[RESOLVED] Attempting to get rid of mypc backup as well as other ?viruses? on a laptop - Page 2
Page 2 of 4 FirstFirst 1234 LastLast
Results 16 to 30 of 52

Thread: [RESOLVED] Attempting to get rid of mypc backup as well as other ?viruses? on a laptop

  1. #16
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.



    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.



    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"


    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode


    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.



    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

  2. #17
    Join Date
    Dec 2013
    Location
    Wisconsin
    Posts
    35
    So before downloading combofix should i create another restore point?

  3. #18
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    If you followed my previous instructions and you created new restore point before running MBAR then no.

  4. #19
    Join Date
    Dec 2013
    Location
    Wisconsin
    Posts
    35
    I am having trouble stopping webroot and it is not one of the antivirus programs on the list but when i doubleclicked on combo it popped up and told me to stop webroot. No matter where i search i cant seem to figure out how to turn off protection.

  5. #20
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Which AV programs did you uninstall?
    Which one is left?

  6. #21
    Join Date
    Dec 2013
    Location
    Wisconsin
    Posts
    35
    MSE and norton are uninstalled webroot remains

  7. #22
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    http://www.bleepingcomputer.com/foru...8#entry2660366
    If you did just that and Combofix still complains run it anyway.

  8. #23
    Join Date
    Dec 2013
    Location
    Wisconsin
    Posts
    35
    I think that webroot was updated because i turn on the ability to turn it off manually but in the tray the right click options are "view status,help and support, scan now, check for updates, control active processes, and save a scan log" There is no option to shut down webroot. I have over 100 days on the subcription so it would be foolish to uninstall.

  9. #24
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550

  10. #25
    Join Date
    Dec 2013
    Location
    Wisconsin
    Posts
    35

  11. #26
    Join Date
    Dec 2013
    Location
    Wisconsin
    Posts
    35
    the webroot fix worked i feel stupid! but now the second time i ran combofix this error came up.

  12. #27
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Delete your Combofix file, download fresh one and try again.
    If same error click on "Ignore".

  13. #28
    Join Date
    Dec 2013
    Location
    Wisconsin
    Posts
    35
    ComboFix 13-12-17.02 - michelle 12/17/2013 19:07:58.1.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3691.2312 [GMT -6:00]
    Running from: c:\users\michelle\Downloads\ComboFix.exe
    AV: Webroot SecureAnywhere *Disabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}
    SP: Webroot SecureAnywhere *Disabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\Smiley Bar for Facebook\ScRIpthost.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-11-18 to 2013-12-18 )))))))))))))))))))))))))))))))
    .
    .
    2013-12-18 01:21 . 2013-12-18 01:21 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-12-18 01:15 . 2013-12-18 01:15 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CB892BCD-B8B1-48A9-949A-AF6EFBD61FE6}\offreg.dll
    2013-12-17 22:04 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CB892BCD-B8B1-48A9-949A-AF6EFBD61FE6}\mpengine.dll
    2013-12-17 03:56 . 2013-12-17 04:55 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
    2013-12-17 03:54 . 2013-12-17 03:54 89304 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2013-12-17 03:45 . 2013-12-17 03:45 68864 ----a-w- c:\windows\system32\drivers\stream.sys.bak
    2013-12-17 03:44 . 2013-12-17 03:44 334208 ----a-w- c:\windows\system32\drivers\acpi.sys.bak
    2013-12-17 03:44 . 2013-12-17 03:44 229888 ----a-w- c:\windows\system32\drivers\1394ohci.sys.bak
    2013-12-17 03:44 . 2013-12-17 03:44 68096 ----a-w- c:\windows\system32\drivers\1394bus.sys.bak
    2013-12-16 02:54 . 2013-12-16 02:54 -------- d-----w- c:\users\michelle\AppData\Roaming\Malwarebytes
    2013-12-16 02:53 . 2013-12-16 02:53 -------- d-----w- c:\programdata\Malwarebytes
    2013-12-16 02:52 . 2013-12-16 02:53 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2013-12-16 02:52 . 2013-04-04 20:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-12-14 04:37 . 2013-12-14 04:40 -------- d-----w- C:\GOG Games
    2013-12-14 04:13 . 2013-12-14 04:15 -------- d-----w- c:\users\michelle\AppData\Local\GOG.com
    2013-12-14 04:13 . 2013-12-14 04:13 -------- d-----w- c:\program files (x86)\GOG.com
    2013-12-12 00:19 . 2013-12-12 00:22 10395072 ----a-w- c:\program files (x86)\Common Files\wruninstall.exe
    2013-12-11 03:23 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
    2013-12-11 03:23 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
    2013-12-11 03:23 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
    2013-12-11 03:23 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
    2013-12-11 03:23 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
    2013-12-11 03:20 . 2013-11-27 00:20 235216 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
    2013-12-11 03:20 . 2013-11-26 10:19 2724864 ----a-w- c:\windows\system32\mshtml.tlb
    2013-12-11 03:20 . 2013-11-26 09:23 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2013-12-11 03:20 . 2013-11-27 00:52 293072 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
    2013-12-11 03:20 . 2013-11-26 06:48 353280 ----a-w- c:\program files\Internet Explorer\IEShims.dll
    2013-12-11 03:20 . 2013-11-26 06:41 251392 ----a-w- c:\program files (x86)\Internet Explorer\IEShims.dll
    2013-12-11 03:20 . 2013-11-26 10:18 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
    2013-12-11 03:20 . 2013-11-26 08:34 482816 ----a-w- c:\program files\Internet Explorer\ieinstal.exe
    2013-12-11 03:20 . 2013-11-26 07:55 469504 ----a-w- c:\program files (x86)\Internet Explorer\ieinstal.exe
    2013-12-11 03:20 . 2013-11-26 06:22 270848 ----a-w- c:\program files (x86)\Internet Explorer\ieproxy.dll
    2013-12-11 03:20 . 2013-11-26 10:07 7211520 ----a-w- c:\program files\Internet Explorer\F12Resources.dll
    2013-12-11 03:20 . 2013-11-26 09:21 574976 ----a-w- c:\windows\system32\ieui.dll
    2013-12-11 02:04 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll
    2013-12-11 02:04 . 2013-10-30 02:19 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
    2013-12-11 02:04 . 2013-10-30 01:24 3155968 ----a-w- c:\windows\system32\win32k.sys
    2013-12-11 02:04 . 2013-11-23 18:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
    2013-12-11 02:04 . 2013-11-23 17:47 465920 ----a-w- c:\windows\system32\WMPhoto.dll
    2013-12-11 02:04 . 2013-10-19 02:18 81408 ----a-w- c:\windows\system32\imagehlp.dll
    2013-12-11 02:04 . 2013-10-19 01:36 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
    2013-12-11 02:03 . 2013-11-12 02:23 2048 ----a-w- c:\windows\system32\tzres.dll
    2013-12-11 02:03 . 2013-11-12 02:07 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2013-12-11 02:03 . 2013-10-04 02:16 116736 ----a-w- c:\windows\system32\drivers\drmk.sys
    2013-12-11 02:03 . 2013-10-04 01:36 230400 ----a-w- c:\windows\system32\drivers\portcls.sys
    2013-12-11 02:03 . 2013-10-12 02:32 150016 ----a-w- c:\windows\system32\wshom.ocx
    2013-12-11 02:03 . 2013-10-12 02:31 202752 ----a-w- c:\windows\system32\scrrun.dll
    2013-12-11 02:03 . 2013-10-12 02:04 121856 ----a-w- c:\windows\SysWow64\wshom.ocx
    2013-12-11 02:03 . 2013-10-12 02:03 163840 ----a-w- c:\windows\SysWow64\scrrun.dll
    2013-12-11 02:03 . 2013-10-12 01:33 156160 ----a-w- c:\windows\system32\cscript.exe
    2013-12-11 02:03 . 2013-10-12 01:33 168960 ----a-w- c:\windows\system32\wscript.exe
    2013-12-11 02:03 . 2013-10-12 01:15 141824 ----a-w- c:\windows\SysWow64\wscript.exe
    2013-12-11 02:03 . 2013-10-12 01:15 126976 ----a-w- c:\windows\SysWow64\cscript.exe
    2013-12-06 13:05 . 2013-09-04 12:12 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
    2013-12-06 13:05 . 2013-09-04 12:11 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
    2013-12-06 13:05 . 2013-09-04 12:11 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
    2013-12-06 13:05 . 2013-09-04 12:11 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
    2013-12-06 13:05 . 2013-09-04 12:11 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
    2013-12-06 13:05 . 2013-09-04 12:11 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
    2013-12-06 13:05 . 2013-09-04 12:11 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
    2013-12-05 00:43 . 2013-12-16 03:30 -------- d-----w- c:\programdata\RHelpers
    2013-12-05 00:43 . 2013-12-05 00:43 -------- d-----w- c:\programdata\Updater
    2013-12-04 04:32 . 2013-10-15 00:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-12-15 09:01 . 2012-03-23 23:34 90708896 ----a-w- c:\windows\system32\MRT.exe
    2013-12-11 02:45 . 2013-04-09 18:51 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-12-11 02:45 . 2011-10-14 20:36 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-12-05 21:43 . 2013-05-05 19:59 152744 ----a-w- c:\windows\SysWow64\WRusr.dll
    2013-12-05 21:43 . 2013-05-05 19:59 113664 ----a-w- c:\windows\system32\drivers\WRkrn.sys
    2013-12-05 21:43 . 2013-05-05 19:59 103304 ----a-w- c:\windows\system32\WRusr.dll
    2013-11-19 09:33 . 2010-11-21 03:27 267936 ------w- c:\windows\system32\MpSigStub.exe
    2013-11-18 00:14 . 2013-11-18 00:10 57096 ----a-w- c:\windows\system32\certsentry.dll
    2013-11-18 00:14 . 2013-11-18 00:10 48392 ----a-w- c:\windows\SysWow64\certsentry.dll
    2013-11-18 00:10 . 2013-11-18 00:10 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
    2013-10-12 02:30 . 2013-11-13 23:36 830464 ----a-w- c:\windows\system32\nshwfp.dll
    2013-10-12 02:29 . 2013-11-13 23:36 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
    2013-10-12 02:29 . 2013-11-13 23:36 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
    2013-10-12 02:03 . 2013-11-13 23:36 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
    2013-10-12 02:01 . 2013-11-13 23:36 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
    2013-10-05 20:25 . 2013-11-13 23:37 1474048 ----a-w- c:\windows\system32\crypt32.dll
    2013-10-05 19:57 . 2013-11-13 23:37 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll
    2013-10-04 02:28 . 2013-11-13 23:36 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
    2013-10-04 02:25 . 2013-11-13 23:36 197120 ----a-w- c:\windows\system32\credui.dll
    2013-10-04 02:24 . 2013-11-13 23:36 1930752 ----a-w- c:\windows\system32\authui.dll
    2013-10-04 01:58 . 2013-11-13 23:36 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll
    2013-10-04 01:56 . 2013-11-13 23:36 168960 ----a-w- c:\windows\SysWow64\credui.dll
    2013-10-04 01:56 . 2013-11-13 23:36 1796096 ----a-w- c:\windows\SysWow64\authui.dll
    2013-10-03 02:23 . 2013-11-13 23:36 404480 ----a-w- c:\windows\system32\gdi32.dll
    2013-10-03 02:00 . 2013-11-13 23:36 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
    2013-09-28 01:09 . 2013-11-13 23:36 497152 ----a-w- c:\windows\system32\drivers\afd.sys
    2013-09-25 02:26 . 2013-11-13 23:36 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2013-09-25 02:26 . 2013-11-13 23:36 154560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2013-09-25 02:23 . 2013-11-13 23:36 28672 ----a-w- c:\windows\system32\sspisrv.dll
    2013-09-25 02:23 . 2013-11-13 23:36 135680 ----a-w- c:\windows\system32\sspicli.dll
    2013-09-25 02:23 . 2013-11-13 23:36 28160 ----a-w- c:\windows\system32\secur32.dll
    2013-09-25 02:22 . 2013-11-13 23:36 340992 ----a-w- c:\windows\system32\schannel.dll
    2013-09-25 02:21 . 2013-11-13 23:36 307200 ----a-w- c:\windows\system32\ncrypt.dll
    2013-09-25 02:21 . 2013-11-13 23:36 1447936 ----a-w- c:\windows\system32\lsasrv.dll
    2013-09-25 01:58 . 2013-11-13 23:36 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
    2013-09-25 01:57 . 2013-11-13 23:36 22016 ----a-w- c:\windows\SysWow64\secur32.dll
    2013-09-25 01:57 . 2013-11-13 23:36 247808 ----a-w- c:\windows\SysWow64\schannel.dll
    2013-09-25 01:56 . 2013-11-13 23:36 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
    2013-09-25 01:03 . 2013-11-13 23:36 30720 ----a-w- c:\windows\system32\lsass.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-08-10 343168]
    "HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-09-29 169528]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
    "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
    "HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-06-14 103992]
    "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]
    "WRSVC"="c:\program files\Webroot\WRSA.exe" [2013-12-05 758880]
    "VNT"="c:\program files (x86)\VNT\vntldr.exe" [2013-11-11 202192]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-9-20 1338144]
    Install Webroot FF RunOnce.lnk - c:\program files (x86)\Common Files\wruninstall.exe -q -name=webroot -ffuuid {8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} --disablenotes --disableidentities --disablevault --disablecontext [2013-12-11 10395072]
    Install Webroot IE RunOnce.lnk - c:\program files (x86)\Common Files\wruninstall.exe -p -name=webroot -ffuuid {8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} --disablenotes --disableidentities --disablevault --disablecontext [2013-12-11 10395072]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoDevMgrUpdate"= 0 (0x0)
    "NoDFSTab"= 0 (0x0)
    "NoEncryptOnMove"= 0 (0x0)
    "NoResolveTrack"= 0 (0x0)
    "NoStartMenuSubFolders"= 0 (0x0)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDevMgrUpdate"= 0 (0x0)
    "NoDFSTab"= 0 (0x0)
    "NoEncryptOnMove"= 0 (0x0)
    "NoResolveTrack"= 0 (0x0)
    "NoStartMenuSubFolders"= 0 (0x0)
    .
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "DisableLocalMachineRun"= 0 (0x0)
    "DisableLocalMachineRunOnce"= 0 (0x0)
    "DisableCurrentUserRun"= 0 (0x0)
    "DisableCurrentUserRunOnce"= 0 (0x0)
    "NoFile"= 0 (0x0)
    "HideClock"= 0 (0x0)
    "NoDevMgrUpdate"= 0 (0x0)
    "NoDFSTab"= 0 (0x0)
    "NoEncryptOnMove"= 0 (0x0)
    "NoResolveTrack"= 0 (0x0)
    "NoStartMenuSubFolders"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R2 WRSVC;WRSVC;c:\program files\Webroot\WRSA.exe;c:\program files\Webroot\WRSA.exe [x]
    R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
    R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
    R3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys;c:\windows\SYSNATIVE\DRIVERS\btwdpan.sys [x]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
    S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
    S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
    S0 WRkrn;WRkrn;c:\windows\System32\drivers\WRkrn.sys;c:\windows\SYSNATIVE\drivers\WRkrn.sys [x]
    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
    S2 APNMCP;Ask Update Service;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x]
    S2 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [x]
    S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
    S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
    S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
    S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
    S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe [x]
    S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
    S3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-12-05 22:05 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-12-18 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-09 02:45]
    .
    2013-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-09 18:52]
    .
    2013-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-09 18:52]
    .
    2013-11-25 c:\windows\Tasks\HPCeeScheduleForMICHELLE-HP$.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]
    .
    2013-12-14 c:\windows\Tasks\HPCeeScheduleFormichelle.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
    2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-09-15 7466600]
    "SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-09-30 43320]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2013-11-27 21720]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uSearchAssistant = hxxp://www.google.com
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    TCP: DhcpNameServer = 68.115.71.53 68.113.206.10 66.189.0.100
    .
    .
    ------- File Associations -------
    .
    inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
    JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
    txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{4723AAA8-B2F9-4CC1-9E60-190976DB1FA4} - c:\program files (x86)\Smiley Bar for Facebook\ScriptHost.dll
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    Wow6432Node-HKLM-Run-ApnTBMon - c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
    c:\users\michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk - c:\program files (x86)\MyPC Backup\MyPC Backup.exe
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    HKLM_Wow6432Node-ActiveSetup-{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    AddRemove-Updater Service - c:\programdata\IBUpdaterService\ibsvc.exe
    AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
    AddRemove-{856AD396-519D-4C7A-BED6-6785F64924BC} - c:\users\michelle\AppData\Local\GreatArcadeHits\GAHUninstaller.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2013-12-17 19:28:44
    ComboFix-quarantined-files.txt 2013-12-18 01:28
    .
    Pre-Run: 227,437,137,920 bytes free
    Post-Run: 229,879,676,928 bytes free
    .
    - - End Of File - - DAFF6313BDC1E2F90C6B782318F030D8
    A36C5E4F47E84449FF07ED3517B43A31

  14. #29
    Join Date
    Dec 2013
    Location
    Wisconsin
    Posts
    35
    Can i turn my antivirus back on?

  15. #30
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Yes.

    Combofix log is clean.

    Please download AdwCleaner by Xplode onto your desktop.

    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.



    Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.



    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •