Jump to content

FBI Green Dot Virus - Am I out of luck?

uomograsso

By uomograsso
in Resolved Malware Removal Logs

 Share

Recommended Posts

uomograsso

uomograsso

Posted
Posted

I picked up the FBI Green Dot Virus and ran Farbar 64 recovery tool from a USB drive after .  I followed the directions, but don't see much in the files.  Did I do something wrong?  When I start notepad it is showing my flash drive as the C: drive.

 

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
    services.exe
  • Now press the Search button
  • When the search is complete, search.txt will also be written to your USB
  • Type exit and reboot the computer normally
  • Please copy and paste both logs in your reply.(FRST.txt and Search.txt)

 

Here is the FRST.txt file

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-11-2013
Ran by SYSTEM on MININT-VSHDP9S on 17-11-2013 00:06:42
Running from F:\
WIN_7 (X64) OS Language: English(US)
Boot Mode: Recovery
Attention: Could not load system hive.
Attention: System hive is missing.
 
==================== Registry (Whitelisted) ==================
 
Attention: Software hive is missing.
 
ATTENTION: Software hive is not loaded.
 
 
==================== Services (Whitelisted) =================
 
 
==================== Drivers (Whitelisted) ====================
 
 
========================== Drivers MD5 =======================
 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
 
==================== One Month Modified Files and Folders =======
 
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\wininit.exe IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\wininit.exe IS MISSING <==== ATTENTION!.
C:\Windows\explorer.exe IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\explorer.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\services.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\User32.dll IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\User32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\userinit.exe IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\userinit.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\Drivers\volsnap.sys IS MISSING <==== ATTENTION!.
C:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!.
C:\Windows\System32\winsrv.dll IS MISSING <==== ATTENTION!.
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe:  <===== ATTENTION!
HKLM\...\exefile\DefaultIcon:  <===== ATTENTION!
HKLM\...\exefile\open\command:  <===== ATTENTION!
 
==================== Restore Points  =========================
 
 
==================== BCD ================================
The boot configuration data store could not be opened.
The system cannot find the file specified.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 12%
Total physical RAM: 3835.66 MB
Available physical RAM: 3363.62 MB
Total Pagefile: 3833.8 MB
Available Pagefile: 3333.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB
 
==================== Drives ================================
 
Drive e: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF
Drive f: (KINGSTON) (Removable) (Total:29.06 GB) (Free:28.84 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 9E910039)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=287 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10 GB) - (Type=17)
 
========================================================
Disk: 1 (Size: 29 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=29 GB) - (Type=0C)
 
==================== End Of Log ============================

 

 

Here is the search.txt file

 

Farbar Recovery Scan Tool (x64) Version: 17-11-2013
Ran by SYSTEM at 2013-11-17 00:07:09
Running from F:\
Boot Mode: Recovery
 
================== Search: "services.exe" ===================
 
====== End Of Search ======
Link to post
Share on other sites
uomograsso

uomograsso

Posted
  • Author
Posted

Whew.  I was able to boot into safe mode with command prompt and get explorer running so I could re-run  Frst64.exe

 

Here is the Frst.txt file

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-11-2013
Ran by uomograsso (administrator) on DEEPTHOUGHT on 17-11-2013 00:58:30
Running from E:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\cmd.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] - [x]
HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [Eraser] - C:\Program Files\Eraser\Eraser.exe [979344 2010-04-10] (The Eraser Project)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-08-12] ()
HKCU\...\Run: [TrueCrypt] - C:\Program Files\TrueCrypt\TrueCrypt.exe [1496528 2011-05-01] (TrueCrypt Foundation)
HKCU\...\Run: [Google Update] - C:\Users\uomograsso\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-07-17] (Google Inc.)
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKCU\...\Winlogon: [shell] explorer.exe,C:\Users\uomograsso\AppData\Roaming\skype.dat [103424 2013-08-28] (ABCDevelop Software) <==== ATTENTION
HKCU\...\Policies\Explorer\Run: [Netscape] - C:\Users\uomograsso\AppData\Roaming\twciaftd\scisstai.exe [84992 2013-08-28] ( (ABCDevelop Software))
Startup: C:\Users\uomograsso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kongregate.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {5DA6A662-2F76-4504-B369-46A6A53C6C5A} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: HKLM-x32 {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 07 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll File Not found ()
Winsock: Catalog9 02 mswsock.dll File Not found ()
Winsock: Catalog9 03 mswsock.dll File Not found ()
Winsock: Catalog9 04 mswsock.dll File Not found ()
Winsock: Catalog9 05 mswsock.dll File Not found ()
Winsock: Catalog9 06 mswsock.dll File Not found ()
Winsock: Catalog9 07 mswsock.dll File Not found ()
Winsock: Catalog9 08 mswsock.dll File Not found ()
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 07 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9-x64 01 mswsock.dll File Not found ()
Winsock: Catalog9-x64 02 mswsock.dll File Not found ()
Winsock: Catalog9-x64 03 mswsock.dll File Not found ()
Winsock: Catalog9-x64 04 mswsock.dll File Not found ()
Winsock: Catalog9-x64 05 mswsock.dll File Not found ()
Winsock: Catalog9-x64 06 mswsock.dll File Not found ()
Winsock: Catalog9-x64 07 mswsock.dll File Not found ()
Winsock: Catalog9-x64 08 mswsock.dll File Not found ()
Winsock: Catalog9-x64 09 mswsock.dll File Not found ()
Winsock: Catalog9-x64 10 mswsock.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\uomograsso\AppData\Roaming\Mozilla\Firefox\Profiles\0m0i6ys5.default
FF user.js: detected! => C:\Users\uomograsso\AppData\Roaming\Mozilla\Firefox\Profiles\0m0i6ys5.default\user.js

FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 50370
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\uomograsso\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\uomograsso\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Users\uomograsso\AppData\Roaming\Mozilla\Firefox\Profiles\0m0i6ys5.default\searchplugins\mypoints-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
FF Extension: Old Location Bar - C:\Users\uomograsso\AppData\Roaming\Mozilla\Firefox\Profiles\0m0i6ys5.default\Extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0}
FF Extension: autoproxy - C:\Users\uomograsso\AppData\Roaming\Mozilla\Firefox\Profiles\0m0i6ys5.default\Extensions\autoproxy@autoproxy.org.xpi
FF Extension: jid0-bbA9VAawX3LMWDu668aUDrpQVXU - C:\Users\uomograsso\AppData\Roaming\Mozilla\Firefox\Profiles\0m0i6ys5.default\Extensions\jid0-bbA9VAawX3LMWDu668aUDrpQVXU@jetpack.xpi
FF Extension: Adblock Plus - C:\Users\uomograsso\AppData\Roaming\Mozilla\Firefox\Profiles\0m0i6ys5.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: greasemonkey - C:\Users\uomograsso\AppData\Roaming\Mozilla\Firefox\Profiles\0m0i6ys5.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi

Chrome:
=======


CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\uomograsso\AppData\Local\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\uomograsso\AppData\Local\Google\Chrome\Application\31.0.1650.57\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\uomograsso\AppData\Local\Google\Chrome\Application\31.0.1650.57\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java Platform SE 6 U24) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Widevine Media Transformer) - C:\Users\uomograsso\AppData\Local\Google\Chrome\Application\plugins\npwidevinemediatransformer.dll (Widevine Technologies)
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\uomograsso\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Flash Video Download) - C:\Users\UOMOGR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\anadfmbemnidomdljfcdgdoomhghoclk\1.3.14_0
CHR Extension: (YouTube) - C:\Users\UOMOGR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\UOMOGR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Search by Image (by Google)) - C:\Users\UOMOGR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm\1.5.0_0
CHR Extension: (DoNotTrackMe) - C:\Users\UOMOGR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\2.2.9.815_0
CHR Extension: (Google Wallet) - C:\Users\UOMOGR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\UOMOGR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR StartMenuInternet: Google Chrome - C:\Users\uomograsso\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] ()
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] ()
S2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [103792 2010-01-28] (Symantec Corporation)
S2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [126392 2009-08-24] (Symantec Corporation)
S3 Stuffit Archive Name Service; C:\Program Files (x86)\Smith Micro\StuffIt 2010\ArcNameService.exe [1916248 2009-10-30] (Smith Micro Software, Inc.)
U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{30690bde-cd8e-2593-22e0-f0f5d148f68c}\   \...\???\{30690bde-cd8e-2593-22e0-f0f5d148f68c}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

S2 cpuz135; C:\windows\system32\drivers\cpuz135_x64.sys [21992 2011-09-21] (CPUID)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
S3 usbbus; system32\DRIVERS\lgx64bus.sys [x]
S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [x]
S3 USBModem; system32\DRIVERS\lgx64modem.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-17 00:58 - 2013-11-17 00:58 - 00000000 ____D C:\FRST
2013-11-16 22:23 - 2013-11-17 00:52 - 00000004 _____ C:\Users\uomograsso\AppData\Roaming\skype.ini
2013-11-16 10:15 - 2013-11-16 10:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-14 09:02 - 2013-10-12 02:45 - 02241536 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-11-14 09:02 - 2013-10-12 02:45 - 01364992 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-11-14 09:02 - 2013-10-12 02:45 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-11-14 09:02 - 2013-10-12 02:43 - 03959808 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-11-14 09:02 - 2013-10-12 02:43 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-11-14 09:02 - 2013-10-12 02:43 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-11-14 09:02 - 2013-10-12 02:43 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-11-14 09:02 - 2013-10-12 02:43 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-11-14 09:02 - 2013-10-12 02:43 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-11-14 09:02 - 2013-10-12 02:43 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-11-14 09:02 - 2013-10-12 02:43 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-11-14 09:02 - 2013-10-12 02:43 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-11-14 09:02 - 2013-10-12 01:03 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-11-14 09:02 - 2013-10-12 01:03 - 01138176 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-11-14 09:02 - 2013-10-12 01:02 - 02877952 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-11-14 09:02 - 2013-10-12 01:02 - 02049024 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-11-14 09:02 - 2013-10-12 01:02 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-11-14 09:02 - 2013-10-12 01:02 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-11-14 09:02 - 2013-10-12 01:02 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-11-14 09:02 - 2013-10-12 01:02 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-11-14 09:02 - 2013-10-12 01:02 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-11-14 09:02 - 2013-10-12 01:02 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-11-14 09:02 - 2013-10-12 01:02 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-11-14 09:02 - 2013-10-12 00:35 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-11-14 09:02 - 2013-10-12 00:08 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-11-14 09:02 - 2013-10-11 23:44 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-11-14 09:02 - 2013-10-11 23:15 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-14 09:01 - 2013-10-12 02:43 - 19269632 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-11-14 09:01 - 2013-10-12 02:43 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-11-14 09:01 - 2013-10-12 01:02 - 14355968 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-11-14 09:01 - 2013-10-12 01:02 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-11-13 09:14 - 2013-10-11 20:30 - 00830464 _____ (Microsoft Corporation) C:\windows\system32\nshwfp.dll
2013-11-13 09:14 - 2013-10-11 20:29 - 00859648 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
2013-11-13 09:14 - 2013-10-11 20:29 - 00324096 _____ (Microsoft Corporation) C:\windows\system32\FWPUCLNT.DLL
2013-11-13 09:14 - 2013-10-11 20:03 - 00656896 _____ (Microsoft Corporation) C:\windows\SysWOW64\nshwfp.dll
2013-11-13 09:14 - 2013-10-11 20:01 - 00216576 _____ (Microsoft Corporation) C:\windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 09:14 - 2013-10-05 14:25 - 01474048 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2013-11-13 09:14 - 2013-10-05 13:57 - 01168384 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2013-11-13 09:14 - 2013-10-03 20:28 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\SmartcardCredentialProvider.dll
2013-11-13 09:14 - 2013-10-03 20:25 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\credui.dll
2013-11-13 09:14 - 2013-10-03 20:24 - 01930752 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2013-11-13 09:14 - 2013-10-03 19:58 - 00152576 _____ (Microsoft Corporation) C:\windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 09:14 - 2013-10-03 19:56 - 01796096 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2013-11-13 09:14 - 2013-10-03 19:56 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\credui.dll
2013-11-13 09:14 - 2013-10-02 20:23 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2013-11-13 09:14 - 2013-10-02 20:00 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2013-11-13 09:14 - 2013-09-27 19:09 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2013-11-13 09:14 - 2013-09-24 20:26 - 00154560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2013-11-13 09:14 - 2013-09-24 20:26 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2013-11-13 09:14 - 2013-09-24 20:23 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2013-11-13 09:14 - 2013-09-24 20:23 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2013-11-13 09:14 - 2013-09-24 20:23 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2013-11-13 09:14 - 2013-09-24 20:22 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2013-11-13 09:14 - 2013-09-24 20:21 - 01447936 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2013-11-13 09:14 - 2013-09-24 20:21 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2013-11-13 09:14 - 2013-09-24 19:58 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2013-11-13 09:14 - 2013-09-24 19:57 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2013-11-13 09:14 - 2013-09-24 19:57 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2013-11-13 09:14 - 2013-09-24 19:56 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2013-11-13 09:14 - 2013-09-24 19:03 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2013-11-13 09:14 - 2013-07-04 06:18 - 00458712 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2013-10-29 12:48 - 2013-10-29 12:48 - 12427040 _____ C:\Users\uomograsso\Downloads\SetupEditPadLite.zip
2013-10-29 12:42 - 2013-10-29 12:42 - 02972712 _____ C:\Users\uomograsso\Downloads\pspad458b2462.zip
2013-10-29 12:39 - 2013-10-29 12:39 - 09494088 _____ (Just Great Software         ) C:\Users\uomograsso\Downloads\SetupEditPadLite.exe
2013-10-29 11:49 - 2013-10-29 11:49 - 00777482 _____ C:\Users\uomograsso\Downloads\ChromeSetup.zip
2013-10-29 11:46 - 2013-10-29 11:46 - 23294592 _____ (Mozilla) C:\Users\uomograsso\Downloads\Firefox Setup 25.0.exe
2013-10-29 11:46 - 2013-10-29 11:46 - 00819144 _____ (Google Inc.) C:\Users\uomograsso\Downloads\ChromeSetup.exe

==================== One Month Modified Files and Folders =======

2013-11-17 00:58 - 2013-11-17 00:58 - 00000000 ____D C:\FRST
2013-11-17 00:52 - 2013-11-16 22:23 - 00000004 _____ C:\Users\uomograsso\AppData\Roaming\skype.ini
2013-11-17 00:51 - 2013-10-15 09:19 - 00002642 _____ C:\windows\setupact.log
2013-11-17 00:51 - 2009-07-13 23:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-11-17 00:47 - 2010-06-05 07:40 - 01368012 _____ C:\windows\WindowsUpdate.log
2013-11-17 00:47 - 2009-07-13 22:45 - 00016304 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-17 00:47 - 2009-07-13 22:45 - 00016304 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-16 23:16 - 2009-07-13 23:13 - 00726254 _____ C:\windows\system32\PerfStringBackup.INI
2013-11-16 22:17 - 2012-11-09 09:40 - 00000000 ____D C:\Program Files (x86)\Google
2013-11-16 22:17 - 2010-07-17 15:37 - 00000000 ____D C:\Users\uomograsso\AppData\Local\Google
2013-11-16 21:58 - 2012-06-20 07:19 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-11-16 21:37 - 2010-07-17 16:31 - 00000928 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-849875962-3964587724-169579225-1000UA.job
2013-11-16 10:24 - 2010-07-17 16:31 - 00000876 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-849875962-3964587724-169579225-1000Core.job
2013-11-16 10:16 - 2013-11-16 10:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-14 19:27 - 2010-07-17 16:41 - 00002404 _____ C:\Users\uomograsso\Desktop\Google Chrome.lnk
2013-11-14 18:56 - 2009-07-13 21:20 - 00000000 ____D C:\windows\rescache
2013-11-14 09:12 - 2010-03-24 15:43 - 00000000 ____D C:\windows\Panther
2013-11-14 09:01 - 2013-08-14 21:44 - 00000000 ____D C:\windows\system32\MRT
2013-11-14 08:58 - 2010-07-18 10:48 - 82896128 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-11-01 15:04 - 2010-07-23 18:40 - 00000000 ____D C:\Users\uomograsso\KoL
2013-10-29 12:48 - 2013-10-29 12:48 - 12427040 _____ C:\Users\uomograsso\Downloads\SetupEditPadLite.zip
2013-10-29 12:42 - 2013-10-29 12:42 - 02972712 _____ C:\Users\uomograsso\Downloads\pspad458b2462.zip
2013-10-29 12:39 - 2013-10-29 12:39 - 09494088 _____ (Just Great Software         ) C:\Users\uomograsso\Downloads\SetupEditPadLite.exe
2013-10-29 11:49 - 2013-10-29 11:49 - 00777482 _____ C:\Users\uomograsso\Downloads\ChromeSetup.zip
2013-10-29 11:49 - 2011-03-28 16:06 - 00000000 ____D C:\Users\uomograsso\AppData\Local\Smith Micro
2013-10-29 11:46 - 2013-10-29 11:46 - 23294592 _____ (Mozilla) C:\Users\uomograsso\Downloads\Firefox Setup 25.0.exe
2013-10-29 11:46 - 2013-10-29 11:46 - 00819144 _____ (Google Inc.) C:\Users\uomograsso\Downloads\ChromeSetup.exe
2013-10-24 13:15 - 2010-07-17 15:27 - 00000000 ____D C:\Users\uomograsso
2013-10-23 09:59 - 2010-07-18 07:50 - 00000000 ____D C:\Users\uomograsso\BBQ
2013-10-22 21:01 - 2013-04-25 16:23 - 00000000 ____D C:\Users\uomograsso\Documents\Recipes

ZeroAccess:
C:\Windows\assembly\tmp
C:\Windows\assembly\tmp\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

ZeroAccess:
C:\Users\uomograsso\AppData\Local\6cfc6ea3
C:\Users\uomograsso\AppData\Local\6cfc6ea3\@

Files to move or delete:
====================
C:\Users\uomograsso\AppData\Roaming\skype.dat
C:\Users\uomograsso\AppData\Roaming\skype.ini
ZeroAccess:
C:\Users\uomograsso\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install


Some content of TEMP:
====================
C:\Users\uomograsso\AppData\Local\Temp\2936.tmp.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
C:\Program Files\Microsoft Security Client\MsMpEng.exe => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client


LastRegBack: 2013-11-11 21:09

==================== End Of Log ============================

 

 

Here is the Addition.txt file

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-11-2013
Ran by uomograsso at 2013-11-17 00:59:38
Running from E:\
Boot Mode: Safe Mode (minimal)
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 7.2.4)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader 9.5.3 (x32 Version: 9.5.3)
Amazon Links (x32 Version: 2.02)
Amazon MP3 Downloader 1.0.17 (x32 Version: 1.0.17)
ATI Catalyst Install Manager (Version: 3.0.765.0)
AutoHotkey 1.0.48.05 (x32 Version: 1.0.48.05)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Core Implementation (x32 Version: 2010.0315.1050.17562)
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0315.1050.17562)
Catalyst Control Center Graphics Full New (x32 Version: 2010.0315.1050.17562)
Catalyst Control Center Graphics Light (x32 Version: 2010.0315.1050.17562)
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0315.1050.17562)
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0315.1050.17562)
Catalyst Control Center Localization All (x32 Version: 2010.0315.1050.17562)
CCC Help Chinese Standard (x32 Version: 2010.0315.1049.17562)
CCC Help Chinese Traditional (x32 Version: 2010.0315.1049.17562)
CCC Help Czech (x32 Version: 2010.0315.1049.17562)
CCC Help Danish (x32 Version: 2010.0315.1049.17562)
CCC Help Dutch (x32 Version: 2010.0315.1049.17562)
CCC Help English (x32 Version: 2010.0315.1049.17562)
CCC Help Finnish (x32 Version: 2010.0315.1049.17562)
CCC Help French (x32 Version: 2010.0315.1049.17562)
CCC Help German (x32 Version: 2010.0315.1049.17562)
CCC Help Greek (x32 Version: 2010.0315.1049.17562)
CCC Help Hungarian (x32 Version: 2010.0315.1049.17562)
CCC Help Italian (x32 Version: 2010.0315.1049.17562)
CCC Help Japanese (x32 Version: 2010.0315.1049.17562)
CCC Help Korean (x32 Version: 2010.0315.1049.17562)
CCC Help Norwegian (x32 Version: 2010.0315.1049.17562)
CCC Help Polish (x32 Version: 2010.0315.1049.17562)
CCC Help Portuguese (x32 Version: 2010.0315.1049.17562)
CCC Help Russian (x32 Version: 2010.0315.1049.17562)
CCC Help Spanish (x32 Version: 2010.0315.1049.17562)
CCC Help Swedish (x32 Version: 2010.0315.1049.17562)
CCC Help Thai (x32 Version: 2010.0315.1049.17562)
CCC Help Turkish (x32 Version: 2010.0315.1049.17562)
ccc-core-static (x32 Version: 2010.0315.1050.17562)
ccc-utility64 (Version: 2010.0315.1050.17562)
CCleaner (Version: 4.06)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000)
CPUID CPU-Z 1.60.1
CPUID HWMonitor 1.19
Eraser 6.0.7.1893 (Version: 6.7.1893)
Full Tilt Poker (x32 Version: 4.28.1.WIN.FullTilt.COM)
Google Chrome (HKCU Version: 31.0.1650.57)
IrfanView (remove only) (x32 Version: 4.32)
Java Auto Updater (x32 Version: 2.0.3.1)
Java 6 Update 24 (x32 Version: 6.0.240)
Junk Mail filter update (x32 Version: 14.0.8089.726)
Just Great Software EditPad Lite 6.6.4 (x32 Version: 6.6.4)
Label@Once 1.0 (x32 Version: 1.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (x32 Version: 2.0.48.0)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office PowerPoint Viewer 2007 (English) (x32 Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.3.0219.0)
Microsoft Security Essentials (Version: 4.3.219.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 25.0.1 (x86 en-US) (x32 Version: 25.0.1)
MSVCRT (x32 Version: 14.0.1468.721)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (x32 Version: 4.30.2107.0)
OpenOffice.org 3.3 (x32 Version: 3.3.9567)
PlayReady PC Runtime amd64 (Version: 1.3.0)
Realtek Ethernet Controller Driver For Windows 7 (x32 Version: 7.17.304.2010)
Realtek HDMI Audio Driver for ATI (x32 Version: 6.0.1.5992)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6526)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30111)
Realtek WLAN Driver (x32 Version: 2.00.0012)
Shared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002) (x32 Version: 1.0.0)
Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002) (x32 Version: 1.0.0)
Skype Launcher (x32 Version: 2.01)
StuffIt 2010 (Version: 14.0.0)
StuffIt Plugins (x32 Version: 1.0.0)
StuffIt Plugins For Office And Photoshop (x32 Version: 13.0.0.005)
Synaptics Pointing Device Driver (Version: 15.0.8.1)
TOSHIBA Application Installer (x32 Version: 9.0.1.0)
TOSHIBA Assist (x32 Version: 3.00.10)
TOSHIBA Disc Creator (Version: 2.1.0.2 for x64)
TOSHIBA Face Recognition (Version: 3.1.3.64)
TOSHIBA Face Recognition (x32 Version: 3.1.3.64)
TOSHIBA Flash Cards Support Utility (x32 Version: 1.63.0.6C)
TOSHIBA Hardware Setup (x32 Version: 1.63.0.21C)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.6)
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.6)
Toshiba Laptop Checkup (x32 Version: 2.0.3.198)
TOSHIBA Media Controller (x32 Version: 1.0.80.3.64)
TOSHIBA Media Controller Plug-in (x32 Version: 1.0.8.0)
Toshiba Online Backup (x32 Version: 1.2.0.38)
TOSHIBA Quality Application (x32 Version: 1.0.3)
TOSHIBA Recovery Media Creator (Version: 2.1.0.4 for x64)
TOSHIBA ReelTime (Version: 1.6.06.64)
TOSHIBA ReelTime (x32 Version: 1.6.06.64)
TOSHIBA Supervisor Password (x32 Version: 1.63.0.9C)
TOSHIBA Value Added Package (Version: 1.3.3.64)
TOSHIBA Value Added Package (x32 Version: 1.3.3.64)
TOSHIBA Web Camera Application (x32 Version: 1.1.1.15)
ToshibaRegistration (x32 Version: 1.0.4)
TrueCrypt (x32 Version: 7.0a)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Utility Common Driver (x32 Version: 1.0.52.1C)
Widevine Media Transformer Chrome  (HKCU Version: 5.0.0.4679)
Windows Driver Package - Realtek (RTL8167) Net  (03/21/2011 7.043.0321.2011) (Version: 03/21/2011 7.043.0321.2011)
Windows Driver Package - Realtek (RTL8167) Net  (10/25/2010 7.031.1025.2010) (Version: 10/25/2010 7.031.1025.2010)
Windows Driver Package - Realtek Semiconductor Corp. (rtl8192se) Net  (06/20/2011 2020.4.0620.2011) (Version: 06/20/2011 2020.4.0620.2011)
Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (04/06/2011 6.0.1.6343) (Version: 04/06/2011 6.0.1.6343)
Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (06/14/2011 6.0.1.6392) (Version: 06/14/2011 6.0.1.6392)
Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (10/18/2011 6.0.1.6482) (Version: 10/18/2011 6.0.1.6482)
Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (12/13/2011 6.0.1.6526) (Version: 12/13/2011 6.0.1.6526)
Windows Live Call (x32 Version: 14.0.8064.0206)
Windows Live Communications Platform (x32 Version: 14.0.8064.206)
Windows Live Essentials (x32 Version: 14.0.8089.0726)
Windows Live Essentials (x32 Version: 14.0.8089.726)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Live Mail (x32 Version: 14.0.8089.0726)
Windows Live Messenger (x32 Version: 14.0.8089.0726)
Windows Live Movie Maker (x32 Version: 14.0.8091.0730)
Windows Live Photo Gallery (x32 Version: 14.0.8081.709)
Windows Live Sync (x32 Version: 14.0.8089.726)
Windows Live Upload Tool (x32 Version: 14.0.8014.1029)
Windows Live Writer (x32 Version: 14.0.8089.0726)
Yahoo! Messenger (x32)

==================== Restore Points  =========================

24-10-2013 04:32:09 Windows Update
27-10-2013 22:15:18 Windows Update
30-10-2013 23:09:34 Windows Update
03-11-2013 23:10:10 Windows Update
11-11-2013 22:17:09 Windows Update
14-11-2013 14:57:32 Windows Update

==================== Hosts content: ==========================

2009-07-13 20:34 - 2010-11-14 17:07 - 00000869 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {21050D51-687B-4189-9827-58015B48796B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-849875962-3964587724-169579225-1000UA => C:\Users\uomograsso\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-17] (Google Inc.)
Task: {236E8A55-DA45-4D2C-942F-E2D77527F9E5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {7C28BCF6-1A2D-4C93-BF09-EEA0CC3ED45D} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-08-12] ()
Task: {AD4EF527-95DD-441D-B5AF-7A45CFF44DAD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-849875962-3964587724-169579225-1000Core => C:\Users\uomograsso\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-17] (Google Inc.)
Task: {CB7E810F-41A6-456B-948F-C067EC9357CB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08] (Adobe Systems Incorporated)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-849875962-3964587724-169579225-1000Core.job => C:\Users\uomograsso\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-849875962-3964587724-169579225-1000UA.job => C:\Users\uomograsso\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============


==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\windows\Temp:temp

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "UseAlternateShell"="1"

==================== Faulty Device Manager Devices =============

Name: Synaptics PS/2 Port TouchPad
Description: Synaptics PS/2 Port TouchPad
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Synaptics
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/16/2013 11:25:43 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x00000000000511d6
Faulting process id: 0x91c
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (11/15/2013 05:40:47 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (11/13/2013 06:25:01 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (11/11/2013 09:11:48 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (11/04/2013 11:51:22 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (11/03/2013 00:17:26 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (11/01/2013 05:37:12 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (10/31/2013 05:21:23 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (10/29/2013 05:15:22 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (10/28/2013 06:14:47 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (11/17/2013 00:57:41 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (11/17/2013 00:57:38 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (11/17/2013 00:57:37 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (11/17/2013 00:57:36 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (11/17/2013 00:55:58 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (11/17/2013 00:55:58 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (11/17/2013 00:55:58 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (11/17/2013 00:55:58 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (11/17/2013 00:55:58 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (11/17/2013 00:55:58 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (11/16/2013 11:25:43 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d672ee4ntdll.dll6.1.7601.18247521eaf24c000000500000000000511d691c01cee3556dcd20b7C:\windows\Explorer.EXEC:\windows\SYSTEM32\ntdll.dllb3d041ad-4f48-11e3-bf2e-02fe33df2341

Error: (11/15/2013 05:40:47 PM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8

Error: (11/13/2013 06:25:01 PM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8

Error: (11/11/2013 09:11:48 PM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8

Error: (11/04/2013 11:51:22 AM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8

Error: (11/03/2013 00:17:26 PM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8

Error: (11/01/2013 05:37:12 PM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8

Error: (10/31/2013 05:21:23 PM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8

Error: (10/29/2013 05:15:22 PM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8

Error: (10/28/2013 06:14:47 AM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8


==================== Memory info ===========================

Percentage of memory in use: 19%
Total physical RAM: 3835.66 MB
Available physical RAM: 3094.76 MB
Total Pagefile: 7669.49 MB
Available Pagefile: 6953.94 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (TI105838W0G) (Fixed) (Total:286.59 GB) (Free:230.4 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive e: (KINGSTON) (Removable) (Total:29.06 GB) (Free:28.84 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 9E910039)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=287 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10 GB) - (Type=17)

========================================================
Disk: 1 (Size: 29 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=29 GB) - (Type=0C)

==================== End Of Log ============================

 

 

Here is the Search.txt file when searching for "services.exe"

 

Farbar Recovery Scan Tool (x64) Version: 17-11-2013
Ran by uomograsso at 2013-11-17 01:00:49
Running from E:\
Boot Mode: Safe Mode (minimal)

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 17:19] - [2009-07-13 19:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 17:19] - [2009-07-13 19:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

 

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.


The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Re-boot to normal mode.....

 

Next,

 

If you can now run in normal mode continue:

 

Download Services Repair tool, available here - http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe and Save it to your Desktop. Right click on it and select Run As Administrator, follow the prompts. It should reboot when it finishes. If not reboot it yourself.

 

Next,

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware,

Make sure that everything is checked, and click Remove Selected on any found items.

Post the produced log
 

Next,

 

Please download RogueKiller from here:

http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe  <- 32 bit version

http://www.sur-la-toile.com/RogueKiller/RogueKillerX64.exe  <- 64 bit version

                                     

  • Make sure to get the correct version for your system.
  • Quit all running programs
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • Wait until Prescan has finished...
  • The following EULA will appear, please select accept
     
    RKLicence.png
     
  • Ensure MBR scan, Check faked and AntiRootkit are checked
  • Select Scan
     
    RK1A.png
     
  • When the scan completes select Report, copy and paste that to your reply.
     
    RK2A.png
     
  • The log should be found in RKreport[?].txt on your Desktop
  • Exit/Close RogueKiller


     
    Let me see those logs, also give update on any remaining issues or concerns..
    Kevin
     
     
     
     
     
    fixlist.txt
Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.