Jump to content

LarryS

Members
  • Posts

    44
  • Joined

  • Last visited

Reputation

0 Neutral

About LarryS

  • Birthday 04/23/1952

Profile Information

  • Location
    Ruskin Florida

Contact Methods

  • Yahoo
    ldstoodley@yahoo.com
  1. Thanks for the info and fyi I have Norton security for my anti virus and am quite happy with it's performance.
  2. I just read the Petya and Mischa blog Malwarebytes posted and I like that they explain every thing but as a dumb user all I need to know is if one of the 3 Malwarebytes programs I have on my computer stops them. I have both your premium malware and anti -exploit as well as your beta Anti-ransom ware v 0.9.15.416 Often a blog makes me aware of something in the wild but doesn't say if I am protected.
  3. Thank you. It makes sense and will accept your explanation.
  4. Look for one didn't find any however if you do please let me know
  5. Just a suggestion when I start my computer the anti-ransom pops up in the tray in the middle of the bottom of my screen I have to click on it to have it pop up in the screen then x out to remove it from my tray. It is still running and I want that just not the nag screen the anti exploit had that type of screen and you could uncheck a box to remove it. I did have a problem installing Anti-Ransom but the problem of not accepting the code was solved with a reboot.
  6. I think this is what you asked for please advise.Addition.txtFRST.txt
  7. Just found your reply in my spam folder so please don't close this thread yet. I am off to see my DR. and will follow your instructions later today
  8. Maybe you people can help me. I have the paid versions of Malwarebytes and the anti-exploit. I also run Norton internet security. I think I was hit with a drive by and one of the above stopped it. but now I'm getting a script error when ever I try to download a vid clip. Has anyone here every seen this? line = o char = o error = script error code = o url = http://adadvisor.net/adscores/g.js?sid=9276253823 I'm running the latest windows with the edge explorer I have ran everything I can think of including emptying the temp files and clearing all browser data. I don't run any registry cleaners as I have had trouble with them before. All my programs are updated regularly. I am completely confused and don't know where to go or what to do next. by the way it appears that this script error does not discriminate and shows up at any time on any page I try to download a vid clip Malwarebytes version 2.2.0.1024 Anti exploit version 1.08.1.1024 Norton version 22.5.4.24 Attached is a screen shot of the pop up. I'm in the dark about the windows / Edge version I have and don't know where to find it Thanks for reading this.
  9. This 62 year old disabled USA Army Mechanic says You sir are a God send thank you from the bottom of my heart!
  10. # DelFix v10.8 - Logfile created 23/01/2015 at 09:28:54 # Updated 29/07/2014 by Xplode # Username : FBI Ruskin - SUPERSLOW # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) ~ Removing disinfection tools ... Deleted : C:\Qoobox Deleted : C:\FRST Deleted : C:\zoek_backup Deleted : C:\AdwCleaner Deleted : C:\ComboFix.txt Deleted : C:\zoek-results.log Deleted : C:\zoek-results2015-01-20-200807.log Deleted : C:\zoek-results2015-01-21-145456.log Deleted : C:\zoek-results2015-01-22-160555.log Deleted : C:\Users\FBI Ruskin\Downloads\adwcleaner_4.108.exe Deleted : C:\Windows\grep.exe Deleted : C:\Windows\PEV.exe Deleted : C:\Windows\NIRCMD.exe Deleted : C:\Windows\MBR.exe Deleted : C:\Windows\SED.exe Deleted : C:\Windows\SWREG.exe Deleted : C:\Windows\SWSC.exe Deleted : C:\Windows\SWXCACLS.exe Deleted : C:\Windows\Zip.exe Deleted : HKLM\SOFTWARE\AdwCleaner Deleted : HKLM\SOFTWARE\Swearware Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe ~ Cleaning system restore ... Deleted : RP #160 [Restore Point Created by FRST | 01/22/2015 14:57:59] Deleted : RP #161 [zoek.exe restore point | 01/22/2015 16:04:01] Deleted : RP #162 [zoek.exe restore point | 01/22/2015 16:27:32] New restore point created ! ~ Resetting system settings ... OK ########## - EOF - ##########
  11. Can I close the panda fix log? your e-mail said to not fix anything in it without your help
  12. Malwarebytes Anti-Malware www.malwarebytes.org Protection, 1/22/2015 12:58:27 PM, SYSTEM, SUPERSLOW, Protection, Malware Protection, Starting, Protection, 1/22/2015 12:58:27 PM, SYSTEM, SUPERSLOW, Protection, Malware Protection, Started, Protection, 1/22/2015 12:58:28 PM, SYSTEM, SUPERSLOW, Protection, Malicious Website Protection, Starting, Protection, 1/22/2015 12:58:28 PM, SYSTEM, SUPERSLOW, Protection, Malicious Website Protection, Started, Update, 1/22/2015 12:58:36 PM, SYSTEM, SUPERSLOW, Scheduler, Malware Database, 2015.1.17.4, 2015.1.22.10, Protection, 1/22/2015 12:58:36 PM, SYSTEM, SUPERSLOW, Protection, Refresh, Starting, Protection, 1/22/2015 12:58:36 PM, SYSTEM, SUPERSLOW, Protection, Malicious Website Protection, Stopping, Protection, 1/22/2015 12:58:36 PM, SYSTEM, SUPERSLOW, Protection, Malicious Website Protection, Stopped, Protection, 1/22/2015 12:58:40 PM, SYSTEM, SUPERSLOW, Protection, Refresh, Success, Protection, 1/22/2015 12:58:40 PM, SYSTEM, SUPERSLOW, Protection, Malicious Website Protection, Starting, Protection, 1/22/2015 12:58:40 PM, SYSTEM, SUPERSLOW, Protection, Malicious Website Protection, Started, (end) Malware. REGKEY: HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND. Value: (null) To be changed to: C:\Program Files\Internet Explorer\IEXPLORE.EXE. Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[HIDEFILEEXT] to be changed to: 0 Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[HIDEFILEEXT] to be changed to: 0 Malware. REGKEY: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM[DISABLEREGISTRYTOOLS]. Value: DISABLEREGISTRYTOOLS To be deleted. Malware. REGKEY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM[DISABLEREGISTRYTOOLS]. Value: DISABLEREGISTRYTOOLS To be deleted. Malware. REGKEY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM[DISABLETASKMGR]. Value: DISABLETASKMGR To be deleted.
  13. Not that I'm aware of but a day or two from now I may find one
  14. Zoek.exe v5.0.0.0 Updated 18-01-2015 Tool run by FBI Ruskin on Thu 01/22/2015 at 11:26:46.18. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\FBI Ruskin\Desktop\zoek.exe [scan all users] [script inserted] ==== Older Logs ====================== C:\zoek-results2015-01-20-200807.log 10683 bytes C:\zoek-results2015-01-21-145456.log 629 bytes C:\zoek-results2015-01-22-160555.log 959 bytes ==== System Restore Info ====================== 1/22/2015 11:27:40 AM Zoek.exe System Restore Point Created Succesfully. ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2015-01-19 18:49:37 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\Windows\PEV.exe 2015-01-19 18:49:37 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\Windows\grep.exe 2015-01-19 18:49:37 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\Windows\zip.exe 2015-01-19 18:49:37 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\Windows\SWSC.exe 2015-01-19 18:49:37 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\Windows\MBR.exe ====== C:\Users\FBIRUS~1\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2015-01-13 20:27:12 9606307F5E1EABA98ACB61206EFC2127 43008 ----a-w- C:\Windows\SysWOW64\srclient.dll 2015-01-13 20:27:12 8A289EF0AE709327D6AA9769E108B5A6 3916728 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe 2015-01-13 20:27:12 2AF481C03C0383ADE09FFEDA0C583140 3971512 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe 2015-01-13 20:27:10 FE48346938C1CDDDF4E4097DB9B99764 52224 ----a-w- C:\Windows\SysWOW64\nlaapi.dll 2015-01-13 20:27:10 92940397DFFB4D237EA5BB22FF912BDC 156672 ----a-w- C:\Windows\SysWOW64\ncsi.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2015-01-15 20:35:47 F2872B208F521B9182BE6103561D1F74 3406 ----a-w- C:\Windows\Sysnative\cc_20150115_153545.reg 2015-01-13 20:27:13 0A70B8D78AF95894E221DDAC6482DF6D 5553592 ----a-w- C:\Windows\Sysnative\ntoskrnl.exe 2015-01-13 20:27:12 F4846789B3795F14DCB7D92ED1DAF74F 503808 ----a-w- C:\Windows\Sysnative\srcore.dll 2015-01-13 20:27:12 DE595EACC79006E7B15B848BF0831E78 296960 ----a-w- C:\Windows\Sysnative\rstrui.exe 2015-01-13 20:27:12 BA6D609BAB615991E8791CA1DFFD034C 50176 ----a-w- C:\Windows\Sysnative\srclient.dll 2015-01-13 20:27:11 B6A58491307B4CADA572583D863DC602 210432 ----a-w- C:\Windows\Sysnative\profsvc.dll 2015-01-13 20:27:10 8B301D474B478E9A92823BAB50A7BC49 303616 ----a-w- C:\Windows\Sysnative\nlasvc.dll 2015-01-13 20:27:10 2A9C3ADBC3B9D061CACDEFFBED67683C 87040 ----a-w- C:\Windows\Sysnative\TSWbPrxy.exe ====== C:\Windows\Sysnative\drivers ===== 2015-01-13 20:27:10 AE3334958D8F631FF14A0AEB3D7EFB3A 141312 ----a-w- C:\Windows\Sysnative\drivers\mrxdav.sys ====== C:\Windows\Tasks ====== 2015-01-21 23:17:51 74D20D137631D505CDCBD3CF917E6FD0 3304 ----a-w- C:\Windows\Sysnative\Tasks\{C8254947-3691-4805-A438-CCA658882A44} 2014-12-29 23:16:48 -------- d-----w- C:\Windows\Sysnative\Tasks\Apple 2014-12-29 13:27:23 2F5DBDCA62327300FC9950EAB2A23D11 3352 ----a-w- C:\Windows\Sysnative\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-191125125-3998107540-3752353725-1001 2014-12-25 13:36:02 B63AD96D5AB77552EFDB7D2277C3B0CB 3886 ----a-w- C:\Windows\Sysnative\Tasks\Adobe Acrobat Update Task ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-01-15 20:39:18 -------- d-----w- C:\Program Files\Earth Networks ======= C:\PROGRA~2 ===== 2014-12-29 23:17:28 -------- d-----w- C:\PROGRA~2\QuickTime 2014-12-29 23:16:54 -------- d-----w- C:\PROGRA~2\COMMON~1\Apple 2014-12-29 23:16:47 -------- d-----w- C:\PROGRA~2\Apple Software Update ======= C: ===== 2015-01-16 20:30:49 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\autoexec.bat ====== C:\Users\FBI Ruskin\AppData\Roaming ====== 2015-01-20 20:05:26 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp 2015-01-20 20:05:25 -------- d-----w- C:\Users\Public\AppData\Local\temp 2015-01-20 20:05:25 -------- d-----w- C:\Users\Default\AppData\Local\temp 2015-01-20 20:05:23 -------- d-----w- C:\Users\FBI Ruskin\AppData\Local\Temp 2015-01-16 20:47:48 -------- d-----w- C:\Users\FBI Ruskin\AppData\Roaming\LavasoftStatistics 2014-12-31 12:53:21 -------- d-----w- C:\Users\FBI Ruskin\AppData\Roaming\Apple Computer 2014-12-29 23:16:48 -------- d-----w- C:\Users\FBI Ruskin\AppData\Local\Apple 2014-12-29 23:16:11 -------- d-----w- C:\Users\FBI Ruskin\AppData\Locallow\Apple Computer 2014-12-28 18:08:20 -------- d-----w- C:\Users\FBI Ruskin\AppData\Locallow\Speckie 2014-12-28 18:04:40 -------- d-----w- C:\Users\FBI Ruskin\AppData\Roaming\Speckie 2014-12-28 17:56:21 -------- d-----w- C:\Users\FBI Ruskin\AppData\Local\Speckie ====== C:\Users\FBI Ruskin ====== 2015-01-22 02:09:32 -------- dc-h--w- C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6} 2015-01-20 22:18:40 6EA377DA154B0111D59AE70C35F9864E 2186752 ----a-w- C:\Users\FBI Ruskin\Desktop\AdwCleaner.exe 2015-01-20 21:56:35 6EA377DA154B0111D59AE70C35F9864E 2186752 ----a-w- C:\Users\FBI Ruskin\Downloads\adwcleaner_4.108.exe 2015-01-20 20:47:39 B9E1BF24EF01A82701B09BE75D294085 1707939 ----a-w- C:\Users\FBI Ruskin\Desktop\JRT.exe 2015-01-19 19:04:02 -------- d-----w- C:\Users\Public\AppData 2015-01-17 00:10:30 DD55080C38BF607930A99950B95B0814 2126848 ----a-w- C:\Users\FBI Ruskin\Desktop\FRST64.exe 2015-01-15 20:39:18 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WeatherBug® 2014-12-29 23:17:35 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime 2014-12-29 23:17:28 -------- d-----w- C:\ProgramData\Apple Computer 2014-12-29 23:16:47 -------- d-----w- C:\ProgramData\Apple ====== C: exe-files == 2015-01-22 02:10:26 E2FEE86F4F316482757B8A7BD20E8BA8 4149021 -c--a-w- C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\WeatherBugSetup.exe 2015-01-22 02:09:31 653E8D49A800C3DBCE3C613AE1E79275 146736 -c--a-w- C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ED87AFBD\609C82D7\WeatherBug.exe 2015-01-22 02:09:31 2DA2047218A438CC12A8D4F035FF851C 5632 -c--a-w- C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ED87AFBD\609C82D7\CustomActions.exe 2015-01-22 02:09:31 09587AE1C5BB58D22593D152E61AAE23 47104 -c--a-w- C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\mFileBagIDE.dll\bag\ga.exe 2015-01-15 20:39:18 653E8D49A800C3DBCE3C613AE1E79275 146736 ------w- C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe 2015-01-15 20:39:18 2DA2047218A438CC12A8D4F035FF851C 5632 ------w- C:\Program Files\Earth Networks\WeatherBug\CustomActions.exe === C: other files == 2015-01-16 20:30:49 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\autoexec.bat ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-191125125-3998107540-3752353725-1001\Software\Microsoft\Windows\CurrentVersion\Run] "HPAdvisorDock"="C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe" "WeatherBug"="C:\Program Files\Earth Networks\WeatherBug\weatherbug.exe /fromrunkey /AppState=Min" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun" "HP Software Update"="C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe" "Codec Settings UAC Manager"="C:\Windows\system32\C2MP\CodecUACManager.exe" "TkBellExe"="C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe -osboot" "RealDownloader"="C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe" "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "HPAdvisorDock"="C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe" "WeatherBug"="C:\Program Files\Earth Networks\WeatherBug\weatherbug.exe /fromrunkey /AppState=Min" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" "SmartMenu"="C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background" "Logitech Download Assistant"="C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "NCPluginUpdater"="C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe Update" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EvtMgr6] "command"="C:\\Program Files\\Logitech\\SetPointP\\SetPoint.exe /launchGaming" "hkey"="HKLM" "item"="EvtMgr6" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FlashGet 3] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="FlashGet 3" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\FlashGet Network\\FlashGet 3\\flashget3.exe\" -minimize" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GarminExpressTrayApp] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="GarminExpressTrayApp" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Garmin\\Express Tray\\ExpressTray.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IAStorIcon] "command"="C:\\Program Files (x86)\\Intel\\Intel® Rapid Storage Technology\\IAStorIcon.exe" "hkey"="HKLM" "item"="IAStorIcon" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LWS] "command"="C:\\Program Files (x86)\\Logitech\\LWS\\Webcam Software\\LWS.exe -hide" "hkey"="HKLM" "item"="LWS" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MyDriveConnect.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="MyDriveConnect.exe" "hkey"="HKCU" "command"="C:\\Program Files (x86)\\MyDrive Connect\\MyDriveConnect.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Skype" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /minimized /regrun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RealPlayer Cloud Service UI.lnk] "item"="RealPlayer Cloud Service UI" "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\RealPlayer Cloud Service UI.lnk" "backup"="C:\\Windows\\pss\\RealPlayer Cloud Service UI.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\PROGRA~2\\Real\\REALPL~1\\RPDS\\Bin64\\RPSYST~1.EXE" ==== Startup Folders ====================== 2010-07-30 04:47:04 1935 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk 2014-09-17 16:42:31 1068 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [01/22/2015 08:31 AM] C:\Windows\tasks\HPCeeScheduleForFBI Ruskin.job --a------ C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [07/15/2011 04:43 AM] C:\Windows\tasks\PCDRScheduledMaintenance.job --a------ C:\Program Files\PC-Doctor for Windows\pcdrcui.exe [02/01/2010 06:02 PM] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\CLMLSvc" [c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\Kernel\CLML\CLMLSvc.exe] "C:\Windows\SysNative\tasks\DVDAgent" [c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe] "C:\Windows\SysNative\tasks\GarminUpdaterTask" [C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe] "C:\Windows\SysNative\tasks\HPCeeScheduleForFBI Ruskin" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe] "C:\Windows\SysNative\tasks\Norton WSC Integration" ["C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe"] "C:\Windows\SysNative\tasks\PCDRScheduledMaintenance" [C:\Program Files\PC-Doctor for Windows\pcdrcui.exe] "C:\Windows\SysNative\tasks\RealDownloader Update Check" [C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe] "C:\Windows\SysNative\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-191125125-3998107540-3752353725-1001" [C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe] "C:\Windows\SysNative\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-191125125-3998107540-3752353725-1001" [C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe] "C:\Windows\SysNative\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-191125125-3998107540-3752353725-1001" [C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe] "C:\Windows\SysNative\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-191125125-3998107540-3752353725-1001" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe] "C:\Windows\SysNative\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-191125125-3998107540-3752353725-1001" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe] "C:\Windows\SysNative\tasks\RecoveryCDWin7" ["C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe"] "C:\Windows\SysNative\tasks\ServicePlan" ["C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe"] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{9E4F0F62-76C4-4CA8-9FC4-E1F80B7537A7}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\{A7014694-5A38-45EC-92C3-5BB644E0AB2E}" ["C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://ui.skype.com/ui/0/6.20.0.104/en/abandoninstall?source=lightinstaller&page=tsInstall] "C:\Windows\SysNative\tasks\{C194722B-CCE5-47D3-8997-C51CF47C89CB}" [C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe] "C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask" [C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe] "C:\Windows\SysNative\tasks\Norton Internet Security\Norton Error Analyzer" [C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe] "C:\Windows\SysNative\tasks\Norton Internet Security\Norton Error Processor" [C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "{338950EA-82DB-44C1-930D-0C28E023C9F0}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [11/18/2014 08:13 PM] ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions iikflkcanblccfahdhdonehdalibjnif - No path found[] mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx[09/20/2014 03:52 AM] ==== IE Start and Search Settings ====================== [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.yahoo.com/" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} Bing Url="http://www.bing.com/search?q={searchTerms}&form=IE8SRC&src=IE-SearchBox" ==== C:\zoek_backup content ====================== C:\zoek_backup (files=178 folders=116 66836836 bytes) ==== EOF on Thu 01/22/2015 at 11:33:09.34 ======================
  15. Zoek.exe v5.0.0.0 Updated 18-01-2015 Tool run by FBI Ruskin on Thu 01/22/2015 at 11:03:00.08. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\FBI Ruskin\Desktop\zoek.exe [scan all users] [script inserted] ==== Older Logs ====================== C:\zoek-results2015-01-20-200807.log 10683 bytes C:\zoek-results2015-01-21-145456.log 629 bytes ==== System Restore Info ====================== 1/22/2015 11:04:15 AM Zoek.exe System Restore Point Created Succesfully. ==== Reset IE Proxy ====================== Value(s) before fix: "ProxyServer"="localhost:8080" "ProxyOverride"="<-loopback>" "ProxyEnable"=dword:00000000 Value(s) after fix: "ProxyEnable"=dword:00000000 ==== C:\zoek_backup content ====================== C:\zoek_backup (files=178 folders=116 66836836 bytes) ==== EOF on Thu 01/22/2015 at 11:05:55.45 ======================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.