- Nov 11, 2014
- 7
Sorry, lost the AdwCleaner scan log. My friend has been having problems with dreaded t.cttsrv redirects. We have removed tons of malware from her computer, and it is a lot quieter but t.cttsrv is still there. What should we do next?
t.cttsrv!!!
- Thread starter Mama Potter
- Start date
- Apr 24, 2014
- 3,395
Helllo,
Before we begin, please note the following:
=============================================
Fix with Farbar Recovery Scan Tool
This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable.
Download attached fixlist.txt file and save it to the Desktop:
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
Please attach it to your reply.
Scan with ZOEK
Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Post its content into your next reply.
Before we begin, please note the following:
- I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
- The logs can take some time to research, so please be patient with me.
- Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
- Instructions that I give are for your system only!
- Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
- Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
- Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.
=============================================
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
- Right-click on
icon and select
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File). - Press the Fix button just once and wait.
- If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
- When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please attach it to your reply.
Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
- Right-click on
icon and select
Run as Administrator to start the tool.
- Wait patiently until the main console will appear, it may take a minute or two.
- In the main box please paste in the following script:
Code:createsrpoint; emptyfolderscheck;delete Quickscan; autoclean; emptyalltemp; ipconfig /flushdns;b - Make sure that Scan All Users option is checked.
- Push Run Script and wait patiently. The scan may take a couple of minutes.
- When the scan completes, a zoek-results logfile should open in notepad.
- If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Post its content into your next reply.
- Nov 11, 2014
- 7
Thank you @argus
Output from ZOEK is below. Fixlog.txt attached
Zoek.exe v5.0.0.0 Updated 11-November-2014
Tool run by Gwen on 12/11/2014 at 12:17:29.42.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Gwen\Downloads\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
12/11/2014 12:26:50 Zoek.exe System Restore Point Created Succesfully.
==== Empty Folders Check ======================
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\Program Files\stinger deleted successfully
C:\PROGRA~3\Oracle deleted successfully
C:\PROGRA~3\{93E26451-CD9A-43A5-A2FA-C42392EA4001} deleted successfully
C:\Users\Gwen\AppData\Roaming\EncryptStick deleted successfully
C:\Users\Gwen\AppData\Roaming\PeerNetworking deleted successfully
C:\Users\Gwen\AppData\Roaming\webex deleted successfully
C:\Users\Gwen\AppData\Roaming\Windows Live Writer deleted successfully
C:\Users\Gwen\AppData\Local\NokiaAccount deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Batch Command(s) Run By Tool======================
==== Deleting Files \ Folders ======================
C:\PROGRA~3\{93E26451-CD9A-43A5-A2FA-C42392EA4001} not found
C:\Users\Gwen\AppData\Local\BackupControlJRE deleted
C:\Windows\Syswow64\CursorKeyboardSoftware deleted
C:\PROGRA~3\Avg_Update_0814tb deleted
C:\PROGRA~3\Avg_Update_1114tb deleted
C:\PROGRA~3\OberonGameConsole deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Gwen\AppData\Local\com deleted
C:\Users\Gwen\AppData\Local\AVG SafeGuard toolbar deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
"C:\Windows\Installer\4fa448b.msi" deleted
==== Files Recently Created / Modified ======================
====== C:\Windows ====
2014-11-12 11:50:26 F8CBA1051BE56D6B7D0E8F4FB2126992 532176386 ----a-w- C:\Windows\MEMORY.DMP
2014-11-11 21:01:00 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\Windows\PEV.exe
2014-11-11 21:01:00 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\Windows\grep.exe
2014-11-11 21:01:00 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\Windows\zip.exe
2014-11-11 21:01:00 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\Windows\SWSC.exe
2014-11-11 21:01:00 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\Windows\MBR.exe
====== C:\Users\Gwen\AppData\Local\Temp ====
2014-11-12 12:10:55 F07BAAC1621E4FE3426B0D36A10A979E 120192 ----a-w- C:\Users\Gwen\AppData\Local\Temp\clear.fiClient\cabarc.exe
2014-11-12 12:10:44 4E566FEA83FCEEAF2873702806B55006 43008 ----a-w- C:\Users\Gwen\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmojmxr.dll
2014-11-12 12:09:42 BCB0728F4B117855765CE8FE883B5E9B 1536 ----a-w- C:\Users\Gwen\AppData\Local\Temp\NOSEventMessages.dll
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-11-11 11:11:31 72F17AD67756AA2C594EFD547ACA6EA4 25400 ----a-w- C:\Windows\SysWOW64\authuitu.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-11-12 00:26:15 497AD90F3753DB93C6562FDED4F22025 3248 ----a-w- C:\Windows\Sysnative\.crusader
2014-11-11 11:11:44 6E79DC00CDA55C86B5DDF237210D0487 40248 ----a-w- C:\Windows\Sysnative\TURegOpt.exe
2014-11-11 11:11:33 1A231115B7BE5A7600CE39455EB9FAC0 29496 ----a-w- C:\Windows\Sysnative\authuitu.dll
2014-11-10 20:09:26 64BAFB4E5377056CDD71531097D69F6E 189912 ----a-w- C:\Windows\Sysnative\mfevtps.exe
====== C:\Windows\Sysnative\drivers =====
2014-11-12 00:40:32 975F2CAA23B9CF4420EAB6439BE4D233 37624 ----a-w- C:\Windows\Sysnative\drivers\TrueSight.sys
2014-11-11 12:43:51 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2014-11-11 12:42:29 D3311B31C470E7681B14D9B014CBF9ED 93400 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys
2014-11-11 12:42:29 95EF63A7827D4E3A229CBBCB42619E93 63704 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys
2014-11-11 12:42:28 5C3669B71657F22E67A1D4BD49D2CBE7 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys
2014-11-10 21:01:46 29F981739E50305128022CBE10B3659C 197704 ----a-w- C:\Windows\Sysnative\drivers\HipShieldK.sys
2014-11-10 21:01:45 947EA0AFF75E3E70D5BE9F88F6325F30 2641 ----a-w- C:\Windows\Sysnative\drivers\mfencrk.inf
2014-11-10 21:01:43 628DC155C32875B286B2742D10D196C2 5442 ----a-w- C:\Windows\Sysnative\drivers\mfencbdc.inf
2014-10-15 13:18:13 946010CDFA91469351B22E2620CEBCD8 663552 ----a-w- C:\Windows\Sysnative\drivers\PEAuth.sys
2014-10-15 13:18:01 80B9412C4DE09147581FC935FB4C97AB 61440 ----a-w- C:\Windows\Sysnative\drivers\appid.sys
2014-10-15 13:16:37 FE571E088C2D83619D2D48D4E961BF41 212480 ----a-w- C:\Windows\Sysnative\drivers\rdpwd.sys
2014-10-15 13:16:36 E232A3B43A894BB327FC161529BD9ED1 39936 ----a-w- C:\Windows\Sysnative\drivers\tssecsrv.sys
====== C:\Windows\Tasks ======
2014-11-12 00:52:16 E7169BF52C33D1B083F40E7EF64C22EE 2762 ----a-w- C:\Windows\Sysnative\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013
2014-11-11 12:34:30 997E4EE08F75AB3D2490882015030E0B 3704 ----a-w- C:\Windows\Sysnative\Tasks\Java(TM) Platform SE Auto Updater
2014-11-11 12:34:29 772096B1533565D97B73C65131B7AA23 3694 ----a-w- C:\Windows\Sysnative\Tasks\Adobe Reader and Acrobat Manager
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-11-11 22:27:59 -------- d-----w- C:\Program Files\HitmanPro
======= C:\PROGRA~2 =====
2014-11-11 16:11:01 -------- d-----w- C:\PROGRA~2\Anvisoft
======= C: =====
====== C:\Users\Gwen\AppData\Roaming ======
2014-11-11 21:50:39 -------- d-----w- C:\Users\Public\AppData\Local\temp
2014-11-11 21:50:39 -------- d-----w- C:\Users\Default\AppData\Local\temp
2014-11-11 21:50:39 -------- d-----w- C:\Users\Default User\AppData\Local\temp
2014-11-11 19:34:51 -------- d-----w- C:\Users\Gwen\AppData\Local\Mikogo
2014-11-11 11:13:24 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\AVG
2014-11-11 11:11:48 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Local\Avg
2014-11-11 11:10:05 -------- d-----w- C:\Users\Gwen\AppData\Roaming\AVG
2014-11-11 11:09:51 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Avg
2014-11-11 11:08:38 -------- d-----w- C:\Users\Gwen\AppData\Local\Avg
2014-11-11 11:05:49 -------- d-----w- C:\Users\Gwen\AppData\Roaming\AVG2015
2014-11-11 11:05:19 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\AVG2015
2014-11-11 11:04:49 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Avg2015
2014-11-11 11:02:59 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Local\Avg2015
2014-11-11 10:59:55 -------- d-----w- C:\Users\Gwen\AppData\Local\Avg2015
2014-11-09 22:51:32 -------- d-----w- C:\Users\Gwen\AppData\Local\Programs
====== C:\Users\Gwen ======
2014-11-12 03:20:11 02D817FF481EB12FE0CC34363809C05B 2116096 ----a-w- C:\Users\Gwen\Downloads\FRST64.exe
2014-11-12 00:40:27 -------- d-----w- C:\ProgramData\RogueKiller
2014-11-11 22:59:47 EA11B5C84321B89C4CE7C5EED3602C2A 1706808 ----a-w- C:\Users\Gwen\Downloads\JRT.exe
2014-11-11 22:42:47 6504113C2218667814D4F54847BA046A 2140160 ----a-w- C:\Users\Gwen\Downloads\adwcleaner_4.101.exe
2014-11-11 22:32:32 A20FA8B5AFA2323E9E1FB9880C3C28DB 17528920 ----a-w- C:\Users\Gwen\Desktop\RogueKillerX64.exe
2014-11-11 22:31:08 A20FA8B5AFA2323E9E1FB9880C3C28DB 17528920 ----a-w- C:\Users\Gwen\Downloads\RogueKillerX64.exe
2014-11-11 22:27:59 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-11-11 22:27:39 -------- d-----w- C:\ProgramData\HitmanPro
2014-11-11 22:09:29 00FD7C6BEDEE9B24B0DB02B68B07AD54 11222744 ----a-w- C:\Users\Gwen\Desktop\HitmanPro_x64.exe
2014-11-11 22:07:59 00FD7C6BEDEE9B24B0DB02B68B07AD54 11222744 ----a-w- C:\Users\Gwen\Downloads\HitmanPro_x64.exe
2014-11-11 21:58:37 FCCD0F6A733248E8F624B9FE813F0324 1944824 ----a-w- C:\Users\Gwen\Downloads\iExplore.exe
2014-11-11 21:50:39 -------- d-----w- C:\Users\Public\AppData
2014-11-11 16:11:11 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
2014-11-11 11:59:47 33398D340008A0577507FCA7FD443622 19828376 ----a-w- C:\Users\Gwen\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-11 11:11:12 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015
2014-11-11 11:06:20 -------- d-----w- C:\ProgramData\AVG
2014-11-11 11:04:06 -------- d-----w- C:\ProgramData\AVG2015
====== C: exe-files ==
2014-11-12 12:13:45 08F2392ADD51246541D7F75B7264F341 6650704 ----a-w- C:\Users\Gwen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3WMSO1G\Mikogo20141112131340_331311355_-006777656e__.exe
2014-11-12 12:10:55 F07BAAC1621E4FE3426B0D36A10A979E 120192 ----a-w- C:\Users\Gwen\AppData\Local\Temp\clear.fiClient\cabarc.exe
2014-11-12 02:28:14 FF8370BBC2CDCEB6E37F62B94164C0B9 3003792 ------w- C:\EEK\bin\a2cmd.exe
2014-11-12 02:28:14 C65330F138BD74C591E8DBE7160F4B57 5364528 ------w- C:\EEK\bin\a2emergencykit.exe
2014-11-12 02:28:14 9AFD5FD2A4001D64B7B6A8228BD05D19 432328 ------w- C:\EEK\Start Commandline Scanner.exe
2014-11-12 02:28:14 68EB001A76162315186EA5906F1F139E 432328 ------w- C:\EEK\Start Emergency Kit Scanner.exe
2014-11-12 02:28:14 3D7E47A121A58F7E1E639419E7CB28C0 1153912 ------w- C:\EEK\bin\BlitzBlank.exe
2014-11-12 02:28:14 242D0826D1E784DD7F28E6E604CC4CAA 423064 ------w- C:\EEK\Start BlitzBlank.exe
2014-11-11 22:42:47 6504113C2218667814D4F54847BA046A 2140160 ----a-w- C:\Users\Gwen\Downloads\adwcleaner_4.101.exe
2014-11-11 22:32:32 A20FA8B5AFA2323E9E1FB9880C3C28DB 17528920 ----a-w- C:\Users\Gwen\Desktop\RogueKillerX64.exe
2014-11-11 22:28:00 E9499A51801037F4E7CD2D7937D76542 127752 ----a-w- C:\Program Files\HitmanPro\hmpsched.exe
2014-11-11 22:27:59 00FD7C6BEDEE9B24B0DB02B68B07AD54 11222744 ----a-w- C:\Program Files\HitmanPro\HitmanPro.exe
2014-11-11 22:09:29 00FD7C6BEDEE9B24B0DB02B68B07AD54 11222744 ----a-w- C:\Users\Gwen\Desktop\HitmanPro_x64.exe
2014-11-11 16:11:10 4D686DE8222C1B6896300C74974AAAC4 371608 ----a-w- C:\Program Files (x86)\Anvisoft\Cloud System Booster\Uninstall.exe
=== C: other files ==
2014-11-12 02:28:15 DBC8CDAFC84E96E894C3BAAED9B30F47 50200 ------w- C:\EEK\bin\cleanhlp32.sys
2014-11-12 02:28:15 D27A8B7BB0E15DFBFC6B4E774EE17AD9 26176 ------w- C:\EEK\bin\a2ddax64.sys
2014-11-12 02:28:15 B794DCF38C965FA2F93C45A7C3D582C5 57024 ------w- C:\EEK\bin\cleanhlp64.sys
2014-11-12 02:28:15 B0CC0B50441372157F31C4C023D43A3E 22056 ------w- C:\EEK\bin\a2ddax86.sys
2014-11-12 00:40:32 975F2CAA23B9CF4420EAB6439BE4D233 37624 ----a-w- C:\Windows\System32\drivers\TrueSight.sys
2014-11-11 12:43:51 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-11-11 12:42:29 D3311B31C470E7681B14D9B014CBF9ED 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-11-11 12:42:29 95EF63A7827D4E3A229CBBCB42619E93 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-11-11 12:42:28 5C3669B71657F22E67A1D4BD49D2CBE7 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-11-10 21:01:46 29F981739E50305128022CBE10B3659C 197704 ----a-w- C:\Windows\System32\drivers\HipShieldK.sys
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-21-2071371351-3043768126-2165783208-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"NokiaSuite.exe"="C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray"
"Spotify Web Helper"="C:\Users\Gwen\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
"GarminExpressTrayApp"="C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
"Spotify"="C:\Users\Gwen\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart"
"CloudSystemBooster"="C:\Program Files (x86)\Anvisoft\Cloud System Booster\CloudSystemBooster.exe /hide /autorun"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}"
"KodakHomeCenter"="C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}"
"KodakHomeCenter"="C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"SuiteTray"="C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
"EgisTecPMMUpdate"="C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
"EgisUpdate"="C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe -d"
"Norton Online Backup"="C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe"
"BackupManagerTray"="C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe -h -k"
"NUSB3MON"="C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"LManager"="C:\Program Files (x86)\Launch Manager\LManager.exe"
"Dolby Home Theater v4"="C:\Dolby PCEE4\pcee4.exe -autostart"
"MDS_Menu"="C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\Acer\clear.fi\MediaEspresso UpdateWithCreateOnce Software\CyberLink\MediaEspresso\6.1"
"ArcadeMovieService"="C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
"AppleSyncNotifier"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"EKStatusMonitor"="C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe"
"mcpltui_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"NokiaSuite.exe"="C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray"
"Spotify Web Helper"="C:\Users\Gwen\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
"GarminExpressTrayApp"="C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
"Spotify"="C:\Users\Gwen\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart"
"CloudSystemBooster"="C:\Program Files (x86)\Anvisoft\Cloud System Booster\CloudSystemBooster.exe /hide /autorun"
==== Startup Registry Enabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"Power Management"="C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "
==== Startup Registry Disabled ======================
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-]
"MobileDocuments"="C:\\Program Files (x86)\\Common Files\\Apple\\Internet Services\\ubd.exe"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]
"Conime"="%windir%\\system32\\conime.exe"
"Adobe ARM"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
"QuickTime Task"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""
==== Startup Folders ======================
2012-12-13 17:47:49 1051 ----a-w- C:\Users\Gwen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
2011-03-09 13:46:31 1782 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
2014-01-31 11:20:42 2051 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launcher.lnk
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [26/09/2014 15:23]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [23/10/2014 08:08]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [23/10/2014 08:08]
==== Other Scheduled Tasks ======================
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\Adobe Reader and Acrobat Manager" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\Windows\SysNative\tasks\clear.fi" ["C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe"]
"C:\Windows\SysNative\tasks\clear.fiAgent" ["C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe"]
"C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]
"C:\Windows\SysNative\tasks\DMREngine" ["C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe"]
"C:\Windows\SysNative\tasks\GarminUpdaterTask" [C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\Java(TM) Platform SE Auto Updater" [C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe]
"C:\Windows\SysNative\tasks\TuneUpUtilities_Task_BkGndMaintenance2013" [C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files (x86)\McAfee\SiteAdvisor" [10/11/2014 21:31]
==== Chromium Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
fheoggkfdfchfphceeifdbepaooicaho - No path found[]
Google Voice Search Hotword (Beta) - Gwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
YouTube - Gwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Gwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
SiteAdvisor - Gwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho
Google Wallet - Gwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Gwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Chromium Fix ======================
C:\Users\Gwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A3C14B8429A918B46B359CF7BE589C01 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{48B41C3A-9A92-4B81-B653-C97FEB85C910} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DBA1BF66-8930-4DC5-937D-AB92522956B4} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\A3C14B8429A918B46B359CF7BE589C01 deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Gwen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Gwen\Desktop\97StationRd\Gwen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Gwen\Desktop\97StationRd\Gwen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Gwen\Desktop\97StationRd\Gwen\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Gwen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3WMSO1G will be deleted at reboot
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\Gwen\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=1204 folders=138 97259703 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Gwen\AppData\Local\Temp will be emptied at reboot
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Gwen\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\Gwen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3WMSO1G" not found
==== EOF on 12/11/2014 at 13:02:47.92 ======================
Output from ZOEK is below. Fixlog.txt attached
Zoek.exe v5.0.0.0 Updated 11-November-2014
Tool run by Gwen on 12/11/2014 at 12:17:29.42.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Gwen\Downloads\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
12/11/2014 12:26:50 Zoek.exe System Restore Point Created Succesfully.
==== Empty Folders Check ======================
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\Program Files\stinger deleted successfully
C:\PROGRA~3\Oracle deleted successfully
C:\PROGRA~3\{93E26451-CD9A-43A5-A2FA-C42392EA4001} deleted successfully
C:\Users\Gwen\AppData\Roaming\EncryptStick deleted successfully
C:\Users\Gwen\AppData\Roaming\PeerNetworking deleted successfully
C:\Users\Gwen\AppData\Roaming\webex deleted successfully
C:\Users\Gwen\AppData\Roaming\Windows Live Writer deleted successfully
C:\Users\Gwen\AppData\Local\NokiaAccount deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Batch Command(s) Run By Tool======================
==== Deleting Files \ Folders ======================
C:\PROGRA~3\{93E26451-CD9A-43A5-A2FA-C42392EA4001} not found
C:\Users\Gwen\AppData\Local\BackupControlJRE deleted
C:\Windows\Syswow64\CursorKeyboardSoftware deleted
C:\PROGRA~3\Avg_Update_0814tb deleted
C:\PROGRA~3\Avg_Update_1114tb deleted
C:\PROGRA~3\OberonGameConsole deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Gwen\AppData\Local\com deleted
C:\Users\Gwen\AppData\Local\AVG SafeGuard toolbar deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
"C:\Windows\Installer\4fa448b.msi" deleted
==== Files Recently Created / Modified ======================
====== C:\Windows ====
2014-11-12 11:50:26 F8CBA1051BE56D6B7D0E8F4FB2126992 532176386 ----a-w- C:\Windows\MEMORY.DMP
2014-11-11 21:01:00 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\Windows\PEV.exe
2014-11-11 21:01:00 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\Windows\grep.exe
2014-11-11 21:01:00 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\Windows\zip.exe
2014-11-11 21:01:00 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\Windows\SWSC.exe
2014-11-11 21:01:00 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\Windows\MBR.exe
====== C:\Users\Gwen\AppData\Local\Temp ====
2014-11-12 12:10:55 F07BAAC1621E4FE3426B0D36A10A979E 120192 ----a-w- C:\Users\Gwen\AppData\Local\Temp\clear.fiClient\cabarc.exe
2014-11-12 12:10:44 4E566FEA83FCEEAF2873702806B55006 43008 ----a-w- C:\Users\Gwen\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmojmxr.dll
2014-11-12 12:09:42 BCB0728F4B117855765CE8FE883B5E9B 1536 ----a-w- C:\Users\Gwen\AppData\Local\Temp\NOSEventMessages.dll
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-11-11 11:11:31 72F17AD67756AA2C594EFD547ACA6EA4 25400 ----a-w- C:\Windows\SysWOW64\authuitu.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-11-12 00:26:15 497AD90F3753DB93C6562FDED4F22025 3248 ----a-w- C:\Windows\Sysnative\.crusader
2014-11-11 11:11:44 6E79DC00CDA55C86B5DDF237210D0487 40248 ----a-w- C:\Windows\Sysnative\TURegOpt.exe
2014-11-11 11:11:33 1A231115B7BE5A7600CE39455EB9FAC0 29496 ----a-w- C:\Windows\Sysnative\authuitu.dll
2014-11-10 20:09:26 64BAFB4E5377056CDD71531097D69F6E 189912 ----a-w- C:\Windows\Sysnative\mfevtps.exe
====== C:\Windows\Sysnative\drivers =====
2014-11-12 00:40:32 975F2CAA23B9CF4420EAB6439BE4D233 37624 ----a-w- C:\Windows\Sysnative\drivers\TrueSight.sys
2014-11-11 12:43:51 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2014-11-11 12:42:29 D3311B31C470E7681B14D9B014CBF9ED 93400 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys
2014-11-11 12:42:29 95EF63A7827D4E3A229CBBCB42619E93 63704 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys
2014-11-11 12:42:28 5C3669B71657F22E67A1D4BD49D2CBE7 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys
2014-11-10 21:01:46 29F981739E50305128022CBE10B3659C 197704 ----a-w- C:\Windows\Sysnative\drivers\HipShieldK.sys
2014-11-10 21:01:45 947EA0AFF75E3E70D5BE9F88F6325F30 2641 ----a-w- C:\Windows\Sysnative\drivers\mfencrk.inf
2014-11-10 21:01:43 628DC155C32875B286B2742D10D196C2 5442 ----a-w- C:\Windows\Sysnative\drivers\mfencbdc.inf
2014-10-15 13:18:13 946010CDFA91469351B22E2620CEBCD8 663552 ----a-w- C:\Windows\Sysnative\drivers\PEAuth.sys
2014-10-15 13:18:01 80B9412C4DE09147581FC935FB4C97AB 61440 ----a-w- C:\Windows\Sysnative\drivers\appid.sys
2014-10-15 13:16:37 FE571E088C2D83619D2D48D4E961BF41 212480 ----a-w- C:\Windows\Sysnative\drivers\rdpwd.sys
2014-10-15 13:16:36 E232A3B43A894BB327FC161529BD9ED1 39936 ----a-w- C:\Windows\Sysnative\drivers\tssecsrv.sys
====== C:\Windows\Tasks ======
2014-11-12 00:52:16 E7169BF52C33D1B083F40E7EF64C22EE 2762 ----a-w- C:\Windows\Sysnative\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013
2014-11-11 12:34:30 997E4EE08F75AB3D2490882015030E0B 3704 ----a-w- C:\Windows\Sysnative\Tasks\Java(TM) Platform SE Auto Updater
2014-11-11 12:34:29 772096B1533565D97B73C65131B7AA23 3694 ----a-w- C:\Windows\Sysnative\Tasks\Adobe Reader and Acrobat Manager
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-11-11 22:27:59 -------- d-----w- C:\Program Files\HitmanPro
======= C:\PROGRA~2 =====
2014-11-11 16:11:01 -------- d-----w- C:\PROGRA~2\Anvisoft
======= C: =====
====== C:\Users\Gwen\AppData\Roaming ======
2014-11-11 21:50:39 -------- d-----w- C:\Users\Public\AppData\Local\temp
2014-11-11 21:50:39 -------- d-----w- C:\Users\Default\AppData\Local\temp
2014-11-11 21:50:39 -------- d-----w- C:\Users\Default User\AppData\Local\temp
2014-11-11 19:34:51 -------- d-----w- C:\Users\Gwen\AppData\Local\Mikogo
2014-11-11 11:13:24 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\AVG
2014-11-11 11:11:48 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Local\Avg
2014-11-11 11:10:05 -------- d-----w- C:\Users\Gwen\AppData\Roaming\AVG
2014-11-11 11:09:51 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Avg
2014-11-11 11:08:38 -------- d-----w- C:\Users\Gwen\AppData\Local\Avg
2014-11-11 11:05:49 -------- d-----w- C:\Users\Gwen\AppData\Roaming\AVG2015
2014-11-11 11:05:19 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\AVG2015
2014-11-11 11:04:49 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Avg2015
2014-11-11 11:02:59 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Local\Avg2015
2014-11-11 10:59:55 -------- d-----w- C:\Users\Gwen\AppData\Local\Avg2015
2014-11-09 22:51:32 -------- d-----w- C:\Users\Gwen\AppData\Local\Programs
====== C:\Users\Gwen ======
2014-11-12 03:20:11 02D817FF481EB12FE0CC34363809C05B 2116096 ----a-w- C:\Users\Gwen\Downloads\FRST64.exe
2014-11-12 00:40:27 -------- d-----w- C:\ProgramData\RogueKiller
2014-11-11 22:59:47 EA11B5C84321B89C4CE7C5EED3602C2A 1706808 ----a-w- C:\Users\Gwen\Downloads\JRT.exe
2014-11-11 22:42:47 6504113C2218667814D4F54847BA046A 2140160 ----a-w- C:\Users\Gwen\Downloads\adwcleaner_4.101.exe
2014-11-11 22:32:32 A20FA8B5AFA2323E9E1FB9880C3C28DB 17528920 ----a-w- C:\Users\Gwen\Desktop\RogueKillerX64.exe
2014-11-11 22:31:08 A20FA8B5AFA2323E9E1FB9880C3C28DB 17528920 ----a-w- C:\Users\Gwen\Downloads\RogueKillerX64.exe
2014-11-11 22:27:59 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-11-11 22:27:39 -------- d-----w- C:\ProgramData\HitmanPro
2014-11-11 22:09:29 00FD7C6BEDEE9B24B0DB02B68B07AD54 11222744 ----a-w- C:\Users\Gwen\Desktop\HitmanPro_x64.exe
2014-11-11 22:07:59 00FD7C6BEDEE9B24B0DB02B68B07AD54 11222744 ----a-w- C:\Users\Gwen\Downloads\HitmanPro_x64.exe
2014-11-11 21:58:37 FCCD0F6A733248E8F624B9FE813F0324 1944824 ----a-w- C:\Users\Gwen\Downloads\iExplore.exe
2014-11-11 21:50:39 -------- d-----w- C:\Users\Public\AppData
2014-11-11 16:11:11 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
2014-11-11 11:59:47 33398D340008A0577507FCA7FD443622 19828376 ----a-w- C:\Users\Gwen\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-11 11:11:12 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015
2014-11-11 11:06:20 -------- d-----w- C:\ProgramData\AVG
2014-11-11 11:04:06 -------- d-----w- C:\ProgramData\AVG2015
====== C: exe-files ==
2014-11-12 12:13:45 08F2392ADD51246541D7F75B7264F341 6650704 ----a-w- C:\Users\Gwen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3WMSO1G\Mikogo20141112131340_331311355_-006777656e__.exe
2014-11-12 12:10:55 F07BAAC1621E4FE3426B0D36A10A979E 120192 ----a-w- C:\Users\Gwen\AppData\Local\Temp\clear.fiClient\cabarc.exe
2014-11-12 02:28:14 FF8370BBC2CDCEB6E37F62B94164C0B9 3003792 ------w- C:\EEK\bin\a2cmd.exe
2014-11-12 02:28:14 C65330F138BD74C591E8DBE7160F4B57 5364528 ------w- C:\EEK\bin\a2emergencykit.exe
2014-11-12 02:28:14 9AFD5FD2A4001D64B7B6A8228BD05D19 432328 ------w- C:\EEK\Start Commandline Scanner.exe
2014-11-12 02:28:14 68EB001A76162315186EA5906F1F139E 432328 ------w- C:\EEK\Start Emergency Kit Scanner.exe
2014-11-12 02:28:14 3D7E47A121A58F7E1E639419E7CB28C0 1153912 ------w- C:\EEK\bin\BlitzBlank.exe
2014-11-12 02:28:14 242D0826D1E784DD7F28E6E604CC4CAA 423064 ------w- C:\EEK\Start BlitzBlank.exe
2014-11-11 22:42:47 6504113C2218667814D4F54847BA046A 2140160 ----a-w- C:\Users\Gwen\Downloads\adwcleaner_4.101.exe
2014-11-11 22:32:32 A20FA8B5AFA2323E9E1FB9880C3C28DB 17528920 ----a-w- C:\Users\Gwen\Desktop\RogueKillerX64.exe
2014-11-11 22:28:00 E9499A51801037F4E7CD2D7937D76542 127752 ----a-w- C:\Program Files\HitmanPro\hmpsched.exe
2014-11-11 22:27:59 00FD7C6BEDEE9B24B0DB02B68B07AD54 11222744 ----a-w- C:\Program Files\HitmanPro\HitmanPro.exe
2014-11-11 22:09:29 00FD7C6BEDEE9B24B0DB02B68B07AD54 11222744 ----a-w- C:\Users\Gwen\Desktop\HitmanPro_x64.exe
2014-11-11 16:11:10 4D686DE8222C1B6896300C74974AAAC4 371608 ----a-w- C:\Program Files (x86)\Anvisoft\Cloud System Booster\Uninstall.exe
=== C: other files ==
2014-11-12 02:28:15 DBC8CDAFC84E96E894C3BAAED9B30F47 50200 ------w- C:\EEK\bin\cleanhlp32.sys
2014-11-12 02:28:15 D27A8B7BB0E15DFBFC6B4E774EE17AD9 26176 ------w- C:\EEK\bin\a2ddax64.sys
2014-11-12 02:28:15 B794DCF38C965FA2F93C45A7C3D582C5 57024 ------w- C:\EEK\bin\cleanhlp64.sys
2014-11-12 02:28:15 B0CC0B50441372157F31C4C023D43A3E 22056 ------w- C:\EEK\bin\a2ddax86.sys
2014-11-12 00:40:32 975F2CAA23B9CF4420EAB6439BE4D233 37624 ----a-w- C:\Windows\System32\drivers\TrueSight.sys
2014-11-11 12:43:51 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-11-11 12:42:29 D3311B31C470E7681B14D9B014CBF9ED 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-11-11 12:42:29 95EF63A7827D4E3A229CBBCB42619E93 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-11-11 12:42:28 5C3669B71657F22E67A1D4BD49D2CBE7 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-11-10 21:01:46 29F981739E50305128022CBE10B3659C 197704 ----a-w- C:\Windows\System32\drivers\HipShieldK.sys
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-21-2071371351-3043768126-2165783208-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"NokiaSuite.exe"="C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray"
"Spotify Web Helper"="C:\Users\Gwen\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
"GarminExpressTrayApp"="C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
"Spotify"="C:\Users\Gwen\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart"
"CloudSystemBooster"="C:\Program Files (x86)\Anvisoft\Cloud System Booster\CloudSystemBooster.exe /hide /autorun"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}"
"KodakHomeCenter"="C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}"
"KodakHomeCenter"="C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"SuiteTray"="C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
"EgisTecPMMUpdate"="C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
"EgisUpdate"="C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe -d"
"Norton Online Backup"="C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe"
"BackupManagerTray"="C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe -h -k"
"NUSB3MON"="C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"LManager"="C:\Program Files (x86)\Launch Manager\LManager.exe"
"Dolby Home Theater v4"="C:\Dolby PCEE4\pcee4.exe -autostart"
"MDS_Menu"="C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\Acer\clear.fi\MediaEspresso UpdateWithCreateOnce Software\CyberLink\MediaEspresso\6.1"
"ArcadeMovieService"="C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
"AppleSyncNotifier"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"EKStatusMonitor"="C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe"
"mcpltui_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"NokiaSuite.exe"="C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray"
"Spotify Web Helper"="C:\Users\Gwen\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
"GarminExpressTrayApp"="C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
"Spotify"="C:\Users\Gwen\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart"
"CloudSystemBooster"="C:\Program Files (x86)\Anvisoft\Cloud System Booster\CloudSystemBooster.exe /hide /autorun"
==== Startup Registry Enabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"Power Management"="C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "
==== Startup Registry Disabled ======================
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-]
"MobileDocuments"="C:\\Program Files (x86)\\Common Files\\Apple\\Internet Services\\ubd.exe"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]
"Conime"="%windir%\\system32\\conime.exe"
"Adobe ARM"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
"QuickTime Task"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""
==== Startup Folders ======================
2012-12-13 17:47:49 1051 ----a-w- C:\Users\Gwen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
2011-03-09 13:46:31 1782 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
2014-01-31 11:20:42 2051 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launcher.lnk
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [26/09/2014 15:23]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [23/10/2014 08:08]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [23/10/2014 08:08]
==== Other Scheduled Tasks ======================
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\Adobe Reader and Acrobat Manager" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\Windows\SysNative\tasks\clear.fi" ["C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe"]
"C:\Windows\SysNative\tasks\clear.fiAgent" ["C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe"]
"C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]
"C:\Windows\SysNative\tasks\DMREngine" ["C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe"]
"C:\Windows\SysNative\tasks\GarminUpdaterTask" [C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\Java(TM) Platform SE Auto Updater" [C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe]
"C:\Windows\SysNative\tasks\TuneUpUtilities_Task_BkGndMaintenance2013" [C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files (x86)\McAfee\SiteAdvisor" [10/11/2014 21:31]
==== Chromium Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
fheoggkfdfchfphceeifdbepaooicaho - No path found[]
Google Voice Search Hotword (Beta) - Gwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
YouTube - Gwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Gwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
SiteAdvisor - Gwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho
Google Wallet - Gwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Gwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Chromium Fix ======================
C:\Users\Gwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A3C14B8429A918B46B359CF7BE589C01 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{48B41C3A-9A92-4B81-B653-C97FEB85C910} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DBA1BF66-8930-4DC5-937D-AB92522956B4} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\A3C14B8429A918B46B359CF7BE589C01 deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Gwen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Gwen\Desktop\97StationRd\Gwen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Gwen\Desktop\97StationRd\Gwen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Gwen\Desktop\97StationRd\Gwen\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Gwen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3WMSO1G will be deleted at reboot
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\Gwen\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=1204 folders=138 97259703 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Gwen\AppData\Local\Temp will be emptied at reboot
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Gwen\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\Gwen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3WMSO1G" not found
==== EOF on 12/11/2014 at 13:02:47.92 ======================
- Apr 24, 2014
- 3,395
Re-run zoek and run this script:
Please download Junkware Removal Tool to your desktop.
Code:
FFdefaults;
chrdefaults;
iedefaults;
emptyalltemp;
autoclean;
emptyclsid;
ipconfig /flushdns >> %temp%\log.txt;b
ipconfig /flushdns;b- Shut down your protection software now to avoid potential conflicts.
- Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
- The tool will open and start scanning your system.
- Please be patient as this can take a while to complete depending on your system's specifications.
- On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
- Post the contents of JRT.txt into your next message.
- Nov 11, 2014
- 7
I think we're fixed. Even if we're not and there is still work to do, my friend told me to say she is a single mum who runs a business, and this was affecting her only computer. She wants me to pass on her deepest thanks.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.7 (11.08.2014:1)
OS: Windows 7 Home Premium x64
Ran by Gwen on 12/11/2014 at 19:47:06.15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12/11/2014 at 19:56:30.77
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.7 (11.08.2014:1)
OS: Windows 7 Home Premium x64
Ran by Gwen on 12/11/2014 at 19:47:06.15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12/11/2014 at 19:56:30.77
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- Apr 24, 2014
- 3,395
Download DelFix by Xplode and save it to your desktop.
Tool deletes old system restore points and create a fresh system restore point after cleaning.
Greeting.
- Run the tool by right click on the
icon and Run as administrator option.
- Make sure that these ones are checked:
- Remove disinfection tools
- Purge system restore
- Reset system settings
- Push Run and wait until the tool completes his work.
- All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt)
Tool deletes old system restore points and create a fresh system restore point after cleaning.
Greeting.
- Nov 11, 2014
- 7
I think I made a mistake - in my last post I forgot to run zoek before running jrt. Will that have affected the outcome?
- Nov 11, 2014
- 7
OK, have run both zoek and JRT this time. Same result for JRT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.7 (11.08.2014:1)
OS: Windows 7 Home Premium x64
Ran by Gwen on 12/11/2014 at 21:45:42.90
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12/11/2014 at 21:55:29.95
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.7 (11.08.2014:1)
OS: Windows 7 Home Premium x64
Ran by Gwen on 12/11/2014 at 21:45:42.90
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12/11/2014 at 21:55:29.95
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- Nov 11, 2014
- 7
- Nov 11, 2014
- 7
HELP!
I have the same problem here with the popups and I can't seem to fix it.
The only problem is I'm running OSX10.10... so a Mac...
HELP!!!
I have the same problem here with the popups and I can't seem to fix it.
The only problem is I'm running OSX10.10... so a Mac...
HELP!!!
Similar threads
