Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
t.cttsrv!!!
Message
<blockquote data-quote="Mama Potter" data-source="post: 297839" data-attributes="member: 30627"><p>Thank you [USER=21493]@argus[/USER]</p><p></p><p>Output from ZOEK is below. Fixlog.txt attached</p><p></p><p></p><p>Zoek.exe v5.0.0.0 Updated 11-November-2014</p><p>Tool run by Gwen on 12/11/2014 at 12:17:29.42.</p><p>Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64</p><p>Running in: Normal Mode Internet Access Detected</p><p>Launched: C:\Users\Gwen\Downloads\zoek.exe [Scan all users] [Script inserted] </p><p></p><p>==== System Restore Info ======================</p><p></p><p>12/11/2014 12:26:50 Zoek.exe System Restore Point Created Succesfully.</p><p></p><p>==== Empty Folders Check ======================</p><p></p><p>C:\PROGRA~2\MSXML 4.0 deleted successfully</p><p>C:\Program Files\stinger deleted successfully</p><p>C:\PROGRA~3\Oracle deleted successfully</p><p>C:\PROGRA~3\{93E26451-CD9A-43A5-A2FA-C42392EA4001} deleted successfully</p><p>C:\Users\Gwen\AppData\Roaming\EncryptStick deleted successfully</p><p>C:\Users\Gwen\AppData\Roaming\PeerNetworking deleted successfully</p><p>C:\Users\Gwen\AppData\Roaming\webex deleted successfully</p><p>C:\Users\Gwen\AppData\Roaming\Windows Live Writer deleted successfully</p><p>C:\Users\Gwen\AppData\Local\NokiaAccount deleted successfully</p><p></p><p>==== Deleting CLSID Registry Keys ======================</p><p></p><p></p><p>==== Deleting CLSID Registry Values ======================</p><p></p><p></p><p>==== Deleting Services ======================</p><p></p><p></p><p>==== Batch Command(s) Run By Tool======================</p><p></p><p></p><p>==== Deleting Files \ Folders ======================</p><p></p><p>C:\PROGRA~3\{93E26451-CD9A-43A5-A2FA-C42392EA4001} not found</p><p>C:\Users\Gwen\AppData\Local\BackupControlJRE deleted</p><p>C:\Windows\Syswow64\CursorKeyboardSoftware deleted</p><p>C:\PROGRA~3\Avg_Update_0814tb deleted</p><p>C:\PROGRA~3\Avg_Update_1114tb deleted</p><p>C:\PROGRA~3\OberonGameConsole deleted</p><p>C:\PROGRA~3\Package Cache deleted</p><p>C:\Users\Gwen\AppData\Local\com deleted</p><p>C:\Users\Gwen\AppData\Local\AVG SafeGuard toolbar deleted</p><p>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk deleted</p><p>C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar deleted</p><p>C:\Windows\SysNative\config\systemprofile\Searches deleted</p><p>C:\windows\SysNative\GroupPolicy\Machine deleted</p><p>C:\windows\SysNative\GroupPolicy\User deleted</p><p>C:\windows\SysNative\GroupPolicy\gpt.ini deleted</p><p>"C:\Windows\Installer\4fa448b.msi" deleted</p><p></p><p>==== Files Recently Created / Modified ======================</p><p></p><p>====== C:\Windows ====</p><p>2014-11-12 11:50:26 F8CBA1051BE56D6B7D0E8F4FB2126992 532176386 ----a-w- C:\Windows\MEMORY.DMP</p><p>2014-11-11 21:01:00 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\Windows\PEV.exe</p><p>2014-11-11 21:01:00 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\Windows\grep.exe</p><p>2014-11-11 21:01:00 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\Windows\zip.exe</p><p>2014-11-11 21:01:00 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\Windows\SWSC.exe</p><p>2014-11-11 21:01:00 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\Windows\MBR.exe</p><p>====== C:\Users\Gwen\AppData\Local\Temp ====</p><p>2014-11-12 12:10:55 F07BAAC1621E4FE3426B0D36A10A979E 120192 ----a-w- C:\Users\Gwen\AppData\Local\Temp\clear.fiClient\cabarc.exe</p><p>2014-11-12 12:10:44 4E566FEA83FCEEAF2873702806B55006 43008 ----a-w- C:\Users\Gwen\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmojmxr.dll</p><p>2014-11-12 12:09:42 BCB0728F4B117855765CE8FE883B5E9B 1536 ----a-w- C:\Users\Gwen\AppData\Local\Temp\NOSEventMessages.dll</p><p>====== Java Cache =====</p><p>====== C:\Windows\SysWOW64 =====</p><p>2014-11-11 11:11:31 72F17AD67756AA2C594EFD547ACA6EA4 25400 ----a-w- C:\Windows\SysWOW64\authuitu.dll</p><p>====== C:\Windows\SysWOW64\drivers =====</p><p>====== C:\Windows\Sysnative =====</p><p>2014-11-12 00:26:15 497AD90F3753DB93C6562FDED4F22025 3248 ----a-w- C:\Windows\Sysnative\.crusader</p><p>2014-11-11 11:11:44 6E79DC00CDA55C86B5DDF237210D0487 40248 ----a-w- C:\Windows\Sysnative\TURegOpt.exe</p><p>2014-11-11 11:11:33 1A231115B7BE5A7600CE39455EB9FAC0 29496 ----a-w- C:\Windows\Sysnative\authuitu.dll</p><p>2014-11-10 20:09:26 64BAFB4E5377056CDD71531097D69F6E 189912 ----a-w- C:\Windows\Sysnative\mfevtps.exe</p><p>====== C:\Windows\Sysnative\drivers =====</p><p>2014-11-12 00:40:32 975F2CAA23B9CF4420EAB6439BE4D233 37624 ----a-w- C:\Windows\Sysnative\drivers\TrueSight.sys</p><p>2014-11-11 12:43:51 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys</p><p>2014-11-11 12:42:29 D3311B31C470E7681B14D9B014CBF9ED 93400 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys</p><p>2014-11-11 12:42:29 95EF63A7827D4E3A229CBBCB42619E93 63704 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys</p><p>2014-11-11 12:42:28 5C3669B71657F22E67A1D4BD49D2CBE7 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys</p><p>2014-11-10 21:01:46 29F981739E50305128022CBE10B3659C 197704 ----a-w- C:\Windows\Sysnative\drivers\HipShieldK.sys</p><p>2014-11-10 21:01:45 947EA0AFF75E3E70D5BE9F88F6325F30 2641 ----a-w- C:\Windows\Sysnative\drivers\mfencrk.inf</p><p>2014-11-10 21:01:43 628DC155C32875B286B2742D10D196C2 5442 ----a-w- C:\Windows\Sysnative\drivers\mfencbdc.inf</p><p>2014-10-15 13:18:13 946010CDFA91469351B22E2620CEBCD8 663552 ----a-w- C:\Windows\Sysnative\drivers\PEAuth.sys</p><p>2014-10-15 13:18:01 80B9412C4DE09147581FC935FB4C97AB 61440 ----a-w- C:\Windows\Sysnative\drivers\appid.sys</p><p>2014-10-15 13:16:37 FE571E088C2D83619D2D48D4E961BF41 212480 ----a-w- C:\Windows\Sysnative\drivers\rdpwd.sys</p><p>2014-10-15 13:16:36 E232A3B43A894BB327FC161529BD9ED1 39936 ----a-w- C:\Windows\Sysnative\drivers\tssecsrv.sys</p><p>====== C:\Windows\Tasks ======</p><p>2014-11-12 00:52:16 E7169BF52C33D1B083F40E7EF64C22EE 2762 ----a-w- C:\Windows\Sysnative\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013</p><p>2014-11-11 12:34:30 997E4EE08F75AB3D2490882015030E0B 3704 ----a-w- C:\Windows\Sysnative\Tasks\Java(TM) Platform SE Auto Updater</p><p>2014-11-11 12:34:29 772096B1533565D97B73C65131B7AA23 3694 ----a-w- C:\Windows\Sysnative\Tasks\Adobe Reader and Acrobat Manager</p><p>====== C:\Windows\Temp ======</p><p>======= C:\Program Files =====</p><p>2014-11-11 22:27:59 -------- d-----w- C:\Program Files\HitmanPro</p><p>======= C:\PROGRA~2 =====</p><p>2014-11-11 16:11:01 -------- d-----w- C:\PROGRA~2\Anvisoft</p><p>======= C: =====</p><p>====== C:\Users\Gwen\AppData\Roaming ======</p><p>2014-11-11 21:50:39 -------- d-----w- C:\Users\Public\AppData\Local\temp</p><p>2014-11-11 21:50:39 -------- d-----w- C:\Users\Default\AppData\Local\temp</p><p>2014-11-11 21:50:39 -------- d-----w- C:\Users\Default User\AppData\Local\temp</p><p>2014-11-11 19:34:51 -------- d-----w- C:\Users\Gwen\AppData\Local\Mikogo</p><p>2014-11-11 11:13:24 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\AVG</p><p>2014-11-11 11:11:48 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Local\Avg</p><p>2014-11-11 11:10:05 -------- d-----w- C:\Users\Gwen\AppData\Roaming\AVG</p><p>2014-11-11 11:09:51 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Avg</p><p>2014-11-11 11:08:38 -------- d-----w- C:\Users\Gwen\AppData\Local\Avg</p><p>2014-11-11 11:05:49 -------- d-----w- C:\Users\Gwen\AppData\Roaming\AVG2015</p><p>2014-11-11 11:05:19 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\AVG2015</p><p>2014-11-11 11:04:49 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Avg2015</p><p>2014-11-11 11:02:59 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Local\Avg2015</p><p>2014-11-11 10:59:55 -------- d-----w- C:\Users\Gwen\AppData\Local\Avg2015</p><p>2014-11-09 22:51:32 -------- d-----w- C:\Users\Gwen\AppData\Local\Programs</p><p>====== C:\Users\Gwen ======</p><p>2014-11-12 03:20:11 02D817FF481EB12FE0CC34363809C05B 2116096 ----a-w- C:\Users\Gwen\Downloads\FRST64.exe</p><p>2014-11-12 00:40:27 -------- d-----w- C:\ProgramData\RogueKiller</p><p>2014-11-11 22:59:47 EA11B5C84321B89C4CE7C5EED3602C2A 1706808 ----a-w- C:\Users\Gwen\Downloads\JRT.exe</p><p>2014-11-11 22:42:47 6504113C2218667814D4F54847BA046A 2140160 ----a-w- C:\Users\Gwen\Downloads\adwcleaner_4.101.exe</p><p>2014-11-11 22:32:32 A20FA8B5AFA2323E9E1FB9880C3C28DB 17528920 ----a-w- C:\Users\Gwen\Desktop\RogueKillerX64.exe</p><p>2014-11-11 22:31:08 A20FA8B5AFA2323E9E1FB9880C3C28DB 17528920 ----a-w- C:\Users\Gwen\Downloads\RogueKillerX64.exe</p><p>2014-11-11 22:27:59 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro</p><p>2014-11-11 22:27:39 -------- d-----w- C:\ProgramData\HitmanPro</p><p>2014-11-11 22:09:29 00FD7C6BEDEE9B24B0DB02B68B07AD54 11222744 ----a-w- C:\Users\Gwen\Desktop\HitmanPro_x64.exe</p><p>2014-11-11 22:07:59 00FD7C6BEDEE9B24B0DB02B68B07AD54 11222744 ----a-w- C:\Users\Gwen\Downloads\HitmanPro_x64.exe</p><p>2014-11-11 21:58:37 FCCD0F6A733248E8F624B9FE813F0324 1944824 ----a-w- C:\Users\Gwen\Downloads\iExplore.exe</p><p>2014-11-11 21:50:39 -------- d-----w- C:\Users\Public\AppData</p><p>2014-11-11 16:11:11 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft</p><p>2014-11-11 11:59:47 33398D340008A0577507FCA7FD443622 19828376 ----a-w- C:\Users\Gwen\Downloads\mbam-setup-2.0.3.1025.exe</p><p>2014-11-11 11:11:12 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015</p><p>2014-11-11 11:06:20 -------- d-----w- C:\ProgramData\AVG</p><p>2014-11-11 11:04:06 -------- d-----w- C:\ProgramData\AVG2015</p><p></p><p>====== C: exe-files ==</p><p>2014-11-12 12:13:45 08F2392ADD51246541D7F75B7264F341 6650704 ----a-w- C:\Users\Gwen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3WMSO1G\Mikogo20141112131340_331311355_-006777656e__.exe</p><p>2014-11-12 12:10:55 F07BAAC1621E4FE3426B0D36A10A979E 120192 ----a-w- C:\Users\Gwen\AppData\Local\Temp\clear.fiClient\cabarc.exe</p><p>2014-11-12 02:28:14 FF8370BBC2CDCEB6E37F62B94164C0B9 3003792 ------w- C:\EEK\bin\a2cmd.exe</p><p>2014-11-12 02:28:14 C65330F138BD74C591E8DBE7160F4B57 5364528 ------w- C:\EEK\bin\a2emergencykit.exe</p><p>2014-11-12 02:28:14 9AFD5FD2A4001D64B7B6A8228BD05D19 432328 ------w- C:\EEK\Start Commandline Scanner.exe</p><p>2014-11-12 02:28:14 68EB001A76162315186EA5906F1F139E 432328 ------w- C:\EEK\Start Emergency Kit Scanner.exe</p><p>2014-11-12 02:28:14 3D7E47A121A58F7E1E639419E7CB28C0 1153912 ------w- C:\EEK\bin\BlitzBlank.exe</p><p>2014-11-12 02:28:14 242D0826D1E784DD7F28E6E604CC4CAA 423064 ------w- C:\EEK\Start BlitzBlank.exe</p><p>2014-11-11 22:42:47 6504113C2218667814D4F54847BA046A 2140160 ----a-w- C:\Users\Gwen\Downloads\adwcleaner_4.101.exe</p><p>2014-11-11 22:32:32 A20FA8B5AFA2323E9E1FB9880C3C28DB 17528920 ----a-w- C:\Users\Gwen\Desktop\RogueKillerX64.exe</p><p>2014-11-11 22:28:00 E9499A51801037F4E7CD2D7937D76542 127752 ----a-w- C:\Program Files\HitmanPro\hmpsched.exe</p><p>2014-11-11 22:27:59 00FD7C6BEDEE9B24B0DB02B68B07AD54 11222744 ----a-w- C:\Program Files\HitmanPro\HitmanPro.exe</p><p>2014-11-11 22:09:29 00FD7C6BEDEE9B24B0DB02B68B07AD54 11222744 ----a-w- C:\Users\Gwen\Desktop\HitmanPro_x64.exe</p><p>2014-11-11 16:11:10 4D686DE8222C1B6896300C74974AAAC4 371608 ----a-w- C:\Program Files (x86)\Anvisoft\Cloud System Booster\Uninstall.exe</p><p>=== C: other files ==</p><p>2014-11-12 02:28:15 DBC8CDAFC84E96E894C3BAAED9B30F47 50200 ------w- C:\EEK\bin\cleanhlp32.sys</p><p>2014-11-12 02:28:15 D27A8B7BB0E15DFBFC6B4E774EE17AD9 26176 ------w- C:\EEK\bin\a2ddax64.sys</p><p>2014-11-12 02:28:15 B794DCF38C965FA2F93C45A7C3D582C5 57024 ------w- C:\EEK\bin\cleanhlp64.sys</p><p>2014-11-12 02:28:15 B0CC0B50441372157F31C4C023D43A3E 22056 ------w- C:\EEK\bin\a2ddax86.sys</p><p>2014-11-12 00:40:32 975F2CAA23B9CF4420EAB6439BE4D233 37624 ----a-w- C:\Windows\System32\drivers\TrueSight.sys</p><p>2014-11-11 12:43:51 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys</p><p>2014-11-11 12:42:29 D3311B31C470E7681B14D9B014CBF9ED 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys</p><p>2014-11-11 12:42:29 95EF63A7827D4E3A229CBBCB42619E93 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys</p><p>2014-11-11 12:42:28 5C3669B71657F22E67A1D4BD49D2CBE7 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys</p><p>2014-11-10 21:01:46 29F981739E50305128022CBE10B3659C 197704 ----a-w- C:\Windows\System32\drivers\HipShieldK.sys</p><p></p><p>==== Startup Registry Enabled ======================</p><p></p><p>[HKEY_USERS\S-1-5-21-2071371351-3043768126-2165783208-1001\Software\Microsoft\Windows\CurrentVersion\Run]</p><p>"NokiaSuite.exe"="C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray"</p><p>"Spotify Web Helper"="C:\Users\Gwen\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"</p><p>"GarminExpressTrayApp"="C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"</p><p>"Spotify"="C:\Users\Gwen\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart"</p><p>"CloudSystemBooster"="C:\Program Files (x86)\Anvisoft\Cloud System Booster\CloudSystemBooster.exe /hide /autorun"</p><p></p><p>[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]</p><p>"IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}"</p><p>"KodakHomeCenter"="C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe"</p><p></p><p>[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]</p><p>"IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}"</p><p>"KodakHomeCenter"="C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe"</p><p></p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</p><p>"IAStorIcon"="C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"</p><p>"SuiteTray"="C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"</p><p>"EgisTecPMMUpdate"="C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"</p><p>"EgisUpdate"="C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe -d"</p><p>"Norton Online Backup"="C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe"</p><p>"BackupManagerTray"="C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe -h -k"</p><p>"NUSB3MON"="C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"</p><p>"LManager"="C:\Program Files (x86)\Launch Manager\LManager.exe"</p><p>"Dolby Home Theater v4"="C:\Dolby PCEE4\pcee4.exe -autostart"</p><p>"MDS_Menu"="C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\Acer\clear.fi\MediaEspresso UpdateWithCreateOnce Software\CyberLink\MediaEspresso\6.1"</p><p>"ArcadeMovieService"="C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"</p><p>"AppleSyncNotifier"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe"</p><p>"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"</p><p>"EKStatusMonitor"="C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe"</p><p>"mcpltui_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey"</p><p></p><p>[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]</p><p>"NokiaSuite.exe"="C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray"</p><p>"Spotify Web Helper"="C:\Users\Gwen\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"</p><p>"GarminExpressTrayApp"="C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"</p><p>"Spotify"="C:\Users\Gwen\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart"</p><p>"CloudSystemBooster"="C:\Program Files (x86)\Anvisoft\Cloud System Booster\CloudSystemBooster.exe /hide /autorun"</p><p></p><p>==== Startup Registry Enabled x64 ======================</p><p></p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</p><p>"IgfxTray"="C:\Windows\system32\igfxtray.exe"</p><p>"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"</p><p>"Persistence"="C:\Windows\system32\igfxpers.exe"</p><p>"Power Management"="C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe"</p><p>"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "</p><p></p><p>==== Startup Registry Disabled ======================</p><p></p><p>[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-]</p><p>"MobileDocuments"="C:\\Program Files (x86)\\Common Files\\Apple\\Internet Services\\ubd.exe"</p><p></p><p></p><p>[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]</p><p>"Conime"="%windir%\\system32\\conime.exe"</p><p>"Adobe ARM"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""</p><p>"QuickTime Task"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime"</p><p>"iTunesHelper"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""</p><p>"SunJavaUpdateSched"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""</p><p></p><p></p><p>==== Startup Folders ======================</p><p></p><p>2012-12-13 17:47:49 1051 ----a-w- C:\Users\Gwen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk</p><p>2011-03-09 13:46:31 1782 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk</p><p>2014-01-31 11:20:42 2051 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launcher.lnk</p><p></p><p>==== Task Scheduler Jobs ======================</p><p></p><p>C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [26/09/2014 15:23]</p><p>C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [23/10/2014 08:08]</p><p>C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [23/10/2014 08:08]</p><p></p><p>==== Other Scheduled Tasks ======================</p><p></p><p>"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]</p><p>"C:\Windows\SysNative\tasks\Adobe Reader and Acrobat Manager" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]</p><p>"C:\Windows\SysNative\tasks\clear.fi" ["C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe"]</p><p>"C:\Windows\SysNative\tasks\clear.fiAgent" ["C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe"]</p><p>"C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]</p><p>"C:\Windows\SysNative\tasks\DMREngine" ["C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe"]</p><p>"C:\Windows\SysNative\tasks\GarminUpdaterTask" [C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe]</p><p>"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]</p><p>"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]</p><p>"C:\Windows\SysNative\tasks\Java(TM) Platform SE Auto Updater" [C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe]</p><p>"C:\Windows\SysNative\tasks\TuneUpUtilities_Task_BkGndMaintenance2013" [C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe]</p><p>"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]</p><p></p><p>==== Firefox Extensions Registry ======================</p><p></p><p>[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]</p><p>"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files (x86)\McAfee\SiteAdvisor" [10/11/2014 21:31]</p><p></p><p>==== Chromium Look ======================</p><p></p><p>HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions</p><p>fheoggkfdfchfphceeifdbepaooicaho - No path found[]</p><p></p><p>Google Voice Search Hotword (Beta) - Gwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn</p><p>YouTube - Gwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo</p><p>Google Search - Gwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf</p><p>SiteAdvisor - Gwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho</p><p>Google Wallet - Gwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda</p><p>Gmail - Gwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia</p><p></p><p>==== Chromium Fix ======================</p><p></p><p>C:\Users\Gwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho deleted successfully</p><p></p><p>==== Set IE to Default ======================</p><p></p><p>Old Values:</p><p>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]</p><p>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]</p><p>"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"</p><p></p><p>New Values:</p><p>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]</p><p>"Start Page"="<a href="http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank">http://go.microsoft.com/fwlink/?LinkId=69157</a>"</p><p>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]</p><p>"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"</p><p></p><p>==== All HKCU SearchScopes ======================</p><p></p><p>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes</p><p>{012E1000-F331-11DB-8314-0800200C9A66} Google Url="<a href="http://www.google.com/search?q={searchTerms}" target="_blank">http://www.google.com/search?q={searchTerms}</a>"</p><p>{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="<a href="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" target="_blank">http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC</a>"</p><p></p><p>==== Deleting Registry Keys ======================</p><p></p><p>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A3C14B8429A918B46B359CF7BE589C01 deleted successfully</p><p>HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho deleted successfully</p><p>HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho deleted successfully</p><p>HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA} deleted successfully</p><p>HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{48B41C3A-9A92-4B81-B653-C97FEB85C910} deleted successfully</p><p>HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DBA1BF66-8930-4DC5-937D-AB92522956B4} deleted successfully</p><p>HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\A3C14B8429A918B46B359CF7BE589C01 deleted successfully</p><p></p><p>==== Empty IE Cache ======================</p><p></p><p>C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\Users\Gwen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully</p><p>C:\Users\Gwen\Desktop\97StationRd\Gwen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\Users\Gwen\Desktop\97StationRd\Gwen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully</p><p>C:\Users\Gwen\Desktop\97StationRd\Gwen\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\Users\Gwen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3WMSO1G will be deleted at reboot</p><p></p><p>==== Empty FireFox Cache ======================</p><p></p><p>No FireFox Profiles found</p><p></p><p>==== Empty Chrome Cache ======================</p><p></p><p>C:\Users\Gwen\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully</p><p></p><p>==== Empty All Flash Cache ======================</p><p></p><p>Flash Cache Emptied Successfully</p><p></p><p>==== Empty All Java Cache ======================</p><p></p><p>Java Cache cleared successfully</p><p></p><p>==== C:\zoek_backup content ======================</p><p></p><p>C:\zoek_backup (files=1204 folders=138 97259703 bytes)</p><p></p><p>==== Empty Temp Folders ======================</p><p></p><p>C:\Users\Default\AppData\Local\temp emptied successfully</p><p>C:\Users\Default User\AppData\Local\temp emptied successfully</p><p>C:\Users\Gwen\AppData\Local\Temp will be emptied at reboot</p><p>C:\Users\Public\AppData\Local\temp emptied successfully</p><p>C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully</p><p>C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully</p><p>C:\Windows\Temp will be emptied at reboot</p><p></p><p>==== After Reboot ======================</p><p></p><p>==== Empty Temp Folders ======================</p><p></p><p>C:\Windows\Temp successfully emptied</p><p>C:\Users\Gwen\AppData\Local\Temp successfully emptied</p><p></p><p>==== Empty Recycle Bin ======================</p><p></p><p>C:\$RECYCLE.BIN successfully emptied</p><p></p><p>==== Deleting Files / Folders ======================</p><p></p><p>"C:\Users\Gwen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3WMSO1G" not found</p><p></p><p>==== EOF on 12/11/2014 at 13:02:47.92 ======================</p></blockquote><p></p>
[QUOTE="Mama Potter, post: 297839, member: 30627"] Thank you [USER=21493]@argus[/USER] Output from ZOEK is below. Fixlog.txt attached Zoek.exe v5.0.0.0 Updated 11-November-2014 Tool run by Gwen on 12/11/2014 at 12:17:29.42. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Gwen\Downloads\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 12/11/2014 12:26:50 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\MSXML 4.0 deleted successfully C:\Program Files\stinger deleted successfully C:\PROGRA~3\Oracle deleted successfully C:\PROGRA~3\{93E26451-CD9A-43A5-A2FA-C42392EA4001} deleted successfully C:\Users\Gwen\AppData\Roaming\EncryptStick deleted successfully C:\Users\Gwen\AppData\Roaming\PeerNetworking deleted successfully C:\Users\Gwen\AppData\Roaming\webex deleted successfully C:\Users\Gwen\AppData\Roaming\Windows Live Writer deleted successfully C:\Users\Gwen\AppData\Local\NokiaAccount deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Batch Command(s) Run By Tool====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~3\{93E26451-CD9A-43A5-A2FA-C42392EA4001} not found C:\Users\Gwen\AppData\Local\BackupControlJRE deleted C:\Windows\Syswow64\CursorKeyboardSoftware deleted C:\PROGRA~3\Avg_Update_0814tb deleted C:\PROGRA~3\Avg_Update_1114tb deleted C:\PROGRA~3\OberonGameConsole deleted C:\PROGRA~3\Package Cache deleted C:\Users\Gwen\AppData\Local\com deleted C:\Users\Gwen\AppData\Local\AVG SafeGuard toolbar deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk deleted C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\windows\SysNative\GroupPolicy\Machine deleted C:\windows\SysNative\GroupPolicy\User deleted C:\windows\SysNative\GroupPolicy\gpt.ini deleted "C:\Windows\Installer\4fa448b.msi" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2014-11-12 11:50:26 F8CBA1051BE56D6B7D0E8F4FB2126992 532176386 ----a-w- C:\Windows\MEMORY.DMP 2014-11-11 21:01:00 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\Windows\PEV.exe 2014-11-11 21:01:00 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\Windows\grep.exe 2014-11-11 21:01:00 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\Windows\zip.exe 2014-11-11 21:01:00 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\Windows\SWSC.exe 2014-11-11 21:01:00 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\Windows\MBR.exe ====== C:\Users\Gwen\AppData\Local\Temp ==== 2014-11-12 12:10:55 F07BAAC1621E4FE3426B0D36A10A979E 120192 ----a-w- C:\Users\Gwen\AppData\Local\Temp\clear.fiClient\cabarc.exe 2014-11-12 12:10:44 4E566FEA83FCEEAF2873702806B55006 43008 ----a-w- C:\Users\Gwen\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmojmxr.dll 2014-11-12 12:09:42 BCB0728F4B117855765CE8FE883B5E9B 1536 ----a-w- C:\Users\Gwen\AppData\Local\Temp\NOSEventMessages.dll ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2014-11-11 11:11:31 72F17AD67756AA2C594EFD547ACA6EA4 25400 ----a-w- C:\Windows\SysWOW64\authuitu.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2014-11-12 00:26:15 497AD90F3753DB93C6562FDED4F22025 3248 ----a-w- C:\Windows\Sysnative\.crusader 2014-11-11 11:11:44 6E79DC00CDA55C86B5DDF237210D0487 40248 ----a-w- C:\Windows\Sysnative\TURegOpt.exe 2014-11-11 11:11:33 1A231115B7BE5A7600CE39455EB9FAC0 29496 ----a-w- C:\Windows\Sysnative\authuitu.dll 2014-11-10 20:09:26 64BAFB4E5377056CDD71531097D69F6E 189912 ----a-w- C:\Windows\Sysnative\mfevtps.exe ====== C:\Windows\Sysnative\drivers ===== 2014-11-12 00:40:32 975F2CAA23B9CF4420EAB6439BE4D233 37624 ----a-w- C:\Windows\Sysnative\drivers\TrueSight.sys 2014-11-11 12:43:51 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys 2014-11-11 12:42:29 D3311B31C470E7681B14D9B014CBF9ED 93400 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys 2014-11-11 12:42:29 95EF63A7827D4E3A229CBBCB42619E93 63704 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys 2014-11-11 12:42:28 5C3669B71657F22E67A1D4BD49D2CBE7 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys 2014-11-10 21:01:46 29F981739E50305128022CBE10B3659C 197704 ----a-w- C:\Windows\Sysnative\drivers\HipShieldK.sys 2014-11-10 21:01:45 947EA0AFF75E3E70D5BE9F88F6325F30 2641 ----a-w- C:\Windows\Sysnative\drivers\mfencrk.inf 2014-11-10 21:01:43 628DC155C32875B286B2742D10D196C2 5442 ----a-w- C:\Windows\Sysnative\drivers\mfencbdc.inf 2014-10-15 13:18:13 946010CDFA91469351B22E2620CEBCD8 663552 ----a-w- C:\Windows\Sysnative\drivers\PEAuth.sys 2014-10-15 13:18:01 80B9412C4DE09147581FC935FB4C97AB 61440 ----a-w- C:\Windows\Sysnative\drivers\appid.sys 2014-10-15 13:16:37 FE571E088C2D83619D2D48D4E961BF41 212480 ----a-w- C:\Windows\Sysnative\drivers\rdpwd.sys 2014-10-15 13:16:36 E232A3B43A894BB327FC161529BD9ED1 39936 ----a-w- C:\Windows\Sysnative\drivers\tssecsrv.sys ====== C:\Windows\Tasks ====== 2014-11-12 00:52:16 E7169BF52C33D1B083F40E7EF64C22EE 2762 ----a-w- C:\Windows\Sysnative\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 2014-11-11 12:34:30 997E4EE08F75AB3D2490882015030E0B 3704 ----a-w- C:\Windows\Sysnative\Tasks\Java(TM) Platform SE Auto Updater 2014-11-11 12:34:29 772096B1533565D97B73C65131B7AA23 3694 ----a-w- C:\Windows\Sysnative\Tasks\Adobe Reader and Acrobat Manager ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-11-11 22:27:59 -------- d-----w- C:\Program Files\HitmanPro ======= C:\PROGRA~2 ===== 2014-11-11 16:11:01 -------- d-----w- C:\PROGRA~2\Anvisoft ======= C: ===== ====== C:\Users\Gwen\AppData\Roaming ====== 2014-11-11 21:50:39 -------- d-----w- C:\Users\Public\AppData\Local\temp 2014-11-11 21:50:39 -------- d-----w- C:\Users\Default\AppData\Local\temp 2014-11-11 21:50:39 -------- d-----w- C:\Users\Default User\AppData\Local\temp 2014-11-11 19:34:51 -------- d-----w- C:\Users\Gwen\AppData\Local\Mikogo 2014-11-11 11:13:24 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\AVG 2014-11-11 11:11:48 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Local\Avg 2014-11-11 11:10:05 -------- d-----w- C:\Users\Gwen\AppData\Roaming\AVG 2014-11-11 11:09:51 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Avg 2014-11-11 11:08:38 -------- d-----w- C:\Users\Gwen\AppData\Local\Avg 2014-11-11 11:05:49 -------- d-----w- C:\Users\Gwen\AppData\Roaming\AVG2015 2014-11-11 11:05:19 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\AVG2015 2014-11-11 11:04:49 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Avg2015 2014-11-11 11:02:59 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Local\Avg2015 2014-11-11 10:59:55 -------- d-----w- C:\Users\Gwen\AppData\Local\Avg2015 2014-11-09 22:51:32 -------- d-----w- C:\Users\Gwen\AppData\Local\Programs ====== C:\Users\Gwen ====== 2014-11-12 03:20:11 02D817FF481EB12FE0CC34363809C05B 2116096 ----a-w- C:\Users\Gwen\Downloads\FRST64.exe 2014-11-12 00:40:27 -------- d-----w- C:\ProgramData\RogueKiller 2014-11-11 22:59:47 EA11B5C84321B89C4CE7C5EED3602C2A 1706808 ----a-w- C:\Users\Gwen\Downloads\JRT.exe 2014-11-11 22:42:47 6504113C2218667814D4F54847BA046A 2140160 ----a-w- C:\Users\Gwen\Downloads\adwcleaner_4.101.exe 2014-11-11 22:32:32 A20FA8B5AFA2323E9E1FB9880C3C28DB 17528920 ----a-w- C:\Users\Gwen\Desktop\RogueKillerX64.exe 2014-11-11 22:31:08 A20FA8B5AFA2323E9E1FB9880C3C28DB 17528920 ----a-w- C:\Users\Gwen\Downloads\RogueKillerX64.exe 2014-11-11 22:27:59 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2014-11-11 22:27:39 -------- d-----w- C:\ProgramData\HitmanPro 2014-11-11 22:09:29 00FD7C6BEDEE9B24B0DB02B68B07AD54 11222744 ----a-w- C:\Users\Gwen\Desktop\HitmanPro_x64.exe 2014-11-11 22:07:59 00FD7C6BEDEE9B24B0DB02B68B07AD54 11222744 ----a-w- C:\Users\Gwen\Downloads\HitmanPro_x64.exe 2014-11-11 21:58:37 FCCD0F6A733248E8F624B9FE813F0324 1944824 ----a-w- C:\Users\Gwen\Downloads\iExplore.exe 2014-11-11 21:50:39 -------- d-----w- C:\Users\Public\AppData 2014-11-11 16:11:11 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft 2014-11-11 11:59:47 33398D340008A0577507FCA7FD443622 19828376 ----a-w- C:\Users\Gwen\Downloads\mbam-setup-2.0.3.1025.exe 2014-11-11 11:11:12 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015 2014-11-11 11:06:20 -------- d-----w- C:\ProgramData\AVG 2014-11-11 11:04:06 -------- d-----w- C:\ProgramData\AVG2015 ====== C: exe-files == 2014-11-12 12:13:45 08F2392ADD51246541D7F75B7264F341 6650704 ----a-w- C:\Users\Gwen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3WMSO1G\Mikogo20141112131340_331311355_-006777656e__.exe 2014-11-12 12:10:55 F07BAAC1621E4FE3426B0D36A10A979E 120192 ----a-w- C:\Users\Gwen\AppData\Local\Temp\clear.fiClient\cabarc.exe 2014-11-12 02:28:14 FF8370BBC2CDCEB6E37F62B94164C0B9 3003792 ------w- C:\EEK\bin\a2cmd.exe 2014-11-12 02:28:14 C65330F138BD74C591E8DBE7160F4B57 5364528 ------w- C:\EEK\bin\a2emergencykit.exe 2014-11-12 02:28:14 9AFD5FD2A4001D64B7B6A8228BD05D19 432328 ------w- C:\EEK\Start Commandline Scanner.exe 2014-11-12 02:28:14 68EB001A76162315186EA5906F1F139E 432328 ------w- C:\EEK\Start Emergency Kit Scanner.exe 2014-11-12 02:28:14 3D7E47A121A58F7E1E639419E7CB28C0 1153912 ------w- C:\EEK\bin\BlitzBlank.exe 2014-11-12 02:28:14 242D0826D1E784DD7F28E6E604CC4CAA 423064 ------w- C:\EEK\Start BlitzBlank.exe 2014-11-11 22:42:47 6504113C2218667814D4F54847BA046A 2140160 ----a-w- C:\Users\Gwen\Downloads\adwcleaner_4.101.exe 2014-11-11 22:32:32 A20FA8B5AFA2323E9E1FB9880C3C28DB 17528920 ----a-w- C:\Users\Gwen\Desktop\RogueKillerX64.exe 2014-11-11 22:28:00 E9499A51801037F4E7CD2D7937D76542 127752 ----a-w- C:\Program Files\HitmanPro\hmpsched.exe 2014-11-11 22:27:59 00FD7C6BEDEE9B24B0DB02B68B07AD54 11222744 ----a-w- C:\Program Files\HitmanPro\HitmanPro.exe 2014-11-11 22:09:29 00FD7C6BEDEE9B24B0DB02B68B07AD54 11222744 ----a-w- C:\Users\Gwen\Desktop\HitmanPro_x64.exe 2014-11-11 16:11:10 4D686DE8222C1B6896300C74974AAAC4 371608 ----a-w- C:\Program Files (x86)\Anvisoft\Cloud System Booster\Uninstall.exe === C: other files == 2014-11-12 02:28:15 DBC8CDAFC84E96E894C3BAAED9B30F47 50200 ------w- C:\EEK\bin\cleanhlp32.sys 2014-11-12 02:28:15 D27A8B7BB0E15DFBFC6B4E774EE17AD9 26176 ------w- C:\EEK\bin\a2ddax64.sys 2014-11-12 02:28:15 B794DCF38C965FA2F93C45A7C3D582C5 57024 ------w- C:\EEK\bin\cleanhlp64.sys 2014-11-12 02:28:15 B0CC0B50441372157F31C4C023D43A3E 22056 ------w- C:\EEK\bin\a2ddax86.sys 2014-11-12 00:40:32 975F2CAA23B9CF4420EAB6439BE4D233 37624 ----a-w- C:\Windows\System32\drivers\TrueSight.sys 2014-11-11 12:43:51 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2014-11-11 12:42:29 D3311B31C470E7681B14D9B014CBF9ED 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2014-11-11 12:42:29 95EF63A7827D4E3A229CBBCB42619E93 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys 2014-11-11 12:42:28 5C3669B71657F22E67A1D4BD49D2CBE7 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys 2014-11-10 21:01:46 29F981739E50305128022CBE10B3659C 197704 ----a-w- C:\Windows\System32\drivers\HipShieldK.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-2071371351-3043768126-2165783208-1001\Software\Microsoft\Windows\CurrentVersion\Run] "NokiaSuite.exe"="C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray" "Spotify Web Helper"="C:\Users\Gwen\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "GarminExpressTrayApp"="C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" "Spotify"="C:\Users\Gwen\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart" "CloudSystemBooster"="C:\Program Files (x86)\Anvisoft\Cloud System Booster\CloudSystemBooster.exe /hide /autorun" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" "KodakHomeCenter"="C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" "KodakHomeCenter"="C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" "SuiteTray"="C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" "EgisTecPMMUpdate"="C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" "EgisUpdate"="C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe -d" "Norton Online Backup"="C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" "BackupManagerTray"="C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe -h -k" "NUSB3MON"="C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" "LManager"="C:\Program Files (x86)\Launch Manager\LManager.exe" "Dolby Home Theater v4"="C:\Dolby PCEE4\pcee4.exe -autostart" "MDS_Menu"="C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\Acer\clear.fi\MediaEspresso UpdateWithCreateOnce Software\CyberLink\MediaEspresso\6.1" "ArcadeMovieService"="C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" "AppleSyncNotifier"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "EKStatusMonitor"="C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe" "mcpltui_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "NokiaSuite.exe"="C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray" "Spotify Web Helper"="C:\Users\Gwen\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "GarminExpressTrayApp"="C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" "Spotify"="C:\Users\Gwen\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart" "CloudSystemBooster"="C:\Program Files (x86)\Anvisoft\Cloud System Booster\CloudSystemBooster.exe /hide /autorun" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "Power Management"="C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " ==== Startup Registry Disabled ====================== [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-] "MobileDocuments"="C:\\Program Files (x86)\\Common Files\\Apple\\Internet Services\\ubd.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "Conime"="%windir%\\system32\\conime.exe" "Adobe ARM"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" "QuickTime Task"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime" "iTunesHelper"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\"" "SunJavaUpdateSched"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" ==== Startup Folders ====================== 2012-12-13 17:47:49 1051 ----a-w- C:\Users\Gwen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk 2011-03-09 13:46:31 1782 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk 2014-01-31 11:20:42 2051 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launcher.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [26/09/2014 15:23] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [23/10/2014 08:08] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [23/10/2014 08:08] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\Adobe Reader and Acrobat Manager" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\clear.fi" ["C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe"] "C:\Windows\SysNative\tasks\clear.fiAgent" ["C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe"] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\DMREngine" ["C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe"] "C:\Windows\SysNative\tasks\GarminUpdaterTask" [C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\Java(TM) Platform SE Auto Updater" [C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe] "C:\Windows\SysNative\tasks\TuneUpUtilities_Task_BkGndMaintenance2013" [C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe] "C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files (x86)\McAfee\SiteAdvisor" [10/11/2014 21:31] ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions fheoggkfdfchfphceeifdbepaooicaho - No path found[] Google Voice Search Hotword (Beta) - Gwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn YouTube - Gwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Gwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf SiteAdvisor - Gwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho Google Wallet - Gwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Gwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Fix ====================== C:\Users\Gwen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="[url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="[url]http://www.google.com/search?q={searchTerms}[/url]" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="[url]http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC[/url]" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A3C14B8429A918B46B359CF7BE589C01 deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{48B41C3A-9A92-4B81-B653-C97FEB85C910} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DBA1BF66-8930-4DC5-937D-AB92522956B4} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\A3C14B8429A918B46B359CF7BE589C01 deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Gwen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Gwen\Desktop\97StationRd\Gwen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Gwen\Desktop\97StationRd\Gwen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Gwen\Desktop\97StationRd\Gwen\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Gwen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3WMSO1G will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Gwen\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=1204 folders=138 97259703 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\temp emptied successfully C:\Users\Default User\AppData\Local\temp emptied successfully C:\Users\Gwen\AppData\Local\Temp will be emptied at reboot C:\Users\Public\AppData\Local\temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Gwen\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Gwen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3WMSO1G" not found ==== EOF on 12/11/2014 at 13:02:47.92 ====================== [/QUOTE]
Insert quotes…
Verification
Post reply
Top