6F09D0BD3250}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{68DE31F7-43FF-4EE2-B88B-10665016970D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\pdfforge
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Software\xfin_portal
Key Deleted : HKLM\Software\pdfforge
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\xfin_portal
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16660
 
 
-\\ Google Chrome v
 
[ File : C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [4929 octets] - [03/09/2013 18:43:46]
AdwCleaner[s0].txt - [4689 octets] - [03/09/2013 19:06:14]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4749 octets] ##########
Link to post
Share on other sites

  • Root Admin

Please restart the computer and go into the Recovery Environment

How to Boot to the System Recovery Options in Windows 7


Then run the Command Prompt and run a full disk check on your C: drive.

CHKDSK C: /R

How to Run Disk Check in Windows 7

 

 

When done please try to run Combofix again.

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.