[Inactive] computers hacked, lost $1350 from bank, hackers keep getting in

**jdc2000** · August 6th, 2016, 06:48 PM

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-05 17:59 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-08-05 17:58 - 2016-03-27 16:57 - 00000000 ___RD C:\Users\ckbeme\OneDrive
2016-08-05 12:25 - 2016-03-29 12:31 - 00000000 ____D C:\Users\ckbeme\AppData\Local\CrashDumps
2016-08-05 11:18 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-05 11:07 - 2016-02-13 08:16 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-05 11:06 - 2016-05-01 09:52 - 882553083 _____ C:\WINDOWS\MEMORY.DMP
2016-08-04 19:35 - 2016-06-15 15:46 - 00000000 ____D C:\Users\ckbeme\AppData\LocalLow\LastPass
2016-08-04 16:02 - 2016-06-11 13:12 - 00000000 ____D C:\Program Files (x86)\Beyond Compare 4
2016-08-04 16:01 - 2016-06-29 21:42 - 00000000 ____D C:\ProgramData\IDMComp
2016-08-04 16:00 - 2016-06-29 21:42 - 00000000 ____D C:\Users\ckbeme\AppData\Roaming\IDMComp
2016-08-04 15:42 - 2015-10-30 01:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-08-04 13:22 - 2016-06-20 10:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraCompare
2016-08-04 13:22 - 2016-06-20 10:30 - 00000000 ____D C:\Program Files\IDM Computer Solutions
2016-08-04 11:34 - 2016-04-08 10:06 - 00000000 ____D C:\Users\ckbeme\AppData\Roaming\MediaMonkey
2016-08-04 09:30 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\System
2016-08-04 07:47 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\appcompat
2016-08-03 20:11 - 2016-04-05 11:46 - 00139264 _____ C:\Users\ckbeme\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-08-03 19:36 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-08-03 18:25 - 2016-06-25 10:08 - 00000000 ____D C:\Users\ckbeme\AppData\Local\Windows Live
2016-08-02 17:05 - 2016-03-27 16:58 - 00883288 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-08-02 17:05 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF
2016-08-02 12:59 - 2016-03-31 13:41 - 00042168 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2016-08-02 12:58 - 2016-04-05 08:25 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-08-02 12:56 - 2016-05-14 11:04 - 00000000 ____D C:\Users\ckbeme
2016-08-01 23:34 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-08-01 16:22 - 2016-04-02 14:08 - 00000000 ____D C:\ProgramData\MFAData
2016-08-01 10:36 - 2016-06-07 09:07 - 00000000 ____D C:\Users\ckbeme\AppData\Roaming\TakeOwnershipEx
2016-08-01 10:28 - 2016-03-29 12:17 - 00000000 ____D C:\Program Files\FastCopy
2016-08-01 10:12 - 2016-03-30 17:36 - 00000000 ____D C:\Backup Start menu for all users
2016-08-01 09:55 - 2015-10-30 02:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-08-01 09:55 - 2015-10-30 01:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-07-31 19:10 - 2016-05-24 10:15 - 00000000 ____D C:\Program Files\ATTLocker
2016-07-31 15:55 - 2016-05-29 15:28 - 00000000 ____D C:\WINDOWS\PCHEALTH
2016-07-31 15:49 - 2016-06-01 13:40 - 00000000 ____D C:\Program Files (x86)\Double Driver
2016-07-31 14:23 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-07-31 13:20 - 2016-04-01 20:04 - 00000000 ____D C:\Users\ckbeme\AppData\Roaming\IObit
2016-07-31 10:52 - 2016-03-29 12:53 - 00000000 ___RD C:\Screenshots
2016-07-31 10:28 - 2016-04-01 20:04 - 00000000 ____D C:\Program Files (x86)\IObit
2016-07-29 10:13 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\MiracastView

**jdc2000** · August 6th, 2016, 06:49 PM

2016-07-29 10:09 - 2016-04-04 12:53 - 00000000 ____D C:\Users\ckbeme\AppData\Local\Downloaded Installations
2016-07-29 09:11 - 2016-04-18 16:14 - 00000000 ____D C:\Users\ckbeme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2016-07-29 09:10 - 2016-03-31 13:06 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 5
2016-07-28 21:33 - 2016-05-16 11:15 - 00002099 _____ C:\Users\ckbeme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Process Explorer.lnk
2016-07-28 21:29 - 2016-04-28 11:31 - 00001492 _____ C:\Users\ckbeme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Duplicate File Detective.lnk
2016-07-28 21:22 - 2016-03-31 13:37 - 00000000 ____D C:\Program Files\ProcessExplorer
2016-07-28 21:13 - 2016-04-08 10:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaMonkey
2016-07-28 21:13 - 2016-04-08 10:06 - 00000000 ____D C:\Program Files (x86)\MediaMonkey
2016-07-28 18:34 - 2016-06-05 15:36 - 00000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2016-07-28 16:46 - 2016-05-15 12:11 - 00000000 ____D C:\Users\Administrator\AppData\Local\ElevatedDiagnostics
2016-07-28 16:17 - 2016-05-27 12:44 - 00002924 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoMaker Magazine.lnk
2016-07-28 16:17 - 2016-05-25 13:06 - 00001402 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR.lnk
2016-07-28 16:17 - 2016-05-17 10:22 - 00002107 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeIcoConverter.lnk
2016-07-28 16:17 - 2016-05-16 11:17 - 00001190 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Character Map.lnk
2016-07-28 16:17 - 2016-05-15 15:57 - 00002394 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-07-28 16:17 - 2016-05-14 11:08 - 00001564 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-07-28 16:17 - 2016-05-12 21:29 - 00001943 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
2016-07-28 16:17 - 2016-04-16 09:01 - 00002341 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-07-28 16:17 - 2016-04-01 12:07 - 00001985 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Explorer64.lnk
2016-07-28 16:17 - 2016-04-01 10:54 - 00001666 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hardware Monitor.lnk
2016-07-28 16:17 - 2016-03-31 13:17 - 00001342 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenedFilesView.lnk
2016-07-28 16:17 - 2016-03-31 13:07 - 00001158 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2016-07-28 16:17 - 2016-03-29 12:31 - 00000504 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\All Control Panel Items.lnk
2016-07-28 16:17 - 2016-03-29 12:17 - 00001043 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastCopy.lnk
2016-07-28 16:17 - 2016-03-27 16:57 - 00002410 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-07-28 16:16 - 2016-07-02 09:26 - 00001269 _____ C:\Users\Public\Desktop\LG Bridge.lnk
2016-07-28 16:16 - 2016-06-20 17:52 - 00001542 _____ C:\Users\Public\Desktop\IconCool Studio Pro.lnk
2016-07-28 16:16 - 2016-06-20 17:28 - 00001534 _____ C:\Users\Public\Desktop\IconCool Panel.lnk
2016-07-28 16:16 - 2016-06-14 13:48 - 00001181 _____ C:\Users\Public\Desktop\RingCentral for Windows.lnk
2016-07-28 16:16 - 2016-06-05 09:07 - 00002297 _____ C:\Users\Public\Desktop\ACDSee Pro 8 (64-bit).lnk
2016-07-28 16:16 - 2016-05-17 10:22 - 00002061 _____ C:\Users\Public\Desktop\FreeIcoConverter.lnk
2016-07-28 16:16 - 2016-04-10 00:07 - 00000977 _____ C:\Users\Public\Desktop\Configure FileMenu Tools.lnk
2016-07-28 16:16 - 2016-03-31 14:06 - 00001133 _____ C:\Users\Public\Desktop\Picture Information Extractor.lnk
2016-07-28 16:16 - 2016-03-30 17:33 - 00001231 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs - Shortcut.lnk
2016-07-28 16:16 - 2016-03-29 13:05 - 00001680 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Dopus.lnk
2016-07-28 16:15 - 2016-03-31 13:16 - 00014600 _____ (NirSoft) C:\WINDOWS\system32\Drivers\NirSoftOpenedFilesDriver.sys

**jdc2000** · August 6th, 2016, 06:50 PM

2016-07-28 16:07 - 2016-05-14 11:04 - 00000000 ____D C:\Users\Administrator
2016-07-28 16:03 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-07-28 12:43 - 2016-04-27 07:42 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2016-07-28 12:18 - 2016-04-09 19:07 - 00000000 __SHD C:\WINDOWS\SysWOW64\AI_RecycleBin
2016-07-28 11:31 - 2016-06-18 19:56 - 00000000 ____D C:\Users\ckbeme\temp
2016-07-27 14:25 - 2016-03-28 07:36 - 00504488 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-07-27 09:35 - 2016-04-16 09:00 - 00003502 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-27 09:35 - 2016-04-16 09:00 - 00003278 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-27 08:06 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\ModemLogs
2016-07-26 19:33 - 2016-06-20 10:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraEdit
2016-07-24 17:35 - 2016-06-30 10:41 - 00002162 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-07-24 11:43 - 2016-06-20 18:02 - 00000000 ____D C:\Users\ckbeme\AppData\Roaming\IconLibraryX
2016-07-23 01:10 - 2016-05-14 11:02 - 00018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2016-07-21 09:10 - 2016-06-05 14:13 - 00000000 ____D C:\Program Files (x86)\Browny02
2016-07-19 21:32 - 2016-05-14 19:07 - 00000000 ____D C:\Users\ckbeme\AppData\Local\ElevatedDiagnostics
2016-07-18 14:51 - 2016-02-13 08:22 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-07-17 13:12 - 2016-06-17 11:12 - 00000000 ____D C:\Program Files (x86)\High-Logic MainType
2016-07-17 13:12 - 2016-06-17 11:12 - 00000000 ____D C:\Program Files (x86)\High-Logic FontService
2016-07-17 08:35 - 2016-05-14 11:02 - 00000000 ____D C:\ProgramData\NVIDIA
2016-07-16 12:19 - 2016-05-18 12:02 - 00000000 ____D C:\Program Files (x86)\FastStone Capture
2016-07-15 15:30 - 2016-06-30 07:36 - 00000000 ____D C:\Program Files (x86)\Hard Disk Sentinel
2016-07-15 10:05 - 2016-03-29 10:05 - 00000000 ____D C:\ProgramData\Package Cache
2016-07-13 23:00 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp

**jdc2000** · August 6th, 2016, 06:51 PM

2016-07-13 22:52 - 2016-02-13 08:04 - 00000000 ____D C:\Program Files\Windows Journal
2016-07-13 22:52 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\PrintDialog
2016-07-13 22:52 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2016-07-13 22:52 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-07-13 22:52 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-07-13 22:52 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\Provisioning
2016-07-13 22:52 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-07-13 22:52 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files\Windows Defender
2016-07-13 22:52 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-07-13 22:52 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files (x86)\Windows Defender

**jdc2000** · August 6th, 2016, 06:51 PM

2016-07-13 22:51 - 2015-10-30 02:24 - 00000167 _____ C:\WINDOWS\win.ini
2016-07-13 22:47 - 2016-03-28 09:48 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-07-13 22:35 - 2016-03-28 09:48 - 144749672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-07-13 13:14 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-07-13 13:14 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-07-13 13:13 - 2016-06-05 14:14 - 00023461 _____ C:\WINDOWS\BRRBCOM.INI
2016-07-11 09:36 - 2016-07-02 08:28 - 00000000 ____D C:\Users\ckbeme\AppData\Roaming\LG Electronics
2016-07-11 09:36 - 2016-07-02 08:18 - 00000000 ____D C:\Users\ckbeme\AppData\Local\LG Electronics
2016-07-11 09:36 - 2016-07-02 08:17 - 00000000 ____D C:\Program Files (x86)\LG Electronics
2016-07-10 08:56 - 2016-06-17 08:57 - 00000000 ____D C:\Program Files (x86)\jv16 PowerTools X
2016-07-09 10:02 - 2016-03-28 16:25 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-07-09 09:06 - 2016-04-09 18:48 - 00000000 ____D C:\Users\ckbeme\AppData\Local\Adobe
2016-07-09 06:34 - 2016-05-10 10:16 - 00000000 ___RD C:\Users\ckbeme\Dropbox
2016-07-08 07:28 - 2016-05-14 11:02 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-07-08 07:28 - 2016-03-29 10:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-07-07 19:08 - 2016-05-10 09:37 - 00000000 ____D C:\Program Files (x86)\Dropbox

**jdc2000** · August 6th, 2016, 06:53 PM

==================== Files in the root of some directories =======

2016-06-05 14:51 - 2005-12-08 21:51 - 0000060 ____R () C:\Program Files (x86)\BRINST.INI
2016-07-28 11:29 - 2016-07-28 11:29 - 7129600 _____ () C:\Users\ckbeme\AppData\Roaming\agent.dat
2016-04-20 08:46 - 2016-04-20 08:47 - 0037938 _____ () C:\Users\ckbeme\AppData\Roaming\Comma Separated Values.ADR
2016-07-28 11:28 - 2016-07-28 11:28 - 0129024 _____ () C:\Users\ckbeme\AppData\Roaming\Installer.dat
2016-07-31 16:14 - 2016-08-01 09:21 - 0000115 _____ () C:\Users\ckbeme\AppData\Roaming\LogFile.txt
2016-07-28 11:29 - 2016-07-28 11:29 - 0018432 _____ () C:\Users\ckbeme\AppData\Roaming\Main.dat
2016-06-17 08:57 - 2016-06-17 08:57 - 0000020 ___SH () C:\Users\ckbeme\AppData\Roaming\Sys11965 DataCollection.dat
2016-06-17 08:57 - 2016-06-17 08:57 - 0000020 ___SH () C:\Users\ckbeme\AppData\Roaming\System413_DataDB.ind
2016-08-02 18:11 - 2016-08-02 18:11 - 1302799 _____ () C:\Users\ckbeme\AppData\Local\ars.cache
2016-08-02 18:12 - 2016-08-02 18:12 - 1015215 _____ () C:\Users\ckbeme\AppData\Local\census.cache
2016-04-05 11:46 - 2016-08-03 20:11 - 0139264 _____ () C:\Users\ckbeme\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-07-28 11:12 - 2016-07-28 11:12 - 0000030 _____ () C:\Users\ckbeme\AppData\Local\HackLogs.dat
2016-08-02 17:40 - 2016-08-02 17:40 - 0000036 _____ () C:\Users\ckbeme\AppData\Local\housecall.guid.cache
2016-05-14 07:39 - 2016-05-14 07:39 - 0000017 _____ () C:\Users\ckbeme\AppData\Local\resmon.resmoncfg
2016-07-26 13:18 - 2016-07-26 13:18 - 0000620 ___SH () C:\Users\ckbeme\AppData\Local\settingsFL.dat
2016-08-02 17:54 - 2016-08-02 17:54 - 0000010 _____ () C:\Users\ckbeme\AppData\Local\sponge.last.runtime.cache
2016-07-26 13:17 - 2016-07-26 13:17 - 0000700 ___SH () C:\Users\ckbeme\AppData\Local\systemFL7.dat
2016-07-26 12:52 - 2016-07-26 13:19 - 0000520 ___SH () C:\Users\ckbeme\AppData\Local\win_fldb_sys.dat
2016-07-26 12:41 - 2016-07-26 13:17 - 0011781 ___SH () C:\Users\ckbeme\AppData\Local\win_flfiles_sys.dat
2016-07-26 12:41 - 2016-07-26 13:18 - 0003465 ___SH () C:\Users\ckbeme\AppData\Local\win_stlthdb_sys.dat
2016-06-01 11:40 - 2016-06-01 11:40 - 0000000 _____ () C:\ProgramData\DP45977C.lfl
2016-03-31 10:20 - 2016-04-01 12:45 - 0000193 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2002-05-31 23:08 - 2002-05-31 23:08 - 0000000 _____ () C:\ProgramData\sdpsenv.dat
2016-05-10 11:30 - 2016-05-11 12:02 - 0017403 _____ () C:\ProgramData\StreamingMediaTechnologyLog.txt
2016-07-26 12:50 - 2016-07-26 13:17 - 0002568 ___SH () C:\ProgramData\win_mpwd_sys.dat

**jdc2000** · August 6th, 2016, 06:57 PM

Files to move or delete:
====================
C:\ProgramData\sdpsenv.dat
C:\ProgramData\win_mpwd_sys.dat

**jdc2000** · August 6th, 2016, 06:58 PM

Some files in TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\gusetup4.exe
C:\Users\ckbeme\AppData\Local\Temp\065E8NOGMF.exe
C:\Users\ckbeme\AppData\Local\Temp\AELOJJHPPK.exe
C:\Users\ckbeme\AppData\Local\Temp\ChangeIcon.exe
C:\Users\ckbeme\AppData\Local\Temp\SEVINST64x86.EXE
C:\Users\ckbeme\AppData\Local\Temp\uc_english_64.exe
C:\Users\ckbeme\AppData\Local\Temp\xmlUpdater.exe
C:\Users\ckbeme\AppData\Local\Temp\z5PZBUR2fG.exe

**jdc2000** · August 6th, 2016, 06:59 PM

Some zero byte size files/folders:
==========================
C : \ W i n d o w s \ S y s W O W 6 4 \ d s r e g c m d . e x e

**jdc2000** · August 6th, 2016, 07:00 PM

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-08-03 09:41

==================== End of FRST.txt ============================

**Broni** · August 6th, 2016, 10:05 PM

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs
Double click on downloaded setup.exe file to install the program.
Click on Start Scan button.
Click on another Start Scan button.
Wait until the Status box shows Scan Finished
Click on Delete.
Wait until the Status box shows Deleting Finished.
Click on Report and copy/paste the content of the Notepad into your next reply.
RKreport.txt could also be found on your desktop.
If more than one log is produced post all logs.

Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
Launch Malwarebytes Anti-Malware
A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish.
On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

If you already have MBAM 2.0 installed:

On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs:
(Export log to save as txt)

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the Scan Log which shows the Date and time of the scan just performed.
Click 'Export'.
Click 'Text file (*.txt)'
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named 'File Saved' should appear stating "Your file has been successfully exported".
Click Ok
Attach that saved log to your next reply.

(Copy to clipboard for pasting into forum replies or tickets)

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the Scan Log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Scan button.
When the scan has finished click on Clean button.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

**ckbeme** · August 6th, 2016, 11:45 PM

Well, looks like I know what I'll be doing tomorrow. Thanks so much Broni. Both of you guys.

I'll send you updates tomorrow.

ckbeme

**ckbeme** · August 7th, 2016, 03:41 PM

Hey guys. I thought I would be done by now, but I had to take a driver safety course and it took longer than I thought. Just wanted u to know I am working on it. I hope to be done in by 5pm, or 6. I have 4.5 TB of disk to go thru.

OH good just have to addcleaner and junk to go. I ttyl

**ckbeme** · August 7th, 2016, 04:29 PM

Malwarebytes didn't find anything. I sent you the app log anyway.
I can't get the other logs to come up. I'll finish up here and try to send them again later.

**ckbeme** · August 7th, 2016, 05:09 PM

Hopefully I will get them uploaded this time.

Thread: [Inactive] computers hacked, lost $1350 from bank, hackers keep getting in

Thread Tools

Search Thread

Display

OK, some logs for you from RogueKiller

Rogue Killer - More logs

Thread Information

Users Browsing this Thread

Posting Permissions