Jump to content

malware problem:


Veteran

Recommended Posts

I have a Dell XPS 8500 with Windows 7 Professional SP1, with SpwareBlaster, SuperAntiSpyware,

Avast and Windows Firewall. (1) TB HD, Intel ® Core i7-33-3770 CPU @ 3.40 GHz, Ram 12.0

GB, System type: 64 bit operating system.

 

I also have a Dell Dimension 8200, Seagate Barracuda 7200 HD, 160GB with XP SP3 with Spywareblaster

Avast and Windows Firewall.

 

I contracted malware (Pup.Optional) when treying to download AdwCleaner but selcted the big green 

arrowinstead of the small blue print(bleepingcomputer). Since I also did this on the 8200 both computers

are infected. 

 

At present, this is the situation on the 8500:

 

 

I have a Dell XPS 8500, with Windows 7 Professional, SP1,
with Spywareblaster,  SuperAntiSpyware, Avast, and Windows
firewall.

(1) TB HD
Intel ®  Core i7-33-3770 CPU @ 3.40 GHz 3.40 GHz
Ram 12.0 GB
System type : 64-bit operating system


I also have a Dell Dimension 8200(Seagate  Barracuda 7200 HD 160Gb)
with XP, SP3, with Spywareblaster, Avast, and Windows firewall.

I contracted malware (Pup.Optional) when trying to download
AdwCleaner and selected the big green arrow instead of the
small blue print(Bleeping computer).  Since I also did this on
the 8200 both computers are infected.


At present this is the situation on the 8500:

 I went into my Administrators Account and
ran a full system scan with malwarebytes
which came up clean. I then ran a full scan
with Avast which also came up clean.

I updated my Spywareblaster

I then ran a full scan with SuperAntispyware
which gave me this:

Browser extensions (3)

We-Care.com Reminder
Great Arcade Hits
Tidy Network

Applications (1)

Severe Weather Alerts

Threats found

memory 0
registry 0
file items 3

cdn.tremormedia.com
objects.tremormedia.com
www.naiadsystems.com

I checked the add/remove programs again and
I couldn't find any of them. I deleted Severe

Weather Alerts previously and also Great
Arcade Hits so why are they still showing up?

I ran a full system scan with AdwCleaner which
came up clean.

I tried running Junk Removal Tool but as soon as
I started it, it disappeared.

 

I've tried to create a Kaspersky rescue disk which

said it was successful then a moment later it gave me

a message that it may not have correctly installed.

I've tried this numerous times.

Also, there is a slight sound every time the computer

connects online which was not there before.

 

 

In most respects the 8500 'appears' normal except for

the sound when connecting and Severe Weather Alerts

and Great Arcade Hits which I already deleted but they

keep showing up. I've looked on the add/remove programs

but they aren't there.
 

 

At present on the 8200:

The icons on the desktop which I setup for single click do
not respond and I have to open them by right clicking.

 

Windows updates does not open when I click it. Also

every time I logon it says my computer is at risk and

the firewall is turned off then it resets itself.

I tried downloading/installing SuperAntiSpware and it
gave me this:

Install Error- Error creating shorcuts, aborting installation.  
The only thing I did was deselect Google Crome as my
default browser and search engine.

I then tried to install malwarebytes (www.malwarebytes.org/mwb-download/
by uninstalling it first; after I uninstalled it on the
add/remove programs it asked to restart the computer
then it gave me this:

Run-time error '339':
component 'vbalsgrid6.ocx' or one of its dependencies not
correctly registed: a file is missing or invalid.

After trying to install it gave me this:

CoCreateInstance failed, code0x80040154.
Class not registered. I click ok and I can see the Creating shortuts URL
change each time I click ok (5 times). Then it goes to the finish box.  

When I try and update  Spywareblaster it gives me this:

Error: Access violation at 0x73483F5A (tried to read from 0x00000014),
program terminated. Last CP is 'RF'.
 
I ran a Avast full system scan which came up clean.

 
Thoughts/suggestions?
Robert

 

Link to post
Share on other sites

Welcome to the forum. This is for the first computer.

Please run a Quick Scan with Malwarebytes and post the log:
Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.
Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.
Make sure that everything is checked, and click Remove Selected.

---------------------

Then please start HERE
Post back the 2 logs here.....DDS.txt and Attach.txt (DDS won't run on W8)
(please don't put logs in code or quotes and use the default font)

(Please don't forget to run the RogueKiller scan below)

General Forum P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.
Failure to remove such software will result in your topic being closed and no further assistance being provided.


<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.


Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes and use the default font)
MrC


Note:
Please read all of my instructions completely including these.

Make sure system restore is turned on and running, please create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly


Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive


<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.


<+>The removal of malware isn't instantaneous, please be patient.


<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs


<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.


------->Your topic will be closed if you haven't replied within 3 days!<--------
(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

Hello Mr. C,

 

 

Thank you for helping me; I hope I did this right.

 

I ran the malwarebytes scans but not sure if I'm posting

this as you described.

 

 

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2014.02.19.13

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 11.0.9600.16518

Rob :: DRAGON [limited]

 

2/20/2014 7:48:41 PM

mbam-log-2014-02-20 (19-48-41).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 204762

Time elapsed: 1 minute(s), 12 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

 

this is the second scan:

 

 

 Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2014.02.19.13

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 11.0.9600.16518

Rob :: DRAGON [limited]

 

2/20/2014 7:36:35 PM

mbam-log-2014-02-20 (19-36-35).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 204766

Time elapsed: 3 minute(s), 25 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

Here's the DDS:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 11.0.9600.16518

Run by Rpbert at 20:00:54 on 2014-02-20

.

============== Running Processes ================

.

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe

C:\Windows\SysWOW64\TBCTRAY.EXE

C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe

C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe

C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe

C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit = userinit.exe,

BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -

BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll

BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60

mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

mRun: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe

mRun: [TraySantaCruz] C:\Windows\SysWOW64\TBCTRAY.EXE

mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe

mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui

mRun: [HOSTS Anti-Adware_PUPs] C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

.

INFO: HKLM has more than 50 listed domains.

   If you wish to scan all of them, select the 'Force scan all domains' option.

.

TCP: NameServer = 192.168.1.1 4.2.2.2

TCP: Interfaces\{49EEFE91-4D6F-472D-AD54-4C2952835FD6} : DHCPNameServer = 192.168.1.1 4.2.2.2

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -

x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s

x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX4

x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"

x64-Run: [AthBtTray] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe"

.

INFO: x64-HKLM has more than 50 listed domains.

   If you wish to scan all of them, select the 'Force scan all domains' option.

.

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

Hosts: 127.0.0.1           www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Rpbert\AppData\Roaming\Mozilla\Firefox\Profiles\v99252y8.default\

FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll

.

============= SERVICES / DRIVERS ===============

.

R? AfaService;Afa Card Reader Service

R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86

R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64

 

 

Here's the Attach:

 

IE2K

Intel® Control Center

Intel® Management Engine Components

Intel® Rapid Storage Technology

Intel® USB 3.0 eXtensible Host Controller Driver

Intel® Trusted Connect Service Client

Junk Mail filter update

Malwarebytes Anti-Malware version 1.75.0.1300

Microsoft .NET Framework 4.5.1

Microsoft Application Error Reporting

Microsoft Mouse and Keyboard Center

Microsoft Office

Microsoft Office XP Small Business

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319

Movie Maker

Mozilla Firefox 27.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MSVCRT110

MSVCRT110_amd64

Multimedia Card Reader

My Dell

NVIDIA 3D Vision Driver 320.78

NVIDIA Control Panel 320.78

NVIDIA Graphics Driver 320.78

NVIDIA HD Audio Driver 1.3.18.0

NVIDIA Install Application

NVIDIA Optimus 1.14.17

NVIDIA PhysX

NVIDIA PhysX System Software 9.12.1031

NVIDIA Stereoscopic 3D Driver

NVIDIA Update 1.14.17

NVIDIA Update Components

Photo Common

Photo Gallery

PlayMemories Home

QualxServ Service Agreement

QuickTime

Realtek High Definition Audio Driver

Santa Cruz

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)

Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)

Skype™ 5.10

SpywareBlaster 5.0

SUPERAntiSpyware

swMSM

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mail

Windows Live MIME IFilter

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

.

==== End Of File ===========================

 

 

I don't know what peer top peer means but I uninstalled all my Adobe programs prior to running Rogue Killer. I scanned with Rogue Killer and it found this:

 

 

Here's the Rogue Killer report:

 

 

RogueKiller V8.8.8 _x64_ [Feb 19 2014] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://forum.adlice.com

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://www.adlice.com

 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Rpbert [Admin rights]

Mode : Scan -- Date : 02/20/2014 20:12:57

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 3 ¤¤¤

[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Scheduled tasks : 0 ¤¤¤

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Browser Addons : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection :  ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

127.0.0.1         www.007guard.com

127.0.0.1         007guard.com

127.0.0.1         008i.com

127.0.0.1         www.008k.com

127.0.0.1         008k.com

127.0.0.1         www.00hq.com

127.0.0.1         00hq.com

127.0.0.1         010402.com

127.0.0.1         www.032439.com

127.0.0.1         032439.com

127.0.0.1         www.0scan.com

127.0.0.1         0scan.com

127.0.0.1         1000gratisproben.com

127.0.0.1         www.1000gratisproben.com

127.0.0.1         1001namen.com

127.0.0.1         www.1001namen.com

127.0.0.1         100888290cs.com

127.0.0.1         www.100888290cs.com

127.0.0.1         www.100sexlinks.com

127.0.0.1         100sexlinks.com

[...]

 

 

¤¤¤ MBR Check: ¤¤¤

 

 

Created a new system restore point. I'm glad you pointed out not

to do anything after the Rogue cleaner scan because it did find smothing.

 

Robert

Link to post
Share on other sites

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Hello MrC

 

I disabled all my anti-virus and anti-maleware programs although I was told that I didn't

need to disable my malwarebytes because its the free version. I clicked on your link you

gave for downloading Combofix but it doesn't have the bleeping computer download buttons.

 

Robert

Link to post
Share on other sites

Hello Mr. C

 

 

I hope i did this correctly,

 

I disabled all my antimalware and Anti-virus programs and followed

your link and ran ComboFix but when it finished it left me in the

Administrators Account whereas I had been on my User Account.

(The 8500 allows me to type in my Administrators Account password

so that I can perform Adminstrator functions on my User Account).

 

In any case, on my Administrator Account desktop it now has

a Rogue Killer icon and also the Attach, DDS, and RK report files.

Should I delete all of these?

 

 

Here is the ComboFix report:

 

ComboFix 14-02-20.01 - Rpbert 02/22/2014  14:35:07.1.8 - x64
Running from: c:\users\Rob\AppData\Local\Temp\Temp1_ComboFix.zip\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\html
c:\windows\SysWow64\images
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2014-01-22 to 2014-02-22  )))))))))))))))))))))))))))))))
.
.
2014-02-21 23:02 . 2014-02-06 09:01    10536864    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{1CE26EA2-40A5-4D8E-8DA1-DDAE8985B2E6}\mpengine.dll
2014-02-21 04:36 . 2014-02-21 04:36    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-21 04:36 . 2014-02-21 04:36    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-17 01:54 . 2014-02-20 04:22    --------    d-----w-    C:\AdwCleaner
2014-02-12 06:12 . 2013-12-06 02:30    1882112    ----a-w-    c:\windows\system32\msxml3.dll
2014-02-12 06:12 . 2013-12-06 02:02    1237504    ----a-w-    c:\windows\SysWow64\msxml3.dll
2014-02-11 04:14 . 2014-02-11 04:14    --------    d-----w-    c:\users\Rpbert\AppData\Roaming\SUPERAntiSpyware.com
2014-02-05 19:06 . 2014-02-05 19:06    --------    d-----w-    c:\users\Rob\AppData\Roaming\SUPERAntiSpyware.com
2014-02-05 19:05 . 2014-02-05 19:06    --------    d-----w-    c:\program files\SUPERAntiSpyware
2014-02-05 19:05 . 2014-02-05 19:05    --------    d-----w-    c:\programdata\SUPERAntiSpyware.com
2014-02-03 02:34 . 2014-02-03 02:34    --------    d-----w-    c:\users\Rpbert\AppData\Roaming\Malwarebytes
2014-02-03 02:33 . 2014-02-03 02:33    --------    d-----w-    c:\programdata\Malwarebytes
2014-02-03 02:33 . 2014-02-03 02:33    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2014-02-03 02:33 . 2013-04-04 22:50    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-16 02:10 . 2013-12-31 09:22    80184    ----a-w-    c:\windows\system32\drivers\aswstm.sys
2014-02-16 02:10 . 2013-05-20 00:32    421704    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2014-02-16 02:10 . 2013-05-20 00:32    1038072    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2014-02-16 02:10 . 2013-05-20 00:32    78648    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2014-02-16 02:10 . 2013-05-20 00:32    334136    ----a-w-    c:\windows\system32\aswBoot.exe
2014-02-16 02:10 . 2013-05-20 00:32    43152    ----a-w-    c:\windows\avastSS.scr
2014-02-13 07:58 . 2013-05-18 03:13    88567024    ----a-w-    c:\windows\system32\MRT.exe
2013-12-31 09:22 . 2013-05-20 00:32    207904    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2013-12-18 14:13 . 2010-11-21 03:27    270496    ------w-    c:\windows\system32\MpSigStub.exe
2013-12-04 05:34 . 2013-05-20 00:32    65776    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2013-12-04 05:34 . 2013-05-20 00:32    92544    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2013-11-27 01:42 . 2014-01-15 12:41    343040    ----a-w-    c:\windows\system32\drivers\usbhub.sys
2013-11-27 01:42 . 2014-01-15 12:41    99840    ----a-w-    c:\windows\system32\drivers\usbccgp.sys
2013-11-27 01:42 . 2014-01-15 12:41    325120    ----a-w-    c:\windows\system32\drivers\usbport.sys
2013-11-27 01:42 . 2014-01-15 12:41    53248    ----a-w-    c:\windows\system32\drivers\usbehci.sys
2013-11-27 01:42 . 2014-01-15 12:41    25600    ----a-w-    c:\windows\system32\drivers\usbohci.sys
2013-11-27 01:42 . 2014-01-15 12:41    30720    ----a-w-    c:\windows\system32\drivers\usbuhci.sys
2013-11-27 01:42 . 2014-01-15 12:41    7808    ----a-w-    c:\windows\system32\drivers\usbd.sys
2013-11-26 11:40 . 2014-01-15 12:41    376768    ----a-w-    c:\windows\system32\drivers\netio.sys
2013-11-26 10:32 . 2014-01-15 12:41    3156480    ----a-w-    c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-05-21 291648]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-03-10 237568]
"TraySantaCruz"="c:\windows\SysWOW64\TBCTRAY.EXE" [2001-07-16 262144]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2013-04-24 740888]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-02-16 3767096]
"HOSTS Anti-Adware_PUPs"="c:\program files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe" [2014-01-12 302961]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"20131224"="c:\program files\AVAST Software\Avast\setup\emupdate\a1c04aba-03bc-4b6b-9c5c-03a66c95d8e1.exe" [2014-02-21 181136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 AfaService;Afa Card Reader Service;c:\windows\system32\afasrv64.exe;c:\windows\SYSNATIVE\afasrv64.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HOSTS Anti-PUPs;HOSTS Anti-PUPs;c:\program files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe;c:\program files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe [x]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys;c:\windows\SYSNATIVE\DRIVERS\netvsc60.sys [x]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys;c:\windows\SYSNATIVE\drivers\nvstusb.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys;c:\windows\SYSNATIVE\DRIVERS\VMBusVideoM.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [x]
S2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [x]
S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-21 04:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-02-16 02:10    287280    ----a-w-    c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-12-23 6457960]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-16 1156712]
"AtherosBtStack"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" [2012-03-09 1021056]
"AthBtTray"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe" [2012-03-09 800896]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 4.2.2.2
FF - ProfilePath - c:\users\Rpbert\AppData\Roaming\Mozilla\Firefox\Profiles\v99252y8.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,38,12,3a,25,4d,
   8a,1f,e3,d1,0d,d3,3b,92,3f,05,d7,c9,12
"{82E1477C-B154-48D3-9891-33D83C26BCD3}"=hex:51,66,7a,6c,4c,1d,38,12,12,44,f2,
   86,66,ff,bd,0d,e7,87,70,98,39,78,f8,c7
"{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}"=hex:51,66,7a,6c,4c,1d,38,12,15,21,99,
   35,ad,10,d3,00,f6,8f,3c,cf,15,94,08,e1
"{3178A392-8963-471E-B7A2-969CB58D6496}"=hex:51,66,7a,6c,4c,1d,38,12,fc,a0,6b,
   35,51,c7,70,02,c8,b4,d5,dc,b0,d3,20,82
"{7DB2D5A0-7241-4E79-B68D-6309F01C5231}"=hex:51,66,7a,6c,4c,1d,38,12,ce,d6,a1,
   79,73,3c,17,0b,c9,9b,20,49,f5,42,16,25
"{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}"=hex:51,66,7a,6c,4c,1d,38,12,aa,f5,03,
   89,33,40,ba,0e,f9,17,52,ec,1a,81,c5,32
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}"=hex:51,66,7a,6c,4c,1d,38,12,33,9a,b5,
   a3,d3,20,bf,0a,dd,4e,0a,79,58,05,bd,88
"{C1AF5FA5-852C-4C90-812E-A7F75E011D87}"=hex:51,66,7a,6c,4c,1d,38,12,cb,5c,bc,
   c5,1e,cb,fe,09,fe,38,e4,b7,5b,5f,59,93
"{D0C21091-FF8E-432C-9006-0540E81BA9D7}"=hex:51,66,7a,6c,4c,1d,38,12,ff,13,d1,
   d4,bc,b1,42,06,ef,10,46,00,ed,45,ed,c3
"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,
   f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1f,6b,94,d1,1d,b4,cc,45,9b,d2,94,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1f,6b,94,d1,1d,b4,cc,45,9b,d2,94,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-02-22  14:39:47
ComboFix-quarantined-files.txt  2014-02-22 22:39
.
Pre-Run: 888,279,150,592 bytes free
Post-Run: 888,143,585,280 bytes free
.
- - End Of File - - 9B2E5215487D25DF341930E5B256B444
 

 

Robert

Link to post
Share on other sites

I don't know what peer top peer means but I uninstalled all my Adobe programs prior to running Rogue Killer.

Why did you do this??

 

----------------------------------

In any case, on my Administrator Account desktop it now has
a Rogue Killer icon and also the Attach, DDS, and RK report files.
Should I delete all of these?


No, we'll clean up all the tools and logs when we're done.
(This was in my initial instructions to you)

------------------------------------------

You were instructed to run ComboFix from your desktop:

Running from: c:\users\Rob\AppData\Local\Temp\Temp1_ComboFix.zip\ComboFix.exe

----------------------------------------

What problems remain on this computer???

Please do this:

Please download Farbar Recovery Scan Tool (FRST) and save it to a folder.
(use correct version for your system.....Which system am I using?)
FRST <----for 32 bit systems
FRST64 <----for 64 bit systems

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.
reply1.jpg

New window that comes up.
replyer1.jpg

MrC

Link to post
Share on other sites

Thank you for finally posting Robert.

 

I am glad you capitulated on posting and you can see, Mr.C. replied in approx. 7 hours.  Not like another forum where you had mentioned it took ~2 weeks for a reply.

 

Please note that PUP.Optional is a not a malware detection.  Just a possibly PITA application.

 

Once it is determined that there is no malware, forum personnel can help you with the Visual Basic related issue, that you described January 30th, that blocked the use of Malwarebytes Anti-Malware.

 

Link to post
Share on other sites

Hello Mr. C,

 

I uninstalled Adobe because it was mentioned in the instructions

and I didn't want to take a chance.

 

I did run ComboFix from my desktop, all programs were closed

and I disabled all my anti-virus and anti-malware before doing so

and I followed the link you gave me.

 

There was a moment  when I thought it wasn't working and so I

started to open up Firefox again to re-run it but closed it immediately

when I saw that  ComboFix was running.

 

Remaining problems on the 8500 are the Rogue Killer and SuperAntiSpyware

detect threats but you instructed me not to do anything so I didn't.

 

I downloaded FRST64 but it didn't give an option to save to a folder

but it seemed to run correctly.

 

I tried using the attach files option but couldn't find the files. I'm

sorry if they are a bit long.

 

Robert

 

Here's the Addition report:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-02-2014 02
Ran by Rob at 2014-02-23 16:11:23
Running from C:\Users\Rob\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.126 - Atheros)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2013 - Avast Software)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{4B3230C5-F069-416B-9169-1B84A216ED6A}) (Version: 2.5.1400.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Picture Studio - Image Expert 2000 (HKLM-x32\...\InstallShield_{538D98C6-CFC9-4BD3-B373-653B7A382CE8}) (Version: 3.3.0 - Jasc Software Inc)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Dell Inc.)
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
IE2K (x32 Version: 3.3.0 - Jasc Software Inc) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.1.1399 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{538B98C3-773F-4F20-9C66-802D104DCBE2}) (Version: 1.23.219.2 - Intel Corporation)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Mouse and Keyboard Center (Version: 2.1.177.0 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office XP Small Business (HKLM-x32\...\{91130409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Multimedia Card Reader (HKLM-x32\...\InstallShield_{41068A8C-3F30-46B6-978A-EA692F28D1AF}) (Version: 1.7.915.93 - Fitipower)
Multimedia Card Reader (x32 Version: 1.7.915.93 - Fitipower) Hidden
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.3.6280.92 - PC-Doctor, Inc.)
NVIDIA 3D Vision Driver 320.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 320.78 - NVIDIA Corporation)
NVIDIA Control Panel 320.78 (Version: 320.78 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 320.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.78 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.124.810 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.14.17 (Version: 1.14.17 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2078 - NVIDIA Corporation) Hidden
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.14.17 - NVIDIA Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PlayMemories Home (HKLM-x32\...\{0657DE52-8F5C-4073-B70C-ED4F3F7FA076}) (Version: 7.0.03.04240 - Sony Corporation)
QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
QuickTime (HKLM-x32\...\QuickTime) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6537 - Realtek Semiconductor Corp.)
Santa Cruz (HKLM-x32\...\{A4D58580-EA01-11D3-9318-008048B86EFE}) (Version:  - )
Skype™ 5.10 (HKLM-x32\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.10.116 - Skype Technologies S.A.)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

2009-07-13 18:34 - 2014-02-23 15:28 - 00117897 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 08sr.combineads.info # hosts anti-adware / pups
127.0.0.1 08srvr.combineads.info # hosts anti-adware / pups
127.0.0.1 12srvr.combineads.info # hosts anti-adware / pups
127.0.0.1 2010-fr.com # hosts anti-adware / pups
127.0.0.1 2012-new.biz # hosts anti-adware / pups
127.0.0.1 212link.com # hosts anti-adware / pups
127.0.0.1 2319825.ourtoolbar.com # hosts anti-adware / pups
127.0.0.1 24h00business.com # hosts anti-adware / pups
127.0.0.1 a.adorika.net # hosts anti-adware / pups
127.0.0.1 a.ad-sys.com # hosts anti-adware / pups
127.0.0.1 a.daasafterdusk.com # hosts anti-adware / pups
127.0.0.1 ad.adn360.com # hosts anti-adware / pups
127.0.0.1 adeartss.eu # hosts anti-adware / pups
127.0.0.1 adesoeasy.eu # hosts anti-adware / pups
127.0.0.1 adf.girldatesforfree.net # hosts anti-adware / pups
127.0.0.1 adm.soft365.com # hosts anti-adware / pups
127.0.0.1 adomicileavail.googlepages.com # hosts anti-adware / pups
127.0.0.1 ads7.complexadveising.com # hosts anti-adware / pups
127.0.0.1 ads.adplxmd.com # hosts anti-adware / pups
127.0.0.1 ads.aff.co # hosts anti-adware / pups
127.0.0.1 ads.alpha00001.com # hosts anti-adware / pups
127.0.0.1 ads.cloud4ads.com # hosts anti-adware / pups
127.0.0.1 ads.egdating.net # hosts anti-adware / pups
127.0.0.1 ads.eorezo.com # hosts anti-adware / pups
127.0.0.1 ads.hooqy.com # hosts anti-adware / pups
127.0.0.1 ads.pornerbros.com # hosts anti-adware / pups
127.0.0.1 ads.realken.com # hosts anti-adware / pups
127.0.0.1 ads.regiedepub.com # hosts anti-adware / pups
127.0.0.1 ads.sucomspot.com # hosts anti-adware / pups

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?

==================== Loaded Modules (whitelisted) =============

2014-01-12 12:00 - 2014-01-12 12:00 - 00302961 _____ () C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/23/2014 04:00:41 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Dell Digital Delivery -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2738. The arguments are: , ,

Error: (02/23/2014 04:00:31 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Dell Digital Delivery -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2738. The arguments are: , ,

Error: (02/23/2014 04:00:20 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Dell Digital Delivery -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2738. The arguments are: , ,

Error: (02/23/2014 04:00:09 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Dell Digital Delivery -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2738. The arguments are: , ,

Error: (02/23/2014 03:59:59 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Dell Digital Delivery -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2738. The arguments are: , ,

Error: (02/23/2014 03:59:50 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Dell Digital Delivery -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2738. The arguments are: , ,

Error: (02/23/2014 03:59:40 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Dell Digital Delivery -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2738. The arguments are: , ,

Error: (02/23/2014 03:59:30 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Dell Digital Delivery -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2738. The arguments are: , ,

Error: (02/23/2014 03:59:20 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Dell Digital Delivery -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2738. The arguments are: , ,

Error: (02/23/2014 03:59:08 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Dell Digital Delivery -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2738. The arguments are: , ,


System errors:
=============
Error: (02/23/2014 04:00:41 PM) (Source: Service Control Manager) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 170 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (02/23/2014 04:00:31 PM) (Source: Service Control Manager) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 169 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (02/23/2014 04:00:20 PM) (Source: Service Control Manager) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 168 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (02/23/2014 04:00:09 PM) (Source: Service Control Manager) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 167 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (02/23/2014 03:59:59 PM) (Source: Service Control Manager) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 166 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (02/23/2014 03:59:50 PM) (Source: Service Control Manager) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 165 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (02/23/2014 03:59:40 PM) (Source: Service Control Manager) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 164 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (02/23/2014 03:59:30 PM) (Source: Service Control Manager) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 163 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (02/23/2014 03:59:20 PM) (Source: Service Control Manager) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 162 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (02/23/2014 03:59:08 PM) (Source: Service Control Manager) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 161 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================

 

 

Here's the FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-02-2014 02
Ran by Rob (ATTENTION: The logged in user is not administrator) on DRAGON on 23-02-2014 16:11:06
Running from C:\Users\Rob\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
(Voyetra Turtle Beach, Inc.) C:\Windows\SysWOW64\TBCTRAY.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
(Jasc Software) C:\Program Files (x86)\Jasc Software Inc\Image Expert 2000\ImageX.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6457960 2011-12-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [1021056 2012-03-08] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe [800896 2012-03-08] (Atheros Commnucations)
HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [uSB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [shwiconXP9106] - C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)
HKLM-x32\...\Run: [TraySantaCruz] - C:\Windows\SysWOW64\TBCTRAY.EXE [262144 2001-07-16] (Voyetra Turtle Beach, Inc.)
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [740888 2013-04-24] (Sony Corporation)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-15] (AVAST Software)
HKLM-x32\...\Run: [HOSTS Anti-Adware_PUPs] - C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe [302961 2014-01-12] ()
HKLM-x32\...\RunOnce: [20131224] - C:\Program Files\AVAST Software\Avast\setup\emupdate\a1c04aba-03bc-4b6b-9c5c-03a66c95d8e1.exe /check [181136 2014-02-21] (AVAST Software)
HKU\S-1-5-21-2734843464-3045831453-4019266870-1009\...\Run: [sUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-01-06] (SUPERAntiSpyware)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,204,0_0,StartPage,20140103,20029,0,85,6944
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2465} URL = http://isearch.fantastigames.com/web?src=ieb&gct=ds&appid=107&systemid=465&q={searchTerms}
SearchScopes: HKLM - {00A7EEA3-AB7F-475E-A1ED-1AFD84C460DF} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDCJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2465} URL = http://isearch.fantastigames.com/web?src=ieb&gct=ds&appid=107&systemid=465&q={searchTerms}
SearchScopes: HKLM-x32 - {00A7EEA3-AB7F-475E-A1ED-1AFD84C460DF} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDCJS
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2465} URL = http://isearch.fantastigames.com/web?src=ieb&gct=ds&appid=107&systemid=465&q={searchTerms}
SearchScopes: HKCU - {40AB4DA4-831D-4DE2-A372-98D12FB9C3F6} URL = http://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20140103,20028,0,85,0
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20130425182813.dll No File
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20130425182813.dll No File
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 4.2.2.2

FireFox:
========
FF ProfilePath: C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\idw3zyyd.default-1392875494305
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-05-19]

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (No Name) - C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\abpgpfeejjkdgbegcmbbiimbefakonej [2014-01-12]
CHR Extension: (Google Docs) - C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-06]
CHR Extension: (Google Drive) - C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-06]
CHR Extension: (YouTube) - C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-06]
CHR Extension: (Google Search) - C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-06]
CHR Extension: (Yahoo! Toolbar for Chrome) - C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\eihhgekonheiliaidomffpplfhecmkag [2014-01-12]
CHR Extension: (avast! Online Security) - C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-06]
CHR Extension: (Google Wallet) - C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-06]
CHR Extension: (Gmail) - C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-06]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-12-03]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-15] (AVAST Software)
S2 HOSTS Anti-PUPs; C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe [285795 2014-01-12] ()
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [483864 2013-04-24] (Sony Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [159360 2012-03-08] (Atheros)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-03-28] (Atheros)
S2 AfaService; C:\Windows\system32\afasrv64.exe [X]
S2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [X]

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-02-15] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-12-03] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-12-03] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-02-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-02-15] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-02-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2013-12-31] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 OMCI; \SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-23 16:11 - 2014-02-23 16:11 - 00014079 _____ () C:\Users\Rob\Downloads\FRST.txt
2014-02-23 16:09 - 2014-02-23 16:11 - 00000000 ____D () C:\FRST
2014-02-23 16:06 - 2014-02-23 16:07 - 02155520 _____ (Farbar) C:\Users\Rob\Downloads\FRST64.exe
2014-02-23 15:28 - 2014-02-23 15:28 - 00000000 ___RD () C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-02-22 14:39 - 2014-02-22 14:39 - 00016371 _____ () C:\ComboFix.txt
2014-02-22 14:33 - 2011-06-25 22:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-02-22 14:33 - 2010-11-07 09:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-02-22 14:33 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-02-22 14:33 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-02-22 14:33 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-02-22 14:33 - 2000-08-30 16:00 - 00098816 _____ () C:\Windows\sed.exe
2014-02-22 14:33 - 2000-08-30 16:00 - 00080412 _____ () C:\Windows\grep.exe
2014-02-22 14:33 - 2000-08-30 16:00 - 00068096 _____ () C:\Windows\zip.exe
2014-02-22 14:32 - 2014-02-22 14:39 - 00000000 ____D () C:\Qoobox
2014-02-22 14:31 - 2014-02-22 14:38 - 00000000 ____D () C:\Windows\erdnt
2014-02-20 20:36 - 2014-02-23 02:21 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-20 20:36 - 2014-02-20 20:36 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-20 20:36 - 2014-02-20 20:36 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-20 20:09 - 2014-02-20 20:09 - 04413952 _____ () C:\Users\Rob\Downloads\RogueKillerX64.exe
2014-02-20 20:00 - 2014-02-20 20:00 - 00688992 ____R (Swearware) C:\Users\Rob\Downloads\dds.scr
2014-02-17 13:19 - 2014-02-17 13:20 - 01037530 _____ (Thisisu) C:\Users\Rob\Downloads\JRT.exe
2014-02-16 17:54 - 2014-02-19 20:22 - 00000000 ____D () C:\AdwCleaner
2014-02-16 17:54 - 2014-02-16 17:54 - 01166132 _____ () C:\Users\Rob\Downloads\AdwCleaner(7).exe
2014-02-16 17:21 - 2014-02-16 17:21 - 00387584 _____ () C:\Users\Rob\Downloads\rescue2usb(7).exe
2014-02-16 17:00 - 2014-02-16 17:09 - 395554816 _____ () C:\Users\Rob\Downloads\kav_rescue_10(6).iso
2014-02-16 14:48 - 2014-02-16 14:48 - 00387584 _____ () C:\Users\Rob\Downloads\rescue2usb(6).exe
2014-02-16 14:38 - 2014-02-16 14:48 - 395980800 _____ () C:\Users\Rob\Downloads\kav_rescue_10(5).iso
2014-02-14 16:24 - 2014-02-14 16:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-12 00:20 - 2014-02-06 04:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 00:20 - 2014-02-06 03:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 00:20 - 2014-02-06 03:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-12 00:20 - 2014-02-06 03:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 00:20 - 2014-02-06 03:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 00:20 - 2014-02-06 03:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-12 00:20 - 2014-02-06 02:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 00:20 - 2014-02-06 02:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 00:20 - 2014-02-06 02:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 00:20 - 2014-02-06 02:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 00:20 - 2014-02-06 02:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-12 00:20 - 2014-02-06 02:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-12 00:20 - 2014-02-06 02:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-12 00:20 - 2014-02-06 02:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 00:20 - 2014-02-06 02:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-12 00:20 - 2014-02-06 02:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-12 00:20 - 2014-02-06 02:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 00:20 - 2014-02-06 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-12 00:20 - 2014-02-06 02:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-12 00:20 - 2014-02-06 01:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-12 00:20 - 2014-02-06 01:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 00:20 - 2014-02-06 01:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-12 00:20 - 2014-02-06 01:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-12 00:20 - 2014-02-06 01:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 00:20 - 2014-02-06 01:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-12 00:20 - 2014-02-06 01:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-12 00:20 - 2014-02-06 01:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-12 00:20 - 2014-02-06 01:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-12 00:20 - 2014-02-06 01:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-12 00:20 - 2014-02-06 01:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 00:20 - 2014-02-06 01:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 00:20 - 2014-02-06 01:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-12 00:20 - 2014-02-06 01:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-12 00:20 - 2014-02-06 01:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-12 00:20 - 2014-02-06 00:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 00:20 - 2014-02-06 00:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-12 00:20 - 2014-02-06 00:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-12 00:20 - 2014-02-06 00:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-12 00:20 - 2014-02-06 00:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-12 00:20 - 2013-12-21 01:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 00:20 - 2013-12-21 00:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-11 22:12 - 2013-12-31 15:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-11 22:12 - 2013-12-31 15:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-11 22:12 - 2013-12-05 18:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-11 22:12 - 2013-12-05 18:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-11 22:11 - 2013-12-24 15:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-11 22:11 - 2013-12-24 14:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-11 22:11 - 2013-12-05 18:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-11 22:11 - 2013-12-05 18:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-11 22:11 - 2013-12-03 18:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-11 22:11 - 2013-12-03 18:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-11 22:11 - 2013-12-03 18:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-11 22:11 - 2013-12-03 18:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-11 22:11 - 2013-12-03 18:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-11 22:11 - 2013-12-03 18:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-11 22:11 - 2013-12-03 18:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-11 22:11 - 2013-12-03 18:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-11 22:11 - 2013-12-03 18:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-11 22:11 - 2013-12-03 18:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-11 22:11 - 2013-12-03 18:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-11 22:11 - 2013-12-03 18:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-11 22:11 - 2013-12-03 18:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-11 22:11 - 2013-12-03 18:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-11 22:11 - 2013-12-03 17:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-11 22:11 - 2013-12-03 17:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-11 22:11 - 2013-12-03 17:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-11 22:11 - 2013-12-03 17:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-11 22:11 - 2013-11-26 15:29 - 05693440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-02-11 22:11 - 2013-11-26 14:49 - 06573056 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-02-11 22:11 - 2013-11-26 00:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-11 22:11 - 2013-11-22 14:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-10 20:14 - 2014-02-10 20:14 - 00000000 ____D () C:\Users\Rpbert\AppData\Roaming\SUPERAntiSpyware.com
2014-02-08 00:50 - 2014-02-08 00:54 - 00000000 ____D () C:\Users\Rob\Documents\temp - Nikon FM2
2014-02-06 13:36 - 2014-02-06 13:36 - 00387584 _____ () C:\Users\Rob\Downloads\rescue2usb(5).exe
2014-02-06 13:26 - 2014-02-06 13:35 - 397291520 _____ () C:\Users\Rob\Downloads\kav_rescue_10(4).iso
2014-02-06 11:48 - 2014-02-16 17:59 - 00000000 ____D () C:\Users\Rob\Documents\temp - computer screen shots
2014-02-06 11:43 - 2014-02-06 11:43 - 00387584 _____ () C:\Users\Rob\Downloads\rescue2usb(4).exe
2014-02-06 11:29 - 2014-02-06 11:38 - 397291520 _____ () C:\Users\Rob\Downloads\kav_rescue_10(3).iso
2014-02-05 11:06 - 2014-02-05 11:06 - 00000000 ____D () C:\Users\Rob\AppData\Roaming\SUPERAntiSpyware.com
2014-02-05 11:05 - 2014-02-05 11:06 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-02-05 11:05 - 2014-02-05 11:05 - 00001810 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2014-02-05 11:05 - 2014-02-05 11:05 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-02-05 11:04 - 2014-02-05 11:04 - 17832344 _____ (SUPERAntiSpyware) C:\Users\Rob\Downloads\SUPERAntiSpyware.exe
2014-02-04 12:15 - 2014-02-04 12:15 - 01166132 _____ () C:\Users\Rob\Downloads\AdwCleaner(6).exe
2014-02-02 18:34 - 2014-02-02 18:34 - 00000000 ____D () C:\Users\Rpbert\AppData\Roaming\Malwarebytes
2014-02-02 18:33 - 2014-02-02 18:33 - 00001115 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-02 18:33 - 2014-02-02 18:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-02 18:33 - 2014-02-02 18:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-02 18:33 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-02 18:32 - 2014-02-02 18:33 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Rob\Downloads\mbam-setup-1.75.0.1300(3).exe
2014-02-02 18:28 - 2014-02-02 18:28 - 00080456 _____ (Malwarebytes Corporation) C:\Users\Rob\Downloads\mbam-clean-1.60.2.0003.exe
2014-02-02 18:09 - 2014-02-02 18:10 - 00387584 _____ () C:\Users\Rob\Downloads\rescue2usb(3).exe
2014-02-02 17:46 - 2014-02-02 18:09 - 397082624 _____ () C:\Users\Rob\Downloads\kav_rescue_10(2).iso
2014-02-01 23:20 - 2014-02-01 23:20 - 00387584 _____ () C:\Users\Rob\Downloads\rescue2usb(2).exe
2014-02-01 23:04 - 2014-02-01 23:20 - 396972032 _____ () C:\Users\Rob\Downloads\kav_rescue_10(1).iso
2014-02-01 10:41 - 2014-02-01 10:41 - 01166132 _____ () C:\Users\Rob\Downloads\AdwCleaner(5).exe
2014-01-29 18:23 - 2014-01-29 18:23 - 01166132 _____ () C:\Users\Rob\Downloads\AdwCleaner(3).exe
2014-01-24 20:31 - 2014-02-08 00:42 - 00000000 ____D () C:\Users\Rob\Documents\To Greg
2014-01-24 19:43 - 2014-01-25 19:53 - 00000000 ____D () C:\Users\Rob\Documents\Greg's photo's
2014-01-24 19:42 - 2014-01-24 19:42 - 01496304 _____ () C:\Users\Rob\Downloads\Nikon.zip

==================== One Month Modified Files and Folders =======

2014-02-23 16:11 - 2014-02-23 16:11 - 00014079 _____ () C:\Users\Rob\Downloads\FRST.txt
2014-02-23 16:11 - 2014-02-23 16:09 - 00000000 ____D () C:\FRST
2014-02-23 16:07 - 2014-02-23 16:06 - 02155520 _____ (Farbar) C:\Users\Rob\Downloads\FRST64.exe
2014-02-23 15:56 - 2013-05-23 21:41 - 00000000 ____D () C:\Users\Rob\Documents\Sasieni
2014-02-23 15:36 - 2009-07-13 20:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-23 15:36 - 2009-07-13 20:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-23 15:34 - 2009-07-13 21:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-23 15:32 - 2013-11-19 15:29 - 01705128 _____ () C:\Windows\WindowsUpdate.log
2014-02-23 15:28 - 2014-02-23 15:28 - 00000000 ___RD () C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-02-23 15:28 - 2013-12-30 14:02 - 00014168 _____ () C:\Windows\setupact.log
2014-02-23 15:28 - 2013-04-25 16:56 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-23 15:28 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-23 02:21 - 2014-02-20 20:36 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-23 00:27 - 2013-06-02 19:19 - 00000000 ____D () C:\Users\Rob\Documents\computer instructions
2014-02-23 00:27 - 2013-05-23 21:39 - 00000000 ____D () C:\Users\Rob\Documents\Pipe Ads
2014-02-22 16:34 - 2013-05-23 22:26 - 00000000 ____D () C:\Users\Rob\Documents\files
2014-02-22 15:16 - 2013-12-31 01:23 - 00127662 _____ () C:\Windows\PFRO.log
2014-02-22 15:01 - 2013-05-19 16:48 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-02-22 14:39 - 2014-02-22 14:39 - 00016371 _____ () C:\ComboFix.txt
2014-02-22 14:39 - 2014-02-22 14:32 - 00000000 ____D () C:\Qoobox
2014-02-22 14:39 - 2009-07-13 19:20 - 00000000 __RHD () C:\Users\Default
2014-02-22 14:38 - 2014-02-22 14:31 - 00000000 ____D () C:\Windows\erdnt
2014-02-22 14:38 - 2009-07-13 18:34 - 00000215 _____ () C:\Windows\system.ini
2014-02-21 17:09 - 2013-05-23 21:11 - 00000000 ____D () C:\Users\Rob\Documents\#188
2014-02-21 17:01 - 2013-05-20 07:25 - 00000000 ____D () C:\Users\Rob
2014-02-20 20:36 - 2014-02-20 20:36 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-20 20:36 - 2014-02-20 20:36 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-20 20:09 - 2014-02-20 20:09 - 04413952 _____ () C:\Users\Rob\Downloads\RogueKillerX64.exe
2014-02-20 20:00 - 2014-02-20 20:00 - 00688992 ____R (Swearware) C:\Users\Rob\Downloads\dds.scr
2014-02-20 19:58 - 2013-07-20 09:49 - 00000000 ____D () C:\ProgramData\Adobe
2014-02-19 20:22 - 2014-02-16 17:54 - 00000000 ____D () C:\AdwCleaner
2014-02-18 19:52 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-02-18 05:28 - 2013-05-23 21:42 - 00000000 ____D () C:\Users\Rob\Documents\Sasieni pipes
2014-02-17 13:20 - 2014-02-17 13:19 - 01037530 _____ (Thisisu) C:\Users\Rob\Downloads\JRT.exe
2014-02-16 17:59 - 2014-02-06 11:48 - 00000000 ____D () C:\Users\Rob\Documents\temp - computer screen shots
2014-02-16 17:54 - 2014-02-16 17:54 - 01166132 _____ () C:\Users\Rob\Downloads\AdwCleaner(7).exe
2014-02-16 17:23 - 2014-01-12 06:31 - 00000000 ____D () C:\Users\Rob\Downloads\Kaspersky Rescue2Usb
2014-02-16 17:21 - 2014-02-16 17:21 - 00387584 _____ () C:\Users\Rob\Downloads\rescue2usb(7).exe
2014-02-16 17:09 - 2014-02-16 17:00 - 395554816 _____ () C:\Users\Rob\Downloads\kav_rescue_10(6).iso
2014-02-16 14:52 - 2013-05-17 18:41 - 00000000 ____D () C:\Users\Rpbert
2014-02-16 14:48 - 2014-02-16 14:48 - 00387584 _____ () C:\Users\Rob\Downloads\rescue2usb(6).exe
2014-02-16 14:48 - 2014-02-16 14:38 - 395980800 _____ () C:\Users\Rob\Downloads\kav_rescue_10(5).iso
2014-02-16 14:35 - 2013-12-15 14:19 - 00000000 ____D () C:\Users\Rob\Documents\Dell 8500
2014-02-16 14:35 - 2013-11-30 18:57 - 00000000 ____D () C:\Users\Rob\Documents\Dell 8200
2014-02-15 18:11 - 2013-12-03 21:34 - 00001968 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-02-15 18:10 - 2013-12-31 01:22 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-02-15 18:10 - 2013-05-19 16:32 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-02-15 18:10 - 2013-05-19 16:32 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-02-15 18:10 - 2013-05-19 16:32 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-02-15 18:10 - 2013-05-19 16:32 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-02-15 18:10 - 2013-05-19 16:32 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-02-15 14:07 - 2013-05-19 17:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-14 16:24 - 2014-02-14 16:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-12 23:59 - 2013-07-16 01:47 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-12 23:58 - 2013-05-17 19:13 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-12 00:21 - 2011-02-10 06:33 - 00776846 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-12 00:03 - 2013-05-23 21:16 - 00000000 ____D () C:\Users\Rob\Documents\Art
2014-02-10 20:14 - 2014-02-10 20:14 - 00000000 ____D () C:\Users\Rpbert\AppData\Roaming\SUPERAntiSpyware.com
2014-02-09 00:38 - 2013-06-18 13:44 - 00000000 ____D () C:\Users\Rob\AppData\Local\CrashDumps
2014-02-08 00:54 - 2014-02-08 00:50 - 00000000 ____D () C:\Users\Rob\Documents\temp - Nikon FM2
2014-02-08 00:42 - 2014-01-24 20:31 - 00000000 ____D () C:\Users\Rob\Documents\To Greg
2014-02-08 00:42 - 2013-05-23 21:33 - 00000000 ____D () C:\Users\Rob\Documents\My Portfolio
2014-02-08 00:36 - 2013-05-23 22:16 - 00000000 ____D () C:\Users\Rob\Documents\Movies
2014-02-06 13:36 - 2014-02-06 13:36 - 00387584 _____ () C:\Users\Rob\Downloads\rescue2usb(5).exe
2014-02-06 13:35 - 2014-02-06 13:26 - 397291520 _____ () C:\Users\Rob\Downloads\kav_rescue_10(4).iso
2014-02-06 11:43 - 2014-02-06 11:43 - 00387584 _____ () C:\Users\Rob\Downloads\rescue2usb(4).exe
2014-02-06 11:38 - 2014-02-06 11:29 - 397291520 _____ () C:\Users\Rob\Downloads\kav_rescue_10(3).iso
2014-02-06 04:16 - 2014-02-12 00:20 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 03:30 - 2014-02-12 00:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 03:30 - 2014-02-12 00:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 03:12 - 2014-02-12 00:20 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 03:07 - 2014-02-12 00:20 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 03:06 - 2014-02-12 00:20 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 02:57 - 2014-02-12 00:20 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 02:56 - 2014-02-12 00:20 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 02:52 - 2014-02-12 00:20 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 02:49 - 2014-02-12 00:20 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 02:48 - 2014-02-12 00:20 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 02:48 - 2014-02-12 00:20 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 02:38 - 2014-02-12 00:20 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 02:32 - 2014-02-12 00:20 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 02:20 - 2014-02-12 00:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 02:17 - 2014-02-12 00:20 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 02:11 - 2014-02-12 00:20 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 02:01 - 2014-02-12 00:20 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 02:00 - 2014-02-12 00:20 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 01:57 - 2014-02-12 00:20 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 01:57 - 2014-02-12 00:20 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 01:52 - 2014-02-12 00:20 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 01:52 - 2014-02-12 00:20 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 01:50 - 2014-02-12 00:20 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 01:49 - 2014-02-12 00:20 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 01:47 - 2014-02-12 00:20 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 01:46 - 2014-02-12 00:20 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 01:25 - 2014-02-12 00:20 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 01:25 - 2014-02-12 00:20 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 01:24 - 2014-02-12 00:20 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 01:22 - 2014-02-12 00:20 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 01:13 - 2014-02-12 00:20 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 01:09 - 2014-02-12 00:20 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 01:03 - 2014-02-12 00:20 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 00:55 - 2014-02-12 00:20 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 00:41 - 2014-02-12 00:20 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 00:40 - 2014-02-12 00:20 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 00:36 - 2014-02-12 00:20 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 00:34 - 2014-02-12 00:20 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-05 11:08 - 2013-12-31 01:23 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-05 11:06 - 2014-02-05 11:06 - 00000000 ____D () C:\Users\Rob\AppData\Roaming\SUPERAntiSpyware.com
2014-02-05 11:06 - 2014-02-05 11:05 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-02-05 11:05 - 2014-02-05 11:05 - 00001810 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2014-02-05 11:05 - 2014-02-05 11:05 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-02-05 11:04 - 2014-02-05 11:04 - 17832344 _____ (SUPERAntiSpyware) C:\Users\Rob\Downloads\SUPERAntiSpyware.exe
2014-02-04 12:15 - 2014-02-04 12:15 - 01166132 _____ () C:\Users\Rob\Downloads\AdwCleaner(6).exe
2014-02-02 18:34 - 2014-02-02 18:34 - 00000000 ____D () C:\Users\Rpbert\AppData\Roaming\Malwarebytes
2014-02-02 18:33 - 2014-02-02 18:33 - 00001115 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-02 18:33 - 2014-02-02 18:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-02 18:33 - 2014-02-02 18:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-02 18:33 - 2014-02-02 18:32 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Rob\Downloads\mbam-setup-1.75.0.1300(3).exe
2014-02-02 18:28 - 2014-02-02 18:28 - 00080456 _____ (Malwarebytes Corporation) C:\Users\Rob\Downloads\mbam-clean-1.60.2.0003.exe
2014-02-02 18:10 - 2014-02-02 18:09 - 00387584 _____ () C:\Users\Rob\Downloads\rescue2usb(3).exe
2014-02-02 18:09 - 2014-02-02 17:46 - 397082624 _____ () C:\Users\Rob\Downloads\kav_rescue_10(2).iso
2014-02-01 23:20 - 2014-02-01 23:20 - 00387584 _____ () C:\Users\Rob\Downloads\rescue2usb(2).exe
2014-02-01 23:20 - 2014-02-01 23:04 - 396972032 _____ () C:\Users\Rob\Downloads\kav_rescue_10(1).iso
2014-02-01 10:41 - 2014-02-01 10:41 - 01166132 _____ () C:\Users\Rob\Downloads\AdwCleaner(5).exe
2014-01-30 11:36 - 2009-07-13 21:08 - 00032578 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-29 18:23 - 2014-01-29 18:23 - 01166132 _____ () C:\Users\Rob\Downloads\AdwCleaner(3).exe
2014-01-25 19:53 - 2014-01-24 19:43 - 00000000 ____D () C:\Users\Rob\Documents\Greg's photo's
2014-01-24 19:42 - 2014-01-24 19:42 - 01496304 _____ () C:\Users\Rob\Downloads\Nikon.zip

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

Link to post
Share on other sites

Remaining problems on the 8500 are the Rogue Killer and SuperAntiSpyware
detect threats but you instructed me not to do anything so I didn't.


No threats are detected by RogueKiller
If SAS found threats, let it quarantine or delete them. (most likely cookies)

-------------------------------------


Clean out temp files: (may require a reboot)
Download TFC from here and save it to your desktop.
http://oldtimer.geekstogo.com/TFC.exe
Close any open programs and Internet browsers.
Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
Please be patient as clearing out temp files may take a while.
Once it completes you may be prompted to restart your computer, please do so.
Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

Then..........

Download the attached fixlist.txt to the same folder as FRST.
Run FRST.exe and click Fix only once and wait
The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

Then......


Lets clean out any adware/spyware now: (this will require a reboot so save all your work)

Please download AdwCleaner from HERE or HERE to your desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

Hello Mr. C,

 

The thing is, with SuperAntiSpyware the same items kept showing up and those

on Rogue Killer are the first time I've seen those where I could delete but didn't as

per your instructions.

 

I ran the TFC but it did not require me to re-boot. Here's the report:

 

Getting user folders.

 

Stopping running processes.

 

Emptying Temp folders.

 

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Guest

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 128 bytes

->FireFox cache emptied: 18172002 bytes

 

User: Public

->Temp folder emptied: 0 bytes

 

User: Rob

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 5311696 bytes

->FireFox cache emptied: 365817725 bytes

->Google Chrome cache emptied: 10214869 bytes

->Flash cache emptied: 16836 bytes

 

User: Rpbert

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 9245984 bytes

->FireFox cache emptied: 33180240 bytes

->Google Chrome cache emptied: 6160225 bytes

->Flash cache emptied: 871 bytes

 

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 519599739 bytes

%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 7978846 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42392384 bytes

 

Emptying RecycleBin. Do not interrupt.

 

RecycleBin emptied: 0 bytes

Process complete!

 

Total Files Cleaned = 971.00 mb

 

I ran AdwCleaner but it did not say Pending that I saw. The only difference I saw

was that under the Firefox tab there were (3) entries whereas there had been (2) the rest

appeared clean. So I selected the Firefox tab and cleaned it after the scan and rebooted. The logfile did not open automatically afterwards. I tried this again just to make sure

but it still did not generate a automatic report.

 

Here's the AdwCleaner report:

 

# AdwCleaner v3.019 - Report created 24/02/2014 at 19:50:21

# Updated 17/02/2014 by Xplode

# Operating System : Windows 7 Professional Service Pack 1 (64 bits)

# Username : Rpbert - DRAGON

# Running from : C:\Users\Rob\Downloads\AdwCleaner(8).exe

# Option : Scan

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.16518

 

 

-\\ Mozilla Firefox v27.0.1 (en-US)

 

[ File : C:\Users\Rpbert\AppData\Roaming\Mozilla\Firefox\Profiles\v99252y8.default\prefs.js ]

 

 

[ File : C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\esbha4fm.default\prefs.js ]

 

 

[ File : C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\idw3zyyd.default-1392875494305\prefs.js ]

 

 

-\\ Google Chrome v

 

[ File : C:\Users\Rpbert\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

[ File : C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R23].txt - [1072 octets] - [16/02/2014 17:56:19]

AdwCleaner[R24].txt - [1197 octets] - [19/02/2014 20:21:01]

AdwCleaner[R25].txt - [1428 octets] - [24/02/2014 19:36:58]

AdwCleaner[R26].txt - [1227 octets] - [24/02/2014 19:50:21]

AdwCleaner[s23].txt - [1135 octets] - [16/02/2014 18:24:01]

AdwCleaner[s24].txt - [1260 octets] - [19/02/2014 20:22:05]

AdwCleaner[s25].txt - [1490 octets] - [24/02/2014 19:37:48]

 

########## EOF - \AdwCleaner\AdwCleaner[R26].txt - [1471 octets] ##########

 

 

 

 

This is a report from the malwarebytes scan:

 

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2014.02.19.13

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 11.0.9600.16518

Rob :: DRAGON [limited]

 

2/24/2014 8:02:06 PM

mbam-log-2014-02-24 (20-02-06).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 193862

Time elapsed: 1 minute(s), 51 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

 

 

I noticed a sound when connecting online much like when turning a speaker on/off and thought I

rectified this when I reset Firefox in an earlier attempt to deal with issues I was having but now its

returned. Other than that and the fact that AdwCleaner did not generate an automatic report it

seems to be working ok.

 

Of course,  I have more serious issues with the 8200.

 

 

Robert

Link to post
Share on other sites

Hello Mr. C,

 

I was rereading your instructions when I realized I missed this step. So

I went back and attempted it.

 

Download the attached fixlist.txt to the same folder as FRST.
Run FRST.exe and click Fix only once and wait
The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

 

Here's the Fixlog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-02-2014 01
Ran by Rob at 2014-02-24 20:36:14 Run:1
Running from C:\Users\Rob\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20130425182813.dll No File
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20130425182813.dll No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Error deleting key
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231} => Error deleting key
HKCR\CLSID\{7DB2D5A0-7241-4E79-B68D-6309F01C5231} => Error deleting key
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231} => Error deleting key
HKCR\Wow6432Node\CLSID\{7DB2D5A0-7241-4E79-B68D-6309F01C5231} => Error deleting key
HKLM\SOFTWARE\Policies\Google => Error deleting key

==== End of Fixlog ====

 

Robert

Link to post
Share on other sites

OK......

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

Hello Mr. C,

 

Before proceeding,

 

At present on the 8500,

 

After running AdwCleaner the sound returned whenever the computer

connects online. As I said, I resolved this when I reset Firefox. Also,

for some reason my Hotmail logon page had shrunken so that I could

barely read it and resetting Firefox corrected it. Now it is small again

and I don't know how it happened?

 

 

All was normal, and I had logged out of Hotmail and needed to log

back in but when I did it was shrunken again!

 

I appreciate all your time and effort in helping me and I would like to donate

but I'm disabled and living on a very marginal  fixed income.

 

Robert

Link to post
Share on other sites

Hello Mr. C,

 

I didn't see an option to saving the Security Check to my

desktop? Instead it opened Administrator Security Check

and so I ran it.

 

Here's the Security Check report:

 

 

Results of screen317's Security Check version 0.99.79 

 Windows 7 Service Pack 1 x64 (UAC is enabled) 

 Internet Explorer 11 

``````````````Antivirus/Firewall Check:``````````````

 Windows Firewall Enabled! 

 WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

 SpywareBlaster 5.0   

 Malwarebytes Anti-Malware version 1.75.0.1300 

  Adobe Flash Player 12.0.0.70 Flash Player out of Date! 

 Mozilla Firefox (27.0.1)

````````Process Check: objlist.exe by Laurent```````` 

 AVAST Software Avast AvastSvc.exe 

 AVAST Software Avast AvastUI.exe 

`````````````````System Health check`````````````````

 Total Fragmentation on Drive C: 1%

````````````````````End of Log``````````````````````

 

 

Robert

Link to post
Share on other sites

I replied above yours.

---------------------------------------------------

The scan results look OK, ignore the warning about Flash, you have the correct version.

----------------------------------------------------

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter. (it may look like CF is re-installing but it's not)

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

Please download OTC to your desktop. (This will clean up most of the tools and logs)

http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")

Click on the CleanUp! button and follow the prompts.

(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)

You will be asked to reboot the machine to finish the Cleanup process, choose Yes.

After the reboot all the tools we used should be gone.

Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete. (right click.....Delete)

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:

If you used FRST and can't delete the quarantine folder:

Download the fixlist.txt to the same folder as FRST.exe.

Run FRST.exe and click Fix only once and wait

That will delete the quarantine folder created by FRST.

The rest you can manually delete.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again. (PM also found HERE)

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Hello Mr. C,

 

I tried copy/ pasting ComboFix /uninstall but it gave me this:

 

Windows cannot find 'ComboFix'. Make sure you typed the

name correctly, and then try again. I did. I then tried to find

the ComboFix file. I tried using the uninstaller link and it

gave me this.

 

Can't find script engine 'VBScript' for script

"c:\Users\Rob\AppData\Local\Temp\Done.vbs".

 

I downloaded/installed OTC and ran it and it finished very

quickly which surprised me and didn't show anything. It

rebooted automatically.

 

I'm not quite understanding this:

 

 

If you used FRST and can't delete the quarantine folder:
Download the fixlist.txt to the same folder as FRST.exe.
Run FRST.exe and click Fix only once and wait
That will delete the quarantine folder created by FRST.
The rest you can manually delete.
 

I did use FRST, but where do I find the quarantine log?

 

You have been of great help in giving your time and

and effort and excellent instructions in helping resolve this

issue and I appreciate it very much.

 

Many Thanks,

 

Robert

Link to post
Share on other sites

ComboFix is not on your desktop, you ran it from a temp folder:

Running from: c:\users\Rob\AppData\Local\Temp\Temp1_ComboFix.zip\ComboFix.exe

Move ComboFix to your desktop (or download it to your desktop) and try it again

 

------------------------

The quarantine folder is located here: C:\FRST

Delete that folder. C:\FRST

If you can't delete the FRST folder:

Note:

If you used FRST and can't delete the quarantine folder:

Download the fixlist.txt to the same folder as FRST.exe.

Run FRST.exe and click Fix only once and wait

That will delete the quarantine folder created by FRST.

The rest you can manually delete.

 

MrC

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.