Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Zeroaccess Infection


  • This topic is locked This topic is locked
20 replies to this topic

#1 Bubba2112

Bubba2112

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 05 June 2015 - 05:07 AM

The computer will boot ok but when you go to try to get on the internet all browsers crash. Went to try to check the firewall and defender, firewall was down and defender was off.started to try to use MBAM and it crashes with runtime error. Went to use the recovery partition to reload, windows says it isn't there and can't see it looking at the list of drives. Went into defrag and the drive is listed there. This is when i turned to BC. We ran minitoolbox first. Then we ran ADW Cleaner scan then tried to run JRT but it failed. tried to run MBAM again and it failed same as before. tried to run ESET but it never sees the internet that is connected or at least shows that it is. We then ran ADW Cleaner Clean, but same problems persisted. Ran FixExec but it showed that my operating system was unknown and not supported. I'm running Win 8.1 x64.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-06-2015
Ran by Linda (administrator) on TOSHIBALAPTOP on 05-06-2015 05:32:19
Running from C:\Users\Linda\Desktop
Loaded Profiles: Linda (Available Profiles: Linda & Storage Place Admin & steve_000 & EllaG_000 & lizga_000 & Donna)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [BoxSyncHelper] => C:\Program Files\Box Sync\BoxSyncHelper.exe [393216 2013-06-07] (Box, Inc.)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Winlogon: [Userinit]  [X]
HKLM-x32\...\Winlogon: [Shell]  [0 ] () <=== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3268906932-404436543-3389486272-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [26232152 2015-02-19] (Google)
HKU\S-1-5-21-3268906932-404436543-3389486272-1001\...\Run: [Google Update] => C:\Users\Linda\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-02-11] (Google Inc.)
HKU\S-1-5-21-3268906932-404436543-3389486272-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Linda\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3268906932-404436543-3389486272-1001\...\Run: [GoogleChromeAutoLaunch_72A69F45706A1906C3BB8A81AA94F778] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-07] (Google Inc.)
HKU\S-1-5-21-3268906932-404436543-3389486272-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-3268906932-404436543-3389486272-1001\...\Run: [Spotify] => C:\Users\Linda\AppData\Roaming\Spotify\Spotify.exe [6737976 2014-12-15] (Spotify Ltd)
HKU\S-1-5-21-3268906932-404436543-3389486272-1001\...\Run: [Spotify Web Helper] => C:\Users\Linda\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-15] (Spotify Ltd)
HKU\S-1-5-21-3268906932-404436543-3389486272-1001\...\Run: [OneDrive] => C:\Users\Linda\AppData\Local\Microsoft\OneDrive\OneDrive.exe [281248 2015-03-12] (Microsoft Corporation)
HKU\S-1-5-21-3268906932-404436543-3389486272-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Mystify.scr [133632 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [372408 2014-11-08] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Box Sync.lnk [2013-08-29]
ShortcutTarget: Box Sync.lnk -> C:\Program Files\Box Sync\BoxSync.exe (Box, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2014-09-09]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2013-08-22]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Storage Place.lnk [2013-08-16]
ShortcutTarget: Storage Place.lnk -> C:\Program Files (x86)\SingleClick Systems\Storage Place\scc.exe (SingleClick Systems)
Startup: C:\Users\EllaG_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-03-11]
ShortcutTarget: Dropbox.lnk -> C:\Users\Linda\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\EllaG_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk [2014-12-06]
ShortcutTarget: IMVU.lnk -> C:\Users\Linda\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe (No File)
Startup: C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-02-23]
ShortcutTarget: Dropbox.lnk -> C:\Users\Linda\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2013-08-29]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\lizga_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-02-17]
ShortcutTarget: Dropbox.lnk -> C:\Users\Linda\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\steve_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-01-16]
ShortcutTarget: Dropbox.lnk -> C:\Users\Linda\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Linda\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-01-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Linda\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-01-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Linda\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-01-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Linda\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-01-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Linda\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-01-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Linda\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-01-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Linda\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-01-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Linda\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-01-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [000BoxDesktopFileLocked] -> {C253B817-3A00-475f-A5A3-6F2DD704B48D} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [000BoxDesktopNotSynced] -> {19ACC806-F7AA-46AA-A80A-726A07CA6637} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [000BoxDesktopNotSyncedCollabs] -> {337D9DE0-3F8B-4430-AF0F-FFC24A95AE8F} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [000BoxDesktopSynced] -> {B7AC9C6D-F15B-4B1A-A88D-F518D13861D9} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [000BoxDesktopSyncedCollab] -> {9E48C232-F601-4E41-BB3E-16CBAF317AA4} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [CONNECTSyncedOverlay] -> {FF2DFA2D-9FE1-4332-8044-13A0393DEA53} => C:\Program Files (x86)\Common Files\SingleClick Systems\Sync Overlays\x64\SyncStateOverlays.dll [2013-06-18] (SingleClick Systems)
ShellIconOverlayIdentifiers: [CONNECTSyncingOverlay] -> {FF2DFA2D-9FE1-4332-8044-13A0393DEA54} => C:\Program Files (x86)\Common Files\SingleClick Systems\Sync Overlays\x64\SyncStateOverlays.dll [2013-06-18] (SingleClick Systems)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3268906932-404436543-3389486272-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.toshiba.com?cid=J13
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://home.toshiba.com?cid=J13
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-3268906932-404436543-3389486272-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.toshiba.com?cid=J13
HKU\S-1-5-21-3268906932-404436543-3389486272-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://toshiba13.msn.com/?pc=TNJB
URLSearchHook: HKU\S-1-5-21-3268906932-404436543-3389486272-1001 - (No Name) - {8f4181f4-137b-4cef-b050-6c8a58fabfbf} - No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: SMART Notebook Download Utility -> {67BCF957-85FC-4036-8DC4-D4D80E00A77B} -> C:\Program Files (x86)\SMART Technologies\Education Software\Win64\NotebookPlugin.dll [2013-05-23] (SMART Technologies ULC.)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-09-09] (LastPass)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-09-09] (LastPass)
Toolbar: HKU\S-1-5-21-3268906932-404436543-3389486272-1001 -> No Name - {8F4181F4-137B-4CEF-B050-6C8A58FABFBF} -  No File
DefaultPrefix-x32: =>  <==== ATTENTION
Prefixes-x32: [home]=>  <==== ATTENTION
Prefixes-x32: [www]=>  <==== ATTENTION
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll [2014-12-15] ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2014-09-09] (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-3268906932-404436543-3389486272-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Linda\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google)
FF Plugin HKU\S-1-5-21-3268906932-404436543-3389486272-1001: @talk.google.com/O1DPlugin -> C:\Users\Linda\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-01-27] (Google)
FF Plugin HKU\S-1-5-21-3268906932-404436543-3389486272-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Linda\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-3268906932-404436543-3389486272-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Linda\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-3268906932-404436543-3389486272-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-07-19] (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Users\Linda\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Linda\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-01-27] (Google)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "https://mail.google.com/", "https://www.google.com/calendar/", "https://www.connexus.com/", "hxxp://www.flvs.net/myFLVS/Pages/myFLVS.aspx", "https://www.choremonster.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-21]
CHR Extension: (Lucidchart Diagrams - Online) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\apboafhkiegglekeafbckfjldecefkhn [2013-09-17]
CHR Extension: (Google Drive) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-21]
CHR Extension: (YouTube) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-21]
CHR Extension: (HelloFax: 50 Free Fax Pages) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\bocmleclimfnadgmcdgecijlblfcmfnm [2014-04-22]
CHR Extension: (Google Search) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-21]
CHR Extension: (MindMup - Free Mind Map web site) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnenaecjcgeppfpaokiifokeieopppej [2013-09-17]
CHR Extension: (Mahjongg) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\eegpopcingfghbompjfejakfeaolmbop [2013-07-21]
CHR Extension: (Block site) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2015-02-22]
CHR Extension: (Gmail Offline) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2013-07-21]
CHR Extension: (IC3D Editor) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgnadebaeecbhfmcimbebonnmcnepgan [2013-09-17]
CHR Extension: (MindMap) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdaeohpmcenmffofpikllphdhlkkocfa [2015-01-07]
CHR Extension: (Planetarium) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gheikhdfflhlbemfmhcfpeblehemeklp [2013-07-21]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-05-12]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-09]
CHR Extension: (FlashControl) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2013-07-21]
CHR Extension: (tinyFilter) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfgnnlnfbpcammlnibfkplpnbbbdeli [2015-02-22]
CHR Extension: (Google Wallet) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Gmail) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-21]
CHR HKU\S-1-5-21-3268906932-404436543-3389486272-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 Apache2.2; C:\Program Files (x86)\Common Files\SingleClick Systems\apache\bin\httpd.exe [18432 2013-05-09] (Apache Software Foundation) [File not signed]
S3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [31904 2013-08-16] (Microsoft Corporation)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
S2 dsl-db; C:\Program Files (x86)\Common Files\SingleClick Systems\MySQL\bin\mysqld.exe [6098944 2010-11-22] () [File not signed]
S2 dsl-fs-sync; C:\Program Files (x86)\Common Files\SingleClick Systems\Remote Access File Sync Service\dsl_fs_sync.exe [293208 2013-07-15] (SingleClick Systems)
S2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-09-10] ()
S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [347200 2015-01-08] (WildTangent)
S2 hnmsvc; C:\Program Files (x86)\Common Files\SingleClick Systems\Advanced Networking Service\ans.exe [1230896 2013-07-15] (SingleClick Systems)
S2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
S2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [130592 2012-10-26] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165488 2012-12-18] (Intel Corporation)
S2 MBAMService; \ [0 ] () <==== ATTENTION (zero byte File/Folder)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4230016 2013-01-28] (Symantec Corporation)
S2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [132056 2013-01-31] (Symantec Corporation)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S2 SMARTHelperService; C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe [582992 2013-03-07] (SMART Technologies)
S4 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [216976 2013-10-17] (TOSHIBA CORPORATION)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0403000.00E\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)
S3 iscFlash; C:\Users\Linda\AppData\Local\Temp\7zS12D.tmp\iscflashx64.sys [60680 2013-02-24] (Insyde Software)
S3 MBAMProtector; \??\C:\Windows\system32\drivers\ [0 ] () <==== ATTENTION (zero byte File/Folder)
S3 MBAMProtector; \??\C:\Windows\SysWOW64\drivers\ [0 ] () <==== ATTENTION (zero byte File/Folder)
S3 MWAC; \??\C:\Windows\system32\drivers\ [0 ] () <==== ATTENTION (zero byte File/Folder)
S3 MWAC; \??\C:\Windows\SysWOW64\drivers\ [0 ] () <==== ATTENTION (zero byte File/Folder)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2987224 2013-11-24] (Realtek Semiconductor Corporation                           )
R3 SMARTMouseFilterx64; C:\Windows\System32\drivers\SMARTMouseFilterx64.sys [10240 2013-03-07] (SMART Technologies)
R3 SMARTVHidMiniVistaAmd64; C:\Windows\System32\drivers\SMARTVHidMiniVistaAmd64.sys [9216 2013-03-07] (SMART Technologies)
R3 SMARTVTabletPCx64; C:\Windows\System32\drivers\SMARTVTabletPCx64.sys [22184 2013-03-07] (SMART Technologies ULC)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2014-08-06] (Synaptics Incorporated)
R0 THAccel; C:\Windows\System32\DRIVERS\THAccel.sys [111488 2013-10-15] (TOSHIBA Corporation)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows ® Win 7 DDK provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 XENfiltv; C:\Windows\system32\drivers\XENfiltv.sys [25600 2009-07-31] (Creative Technology Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-05 05:32 - 2015-06-05 05:33 - 00022506 _____ C:\Users\Linda\Desktop\FRST.txt
2015-06-05 05:32 - 2015-06-05 05:32 - 00000000 ____D C:\FRST
2015-06-05 05:31 - 2015-06-05 05:31 - 02108928 _____ (Farbar) C:\Users\Linda\Desktop\FRST64.exe
2015-06-04 19:50 - 2015-06-04 19:54 - 00457632 _____ (Bleeping Computer, LLC) C:\Users\Linda\Desktop\FixExec (1).exe
2015-06-04 17:57 - 2015-06-04 19:50 - 00000726 _____ C:\Users\Linda\Desktop\FixExec.txt
2015-06-04 17:57 - 2015-06-04 18:00 - 00883616 _____ (Bleeping Computer, LLC) C:\Users\Linda\Desktop\FixExec.com
2015-06-03 21:24 - 2015-06-04 05:40 - 00001083 _____ C:\Users\Linda\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-03 05:41 - 2015-06-03 17:21 - 00000000 ____D C:\AdwCleaner
2015-05-30 17:25 - 2015-06-04 05:40 - 00000000 ____D C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-30 17:25 - 2015-06-04 05:40 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-05-30 17:25 - 2015-05-30 17:25 - 00000000 ____D C:\Users\Linda\AppData\Roaming\Malwarebytes
2015-05-29 21:18 - 2015-04-30 16:35 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-29 21:18 - 2015-04-30 16:35 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-29 20:57 - 2015-04-16 02:17 - 00325464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2015-05-29 20:57 - 2015-04-13 18:37 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\authz.dll
2015-05-29 20:57 - 2015-04-13 18:34 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authz.dll
2015-05-29 20:57 - 2015-04-09 20:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2015-05-29 20:57 - 2015-04-09 20:17 - 01018880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2015-05-29 20:57 - 2015-04-08 18:41 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rgb9rast.dll
2015-05-29 20:57 - 2015-04-08 18:07 - 00410336 _____ C:\Windows\system32\ApnDatabase.xml
2015-05-29 20:57 - 2015-04-01 18:42 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-05-29 20:57 - 2015-04-01 18:30 - 02483712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-05-29 20:57 - 2015-04-01 00:21 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2015-05-29 20:57 - 2015-04-01 00:18 - 00468480 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2015-05-29 20:57 - 2015-04-01 00:17 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2015-05-29 20:57 - 2015-04-01 00:08 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2015-05-29 20:57 - 2015-03-31 23:46 - 03633664 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2015-05-29 20:57 - 2015-03-31 23:17 - 02551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2015-05-29 20:57 - 2015-03-31 23:17 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2015-05-29 20:57 - 2015-03-31 22:53 - 00391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2015-05-29 20:57 - 2015-03-31 22:53 - 00272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2015-05-29 20:57 - 2015-03-31 22:45 - 02749952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2015-05-29 20:57 - 2015-03-31 22:45 - 00699392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2015-05-29 20:57 - 2015-03-31 22:14 - 01920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2015-05-29 20:57 - 2015-03-31 22:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2015-05-29 20:57 - 2015-03-19 23:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll
2015-05-29 20:57 - 2015-03-19 23:08 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2015-05-29 20:57 - 2015-03-19 22:37 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2015-05-29 20:57 - 2015-03-19 22:07 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-05-29 20:57 - 2015-03-01 21:43 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\rastapi.dll
2015-05-29 20:57 - 2015-03-01 21:21 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastapi.dll
2015-05-29 20:47 - 2015-04-30 19:05 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-29 20:47 - 2015-04-30 18:48 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-29 20:47 - 2015-04-21 13:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-29 20:47 - 2015-04-21 12:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-29 20:47 - 2015-04-21 12:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-29 20:47 - 2015-04-21 12:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-29 20:47 - 2015-04-21 12:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-29 20:47 - 2015-04-21 12:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-29 20:47 - 2015-04-21 12:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-29 20:47 - 2015-04-21 12:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-29 20:47 - 2015-04-21 12:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-05-29 20:47 - 2015-04-21 12:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-29 20:47 - 2015-04-21 12:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-29 20:47 - 2015-04-21 12:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-29 20:47 - 2015-04-21 12:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-05-29 20:47 - 2015-04-21 12:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-29 20:47 - 2015-04-21 12:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-29 20:47 - 2015-04-21 11:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-05-29 20:47 - 2015-04-21 11:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-29 20:47 - 2015-04-21 11:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-05-29 20:47 - 2015-04-21 11:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-29 20:47 - 2015-04-21 11:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-29 20:47 - 2015-04-21 11:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-29 20:47 - 2015-04-21 11:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-29 20:47 - 2015-04-21 11:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-29 20:47 - 2015-04-21 11:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-29 20:47 - 2015-04-21 11:37 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-05-29 20:47 - 2015-04-21 11:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-29 20:47 - 2015-04-21 11:32 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-05-29 20:47 - 2015-04-21 11:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-29 20:47 - 2015-04-21 11:28 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-05-29 20:47 - 2015-04-21 11:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-29 20:47 - 2015-04-21 11:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-29 20:47 - 2015-04-21 11:26 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-29 20:47 - 2015-04-21 11:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-29 20:47 - 2015-04-21 11:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-29 20:47 - 2015-04-21 11:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-29 20:47 - 2015-04-21 11:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-29 20:47 - 2015-04-21 11:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-29 20:47 - 2015-04-21 10:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-29 20:47 - 2015-04-21 10:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-29 20:47 - 2015-04-13 18:48 - 04180480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-29 20:47 - 2015-04-09 21:00 - 01996800 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-29 20:47 - 2015-04-09 20:50 - 01387008 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-29 20:47 - 2015-04-09 20:26 - 01560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-29 20:47 - 2015-04-08 18:55 - 00410128 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-29 20:47 - 2015-03-30 01:47 - 00561928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-05-29 20:47 - 2015-03-26 23:27 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-29 20:47 - 2015-03-26 22:50 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-29 20:47 - 2015-03-26 22:48 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-07 21:41 - 2015-05-29 22:11 - 00000000 ____D C:\Users\Linda\AppData\Roaming\Spybot - Search & Destroy
2015-05-07 20:29 - 2015-05-29 21:02 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-05-07 20:29 - 2015-05-29 21:02 - 00000000 ___SD C:\Windows\system32\GWX
2015-05-07 20:29 - 2015-05-07 20:29 - 00000000 ____D C:\Windows\system32\appraiser
2015-05-07 19:52 - 2015-05-07 19:52 - 00000000 ____N C:\Windows\SysWOW64\ssd4cAM.ini
2015-05-07 19:52 - 2015-05-07 19:52 - 00000000 ____D C:\Samsung
2015-05-07 19:52 - 2015-05-07 19:52 - 00000000 ____D C:\Program Files\SamsungPrinterLiveUpdate
2015-05-07 19:44 - 2015-01-05 23:01 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
2015-05-07 19:44 - 2015-01-05 22:59 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2015-05-07 19:44 - 2015-01-05 21:12 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\rascfg.dll
2015-05-07 19:44 - 2015-01-05 21:02 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rascfg.dll
2015-05-07 19:44 - 2014-04-15 19:35 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2015-05-07 19:44 - 2014-04-15 19:34 - 00029888 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2015-05-07 19:40 - 2015-04-09 20:34 - 02256896 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-05-07 19:40 - 2015-04-09 20:11 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-05-07 19:40 - 2015-03-19 21:56 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-05-07 19:40 - 2015-03-17 13:26 - 00467776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2015-05-07 19:40 - 2015-03-08 22:02 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthhfenum.sys
2015-05-07 19:40 - 2015-03-03 21:32 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Input.Inking.dll
2015-05-07 19:40 - 2015-03-03 21:12 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-07 19:40 - 2015-01-29 20:53 - 02819584 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2015-05-07 19:39 - 2015-04-24 17:32 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-07 19:39 - 2015-04-02 20:35 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll
2015-05-07 19:39 - 2015-04-02 20:14 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoMetadataHandler.dll
2015-05-07 19:39 - 2015-04-01 18:22 - 02985984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2015-05-07 19:39 - 2015-04-01 18:20 - 04417536 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2015-05-07 19:39 - 2015-03-31 23:45 - 01491456 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll
2015-05-07 19:39 - 2015-03-31 22:31 - 01207296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll
2015-05-07 19:39 - 2015-03-12 22:02 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2015-05-07 19:39 - 2015-03-12 21:11 - 02162176 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2015-05-07 19:39 - 2015-03-12 20:39 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2015-05-07 19:39 - 2015-03-10 21:49 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-07 19:39 - 2015-03-10 21:09 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-07 19:39 - 2015-03-05 22:47 - 01696256 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2015-05-07 19:39 - 2015-03-04 19:09 - 01429504 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-07 19:39 - 2015-02-17 19:19 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2015-05-07 19:39 - 2014-11-17 16:17 - 00672984 _____ (Microsoft Corporation) C:\Windows\system32\MDMAgent.exe
2015-05-07 19:39 - 2014-11-17 16:17 - 00273240 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlows.exe
2015-05-07 19:39 - 2014-11-14 02:58 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsDatabase.dll
2015-05-07 19:39 - 2014-11-14 02:54 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettings.Handlers.dll
2015-05-07 19:39 - 2014-11-14 02:46 - 02171904 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlowUI.dll
2015-05-07 19:38 - 2015-03-13 00:03 - 00239424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2015-05-07 19:38 - 2015-03-13 00:03 - 00154432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2015-05-07 19:38 - 2015-03-05 23:08 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-07 19:38 - 2015-03-05 22:43 - 01969664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-07 19:38 - 2014-11-15 15:05 - 00801584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-05-07 19:38 - 2014-11-15 02:29 - 00962216 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-05-07 19:38 - 2014-11-14 02:57 - 01027584 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2015-05-07 19:38 - 2014-11-14 01:03 - 00885760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2015-05-07 19:38 - 2014-11-10 14:06 - 02485056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-05-07 19:38 - 2014-11-10 14:06 - 00473408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2015-05-07 19:38 - 2014-11-10 14:06 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2015-05-07 19:38 - 2014-11-10 14:06 - 00136512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2015-05-07 19:38 - 2014-11-09 22:57 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys
2015-05-07 19:38 - 2014-11-09 21:37 - 00845312 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2015-05-07 19:38 - 2014-11-09 21:34 - 01084416 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-05-07 19:38 - 2014-11-09 21:26 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2015-05-07 19:38 - 2014-11-09 21:20 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll
2015-05-07 19:38 - 2014-11-09 21:09 - 00272384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2015-05-07 19:38 - 2014-11-09 21:08 - 00702464 _____ (Microsoft Corporation) C:\Windows\system32\rasapi32.dll
2015-05-07 19:38 - 2014-11-09 21:06 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2015-05-07 19:38 - 2014-11-09 20:57 - 00624640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasapi32.dll
2015-05-07 19:38 - 2014-11-09 20:57 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2015-05-07 19:38 - 2014-11-08 00:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys
2015-05-07 19:38 - 2014-11-07 23:58 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys
2015-05-07 19:38 - 2014-11-07 23:56 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\kmddsp.tsp
2015-05-07 19:38 - 2014-11-07 23:56 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\rasmxs.dll
2015-05-07 19:38 - 2014-11-07 23:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\rasser.dll
2015-05-07 19:38 - 2014-11-07 23:24 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\rasdiag.dll
2015-05-07 19:38 - 2014-11-07 23:13 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kmddsp.tsp
2015-05-07 19:38 - 2014-11-07 23:13 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasmxs.dll
2015-05-07 19:38 - 2014-11-07 23:13 - 00022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasser.dll
2015-05-07 19:38 - 2014-11-07 22:48 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasdiag.dll
2015-05-07 19:38 - 2014-11-07 22:38 - 00166912 _____ (Microsoft Corporation) C:\Windows\system32\AppxAllUserStore.dll
2015-05-07 19:38 - 2014-11-07 22:17 - 00143360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxAllUserStore.dll
2015-05-07 19:38 - 2014-11-07 22:03 - 00733696 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
2015-05-07 19:38 - 2014-11-07 21:58 - 04837376 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2015-05-07 19:38 - 2014-11-07 21:49 - 01154048 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
2015-05-07 19:38 - 2014-11-06 23:58 - 00952896 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2015-05-07 19:38 - 2014-11-06 23:20 - 00786120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2015-05-07 19:38 - 2014-11-04 22:12 - 00211968 _____ (Microsoft Corporation) C:\Windows\system32\QSHVHOST.DLL
2015-05-07 19:38 - 2014-11-04 22:12 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\QSVRMGMT.DLL
2015-05-07 19:38 - 2014-11-04 22:06 - 00514048 _____ (Microsoft Corporation) C:\Windows\system32\DevicePairing.dll
2015-05-07 19:38 - 2014-11-04 21:44 - 00657920 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2015-05-07 19:38 - 2014-11-04 21:43 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2015-05-07 19:38 - 2014-11-04 21:41 - 00558080 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2015-05-07 19:38 - 2014-11-04 21:39 - 00155648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\QSHVHOST.DLL
2015-05-07 19:38 - 2014-11-04 21:39 - 00094208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\QSVRMGMT.DLL
2015-05-07 19:38 - 2014-11-04 21:33 - 00465408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DevicePairing.dll
2015-05-07 19:38 - 2014-11-04 21:21 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2015-05-07 19:38 - 2014-11-04 21:20 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2015-05-07 19:38 - 2014-11-04 21:18 - 00507392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2015-05-07 19:38 - 2014-11-04 21:14 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\WSDMon.dll
2015-05-07 19:38 - 2014-11-04 21:06 - 00555520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2015-05-07 19:38 - 2014-11-04 15:33 - 00058176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dam.sys
2015-05-07 19:38 - 2014-11-04 15:25 - 00059712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys
2015-05-07 19:38 - 2014-11-04 15:25 - 00051008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouclass.sys
2015-05-07 19:38 - 2014-11-04 02:55 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys
2015-05-07 19:38 - 2014-11-04 02:54 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys
2015-05-07 19:38 - 2014-11-04 02:54 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys
2015-05-07 19:38 - 2014-11-04 02:54 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys
2015-05-07 19:38 - 2014-11-04 02:27 - 00128512 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2015-05-07 19:38 - 2014-11-04 01:01 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2015-05-07 19:38 - 2014-10-30 20:51 - 18823168 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2015-05-07 19:38 - 2014-10-30 20:10 - 15158784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2015-05-07 19:38 - 2014-10-28 23:05 - 00551232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2015-05-07 19:38 - 2014-10-28 21:55 - 00242176 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2015-05-07 19:38 - 2014-10-28 21:13 - 00169984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2015-05-07 19:38 - 2014-10-20 21:59 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\eventcls.dll
2015-05-07 19:38 - 2014-10-20 21:19 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eventcls.dll
2015-05-07 19:38 - 2014-10-20 20:50 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\vsstrace.dll
2015-05-07 19:38 - 2014-10-20 20:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\vssapi.dll
2015-05-07 19:38 - 2014-10-20 20:31 - 00055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vsstrace.dll
2015-05-07 19:38 - 2014-10-20 20:30 - 01454080 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
2015-05-07 19:38 - 2014-10-20 20:20 - 01142272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vssapi.dll
2015-05-07 19:38 - 2014-10-17 00:56 - 00039744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys
2015-05-07 19:38 - 2014-10-16 23:35 - 00086336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2015-05-07 19:32 - 2015-03-23 17:59 - 07476032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-07 19:32 - 2015-03-23 17:59 - 01733952 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-07 19:32 - 2015-03-23 17:59 - 00360480 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-07 19:32 - 2015-03-23 17:58 - 01498872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-07 19:32 - 2015-03-23 17:45 - 00257216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-07 19:32 - 2015-03-20 00:12 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2015-05-07 19:32 - 2015-03-20 00:10 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-07 19:32 - 2015-03-20 00:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-07 19:32 - 2015-03-19 23:17 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-07 19:32 - 2015-03-19 22:41 - 00369152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-07 19:32 - 2015-03-19 22:40 - 00950784 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-07 19:32 - 2015-03-19 22:16 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-07 19:32 - 2015-03-14 04:20 - 01385256 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-05-07 19:32 - 2015-03-14 04:13 - 01124352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-05-07 19:32 - 2015-03-12 22:58 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-05-07 19:32 - 2015-03-12 22:37 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-05-07 19:32 - 2015-02-20 19:49 - 00780800 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2015-05-07 19:31 - 2015-03-22 18:45 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-05-07 19:31 - 2015-03-22 18:09 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-05-07 19:31 - 2015-03-22 18:09 - 00957440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-05-07 19:31 - 2015-03-22 18:09 - 00769024 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-05-07 19:31 - 2015-03-22 18:09 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-05-07 19:31 - 2015-03-22 18:09 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-05-07 19:31 - 2015-03-22 18:09 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-05-07 19:31 - 2015-03-14 04:54 - 00133256 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-05-07 19:31 - 2015-03-13 21:56 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-05-07 19:31 - 2015-03-13 21:56 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-05-07 19:31 - 2015-03-13 21:51 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-05-07 19:31 - 2015-03-13 21:37 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-05-07 19:31 - 2015-03-13 21:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-05-07 19:31 - 2015-03-13 20:22 - 03678720 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-05-07 19:31 - 2015-03-13 20:12 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-05-07 19:31 - 2015-03-13 20:12 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-05-07 19:31 - 2015-03-13 20:09 - 00200192 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2015-05-07 19:31 - 2015-03-13 20:08 - 00408064 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-05-07 19:31 - 2015-03-13 20:08 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-05-07 19:31 - 2015-03-13 20:06 - 02373632 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-05-07 19:31 - 2015-03-13 20:06 - 00891392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-05-07 19:31 - 2015-03-13 20:02 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-05-07 19:31 - 2015-03-13 20:02 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-05-07 19:31 - 2015-03-13 19:59 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-05-07 19:31 - 2015-03-13 19:59 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-05-07 19:31 - 2015-03-04 06:25 - 00377152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2015-05-07 19:31 - 2015-03-03 23:04 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-05-07 19:31 - 2015-03-03 22:19 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-05-07 19:31 - 2015-02-24 04:32 - 00991552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-05-07 19:31 - 2014-12-02 19:09 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-05-06 21:17 - 2015-05-06 21:17 - 00000000 __SHD C:\found.000
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-04 05:29 - 2014-12-06 13:33 - 00000000 ____D C:\Users\Linda\AppData\Roaming\Spotify
2015-06-04 05:29 - 2014-08-18 02:52 - 01377551 _____ C:\Windows\WindowsUpdate.log
2015-06-04 05:29 - 2013-08-22 10:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-04 05:28 - 2014-12-06 13:33 - 00000000 ____D C:\Users\Linda\AppData\Local\Spotify
2015-06-04 05:28 - 2014-06-17 10:51 - 00000402 _____ C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
2015-06-04 05:28 - 2013-07-21 15:44 - 00000938 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-03 22:00 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\sru
2015-06-03 21:38 - 2013-07-21 15:44 - 00000942 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-03 21:33 - 2014-02-11 21:30 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3268906932-404436543-3389486272-1001UA.job
2015-06-03 21:30 - 2013-07-18 18:24 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3268906932-404436543-3389486272-1001
2015-06-03 17:12 - 2013-08-22 10:46 - 00336545 _____ C:\Windows\setupact.log
2015-06-03 05:30 - 2014-03-18 05:54 - 00924398 _____ C:\Windows\PFRO.log
2015-05-30 17:48 - 2013-08-22 09:25 - 01048576 ___SH C:\Windows\system32\config\BBI
2015-05-30 13:49 - 2014-03-18 06:03 - 00864642 _____ C:\Windows\system32\PerfStringBackup.INI
2015-05-29 21:49 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\AppReadiness
2015-05-29 21:37 - 2013-08-22 10:44 - 01039128 _____ C:\Windows\system32\FNTCACHE.DAT
2015-05-29 21:33 - 2013-08-22 11:36 - 00000000 ___RD C:\Windows\ToastData
2015-05-29 21:19 - 2012-07-26 03:59 - 00000000 ____D C:\Windows\CbsTemp
2015-05-29 21:18 - 2013-08-10 02:23 - 00000000 ____D C:\Windows\system32\MRT
2015-05-29 21:03 - 2013-07-19 23:18 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-29 21:00 - 2014-03-18 05:45 - 00000000 ____D C:\Program Files\Windows Journal
2015-05-29 20:36 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\AppCompat
2015-05-07 21:41 - 2014-08-17 21:45 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-05-07 20:29 - 2014-07-12 23:24 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-05-07 20:29 - 2013-08-22 11:36 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2015-05-07 20:29 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\SysWOW64\setup
2015-05-07 20:29 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\setup
2015-05-07 20:29 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-05-07 19:33 - 2014-02-11 21:30 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3268906932-404436543-3389486272-1001Core.job
2015-05-07 19:30 - 2014-11-12 07:41 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
 
==================== Files in the root of some directories =======
 
2013-07-21 15:50 - 2014-09-09 01:39 - 15000576 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2013-07-20 07:38 - 2013-07-20 07:38 - 0000093 _____ () C:\Users\Linda\AppData\Local\fusioncache.dat
2014-09-24 00:07 - 2014-09-24 00:07 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-10-30 12:33 - 2014-12-16 14:01 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys
 
Some files in TEMP:
====================
C:\Users\EllaG_000\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpanbkst.dll
C:\Users\EllaG_000\AppData\Local\Temp\InstallIMVU_512.0.exe
C:\Users\Linda\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpizf2jp.dll
C:\Users\Linda\AppData\Local\Temp\GUR8C24.exe
C:\Users\lizga_000\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyehpdt.dll
C:\Users\steve_000\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprq6ooz.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-17 11:56
 
==================== End of log ============================

Attached Files



BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:09 PM

Posted 07 June 2015 - 10:18 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CreateRestorePoint:
CloseProcesses:

HKLM-x32\...\Winlogon: [Userinit]  [X]
HKLM-x32\...\Winlogon: [Shell]  [0 ] () <=== ATTENTION
ShortcutTarget: IMVU.lnk -> C:\Users\Linda\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe (No File)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3268906932-404436543-3389486272-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-3268906932-404436543-3389486272-1001 - (No Name) - {8f4181f4-137b-4cef-b050-6c8a58fabfbf} - No File
Toolbar: HKU\S-1-5-21-3268906932-404436543-3389486272-1001 -> No Name - {8F4181F4-137B-4CEF-B050-6C8A58FABFBF} -  No File
DefaultPrefix-x32: =>  <==== ATTENTION
Prefixes-x32: [home]=>  <==== ATTENTION
Prefixes-x32: [www]=>  <==== ATTENTION
CHR HKU\S-1-5-21-3268906932-404436543-3389486272-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
S2 MBAMService; \ [0 ] () <==== ATTENTION (zero byte File/Folder)
S3 MWAC; \??\C:\Windows\system32\drivers\ [0 ] () <==== ATTENTION (zero byte File/Folder)
S3 MWAC; \??\C:\Windows\SysWOW64\drivers\ [0 ] () <==== ATTENTION (zero byte File/Folder)
Task: C:\Windows\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION
Task: {3C3DCFE6-A74D-4918-ABB6-A601FC81F025} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2013-03-25] (Bitberry Software) <==== ATTENTION
C:\Users\EllaG_000\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpanbkst.dll
C:\Users\EllaG_000\AppData\Local\Temp\InstallIMVU_512.0.exe
C:\Users\Linda\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpizf2jp.dll
C:\Users\Linda\AppData\Local\Temp\GUR8C24.exe
C:\Users\lizga_000\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyehpdt.dll
C:\Users\steve_000\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprq6ooz.dll
AlternateDataStreams: C:\Users\EllaG_000\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Linda\Desktop\Scheetz, June C Rice Scheetz.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\lizga_000\OneDrive:ms-properties
AlternateDataStreams: C:\Users\steve_000\OneDrive:ms-properties

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Run the MBAM, AdwCleaner and JRT tools and post the logs is you can.

How is the computer running now?

#3 Bubba2112

Bubba2112
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 07 June 2015 - 01:43 PM

Fixlog:

Fix result of Farbar Recovery Scan Tool (x64) Version:03-06-2015
Ran by Linda at 2015-06-07 14:25:56 Run:1
Running from C:\Users\Linda\Desktop
Loaded Profiles: Linda (Available Profiles: Linda & Storage Place Admin & steve_000 & EllaG_000 & lizga_000 & Donna)
Boot Mode: Safe Mode (with Networking)
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
CloseProcesses:
 
HKLM-x32\...\Winlogon: [Userinit]  [X]
HKLM-x32\...\Winlogon: [Shell]  [0 ] () <=== ATTENTION
ShortcutTarget: IMVU.lnk -> C:\Users\Linda\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe (No File)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3268906932-404436543-3389486272-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-3268906932-404436543-3389486272-1001 - (No Name) - {8f4181f4-137b-4cef-b050-6c8a58fabfbf} - No File
Toolbar: HKU\S-1-5-21-3268906932-404436543-3389486272-1001 -> No Name - {8F4181F4-137B-4CEF-B050-6C8A58FABFBF} -  No File
DefaultPrefix-x32: =>  <==== ATTENTION
Prefixes-x32: [home]=>  <==== ATTENTION
Prefixes-x32: [www]=>  <==== ATTENTION
CHR HKU\S-1-5-21-3268906932-404436543-3389486272-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
S2 MBAMService; \ [0 ] () <==== ATTENTION (zero byte File/Folder)
S3 MWAC; \??\C:\Windows\system32\drivers\ [0 ] () <==== ATTENTION (zero byte File/Folder)
S3 MWAC; \??\C:\Windows\SysWOW64\drivers\ [0 ] () <==== ATTENTION (zero byte File/Folder)
Task: C:\Windows\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION
Task: {3C3DCFE6-A74D-4918-ABB6-A601FC81F025} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2013-03-25] (Bitberry Software) <==== ATTENTION
C:\Users\EllaG_000\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpanbkst.dll
C:\Users\EllaG_000\AppData\Local\Temp\InstallIMVU_512.0.exe
C:\Users\Linda\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpizf2jp.dll
C:\Users\Linda\AppData\Local\Temp\GUR8C24.exe
C:\Users\lizga_000\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyehpdt.dll
C:\Users\steve_000\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprq6ooz.dll
AlternateDataStreams: C:\Users\EllaG_000\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Linda\Desktop\Scheetz, June C Rice Scheetz.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\lizga_000\OneDrive:ms-properties
AlternateDataStreams: C:\Users\steve_000\OneDrive:ms-properties
 
End
*****************
 
Error: Restore point can only be created in normal mode.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => value restored successfully
HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value restored successfully
C:\Users\Linda\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found. 
C:\Windows\system32\GroupPolicy\Machine => moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-3268906932-404436543-3389486272-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\S-1-5-21-3268906932-404436543-3389486272-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{8f4181f4-137b-4cef-b050-6c8a58fabfbf} => value removed successfully
HKU\S-1-5-21-3268906932-404436543-3389486272-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8F4181F4-137B-4CEF-B050-6C8A58FABFBF} => value removed successfully
HKCR\CLSID\{8F4181F4-137B-4CEF-B050-6C8A58FABFBF} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix\\Default => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes\\home => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes\\www => value restored successfully
"HKU\S-1-5-21-3268906932-404436543-3389486272-1001\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => key removed successfully
MBAMService => Service removed successfully
MWAC => Service removed successfully
MWAC => Service not found.
C:\Windows\Tasks\FreeFileViewerUpdateChecker.job => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3C3DCFE6-A74D-4918-ABB6-A601FC81F025}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C3DCFE6-A74D-4918-ABB6-A601FC81F025}" => key removed successfully
C:\Windows\System32\Tasks\FreeFileViewerUpdateChecker => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FreeFileViewerUpdateChecker" => key removed successfully
C:\Users\EllaG_000\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpanbkst.dll => moved successfully.
C:\Users\EllaG_000\AppData\Local\Temp\InstallIMVU_512.0.exe => moved successfully.
C:\Users\Linda\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpizf2jp.dll => moved successfully.
C:\Users\Linda\AppData\Local\Temp\GUR8C24.exe => moved successfully.
C:\Users\lizga_000\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyehpdt.dll => moved successfully.
C:\Users\steve_000\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprq6ooz.dll => moved successfully.
C:\Users\EllaG_000\OneDrive => ":ms-properties" ADS removed successfully.
C:\Users\Linda\Desktop\Scheetz, June C Rice Scheetz.jpg => ":com.dropbox.attributes" ADS removed successfully.
"C:\Users\lizga_000\OneDrive" => ":ms-properties" ADS not found.
C:\Users\steve_000\OneDrive => ":ms-properties" ADS removed successfully.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 14:25:59 ====


#4 Bubba2112

Bubba2112
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 07 June 2015 - 01:52 PM

Tried to run mbam and it wouldn't open with error. ran adw scan only. here is log:

# AdwCleaner v4.206 - Logfile created 07/06/2015 at 14:37:25
# Updated 01/06/2015 by Xplode
# Database : 2015-05-31.5 [Local]
# Operating system :   (x64)
# Username : Linda - TOSHIBALAPTOP
# Running from : E:\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v0.0.0.0
 
 
*************************
 
AdwCleaner[R0].txt - [5073 bytes] - [03/06/2015 05:41:39]
AdwCleaner[R1].txt - [4761 bytes] - [03/06/2015 16:52:10]
AdwCleaner[R2].txt - [825 bytes] - [03/06/2015 17:19:58]
AdwCleaner[R3].txt - [988 bytes] - [07/06/2015 14:30:20]
AdwCleaner[R4].txt - [851 bytes] - [07/06/2015 14:37:25]
AdwCleaner[S0].txt - [4296 bytes] - [03/06/2015 17:10:38]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R4].txt - [968 bytes] ##########
 
JRT wouldn't open with error..


#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:09 PM

Posted 08 June 2015 - 07:33 AM

Download and run the Malwarebytes removal tool from this site.
https://support.malwarebytes.org/customer/portal/articles/1835311?b_id=6438

Restart the Computer normally when executed.

Reinstall the application

Can you run it now?

How is the computer running?

#6 Bubba2112

Bubba2112
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 08 June 2015 - 04:16 PM

The uninstaller ran with no errors albeit quickly.

The MBAM install fails right at the end with Runtime Error (at 87:252) External Exception E06D7363.

Also had second error Internal error: Expression error 'Runtime Error(at 58:89); External Exception E06d7363,'

Then got The exception unknown software exception (0x400200015) occurred in the application at location 0x704ed6fd. click ok to terminate program.


Edited by Bubba2112, 08 June 2015 - 04:24 PM.


#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:09 PM

Posted 09 June 2015 - 08:48 AM

Follow the instructions on this page.

https://support.malwarebytes.org/customer/portal/articles/1835332-what-should-i-do-if-i-receive-the-error-%22-internal-error-expression-error-runtime-error-external-exception-e06d7363-%22-?b_id=6438

How is it now?

#8 Bubba2112

Bubba2112
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 09 June 2015 - 05:16 PM

Same error at the end of the install.



#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:09 PM

Posted 10 June 2015 - 07:41 AM

They may still be some malware in the computer.

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

p.s.
Did you just reinstall the version you had or did you get the latest version?

If you did run the removal tool again, restart the computer and get the lates.
Download Malwarebytes' Anti-Malware from Here

#10 Bubba2112

Bubba2112
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 10 June 2015 - 01:36 PM

I redownloaded from the link you sent me but it was the same version I had tried previously. I ran the MBAM cleaner before I reloaded it. The above roguekiller mentions win vista and xp. will it work for 8.1?



#11 Bubba2112

Bubba2112
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 10 June 2015 - 03:50 PM

I downloaded roguekiller from the link to my usb. moved it to my desktop. ran and nothing opens. rans as administrator and nothing open. opened task menu and it show runnin at about 50% CPU but nothing ever opened a GUI window. I also tried to run firefox portable from my usb. It opened but can't connect.


Edited by Bubba2112, 10 June 2015 - 03:54 PM.


#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:09 PM

Posted 11 June 2015 - 07:09 AM

Try this one.

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.

Also, please provide an update on how the computer is behaving after running the above script.

===


removes
Crazy Score

#13 Bubba2112

Bubba2112
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 11 June 2015 - 07:56 AM

Tried to run after checking firewall was completely down. system says that Defender is already down. I uninstalled mbam. i tried but it wouldn't let me uninstall spybot. not listed in programs but is in my desktop. wouldn't let me run zoek. states that my internet settings prevented the file from opening. 



#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:09 PM

Posted 11 June 2015 - 12:37 PM

Are you running the tools in normal mode?

#15 Bubba2112

Bubba2112
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 11 June 2015 - 05:40 PM

Yes, in normal mode.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users