Jump to content

Persistent Coupon Companion and OpenCandy


Recommended Posts

These below worms keep replicated after scan, quarantine, restart PC, and scan again.

   

C:\Users\Alan\AppData\Roaming\OpenCandy

C:\Users\Alan\AppData\Roaming\OpenCandy\D08519......  (last numbers change her from scan to the other)

C:\Program Files\Coupon Companion

 

 

Also used Malwarebytes anti-rootkit  with no detection 

 

Malwarebytes  DataBase v2014.08.09.06

 

Any idea how to permanently remove them?

Link to post
Share on other sites

Hello,
    
 
They call me TwinHeadedEagle around here, and I'll be working with you.
 
    
 
    
Before we start please read and note the following:
    
Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time.
Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
Do not paste the logs in your posts, attachments make my work easier. There is a Attach Files option below which you can use to attach your reports. Always attach reports from all tools.
Stay with me to the end, the absence of symptoms doesn't mean that your machine is fully operational.
Note that we may live in totally different time zones, what may cause some delays between answers.
Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
    
icon_idea.gif I can't foresee everything, so if anything unexpected happens, please stop and inform me!
icon_idea.gif There are no silly questions. Never be afraid to ask if in doubt!
 
 
 
 
P2P/Piracy Warning:

  • If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
  • Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

 

 

 

51a612a8b27e2-Zoek.png Scan with ZOEK
 
Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    createsrpoint;gpt.ini;z C:\Windows\System32\GroupPolicy;vC:\Windows\SysWOW64\GroupPolicy;vprocess;services-list;systemspecs;startupall;skipfix-iedefaults;firefoxlook;chromelook;filesrcm;installedprogs;
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
  • Post its content into your next reply.
Link to post
Share on other sites

Malwarebytes Free Anti-Malware Keeps crashing Is that something to be concerned about prior to run diagnostic.

 

Windows problem details : 

----------------------------------------------------------------------/

Problem signature:

  Problem Event Name: APPCRASH

  Application Name: mbam.exe

  Application Version: 1.0.0.532

  Application Timestamp: 53518532

  Fault Module Name: kernel32.dll

  Fault Module Version: 6.0.6002.18881

  Fault Module Timestamp: 51da3e27

  Exception Code: c0000142

  Exception Offset: 00009f5d

  OS Version: 6.0.6002.2.2.0.768.3

  Locale ID: 1033

  Additional Information 1: 9d13

  Additional Information 2: 1abee00edb3fc1158f9ad6f44f0f6be8

  Additional Information 3: 9d13

  Additional Information 4: 1abee00edb3fc1158f9ad6f44f0f6be8

 

Read our privacy statement:


===================================================

Link to post
Share on other sites

This is Windows crach report of Torch just in case.

 

----------------------------------------------------------------------------------------------------/

Problem signature:

Problem Event Name: APPCRASH

Application Name: torch.exe

Application Version: 33.0.0.7209

Application Timestamp: 53b22c1a

Fault Module Name: chrome.dll

Fault Module Version: 33.0.0.7209

Fault Module Timestamp: 53b22bc2

Exception Code: c0000005

Exception Offset: 00006370

OS Version: 6.0.6002.2.2.0.768.3

Locale ID: 1033

Additional Information 1: 60e7

Additional Information 2: d1c0717b23d0d85c7804984c2702fc9a

Additional Information 3: dd1f

Additional Information 4: da028d4951561aad461d6ded5ef4b4ab

Read our privacy statement:

 

http://go.microsoft.com/fwlink/?linkid=50163&clcid=0x0409

--------------------------------------------------------------------------------------------------------/

Link to post
Share on other sites

Please find below the output. 

-------------------------------------------------------------------------------------------------------------------/

Zoek.exe v5.0.0.0 Updated 13-08-2014

Tool run by Alan on Thu 08/14/2014 at 18:46:30.65.

Microsoft® Windows Vista™ Home Premium  6.0.6002 Service Pack 2 x86

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Alan\Downloads\zoek (1).exe [scan all users] [script inserted] 

 

==== System Restore Info ======================

 

8/14/2014 6:58:41 PM Zoek.exe System Restore Point Created Succesfully.

 

==== Installed Programs ======================

 

Adobe Flash Player 14 Plugin  

Adobe Reader X (10.1.10)  

Advanced SystemCare Ultimate 7  

AthTek NetWalk 2.2  

AthTek Voice Recorder 2.00  

Basta Computing Dator  

Bing Bar  

Bing Desktop  

Bitcasa version 1.1.6.18  

BlackBerry Desktop Software 7.1  

BlackBerry World Browser Plugin  

Boingo Wi-Finder  

Broadcom 802.11 Wireless LAN Adapter  

Broadcom Wireless Utility  

CallingID  

Citrix Online Launcher  

Comodo IceDragon  

Conexant HD Audio  

D3DX10  

Driver Booster  

eFax Messenger  

Emsisoft Anti-Malware 5.1  

ESU for Microsoft Vista  

Etisalat 3.5G USB Modem  

FedEx Desktop  

Free RAR Extract Frog  

Glary Utilities 5.5  

Glarysoft Toolbar  

GlassFish Server Open Source Edition 4.0  

GMX File Storage Manager  

Google Chrome  

Google Drive  

Google Talk (remove only)  

Google Talk Plugin  

Google Toolbar for Internet Explorer  

Google Update Helper  

GoToMeeting 5.7.0.1172  

Hao123-Client  

HDAUDIO Soft Data Fax Modem with SmartCP  

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)  

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)  

HP QuickTouch 1.00 C4  

IObit Uninstaller  

Java 8  

Java Auto Updater  

Java SE Development Kit 8  

join.me  

jZip  

Kaspersky Security Scan  

KC Softwares SUMo  

LibreOffice 4.1 Help Pack (English (United States))  

LibreOffice 4.1.4.2  

Localphone version 1.1.0  

Malwarebytes Anti-Malware version 2.0.2.1012  

Maxthon Cloud Browser  

McAfee Security Scan Plus  

Messenger Companion  

Microsoft .NET Framework 3.5 SP1  

Microsoft .NET Framework 4.5.1  

Microsoft Application Error Reporting  

Microsoft Security Client  

Microsoft Security Essentials  

Microsoft Silverlight  

Microsoft Visual C++ 2005 Redistributable  

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022  

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411  

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17  

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148  

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161  

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219  

Mikogo 4  

Moo0 Audio Converter 1.32  

Moo0 Voice Recorder 1.43  

Moo0 YouTube Downloader 1.07  

Mozilla Firefox 31.0 (x86 en-US)  

Mozilla Maintenance Service  

Mozilla Thunderbird 31.0 (x86 en-US)  

MSVCRT  

MSXML 4.0 SP2 (KB927978)  

MSXML 4.0 SP2 (KB954430)  

MSXML 4.0 SP2 (KB973688)  

NetBeans IDE 8.0  

Nimbuzz 2.9.1  

NVIDIA Drivers  

OEM Logo and Information  

OpenDNS Updater 2.2.1  

Opera 12.17  

Opera To Phone  

Panda ActiveScan 2.0  

Panda Cloud Cleaner  

Panda Security Toolbar  

PeerBlock 1.1 (r518)  

Pegasus Mail HTML Renderer 2.4.7.2  

QQ International  

RealNetworks - Microsoft Visual C++ 2008 Runtime  

RealPlayer  

RealUpgrade 1.1  

RemoteComms External Disk Access  

RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01  

Rising Antivirus  

Rising PC Doctor  

Rising Software Deployment System  

SeaMonkey 2.26.1 (x86 en-US)  

Security Process Explorer 1.6  

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)  

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)  

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)  

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)  

Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)  

Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)  

Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)  

Segoe UI  

SkypeT 6.18  

SlimDrivers  

Spybot - Search & Destroy  

SumatraPDF  

Surfing Protection  

swMSM  

TheWorld Browser 3.0 Final  

TipCam 2.0  

Torch  

Tweaking.com - Windows Repair (All in One)  

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)  

VLC media player 2.1.3  

VMB HL  

Win IP Config 2.7  

Windows Live Communications Platform  

Windows Live Essentials  

Windows Live ID Sign-in Assistant  

Windows Live Installer  

Windows Live Messenger  

Windows Live Messenger Companion Core  

Windows Live Photo Common  

Windows Live PIMT Platform  

Windows Live SOXE  

Windows Live SOXE Definitions  

Windows Live UX Platform  

Windows Live UX Platform Language Pack  

Windows Media Player Firefox Plugin  

WinPcap 4.1.2  

Wireshark 1.7.0  

XAMPP  

ZoneAlarm LTD Toolbar  

 

==== Running Processes ======================

 

C:\Windows\System32\smss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\winlogon.exe

C:\Program Files\IObit\Advanced SystemCare Ultimate\ASCService.exe

C:\Program Files\IObit\Advanced SystemCare Ultimate\ascavsvc.exe

C:\Program Files\Emsisoft Anti-Malware\a2service.exe

C:\Windows\system32\nvvsvc.exe

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Program Files\Rising\RAV\RavMonD.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\WLANExt.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe

C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Program Files\Hotspot Shield\bin\hsswd.exe

C:\Program Files\Comodo\IceDragon\icedragon_updater.exe

C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe

C:\Users\Alan\AppData\Roaming\Mikogo 4\M4-Service.exe

C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe

C:\Users\Alan\AppData\Roaming\Mikogo 4\M4-Capture.exe

C:\ProgramData\MobileBrServ\mbbservice.exe

C:\Users\Alan\AppData\Local\Torch\Update\TorchCrashHandler.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe

c:\Program Files\Microsoft Security Client\NisSrv.exe

C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\SlimDrivers\SlimDrivers.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\IObit\Advanced SystemCare Ultimate\Monitor.exe

C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe

C:\Program Files\Rising\RAV\RsTray.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Windows\System32\rundll32.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Google\Google Talk\googletalk.exe

C:\Program Files\IObit\Advanced SystemCare Ultimate\ASCTray.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Glary Utilities 5\SoftwareUpdate.exe

C:\Program Files\Microsoft\BingBar\7.3.117.0\SeaPort.exe

C:\Windows\system32\sdclt.exe

C:\Users\Alan\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Alan\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Alan\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Alan\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Alan\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Alan\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Alan\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Alan\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Alan\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Alan\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Alan\AppData\Local\Torch\Application\torch.exe

C:\Users\Alan\AppData\Local\Torch\Update\33.0.0.7326\TorchUpdate.exe

C:\Users\Alan\AppData\Local\Torch\Application\torch.exe

C:\Users\Alan\AppData\Local\Torch\Application\torch.exe

C:\Users\Alan\AppData\Local\Torch\Application\torch.exe

C:\Users\Alan\AppData\Local\Torch\Application\torch.exe

C:\Users\Alan\AppData\Local\Torch\Application\torch.exe

C:\Users\Alan\AppData\Local\Torch\Application\torch.exe

C:\Users\Alan\AppData\Local\Torch\Application\torch.exe

C:\Users\Alan\AppData\Local\Torch\Application\torch.exe

C:\Users\Alan\AppData\Local\Torch\Application\torch.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Users\Alan\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Alan\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Alan\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Rising\RSD\RsMgrSvc.exe

C:\Program Files\Rising\RSD\popwndexe.exe

C:\Program Files\Windows NT\Accessories\WORDPAD.EXE

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Users\Alan\Downloads\zoek (1).exe

C:\Windows\system32\conime.exe

C:\Users\Alan\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k SDRSVC

 

==== Deleting Files \ Folders ======================

 

C:\Windows\system32\appdata deleted

 

==== Folders Found ======================

 

 

==== Files Found ======================

 

 

==== Folders Found In C:\Windows\System32\GroupPolicy ======================

 

2011-09-19 09:42:50 d-----w- C:\Windows\System32\GroupPolicy\Machine

 

==== Files Found In C:\Windows\System32\GroupPolicy ======================

 

2011-11-10 15:48:36 22 ----a-w- 50F9DBB7247D98905E5C8F9B43C512F5 C:\Windows\System32\GroupPolicy\gpt.ini

 

==== System Specs ======================

 

Operating System: Microsoft® Windows Vista™ Home Premium  6.0.6002 Service Pack 2 32-bit

Manufacturer: Hewlett-Packard - Model: HP Pavilion dv2700 Notebook PC

Install Date: 7/19/2011 9:34:25 PM

Last Boot: 8/14/2014 5:25:09 PM

Processor: AMD Turion 64 X2 TL-58

Number of Processors: 2

Work Station

Bootmode: Normal boot

Total RAM: 1982 MB (free 1071 MB - 54)

Computername: ALAN-PC

Domain: -----

User: Alan (Administrator account)

Local Disk:        C:\ - NTFS - 149 GB (free 58 GB)

CD \ DVD Drive:    D:\ 

Bootdevice: \Device\HarddiskVolume1

Windows update: 2014-07-28 17:55:54

Country: United States 

Language: ENU 

 

==== System Specs (Software) ======================

 

Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated)

Anti-Virus: Rising Antivirus On-access scanning disabled (Outdated)

Anti-Virus: Advanced SystemCare Ultimate On-access scanning disabled (Outdated)

Anti-Spyware: Windows Defender disabled (Outdated)

Anti-Spyware: Spybot - Search and Destroy disabled (Outdated)

Anti-Spyware: Microsoft Security Essentials disabled (Outdated)

Anti-Spyware: Rising Antivirus disabled (Outdated)

Default Browser: IceDragon 26.0.0.1

Internet Explorer Version: 9.0.8112.16421 

Mozilla Firefox version: 31.0 (x86 en-US)

Google Chrome version: 36.0.1985.125

Torch Browser version: 33.0.0.7326

Adobe Reader version: 10.1.10.18

Sun Java version: 1.8.0 (32-bit) 

Flash Player version: 14.0.0.145

 

==== Files Recently Created / Modified ======================

 

====== C:\Windows ====

====== C:\Users\Alan\AppData\Local\Temp ====

====== Java Cache =====

====== C:\Windows\system32 =====

2014-08-14 12:30:12 05B803F48B167FED703D968E41C8FF57 421376 ----a-w- C:\Windows\System32\vbscript.dll

2014-08-14 12:30:08 8A807EB890A68CB9664751D054283473 1810432 ----a-w- C:\Windows\System32\jscript9.dll

2014-08-14 12:30:08 3100F61A0A7921EF93232DF79EB9665B 353792 ----a-w- C:\Windows\System32\dxtmsft.dll

2014-08-14 12:30:07 CD599FE695689CADD969134A6DFF536A 717824 ----a-w- C:\Windows\System32\jscript.dll

2014-08-14 12:30:06 9BC276FEBE9095BA13CB7FF9D86D35C8 176640 ----a-w- C:\Windows\System32\ieui.dll

2014-08-14 12:30:06 526014FFF6F612D9D0E86C874E7B0C36 1129472 ----a-w- C:\Windows\System32\wininet.dll

2014-08-14 12:30:06 03BFA69E881E2A6B4555B156CCC89BE1 223232 ----a-w- C:\Windows\System32\dxtrans.dll

2014-08-14 12:29:58 02A1A3C2447C6C61C993CD0458CB9644 73216 ----a-w- C:\Windows\System32\mshtmled.dll

2014-08-14 12:29:24 601FCEB3AB6B81F48CCF1E22FFA5E6D4 12356608 ----a-w- C:\Windows\System32\mshtml.dll

2014-08-14 12:29:16 E1DACCBC452185F5F93246B6ABF61043 41472 ----a-w- C:\Windows\System32\msfeedsbs.dll

2014-08-14 12:29:16 831B93C9E1D4F14A14FBE37B433C5CE5 10752 ----a-w- C:\Windows\System32\msfeedssync.exe

2014-08-14 12:29:15 7F60324132E77497DB2CBEA7DAE47B11 1137664 ----a-w- C:\Windows\System32\urlmon.dll

2014-08-14 12:29:15 11F23B8F92E4A99F462C000F15F96CD9 11776 ----a-w- C:\Windows\System32\mshta.exe

2014-08-14 12:29:08 98CAD7C19474E10C5E8B4F6D44284020 65536 ----a-w- C:\Windows\System32\jsproxy.dll

2014-08-14 12:28:40 B9F7ADFBF9373D4751193F507C187421 607744 ----a-w- C:\Windows\System32\msfeeds.dll

2014-08-14 12:28:38 BAB1E65F3BB0EA5D388CF46C22231C04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2014-08-14 12:28:31 F2645503E6773B1D3E9224A192BB9557 1427968 ----a-w- C:\Windows\System32\inetcpl.cpl

2014-08-14 12:28:27 F2CE7AFE641AF857B0EA0F22F93A5127 142848 ----a-w- C:\Windows\System32\ieUnatt.exe

2014-08-14 12:28:25 1CBF77E333C1251DD3AF76FD9F67C5D1 1802240 ----a-w- C:\Windows\System32\iertutil.dll

2014-08-14 12:28:23 5E46C4016F81F1B16777787A5AAF1364 231936 ----a-w- C:\Windows\System32\url.dll

2014-08-14 12:28:16 C6B790771A2BBB4B964329936B22D8D4 9739264 ----a-w- C:\Windows\System32\ieframe.dll

2014-08-14 12:24:43 7191E1CBF4A7A1C0EEC08DED6F6A18A3 2048 ----a-w- C:\Windows\System32\tzres.dll

2014-08-14 12:16:41 31F57ACBE76A0E17976E18614DE58399 37376 ----a-w- C:\Windows\System32\cdd.dll

2014-08-14 12:08:28 825EDAE0F2A55CD3578B0FF081595885 2054656 ----a-w- C:\Windows\System32\win32k.sys

2014-08-14 12:08:26 16386E2989663F325A6A89991DE5ADFB 297984 ----a-w- C:\Windows\System32\gdi32.dll

2014-08-09 22:41:13 EAE394724CDC4887E3CA29579F8B7DDE 96664 ----a-w- C:\Windows\System32\WindowsAccessBridge.dll

2014-08-09 22:41:11 9DFF2C8F4CE048322FCB10D38820D510 176024 ----a-w- C:\Windows\System32\javaw.exe

2014-08-09 22:41:06 743524979EF5F33BDB4DDEE63FD6C042 176024 ----a-w- C:\Windows\System32\java.exe

====== C:\Windows\system32\drivers =====

2014-08-14 12:16:41 5C2C209CDEFBC51D83D66E8A53B2BE89 638400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2014-07-31 11:59:40 F50E613E6837CA58B3EBDF3F65EAEABE 346688 ----a-w- C:\Windows\System32\drivers\cbfs5.sys

2014-07-29 12:01:49 12E71DA845D76665B56753AD149E32B3 110296 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys

2014-07-29 11:58:37 EA6FC4074EB53342249CCE7DAE9F3A85 75480 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys

2014-07-29 11:58:36 8683C1B450F4B3872839308D836E0F92 23256 ----a-w- C:\Windows\System32\drivers\mbam.sys

2014-07-29 11:58:36 799613BA73D25641402AA81B6403EFF8 51928 ----a-w- C:\Windows\System32\drivers\mwac.sys

====== C:\Windows\Tasks ======

2014-08-09 21:49:06 87B645119720B55C95FEC6BC4AAD1293 3004 ----a-w- C:\Windows\system32\Tasks\{882FEDDA-8EA8-4762-9669-9D307879DAA0}

2014-08-09 21:33:38 87B645119720B55C95FEC6BC4AAD1293 3004 ----a-w- C:\Windows\system32\Tasks\{9BCAAB3B-366C-4882-AFAD-1469EF35475A}

2014-08-07 12:45:27 FA673F7ECB528D2382595561EB9BCC06 3224 ----a-w- C:\Windows\system32\Tasks\{2C234CE3-4FC7-44C2-BCFA-BFE7E45F75E6}

2014-07-21 22:59:15 23E75668628C1E9DD34EC21FC97CF23F 2872 ----a-w- C:\Windows\system32\Tasks\Uninstaller_SkipUac_Administrator

2014-07-21 22:42:47 EF0C451BE154A17E91F928627D3728FB 3018 ----a-w- C:\Windows\system32\Tasks\{846B15BB-7035-43F8-A22B-7D637837276C}

2014-07-15 17:54:58 4E6C77F3A849E464BB8DEF85542C4FE5 2840 ----a-w- C:\Windows\system32\Tasks\Driver Booster SkipUAC (Alan)

2014-07-15 17:54:51 50B12ADE364143E80E317924C3E9336D 3200 ----a-w- C:\Windows\system32\Tasks\Driver Booster Scan

2014-07-15 17:54:48 0E6BF7E727E0FB60F6690325B5A4624B 3144 ----a-w- C:\Windows\system32\Tasks\Driver Booster Update

====== C:\Windows\Temp ======

======= C:\Program Files =====

2014-08-03 16:36:40 -------- d-----w- C:\Program Files\Adobe

2014-08-03 16:36:39 -------- d-----w- C:\Program Files\Common Files\Adobe

2014-07-31 11:59:20 -------- d-----w- C:\Program Files\Bitcasa

2014-07-27 19:54:35 -------- d-----w- C:\Program Files\Mozilla Thunderbird

2014-07-23 21:56:19 -------- d-----w- C:\Program Files\Research In Motion Limited

2014-07-21 21:16:19 -------- d-----w- C:\Program Files\Hp

2014-07-19 16:13:19 -------- d-----w- C:\Program Files\Common Files\Skype

2014-07-19 16:13:12 -------- d-----r- C:\Program Files\Skype

2014-07-19 12:25:28 -------- d-----w- C:\Program Files\Nimbuzz

2014-07-18 22:11:30 -------- d-----w- C:\Program Files\Tencent

2014-07-18 14:36:42 -------- d-----w- C:\Program Files\Research In Motion

======= C: =====

2014-07-24 18:06:13 0ADB200EDE3E86884EEBCF60ACBD3148 10279264 ----a-w- C:\HitmanPro(1).exe

====== C:\Users\Alan\AppData\Roaming ======

2014-08-03 16:47:26 -------- d-----w- C:\Users\Alan\AppData\Local\Adobe

2014-07-31 12:01:26 -------- d-----w- C:\Users\Alan\AppData\Roaming\com.bitcasa.Bitcasa

2014-07-29 16:25:50 -------- d-----w- C:\Users\Alan\AppData\Local\Moo0

2014-07-19 16:14:16 -------- d-----w- C:\Users\Alan\AppData\Local\Skype

2014-07-18 14:44:47 -------- d-----w- C:\Users\Alan\AppData\Roaming\Research In Motion

====== C:\Users\Alan ======

2014-08-14 09:43:23 EF1E3A9CCBFA3D70140D566D05ACF03A 14416448 ----a-w- C:\Users\Alan\Downloads\Glary_Utilities_v5.5.0.12.exe

2014-08-12 12:45:14 -------- d-----w- C:\ProgramData\TorchCrashHandler

2014-07-31 12:00:06 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitcasa

2014-07-24 18:11:16 -------- d-----w- C:\ProgramData\HitmanPro

2014-07-21 22:58:56 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller

2014-07-19 16:13:20 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2014-07-19 14:28:50 55573DF206D3E080C11D31A603B32F5A 31776 ----a-w- C:\ProgramData\nvModes.001

2014-07-19 14:28:49 55573DF206D3E080C11D31A603B32F5A 31776 ----a-w- C:\ProgramData\nvModes.dat

2014-07-19 14:12:44 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bing Desktop

2014-07-19 12:25:44 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nimbuzz

2014-07-18 14:39:12 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlackBerry

2014-07-18 14:38:36 -------- d-----w- C:\ProgramData\Research In Motion

2014-07-15 17:54:43 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster

 

====== C: exe-files ==

2014-08-14 12:29:14 24E81DD09DC95A57E540CBE0DB82F2DC 22528 ----a-w- C:\Program Files\Internet Explorer\ExtExport.exe

2014-08-14 12:28:58 6AECB1303D69A5B2098A07A2D3F87D40 223232 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe

2014-08-14 12:28:33 4284E58A38F0A0E69205B9122E15AED3 469504 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe

2014-08-14 12:28:19 76F9BA272D99BB7859695A4F9207178E 757976 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe

2014-08-12 11:55:37 F234A33467DA8B683B19709C8FEF9765 1843856 ----a-w- C:\Downloads\TorchSetupk-r0-n-bi.exe

2014-08-08 16:21:20 D9FE5132D2C95620D594E2AB186660C6 1363968 ----a-w- C:\Program Files\Moo0\VoiceRecorder 1.43\uninstaller.exe

2014-08-08 16:21:16 0AFFF4760C1C748A1D6B5482118784CE 2674688 ----a-w- C:\Program Files\Moo0\VoiceRecorder 1.43\VoiceRecorder.exe

=== C: other files ==

 

==== Startup Registry Enabled ======================

 

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"

 

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"

 

[HKEY_USERS\S-1-5-21-2539571941-1062829864-63335017-1000\Software\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe"

"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe /autostart"

"GMX_GMX File Storage Manager"="C:\Program Files\GMX\GMX File Storage Manager\DAVSRV.EXE /hide"

"Advanced SystemCare Ultimate"="C:\Program Files\IObit\Advanced SystemCare Ultimate\ASCTray.exe /Auto"

"GoogleChromeAutoLaunch_88B5D67DE95B7BDECB2F56548CE938C7"="C:\Users\Alan\AppData\Local\Torch\Application\torch.exe --no-startup-window"

"GUDelayStartup"="C:\Program Files\Glary Utilities 5\StartupManager.exe -delayrun"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RavTRAY"="C:\Program Files\Rising\RAV\RSTRAY.EXE -system"

"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"

"NvCplDaemon"="RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup"

"NvMediaCenter"="RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit"

"Bitcasa"="C:\Program Files\Bitcasa\BitcasaBoot.exe C:\Program Files\Bitcasa\Bitcasa.exe /startup"

"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe"

"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe /autostart"

"GMX_GMX File Storage Manager"="C:\Program Files\GMX\GMX File Storage Manager\DAVSRV.EXE /hide"

"Advanced SystemCare Ultimate"="C:\Program Files\IObit\Advanced SystemCare Ultimate\ASCTray.exe /Auto"

"GoogleChromeAutoLaunch_88B5D67DE95B7BDECB2F56548CE938C7"="C:\Users\Alan\AppData\Local\Torch\Application\torch.exe --no-startup-window"

"GUDelayStartup"="C:\Program Files\Glary Utilities 5\StartupManager.exe -delayrun"

 

==== Startup Registry Disabled ======================

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Advanced SystemCare Ultimate]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Advanced SystemCare Ultimate"

"hkey"="HKCU"

"command"="\"C:\\Program Files\\IObit\\Advanced SystemCare Ultimate\\ASCTray.exe\" /Auto"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Anti-phishing Domain Advisor]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Anti-phishing Domain Advisor"

"hkey"="HKLM"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BingDesktop]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="BingDesktop"

"hkey"="HKLM"

"command"="C:\\Program Files\\Microsoft\\BingDesktop\\BingDesktop.exe /fromkey"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Bitcasa]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Bitcasa"

"hkey"="HKLM"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\egui]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="egui"

"hkey"="HKLM"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Google Update"

"hkey"="HKCU"

"command"="\"C:\\Users\\Alan\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GoogleDriveSync]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="GoogleDriveSync"

"hkey"="HKCU"

"command"="\"C:\\Program Files\\Google\\Drive\\googledrivesync.exe\" /autostart"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GUDelayStartup]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="GUDelayStartup"

"hkey"="HKCU"

"command"="\"C:\\Program Files\\Glary Utilities 5\\StartupManager.exe\" -delayrun"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ISUSPM]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="ISUSPM"

"hkey"="HKCU"

"command"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\ISUSPM.exe\" -scheduler"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KSS]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="KSS"

"hkey"="HKCU"

"command"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Security Scan 2.0\\kss.exe\" /autorun"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Mikogo]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Mikogo"

"hkey"="HKCU"

"command"="\"C:\\Users\\Alan\\AppData\\Roaming\\Mikogo 4\\mikogo-host.exe\" -asp"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MsnMsgr]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="MsnMsgr"

"hkey"="HKCU"

"command"="\"C:\\Program Files\\Windows Live\\Messenger\\MsnMsgr.Exe\" /background"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Nimbuzz]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Nimbuzz"

"hkey"="HKCU"

"command"="C:\\Program Files\\Nimbuzz\\Nimbuzz.exe"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\OnScreenDisplay]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="OnScreenDisplay"

"hkey"="HKLM"

"command"="C:\\Program Files\\Hewlett-Packard\\HP QuickTouch\\HPKBDAPP.exe"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Panda Security URL Filtering]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Panda Security URL Filtering"

"hkey"="HKLM"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QQ2009]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="QQ2009"

"hkey"="HKCU"

"command"="\"C:\\Program Files\\Tencent\\QQIntl\\Bin\\QQ.exe\" /background"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RIMBBLaunchAgent.exe]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="RIMBBLaunchAgent.exe"

"hkey"="HKLM"

"command"="C:\\Program Files\\Common Files\\Research In Motion\\USB Drivers\\RIMBBLaunchAgent.exe"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\runeip]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="runeip"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Rising\\AntiSpyware\\rstray.exe\" /startup"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SDTray]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="SDTray"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe\""

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Skype"

"hkey"="HKCU"

"command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /minimized /regrun"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spybot-S&D Cleaning]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Spybot-S&D Cleaning"

"hkey"="HKCU"

"command"="\"C:\\Program Files\\Spybot - Search & Destroy 2\\SDCleaner.exe\" /autoclean"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="swg"

"hkey"="HKCU"

"command"="\"C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\""

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Windows Defender]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Windows Defender"

"hkey"="HKLM"

"command"="%ProgramFiles%\\Windows Defender\\MSASCui.exe -hide"

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Install LastPass IE RunOnce.lnk.disabled]

"backup"="C:\\Windows\\pss\\Install LastPass IE RunOnce.lnk.disabled.CommonStartup"

"backupExtension"=".CommonStartup"

"item"="Install LastPass IE RunOnce.lnk"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]

"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\McAfee Security Scan Plus.lnk"

"backup"="C:\\Windows\\pss\\McAfee Security Scan Plus.lnk.CommonStartup"

"backupExtension"=".CommonStartup"

"command"="C:\\PROGRA~1\\MCAFEE~1\\38B0D1~1.150\\SSSCHE~1.EXE "

"item"="McAfee Security Scan Plus"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Alan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^eFax 4.4.lnk.disabled]

"backup"="C:\\Windows\\pss\\eFax 4.4.lnk.disabled.Startup"

"backupExtension"=".Startup"

"item"="eFax 4.4.lnk"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Alan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]

"backup"="C:\\Windows\\pss\\OpenOffice.org 3.3.lnk.Startup"

"backupExtension"=".Startup"

"item"="OpenOffice.org 3.3"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Alan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Rebtel.appref-ms]

"backup"="C:\\Windows\\pss\\Rebtel.appref-ms.Startup"

"backupExtension"=".Startup"

"item"="Rebtel"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Alan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^TipCam.lnk]

"backup"="C:\\Windows\\pss\\TipCam.lnk.Startup"

"backupExtension"=".Startup"

"command"="C:\\PROGRA~1\\uTIPu\\tipc.exe -s"

"item"="TipCam"

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AeLookupSvc]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Bonjour Service]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Browser]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\fdPHost]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\FDResPub]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\hidserv]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\RpcLocator]

 

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-]

"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /minimized /regrun"

 

 

==== Startup Folders ======================

 

2013-03-03 13:34:42 1855 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk

 

==== Task Scheduler Jobs ======================

 

C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job --a------ C:\Windows\TEMP\090489E4-AFBC-4583-8399-9520157FFEB1.exe []

C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job --a------ C:\Program Files\Spybot - Search  Destroy 2\SDUpdate.exe []

C:\Windows\tasks\GlaryInitialize 5.job --a------ C:\Program Files\Glary Utilities 5\Initialize.exe [08/04/2014 10:05 AM]

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [07/19/2011 09:32 PM]

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [07/19/2011 09:32 PM]

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2539571941-1062829864-63335017-1000Core.job --a------ C:\Users\Alan\AppData\Local\Google\Update\GoogleUpdate.exe [07/20/2011 12:54 AM]

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2539571941-1062829864-63335017-1000UA.job --a------ C:\Users\Alan\AppData\Local\Google\Update\GoogleUpdate.exe [07/20/2011 12:54 AM]

C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job --a------ [undetermined Task]

C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job --a------ C:\Program Files\Spybot - Search  Destroy 2\SDScan.exe []

C:\Windows\tasks\SlimDrivers Startup.job --a------ C:\Program Files\SlimDrivers\SlimDrivers.exe [09/24/2013 01:49 PM]

C:\Windows\tasks\update-S-1-5-21-2539571941-1062829864-63335017-1000.job --a------ C:\Program Files\Skillbrains\Updater\Updater.exe []

C:\Windows\tasks\update-sys.job --a------ C:\Program Files\Skillbrains\Updater\Updater.exe []

 

==== Other Scheduled Tasks ======================

 

"C:\Windows\system32\tasks\ASC7U_SkipUac_Alan" [C:\Program Files\IObit\Advanced SystemCare Ultimate\ASC.exe /SkipUac]

"C:\Windows\system32\tasks\ASC7_PerformanceMonitor" [C:\Program Files\IObit\Advanced SystemCare Ultimate\Monitor.exe]

"C:\Windows\system32\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv" [C:\Windows\TEMP\{090489E4-AFBC-4583-8399-9520157FFEB1}.exe]

"C:\Windows\system32\tasks\Check for updates (Spybot - Search & Destroy)" [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe]

"C:\Windows\system32\tasks\Driver Booster Scan" [C:\Program Files\IObit\Driver Booster\Scheduler.exe]

"C:\Windows\system32\tasks\Driver Booster SkipUAC (Alan)" [C:\Program Files\IObit\Driver Booster\DriverBooster.exe]

"C:\Windows\system32\tasks\Driver Booster Update" [C:\Program Files\IObit\Driver Booster\AutoUpdate.exe]

"C:\Windows\system32\tasks\GlaryInitialize 5" [C:\Program Files\Glary Utilities 5\Initialize.exe]

"C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]

"C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]

"C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-2539571941-1062829864-63335017-1000Core" [C:\Users\Alan\AppData\Local\Google\Update\GoogleUpdate.exe]

"C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-2539571941-1062829864-63335017-1000UA" [C:\Users\Alan\AppData\Local\Google\Update\GoogleUpdate.exe]

"C:\Windows\system32\tasks\GU5SkipUAC" [C:\Program Files\Glary Utilities 5\Integrator.exe]

"C:\Windows\system32\tasks\Maxthon Update" ["C:\Program Files\Maxthon\Bin\mxup.exe"]

"C:\Windows\system32\tasks\Open URL by RoboForm" [C:\Windows\system32\rundll32.exe url.dll,FileProtocolHandler ""http://www.google.com/", "http://ar.hao123.com/?tn=oc_pay_hp_03_hao123_ar" ],

 

 

==== IE Start and Search Settings ======================

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]



[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

 

==== All HKCU SearchScopes ======================

 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Unknown  Url="Not_Found"





{c1d89ae7-449d-4929-b24b-fded04adbe06} Unknown  Url="Not_Found"



{E627DC4B-8C04-4234-A2D4-1D634EE01C41} Fastest  Url="http://fastestwebsearch.com/search?q={searchterms}"



 

==== C:\zoek_backup content ======================

 

C:\zoek_backup (files=2 folders=4 16449 bytes)

 

==== EOF on Thu 08/14/2014 at 19:47:01.12 ======================
Link to post
Share on other sites

51a612a8b27e2-Zoek.png Fix with ZOEK
 


icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

 
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    createsrpoint;C:\Windows\System32\GroupPolicy\Machine;fsC:\Windows\System32\GroupPolicy\gpt.ini;fC:\Windows\tasks\update-S-1-5-21-2539571941-1062829864-63335017-1000.job;fC:\Windows\tasks\update-sys.job;fC:\Program Files\Skillbrains;fsautoclean;emptyalltemp;ipconfig /flushdns;b
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
  • Post its content into your next reply.
     
     
     
     

    51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware
     
    Please re-run 51a46ae42d560-malwarebytes_anti_malware. Malwarebytes' Anti-Malware.
    • First of all, select update.
    • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
    • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
    • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
    • Upon completion of the scan (or after the reboot), click the History tab.
    • Click Application Logs and double-click the newest Scan Log.
    • At the bottom click Export and choose Text file.
    Save the file to your desktop and include its content in your next reply.
Link to post
Share on other sites

Zoek.exe v5.0.0.0 Updated 13-08-2014
Tool run by Alan on Fri 08/15/2014 at  2:28:50.83.
Microsoft® Windows Vista™ Home Premium  6.0.6002 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected
Launched: c:\Users\Alan\Downloads\zoek (1).exe [scan all users] [script inserted]

==== Older Logs ======================

C:\zoek-results2014-08-14-164701.log    62326 bytes

==== System Restore Info ======================

8/15/2014 2:39:00 AM Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2539571941-1062829864-63335017-1000\Software\Microsoft\Internet Explorer\SearchScopes\{1AE701B8-367F-4E3B-8760-542BAD2FC169} deleted successfully
HKEY_USERS\S-1-5-21-2539571941-1062829864-63335017-1000\Software\Microsoft\Internet Explorer\SearchScopes\{900FD889-D559-4C10-A2F0-7851A7C6AAEE} deleted successfully
HKEY_USERS\S-1-5-21-2539571941-1062829864-63335017-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CE70972E-BA8D-45E0-8E87-12F208C52C61} deleted successfully
HKEY_USERS\S-1-5-21-2539571941-1062829864-63335017-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E4A7D9E5-FC86-4D2E-BA8F-C5A0D040C70D} deleted successfully
HKEY_USERS\S-1-5-21-2539571941-1062829864-63335017-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E627DC4B-8C04-4234-A2D4-1D634EE01C41} deleted successfully
HKEY_USERS\S-1-5-21-2539571941-1062829864-63335017-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E96133C6-7110-4BA1-8135-C89C058C2104} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\HssWd deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HssWd deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\HssWd deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\HssWd deleted successfully

==== FireFox Fix ======================

ProfilePath: C:\Users\Alan\AppData\Roaming\Comodo\IceDragon\Profiles\40yf6a4z.default

user.js not found
---- Lines enabledAddons" modified from prefs.js ----

user_pref("extensions.enabledAddons", "externalip%40erik.morlin:0.9.9.6,search-ip%40exemple.tld:1.02,smartinfowidget%40smart-ip.net:1.2,%7B152455DE-7B
---- FireFox user.js and prefs.js backups ----

prefs_20140815_0356_.backup

ProfilePath: C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\27quhgwo.default

---- Lines enabledAddons" modified from prefs.js ----

user_pref("extensions.enabledAddons", "newtabgoogle%40graememcc.co.uk:1.0.2,search-ip%40exemple.tld:1.02,smartinfowidget%40smart-ip.net:1.2,%7B35106bc
---- Lines zonealarm removed from user.js ----

user_pref("extensions.zonealarm.tlbrSrchUrl", ""http://www.google.com/", "http://ar.hao123.com/?tn=oc_pay_hp_03_hao123_ar" ],


==== Chrome Fix ======================

C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx deleted successfully
C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.metrolyrics.com_0.localstorage deleted successfully
C:\Users\Alan\AppData\Local\Torch\User Data\Default\Local Storage\http_deals.souq.com_0.localstorage deleted successfully
C:\Users\Alan\AppData\Local\Torch\User Data\Default\Local Storage\http_deals.souq.com_0.localstorage-journal deleted successfully
C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_isearch.avg.com_0.localstorage deleted successfully
C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_en.softonic.com_0.localstorage deleted successfully
C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_fix-it-center.en.softonic.com_0.localstorage deleted successfully
C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_google-talk-chrome.en.softonic.com_0.localstorage deleted successfully
C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_microsoft-windows-installer-vista-7-32-bits.en.softonic.com_0.localstorage deleted successfully
C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_mobile-gmaps.en.softonic.com_0.localstorage deleted successfully
C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_neotrace-pro.en.softonic.com_0.localstorage deleted successfully
C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_qik.en.softonic.com_0.localstorage deleted successfully
C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_slimdrivers.en.softonic.com_0.localstorage deleted successfully
C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_whatsapp-messenger.en.softonic.com_0.localstorage deleted successfully
C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_zilla-wincleaner-n-optimizer.en.softonic.com_0.localstorage deleted successfully
C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_brooklyn.citysearch.com_0.localstorage deleted successfully
C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_providence.citysearch.com_0.localstorage deleted successfully
C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.consumersearch.com_0.localstorage deleted successfully
C:\Users\Alan\AppData\Local\Torch\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh deleted successfully
C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbeoemfhkdniadbojeencpkgmobndpai deleted successfully
C:\Users\Alan\AppData\Local\Torch\User Data\Default\Extensions\dbeoemfhkdniadbojeencpkgmobndpai deleted successfully
C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk deleted successfully
C:\Users\Alan\AppData\Local\Torch\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk deleted successfully
C:\Users\Alan\AppData\Local\Torch\User Data\Default\Extensions\dmgjnkhnkblpmfjpdakehnaikgdjllic deleted successfully
C:\Users\Alan\AppData\Local\Torch\User Data\Default\Extensions\aaaalejpmnocmhmlbmlkjemekckoagne deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/?ocid=EIE9HP&PC=UP50"
"Start Page Restore"="http://www.crawler.com/homepage.aspx?tbid=60747"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://isearch.glarysoft.com/?src=iehome"
"Default_Page_URL"="http://isearch.glarysoft.com/?src=iehome"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/?ocid=EIE9HP&PC=UP50"
"Start Page Restore"="http://www.msn.com/?ocid=EIE9HP&PC=UP50"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPT_enUS441"
{72909716-828E-4B54-889E-FADAC5C4B52D} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPT_en"
{c1d89ae7-449d-4929-b24b-fded04adbe06} Unknown  Url="Not_Found"
{F2BFB371-050B-4802-B20D-C733719CA2A4} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPT_en"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2539571941-1062829864-63335017-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32D47EA5-9473-4CAD-805D-9999F15D5AE2} deleted successfully
HKEY_USERS\S-1-5-21-2539571941-1062829864-63335017-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32D47EA5-9473-4CAD-805D-9999F15D5AE2} deleted successfully
HKEY_USERS\S-1-5-21-2539571941-1062829864-63335017-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7AF277D-1466-4A7B-93AF-B043984A5671} deleted successfully
HKEY_USERS\S-1-5-21-2539571941-1062829864-63335017-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7AF277D-1466-4A7B-93AF-B043984A5671} deleted successfully
HKEY_USERS\S-1-5-21-2539571941-1062829864-63335017-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} deleted successfully
HKEY_USERS\S-1-5-21-2539571941-1062829864-63335017-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} deleted successfully
HKEY_USERS\S-1-5-21-2539571941-1062829864-63335017-1000\Software\Microsoft\Internet Explorer\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{32D47EA5-9473-4CAD-805D-9999F15D5AE2} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{A7AF277D-1466-4A7B-93AF-B043984A5671} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7AF277D-1466-4A7B-93AF-B043984A5671} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-2539571941-1062829864-63335017-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{32D47EA5-9473-4CAD-805D-9999F15D5AE2} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{32D47EA5-9473-4CAD-805D-9999F15D5AE2} deleted successfully

==== shortcuts on Users Desktops ======================

C:\Users\Alan\Desktop\AthTek Voice Recorder.lnk - C:\Program Files\AthTek Software\AthTek Voice Recorder\AthTek Voice Recorder.exe
C:\Users\Alan\Desktop\DiskInternals Research.lnk -  
C:\Users\Alan\Desktop\eFax Compose Fax 4.4.lnk - C:\Program Files\eFax Messenger 4.4\J2GPBook.exe
C:\Users\Alan\Desktop\eFax Messenger 4.4.lnk - C:\Program Files\eFax Messenger 4.4\J2GPlus.exe
C:\Users\Alan\Desktop\Google Chrome.lnk - C:\Users\Alan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alan\Desktop\Google Drive.lnk - C:\Users\Alan\Google Drive
C:\Users\Alan\Desktop\Google Talk.lnk - C:\Program Files\Google\Google Talk\googletalk.exe
C:\Users\Alan\Desktop\join.me.lnk - C:\Users\Alan\AppData\Local\join.me\join.me.exe
C:\Users\Alan\Desktop\jZip.lnk - C:\Program Files\jZip\jZip.exe
C:\Users\Alan\Desktop\Kaspersky Security Scan.lnk - C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Users\Alan\Desktop\Mikogo 4.lnk - C:\Users\Alan\AppData\Roaming\Mikogo 4\mikogo-host.exe
C:\Users\Alan\Desktop\Moo0 Audio Converter 1.32.lnk - C:\Program Files\Moo0\AudioConverter 1.32\AudioConverter.exe
C:\Users\Alan\Desktop\Moo0 Voice Recorder 1.43.lnk - C:\Program Files\Moo0\VoiceRecorder 1.43\VoiceRecorder.exe
C:\Users\Alan\Desktop\recycle bin - shortcut.lnk -  
C:\Users\Alan\Desktop\Rising Antivirus.lnk - C:\Program Files\Rising\RAV\rsmain.exe
C:\Users\Alan\Desktop\SUMo.lnk - C:\Program Files\KC Softwares\SUMo\SUMo.exe
C:\Users\Alan\Desktop\TipCam.lnk - C:\Program Files\uTIPu\tipc.exe
C:\Users\Alan\Desktop\Torch.lnk - C:\Users\Alan\AppData\Local\Torch\Application\torch.exe
C:\Users\Alan\Desktop\logs\IObit Uninstaller.lnk - C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe
C:\Users\Alan\Desktop\logs\Rising PC Doctor.lnk - C:\Program Files\Rising\AntiSpyware\ras.exe
C:\Users\Alan\Desktop\logs\Security Process Explorer.lnk - C:\Program Files\Security Process Explorer\procmgr.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Adobe Reader X.lnk - C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\Advanced SystemCare Ultimate 7.lnk - C:\Program Files\IObit\Advanced SystemCare Ultimate\ASCTray.exe /manual
C:\Users\Public\Desktop\Bitcasa Infinite Drive.lnk - C:\Program Files\Bitcasa\Bitcasa.exe
C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk - C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
C:\Users\Public\Desktop\Driver Booster.lnk - C:\Program Files\IObit\Driver Booster\SkipUacExec.exe
C:\Users\Public\Desktop\Etisalat 3.5G USB Modem.lnk - C:\Program Files\Etisalat 3.5G USB Modem\Etisalat 3.5G USB Modem.exe
C:\Users\Public\Desktop\Glary Utilities 5.lnk - C:\Program Files\Glary Utilities 5\Integrator.exe
C:\Users\Public\Desktop\IObit Uninstaller.lnk - C:\Program Files\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Maxthon Cloud Browser.lnk - C:\Program Files\Maxthon\Bin\Maxthon.exe
C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.150\McUICnt.exe SecurityScanner.dll
C:\Users\Public\Desktop\NetBeans IDE 8.0.lnk - C:\Users\Alan\Desktop\PHP\htdocs\NetBeans 8.0\bin\netbeans.exe
C:\Users\Public\Desktop\Nimbuzz.lnk - C:\Program Files\Nimbuzz\Nimbuzz.exe
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe
C:\Users\Public\Desktop\Tencent QQ.lnk - C:\Program Files\Tencent\QQIntl\Bin\QQ.exe
C:\Users\Public\Desktop\TheWorld 3.lnk - C:\Program Files\TheWorld 3\theworld.exe
C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files\VideoLAN\VLC\vlc.exe

==== shortcuts in Users Start Menu ======================

C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk - C:\Program Files\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe
C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk - C:\Users\Alan\AppData\Local\Torch\Application\torch.exe
C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Users\Alan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Moo0\Moo0 Audio Converter 1.32.lnk - C:\Program Files\Moo0\AudioConverter 1.32\AudioConverter.exe
C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Moo0\Moo0 Voice Recorder 1.43.lnk - C:\Program Files\Moo0\VoiceRecorder 1.43\VoiceRecorder.exe
C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Moo0\Moo0 YouTube Downloader 1.07.lnk - C:\Program Files\Moo0\YouTube-DL 1.07\Utube-DL.exe
C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Moo0\Uninstaller\Moo0 Audio Converter 1.32.lnk - C:\Program Files\Moo0\AudioConverter 1.32\uninstaller.exe
C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Moo0\Uninstaller\Moo0 Voice Recorder 1.43.lnk - C:\Program Files\Moo0\VoiceRecorder 1.43\uninstaller.exe
C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Moo0\Uninstaller\Moo0 YouTube Downloader 1.07.lnk - C:\Program Files\Moo0\YouTube-DL 1.07\uninstaller.exe
C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Moo0 Voice Recorder 1.43.lnk - C:\Program Files\Moo0\VoiceRecorder 1.43\VoiceRecorder.exe -startup
C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch\Torch.lnk - C:\Users\Alan\AppData\Local\Torch\Application\torch.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AA1000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk - C:\Program Files\Glary Utilities 5\Integrator.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare Ultimate 7\Advanced SystemCare Ultimate 7.lnk - C:\Program Files\IObit\Advanced SystemCare Ultimate\ASCTray.exe /manual
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bing Desktop\Bing Desktop.lnk - C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitcasa\Bitcasa.lnk - C:\Program Files\Bitcasa\Bitcasa.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlackBerry\BlackBerry Desktop Software.lnk - C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlackBerry\Readme.lnk - C:\Program Files\Research In Motion\BlackBerry Desktop\BlackBerry Desktop Software readme.rtf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5\Glary Utilities 5.lnk - C:\Program Files\Glary Utilities 5\Integrator.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5\Uninstall.lnk - C:\Program Files\Glary Utilities 5\uninst.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5\Website.lnk - C:\Program Files\Glary Utilities 5\Glary Utilities 5.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller\Help.lnk - C:\Program Files\IObit\IObit Uninstaller\help.html
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller\IObit Uninstaller.lnk - C:\Program Files\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller\Uninstall IObit Uninstaller.lnk - C:\Program Files\IObit\IObit Uninstaller\UninstallDisplay.exe uninstall_start
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Users\Alan\Desktop\PHP\htdocs\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Users\Alan\Desktop\PHP\htdocs\bin\javacpl.exe -tab update
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Users\Alan\Desktop\PHP\htdocs\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit\Java Mission Control.lnk - C:\Program Files\Java\jdk1.8.0\bin\jmc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit\Reference Documentation.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files\Microsoft Silverlight\5.1.30514.0\Silverlight.Configuration.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nimbuzz\Nimbuzz.lnk - C:\Program Files\Nimbuzz\Nimbuzz.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nimbuzz\Uninstall.lnk - C:\Program Files\Nimbuzz\Uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nimbuzz\Website.lnk - C:\Program Files\Nimbuzz\Nimbuzz.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk - C:\Program Files\Skype\Phone\Skype.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tencent Software\QQ International\Tencent QQ.lnk - C:\Program Files\Tencent\QQIntl\Bin\QQ.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tencent Software\QQ International\Uninstall QQ International.lnk - C:\Program Files\Tencent\QQIntl\QQUninst.exe

==== shortcuts in Quick Launch ======================

C:\Users\Alan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare Ultimate 7.lnk - C:\Program Files\IObit\Advanced SystemCare Ultimate\ASCTray.exe /manual
C:\Users\Alan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk - C:\Program Files\Emsisoft Anti-Malware\a2start.exe
C:\Users\Alan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Glary Utilities 5.lnk - C:\Program Files\Glary Utilities 5\Integrator.exe
C:\Users\Alan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\GMX File Storage Manager.lnk - C:\Program Files\GMX\GMX File Storage Manager\DAVSRV.EXE
C:\Users\Alan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Users\Alan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Alan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mikogo 4.lnk - C:\Users\Alan\AppData\Roaming\Mikogo 4\mikogo-host.exe
C:\Users\Alan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Moo0 Voice Recorder 1.43.lnk - C:\Program Files\Moo0\VoiceRecorder 1.43\VoiceRecorder.exe
C:\Users\Alan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Moo0 YouTube Downloader 1.07.lnk - C:\Program Files\Moo0\YouTube-DL 1.07\Utube-DL.exe
C:\Users\Alan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Alan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk - C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Users\Alan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\My LastPass Vault.lnk -  
C:\Users\Alan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Opera.lnk - C:\Program Files\Opera\opera.exe
C:\Users\Alan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Rising Antivirus.lnk - C:\Program Files\Rising\RAV\rsmain.exe
C:\Users\Alan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\SeaMonkey.lnk - C:\Program Files\SeaMonkey\seamonkey.exe
C:\Users\Alan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Spybot-S&D Start Center.lnk - C:\Program Files\Spybot - Search & Destroy 2\SDWelcome.exe
C:\Users\Alan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\SUMo.lnk - C:\Program Files\KC Softwares\SUMo\SUMo.exe
C:\Users\Alan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Tencent QQ.lnk - C:\Program Files\Tencent\QQIntl\Bin\QQ.exe
C:\Users\Alan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\TheWorld 3.lnk - C:\Program Files\TheWorld 3\theworld.exe
C:\Users\Alan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Torch.lnk - C:\Users\Alan\AppData\Local\Torch\Application\torch.exe
C:\Users\Alan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Alan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1 deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\hao123desk-ar deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti-phishing Domain Advisor deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bitcasa deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Panda Security URL Filtering deleted successfully

==== Empty IE Cache ======================

C:\Users\Alan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Alan\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Alan\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Alan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Alan\AppData\Local\Chromium\User Data\Default\Cache emptied successfully
C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Alan\AppData\Local\Torch\User Data\Default\Cache will be emptied at reboot

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1924 folders=457 64201653 bytes)

==== Empty Temp Folders ======================

C:\Users\Alan\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Alan\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Alan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\PROGRA~2\Malwarebytes' Anti-Malware (portable)"  not deleted
"C:\Users\Alan\AppData\Roaming\Comodo\IceDragon\Profiles\40yf6a4z.default\extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}"  not found

==== EOF on Fri 08/15/2014 at  5:17:18.93 ======================
 

Link to post
Share on other sites

Yesterday, MalwareBytes did not find any thing with two scans also the two attached above disappeared from HIJackFree analysis.  

Although, yesterday I had an expired trial of MalwareBytes and not sure who that will affect MalwareBytes scan. 

 

Thanks,

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.