Jump to content

Can't Install Malwarebytes (Error 183)


Recommended Posts

Malwarebytes refused to run, so I uninstalled it using mmab-clean (which itself was a hassle, having to deal with rewritten permissions and "error 5"), then attempted to reinstall it in Safe Mode, only to be greeted by "Error 183: Cannot create a new file when that file exists" on multiple filed, such as rules.ref and actions.ref. The culprit seems to be "load32.exe", from what I can tell, but I don't know how to remove it. I've attached my Combofix log. Thank you for your time and assistance.

ComboFix.txt

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Run Combofix one more time as follows....

 

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the Codebox below into it:

File::C:\315load32.exec:\programdata\load32.exeRegLock::[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon][HKEY_USERS\S-1-5-21-1701587152-3951579498-3246996213-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]Registry::[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]"shell"="explorer.exe,"[HKEY_USERS\S-1-5-21-1701587152-3951579498-3246996213-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]"shell"="explorer.exe,"

Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe

CF3.jpg

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Post those logs in next reply...

 

Kevin

Link to post
Share on other sites

Whoops, here's the content of FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-04-2014
Ran by Matt (administrator) on MATT-PC on 24-04-2014 02:00:28
Running from C:\Users\Matt\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version:
Download link for 64-Bit Version:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
() C:\Windows\system32\AppleOSSMgr.exe
(Apple Inc.) C:\Windows\system32\AppleTimeSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Paltiosoft Inc.) C:\Program Files (x86)\SoftDenchi\UCManSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Apple Inc.) C:\Program Files\Boot Camp\Bootcamp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Apple_KbdMgr] => C:\Program Files\Boot Camp\Bootcamp.exe [746336 2013-09-10] (Apple Inc.)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [Language bar] => "ctfmon"="CTFMON.EXE"
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-1701587152-3951579498-3246996213-1000\...\Run: [GoogleChromeAutoLaunch_952AA941B71FA68F2EFC80A225B9EE63] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [859464 2014-03-01] (Google Inc.)
Startup: C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Matt\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE72C39FF52D5CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.42.1
 
FireFox:
========
FF ProfilePath: C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\t34g7ha4.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: wacom.com/WacomTabletPlugin - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Extension: Rikaichan Japanese-English Dictionary File - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\t34g7ha4.default\Extensions\rikaichan-jpen@polarcloud.com [2013-11-17]
FF Extension: Rikaichan - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\t34g7ha4.default\Extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82} [2013-11-04]
FF Extension: Adblock Plus - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\t34g7ha4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-30]
 
Chrome: 
=======
CHR StartupUrls: "startup_urls_migration_time": "13034591674078457"
CHR Extension: (Google Docs) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-30]
CHR Extension: (Google Drive) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-30]
CHR Extension: (Missing e) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjbagclppcgdbpobcpoojdjdmcjhpid [2013-10-30]
CHR Extension: (YouTube) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-30]
CHR Extension: (Chromoji - Emoji for Google Chrome™) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\cahedbegdkagmcjfolhdlechbkeaieki [2014-02-26]
CHR Extension: (Adblock Plus) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-10-30]
CHR Extension: (Google Search) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-30]
CHR Extension: (Lookup Companion for Wikipedia) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhgpkiiipkgmckicafkhcihkcldbdeej [2013-10-30]
CHR Extension: (Search YouTube) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekiijecongnkbcikpkkoalboflbhoiap [2013-10-30]
CHR Extension: (Amazon Search) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\enmmhdbooodmkdndokhkjjgnbejjbmbf [2013-10-30]
CHR Extension: (Cloud Reader) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2013-10-30]
CHR Extension: (Forecastfox) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihffmkcfkejomlfnilnmkokcpgclhfeg [2013-10-30]
CHR Extension: (rikaikun) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipdnfibhldikgcjhfnomkfpcebammhp [2013-10-30]
CHR Extension: (Google Wallet) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-30]
CHR Extension: (Checker Plus for Gmail™) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj [2013-10-30]
CHR Extension: (WordReference Extension) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofnmflhedfocnfnoafgcojkllnmdipoj [2013-10-30]
CHR Extension: (Gmail) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-30]
CHR Extension: (RSS Feed Reader) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp [2013-10-30]
 
==================== Services (Whitelisted) =================
 
R2 AppleOSSMgr; C:\Windows\system32\AppleOSSMgr.exe [226144 2013-09-10] ()
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3645456 2014-04-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.)
R2 UCManSvc; C:\Program Files (x86)\SoftDenchi\UCManSvc.exe [186512 2012-11-01] (Paltiosoft Inc.)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [635160 2014-04-03] (Wacom Technology, Corp.)
 
==================== Drivers (Whitelisted) ====================
 
R3 applebmt; C:\Windows\System32\DRIVERS\applebmt.sys [52736 2011-06-17] (Apple Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [237336 2014-04-18] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192792 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [236824 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [324376 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130840 2014-03-31] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [32536 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-03-31] (AVG Technologies CZ, s.r.o.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-09] (Intel Corporation)
R3 RzSynapse; C:\Windows\System32\DRIVERS\RzSynapse.sys [124928 2010-11-10] (Razer USA Ltd)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2013-11-05] (Duplex Secure Ltd.)
U3 aaps7vq5; C:\Windows\System32\Drivers\aaps7vq5.sys [0 ] (Advanced Micro Devices)
S3 catchme; \??\C:\test.exe\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-24 01:55 - 2014-04-24 02:00 - 00013864 _____ () C:\Users\Matt\Desktop\FRST.txt
2014-04-24 01:53 - 2014-04-24 01:53 - 00018201 _____ () C:\ComboFix.txt
2014-04-23 21:17 - 2014-04-23 21:17 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\AVG2014
2014-04-23 21:16 - 2014-04-23 21:17 - 00000000 ____D () C:\ProgramData\AVG2014
2014-04-23 21:16 - 2014-04-23 21:16 - 00000973 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-04-23 21:16 - 2014-04-23 21:16 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\TuneUp Software
2014-04-23 21:16 - 2014-04-23 21:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-04-23 21:16 - 2014-04-23 21:16 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-04-23 21:16 - 2014-04-23 21:16 - 00000000 ____D () C:\$AVG
2014-04-23 21:14 - 2014-04-23 21:20 - 00000000 ____D () C:\Users\Matt\AppData\Local\Avg2014
2014-04-23 21:14 - 2014-04-23 21:19 - 00000000 ____D () C:\ProgramData\MFAData
2014-04-23 21:14 - 2014-04-23 21:14 - 00000000 ____D () C:\Users\Matt\AppData\Local\MFAData
2014-04-23 19:08 - 2014-04-23 23:54 - 00018013 _____ () C:\Windows\WindowsUpdate.log
2014-04-23 19:05 - 2014-04-24 06:50 - 00000112 _____ () C:\Windows\setupact.log
2014-04-23 19:05 - 2014-04-23 19:05 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-23 19:00 - 2014-04-24 01:53 - 00000000 ____D () C:\Qoobox
2014-04-23 19:00 - 2014-04-23 19:08 - 00000000 ____D () C:\Windows\erdnt
2014-04-23 19:00 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-23 19:00 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-23 19:00 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-23 19:00 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-23 19:00 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-23 19:00 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-23 19:00 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-23 19:00 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-23 18:58 - 2014-04-23 18:59 - 05196870 ____R (Swearware) C:\Users\Matt\Desktop\test.exe.exe
2014-04-23 18:48 - 2014-04-24 02:00 - 00000000 ____D () C:\FRST
2014-04-23 18:48 - 2014-04-23 18:48 - 02061824 _____ (Farbar) C:\Users\Matt\Desktop\FRST64.exe
2014-04-23 18:40 - 2014-04-23 19:04 - 00010986 _____ () C:\Windows\PFRO.log
2014-04-23 18:23 - 2014-04-23 18:43 - 00003232 _____ () C:\Users\Matt\Desktop\Rkill.txt
2014-04-23 18:23 - 2014-04-23 18:23 - 03972608 _____ () C:\Users\Matt\Desktop\RogueKiller.exe
2014-04-23 18:21 - 2014-04-23 18:21 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Matt\Desktop\rkill.exe
2014-04-23 18:19 - 2014-04-23 18:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-23 18:02 - 2014-04-23 18:02 - 00315392 _____ (Malwarebytes Corporation) C:\Users\Matt\Desktop\mbam-clean-2.0.2.0 (1).exe
2014-04-23 17:22 - 2014-04-23 17:22 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Matt\Desktop\mapp.exe
2014-04-23 17:06 - 2014-04-23 17:06 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_silabser_01009.Wdf
2014-04-23 17:04 - 2014-04-23 17:04 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablet
2014-04-23 02:54 - 2014-04-23 02:54 - 00001190 _____ () C:\Users\Public\Desktop\Titanfall.lnk
2014-04-23 02:54 - 2014-04-23 02:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Titanfall
2014-04-22 21:23 - 2014-04-22 21:30 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-04-22 21:22 - 2014-04-22 21:30 - 00000000 ____D () C:\Users\Matt\AppData\Local\Origin
2014-04-22 21:22 - 2014-04-22 21:29 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\Origin
2014-04-22 21:20 - 2014-04-22 21:29 - 00000000 ____D () C:\ProgramData\Origin
2014-04-22 21:20 - 2014-04-22 21:29 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-04-22 21:20 - 2014-04-22 21:20 - 00000991 _____ () C:\Users\Public\Desktop\Origin.lnk
2014-04-22 21:20 - 2014-04-22 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-04-22 21:20 - 2014-04-22 21:20 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-04-22 19:35 - 2014-04-22 19:35 - 00000222 _____ () C:\Users\Matt\Desktop\DARK SOULS II.url
2014-04-22 05:45 - 2014-04-22 05:45 - 00000063 _____ () C:\Update.Microsoft.com.url
2014-04-22 03:44 - 2014-04-24 01:28 - 00000000 ____D () C:\Users\Matt\AppData\Local\RUWIN
2014-04-22 00:26 - 2014-04-22 00:26 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\RenPy
2014-04-21 23:07 - 2014-04-21 23:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-21 21:53 - 2014-02-06 18:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-04-21 21:53 - 2014-01-28 19:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-04-21 21:53 - 2014-01-28 19:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-04-21 21:51 - 2014-02-03 19:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-04-21 21:51 - 2014-02-03 19:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-04-18 15:01 - 2014-04-18 15:01 - 00237336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-03-31 16:20 - 2014-03-31 16:20 - 00274200 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-03-31 16:06 - 2014-03-31 16:06 - 00130840 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-03-27 22:14 - 2014-03-27 22:14 - 00192792 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2014-03-27 22:14 - 2014-03-27 22:14 - 00153368 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2014-03-27 22:07 - 2014-03-27 22:07 - 00236824 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2014-03-27 22:05 - 2014-03-27 22:05 - 00324376 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2014-03-27 22:03 - 2014-03-27 22:03 - 00032536 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
 
==================== One Month Modified Files and Folders =======
 
2014-04-24 06:50 - 2014-04-23 19:05 - 00000112 _____ () C:\Windows\setupact.log
2014-04-24 06:50 - 2013-10-30 02:25 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-24 02:00 - 2014-04-24 01:55 - 00013864 _____ () C:\Users\Matt\Desktop\FRST.txt
2014-04-24 02:00 - 2014-04-23 18:48 - 00000000 ____D () C:\FRST
2014-04-24 01:53 - 2014-04-24 01:53 - 00018201 _____ () C:\ComboFix.txt
2014-04-24 01:53 - 2014-04-23 19:00 - 00000000 ____D () C:\Qoobox
2014-04-24 01:52 - 2009-07-13 19:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-24 01:28 - 2014-04-22 03:44 - 00000000 ____D () C:\Users\Matt\AppData\Local\RUWIN
2014-04-24 00:02 - 2013-10-30 05:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-23 23:58 - 2009-07-13 21:45 - 00022080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-23 23:58 - 2009-07-13 21:45 - 00022080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-23 23:55 - 2009-07-13 22:13 - 00713888 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-23 23:54 - 2014-04-23 19:08 - 00018013 _____ () C:\Windows\WindowsUpdate.log
2014-04-23 23:53 - 2013-10-30 02:46 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\Dropbox
2014-04-23 23:52 - 2013-10-30 02:47 - 00000000 ___RD () C:\Users\Matt\Dropbox
2014-04-23 21:20 - 2014-04-23 21:14 - 00000000 ____D () C:\Users\Matt\AppData\Local\Avg2014
2014-04-23 21:19 - 2014-04-23 21:14 - 00000000 ____D () C:\ProgramData\MFAData
2014-04-23 21:17 - 2014-04-23 21:17 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\AVG2014
2014-04-23 21:17 - 2014-04-23 21:16 - 00000000 ____D () C:\ProgramData\AVG2014
2014-04-23 21:16 - 2014-04-23 21:16 - 00000973 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-04-23 21:16 - 2014-04-23 21:16 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\TuneUp Software
2014-04-23 21:16 - 2014-04-23 21:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-04-23 21:16 - 2014-04-23 21:16 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-04-23 21:16 - 2014-04-23 21:16 - 00000000 ____D () C:\$AVG
2014-04-23 21:14 - 2014-04-23 21:14 - 00000000 ____D () C:\Users\Matt\AppData\Local\MFAData
2014-04-23 20:17 - 2013-10-30 02:30 - 00000000 ___RD () C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-23 20:16 - 2013-10-30 03:05 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-04-23 19:09 - 2009-07-13 20:20 - 00000000 __RHD () C:\Users\Default
2014-04-23 19:08 - 2014-04-23 19:00 - 00000000 ____D () C:\Windows\erdnt
2014-04-23 19:05 - 2014-04-23 19:05 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-23 19:04 - 2014-04-23 18:40 - 00010986 _____ () C:\Windows\PFRO.log
2014-04-23 19:04 - 2013-12-02 13:04 - 45613056 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-04-23 19:04 - 2013-12-02 13:04 - 19136512 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-04-23 19:04 - 2009-07-13 19:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-04-23 19:04 - 2009-07-13 19:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-04-23 19:04 - 2009-07-13 19:34 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-04-23 19:03 - 2014-03-11 01:38 - 00000000 ____D () C:\NTKernel
2014-04-23 18:59 - 2014-04-23 18:58 - 05196870 ____R (Swearware) C:\Users\Matt\Desktop\test.exe.exe
2014-04-23 18:48 - 2014-04-23 18:48 - 02061824 _____ (Farbar) C:\Users\Matt\Desktop\FRST64.exe
2014-04-23 18:43 - 2014-04-23 18:23 - 00003232 _____ () C:\Users\Matt\Desktop\Rkill.txt
2014-04-23 18:23 - 2014-04-23 18:23 - 03972608 _____ () C:\Users\Matt\Desktop\RogueKiller.exe
2014-04-23 18:21 - 2014-04-23 18:21 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Matt\Desktop\rkill.exe
2014-04-23 18:19 - 2014-04-23 18:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-23 18:18 - 2013-10-30 22:39 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\uTorrent
2014-04-23 18:02 - 2014-04-23 18:02 - 00315392 _____ (Malwarebytes Corporation) C:\Users\Matt\Desktop\mbam-clean-2.0.2.0 (1).exe
2014-04-23 17:22 - 2014-04-23 17:22 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Matt\Desktop\mapp.exe
2014-04-23 17:08 - 2013-10-30 16:54 - 00000000 ____D () C:\ProgramData\69B6DBD2-8E05-476F-B662-CF8D235FD499
2014-04-23 17:06 - 2014-04-23 17:06 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_silabser_01009.Wdf
2014-04-23 17:04 - 2014-04-23 17:04 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablet
2014-04-23 17:04 - 2013-11-11 02:10 - 00000000 ____D () C:\Program Files\Tablet
2014-04-23 03:08 - 2013-11-11 02:10 - 00000000 ____D () C:\Program Files\TabletPlugins
2014-04-23 03:08 - 2013-11-11 02:10 - 00000000 ____D () C:\Program Files (x86)\TabletPlugins
2014-04-23 02:54 - 2014-04-23 02:54 - 00001190 _____ () C:\Users\Public\Desktop\Titanfall.lnk
2014-04-23 02:54 - 2014-04-23 02:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Titanfall
2014-04-23 02:53 - 2009-07-13 22:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-04-22 23:03 - 2013-10-30 19:44 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\vlc
2014-04-22 21:30 - 2014-04-22 21:23 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-04-22 21:30 - 2014-04-22 21:22 - 00000000 ____D () C:\Users\Matt\AppData\Local\Origin
2014-04-22 21:29 - 2014-04-22 21:22 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\Origin
2014-04-22 21:29 - 2014-04-22 21:20 - 00000000 ____D () C:\ProgramData\Origin
2014-04-22 21:29 - 2014-04-22 21:20 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-04-22 21:20 - 2014-04-22 21:20 - 00000991 _____ () C:\Users\Public\Desktop\Origin.lnk
2014-04-22 21:20 - 2014-04-22 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-04-22 21:20 - 2014-04-22 21:20 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-04-22 19:35 - 2014-04-22 19:35 - 00000222 _____ () C:\Users\Matt\Desktop\DARK SOULS II.url
2014-04-22 05:45 - 2014-04-22 05:45 - 00000063 _____ () C:\Update.Microsoft.com.url
2014-04-22 03:29 - 2009-07-13 21:45 - 00268712 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-22 03:27 - 2013-10-30 05:20 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-22 02:00 - 2013-10-30 22:47 - 00000000 ____D () C:\Program Files\PeerBlock
2014-04-22 00:26 - 2014-04-22 00:26 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\RenPy
2014-04-21 23:07 - 2014-04-21 23:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-18 15:01 - 2014-04-18 15:01 - 00237336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-04-03 16:55 - 2013-11-11 02:10 - 01946904 _____ (Wacom Technology, Corp.) C:\Windows\system32\WacomMT.dll
2014-04-03 16:55 - 2013-11-11 02:10 - 01929496 _____ (Wacom Technology, Corp.) C:\Windows\system32\Wacom_Tablet.dll
2014-04-03 16:55 - 2013-11-11 02:10 - 01922328 _____ (Wacom Technology, Corp.) C:\Windows\system32\Wacom_Touch_Tablet.dll
2014-04-03 16:55 - 2013-11-11 02:10 - 01796888 _____ (Wacom Technology, Corp.) C:\Windows\system32\Wintab32.dll
2014-04-03 16:55 - 2013-11-11 02:10 - 01563416 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wacom_Tablet.dll
2014-04-03 16:55 - 2013-11-11 02:10 - 01560344 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\WacomMT.dll
2014-04-03 16:55 - 2013-11-11 02:10 - 01556760 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wacom_Touch_Tablet.dll
2014-04-03 16:55 - 2013-11-11 02:10 - 01443096 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wintab32.dll
2014-03-31 16:20 - 2014-03-31 16:20 - 00274200 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-03-31 16:06 - 2014-03-31 16:06 - 00130840 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-03-31 09:35 - 2010-11-20 20:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-03-31 03:51 - 2013-10-30 05:20 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-27 22:14 - 2014-03-27 22:14 - 00192792 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2014-03-27 22:14 - 2014-03-27 22:14 - 00153368 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2014-03-27 22:07 - 2014-03-27 22:07 - 00236824 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2014-03-27 22:05 - 2014-03-27 22:05 - 00324376 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2014-03-27 22:03 - 2014-03-27 22:03 - 00032536 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
 
Files to move or delete:
====================
C:\NTKernel
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-01-12 03:30
 
==================== End Of Log ============================
Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Please download Malwarebytes Anti-Malware to your desktop.


Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
Launch Malwarebytes Anti-Malware
A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish.
On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

 

How to get logs:

(Export log to save as txt)

 


After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Export'.
Click 'Text file (*.txt)'
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named 'File Saved' should appear stating "Your file has been successfully exported".
Click Ok
Attach that saved log to your next reply.

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.


Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button.
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt.

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Let me see those logs in your next reply, also give an update on any remaining issues or concerns...

 

Thanks.

 

Kevin....

 

 

 

fixlist.txt

Link to post
Share on other sites

Malwarebytes still won't install, but here's the other logs you requested:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Matt on 04/24/2014 Thu at 15:23:33.69
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ FireFox
 
Emptied folder: C:\Users\Matt\AppData\Roaming\mozilla\firefox\profiles\t34g7ha4.default\minidumps [7 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04/24/2014 Thu at 15:28:38.11
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
# AdwCleaner v3.202 - Report created 24/04/2014 at 15:17:08
# Updated 23/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Matt - MATT-PC
# Running from : C:\Users\Matt\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16518
 
 
-\\ Mozilla Firefox v28.0 (en-US)
 
[ File : C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\t34g7ha4.default\prefs.js ]
 
 
-\\ Google Chrome v33.0.1750.146
 
[ File : C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [891 octets] - [24/04/2014 15:16:23]
AdwCleaner[s0].txt - [1490 octets] - [24/04/2014 15:17:08]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1550 octets] ##########
 
 

Fixlog.txt

Link to post
Share on other sites

download Portable Windows Repair (all in one) from one of the following:

 

http://www.tweaking.com/content/page/windows_repair_all_in_one.html

http://www.majorgeeks.com/Tweaking.com_-_Windows_Repair_Portable_d7222.html

http://www.bleepingcomputer.com/download/windows-repair-all-in-one-portable/

 

Unzip the contents into a newly created folder on your desktop.

 

Open the folder, run the tool by right click on Repair_Windows (icon with red briefcase) select "Run as Administrator"

 

 

Tweak1_zps10f67b3e.jpg

 

 

From the main GUI do the following:

 

 

Select Tab 3 and allow it to run SFC

 

 

Tweak3_zps64a1b448.jpg

 

 

Select Tab 4 and Create System Restore Point

 

 

Tweak4_zps98ef6707.jpg

 

 

Select Repairs tab => Click the Start

 

 

Tweak5_zps71b85f1c.jpg

 

 

The repairs window will open, Check the boxes as indicated, also the "Restart" options, then select Start...

 

 

Tweak9-1.png

 

 

DON'T use the computer while each scan is in progress.

 

Post the log, to access select "settings" tab > "open log folder" tab, log will be named _Windows_Repair_Log

 

Will Malwarebytes now install?

Link to post
Share on other sites

Excellent, good to hear all is well, we need to clean up before closing out...

 

Download and run this: http://download.bleepingcomputer.com/sUBs/CF_UNINST.EXE that should remove Combofix...

 

Next,

 

Download "Delfix by Xplode" and save it to your desktop.

 

"Delfix link mirror"

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 

 

  •  

       

  • Activate UAC

     

       

  • Remove disinfection tools

     

       

  • Create registry backup

     

       

  • Purge System Restore

     

       

  • Reset system settings

     

     

 

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Part of the routine will be to create a registry back up with ERUNT,  the back up will be created here:

C:\Windows\ERUNT

 

When all is known to be well with your system you can delete that back up folder if you consider it as not needed...

 

Finally,

 

Read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

When complete let me know and we`ll close out...

 

Thanks,

 

Kevin.... :)

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.