Alarabyeyes or Arabeyes infection is driving me nuts

[Nabeel_69]

This is the latest Zoek log, I have used it 3-4 times but browsers are still hijacked.
Thanks for all your help in advance.


Zoek.exe v5.0.0.0 Updated 08-April-2015
Tool run by Don on 09/04/2015 at 2:05:50.21.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Don\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used]

==== Older Logs ======================

C:\zoek-results2015-02-26-232400.log 25320 bytes
C:\zoek-results2015-04-07-093711.log 114649 bytes
C:\zoek-results2015-04-07-155111.log 2590 bytes

==== Running Processes ======================

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Motorola\Bluetooth\obexsrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Motorola\Bluetooth\audiosrv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskeng.exe
C:\Users\Don\Desktop\zoek.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskhost.exe

==== System Restore Info ======================

09/04/2015 02:08:36 Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~2\McAfee deleted successfully
C:\Program Files\HitmanPro deleted successfully
C:\Program Files\Common Files\McAfee deleted successfully
C:\PROGRA~3\Mistl deleted successfully
C:\Users\Mcx1-NABEEL\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-576309536-2513507048-1813419607-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F4E39681-15F8-4fda-B8A3-B5C98378F2F3} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Batch Command(s) Run By Tool======================


==== Deleting Files \ Folders ======================

C:\PROGRA~2\McAfee not found
C:\windows\SysNative\Tasks\Mistl deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\GPT.INI deleted
C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted
"C:\Windows\Installer\adde64.msi" deleted
"C:\Users\Don\AppData\Roaming\homerj\c32s.exe" deleted
"C:\Users\Don\AppData\Roaming\homerj" deleted

==== System Specs ======================

Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 4044 MB
CPU Info: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz
CPU Speed: 2309.8 MHz
Sound Card: Speakers and Headphones (IDT Hi |
Communications Headphones (IDT |
Display Adapters: Intel(R) HD Graphics Family | Intel(R) HD Graphics Family | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: Ralink RT5390 802.11b/g/n WiFi Adapter | Realtek PCIe GBE Family Controller
CD / DVD Drives: 3x (E: | F: | G: | ) E: hp CDDVDW TS-L633R | F: DTSOFT BDROM | G: DTSOFT BDROM
Ports: COM3 | COM4 LPT Port NOT Present.
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C: 450.9GB | D: 14.5GB | H: 99.0MB
Hard Disks - Free: C: 28.9GB | D: 1.8GB | H: 83.6MB
Manufacturer *: Hewlett-Packard
BIOS Info: AT/AT COMPATIBLE | 10/05/11 | HPQOEM - 1
Time Zone: Arabian Standard Time
Motherboard *: Hewlett-Packard 1657
Country: United Kingdom
Language: ENG

==== System Specs (Software) ======================

Anti-Spyware: Windows Defender disabled (Outdated)
Internet Explorer Version: 11.0.9600.17691
Mozilla Firefox version: 36.0.4 (x86 en-GB)
Google Chrome version: 41.0.2272.118
Adobe Reader version: 11.0.10.32
Sun Java version: 1.8.0_31 (32-bit)
Sun Java version: 1.8.0_31 (64-bit)
Shockwave Player version: 12.1.1r151

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\Don\AppData\Local\Temp ====
2015-04-07 22:54:25 9F172F68DDE553E6FD272D83D25ED720 100712 ----a-w- C:\Users\Don\AppData\Local\Temp\RarSFX1\SetupVSE.Exe
2015-04-07 22:54:24 E71004CA405C485961D4DCDB7C628A71 856064 ----a-w- C:\Users\Don\AppData\Local\Temp\RarSFX1\ePOPolicyMigration.exe
2015-04-07 22:54:24 80CC49EB31E11AD845656EC799D64B6D 6981576 ----a-w- C:\Users\Don\AppData\Local\Temp\RarSFX1\FramePkg_UPD.exe
2015-04-07 22:54:22 342F79337765760AD4E392EB67D5ED2C 2585872 ----a-w- C:\Users\Don\AppData\Local\Temp\RarSFX1\WindowsInstaller-KB893803-v2-x86.exe
2015-04-07 22:54:21 C28110F4633FF27E9B38ED30D899C4D8 23886336 ----a-w- C:\Users\Don\AppData\Local\Temp\RarSFX1\VSE880.msi
2015-04-07 22:54:20 5689D43C3B201DD3810FA3BBA4A6476A 4216840 ----a-w- C:\Users\Don\AppData\Local\Temp\RarSFX1\vcredist_x86.exe
2015-04-07 22:54:19 9250CE7ED6EFF095CCDC723BEACCF673 195432 ----a-w- C:\Users\Don\AppData\Local\Temp\RarSFX1\UnInst.exe
2015-04-07 22:54:19 71107AA35299CA38212C55D5ADB447CB 221032 ----a-w- C:\Users\Don\AppData\Local\Temp\RarSFX1\UnInstX64.exe
2015-04-07 22:54:19 40395C175553CB14D2050888EFCCDF00 4961800 ----a-w- C:\Users\Don\AppData\Local\Temp\RarSFX1\vcredist_x64.exe
2015-04-07 22:49:00 E71004CA405C485961D4DCDB7C628A71 856064 ----a-w- C:\Users\Don\AppData\Local\Temp\RarSFX0\ePOPolicyMigration.exe
2015-04-07 22:49:00 9F172F68DDE553E6FD272D83D25ED720 100712 ----a-w- C:\Users\Don\AppData\Local\Temp\RarSFX0\SetupVSE.Exe
2015-04-07 22:49:00 80CC49EB31E11AD845656EC799D64B6D 6981576 ----a-w- C:\Users\Don\AppData\Local\Temp\RarSFX0\FramePkg_UPD.exe
2015-04-07 22:48:59 C28110F4633FF27E9B38ED30D899C4D8 23886336 ----a-w- C:\Users\Don\AppData\Local\Temp\RarSFX0\VSE880.msi
2015-04-07 22:48:59 9250CE7ED6EFF095CCDC723BEACCF673 195432 ----a-w- C:\Users\Don\AppData\Local\Temp\RarSFX0\UnInst.exe
2015-04-07 22:48:59 71107AA35299CA38212C55D5ADB447CB 221032 ----a-w- C:\Users\Don\AppData\Local\Temp\RarSFX0\UnInstX64.exe
2015-04-07 22:48:59 5689D43C3B201DD3810FA3BBA4A6476A 4216840 ----a-w- C:\Users\Don\AppData\Local\Temp\RarSFX0\vcredist_x86.exe
2015-04-07 22:48:59 40395C175553CB14D2050888EFCCDF00 4961800 ----a-w- C:\Users\Don\AppData\Local\Temp\RarSFX0\vcredist_x64.exe
2015-04-07 22:48:59 342F79337765760AD4E392EB67D5ED2C 2585872 ----a-w- C:\Users\Don\AppData\Local\Temp\RarSFX0\WindowsInstaller-KB893803-v2-x86.exe
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2015-04-07 22:55:45 F46B13DE588712604199F49071BEADEF 25088 ----a-w- C:\Windows\SysWOW64\MFEOtlk.dll
2015-04-07 22:55:45 B63940119D1AD6F940B426A5F0CB29BD 94080 ----a-w- C:\Windows\SysWOW64\MfeOtlkAddin.dll
2015-03-31 13:27:57 450DD4303299B4EC1DB20E9062294055 58 ----a-w- C:\Windows\SysWOW64\out.txt
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2015-04-07 22:55:44 40C98E1CAC1642F36CA3A1ACCC1E4907 121896 ----a-w- C:\Windows\Sysnative\MfeOtlkAddin.dll
2015-04-07 22:41:56 5614386D4CFDF9E56F355C45BEEBC976 12872 ----a-w- C:\Windows\Sysnative\bootdelete.exe
2015-04-07 22:24:57 A77EF589190A7417BBBEBF6D63D6C95C 1436 ----a-w- C:\Windows\Sysnative\.crusader
2015-04-07 09:19:10 A7EC0AE8F2D3BA655B7AA37EC5950FB7 5033040 ----a-w- C:\Windows\Sysnative\FNTCACHE.DAT
====== C:\Windows\Sysnative\drivers =====
2015-04-08 18:32:00 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2015-04-08 18:31:50 CA43F8904E24BBE49982E4C0B29E6579 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys
2015-04-08 18:31:50 A646C2DDB8C46E9B20A326FAF566646C 63704 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys
2015-04-08 18:31:50 478CC94C937D235CB0A96AB8F2359D81 93400 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys
2015-03-11 14:45:46 87BCD1034CBF33537D4D4C251D39BA26 94656 ----a-w- C:\Windows\Sysnative\drivers\mountmgr.sys
2015-03-11 14:45:19 ED6E75158D28D33A2E2A020AC5B2B59D 663552 ----a-w- C:\Windows\Sysnative\drivers\PEAuth.sys
2015-03-11 14:45:10 90C53BD47979FB8814F465A08B885102 61440 ----a-w- C:\Windows\Sysnative\drivers\appid.sys
2015-03-11 14:44:15 8BA90F480705D7153AD0060CCA62222A 155576 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys
2015-03-11 14:44:15 27667A788130A7F7A5858DE27572E6D7 459336 ----a-w- C:\Windows\Sysnative\drivers\cng.sys
2015-03-11 14:44:14 56ED3EE5FED6BF2FC1305CF872042868 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys
====== C:\Windows\Tasks ======
2015-03-30 17:00:18 A355F7E7302FC48CF2DD7F5E255CE0C5 892 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-30 17:00:18 9B37CEE381108BD51187589EA9FA8663 888 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-30 17:00:18 5BC82865C042C9BF714DA4901181616B 3888 ----a-w- C:\Windows\Sysnative\Tasks\GoogleUpdateTaskMachineUA
2015-03-30 17:00:18 20DF07E30162D9136CA33AFE4A62B37E 3636 ----a-w- C:\Windows\Sysnative\Tasks\GoogleUpdateTaskMachineCore
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
======= C: =====
====== C:\Users\Don\AppData\Roaming ======
2015-04-07 22:56:04 -------- d-----w- C:\Users\Don\AppData\Local\CrashDumps
2015-04-07 21:59:10 -------- d-----w- C:\Users\Don\AppData\Roaming\VolIE
2015-04-07 09:19:56 097AA0E4C8667D4A512F3CA6B810BB3D 109296 ----a-w- C:\Users\Don\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-07 09:18:22 92D8D941F97587B213D6BAFBBE67D158 617032 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\FontCache3.0.0.0.dat
====== C:\Users\Don ======
2015-04-07 22:12:00 -------- d-----w- C:\ProgramData\HitmanPro
2015-04-07 15:27:29 CCACBC97231A4E46D5DBF809C0FF8FD0 781312 ----a-w- C:\Users\Don\Downloads\delfix_10.9.exe
2015-03-30 17:01:16 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

====== C: exe-files ==
2015-04-07 22:54:25 9F172F68DDE553E6FD272D83D25ED720 100712 ----a-w- C:\Users\Don\AppData\Local\Temp\RarSFX1\SetupVSE.Exe
2015-04-07 22:54:24 E71004CA405C485961D4DCDB7C628A71 856064 ----a-w- C:\Users\Don\AppData\Local\Temp\RarSFX1\ePOPolicyMigration.exe
2015-04-07 22:54:24 80CC49EB31E11AD845656EC799D64B6D 6981576 ----a-w- C:\Users\Don\AppData\Local\Temp\RarSFX1\FramePkg_UPD.exe
2015-04-07 22:54:22 342F79337765760AD4E392EB67D5ED2C 2585872 ----a-w- C:\Users\Don\AppData\Local\Temp\RarSFX1\WindowsInstaller-KB893803-v2-x86.exe
2015-04-07 22:54:20 5689D43C3B201DD3810FA3BBA4A6476A 4216840 ----a-w- C:\Users\Don\AppData\Local\Temp\RarSFX1\vcredist_x86.exe
2015-04-07 22:54:19 9250CE7ED6EFF095CCDC723BEACCF673 195432 ----a-w- C:\Users\Don\AppData\Local\Temp\RarSFX1\UnInst.exe
2015-04-07 22:54:19 71107AA35299CA38212C55D5ADB447CB 221032 ----a-w- C:\Users\Don\AppData\Local\Temp\RarSFX1\UnInstX64.exe
2015-04-07 22:54:19 40395C175553CB14D2050888EFCCDF00 4961800 ----a-w- C:\Users\Don\AppData\Local\Temp\RarSFX1\vcredist_x64.exe
2015-04-07 22:49:00 E71004CA405C485961D4DCDB7C628A71 856064 ----a-w- C:\Users\Don\AppData\Local\Temp\RarSFX0\ePOPolicyMigration.exe
2015-04-07 22:49:00 9F172F68DDE553E6FD272D83D25ED720 100712 ----a-w- C:\Users\Don\AppData\Local\Temp\RarSFX0\SetupVSE.Exe
2015-04-07 22:49:00 80CC49EB31E11AD845656EC799D64B6D 6981576 ----a-w- C:\Users\Don\AppData\Local\Temp\RarSFX0\FramePkg_UPD.exe
2015-04-07 22:48:59 9250CE7ED6EFF095CCDC723BEACCF673 195432 ----a-w- C:\Users\Don\AppData\Local\Temp\RarSFX0\UnInst.exe
2015-04-07 22:48:59 71107AA35299CA38212C55D5ADB447CB 221032 ----a-w- C:\Users\Don\AppData\Local\Temp\RarSFX0\UnInstX64.exe
2015-04-07 22:48:59 5689D43C3B201DD3810FA3BBA4A6476A 4216840 ----a-w- C:\Users\Don\AppData\Local\Temp\RarSFX0\vcredist_x86.exe
2015-04-07 22:48:59 40395C175553CB14D2050888EFCCDF00 4961800 ----a-w- C:\Users\Don\AppData\Local\Temp\RarSFX0\vcredist_x64.exe
2015-04-07 22:48:59 342F79337765760AD4E392EB67D5ED2C 2585872 ----a-w- C:\Users\Don\AppData\Local\Temp\RarSFX0\WindowsInstaller-KB893803-v2-x86.exe
2015-04-07 22:41:56 5614386D4CFDF9E56F355C45BEEBC976 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2015-04-07 15:27:29 CCACBC97231A4E46D5DBF809C0FF8FD0 781312 ----a-w- C:\Users\Don\Downloads\delfix_10.9.exe
2015-04-05 13:53:28 E55D0D5D5A3A585BFF48B990708007A5 2208768 ----a-w- C:\Users\Don\Documents\My Received Files\adwcleaner_4.200.exe
2015-04-04 20:23:29 119E1BD6E6C625C53E35E6153781F9F1 3584 ----a-w- C:\Users\Don\AppData\LocalLow\Unity\WebPlayer\mono\Stable2.x.x\Data\lib\UnityDomainLoad.exe
2015-04-04 15:00:32 A6C3E3120AC125BABE410959083A0108 459264 ----a-w- C:\Windows\System32\GWX\GWX.exe
2015-04-04 15:00:32 86345D30828786E1CC6AF12DF769D136 392704 ----a-w- C:\Windows\SysWOW64\GWX\GWX.exe
2015-04-04 15:00:32 771215B601C7D7E88D015D974AF7BEC7 393216 ----a-w- C:\Windows\System32\GWX\GWXUX.exe
2015-04-04 15:00:32 29038FF696BB007224872DA9645EA324 353048 ----a-w- C:\Windows\System32\GWX\GWXUXWorker.exe
2015-04-04 15:00:31 E32AAB3E477398B78E9D8F2418D1989C 658944 ----a-w- C:\Windows\System32\GWX\GWXConfigManager.exe
2015-04-03 17:05:58 04A8F29E2CB7A633109E6AF1316F6E97 864336 ----a-w- C:\Program Files (x86)\Google\Update\Install\{D5E0B82A-AF3D-40C6-AF8A-70FB8555A2E1}\41.0.2272.118_41.0.2272.101_chrome_updater.exe
2015-04-03 17:05:58 04A8F29E2CB7A633109E6AF1316F6E97 864336 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\41.0.2272.118\41.0.2272.118_41.0.2272.101_chrome_updater.exe
=== C: other files ==
2015-04-08 18:32:00 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-04-08 18:31:50 CA43F8904E24BBE49982E4C0B29E6579 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2015-04-08 18:31:50 A646C2DDB8C46E9B20A326FAF566646C 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2015-04-08 18:31:50 478CC94C937D235CB0A96AB8F2359D81 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2015-04-07 22:54:23 6F848E6C10B250E2E0A8452A11AC9163 5627237 ----a-w- C:\Users\Don\AppData\Local\Temp\RarSFX1\epo45_help_vse_880.zip
2015-04-07 22:54:21 94887847FC5EC6604C1E0876D5A6962D 632799 ----a-w- C:\Users\Don\AppData\Local\Temp\RarSFX1\VIRUSCANREPORTS120(236).zip
2015-04-07 22:54:21 6C637284C4BE0AA7AF026F9DE5D28410 1113756 ----a-w- C:\Users\Don\AppData\Local\Temp\RarSFX1\VIRUSCAN8800(368).zip
2015-04-07 22:49:00 6F848E6C10B250E2E0A8452A11AC9163 5627237 ----a-w- C:\Users\Don\AppData\Local\Temp\RarSFX0\epo45_help_vse_880.zip
2015-04-07 22:48:59 94887847FC5EC6604C1E0876D5A6962D 632799 ----a-w- C:\Users\Don\AppData\Local\Temp\RarSFX0\VIRUSCANREPORTS120(236).zip
2015-04-07 22:48:59 6C637284C4BE0AA7AF026F9DE5D28410 1113756 ----a-w- C:\Users\Don\AppData\Local\Temp\RarSFX0\VIRUSCAN8800(368).zip
2015-04-07 11:15:37 0CDE49A242C13E293BEDC412FD0FC7E8 129164 ----a-w- C:\Users\Don\Downloads\Holiday Assignment.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-576309536-2513507048-1813419607-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Users\Don\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"
"NUSB3MON"="C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"HPOSD"="C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe"
"HP Quick Launch"="C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe"
"BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
"RIMBBLaunchAgent.exe"="C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Users\Don\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BTMTrayAgent"="rundll32.exe C:\Program Files\Motorola\Bluetooth\btmshell.dll,TrayApp"
"HPWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="APSDaemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CCleaner Monitoring]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CCleaner Monitoring"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\CCleaner\\CCleaner64.exe\" /MONITOR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DAEMON Tools Lite"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\DAEMON Tools Lite\\DTLite.exe\" -autorun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DivXMediaServer]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DivXMediaServer"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\DivX\\DivX Media Server\\DivXMediaServer.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DivXUpdate]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DivXUpdate"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\DivX\\DivX Update\\DivXUpdate.exe\" /CHECKNOW"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EPSON Stylus CX9300F Series]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EPSON Stylus CX9300F Series"
"hkey"="HKCU"
"command"="C:\\Windows\\system32\\spool\\DRIVERS\\x64\\3\\E_IATICFP.EXE /FU \"C:\\Windows\\TEMP\\E_S1E49.tmp\" /EF \"HKCU\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Facebook Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Facebook Update"
"hkey"="HKCU"
"command"="\"C:\\Users\\Don\\AppData\\Local\\Facebook\\Update\\FacebookUpdate.exe\" /c /nocrashserver"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Google Update"
"hkey"="HKCU"
"command"="\"C:\\Users\\Don\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QuickTime Task"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RIMBBLaunchAgent.exe]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RIMBBLaunchAgent.exe"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Common Files\\Research In Motion\\USB Drivers\\RIMBBLaunchAgent.exe"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeARMservice]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeFlashPlayerUpdateSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Bonjour Service]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdate]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdatem]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\hpsrv]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\iPod Service]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SkypeUpdate]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\vpnagent]


==== Task Scheduler Jobs ======================

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-576309536-2513507048-1813419607-1000Core.job --a------ C:\Users\Don\AppData\Local\Facebook\Update\FacebookUpdate.exe [12/07/2012 02:38]
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-576309536-2513507048-1813419607-1000UA.job --a------ [Undetermined Task]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [30/03/2015 21:00]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [30/03/2015 21:00]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-576309536-2513507048-1813419607-1000Core.job --a------ [Undetermined Task]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-576309536-2513507048-1813419607-1000UA.job --a------ C:\Users\Don\AppData\Local\Google\Update\GoogleUpdate.exe [15/02/2015 06:13]
C:\Windows\tasks\HPCeeScheduleForDon.job --a------ C:\Program Files (x86)\Hewlett-PaC:kard\HP C:eement\HPC:EE.exe []

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-576309536-2513507048-1813419607-1000Core" [C:\Users\Don\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-576309536-2513507048-1813419607-1000UA" [C:\Users\Don\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-576309536-2513507048-1813419607-1000Core" [C:\Users\Don\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-576309536-2513507048-1813419607-1000UA" [C:\Users\Don\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\HPCeeScheduleForDon" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe]
"C:\Windows\SysNative\tasks\MirageAgent" [C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe]
"C:\Windows\SysNative\tasks\Newsfeed" ["C:\Users\Don\AppData\Roaming\homerj\c32s.exe"]
"C:\Windows\SysNative\tasks\ServicePlan" ["C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe"]
"C:\Windows\SysNative\tasks\{6FC9D41B-4F0D-4439-AA4E-3AD67005FD64}" [C:\Users\Don\Downloads\ImageResizerPowertoySetup.exe]
"C:\Windows\SysNative\tasks\{76CF005D-AB04-44B6-AD8C-C5CEFE94CEA4}" [C:\Users\Don\Downloads\ImageResizerPowertoySetup.exe]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon" [C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\tdkdx8td.default-1428397949693
user_pref("browser.startup.homepage", "http://www.alarabeyes.com/");

ProfilePath: C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\pzgg7ljj.default
user_pref("browser.search.defaulturl", "");
user_pref("browser.newtab.url", "");
user_pref("browser.search.defaultenginename", "");
user_pref("browser.search.defaultenginename,S", "");
user_pref("browser.search.selectedEngine,S", "");
user_pref("keyword.URL", "");

==== Firefox Extensions ======================

ProfilePath: C:\Users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\qdg77bbz.default-1397744366290
- Undetermined - %ProfilePath%\extensions\{2d3fbcf7-be69-4433-8858-c621a8d0e58d}

AppDir: C:\Program Files (x86)\Mozilla Firefox
- TrueSuite Website Logon - %AppDir%\extensions\websitelogon@truesuite.com
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Bad Ads Blocker - %AppDir%\distribution\bundles\addonFF@AdvanT.com

==== Firefox Plugins ======================

Profilepath: C:\Users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\tdkdx8td.default-1428397949693
0E8B2D0D9E3415A91EF259CE1112C579 - C:\Windows\SysWoW64\Adobe\Director\np32dsw_1210150.dll - Shockwave for Director / Shockwave for Director
E37EAD09D28AE19D8A39B6A95F47513A - C:\Windows\SysWoW64\Adobe\Director\np32dsw_1211151.dll - Shockwave for Director / Shockwave for Director
DCB0BCEF594E2C410793C4A823C318F3 - C:\Windows\SysWoW64\Adobe\Director\np32dsw_1213153.dll - Shockwave for Director / Shockwave for Director
F6D12679B9112358AC705A1308156F59 - C:\Users\Don\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
98137411B9C632095F919E2CE70B288A - C:\Users\Don\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll - Google Update
3CD19649B2C3023D65E67C056457A2BC - C:\Users\Don\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
5939F8E57B7E16C4F78A8563C5F81339 - C:\Users\Don\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin
B2A4227A89D7C4AFDA6331FFEF5199A9 - C:\Users\Don\AppData\Roaming\Mozilla\plugins\npo1d.dll - Google Talk Plugin Video Renderer


==== Chromium Look ======================

Google Chrome Version: 41.0.2272.118 (Latest Stable version: 41.0.2272.118) [z-db]

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
nhfpefkeidlhbjljfdojcnngjbddgein - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx[17/11/2010 18:36]

Google Docs - Don\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Don\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Don\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Don\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Highlight to Search - Don\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\floipahigmmkfhkoapmnijnlnboniglg
AdBlock - Don\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Chrome Hotword Shared Module - Don\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Google Wallet - Don\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Don\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Docs - Don\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\aohghmighlieiainnegkcijnfilokake
Website Logon - Don\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\nhfpefkeidlhbjljfdojcnngjbddgein
Website Logon - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhfpefkeidlhbjljfdojcnngjbddgein
Google Wallet - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
DivX Plus Web Player HTML5 \u003Cvideo\u003E - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm
Google Docs - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Website Logon - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhfpefkeidlhbjljfdojcnngjbddgein
Google Wallet - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
DivX Plus Web Player HTML5 \u003Cvideo\u003E - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm
Gmail - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chromium Startpages ======================

C:\Users\Don\AppData\Local\Chromium\User Data\Default\Preferences
{"extensions":{"settings":{"pchfckkccldkbclgdepkaonamkignanh":{}}},"default_search_provider_data":{"template_url_data":{"search_terms_replacement_key":"","search_url_post_params":"","suggestions_url_post_params":"","id":"5","short_name":"Yandex","keyword":"yandex.ru","favicon_url":"http://www.yandex.ru/favicon.ico","url":"http://yandex.ru/yandsearch?win=151&clid=1989596&text={searchTerms}","safe_for_autoreplace":true,"suggestions_url":"http://suggest.yandex.net/suggest-ff.cgi?part={searchTerms}","prepopulate_id":0,"input_encodings":["UTF-8"]}},"ntp":{"shown_sections":64,"shown_page":1024},"homepage_is_newtabpage":false,"homepage":"http://www.yandex.ru/?win=151&clid=1989595","session":{"startup_urls":["http://www.yandex.ru/?win=151&clid=1989595"]},"browser":{"show_home_button":true}}

C:\Users\Don\AppData\Local\Google\Chrome\User Data\Profile 6\Preferences
"startup_urls": [ "http://www.en.wikipedia.org/" ]

C:\Users\Don\AppData\Roaming\Opera Software\Opera Stable\Preferences
{"homepage_is_newtabpage":false,"homepage":"http://www.yandex.ru/?win=151&clid=1989595","session":{"startup_urls":["http://www.yandex.ru/?win=151&clid=1989595"]},"browser":{"show_home_button":true}}


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com/"
"Default_Search_URL"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\Don\AppData\Local\Chromium\User Data\Default\Preferences was reset successfully
C:\Users\Don\AppData\Local\Chromium\User Data\Default\Preferences_20141122223602.backup was reset successfully
C:\Users\Don\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Don\AppData\Local\Google\Chrome\User Data\Profile 6\Preferences was reset successfully
C:\Users\Don\AppData\Local\Google\Chrome\User Data\Profile 6\Secure Preferences was reset successfully
C:\Users\Don\AppData\Local\Google\Chrome\User Data\Profile 7\Preferences was reset successfully
C:\Users\Don\AppData\Local\Google\Chrome\User Data\Profile 7\Secure Preferences was reset successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Don\AppData\Roaming\Opera Software\Opera Stable\Preferences was reset successfully
C:\Users\Don\AppData\Roaming\Opera Software\Opera Stable\Preferences_20141122223602.backup was reset successfully
C:\Users\Don\AppData\Local\Chromium\User Data\Default\Web Data was reset successfully
C:\Users\Don\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Don\AppData\Local\Google\Chrome\User Data\Profile 6\Web Data was reset successfully
C:\Users\Don\AppData\Local\Google\Chrome\User Data\Profile 6\Web Data-journal was reset successfully
C:\Users\Don\AppData\Local\Google\Chrome\User Data\Profile 7\Web Data was reset successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\Don\AppData\Roaming\Opera Software\Opera Stable\Web Data was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\Don\Desktop\HP Support Assistant.lnk - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
C:\Users\Don\Desktop\µTorrent.lnk -
C:\Users\Don\Desktop\aheed\Horizon.lnk - C:\Program Files (x86)\Daring Development\Horizon\v2\Horizon.exe
C:\Users\Guest\Desktop\Bandicam.lnk - C:\Program Files (x86)\Bandicam\bdcam.exe
C:\Users\Guest\Desktop\Bandicut.lnk - C:\Program Files (x86)\Bandicut\bdcut.exe
C:\Users\Guest\Desktop\SmartPixel.lnk - C:\SmartPixel\bin\smartpixel.exe
C:\Users\Guest\Desktop\Microsoft Office\Microsoft Office Access 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
C:\Users\Guest\Desktop\Microsoft Office\Microsoft Office Excel 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
C:\Users\Guest\Desktop\Microsoft Office\Microsoft Office Groove 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\GrooveIcon.ico
C:\Users\Guest\Desktop\Microsoft Office\Microsoft Office InfoPath 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
C:\Users\Guest\Desktop\Microsoft Office\Microsoft Office OneNote 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
C:\Users\Guest\Desktop\Microsoft Office\Microsoft Office Outlook 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
C:\Users\Guest\Desktop\Microsoft Office\Microsoft Office PowerPoint 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
C:\Users\Guest\Desktop\Microsoft Office\Microsoft Office Publisher 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
C:\Users\Guest\Desktop\Microsoft Office\Microsoft Office Word 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
C:\Users\Guest\Desktop\Microsoft Office\Microsoft Office Tools\Digital Certificate for VBA Projects.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
C:\Users\Guest\Desktop\Microsoft Office\Microsoft Office Tools\Microsoft Clip Organizer.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
C:\Users\Guest\Desktop\Microsoft Office\Microsoft Office Tools\Microsoft Office 2007 Language Settings.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
C:\Users\Guest\Desktop\Microsoft Office\Microsoft Office Tools\Microsoft Office Diagnostics.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
C:\Users\Guest\Desktop\Microsoft Office\Microsoft Office Tools\Microsoft Office Picture Manager.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
C:\Users\Mcx1-NABEEL\Desktop\Bandicam.lnk - C:\Program Files (x86)\Bandicam\bdcam.exe
C:\Users\Mcx1-NABEEL\Desktop\Bandicut.lnk - C:\Program Files (x86)\Bandicut\bdcut.exe
C:\Users\Mcx1-NABEEL\Desktop\SmartPixel.lnk - C:\SmartPixel\bin\smartpixel.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk - C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
C:\Users\Public\Desktop\DAEMON Tools Lite.lnk - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe https://s3.amazonaws.com/amazo/RNND/sR2HVx2.html
C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe https://s3.amazonaws.com/amazo/RNND/sR2HVx2.html
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}\SkypeIcon.exe
C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Users\Public\Desktop\VoxPC.lnk - C:\Windows\Installer\{DA08C78F-5F8D-436C-AF23-AC1FFACFAC41}\_6ACA3E4E68846875E67322.exe

==== shortcuts in Users Start Menu ======================

C:\Users\Don\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Don\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Don\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Imperia Online\Imperia Online.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe https://s3.amazonaws.com/amazo/RNND/sRCH2.html
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe https://s3.amazonaws.com/amazo/RNND/sR2HVx2.html
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\About iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.Resources\en_GB.lproj\About iTunes.rtf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_31\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files (x86)\Java\jre1.8.0_31\bin\javacpl.exe -tab update
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_31\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit\Java Mission Control.lnk - C:\Program Files (x86)\Java\jdk1.8.0_25\bin\jmc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit\Reference Documentation.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeraCopy\TeraCopy Help.lnk - C:\Program Files\TeraCopy\TeraCopy Help.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeraCopy\TeraCopy on the Web.lnk - C:\Program Files\TeraCopy\TeraCopy.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeraCopy\TeraCopy.lnk - C:\Program Files\TeraCopy\TeraCopy.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeraCopy\Uninstall TeraCopy.lnk - C:\Program Files\TeraCopy\unins000.exe

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Don\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Don\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Don\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Don\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Don\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Yahoo Messenger.lnk -
C:\Users\Don\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -
C:\Users\Don\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\Don\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9d91276b0be3e46b\pinned.lnk -
C:\Users\Don\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Don\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Core Temp.lnk - C:\Program Files\Core Temp\Core Temp.exe
C:\Users\Don\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\CyberLink YouCam.lnk - C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe
C:\Users\Don\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Defraggler.lnk - C:\Program Files\Defraggler\Defraggler64.exe
C:\Users\Don\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\HP Support Assistant.lnk - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
C:\Users\Don\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe https://s3.amazonaws.com/amazo/RNND/sRCH2.html
C:\Users\Don\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Word 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
C:\Users\Don\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe https://s3.amazonaws.com/amazo/RNND/sR2HVx2.html
C:\Users\Don\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Paint.lnk - C:\Windows\system32\mspaint.exe
C:\Users\Don\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Sound Recorder.lnk -
C:\Users\Don\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\µTorrent.lnk -
C:\Users\Don\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe https://s3.amazonaws.com/amazo/RNND/sR2HVx2.html
C:\Users\Don\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe https://s3.amazonaws.com/amazo/RNND/sR2HVx2.html
C:\Users\Don\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Core Temp.lnk - C:\Program Files (x86)\Core Temp\Core Temp.exe
C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Core Temp.lnk - C:\Program Files\Core Temp\Core Temp.exe
C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Mcx1-NABEEL\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Mcx1-NABEEL\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== shortcuts After Repair ======================

C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Don\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Don\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Don\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Don\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8086A3D08B281BB4EBA5EA7DB5F3C620 deleted successfully
HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0D3A6808-82B8-4BB1-BE5A-AED75B3F6C02} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\8086A3D08B281BB4EBA5EA7DB5F3C620 deleted successfully

==== HijackThis Entries ======================

F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Don\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: BlackBerry Device Manager - BlackBerry Limited - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
O23 - Service: Bluetooth Device Manager - Motorola, Inc. - C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
O23 - Service: Bluetooth Media Service - Motorola, Inc. - C:\Program Files\Motorola\Bluetooth\audiosrv.exe
O23 - Service: Bluetooth OBEX Service - Motorola, Inc. - C:\Program Files\Motorola\Bluetooth\obexsrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: TrueSuiteService (FPLService) - HP - C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Don\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Don\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Mcx1-NABEEL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Don\AppData\Local\Mozilla\Firefox\Profiles\6ygdzviu.default\Cache emptied successfully
C:\Users\Don\AppData\Local\Mozilla\Firefox\Profiles\tdkdx8td.default-1428397949693\cache2 emptied successfully
C:\Users\Guest\AppData\Local\Mozilla\Firefox\Profiles\pzgg7ljj.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Don\AppData\Local\Google\Chrome\User Data\Profile 6\Cache emptied successfully
C:\Users\Don\AppData\Local\Google\Chrome\User Data\Profile 7\Cache emptied successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=7 folders=3 12620485 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Don\AppData\Local\Temp will be emptied at reboot
C:\Users\Guest\AppData\Local\Temp emptied successfully
C:\Users\Mcx1-NABEEL\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Don\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 09/04/2015 at 2:36:12.71 ======================

 

[TwinHeadedEagle]

Hello,



They call me TwinHeadedEagle around here, and I'll be working with you.



Before we start please read and note the following:

• At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
• Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
• Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
• Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  
• All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
• If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
• I visit forum several times at day, making sure to respond to everyone's topic as fast as possible. But bear in mind that I have private life like everyone and I cannot be here 24/7. So please be patient with me. Also, some infections require less, and some more time to be removed completely, so bear this in mind and be patient.
• Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. If you solved your problem yourself, set aside two minutes to let me know.
  
• Please attach all report using
  
  button below. Doing this, you make it easier for me to analyze and fix your problem.
  
• Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay for the repair.
• If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

Rules and policies

We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

[Nabeel_69]

First of all, Thanks a lot for helping me. I really appreciate it. I will try and follow all your rules during the process. Here are the logs you requested.

Thanks again.

 

[TwinHeadedEagle]

This topic will be closed due to presence of pirated content.

Piracy policy