Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malwarebytes won't run, infected with ZeroAccess WINDOWS 8


  • This topic is locked This topic is locked
47 replies to this topic

#1 Mike.C

Mike.C

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pennsylvania
  • Local time:02:56 PM

Posted 28 July 2014 - 01:36 PM

First Topic: http://www.bleepingcomputer.com/forums/t/542466/malwarebytes-anti-malware-will-not-run-can-someone-help/#entry3433135

Previous Topic: http://www.bleepingcomputer.com/forums/t/542530/malwarebytes-wont-run-infected-with-zeroaccess-help-please/

 

I did not create a backup because I had nowhere to save it to? Please tell me if I should create one anyway.

Step 2 seemed pointless as I knew malware had infected my system. The reason I knew was becausen I ran RogueKiller and it found ZeroAccess in  processes.

I already created an account and checked the boxes in notifications.

The firewall seems to be enabled.

I downloaded and ran DDS, though Avast! is now detecting Win32 malware-gen

The logs have been attatched below.

 

Please forgive me if I created this post the wrong way.

 

Also my computer is humming and whirring. usually it only does that when i'm running a scan. Is this because of ZeroAccess?

 

For some reason RogueKiller cannot detect ZeroAccess in Processes anymore. Has it Hidden Itself or something?

 

 

IF ANYONE IS FREE, PLEASE SEND THEM MY WAY PLEASE!

 

 

EDIT- Thanks for responding CatByte! Sorry I couldn't get the logs out sooner. I was out of the house doing an errand.

Is it safe to shut off my computer or should I leave it on for the night?

Attached Files


Edited by Mike.C, 28 July 2014 - 06:27 PM.


BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:56 PM

Posted 28 July 2014 - 05:04 PM




Hello and welcome to Bleeping Computer, please run the following:

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.

  • Press Scan button.

  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 Mike.C

Mike.C
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pennsylvania
  • Local time:02:56 PM

Posted 28 July 2014 - 06:08 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014
Ran by Owner (administrator) on MAIN on 28-07-2014 19:00:34
Running from C:\Users\Owner\Desktop
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFXWindowsService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\AMSP_LogServer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\ODD Monitor\ODD_Monitor.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\TMAS\TMAS_WLM\TMAS_WLMMon.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicator.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
() C:\Users\Owner\Desktop\RogueKiller.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\nacl64.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7017032 2013-02-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1277000 2013-02-18] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe [36352 2013-01-31] (Intel Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [13840 2013-04-19] (Alienware)
HKLM\...\Run: [Trend Micro Titanium] => C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe [1382568 2013-09-16] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [216928 2013-08-29] (Trend Micro Inc.)
HKLM\...\Run: [WLM] => C:\Program Files\Trend Micro\Titanium\Plugin\TMAS\TMAS_WLM\TMAS_WLMMon.exe [39528 2013-01-31] (Trend Micro Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [382608 2014-06-04] (Malwarebytes Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-07-15] (AVAST Software)
HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [4841824 2014-07-28] (Emsisoft GmbH)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-220932460-3689270703-988334643-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3595608 2014-07-27] (Electronic Arts)
HKU\S-1-5-21-220932460-3689270703-988334643-1001\...\Run: [HP Photosmart 5520 series (NET)] => C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-220932460-3689270703-988334643-1001\...\MountPoints2: {2ce95da6-dd8b-11e2-be66-806e6f6e6963} - "D:\Setup.exe" 
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 5520 series (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Photosmart 5520 series (Network).lnk -> C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RCRN_Autoupdater.exe.lnk
ShortcutTarget: RCRN_Autoupdater.exe.lnk -> C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\RCRN\Autoupdater\RCRN_Autoupdater.exe (Damiano La Maida)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\SkyDriveShell.dll (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.alienwarearena.com/welcome-us
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.alienwarearena.com/welcome-us
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - {62915C4A-8EE6-41D5-9AE3-9606BD306EF6} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKLM-x32 - {62915C4A-8EE6-41D5-9AE3-9606BD306EF6} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKCU - DefaultScope {62915C4A-8EE6-41D5-9AE3-9606BD306EF6} URL = 
SearchScopes: HKCU - {62915C4A-8EE6-41D5-9AE3-9606BD306EF6} URL = 
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20013\1.0.1221\1.0.1221\TmopIEPlg.dll (Trend Micro Inc.)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe64.dll (Trend Micro Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20013\1.0.1221\1.0.1221\TmopIEPlg32.dll (Trend Micro Inc.)
BHO-x32: TSToolbarBHO -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe32.dll (Trend Micro Inc.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - TrendMicro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.15.0.cab
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe64.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20013\1.0.1221\1.0.1221\TmopIEPlg.dll (Trend Micro Inc.)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} -  No File
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe32.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20013\1.0.1221\1.0.1221\TmopIEPlg32.dll (Trend Micro Inc.)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 
FireFox:
========
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF HKLM\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension [2014-05-27]
FF HKLM-x32\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{21541D23-FDA1-4bf3-8AF2-8F623BF70B07}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension
FF Extension: Trend Micro Osprey Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension [2014-05-27]
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2013-07-24]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-15]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2014-04-27]
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-29]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-29]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-29]
CHR Extension: (Ratings Preview for YouTube™) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbhdenfmgbagncdmgbholejjpmmiank [2013-08-04]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-29]
CHR Extension: (AdBlock) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-03-05]
CHR Extension: (avast! Online Security) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-07-17]
CHR Extension: (Ultimate Pokemon Theme-Winter Special) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikpjeiodcflbblaiadaldjljmehdfocb [2014-03-05]
CHR Extension: (RT News) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kloiceblkijlknknaibcaieiicafajlo [2014-06-11]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2014-03-05]
CHR Extension: (Uncanny Cookie Clicker) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmmdenlpgbgmeofmdkhimecmkcgabgno [2014-06-25]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (HoofSounds) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pakhjhphleppgakhlffhlfhbekfnobbk [2014-03-06]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-29]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-15]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4741384 2014-07-28] (Emsisoft GmbH)
R2 AlienFXWindowsService; C:\Program Files\Alienware\Command Center\AlienFXWindowsService.exe [14352 2013-04-19] (Alienware)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-15] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2356408 2014-06-19] (Microsoft Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
S3 ioloEnergyBooster; C:\Program Files\Alienware\Command Center\ioloEnergyBooster.exe [6145872 2012-11-01] (iolo technologies, LLC)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [360592 2014-06-04] (Malwarebytes Corporation)
R2 MSI_ODD_Service; c:\Program Files (x86)\MSI\ODD Monitor\ODD_Monitor.exe [83512 2012-11-20] (Micro-Star Int'l Co., Ltd.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [202824 2013-01-18] (Realtek Semiconductor)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2012-12-26] (Atheros)
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-15] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-15] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-15] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-15] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-15] ()
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [62392 2014-06-04] ()
R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2014-05-12] (Malwarebytes Corporation)
R3 NTIOLib_X64; C:\Program Files (x86)\msi\ODD Monitor\NTIOLib_X64.sys [14136 2012-11-20] (MSI)
R1 tmactmon; C:\Windows\system32\DRIVERS\tmactmon.sys [109072 2013-09-04] (Trend Micro Inc.)
R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [175528 2013-09-04] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [46392 2013-07-24] (Trend Micro Inc.)
R3 tmeevw; C:\Windows\system32\DRIVERS\tmeevw.sys [94520 2012-12-07] (Trend Micro Inc.)
S0 tmel; C:\Windows\System32\DRIVERS\tmel.sys [34224 2012-07-27] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\system32\DRIVERS\tmevtmgr.sys [77184 2013-09-04] (Trend Micro Inc.)
R3 tmnciesc; C:\Windows\system32\DRIVERS\tmnciesc.sys [210232 2013-07-24] (Trend Micro Inc.)
R2 tmusa; C:\Windows\system32\DRIVERS\tmusa.sys [92456 2012-12-26] (Trend Micro Inc.)
U3 TrueSight; C:\Windows\SysWOW64\drivers\TrueSight.sys [29160 2014-07-28] ()
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-07-28 19:00 - 2014-07-28 19:01 - 00026474 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-07-28 19:00 - 2014-07-28 19:00 - 00000000 ____D () C:\FRST
2014-07-28 18:59 - 2014-07-28 18:59 - 02093568 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-07-28 14:21 - 2014-07-28 14:21 - 00022125 _____ () C:\Users\Owner\Documents\DDS.txt
2014-07-28 14:21 - 2014-07-28 14:21 - 00006998 _____ () C:\Users\Owner\Documents\Attach.txt
2014-07-28 14:13 - 2014-07-28 14:13 - 00022125 _____ () C:\Users\Owner\Desktop\dds.txt
2014-07-28 14:13 - 2014-07-28 14:13 - 00006998 _____ () C:\Users\Owner\Desktop\attach.txt
2014-07-28 14:05 - 2014-07-28 14:05 - 00688992 ____R (Swearware) C:\Users\Owner\Desktop\dds.com
2014-07-28 13:59 - 2014-07-28 14:00 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Owner\Downloads\cbSetup.exe
2014-07-28 01:26 - 2014-07-28 01:26 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-07-28 01:04 - 2014-07-28 01:04 - 00001093 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-07-28 01:04 - 2014-07-28 01:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-07-28 01:02 - 2014-07-28 18:30 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-07-28 01:00 - 2014-07-28 01:01 - 233663808 _____ (Emsisoft GmbH ) C:\Users\Owner\Downloads\EmsisoftAntiMalwareSetup.exe
2014-07-27 23:50 - 2014-07-27 23:50 - 00000620 _____ () C:\Users\Owner\Desktop\JRT.txt
2014-07-27 23:34 - 2014-07-27 23:34 - 01016261 _____ (Thisisu) C:\Users\Owner\Desktop\JRT (1).exe
2014-07-27 23:10 - 2014-07-27 23:10 - 01367289 _____ () C:\Users\Owner\Desktop\adwcleaner_3.300.exe
2014-07-27 19:00 - 2014-07-28 15:34 - 00000000 ____D () C:\Users\Owner\AppData\Local\CrashDumps
2014-07-27 18:46 - 2014-07-28 15:14 - 00029160 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys
2014-07-27 18:46 - 2014-07-27 18:46 - 04806744 _____ () C:\Users\Owner\Desktop\RogueKiller.exe
2014-07-27 18:46 - 2014-07-27 18:46 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-27 18:23 - 2014-07-28 00:48 - 00002820 _____ () C:\Users\Owner\Desktop\debug.log
2014-07-27 18:14 - 2014-07-27 18:14 - 00000000 ____D () C:\Users\Owner\Downloads\mbam-chameleon-3.1.4.0
2014-07-27 18:12 - 2014-07-27 18:12 - 04872677 _____ () C:\Users\Owner\Downloads\mbam-chameleon-3.1.4.0.zip
2014-07-27 17:59 - 2014-07-27 23:05 - 00002186 _____ () C:\Users\Owner\Desktop\Rkill.txt
2014-07-27 17:59 - 2014-07-27 17:59 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Owner\Desktop\rkill.exe
2014-07-27 17:37 - 2014-07-27 17:37 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-27 12:44 - 2014-07-27 12:44 - 00000222 _____ () C:\Users\Owner\Desktop\Defiance.url
2014-07-25 20:53 - 2014-07-25 20:53 - 00000927 _____ () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\fnv4gb.lnk
2014-07-24 01:01 - 2014-07-24 01:01 - 00000000 ____D () C:\Users\Owner\Desktop\desktop icons
2014-07-24 01:00 - 2014-07-24 01:00 - 00001621 _____ () C:\Users\Owner\Desktop\Fallout 3 goty - Shortcut.lnk
2014-07-23 17:58 - 2014-07-23 17:58 - 00284942 _____ () C:\Users\Owner\Downloads\FO3_3GB_ENABLER-6510 (1).7z
2014-07-21 19:53 - 2014-07-21 23:29 - 00000000 ____D () C:\Users\Owner\Desktop\New folder (6)
2014-07-21 18:43 - 2014-07-21 19:58 - 00000000 ____D () C:\Users\Owner\Desktop\New folder (4)
2014-07-21 18:43 - 2014-07-21 18:53 - 00000000 ____D () C:\Users\Owner\Desktop\New folder (5)
2014-07-21 17:53 - 2014-07-21 18:30 - 00000000 ____D () C:\Users\Owner\Desktop\RADIO NEW VEGAS ALT MUSIC - Copy
2014-07-21 01:31 - 2014-07-21 01:31 - 00001644 _____ () C:\Users\Owner\Desktop\Fallout New Vegas - Shortcut.lnk
2014-07-20 21:37 - 2014-07-20 21:37 - 01974866 _____ () C:\Users\Owner\Downloads\enbseries_falloutnv_v0249.zip
2014-07-20 14:16 - 2014-07-20 14:16 - 00000000 ____D () C:\Users\Owner\AppData\Local\ArchiveInvalidation
2014-07-20 14:15 - 2014-07-20 14:15 - 07738686 _____ () C:\Users\Owner\Downloads\ArchiveInvalidation File Generator v3_6-52402-3-6.zip
2014-07-20 14:15 - 2014-07-20 14:15 - 00000000 ____D () C:\Users\Owner\Downloads\ArchiveInvalidation File Generator v3_6-52402-3-6
2014-07-19 17:31 - 2014-07-19 17:32 - 00611648 _____ () C:\Users\Owner\Downloads\nvse_4_2_beta4.7z
2014-07-17 14:09 - 2014-07-17 14:09 - 00000000 ____D () C:\Users\Owner\Desktop\FNV4GB-1-6-35262-1-6 (1)
2014-07-17 14:08 - 2014-07-17 14:08 - 00114570 _____ () C:\Users\Owner\Downloads\FNV4GB-1-6-35262-1-6 (1).zip
2014-07-16 12:44 - 2014-07-16 12:44 - 00000000 ____D () C:\Users\Owner\Downloads\Program Version - Recommended-944
2014-07-16 12:42 - 2014-07-16 12:42 - 00252100 _____ () C:\Users\Owner\Downloads\Program Version - Recommended-944.zip
2014-07-16 12:42 - 2014-07-16 12:42 - 00001601 _____ () C:\Users\Owner\Downloads\Manual Version-944.zip
2014-07-16 10:58 - 2014-07-23 18:08 - 00000000 ____D () C:\Users\Owner\Desktop\New folder (3)
2014-07-15 11:20 - 2014-07-15 11:20 - 00000000 ____D () C:\Users\Owner\Documents\FOMM
2014-07-15 09:08 - 2014-07-15 09:08 - 00001968 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-15 09:08 - 2014-07-15 09:08 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\AVAST Software
2014-07-15 09:08 - 2014-07-15 09:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-07-15 09:07 - 2014-07-25 17:26 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-07-15 09:07 - 2014-07-15 09:07 - 00000000 ____D () C:\ProgramData\Google
2014-07-15 09:07 - 2014-07-15 09:07 - 00000000 ____D () C:\Program Files\Google
2014-07-15 09:06 - 2014-07-15 09:07 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-15 09:06 - 2014-07-15 09:06 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-07-15 09:06 - 2014-07-15 09:06 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-07-15 09:06 - 2014-07-15 09:06 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-07-15 09:06 - 2014-07-15 09:06 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-07-15 09:06 - 2014-07-15 09:06 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-07-15 09:06 - 2014-07-15 09:06 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-07-15 09:06 - 2014-07-15 09:06 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-07-15 09:06 - 2014-07-15 09:06 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-15 09:06 - 2014-07-15 09:06 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-15 09:03 - 2014-07-15 09:03 - 00000000 ____D () C:\Program Files\AVAST Software
2014-07-15 09:02 - 2014-07-15 09:03 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-07-15 09:01 - 2014-07-15 09:02 - 04862664 _____ (AVAST Software) C:\Users\Owner\Downloads\avast_free_antivirus_setup_online.exe
2014-07-15 08:55 - 2014-07-15 08:55 - 02347384 _____ (ESET) C:\Users\Owner\Downloads\esetsmartinstaller_enu.exe
2014-07-15 08:55 - 2014-07-15 08:55 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-15 08:48 - 2014-07-15 08:48 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Owner\Desktop\tdsskiller.exe
2014-07-14 21:27 - 2014-07-14 21:27 - 00065232 _____ (Malwarebytes) C:\Users\Owner\Downloads\regassassin-setup-1.03.exe
2014-07-14 21:27 - 2014-07-14 21:27 - 00001057 _____ () C:\Users\Public\Desktop\FileASSASSIN.lnk
2014-07-14 21:27 - 2014-07-14 21:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN
2014-07-14 21:27 - 2014-07-14 21:27 - 00000000 ____D () C:\Program Files (x86)\FileASSASSIN
2014-07-14 21:26 - 2014-07-14 21:26 - 00167034 _____ () C:\Users\Owner\Downloads\fileassassin-setup-1.06.exe
2014-07-14 19:34 - 2014-07-14 19:34 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Owner\Desktop\mbar-1.07.0.1012.exe
2014-07-14 19:31 - 2014-07-14 19:31 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Exploit.lnk
2014-07-14 19:31 - 2014-07-14 19:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2014-07-14 19:30 - 2014-07-28 15:17 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2014-07-14 19:30 - 2014-07-14 19:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit
2014-07-14 19:30 - 2014-07-14 19:30 - 02650408 _____ (Malwarebytes ) C:\Users\Owner\Downloads\mbae-setup-1.03.1.1220.exe
2014-07-14 19:25 - 2014-07-14 19:25 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-07-14 19:22 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-14 16:49 - 2014-07-14 16:50 - 00000000 ____D () C:\Users\Owner\Desktop\FILES
2014-07-14 16:29 - 2014-07-14 16:29 - 00000221 _____ () C:\Users\Owner\Desktop\The Elder Scrolls V Skyrim.url
2014-07-13 21:47 - 2014-07-23 19:19 - 00000000 ____D () C:\Users\Owner\Desktop\fose_v1_2_beta2
2014-07-13 14:03 - 2014-07-13 14:03 - 00000000 ____D () C:\Users\Owner\Desktop\3GB enabler
2014-07-13 13:58 - 2014-07-23 18:06 - 00284942 _____ () C:\Users\Owner\Downloads\FO3_3GB_ENABLER-6510.7z
2014-07-13 13:46 - 2014-07-13 13:46 - 00384875 _____ () C:\Users\Owner\Downloads\fose_v1_2_beta2.7z
2014-07-13 12:55 - 2014-07-13 12:57 - 79380044 _____ () C:\Users\Owner\Downloads\Anamanaguchi - Endless Fantasy (Radi.wav
2014-07-13 12:47 - 2014-07-19 15:11 - 00000892 _____ () C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2014-07-13 12:47 - 2014-07-19 15:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2014-07-13 12:47 - 2014-07-19 15:11 - 00000000 ____D () C:\Program Files\Nexus Mod Manager
2014-07-13 12:45 - 2014-04-16 14:20 - 00875712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2014-07-13 12:45 - 2014-04-16 14:20 - 00869568 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2014-07-13 12:45 - 2014-04-16 14:20 - 00678592 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2014-07-13 12:45 - 2014-04-16 14:20 - 00536768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2014-07-13 12:45 - 2014-04-16 14:20 - 00029888 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2014-07-13 12:45 - 2014-04-16 14:20 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2014-07-12 11:09 - 2014-07-12 11:10 - 00329880 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-11 13:47 - 2014-07-11 13:50 - 00000000 ____D () C:\Users\Owner\Documents\PlanetExplorers
2014-07-10 23:41 - 2014-07-10 23:41 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-09 22:49 - 2014-07-09 22:52 - 00000000 ____D () C:\Users\Owner\Desktop\Roms
2014-07-09 22:42 - 2014-07-09 22:42 - 00002275 _____ () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2014-07-09 22:41 - 2014-07-09 22:41 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2014-07-09 18:09 - 2014-06-17 19:27 - 01440256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 18:09 - 2014-06-17 19:24 - 01557504 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 18:09 - 2014-06-11 00:18 - 04038144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 18:08 - 2014-06-30 18:42 - 00702464 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-09 18:08 - 2014-06-30 18:42 - 00394240 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-07-09 18:08 - 2014-06-30 18:42 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-07-09 18:08 - 2014-06-27 23:35 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-09 18:08 - 2014-06-18 22:12 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 18:08 - 2014-06-18 22:12 - 01366528 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 18:08 - 2014-06-18 22:12 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-07-09 18:08 - 2014-06-18 22:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-07-09 18:08 - 2014-06-18 22:12 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 18:08 - 2014-06-18 22:11 - 19277312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 18:08 - 2014-06-18 22:11 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 18:08 - 2014-06-18 22:11 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 18:08 - 2014-06-18 22:10 - 15369728 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 18:08 - 2014-06-18 22:10 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 18:08 - 2014-06-18 22:10 - 02650624 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 18:08 - 2014-06-18 22:10 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-09 18:08 - 2014-06-18 22:10 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 18:08 - 2014-06-18 22:10 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 18:08 - 2014-06-18 22:10 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 18:08 - 2014-06-18 22:10 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 18:08 - 2014-06-18 22:10 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-07-09 18:08 - 2014-06-18 22:10 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 18:08 - 2014-06-18 22:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 18:08 - 2014-06-18 22:10 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 18:08 - 2014-06-18 22:09 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 18:08 - 2014-06-18 20:53 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 18:08 - 2014-06-18 20:53 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 18:08 - 2014-06-18 20:53 - 01141760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 18:08 - 2014-06-18 20:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 18:08 - 2014-06-18 20:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 18:08 - 2014-06-18 20:53 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 18:08 - 2014-06-18 20:53 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-07-09 18:08 - 2014-06-18 20:52 - 13732352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 18:08 - 2014-06-18 20:52 - 02863616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 18:08 - 2014-06-18 20:52 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 18:08 - 2014-06-18 20:52 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 18:08 - 2014-06-18 20:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-09 18:08 - 2014-06-18 20:52 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 18:08 - 2014-06-18 20:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 18:08 - 2014-06-18 20:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 18:08 - 2014-06-18 20:52 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-07-09 18:08 - 2014-06-18 20:52 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 18:08 - 2014-06-18 20:52 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 18:08 - 2014-06-18 20:52 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 18:08 - 2014-06-18 20:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 18:08 - 2014-06-18 20:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 18:08 - 2014-06-18 18:05 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-07-09 18:08 - 2014-06-02 18:33 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2014-07-09 18:08 - 2014-05-29 19:31 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-07-09 18:08 - 2014-05-29 19:03 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-07-09 18:08 - 2014-05-29 19:02 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 18:08 - 2014-05-29 19:02 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2014-07-09 18:08 - 2014-05-03 02:34 - 06974808 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-07-09 18:08 - 2014-05-03 02:33 - 01824808 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-07-09 18:08 - 2014-05-03 00:51 - 01408976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-07-09 18:08 - 2014-05-01 18:37 - 01023488 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-07-09 18:08 - 2014-04-29 18:32 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe
2014-07-09 18:08 - 2014-04-29 18:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2014-07-09 18:08 - 2014-04-23 19:51 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-07-09 18:08 - 2014-04-23 19:51 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 18:08 - 2014-04-23 19:38 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-07-09 18:08 - 2014-04-23 19:38 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 18:08 - 2014-02-08 00:34 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2014-07-09 18:07 - 2014-06-06 10:06 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 18:07 - 2014-06-06 06:17 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 18:07 - 2014-05-29 18:24 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-03 12:23 - 2014-07-03 12:23 - 00000000 ____D () C:\Users\Owner\Documents\Amnesia
2014-07-03 12:23 - 2014-07-03 12:23 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\fltk.org
2014-07-03 12:23 - 2014-07-03 12:23 - 00000000 ____D () C:\ProgramData\fltk.org
2014-06-30 13:13 - 2014-06-30 13:28 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\FarSky
2014-06-30 11:43 - 2014-07-27 16:49 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\SpinTires
2014-06-30 10:48 - 2014-07-27 18:42 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-30 10:48 - 2014-07-27 17:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-30 10:48 - 2014-07-27 17:38 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-30 10:48 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-30 08:44 - 2014-06-30 08:44 - 00000221 _____ () C:\Users\Owner\Desktop\The Witcher Enhanced Edition.url
2014-06-29 19:22 - 2014-06-29 19:22 - 00000021 _____ () C:\Users\Owner\Documents\ORIGIN.txt
2014-06-29 18:25 - 2014-06-29 18:26 - 89797020 _____ () C:\Users\Owner\Downloads\All Levels at Once - Tessellate Remixes.zip
2014-06-29 18:25 - 2014-06-29 18:25 - 25547345 _____ () C:\Users\Owner\Downloads\All Levels at Once - Blue Room Acoustics.zip
2014-06-29 18:24 - 2014-06-29 18:25 - 37216024 _____ () C:\Users\Owner\Downloads\All Levels at Once - Our Little World EP.zip
2014-06-29 17:06 - 2014-06-29 17:06 - 00000221 _____ () C:\Users\Owner\Desktop\Audiosurf.url
2014-06-29 16:57 - 2014-06-29 16:57 - 00000220 _____ () C:\Users\Owner\Desktop\Thief Deadly Shadows.url
2014-06-29 16:16 - 2014-06-29 16:16 - 00000222 _____ () C:\Users\Owner\Desktop\Planet Explorers.url
2014-06-29 16:00 - 2014-06-29 16:00 - 00000222 _____ () C:\Users\Owner\Desktop\Spintires.url
2014-06-29 15:59 - 2014-06-29 15:59 - 00000222 _____ () C:\Users\Owner\Desktop\FarSky.url
2014-06-29 15:42 - 2014-06-29 15:42 - 00002230 _____ () C:\Users\Public\Desktop\The Sims™ 3 Into the Future.lnk
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-07-28 19:01 - 2014-07-28 19:00 - 00026474 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-07-28 19:00 - 2014-07-28 19:00 - 00000000 ____D () C:\FRST
2014-07-28 18:59 - 2014-07-28 18:59 - 02093568 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-07-28 18:56 - 2013-06-25 07:36 - 01363626 _____ () C:\Windows\WindowsUpdate.log
2014-07-28 18:43 - 2013-07-29 13:33 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-28 18:30 - 2014-07-28 01:02 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-07-28 18:02 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\system32\sru
2014-07-28 16:19 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-07-28 15:34 - 2014-07-27 19:00 - 00000000 ____D () C:\Users\Owner\AppData\Local\CrashDumps
2014-07-28 15:17 - 2014-07-14 19:30 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2014-07-28 15:14 - 2014-07-27 18:46 - 00029160 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys
2014-07-28 14:21 - 2014-07-28 14:21 - 00022125 _____ () C:\Users\Owner\Documents\DDS.txt
2014-07-28 14:21 - 2014-07-28 14:21 - 00006998 _____ () C:\Users\Owner\Documents\Attach.txt
2014-07-28 14:13 - 2014-07-28 14:13 - 00022125 _____ () C:\Users\Owner\Desktop\dds.txt
2014-07-28 14:13 - 2014-07-28 14:13 - 00006998 _____ () C:\Users\Owner\Desktop\attach.txt
2014-07-28 14:05 - 2014-07-28 14:05 - 00688992 ____R (Swearware) C:\Users\Owner\Desktop\dds.com
2014-07-28 14:00 - 2014-07-28 13:59 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Owner\Downloads\cbSetup.exe
2014-07-28 09:18 - 2013-06-25 08:01 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-28 09:12 - 2014-02-05 21:25 - 00000000 ____D () C:\AdwCleaner
2014-07-28 02:55 - 2013-07-24 18:48 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-220932460-3689270703-988334643-1001
2014-07-28 01:26 - 2014-07-28 01:26 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-07-28 01:04 - 2014-07-28 01:04 - 00001093 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-07-28 01:04 - 2014-07-28 01:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-07-28 01:01 - 2014-07-28 01:00 - 233663808 _____ (Emsisoft GmbH ) C:\Users\Owner\Downloads\EmsisoftAntiMalwareSetup.exe
2014-07-28 00:48 - 2014-07-27 18:23 - 00002820 _____ () C:\Users\Owner\Desktop\debug.log
2014-07-27 23:57 - 2012-07-26 01:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-07-27 23:55 - 2013-07-29 21:51 - 00000000 ____D () C:\ProgramData\Origin
2014-07-27 23:55 - 2013-07-29 21:50 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-07-27 23:54 - 2013-07-29 13:33 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-27 23:54 - 2013-06-25 07:37 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-27 23:54 - 2012-07-26 03:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-27 23:50 - 2014-07-27 23:50 - 00000620 _____ () C:\Users\Owner\Desktop\JRT.txt
2014-07-27 23:34 - 2014-07-27 23:34 - 01016261 _____ (Thisisu) C:\Users\Owner\Desktop\JRT (1).exe
2014-07-27 23:10 - 2014-07-27 23:10 - 01367289 _____ () C:\Users\Owner\Desktop\adwcleaner_3.300.exe
2014-07-27 23:05 - 2014-07-27 17:59 - 00002186 _____ () C:\Users\Owner\Desktop\Rkill.txt
2014-07-27 19:55 - 2013-06-25 07:34 - 00015076 _____ () C:\Windows\PFRO.log
2014-07-27 18:46 - 2014-07-27 18:46 - 04806744 _____ () C:\Users\Owner\Desktop\RogueKiller.exe
2014-07-27 18:46 - 2014-07-27 18:46 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-27 18:45 - 2014-03-05 20:43 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-27 18:45 - 2014-03-05 20:32 - 00000000 ____D () C:\Users\Owner\Desktop\mbar
2014-07-27 18:42 - 2014-06-30 10:48 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-27 18:14 - 2014-07-27 18:14 - 00000000 ____D () C:\Users\Owner\Downloads\mbam-chameleon-3.1.4.0
2014-07-27 18:12 - 2014-07-27 18:12 - 04872677 _____ () C:\Users\Owner\Downloads\mbam-chameleon-3.1.4.0.zip
2014-07-27 17:59 - 2014-07-27 17:59 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Owner\Desktop\rkill.exe
2014-07-27 17:38 - 2014-06-30 10:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-27 17:38 - 2014-06-30 10:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-27 17:38 - 2014-02-05 21:08 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-27 17:37 - 2014-07-27 17:37 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-27 16:49 - 2014-06-30 11:43 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\SpinTires
2014-07-27 12:44 - 2014-07-27 12:44 - 00000222 _____ () C:\Users\Owner\Desktop\Defiance.url
2014-07-27 03:58 - 2012-07-26 01:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-07-25 22:24 - 2014-05-31 17:23 - 00000000 ____D () C:\Users\Owner\Documents\Nexus Mod Manager
2014-07-25 20:53 - 2014-07-25 20:53 - 00000927 _____ () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\fnv4gb.lnk
2014-07-25 17:35 - 2013-07-24 19:21 - 00000000 ____D () C:\ProgramData\Trend Micro
2014-07-25 17:35 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\registration
2014-07-25 17:26 - 2014-07-15 09:07 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-07-24 01:01 - 2014-07-24 01:01 - 00000000 ____D () C:\Users\Owner\Desktop\desktop icons
2014-07-24 01:00 - 2014-07-24 01:00 - 00001621 _____ () C:\Users\Owner\Desktop\Fallout 3 goty - Shortcut.lnk
2014-07-23 19:19 - 2014-07-13 21:47 - 00000000 ____D () C:\Users\Owner\Desktop\fose_v1_2_beta2
2014-07-23 18:08 - 2014-07-16 10:58 - 00000000 ____D () C:\Users\Owner\Desktop\New folder (3)
2014-07-23 18:06 - 2014-07-13 13:58 - 00284942 _____ () C:\Users\Owner\Downloads\FO3_3GB_ENABLER-6510.7z
2014-07-23 17:58 - 2014-07-23 17:58 - 00284942 _____ () C:\Users\Owner\Downloads\FO3_3GB_ENABLER-6510 (1).7z
2014-07-21 23:29 - 2014-07-21 19:53 - 00000000 ____D () C:\Users\Owner\Desktop\New folder (6)
2014-07-21 19:58 - 2014-07-21 18:43 - 00000000 ____D () C:\Users\Owner\Desktop\New folder (4)
2014-07-21 18:53 - 2014-07-21 18:43 - 00000000 ____D () C:\Users\Owner\Desktop\New folder (5)
2014-07-21 18:30 - 2014-07-21 17:53 - 00000000 ____D () C:\Users\Owner\Desktop\RADIO NEW VEGAS ALT MUSIC - Copy
2014-07-21 01:31 - 2014-07-21 01:31 - 00001644 _____ () C:\Users\Owner\Desktop\Fallout New Vegas - Shortcut.lnk
2014-07-20 21:37 - 2014-07-20 21:37 - 01974866 _____ () C:\Users\Owner\Downloads\enbseries_falloutnv_v0249.zip
2014-07-20 14:16 - 2014-07-20 14:16 - 00000000 ____D () C:\Users\Owner\AppData\Local\ArchiveInvalidation
2014-07-20 14:15 - 2014-07-20 14:15 - 07738686 _____ () C:\Users\Owner\Downloads\ArchiveInvalidation File Generator v3_6-52402-3-6.zip
2014-07-20 14:15 - 2014-07-20 14:15 - 00000000 ____D () C:\Users\Owner\Downloads\ArchiveInvalidation File Generator v3_6-52402-3-6
2014-07-19 17:32 - 2014-07-19 17:31 - 00611648 _____ () C:\Users\Owner\Downloads\nvse_4_2_beta4.7z
2014-07-19 15:11 - 2014-07-13 12:47 - 00000892 _____ () C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2014-07-19 15:11 - 2014-07-13 12:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2014-07-19 15:11 - 2014-07-13 12:47 - 00000000 ____D () C:\Program Files\Nexus Mod Manager
2014-07-18 17:47 - 2013-07-29 13:34 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-18 16:36 - 2013-12-20 19:28 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\.minecraft
2014-07-18 16:13 - 2012-07-26 03:28 - 00850046 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-18 16:10 - 2012-07-26 03:21 - 00535259 _____ () C:\Windows\setupact.log
2014-07-17 14:09 - 2014-07-17 14:09 - 00000000 ____D () C:\Users\Owner\Desktop\FNV4GB-1-6-35262-1-6 (1)
2014-07-17 14:08 - 2014-07-17 14:08 - 00114570 _____ () C:\Users\Owner\Downloads\FNV4GB-1-6-35262-1-6 (1).zip
2014-07-16 12:44 - 2014-07-16 12:44 - 00000000 ____D () C:\Users\Owner\Downloads\Program Version - Recommended-944
2014-07-16 12:42 - 2014-07-16 12:42 - 00252100 _____ () C:\Users\Owner\Downloads\Program Version - Recommended-944.zip
2014-07-16 12:42 - 2014-07-16 12:42 - 00001601 _____ () C:\Users\Owner\Downloads\Manual Version-944.zip
2014-07-15 11:20 - 2014-07-15 11:20 - 00000000 ____D () C:\Users\Owner\Documents\FOMM
2014-07-15 11:06 - 2013-07-29 11:15 - 00000000 ____D () C:\Games
2014-07-15 09:08 - 2014-07-15 09:08 - 00001968 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-15 09:08 - 2014-07-15 09:08 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\AVAST Software
2014-07-15 09:08 - 2014-07-15 09:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-07-15 09:07 - 2014-07-15 09:07 - 00000000 ____D () C:\ProgramData\Google
2014-07-15 09:07 - 2014-07-15 09:07 - 00000000 ____D () C:\Program Files\Google
2014-07-15 09:07 - 2014-07-15 09:06 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-15 09:07 - 2013-07-29 13:33 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-15 09:06 - 2014-07-15 09:06 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-07-15 09:06 - 2014-07-15 09:06 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-07-15 09:06 - 2014-07-15 09:06 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-07-15 09:06 - 2014-07-15 09:06 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-07-15 09:06 - 2014-07-15 09:06 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-07-15 09:06 - 2014-07-15 09:06 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-07-15 09:06 - 2014-07-15 09:06 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-07-15 09:06 - 2014-07-15 09:06 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-15 09:06 - 2014-07-15 09:06 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-15 09:03 - 2014-07-15 09:03 - 00000000 ____D () C:\Program Files\AVAST Software
2014-07-15 09:03 - 2014-07-15 09:02 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-07-15 09:02 - 2014-07-15 09:01 - 04862664 _____ (AVAST Software) C:\Users\Owner\Downloads\avast_free_antivirus_setup_online.exe
2014-07-15 08:55 - 2014-07-15 08:55 - 02347384 _____ (ESET) C:\Users\Owner\Downloads\esetsmartinstaller_enu.exe
2014-07-15 08:55 - 2014-07-15 08:55 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-15 08:48 - 2014-07-15 08:48 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Owner\Desktop\tdsskiller.exe
2014-07-14 21:27 - 2014-07-14 21:27 - 00065232 _____ (Malwarebytes) C:\Users\Owner\Downloads\regassassin-setup-1.03.exe
2014-07-14 21:27 - 2014-07-14 21:27 - 00001057 _____ () C:\Users\Public\Desktop\FileASSASSIN.lnk
2014-07-14 21:27 - 2014-07-14 21:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN
2014-07-14 21:27 - 2014-07-14 21:27 - 00000000 ____D () C:\Program Files (x86)\FileASSASSIN
2014-07-14 21:26 - 2014-07-14 21:26 - 00167034 _____ () C:\Users\Owner\Downloads\fileassassin-setup-1.06.exe
2014-07-14 19:34 - 2014-07-14 19:34 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Owner\Desktop\mbar-1.07.0.1012.exe
2014-07-14 19:31 - 2014-07-14 19:31 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Exploit.lnk
2014-07-14 19:31 - 2014-07-14 19:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2014-07-14 19:31 - 2014-07-14 19:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit
2014-07-14 19:30 - 2014-07-14 19:30 - 02650408 _____ (Malwarebytes ) C:\Users\Owner\Downloads\mbae-setup-1.03.1.1220.exe
2014-07-14 19:25 - 2014-07-14 19:25 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-07-14 16:50 - 2014-07-14 16:49 - 00000000 ____D () C:\Users\Owner\Desktop\FILES
2014-07-14 16:29 - 2014-07-14 16:29 - 00000221 _____ () C:\Users\Owner\Desktop\The Elder Scrolls V Skyrim.url
2014-07-13 14:03 - 2014-07-13 14:03 - 00000000 ____D () C:\Users\Owner\Desktop\3GB enabler
2014-07-13 14:00 - 2013-08-20 16:53 - 00000000 ____D () C:\Users\Owner\Desktop\New folder (2)
2014-07-13 13:46 - 2014-07-13 13:46 - 00384875 _____ () C:\Users\Owner\Downloads\fose_v1_2_beta2.7z
2014-07-13 13:04 - 2013-07-29 22:00 - 00000000 ____D () C:\Users\Owner\AppData\Local\Black_Tree_Gaming
2014-07-13 12:57 - 2014-07-13 12:55 - 79380044 _____ () C:\Users\Owner\Downloads\Anamanaguchi - Endless Fantasy (Radi.wav
2014-07-13 12:47 - 2012-07-26 03:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-07-12 11:10 - 2014-07-12 11:09 - 00329880 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-11 13:50 - 2014-07-11 13:47 - 00000000 ____D () C:\Users\Owner\Documents\PlanetExplorers
2014-07-11 13:47 - 2013-11-02 13:56 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\NVIDIA
2014-07-11 10:59 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\rescache
2014-07-11 10:45 - 2013-07-25 11:46 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-07-10 23:41 - 2014-07-10 23:41 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-10 23:41 - 2012-07-26 04:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-10 23:41 - 2012-07-26 04:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-10 23:41 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\WinStore
2014-07-10 23:41 - 2012-07-26 03:52 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 22:52 - 2014-07-09 22:49 - 00000000 ____D () C:\Users\Owner\Desktop\Roms
2014-07-09 22:42 - 2014-07-09 22:42 - 00002275 _____ () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2014-07-09 22:41 - 2014-07-09 22:41 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2014-07-09 18:15 - 2013-07-24 19:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 18:14 - 2013-07-24 19:06 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-03 12:23 - 2014-07-03 12:23 - 00000000 ____D () C:\Users\Owner\Documents\Amnesia
2014-07-03 12:23 - 2014-07-03 12:23 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\fltk.org
2014-07-03 12:23 - 2014-07-03 12:23 - 00000000 ____D () C:\ProgramData\fltk.org
2014-06-30 18:42 - 2014-07-09 18:08 - 00702464 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-30 18:42 - 2014-07-09 18:08 - 00394240 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-06-30 18:42 - 2014-07-09 18:08 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-06-30 13:28 - 2014-06-30 13:13 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\FarSky
2014-06-30 10:48 - 2014-02-05 21:08 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Malwarebytes
2014-06-30 10:48 - 2014-02-05 21:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-30 08:44 - 2014-06-30 08:44 - 00000221 _____ () C:\Users\Owner\Desktop\The Witcher Enhanced Edition.url
2014-06-29 19:22 - 2014-06-29 19:22 - 00000021 _____ () C:\Users\Owner\Documents\ORIGIN.txt
2014-06-29 18:26 - 2014-06-29 18:25 - 89797020 _____ () C:\Users\Owner\Downloads\All Levels at Once - Tessellate Remixes.zip
2014-06-29 18:25 - 2014-06-29 18:25 - 25547345 _____ () C:\Users\Owner\Downloads\All Levels at Once - Blue Room Acoustics.zip
2014-06-29 18:25 - 2014-06-29 18:24 - 37216024 _____ () C:\Users\Owner\Downloads\All Levels at Once - Our Little World EP.zip
2014-06-29 17:06 - 2014-06-29 17:06 - 00000221 _____ () C:\Users\Owner\Desktop\Audiosurf.url
2014-06-29 16:57 - 2014-06-29 16:57 - 00000220 _____ () C:\Users\Owner\Desktop\Thief Deadly Shadows.url
2014-06-29 16:16 - 2014-06-29 16:16 - 00000222 _____ () C:\Users\Owner\Desktop\Planet Explorers.url
2014-06-29 16:00 - 2014-06-29 16:00 - 00000222 _____ () C:\Users\Owner\Desktop\Spintires.url
2014-06-29 15:59 - 2014-06-29 15:59 - 00000222 _____ () C:\Users\Owner\Desktop\FarSky.url
2014-06-29 15:42 - 2014-06-29 15:42 - 00002230 _____ () C:\Users\Public\Desktop\The Sims™ 3 Into the Future.lnk
2014-06-29 15:41 - 2013-06-25 07:57 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-06-29 15:19 - 2013-07-29 21:55 - 00000000 ____D () C:\Program Files (x86)\Origin Games
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-28 03:01
 
==================== End Of Log ============================

Attached Files



#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:56 PM

Posted 28 July 2014 - 06:54 PM

Do you still have the RogueKiller logs as there are no signs of any remaining issues on the computer other than you have too many antivirus and spyware products installed which can cause conflicts, slow downs, crashes and false positives:

 

AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: Trend Micro Titanium Internet Security (Enabled - Up to date) {B7599298-8445-728A-A5C7-A26A082C8BDA}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

 

It's only recommended to have one antivirus product installed. The built in Windows Defender is a good AV.

AS: Trend Micro Titanium Internet Security (Enabled - Up to date) {0C38737C-A27F-7D04-9F77-991873ABC167}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

 

It's only recommended to have one or two anti spyware programs, more than that, then they start conflicting with one another.

 

I'd like to see the RogueKiller logs if you still have them,


Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 Mike.C

Mike.C
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pennsylvania
  • Local time:02:56 PM

Posted 28 July 2014 - 06:58 PM

Sorry, but would you by any chance know where the RogueKiller logs might be located?


Edited by Mike.C, 28 July 2014 - 07:01 PM.


#6 Mike.C

Mike.C
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pennsylvania
  • Local time:02:56 PM

Posted 28 July 2014 - 07:12 PM

CatByte, I'm not sure where the RogueKiller logs are, and i'm not even sure it made logs in the first place. Could you provide any assistance as of where i could locate them?

Also I have additional information. When I try to run RogueKiller again, it doesn't load past the prescan. It stops at fifty percent or so.

When I try to run Adwcleaner, It does not work, and the same goes for Malwarebytes. Avast! wiil not load either. I will uninstall Emsisoft and see is that changes anything.

Emsisoft doesn't appear to be uninstalling. Is it supposed to take a while? The bar doesn't seem to be filling up at all.


Edited by Mike.C, 28 July 2014 - 07:31 PM.


#7 Mike.C

Mike.C
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pennsylvania
  • Local time:02:56 PM

Posted 28 July 2014 - 07:37 PM

Hey, I have another question, CatByte. Would deleting the folder work the same as uninstalling it? Would that cause any problems?


Edited by Mike.C, 28 July 2014 - 07:42 PM.


#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:56 PM

Posted 28 July 2014 - 07:44 PM

no,

 

It should uninstall reasonably quickly.

 

If rogue killer was saved to the desktop, then the logs should have been saved to the desktop too, try searching for them

 

RKreport.txt

RKreport[1].txt

RKreport[2].txt

 

Please try running the following:

 

  • Please download aswMBR.exe and save it to your desktop.

     

  • Double click aswMBR.exe to start the tool.

  • When asked if you want to download Avast's virus definitions please select Yes.

     

  • Click Scan

     

  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.

     

  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.


Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:56 PM

Posted 28 July 2014 - 07:46 PM

Would deleting the folder work the same as uninstalling it? Would that cause any problems?

 

 

Deleting the folder is not the same as uninstalling from Programs and Features, it will remove some of the files, but not all.

 

It could cause issues when trying to remove it via Programs and Features.


Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 Mike.C

Mike.C
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pennsylvania
  • Local time:02:56 PM

Posted 28 July 2014 - 07:50 PM

Trend Micro reports that link to be dangerous/Can transmit malicious software and such. Is this a false flag?

 

Also RogueKiller does not appear to have created any logs, unlike the other programs I was instructed to use. Pretty strange.

 

 

Also by saved to the desktop, do you mean just the .exe? I had just moved the .exe from downloads to desktop. Is that the normal way to do it? If so, I wonder why no logs were created.


Edited by Mike.C, 28 July 2014 - 08:02 PM.


#11 Mike.C

Mike.C
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pennsylvania
  • Local time:02:56 PM

Posted 28 July 2014 - 08:04 PM

Should I just download aswMBR from bleepingcomputer?



#12 Mike.C

Mike.C
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pennsylvania
  • Local time:02:56 PM

Posted 28 July 2014 - 08:08 PM

Hey Catbyte, I may not be able to get the logs for RogueKiller, but i was able run it again and it detected ZeroAccess again!

 

I've also managed to uninstall Emsisoft after a restart. Avast works again aswell.


Edited by Mike.C, 28 July 2014 - 08:11 PM.


#13 Mike.C

Mike.C
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pennsylvania
  • Local time:02:56 PM

Posted 28 July 2014 - 08:14 PM

ZeroAccess managed to create more registry keys. Very sorry to keep you this late, but the problem is still here, unfortunately.

 

It's been such a nuisance these past two days, I'ts got me extremely anxious and has had me worried the whole time. I can't keep my mind off it. And just when I thought it was over...


Edited by Mike.C, 28 July 2014 - 08:18 PM.


#14 Mike.C

Mike.C
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pennsylvania
  • Local time:02:56 PM

Posted 28 July 2014 - 08:23 PM

On the bright side, I found out why the logs weren't created. I hadn't pressed the "report" button in the interface.

 

Hope you come back soon.


Edited by Mike.C, 29 July 2014 - 08:32 AM.


#15 Mike.C

Mike.C
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pennsylvania
  • Local time:02:56 PM

Posted 28 July 2014 - 08:36 PM

Once you return, I can share the log with you. 

Sorry for all of the questions, and sorry that this dragged on for so long.

And thanks again, you're a lifesaver.


Edited by Mike.C, 29 July 2014 - 08:35 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users