Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Completely overrun with problems [Solved]


  • This topic is locked This topic is locked

#16
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello :)

Thank you for the screenshot. Let's run a couple of deeper scans and make sure nothing more nefarious is hiding. After that, we'll get a fresh FRST log. :thumbsup:



Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Download and Run Zoek


Please download zoek.exe to your Desktop:

On Windows Vista, 7, and 8, right-click Zoek.exe and select: Run as Administrator

Give it a few seconds to appear

Click the Options button and place a checkmark only on the following options:

AutoClean

Now...

Close any open programs.

Click the Run script button, and wait.

It takes a few minutes to run.

When the tool finishes, the zoek-results.log is opened in Notepad.

The log is also found on the systemdrive, normally C:\

If a reboot is needed, the log is opened after the reboot.

Please post the zoek-results.log in your reply.



Step 2: Scan with RogueKiller


Please download Rogue Killer to your desktop

Download Link for 32 bit systems

Download Link for 64 bit systems
  • Click on Scan
  • The scan will take a short amount of time.
  • Note: Do not have RogueKiller remove anything at this time.
  • Click on Report to open the log.
  • Copy and paste the content of the log in your next reply.
Step 3: Fresh FRST Log
  • Start Farbar's Recovery Scan Tool and press the Scan button.
  • FRST will scan your system and produce one log this time. Please post it in your next reply.
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.


Zoek-results Log

RogueKiller Log

Fresh FRST Log

  • 0

Advertisements


#17
Inner Child

Inner Child

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

It looks like Zoek was able to remove the download window.

 

Here is the results for Zoek:

 

 
Zoek.exe v5.0.0.0 Updated 02-April-2015
Tool run by David on Sun 04/05/2015 at  9:11:00.70.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\David\Desktop\zoek.exe [Scan all users]  [Checkboxes used]
 
==== System Restore Info ======================
 
4/5/2015 9:12:50 AM Zoek.exe System Restore Point Created Successfully.
 
==== Empty Folders Check ======================
 
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~3\DassaultSystemes deleted successfully
C:\PROGRA~3\NewspaperDirect deleted successfully
C:\Users\Ben\AppData\Roaming\Apple Computer deleted successfully
C:\Users\David\AppData\Roaming\DassaultSystemes deleted successfully
C:\Users\David\AppData\Roaming\EDrawings deleted successfully
C:\Users\Maddy\AppData\Roaming\HP Support Assistant deleted successfully
C:\Users\Ben\AppData\Local\PDFC deleted successfully
C:\Users\Ben\AppData\Local\VirtualStore deleted successfully
C:\Users\David\AppData\Local\DassaultSystemes deleted successfully
C:\Users\David\AppData\Local\PDFC deleted successfully
C:\Users\David\AppData\Local\VirtualStore deleted successfully
C:\Users\Maddy\AppData\Local\PDFC deleted successfully
C:\Users\su\AppData\Local\Adobe deleted successfully
C:\Users\su\AppData\Local\PDFC deleted successfully
C:\Users\su\AppData\Local\VirtualStore deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
HKEY_USERS\S-1-5-21-2288801755-3289631723-4083887882-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2BA0274A-B325-48F8-A042-CE2E5FBE89A} deleted successfully
HKEY_USERS\S-1-5-21-2288801755-3289631723-4083887882-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{310BAD5A-C826-4921-8355-763B43CA1ED} deleted successfully
HKEY_USERS\S-1-5-21-2288801755-3289631723-4083887882-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{463E3467-B6DA-4AFA-8328-5222A9325AF0} deleted successfully
HKEY_USERS\S-1-5-21-2288801755-3289631723-4083887882-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5F9FDC28-5569-41AC-BD64-7FBD29C9884} deleted successfully
HKEY_USERS\S-1-5-21-2288801755-3289631723-4083887882-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{666C2580-E958-4C1B-B23B-15118954E288} deleted successfully
HKEY_USERS\S-1-5-21-2288801755-3289631723-4083887882-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{66D0AE70-2F4C-48AF-8D1A-54DE7F05B7A} deleted successfully
HKEY_USERS\S-1-5-21-2288801755-3289631723-4083887882-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6C58BB6E-B284-45D8-B54C-26CDC6B17E8B} deleted successfully
HKEY_USERS\S-1-5-21-2288801755-3289631723-4083887882-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6D7E514C-DDB-4A6E-8365-37DAD27CE761} deleted successfully
HKEY_USERS\S-1-5-21-2288801755-3289631723-4083887882-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{71632C93-BB91-4E75-A445-1FD6D6343730} deleted successfully
HKEY_USERS\S-1-5-21-2288801755-3289631723-4083887882-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72b493ab-3097-447f-a72a-093248d651c1} deleted successfully
HKEY_USERS\S-1-5-21-2288801755-3289631723-4083887882-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{829E40D0-3F84-4EE8-A0AC-12AA3459D064} deleted successfully
HKEY_USERS\S-1-5-21-2288801755-3289631723-4083887882-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{85F02565-13F7-4EFA-A273-66C3C14588ED} deleted successfully
HKEY_USERS\S-1-5-21-2288801755-3289631723-4083887882-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9677C7E8-8135-4B99-B2B-5FE7EF8A2F} deleted successfully
HKEY_USERS\S-1-5-21-2288801755-3289631723-4083887882-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99C650EB-B6F-4DEA-9B14-6A2FF01FFFA} deleted successfully
HKEY_USERS\S-1-5-21-2288801755-3289631723-4083887882-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CD0535D-A38D-42F9-93FB-C94EF5B16AB4} deleted successfully
HKEY_USERS\S-1-5-21-2288801755-3289631723-4083887882-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CE5DE8F-97CA-4416-AB99-BA53A3FB0F8} deleted successfully
HKEY_USERS\S-1-5-21-2288801755-3289631723-4083887882-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A6CFC74E-AD00-41BF-97D8-14A7B2AEC4} deleted successfully
HKEY_USERS\S-1-5-21-2288801755-3289631723-4083887882-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A9647B2A-5114-4F20-B24D-67ED8EF455DE} deleted successfully
HKEY_USERS\S-1-5-21-2288801755-3289631723-4083887882-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ACB99BF0-FE49-4851-8C2-33E92C28ED27} deleted successfully
HKEY_USERS\S-1-5-21-2288801755-3289631723-4083887882-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BB07A6D7-A0D9-4B3A-933D-65A7B88739A4} deleted successfully
HKEY_USERS\S-1-5-21-2288801755-3289631723-4083887882-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BC6F2BF7-F61C-4616-A855-D2343450282A} deleted successfully
HKEY_USERS\S-1-5-21-2288801755-3289631723-4083887882-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BE40D69F-9C1C-4EE5-BEA6-76EA9FEFED38} deleted successfully
HKEY_USERS\S-1-5-21-2288801755-3289631723-4083887882-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CC50B080-EB5E-46BD-8655-C0D3DF9F2B3C} deleted successfully
HKEY_USERS\S-1-5-21-2288801755-3289631723-4083887882-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D320E413-2965-45EB-9B78-62CA372FEC1C} deleted successfully
HKEY_USERS\S-1-5-21-2288801755-3289631723-4083887882-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D3E4BD1D-36F9-4B10-98C0-782D52E139C} deleted successfully
HKEY_USERS\S-1-5-21-2288801755-3289631723-4083887882-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E4F76693-7A9C-4157-8B68-F4E19DAFC3B0} deleted successfully
HKEY_USERS\S-1-5-21-2288801755-3289631723-4083887882-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E80DA238-868A-49A2-BC19-2DF54D428B1B} deleted successfully
HKEY_USERS\S-1-5-21-2288801755-3289631723-4083887882-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E99D6496-4773-4C44-B1A2-13D9093E46A} deleted successfully
HKEY_USERS\S-1-5-21-2288801755-3289631723-4083887882-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eb65ab77-ebb2-4a75-9561-4d960a3fc6f3} deleted successfully
HKEY_USERS\S-1-5-21-2288801755-3289631723-4083887882-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F7CF5D2A-BEED-4A80-A635-148F70DD9633} deleted successfully
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== Deleting Files \ Folders ======================
 
C:\Users\David\AppData\Roaming\.minecraft deleted
C:\windows\SysNative\Tasks\0414cUpdateInfo deleted
C:\found.000 deleted
C:\found.001 deleted
C:\found.002 deleted
C:\Users\David\AppData\Roaming\WB.CFG deleted
C:\Users\David\AppData\Roaming\GoldenGate deleted
C:\PROGRA~3\Avg_Update_0215tb deleted
C:\PROGRA~3\Avg_Update_0414c deleted
C:\PROGRA~3\Avg_Update_0814tb deleted
C:\PROGRA~3\Avg_Update_1114tb deleted
C:\PROGRA~3\Avg_Update_1214tb deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\David\AppData\Local\node-webkit deleted
C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url deleted
C:\Users\David\Downloads\avg_free_stb_all_2014_4355_cnet.exe deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar deleted
C:\Windows\tasks\0414cUpdateInfo.job deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Users\David\Desktop\Play Games Online.url deleted
 
==== Fake Chromium Profiles Check ======================
 
Fake profile C:\Users\Default\AppData\Local\Google\Chrome deleted
 
==== Chromium Look ======================
 
Google Chrome Version: 41.0.2272.118 (Latest Stable version: 41.0.2272.118)
 
 
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
lmjegmlicamnimmfhcmpkclmigmmcbeh - No path found[]
 
InboxAce - Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbdhaekeogebjjbaldibekfepbhogdng
Chrome Hotword Shared Module - Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Chrome Hotword Shared Module - David\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Google Drive App Launcher - David\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh
Chrome Hotword Shared Module - Maddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Chrome Hotword Shared Module - su\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
 
==== Chromium Startpages ======================
 
C:\Users\su\AppData\Local\Google\Chrome\User Data\Default\Preferences
"startup_urls": [ "https://www.google.com/" ],
 
 
==== Chromium Fix ======================
 
C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfully
C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully
C:\Users\su\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage deleted successfully
C:\Users\su\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully
C:\Users\su\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfully
C:\Users\su\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully
C:\Users\su\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.local.smartshopping.com_0.localstorage deleted successfully
C:\Users\su\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.local.smartshopping.com_0.localstorage-journal deleted successfully
C:\Users\Maddy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage deleted successfully
C:\Users\Maddy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage-journal deleted successfully
C:\Users\Maddy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_services.hearstmags.com_0.localstorage deleted successfully
C:\Users\Maddy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_services.hearstmags.com_0.localstorage-journal deleted successfully
C:\Users\su\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_click.dealshark.com_0.localstorage deleted successfully
C:\Users\su\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_click.dealshark.com_0.localstorage-journal deleted successfully
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.dnsrsearch.com_0.localstorage deleted successfully
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.dnsrsearch.com_0.localstorage-journal deleted successfully
C:\Users\Maddy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_bestbeachsearch.com_0.localstorage deleted successfully
C:\Users\Maddy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_bestbeachsearch.com_0.localstorage-journal deleted successfully
C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbdhaekeogebjjbaldibekfepbhogdng deleted successfully
C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jbdhaekeogebjjbaldibekfepbhogdng_0.localstorage deleted successfully
C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jbdhaekeogebjjbaldibekfepbhogdng_0.localstorage-journal deleted successfully
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.co...={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/...ox&FORM=IE8SRC"
{d944bb61-2e34-4dbf-a683-47e505c587dc} Unknown  Url="Not_Found"
{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} Bing  Url="http://www.bing.com/...ox&FORM=IESR02"
 
==== Deleting CLSID Registry Keys ======================
 
HKEY_USERS\S-1-5-21-2288801755-3289631723-4083887882-1000\Software\Microsoft\Internet Explorer\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc} deleted successfully
 
==== Deleting CLSID Registry Values ======================
 
 
==== shortcuts on Users Desktops ======================
 
C:\Users\Ben\Desktop\Microsoft Word 2010.lnk - C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\wordicon.exe 
C:\Users\Ben\Desktop\Pokémon Trading Card Game Online.lnk -  
C:\Users\Ben\Desktop\ROBLOX Player.lnk - C:\Users\Ben\AppData\Local\Roblox\Versions\version-68c511c8ee3948f6\RobloxPlayerLauncher.exe -browser
C:\Users\David\Desktop\Google Drive.lnk - C:\Users\David\Google Drive 
C:\Users\David\Desktop\Wakfu.lnk - C:\Users\David\AppData\Local\Ankama\Wakfu\Wakfu.exe 
 
==== shortcuts on All Users Desktop ======================
 
C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe 
C:\Users\Public\Desktop\AVG 2015.lnk - C:\Program Files (x86)\AVG\AVG2015\avgui.exe 
C:\Users\Public\Desktop\Blio eBooks.lnk - C:\Program Files (x86)\K-NFB Reading Technology Inc\Blio\KNFB.Reader.exe -lt:DESKTOP
C:\Users\Public\Desktop\eDrawings 2015 x64 Edition.lnk - C:\Program Files (x86)\Common Files\eDrawings2015\EModelViewer.exe 
C:\Users\Public\Desktop\Garmin Express.lnk - C:\Program Files (x86)\Garmin\Express\Express.exe 
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
C:\Users\Public\Desktop\Google Docs.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_document
C:\Users\Public\Desktop\Google Sheets.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_spreadsheet
C:\Users\Public\Desktop\Google Slides.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_presentation
C:\Users\Public\Desktop\HP Music.lnk - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\HPTouchSmartMusic.exe /MS /Rhapsody
C:\Users\Public\Desktop\HP Officejet 6700.lnk - C:\Program Files (x86)\hp\HP Officejet 6700\Bin\HP Officejet 6700.exe -Start UDCDevicePage
C:\Users\Public\Desktop\HP Support Assistant.lnk - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe 
C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe 
C:\Users\Public\Desktop\LightScribe.lnk - C:\Program Files (x86)\Common Files\LightScribe\LSLauncher.exe 
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe 
C:\Users\Public\Desktop\Minecraft.lnk - C:\Program Files (x86)\Minecraft\MinecraftLauncher.exe 
C:\Users\Public\Desktop\Play HP Games.lnk - C:\Program Files (x86)\HP Games\onplay\onplay.exe "C:\Program Files (x86)\HP Games\HP Game Console\GameConsole-wt.exe" /src desktopoem 
C:\Users\Public\Desktop\Shop for Supplies - HP Officejet 6700.lnk - C:\Program Files (x86)\hp\HP Officejet 6700\Bin\hpqDTSS.exe 
C:\Users\Public\Desktop\Snapfish PictureMover.lnk - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe 
C:\Users\Public\Desktop\Synctunes.lnk - C:\Windows\Installer\{4503D496-8D6B-4FC2-9A66-1CD6E12CD5DA}\_8291C4F9CD138EB5FC8D82.exe 
 
==== shortcuts in Users Start Menu ======================
 
C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Wakfu.lnk - C:\Users\David\AppData\Local\Ankama\Wakfu\Wakfu.exe 
C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk -  
C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Verizon\Verizon Wireless Software Upgrade Assistant(ar).lnk - C:\Users\David\AppData\Roaming\VERIZON\SUA_ar\SUA.exe 
C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Verizon\Verizon Wireless Software Utility Application for Android – Samsung.lnk -  
 
==== shortcuts in All Users Start Menu ======================
 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AB0000000001}\SC_Reader.ico 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG\AVG 2015.lnk - C:\Program Files (x86)\AVG\AVG2015\avgui.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin\Garmin Express.lnk - C:\Program Files (x86)\Garmin\Express\Express.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Docs.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_document
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Drive.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Sheets.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_spreadsheet
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Slides.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_presentation
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab update
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft\Minecraft.lnk - C:\Program Files (x86)\Minecraft\MinecraftLauncher.exe 
 
==== shortcuts in Quick Launch ======================
 
C:\Users\Ben\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
C:\Users\Ben\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe 
C:\Users\Ben\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Ben\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Ben\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
C:\Users\Ben\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Word 2010.lnk - C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\wordicon.exe 
C:\Users\Ben\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
C:\Users\Ben\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\HP Download Store.lnk - C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe http://redirect.hp.c...us&bd=all&c=111
C:\Users\Ben\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\HP MediaSmart.lnk - C:\Program Files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe 
C:\Users\Ben\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\hpDST.lnk - C:\Program Files (x86)\Hewlett-Packard\Setup Manager\hpDST.exe 
C:\Users\Ben\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Word 2010.lnk - C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\wordicon.exe 
C:\Users\Ben\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Minecraft.lnk - C:\Program Files (x86)\Minecraft\MinecraftLauncher.exe 
C:\Users\Ben\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Pokémon Trading Card Game Online.lnk -  
C:\Users\Ben\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe 
C:\Users\Ben\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\Ben\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\WizardLauncher.lnk - C:\ProgramData\KingsIsle Entertainment\Wizard101\PatchClient\BankB\WizardLauncher.exe 
C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 
C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk - C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE /recycle
C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Minecraft.lnk - C:\Program Files (x86)\Minecraft\MinecraftLauncher.exe 
C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Notepad.lnk - C:\Windows\system32\notepad.exe 
C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Play Anno Online.lnk - C:\Users\David\AppData\Roaming\Gameo\gameo.exe C:\Users\David\AppData\Roaming\Gameo\gameo.dat game:7941 gameMode:standalone
C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\HP Download Store.lnk - C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe http://redirect.hp.c...us&bd=all&c=111
C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\HP MediaSmart.lnk - C:\Program Files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe 
C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\hpDST.lnk - C:\Program Files (x86)\Hewlett-Packard\Setup Manager\hpDST.exe 
C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe 
C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Word 2010.lnk - C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\wordicon.exe 
C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Minecraft.lnk - C:\Program Files (x86)\Minecraft\MinecraftLauncher.exe 
C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Unity Web Player Installer.lnk - C:\Users\David\Downloads\UnityWebPlayer64.exe 
C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe 
C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Maddy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 
C:\Users\Maddy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Maddy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Maddy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
C:\Users\Maddy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\hpDST.lnk - C:\Program Files (x86)\Hewlett-Packard\Setup Manager\hpDST.exe 
C:\Users\Maddy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Word 2010.lnk - C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\wordicon.exe 
C:\Users\Maddy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe 
C:\Users\Maddy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\su\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
C:\Users\su\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 
C:\Users\su\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\su\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\su\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
C:\Users\su\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\hpDST.lnk - C:\Program Files (x86)\Hewlett-Packard\Setup Manager\hpDST.exe 
C:\Users\su\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Word 2010.lnk - C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\wordicon.exe 
C:\Users\su\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe 
 
==== shortcuts After Repair ======================
 
C:\Users\Ben\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\HP Download Store.lnk - C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe 
C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\HP Download Store.lnk - C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe 
 
==== Deleting Registry Keys ======================
 
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\OpenDownloaderManager deleted successfully
 
==== Empty IE Cache ======================
 
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Ben\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\su\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
 
==== Empty FireFox Cache ======================
 
No FireFox Profiles found
 
==== Empty Chrome Cache ======================
 
C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Maddy\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\su\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=4957 folders=1382 2966688689 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Ben\AppData\Local\Temp emptied successfully
C:\Users\David\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Maddy\AppData\Local\Temp emptied successfully
C:\Users\su\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\Windows\Temp successfully emptied
C:\Users\David\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== EOF on Sun 04/05/2015 at  9:51:53.02 ======================

  • 0

#18
Inner Child

Inner Child

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

Here is Rogue Ziller:

 

RogueKiller V10.5.8.0 (x64) [Mar 30 2015] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : David [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Scan -- Date : 04/05/2015  10:05:45
 
¤¤¤ Processes : 1 ¤¤¤
[Suspicious.Path] UA.exe(4000) -- C:\Users\David\AppData\Roaming\VERIZON\UA_ar\UA.exe[7] -> Killed [TermProc]
 
¤¤¤ Registry : 15 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 192.168.1.1 [UNITED STATES (US)][UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 192.168.1.1 [UNITED STATES (US)][UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 192.168.1.1 [UNITED STATES (US)][UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5CECA21B-925B-4D67-861F-52625C793B25} | DhcpNameServer : 209.18.47.61 209.18.47.62 192.168.1.1 [UNITED STATES (US)][UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8594CA23-4B9E-41B5-A98A-57CCAC371087} | DhcpNameServer : 209.18.47.61 209.18.47.62 192.168.1.1 [UNITED STATES (US)][UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5CECA21B-925B-4D67-861F-52625C793B25} | DhcpNameServer : 209.18.47.61 209.18.47.62 192.168.1.1 [UNITED STATES (US)][UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8594CA23-4B9E-41B5-A98A-57CCAC371087} | DhcpNameServer : 209.18.47.61 209.18.47.62 192.168.1.1 [UNITED STATES (US)][UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{5CECA21B-925B-4D67-861F-52625C793B25} | DhcpNameServer : 209.18.47.61 209.18.47.62 192.168.1.1 [UNITED STATES (US)][UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{8594CA23-4B9E-41B5-A98A-57CCAC371087} | DhcpNameServer : 209.18.47.61 209.18.47.62 192.168.1.1 [UNITED STATES (US)][UNITED STATES (US)]  -> Found
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
 
¤¤¤ Tasks : 1 ¤¤¤
[Suspicious.Path] \\Registration -- "C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe" (Registration ShowMessageTask2D) -> Found
 
¤¤¤ Files : 1 ¤¤¤
[Suspicious.Startup][File] Verizon Wireless Software Utility Application for Android – Samsung.lnk -- C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk -> Found
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10 01FAES-60Z2A0 SATA Disk Device +++++
--- User ---
[MBR] 4dd07a6bc57be74194ec250c07eeb492
[BSP] 4490c1ebc09ed594e6b00c3adf3d3737 : Linux MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 940205 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1925746688 | Size: 13562 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: ST350063 0AS SATA Disk Device +++++
--- User ---
[MBR] d43e6f28ae3168f14c16ec8404f02579
[BSP] 62cb53052f2568906c9fb4370d33ded4 : Legit.Unknown MBR Code
Partition table:
0 - [XXXXXX] LINUX (0x83) [VISIBLE] Offset (sectors): 2048 | Size: 243 MB
1 - [XXXXXX] EXTEN (0x5) [VISIBLE] Offset (sectors): 501758 | Size: 476694 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive2: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive3: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive4: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive5: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

  • 0

#19
Inner Child

Inner Child

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

And here is the new FRST log file:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by David (administrator) on HOME on 05-04-2015 10:09:05
Running from C:\Users\David\Desktop
Loaded Profiles: David (Available profiles: David & Ben & su & Maddy)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Hewlett-Packard Co.) C:\Program Files\hp\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Hewlett-Packard Company) C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Hewlett-Packard Co.) C:\Program Files\hp\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\RogueKiller\RogueKiller.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-09-15] ()
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3723728 2015-03-25] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-12-18] (Oracle Corporation)
HKU\S-1-5-21-2288801755-3289631723-4083887882-1000\...\Run: [Raptr] => C:\PROGRA~2\Raptr\raptrstub.exe --startup
HKU\S-1-5-21-2288801755-3289631723-4083887882-1000\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\hp\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2288801755-3289631723-4083887882-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [26232152 2015-02-19] (Google)
HKU\S-1-5-21-2288801755-3289631723-4083887882-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2013-01-16] (Hewlett-Packard Company)
HKU\S-1-5-21-2288801755-3289631723-4083887882-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-2288801755-3289631723-4083887882-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-2288801755-3289631723-4083887882-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-10-20] (Apple Inc.)
HKU\S-1-5-21-2288801755-3289631723-4083887882-1000\...\MountPoints2: {08a4563f-7437-11e4-83de-64315038e52f} - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2288801755-3289631723-4083887882-1000\...\MountPoints2: {7e96f83e-82f8-11e4-8ee5-64315038e52f} - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-04-13] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish PictureMover.lnk
ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk
ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\David\AppData\Roaming\VERIZON\UA_ar\UA.exe (SAMSUNG Electornics Co., Ltd.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2288801755-3289631723-4083887882-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.co...q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2015-01-24] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2015-01-24] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.75.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-01-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.75.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-01-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-02] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2288801755-3289631723-4083887882-1000: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll [2010-04-09] (Hulu LLC)
 
Chrome: 
=======
CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-07]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-07]
CHR Extension: (Google Wallet) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-10]
CHR HKU\S-1-5-21-2288801755-3289631723-4083887882-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.goo...ice/update2/crx
StartMenuInternet: Google Chrome - chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.) [File not signed]
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3416016 2015-03-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [309232 2015-03-25] (AVG Technologies CZ, s.r.o.)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451416 2014-12-31] (Garmin Ltd or its subsidiaries)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2013-01-16] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-19] (Advanced Micro Devices)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [281056 2015-03-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [341472 2015-02-03] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [133088 2015-02-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [284128 2015-02-25] (AVG Technologies CZ, s.r.o.)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [104912 2007-11-07] (EZB Systems, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-05 10:08 - 2015-04-05 10:08 - 00006196 _____ () C:\Users\David\Desktop\RKreport_SCN_04052015_100545.log
2015-04-05 10:00 - 2015-04-05 10:08 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-04-05 10:00 - 2015-04-05 10:00 - 18489472 _____ (Adlice Software ) C:\Users\David\Downloads\setup.exe
2015-04-05 10:00 - 2015-04-05 10:00 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-04-05 10:00 - 2015-04-05 10:00 - 00000850 _____ () C:\Users\Public\Desktop\RogueKiller.lnk
2015-04-05 10:00 - 2015-04-05 10:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2015-04-05 10:00 - 2015-04-05 10:00 - 00000000 ____D () C:\Program Files\RogueKiller
2015-04-05 09:52 - 2015-04-05 09:52 - 00031723 _____ () C:\Users\David\Desktop\zoek-results.txt
2015-04-05 09:46 - 2015-04-05 09:10 - 00024064 _____ () C:\Windows\zoek-delete.exe
2015-04-05 09:12 - 2015-04-05 09:51 - 00031723 _____ () C:\zoek-results.log
2015-04-05 09:10 - 2015-04-05 09:10 - 01305600 _____ () C:\Users\David\Desktop\zoek.exe
2015-04-05 03:00 - 2015-04-05 03:00 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-05 03:00 - 2015-04-05 03:00 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-04 15:16 - 2015-04-04 15:16 - 00000000 ____D () C:\Users\su\AppData\Roaming\java
2015-04-04 15:16 - 2015-04-04 15:16 - 00000000 ____D () C:\Users\su\AppData\Roaming\.minecraft
2015-04-04 14:42 - 2015-04-04 14:42 - 00001044 _____ () C:\Users\David\Desktop\checkup.txt
2015-04-04 14:32 - 2015-04-04 14:32 - 00852607 _____ () C:\Users\David\Desktop\SecurityCheck.exe
2015-04-04 14:04 - 2015-04-04 14:04 - 02347384 _____ (ESET) C:\Users\David\Downloads\esetsmartinstaller_enu.exe
2015-04-04 14:04 - 2015-04-04 14:04 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-04-04 13:29 - 2015-04-04 13:30 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\David\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-03 20:47 - 2015-04-03 20:47 - 00012598 _____ () C:\Users\David\Desktop\AdwCleaner[S0].txt
2015-04-03 20:41 - 2015-04-03 20:43 - 00000000 ____D () C:\AdwCleaner
2015-04-03 20:40 - 2015-04-03 20:40 - 02208768 _____ () C:\Users\David\Desktop\adwcleaner_4.200.exe
2015-04-03 20:37 - 2015-04-03 20:37 - 00004870 _____ () C:\Users\David\Desktop\JRT.txt
2015-04-03 20:34 - 2015-04-03 20:34 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-HOME-Windows-7-Home-Premium-(64-bit).dat
2015-04-03 20:34 - 2015-04-03 20:34 - 00000000 ____D () C:\RegBackup
2015-04-03 20:33 - 2015-04-03 20:33 - 02690981 _____ (Thisisu) C:\Users\David\Desktop\JRT.exe
2015-04-03 15:07 - 2015-04-03 15:07 - 00000000 __SHD () C:\Users\Ben\AppData\Local\EmieBrowserModeList
2015-04-02 22:37 - 2015-04-03 10:09 - 00045506 _____ () C:\Users\David\Desktop\Addition.txt
2015-04-02 22:36 - 2015-04-05 10:09 - 00016595 _____ () C:\Users\David\Desktop\FRST.txt
2015-04-02 22:36 - 2015-04-05 10:09 - 00000000 ____D () C:\FRST
2015-04-02 22:34 - 2015-04-02 22:34 - 02095616 _____ (Farbar) C:\Users\David\Desktop\FRST64.exe
2015-04-02 19:28 - 2015-04-02 19:28 - 00000000 ____D () C:\Users\David\AppData\Roaming\Verizon_AR
2015-04-02 15:29 - 2015-04-02 15:29 - 00059639 _____ () C:\Users\David\Downloads\minecraft_classic_server (1).zip
2015-04-02 15:28 - 2015-04-02 15:28 - 00059639 _____ () C:\Users\David\Downloads\minecraft_classic_server.zip
2015-03-28 16:50 - 2015-03-28 16:50 - 00000000 ____D () C:\Users\David\AppData\Local\PowerCinema
2015-03-28 16:50 - 2015-03-28 16:50 - 00000000 ____D () C:\Users\David\AppData\Local\CyberLink
2015-03-25 11:21 - 2015-03-25 11:21 - 00281056 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2015-03-24 12:43 - 2015-03-10 21:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-24 12:43 - 2015-03-10 21:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-24 12:43 - 2015-03-10 21:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-24 12:43 - 2015-03-10 21:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-24 12:43 - 2015-03-10 21:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-24 12:43 - 2015-03-10 21:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-24 12:43 - 2015-03-10 21:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-24 12:43 - 2015-03-10 21:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-24 07:10 - 2015-03-24 07:10 - 00012208 _____ () C:\Users\Maddy\Documents\Book1.xlsx
2015-03-24 03:52 - 2015-03-31 15:58 - 00000000 ____D () C:\Users\Maddy\Documents\Group 4
2015-03-22 21:41 - 2015-03-22 21:41 - 00000000 ____D () C:\Program Files (x86)\Samsung
2015-03-22 21:39 - 2015-03-22 21:40 - 00000000 ____D () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Verizon
2015-03-22 21:38 - 2015-03-22 21:42 - 00000000 ____D () C:\ProgramData\Samsung
2015-03-22 21:38 - 2015-03-22 21:38 - 00000000 ____D () C:\Program Files\SAMSUNG
2015-03-22 21:38 - 2014-06-15 23:01 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys
2015-03-22 21:38 - 2014-06-15 23:01 - 00110336 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys
2015-03-18 18:05 - 2015-03-18 18:05 - 00018572 ____H () C:\Users\David\Documents\~WRL0052.tmp
2015-03-12 17:12 - 2015-03-12 17:32 - 1748664320 _____ () C:\Users\David\Downloads\Scribblenauts_Unlimited.iso
2015-03-11 21:57 - 2015-03-11 21:57 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_dc3d_01011.Wdf
2015-03-11 01:00 - 2015-02-19 21:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 01:00 - 2015-02-19 21:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 01:00 - 2015-02-19 21:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 01:00 - 2015-02-19 21:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 01:00 - 2015-02-19 21:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-11 01:00 - 2015-02-19 21:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 01:00 - 2015-02-19 21:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-11 01:00 - 2015-02-19 21:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-11 01:00 - 2015-02-19 20:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 01:00 - 2015-02-19 20:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 00:59 - 2015-02-02 20:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 00:59 - 2015-02-02 20:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-11 00:59 - 2015-02-02 20:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 00:59 - 2015-02-02 20:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-11 00:59 - 2015-02-02 20:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 00:59 - 2015-02-02 20:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 00:59 - 2015-02-02 20:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 00:59 - 2015-02-02 20:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 00:59 - 2015-02-02 20:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 00:59 - 2015-02-02 20:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 00:59 - 2015-02-02 20:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 00:59 - 2015-02-02 20:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 00:59 - 2015-02-02 20:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 00:59 - 2015-02-02 20:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 00:59 - 2015-02-02 20:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 00:59 - 2015-02-02 20:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 00:59 - 2015-02-02 20:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 00:59 - 2015-02-02 20:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 00:59 - 2015-02-02 20:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 00:59 - 2015-02-02 20:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 00:59 - 2015-02-02 20:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 00:59 - 2015-02-02 20:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 00:59 - 2015-02-02 20:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 00:59 - 2015-02-02 20:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 00:59 - 2015-02-02 20:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 00:59 - 2015-02-02 20:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 00:59 - 2015-02-02 20:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 00:59 - 2015-02-02 20:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 00:59 - 2015-02-02 20:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 00:59 - 2015-02-02 20:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 00:59 - 2015-02-02 20:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 00:59 - 2015-02-02 20:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 00:59 - 2015-02-02 20:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 00:59 - 2015-02-02 20:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 00:59 - 2015-02-02 20:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 00:59 - 2015-02-02 20:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 00:59 - 2015-02-02 20:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 00:59 - 2015-02-02 20:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 00:59 - 2015-02-02 20:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 00:59 - 2015-02-02 20:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 00:59 - 2015-02-02 20:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 00:59 - 2015-02-02 20:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 00:59 - 2015-02-02 20:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 00:59 - 2015-02-02 20:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 00:59 - 2015-02-02 20:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 00:59 - 2015-02-02 20:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 00:59 - 2015-02-02 20:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 00:59 - 2015-02-02 20:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 00:59 - 2015-02-02 20:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 00:59 - 2015-02-02 20:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 00:59 - 2015-02-02 20:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 00:59 - 2015-02-02 20:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 00:59 - 2015-02-02 20:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 00:59 - 2015-02-02 20:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 00:59 - 2015-02-02 20:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-11 00:59 - 2015-02-02 20:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-11 00:59 - 2015-02-02 20:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-11 00:59 - 2015-02-02 20:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-11 00:59 - 2015-02-02 20:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-11 00:59 - 2015-02-02 20:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-11 00:59 - 2015-02-02 20:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-11 00:59 - 2015-02-02 20:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-11 00:59 - 2015-02-02 20:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-11 00:59 - 2015-02-02 20:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-11 00:59 - 2015-02-02 20:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-11 00:59 - 2015-02-02 20:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-11 00:59 - 2015-02-02 20:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-11 00:59 - 2015-02-02 20:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-11 00:59 - 2015-02-02 20:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-11 00:59 - 2015-02-02 20:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-11 00:59 - 2015-02-02 20:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-11 00:59 - 2015-02-02 20:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-11 00:59 - 2015-02-02 20:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-11 00:59 - 2015-02-02 20:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-11 00:59 - 2015-02-02 20:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-11 00:59 - 2015-02-02 20:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-11 00:59 - 2015-02-02 20:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-11 00:59 - 2015-02-02 20:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-11 00:59 - 2015-02-02 20:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-11 00:59 - 2015-02-02 20:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-11 00:59 - 2015-02-02 20:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-11 00:59 - 2015-02-02 20:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-11 00:59 - 2015-02-02 20:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-11 00:59 - 2015-02-02 20:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-11 00:59 - 2015-02-02 20:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-11 00:59 - 2015-02-02 20:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-11 00:59 - 2015-02-02 20:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-11 00:59 - 2015-02-02 20:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-11 00:59 - 2015-02-02 19:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 00:59 - 2014-10-31 15:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 00:59 - 2014-06-27 17:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-11 00:59 - 2014-06-27 17:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-11 00:57 - 2015-02-12 22:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 00:57 - 2015-02-12 22:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 00:57 - 2015-02-02 20:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 00:57 - 2015-02-02 20:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 00:56 - 2015-03-05 22:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 00:56 - 2015-03-05 22:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 00:56 - 2015-03-05 22:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 00:56 - 2015-03-05 22:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 00:56 - 2015-03-05 22:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 00:56 - 2015-03-05 22:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 00:56 - 2015-03-05 22:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 00:56 - 2015-03-05 22:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 00:56 - 2015-03-05 22:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 00:56 - 2015-03-05 22:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 00:56 - 2015-03-05 22:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 00:56 - 2015-03-05 22:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 00:56 - 2015-03-05 22:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 00:56 - 2015-03-05 22:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 00:56 - 2015-03-05 22:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 00:56 - 2015-03-05 22:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 00:56 - 2015-03-05 22:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 00:56 - 2015-03-05 22:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 00:56 - 2015-03-05 22:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-11 00:56 - 2015-03-05 22:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-11 00:56 - 2015-03-05 22:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 00:56 - 2015-03-05 22:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-11 00:56 - 2015-03-05 22:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-11 00:56 - 2015-03-05 22:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-11 00:56 - 2015-03-05 22:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-11 00:56 - 2015-03-05 22:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-11 00:56 - 2015-03-05 22:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-11 00:56 - 2015-03-05 22:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-11 00:56 - 2015-03-05 22:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-11 00:56 - 2015-03-05 22:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-11 00:56 - 2015-03-05 22:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-11 00:56 - 2015-02-02 20:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 00:56 - 2015-02-02 20:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 00:56 - 2015-01-30 16:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 00:56 - 2015-01-16 19:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 00:56 - 2015-01-16 19:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-11 00:55 - 2015-02-25 20:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 00:55 - 2015-02-23 20:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 00:55 - 2015-02-23 19:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-11 00:55 - 2015-02-20 18:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 00:55 - 2015-02-20 17:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 00:55 - 2015-02-20 17:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-11 00:55 - 2015-02-20 17:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 00:55 - 2015-02-20 17:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 00:55 - 2015-02-20 16:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 00:55 - 2015-02-20 16:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 00:55 - 2015-02-19 20:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 00:55 - 2015-02-19 20:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 00:55 - 2015-02-19 19:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 00:55 - 2015-02-19 19:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 00:55 - 2015-02-19 19:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 00:55 - 2015-02-19 19:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 00:55 - 2015-02-19 19:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 00:55 - 2015-02-19 19:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 00:55 - 2015-02-19 19:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 00:55 - 2015-02-19 19:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 00:55 - 2015-02-19 19:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 00:55 - 2015-02-19 19:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 00:55 - 2015-02-19 19:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 00:55 - 2015-02-19 19:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 00:55 - 2015-02-19 19:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 00:55 - 2015-02-19 19:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-11 00:55 - 2015-02-19 19:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 00:55 - 2015-02-19 19:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 00:55 - 2015-02-19 19:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 00:55 - 2015-02-19 19:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 00:55 - 2015-02-19 19:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-11 00:55 - 2015-02-19 19:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-11 00:55 - 2015-02-19 19:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-11 00:55 - 2015-02-19 19:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 00:55 - 2015-02-19 19:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 00:55 - 2015-02-19 19:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-11 00:55 - 2015-02-19 19:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-11 00:55 - 2015-02-19 18:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-11 00:55 - 2015-02-19 18:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-11 00:55 - 2015-02-19 18:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-11 00:55 - 2015-02-19 18:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 00:55 - 2015-02-19 18:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 00:55 - 2015-02-19 18:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 00:55 - 2015-02-19 18:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 00:55 - 2015-02-19 18:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 00:55 - 2015-02-19 18:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-11 00:55 - 2015-02-19 18:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-11 00:55 - 2015-02-19 18:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 00:55 - 2015-02-19 18:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 00:55 - 2015-02-19 18:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 00:55 - 2015-02-19 18:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 00:55 - 2015-02-19 18:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-11 00:55 - 2015-02-19 18:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 00:55 - 2015-02-19 18:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 00:55 - 2015-02-19 18:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 00:55 - 2015-02-19 17:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 00:55 - 2015-02-19 17:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-11 00:54 - 2015-02-03 20:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 00:54 - 2015-02-03 19:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-09 19:19 - 2015-03-09 19:20 - 00000021 _____ () C:\Users\David\Documents\minecraft seeds.txt
2015-03-09 17:44 - 2015-03-09 17:44 - 02822620 _____ () C:\Users\David\Downloads\AMIDST-3.7 (1).exe
2015-03-09 17:43 - 2015-03-09 17:43 - 02822620 _____ () C:\Users\David\Desktop\AMIDST-3.7.exe
2015-03-09 16:45 - 2015-03-09 16:45 - 00000000 ____D () C:\Users\Maddy\AppData\Local\Adobe
2015-03-09 16:44 - 2015-03-09 16:44 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-03-09 16:43 - 2015-03-09 16:43 - 00000000 ____D () C:\ProgramData\PDFC
2015-03-09 16:36 - 2015-03-09 16:42 - 00000000 ____D () C:\ProgramData\Adobe
2015-03-09 16:36 - 2015-03-09 16:36 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-03-09 16:36 - 2015-03-09 16:36 - 00002021 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2015-03-09 16:36 - 2015-03-09 16:36 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-03-09 16:34 - 2015-03-09 16:34 - 00003082 _____ () C:\Windows\System32\Tasks\{4C8FA937-7DB9-4A20-AC7B-9BA15752759B}
2015-03-07 15:07 - 2015-03-07 15:07 - 00000000 ____D () C:\Users\Maddy\AppData\Local\PowerCinema
2015-03-07 15:07 - 2015-03-07 15:07 - 00000000 ____D () C:\Users\Maddy\AppData\Local\CyberLink
2015-03-06 08:54 - 2015-04-04 13:28 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForDavid
2015-03-06 08:54 - 2015-04-04 13:28 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForDavid.job
2015-03-06 08:30 - 2015-04-03 10:27 - 00000000 ____D () C:\Users\Maddy\AppData\Roaming\HpUpdate
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-05 10:00 - 2014-05-13 21:05 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-05 09:58 - 2009-07-13 21:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-05 09:58 - 2009-07-13 21:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-05 09:55 - 2010-11-24 00:14 - 01107589 _____ () C:\Windows\WindowsUpdate.log
2015-04-05 09:52 - 2014-11-11 19:17 - 00000000 ___RD () C:\Users\David\iCloudDrive
2015-04-05 09:51 - 2014-04-10 09:28 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-05 09:50 - 2014-04-10 09:29 - 00440884 _____ () C:\Windows\PFRO.log
2015-04-05 09:50 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-05 09:50 - 2009-07-13 21:51 - 00051700 _____ () C:\Windows\setupact.log
2015-04-05 09:48 - 2014-04-10 09:28 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-05 09:40 - 2014-12-11 20:55 - 00000000 ____D () C:\zoek_backup
2015-04-05 09:39 - 2014-06-18 04:54 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2015-04-05 09:39 - 2014-06-18 04:54 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
2015-04-05 09:13 - 2014-04-10 09:31 - 00000000 ____D () C:\ProgramData\MFAData
2015-04-04 13:30 - 2014-06-09 19:37 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-04 13:30 - 2014-05-13 21:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-04 13:30 - 2014-05-13 21:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-04 13:28 - 2014-07-13 17:08 - 00003210 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForHOME$
2015-04-04 13:28 - 2014-07-13 17:08 - 00000334 _____ () C:\Windows\Tasks\HPCeeScheduleForHOME$.job
2015-04-03 20:20 - 2014-10-24 16:09 - 00000000 ____D () C:\ProgramData\AVG2015
2015-04-03 15:06 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-03 10:48 - 2009-07-13 21:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-04-03 10:40 - 2014-05-26 22:21 - 00000000 ___RD () C:\Users\David\Google Drive
2015-04-02 22:51 - 2014-11-10 20:14 - 00000000 ____D () C:\Users\David\AppData\Local\1CA0A888-9500-4C52-97D7-FC7BA98EEBE1.aplzod
2015-04-02 19:42 - 2014-11-26 21:19 - 00000000 ____D () C:\Users\David\AppData\Roaming\VERIZON
2015-04-02 15:25 - 2014-04-10 09:28 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-31 08:11 - 2014-10-24 16:13 - 00000967 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-03-31 08:11 - 2014-04-10 09:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-03-28 15:22 - 2014-04-10 17:04 - 00000000 ____D () C:\Users\David\AppData\Local\CrashDumps
2015-03-27 09:42 - 2014-06-07 13:22 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-03-25 15:52 - 2014-10-22 18:26 - 00000000 ____D () C:\Users\David\AppData\Local\Apple Computer
2015-03-25 03:20 - 2014-12-10 04:39 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-25 03:20 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-24 15:18 - 2014-06-11 15:39 - 00000000 ____D () C:\Users\David\Documents\Outlook Files
2015-03-22 21:42 - 2010-11-24 00:13 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-22 19:09 - 2014-04-10 09:35 - 00000000 ____D () C:\Users\David\AppData\Roaming\Hewlett-Packard
2015-03-22 19:07 - 2014-10-22 18:26 - 00000000 ____D () C:\Users\David\AppData\Roaming\Apple Computer
2015-03-22 19:07 - 2014-04-10 09:05 - 00798884 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-03-22 19:06 - 2014-10-31 07:22 - 00000000 ____D () C:\Users\David\AppData\Roaming\HP Support Assistant
2015-03-22 19:06 - 2014-05-21 17:12 - 00000000 ____D () C:\Users\David\AppData\Roaming\HpUpdate
2015-03-17 06:15 - 2014-05-13 21:05 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-17 06:15 - 2014-05-13 21:05 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-17 06:15 - 2014-05-13 21:05 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-15 22:23 - 2014-04-10 17:09 - 00000000 ____D () C:\Users\su
2015-03-15 22:23 - 2014-04-10 17:08 - 00000000 ____D () C:\Users\Ben
2015-03-11 21:59 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2015-03-11 21:08 - 2009-07-13 22:13 - 00781790 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-11 18:01 - 2009-07-13 22:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-11 03:47 - 2009-07-13 21:45 - 00421968 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-11 03:43 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-11 03:43 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-11 03:27 - 2014-05-08 20:06 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-11 03:27 - 2009-07-13 19:34 - 00000478 _____ () C:\Windows\win.ini
2015-03-11 03:19 - 2014-05-14 16:35 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 03:08 - 2014-05-14 16:35 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-09 16:45 - 2014-10-22 17:24 - 00000000 ____D () C:\Users\Maddy\AppData\Roaming\Adobe
2015-03-06 08:54 - 2014-04-10 09:35 - 00000000 ____D () C:\Users\David\AppData\Local\Hewlett-Packard
2015-03-06 08:30 - 2015-01-29 22:45 - 00000000 ____D () C:\Users\Maddy\AppData\Local\Hewlett-Packard
 
==================== Files in the root of some directories =======
 
2015-01-10 20:44 - 2015-01-10 20:44 - 0000001 _____ () C:\Users\David\AppData\Local\DSI.DAT
2014-05-20 16:50 - 2014-05-20 16:50 - 0000057 _____ () C:\ProgramData\Ament.ini
 
Some content of TEMP:
====================
C:\Users\David\AppData\Local\Temp\dllnt_dump.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-04 15:03
 
==================== End Of Log ============================

  • 0

#20
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

It looks like Zoek was able to remove the download window.


Your logs are CLEAN! :thumbsup: :) but we still have a few things we need to address namely:
  • I need to remove the tools we installed on your machine.
  • We also have some programs on your machine that need updating to help protect you in the future.
  • I also have some tips and information to help protect you in the future.
Step 1: Tool Removal with Delfix and Creation of a Clean Restore Point
  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore
    delfix.jpg
  • Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

You can uninstall ESET Online Scanner at this time.

I recommend keeping Malwarebytes Anti-Malware installed. Make sure to update it and run it at least once a week. If it finds things such as PUP's (Potentially Unwanted Programs) you can delete those with no worries. However, if it finds something like a trojan, come see us.


Step 2: Enable UAC and Program Updates


Enable UAC in Windows 7

Your User Account Control is turned off. This makes it easier for malware to make changes to your system without you permission. We'll enable it and this will allow you to have control over what changes are made. If a program that you do not recognize tries to make changes, UAC will alert you and ask if you want to allow the change.
  • Open User Account Control Settings by clicking the Start button and then clicking Control Panel
  • In the Search Box, type in uac and then click Change User Account Control settings.
  • To turn on UAC, move the slider to choose when you want to be notified, and then click OK.
  • If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
A word about Java

Java has become the #1 program exploited by thieves and hackers as of today. It's gotten so bad, the Department of Homeland Security recently recommended that users disable Java on their machines.

For more information regarding this, see the two articles below:

Forbes: US Department of Homeland Security Calls on user do disable Java

US warns on Java software

Unless you have software on your machine that absolutely requires Java, I highly recommend you completely remove it from your system.

If you do have software that requires it, then disable it until such time as it's needed by those programs.

Please click the link below for instructions to disable Java.

How to Disable Java in your Web Browser


If you wish to continue to use Java on your machine, please be sure to keep it updated by following the instructions below.
  • Click on this link Java Website and click Do I Have Java?
  • Then click the Verify Java Version button. It will scan your current version and show you if you have the most current version.
You can find instructions for manually removing older versions for Windows XP, Vista, and 7 by clicking the link below:

Instructions for manually removing old versions of Java


Update Adobe flash Player
  • Your current version of Adobe Flash is out of date. Please update it by clicking the link below.
  • Also, make sure you Uncheck the box to install the McAfee Security Scan Plus software.
http://get.adobe.com/flashplayer/


Step 3: Tips, Information and Optional Installation of Unchecky
  • Watch what you open in your emails. If you get an email from an unknown source with any attached files, do not open it.
  • Install and keep only one anti-virus on your machine. Update it and scan your machine with it at least once a week.
  • Be careful of the websites you visit.
  • When installing new programs, don't be "click happy" and click through the screens. Many programs come with adware in them and are set to install them by default. Several programs require that you uncheck or select no to prevent the installation. Take your time and read each screen as you go. :)
To help protect yourself while on the web, I recommend you read How did I get infected in the first place?


Installation of Unchecky

This is a very good little program that will automatically uncheck any boxes during a software installation. This helps prevent the software from installing any malware that is by default checked while the program is being installed.

Click here to be taken to Unchecky.com

Click the very large Download button.

Click Save

Once downloaded, double click the program (Vista, Win 7, and 8, right click and Run as Administrator)

Once open, click the Install button.


unchecky1_zps667e512d.jpg


Then click Finish

unchecky2_zpsca4e7d0d.jpg


Unchecky is now installed and will help you keep unwanted check boxes unchecked. :thumbsup:


Things I need to see in your next post:

Delfix Log

  • 0

#21
Inner Child

Inner Child

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

That is good news. I appreciate all that you have done for me.

 

One note, though; Zoek deleted all of my minecraft files. You may want to warn others in the future about the possibility. I will be fine. I understand it's only a game and I can just start over.

 

Here is the Delfix log:

 

# DelFix v10.9 - Logfile created 05/04/2015 at 12:27:07
# Updated 27/02/2015 by Xplode
# Username : David - HOME
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
 
~ Removing disinfection tools ...
 
 
~ Creating registry backup ... OK
 
~ Cleaning system restore ...
 
Deleted : RP #102 [Scheduled Checkpoint | 04/01/2015 15:05:51]
Deleted : RP #104 [Restore Point Created by FRST | 04/04/2015 03:23:58]
Deleted : RP #105 [Windows Update | 04/05/2015 10:00:23]
Deleted : RP #106 [zoek.exe restore point | 04/05/2015 16:12:42]
 
New restore point created !
 
########## - EOF - ##########
 
 
 
Ah! I just realized that there was a restore point that could have saved my data. Oh well!
 
Again, thank you for your help.

  • 0

#22
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

That is good news. I appreciate all that you have done for me.



One note, though; Zoek deleted all of my minecraft files. You may want to warn others in the future about the possibility. I will be fine. I understand it's only a game and I can just start over.


You're quite welcome, and I will post about that to the developer immediately.

If we can help you again in the future, please don't hesitate to come see us again. :thumbsup:
  • 0

#23
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP