Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Persistent Sathurbot and related trojans.


  • This topic is locked This topic is locked
21 replies to this topic

#1 strelok86

strelok86

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 25 November 2014 - 12:53 AM

I am coming here to get a more advanced solution as suggested by user: noknojon after discovering from more that one form of dropper gen malware as stated in this thread: http://www.bleepingcomputer.com/forums/t/557270/multiple-win32-malware-types-popping-up/

 

here is the DDS log and the attached log:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514  BrowserJavaVersion: 11.25.2
Run by Strelok at 23:41:31 on 2014-11-24
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8191.6196 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\iolo\System Mechanic\iologovernor64.exe
C:\Program Files (x86)\IObit\Game Booster\gbtray.exe
C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
C:\Program Files\Tablet\Wacom\WacomHost.exe
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
C:\Program Files (x86)\iolo\System Mechanic\LiveBoost.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Strelok\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\firefox.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uProxyServer = hxxp=127.0.0.1:49213;https=127.0.0.1:49213
uProxyOverride = <local>
uURLSearchHooks: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
uRun: [ctfmon.exe] C:\Windows\System32\ctfmon.exe
uRun: [AdobeBridge] <no file>
mRun: [DelReg] C:\Program Files (x86)\MSI\OverclockingCenter\DelReg.exe
mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe"
mRun: [XtremeTuner HD] C:\Program Files\XtremeTuner HD\XtremeTuner HD.exe OnlyApplySettings
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [RemoteControl11] C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe
mRun: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{079F03D1-7FE6-4990-8568-7B9EBD5231B8} : NameServer = 8.8.8.8,8.8.8.8
TCP: Interfaces\{0CD66661-051D-453A-9BFB-9CD6256951AA} : NameServer = 8.8.8.8,8.8.8.8,192.168.1.1,192.168.1.101
TCP: Interfaces\{A08A4BB6-B11E-4B77-9A0D-E78B14633EC4} : NameServer = 8.8.8.8,8.8.8.8
TCP: Interfaces\{CB4178E6-CF82-41C9-BD17-ACD831139D11} : NameServer = 8.8.8.8,8.8.8.8
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file>
x64-Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Strelok\AppData\Roaming\Mozilla\Firefox\Profiles\kdw7ftmn.default\
FF - prefs.js: browser.search.selectedEngine - Google Default
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=2860773539&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=en&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\Users\Strelok\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll
.
============= SERVICES / DRIVERS ===============
.
P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-4-12 8704]
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-17 65776]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-3-5 52856]
R0 tclondrv;tclondrv;C:\Windows\System32\drivers\tclondrv.sys [2014-11-9 26856]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2011-5-20 1041168]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2010-12-27 427360]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2014-1-3 283064]
R1 RawDisk3;RawDisk3;C:\Windows\System32\drivers\rawdsk3.sys [2014-11-22 32912]
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2013/07/08 22:29:53];C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [2013-3-11 130320]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-5-24 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-12-27 79184]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2013-12-29 92008]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2014-8-29 50344]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2013-7-8 85568]
R2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2013-7-8 77576]
R2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [2013-7-8 294664]
R2 DigiNet;Digidesign Ethernet Support;C:\Windows\System32\drivers\diginet.sys [2011-7-17 21520]
R2 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2014-11-22 4700872]
R2 ntk_PowerDVD;ntk_PowerDVD;C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2013-7-8 75248]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-6 1631008]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-12-6 21055432]
R2 PDFsFilter;PDFsFilter;C:\Windows\System32\drivers\PDFsFilter.sys [2014-11-22 82160]
R2 regi;regi;C:\Windows\System32\drivers\regi.sys [2011-12-27 15672]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-6-21 411936]
R2 USBMIDIAudioDevMon;USB MIDI Series Audio Device Monitor;C:\Program Files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe [2010-4-13 1636872]
R2 WTabletServicePro;Wacom Professional Service;C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [2012-11-9 613760]
R3 hidkmdf;KMDF Driver;C:\Windows\System32\drivers\hidkmdf.sys [2012-11-9 13728]
R3 ManyCam;ManyCam Virtual Webcam;C:\Windows\System32\drivers\mcvidrv_x64.sys [2013-9-30 44928]
R3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\System32\drivers\mcaudrv_x64.sys [2013-1-31 28160]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-6-21 20256]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-6-21 40392]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-3-22 676968]
R3 WacHidRouter;Wacom Hid Router;C:\Windows\System32\drivers\wachidrouter.sys [2012-11-9 81312]
R3 wacomrouterfilter;Wacom Router Filter Driver;C:\Windows\System32\drivers\wacomrouterfilter.sys [2012-11-9 15776]
R3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S2 AODService;AODService;C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2009-10-22 136544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-7-25 162672]
S3 athrusb;Atheros Wireless LAN USB device driver;C:\Windows\System32\drivers\athrxusb.sys [2008-7-29 1075712]
S3 camfilt2;camfilt2;C:\Windows\System32\drivers\camfilt2.sys [2013-9-30 139264]
S3 DualCoreCenter;DualCoreCenter;C:\Program Files (x86)\MSI\OverclockingCenter\NTGLM7X64.sys [2010-12-27 44344]
S3 massfilter_hs;ZTE HandSet Mass Storage Filter Driver;C:\Windows\System32\drivers\massfilter_hs.sys [2012-5-23 18456]
S3 MAUSBMIDI;Service for M-Audio USB MIDI Series;C:\Windows\System32\drivers\MAudioUSBMIDI.sys [2010-4-13 200200]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 OM0530;bleep bReAtH;C:\Windows\System32\drivers\ov530vx.sys [2013-9-30 172928]
S3 paeusbaudio;paeusbaudio;C:\Windows\System32\drivers\paeusbaudio_x64.sys [2011-12-31 245584]
S3 paeusbaudiodsp;paeusbaudiodsp;C:\Windows\System32\drivers\paeusbaudiodsp_x64.sys [2011-12-31 74576]
S3 paeusbaudioks;paeusbaudioks;C:\Windows\System32\drivers\paeusbaudioks_x64.sys [2011-12-31 52560]
S3 RushTopDevice_J;RushTopDevice_J;C:\Program Files (x86)\MSI\OverclockingCenter\RushJ64.sys [2010-12-27 33080]
S3 RushTopDevice2;RushTopDevice2;C:\Program Files (x86)\MSI\OverclockingCenter\RushTop64.sys [2010-12-27 75576]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-4-13 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2013-3-18 54784]
S3 vzandnetdiag;LGE AndroidNet for VZW USB Serial Port;C:\Windows\System32\drivers\lgvzandnetdiag64.sys [2011-10-10 29696]
S3 vzandnetdiag2;LGE AndroidNet for VZW Diagnostics Port;C:\Windows\System32\drivers\lgvzandnetdiag264.sys [2011-10-10 29696]
S3 vzandnetmodem;LGE AndroidNet for VZW USB Modem;C:\Windows\System32\drivers\lgvzandnetmdm64.sys [2011-10-10 36352]
S3 vzandnetndis;LGE AndroidNet for VZW NDIS Ethernet Adapter;C:\Windows\System32\drivers\lgvzandnetndis64.sys [2011-10-21 94208]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\System32\drivers\wacmoumonitor.sys [2011-1-9 13312]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-31 1255736]
S3 zghsdiag;ZTE General Handset Diagnostic Port;C:\Windows\System32\drivers\zghsdiag.sys [2012-5-23 129304]
S3 zghsmdm;ZTE General Handset USB Modem Proprietary;C:\Windows\System32\drivers\zghsmdm.sys [2012-5-23 129304]
S3 zghsnmea;ZTE General Handset NMEA Port;C:\Windows\System32\drivers\zghsnmea.sys [2012-5-23 129304]
S4 NIHardwareService;NIHardwareService; [x]
.
=============== Created Last 30 ================
.
2014-11-25 05:35:27    2688512    ----a-w-    C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll
2014-11-23 05:39:47    --------    d-----w-    C:\Program Files (x86)\ESET
2014-11-23 01:07:40    --------    d-----w-    C:\ProgramData\ioloGovernor
2014-11-23 01:07:39    2155152    ----a-w-    C:\Windows\System32\Incinerator64.dll
2014-11-23 01:07:39    2097984    ----a-w-    C:\Windows\SysWow64\Incinerator32.dll
2014-11-23 01:07:35    82160    ----a-w-    C:\Windows\System32\drivers\PDFsFilter.sys
2014-11-23 01:07:35    57584    ----a-w-    C:\Windows\System32\iolobtdfg.exe
2014-11-23 01:07:35    26184    ----a-w-    C:\Windows\System32\smrgdf.exe
2014-11-23 01:07:28    --------    d-----w-    C:\Users\Strelok\AppData\Roaming\ioloGovernor
2014-11-23 01:07:27    69000    ----a-w-    C:\Windows\System32\offreg.dll
2014-11-23 01:07:27    56200    ----a-w-    C:\Windows\SysWow64\offreg.dll
2014-11-23 01:07:24    --------    d-----w-    C:\Program Files (x86)\iolo
2014-11-23 01:06:35    --------    d-----w-    C:\Users\Strelok\AppData\Roaming\iolo
2014-11-23 00:58:57    74703    ----a-w-    C:\Windows\SysWow64\mfc45.dat
2014-11-23 00:51:06    32912    ----a-w-    C:\Windows\System32\drivers\rawdsk3.sys
2014-11-23 00:50:58    --------    d-----w-    C:\logs
2014-11-23 00:50:50    --------    d-----w-    C:\iolo
2014-11-23 00:50:37    74703    ----a-w-    C:\Windows\SysWOW64mfc45.dll
2014-11-23 00:50:26    --------    d-----w-    C:\ProgramData\iolo
2014-11-22 04:49:53    --------    d-----w-    C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8
2014-11-22 01:19:48    12872    ----a-w-    C:\Windows\System32\bootdelete.exe
2014-11-21 01:12:29    173504    ----a-w-    C:\Windows\System32\drivers\tmcomm.sys
2014-11-20 02:43:42    --------    d-----w-    C:\Program Files (x86)\DVDFab Media Player 2
2014-11-20 01:40:05    234000    ----a-w-    C:\Windows\RegBootClean64.exe
2014-11-20 00:11:10    --------    d-----w-    C:\_OTL
2014-11-19 04:27:31    --------    d-----w-    C:\Program Files (x86)\NSIS Uninstall Information
2014-11-19 04:20:08    --------    d-----w-    C:\ProgramData\SUPPORTDIR
2014-11-19 02:02:42    98216    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-11-19 02:00:08    --------    d-----w-    C:\ProgramData\Oracle
2014-11-16 04:09:46    --------    d-----w-    C:\ProgramData\Emsisoft
2014-11-16 03:39:34    --------    d-----w-    C:\Program Files\HitmanPro
2014-11-16 03:06:03    --------    d-----w-    C:\Program Files (x86)\Emsisoft Anti-Malware
2014-11-16 03:03:04    --------    d-----w-    C:\ProgramData\HitmanPro
2014-11-11 17:58:59    --------    d-----w-    C:\Users\Strelok\AppData\Local\Esqtion
2014-11-11 17:58:49    --------    d-----w-    C:\Users\Strelok\AppData\Local\Ucmedia
2014-11-11 02:26:39    129752    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-11-11 02:26:25    93400    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-11-11 02:26:25    63704    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-11-11 02:26:25    --------    d-----w-    C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-10 00:17:48    --------    d-----w-    C:\ProgramData\TuneClone
2014-11-10 00:17:38    26856    ----a-w-    C:\Windows\System32\drivers\tclondrv.sys
2014-11-09 21:52:48    --------    d-----w-    C:\Program Files (x86)\536607c4-74f8-4071-8626-83047035fde1
2014-11-09 21:52:36    --------    d-----w-    C:\Users\Strelok\AppData\Local\CrashDumps
2014-11-09 21:51:57    --------    d-----w-    C:\Users\Strelok\AppData\Roaming\freemkvtomp4converter
2014-11-09 21:51:56    --------    d-----w-    C:\Users\Strelok\AppData\Local\SkinSoft
2014-11-09 21:51:33    --------    d-----w-    C:\Users\Strelok\AppData\Roaming\Convert Audio Free
2014-11-09 18:50:17    --------    d-----w-    C:\ProgramData\Sophos
2014-11-09 18:50:14    73728    ----a-r-    C:\Users\Strelok\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2014-11-09 18:50:14    73728    ----a-r-    C:\Users\Strelok\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2014-11-09 18:50:14    73728    ----a-r-    C:\Users\Strelok\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2014-11-09 18:50:08    --------    d-----w-    C:\Program Files (x86)\Sophos
2014-11-09 18:31:28    --------    d-----w-    C:\NPE
2014-11-09 18:27:21    --------    d-----w-    C:\Users\Strelok\AppData\Local\NPE
2014-11-09 18:27:21    --------    d-----w-    C:\ProgramData\Norton
.
==================== Find3M  ====================
.
2014-11-21 22:48:44    1041168    ----a-w-    C:\Windows\System32\drivers\aswsnx.sys
2014-11-12 00:45:15    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-12 00:45:15    701104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-11-12 00:22:59    32    ----a-w-    C:\Users\Strelok\AppData\Roaming\msregsvv.dll
2014-10-01 17:11:12    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-08-29 22:48:31    93568    ----a-w-    C:\Windows\System32\drivers\aswRdr2.sys
2014-08-29 22:48:31    92008    ----a-w-    C:\Windows\System32\drivers\aswstm.sys
2014-08-29 22:48:31    79184    ----a-w-    C:\Windows\System32\drivers\aswMonFlt.sys
2014-08-29 22:48:31    65776    ----a-w-    C:\Windows\System32\drivers\aswRvrt.sys
2014-08-29 22:48:31    29208    ----a-w-    C:\Windows\System32\drivers\aswHwid.sys
2014-08-29 22:48:31    224896    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2014-08-29 22:48:30    43152    ----a-w-    C:\Windows\avastSS.scr
.
============= FINISH: 23:42:02.48 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:15 PM

Posted 25 November 2014 - 11:16 AM

======Zoek.exe======

Take action to disable your antivirus and antispyware programs, as they may conflict with Zoek.exe
>> Info on how to disable your security applications > http://www.bleepingcomputer.com/forums/topic114351.html

Download 51a612a8b27e2-Zoek.pngzoek.exe to your desktop
  • If Internet Explorer, any other browser, or a security program issues a warning indicating the file is unsafe, please ignore, since it is a false warning.
Using Zoek.exe
  • On the Desktop, double-click Zoek.exe to start the tool.
    Windows Vista, 7 and 8 users right-click the file and select: Run as Administrator.
    Give the program a few seconds to appear.
  • Copy and paste the following script in the code box:
  • Note: This script is written for usage on this system only, do not use it on any other computer even if the problems are similar.
    standardsearch;
    torpigcheck;
    installedprogs;
    uninstall-list;
    srinfo;
    
  • Click the "Run script" button and wait patiently.
  • When finished the logfile will be opened in notepad.
  • If a reboot is needed the logfile will be opened after reboot.
  • The zoek-results.log can also be found on your systemdrive.
  • Please post the logfile for further review in your next comment.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 strelok86

strelok86
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 25 November 2014 - 08:53 PM

with avast disabled for the whole scan here is the log:

 

Zoek.exe v5.0.0.0 Updated 25-11-2014
Tool run by Strelok on Tue 11/25/2014 at 19:39:38.27.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Strelok\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

11/25/2014 7:41:12 PM Zoek.exe System Restore Point Created Succesfully.

==== Torpig Check ======================

HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll


==== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958)  
æTorrent  
Adobe Flash Player 15 ActiveX  
Adobe Flash Player 15 Plugin  
Audiokinetic Wwise v2013.2.8 build 4865 - SDK (Windows)  
Bitcoin  
Bitcoin Core (64-bit)  
Dogecoin  
DVDFab Media Player 2  
f.lux  
Google Chrome  
Google Update Helper  
HitmanPro 3.7  
iolo technologies' System Mechanic  
Java 8 Update 25  
Java Auto Updater  
Litecoin  
Malwarebytes Anti-Malware version 2.0.3.1025  
Microsoft .NET Framework 4 Client Profile  
Microsoft .NET Framework 4 Extended  
Microsoft Application Error Reporting  
Microsoft Expression Encoder 4  
Microsoft Expression Encoder 4 Screen Capture Codec  
Microsoft IntelliType Pro 8.1  
Microsoft Office 2007 Service Pack 3 (SP3)  
Microsoft Office Access MUI (English) 2007  
Microsoft Office Access Setup Metadata MUI (English) 2007  
Microsoft Office Excel MUI (English) 2007  
Microsoft Office File Validation Add-In  
Microsoft Office InfoPath MUI (English) 2007  
Microsoft Office Office 64-bit Components 2007  
Microsoft Office Outlook MUI (English) 2007  
Microsoft Office PowerPoint MUI (English) 2007  
Microsoft Office Professional Plus 2007  
Microsoft Office Proof (English) 2007  
Microsoft Office Proof (French) 2007  
Microsoft Office Proof (Spanish) 2007  
Microsoft Office Proofing (English) 2007  
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)  
Microsoft Office Publisher MUI (English) 2007  
Microsoft Office Shared 64-bit MUI (English) 2007  
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007  
Microsoft Office Shared MUI (English) 2007  
Microsoft Office Shared Setup Metadata MUI (English) 2007  
Microsoft Office Word MUI (English) 2007  
Microsoft Silverlight  
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053  
Microsoft Visual C++ 2005 Redistributable  
Microsoft Visual C++ 2005 Redistributable (x64)  
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17  
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161  
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219  
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219  
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005  
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005  
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005  
Microsoft_VC80_ATL_x86  
Microsoft_VC80_ATL_x86_x64  
Microsoft_VC80_CRT_x86  
Microsoft_VC80_CRT_x86_x64  
Microsoft_VC80_MFC_x86  
Microsoft_VC80_MFC_x86_x64  
Microsoft_VC80_MFCLOC_x86  
Microsoft_VC80_MFCLOC_x86_x64  
Microsoft_VC90_ATL_x86  
Microsoft_VC90_ATL_x86_x64  
Microsoft_VC90_CRT_x86  
Microsoft_VC90_CRT_x86_x64  
Microsoft_VC90_MFC_x86  
Microsoft_VC90_MFC_x86_x64  
Mozilla Firefox 34.0 (x86 en-US)  
PPCoin  
PreSonus Studio One x64  
S.T.A.L.K.E.R.: Lost Alpha version 1.3003  
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition  
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition  
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition  
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition  
Sophos Virus Removal Tool  
Update for 2007 Microsoft Office System (KB967642)  
Update for Microsoft Office 2007 Help for Common Features (KB963673)  
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition  
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition  
Update for Microsoft Office 2007 suites (KB2597970) 32-Bit Edition  
Update for Microsoft Office Access 2007 Help (KB963663)  
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition  
Update for Microsoft Office Excel 2007 Help (KB963678)  
Update for Microsoft Office Infopath 2007 Help (KB963662)  
Update for Microsoft Office Outlook 2007 Help (KB963677)  
Update for Microsoft Office Powerpoint 2007 Help (KB963669)  
Update for Microsoft Office Publisher 2007 Help (KB963667)  
Update for Microsoft Office Script Editor Help (KB963671)  
Update for Microsoft Office Word 2007 Help (KB963665)  
WinRAR 5.11 (64-bit)  

==== Running Processes ======================

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe
C:\Program Files (x86)\Yahoo\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\iolo\System Mechanic\LiveBoost.exe
C:\Program Files (x86)\IObit\Game Booster\gbtray.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Tablet\Wacom\WacomHost.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\firefox.exe
C:\Users\Strelok\Desktop\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe

==== System Specs ======================

Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 8192 MB
CPU Info: AMD Phenom™ II X4 965 Processor
CPU Speed: 3407.4 MHz
Sound Card: Speakers (Realtek High Definiti |
Realtek Digital Output (Realtek |
Realtek HD Audio 2nd output (Re |
SYLVANIA-1 (NVIDIA High Definit |
Display Adapters: NVIDIA GeForce GTS 450 | NVIDIA GeForce GTS 450 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1768 X 992 - 32 bit
Network: Network Present
Network Adapters: Realtek PCIe GBE Family Controller
CD / DVD Drives: 2x (D: | E: | ) D: ASUS    BR-04B2T         | E: DTSOFT  BDROM
Ports: COM1 LPT1
Mouse: 16 Button Wheel Mouse Present
Hard Disks: C:  931.4GB
Hard Disks - Free: C:  19.0GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 08/16/32 | 7596MS - 20091209
Time Zone: Central Standard Time
Motherboard *: MICRO-STAR INTERNATIONAL CO.,LTD 785GM-E51 (MS-7596)
Country: United States
Language: ENU

==== System Specs (Software) ======================

Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated)
Anti-Spyware: avast! Antivirus disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Default Browser: Firefox    34.0
Internet Explorer version: 8.0.7601.17514
Mozilla Firefox version: 34.0 (x86 en-US)
Google Chrome version: 39.0.2171.71
Adobe Reader version: 9.5.3.305
Sun Java version: 1.8.0_25 (32-bit)
Sun Java version: 1.8.0_25 (64-bit)
Flash Player version: 15.0.0.223

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2014-11-23 00:50:37    DE7ECC022151ACB7375F09C5417E7425    74703    ----a-w-    C:\Windows\SysWOW64mfc45.dll
2014-11-20 01:40:05    84E78276993CBBC6259EBA804C1A57C5    234000    ----a-w-    C:\Windows\RegBootClean64.exe
====== C:\Users\Strelok\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-11-23 01:07:39    2BA0DA961C0DF14E65E6E9EDCB6FF2D3    2097984    ----a-w-    C:\Windows\SysWOW64\Incinerator32.dll
2014-11-23 01:07:27    163DB46B803E4C83C444A026FF17D269    56200    ----a-w-    C:\Windows\SysWOW64\offreg.dll
2014-11-23 00:58:57    A459BD6A5154F8496DFEEDAA6006B614    74703    ----a-w-    C:\Windows\SysWOW64\mfc45.dat
2014-11-19 02:02:42    A042349B7208BF8BED858B1E9B48B06D    98216    ----a-w-    C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-11-23 01:07:39    FC5306C9AD680F53D8E75D5BF76EE3FF    2155152    ----a-w-    C:\Windows\Sysnative\Incinerator64.dll
2014-11-23 01:07:35    6D8495C770AF49E3A6570A4265AB1F93    57584    ----a-w-    C:\Windows\Sysnative\iolobtdfg.exe
2014-11-23 01:07:35    5AC58C09D5D12DEFCDE1455DB4916F5B    26184    ----a-w-    C:\Windows\Sysnative\smrgdf.exe
2014-11-23 01:07:27    4D7DFDCE8198221DEE8C50ABA2756A95    69000    ----a-w-    C:\Windows\Sysnative\offreg.dll
2014-11-23 00:56:27    BF7E3A603CA922B25B81DFA503827A11    406    ----a-w-    C:\Windows\Sysnative\ioloBootDefrag.cfg
2014-11-22 01:19:48    5614386D4CFDF9E56F355C45BEEBC976    12872    ----a-w-    C:\Windows\Sysnative\bootdelete.exe
2014-11-22 01:19:46    4F073AD5A3B848752DF064021E4BCD8E    6574    ----a-w-    C:\Windows\Sysnative\bootdelete.lst
2014-11-16 03:52:36    666F960F7A8D2BD2708F995F51E01F4D    6048    ----a-w-    C:\Windows\Sysnative\.crusader
====== C:\Windows\Sysnative\drivers =====
2014-11-23 01:07:35    8570C04D9DBFDDD2CCF655DEB4D84715    82160    ----a-w-    C:\Windows\Sysnative\drivers\PDFsFilter.sys
2014-11-23 00:51:06    F3EE3EF609940865154ED95FBC839BAA    32912    ----a-w-    C:\Windows\Sysnative\drivers\rawdsk3.sys
2014-11-21 01:12:29    0BD205E00C93B8CF828301F43164AA51    173504    ----a-w-    C:\Windows\Sysnative\drivers\tmcomm.sys
2014-11-11 02:26:39    26C43960C99EE861A5D0EDC4DCF3B1C3    129752    ----a-w-    C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2014-11-11 02:26:25    D3311B31C470E7681B14D9B014CBF9ED    93400    ----a-w-    C:\Windows\Sysnative\drivers\mbamchameleon.sys
2014-11-11 02:26:25    95EF63A7827D4E3A229CBBCB42619E93    63704    ----a-w-    C:\Windows\Sysnative\drivers\mwac.sys
2014-11-10 00:17:38    BB7C91D0E97AA8126212838D32DCC83C    26856    ----a-w-    C:\Windows\Sysnative\drivers\tclondrv.sys
====== C:\Windows\Tasks ======
2014-11-23 01:07:28    89B32AC8FE97B590FA337F1C2316CA03    3118    ----a-w-    C:\Windows\Sysnative\Tasks\iolo Process Governor
2014-11-23 00:54:54    F002497B0B2C3BAB7DD0B93CC499F2FB    3242    ----a-w-    C:\Windows\Sysnative\Tasks\SidebarExecute
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-11-16 03:39:34    --------    d-----w-    C:\Program Files\HitmanPro
======= C:\PROGRA~2 =====
2014-11-23 05:39:47    --------    d-----w-    C:\PROGRA~2\ESET
2014-11-23 01:07:24    --------    d-----w-    C:\PROGRA~2\iolo
2014-11-20 02:43:42    --------    d-----w-    C:\PROGRA~2\DVDFab Media Player 2
2014-11-19 04:27:31    --------    d-----w-    C:\PROGRA~2\NSIS Uninstall Information
2014-11-19 02:03:07    --------    d-----w-    C:\PROGRA~2\COMMON~1\Java
2014-11-09 21:52:48    --------    d-----w-    C:\PROGRA~2\536607c4-74f8-4071-8626-83047035fde1
2014-11-09 18:50:08    --------    d-----w-    C:\PROGRA~2\Sophos
======= C: =====
====== C:\Users\Strelok\AppData\Roaming ======
2014-11-23 01:06:35    --------    d-----w-    C:\Users\Strelok\AppData\Roaming\iolo
2014-11-23 00:55:07    --------    d-----w-    C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\iolo
2014-11-20 02:28:17    7A2703C351EAABA4D02955C662D12A6F    111104    ----a-w-    C:\Users\Strelok\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-20 01:32:37    F20601E1E5DD5C3480995BC646F24A8B    36    ----a-w-    C:\Users\Strelok\AppData\Local\housecall.guid.cache
2014-11-19 02:03:53    --------    d-----w-    C:\Windows\SysNative\config\systemprofile\AppData\Locallow\Sun
2014-11-13 03:27:40    ADB4A20FDE65D44803D6DD0D0958229F    60    ----a-w-    C:\Users\Strelok\AppData\Roaming\mbam.context.scan
2014-11-11 17:58:59    --------    d-----w-    C:\Users\Strelok\AppData\Local\Esqtion
2014-11-11 17:58:49    --------    d-----w-    C:\Users\Strelok\AppData\Local\Ucmedia
2014-11-09 21:52:36    --------    d-----w-    C:\Users\Strelok\AppData\Local\CrashDumps
2014-11-09 21:51:57    --------    d-----w-    C:\Users\Strelok\AppData\Roaming\freemkvtomp4converter
2014-11-09 21:51:56    --------    d-----w-    C:\Users\Strelok\AppData\Local\SkinSoft
2014-11-09 21:51:33    --------    d-----w-    C:\Users\Strelok\AppData\Roaming\Convert Audio Free
2014-11-09 18:50:14    --------    d-----w-    C:\Users\Strelok\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2014-11-09 18:27:21    --------    d-----w-    C:\Users\Strelok\AppData\Local\NPE
====== C:\Users\Strelok ======
2014-11-25 05:40:08    8B968045D75783A09592C3105F2865DA    688992    ------r-    C:\Users\Strelok\Desktop\dds.com
2014-11-23 18:45:47    788FCDDD88240A85039F7F561093B118    448512    ----a-w-    C:\Users\Strelok\Desktop\TFC.exe
2014-11-23 05:38:42    E8D3E34FFDAF21DF7C09CBBBA5763237    2347384    ----a-w-    C:\Users\Strelok\Desktop\esetsmartinstaller_enu.exe
2014-11-23 05:30:14    FCCD0F6A733248E8F624B9FE813F0324    1944824    ----a-w-    C:\Users\Strelok\Downloads\rkill.exe
2014-11-23 01:07:41    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic
2014-11-23 00:50:54    FA94B5216DB657FD2E360C891895BF2F    43462256    ----a-w-    C:\Users\Strelok\Downloads\SystemMechanic.exe
2014-11-23 00:50:26    --------    d-----w-    C:\ProgramData\iolo
2014-11-23 00:50:11    B54C49047C65C768A430D41B54878A9F    585912    ----a-w-    C:\Users\Strelok\Downloads\smfree_dm.exe
2014-11-20 02:43:47    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab Media Player 2
2014-11-20 02:43:22    C1B84205CF4D70DEA5DE0A5CCA96F0C1    15783672    ----a-w-    C:\Users\Strelok\Downloads\DVDFabMediaPlayer2441.exe
2014-11-20 02:24:12    E5FCF3F6E72807886F81C9F3A30BF301    148478264    ----a-w-    C:\Users\Strelok\Downloads\PowerDVD_v5012_r85663_Ultra_DVD131220-03.exe
2014-11-20 00:00:52    4ADCFEE16EE9978F06157634669D36FB    602112    ----a-w-    C:\Users\Strelok\Downloads\OTL.exe
2014-11-19 23:33:13    21E41B92C06316D9B72D5A8F1CBE2D1F    8372784    ----a-w-    C:\Users\Strelok\Downloads\attk_far_gui_x64.exe
2014-11-19 23:31:37    2AD9820E4B17E78110A6AA06BF5C1CE2    4184008    ----a-w-    C:\Users\Strelok\Downloads\tdsskiller (1).exe
2014-11-19 23:30:26    8E3384C7A0CF27B15D786E665CE74308    5198336    ----a-w-    C:\Users\Strelok\Downloads\aswmbr.exe
2014-11-19 04:20:08    --------    d-----w-    C:\ProgramData\SUPPORTDIR
2014-11-19 02:01:08    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-19 02:00:08    --------    d-----w-    C:\ProgramData\Oracle
2014-11-19 01:59:02    44933ED144874569EB5A43B613CBE88A    638888    ----a-w-    C:\Users\Strelok\Downloads\jxpiinstall.exe
2014-11-16 03:03:04    --------    d-----w-    C:\ProgramData\HitmanPro
2014-11-16 01:47:55    00FD7C6BEDEE9B24B0DB02B68B07AD54    11222744    ----a-w-    C:\Users\Strelok\Downloads\HitmanPro_x64.exe
2014-11-10 00:17:48    --------    d-----w-    C:\Users\Public\Documents\TuneClone
2014-11-10 00:17:48    --------    d-----w-    C:\ProgramData\TuneClone
2014-11-09 18:50:17    --------    d-----w-    C:\ProgramData\Sophos

====== C: exe-files ==
2014-11-26 01:16:51    9D83E2859AC027E8C505CB4D1931AF47    1117264    ----a-w-    C:\Program Files (x86)\Google\Update\Install\{11746E75-CDDA-4668-81FC-17616A35FA59}\39.0.2171.71_39.0.2171.65_chrome_updater.exe
2014-11-26 01:16:51    9D83E2859AC027E8C505CB4D1931AF47    1117264    ----a-w-    C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\39.0.2171.71\39.0.2171.71_39.0.2171.65_chrome_updater.exe
2014-11-23 05:40:08    E273331224005C5A8A504164373DE1DC    535304    ----a-w-    C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
2014-11-23 05:40:08    9E47522861242EE002D7F385C35D1322    2887824    ----a-w-    C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
2014-11-23 05:40:08    5B3DE7968D23B476AFB256D8014B25B9    333424    ----a-w-    C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScannerA.exe
2014-11-23 05:40:08    47B06E473B78A792DF07D226E0537D63    119184    ----a-w-    C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
2014-11-23 05:40:08    3C3F35C91F230493B088B334E39D1F7A    358144    ----a-w-    C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
2014-11-23 01:07:41    268AF73415E64774BEDB06954E19EAAA    4449528    ----a-w-    C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe
2014-11-23 01:07:38    B58A6BE93E4695BF9969084084FF2805    4072048    ----a-w-    C:\Program Files (x86)\iolo\Common\Lib\ioloFILParser.exe
2014-11-23 01:07:38    75C2F9D71EB7D156D3EF97E93DD1A871    4700872    ----a-w-    C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
2014-11-23 01:07:37    D2A147AFC33781729540F89D7AEFCB32    679032    ----a-w-    C:\Program Files (x86)\iolo\System Mechanic\ioloPCStatus.exe
2014-11-23 01:07:37    A4F80D70118943036501EF33711B8147    4674048    ----a-w-    C:\Program Files (x86)\iolo\Common\Lib\MessageToaster.exe
2014-11-23 01:07:36    CA4C2AE3A93C795F0A3B23E280372FC1    10964800    ----a-w-    C:\Program Files (x86)\iolo\System Mechanic\SMSystemAnalyzer.exe
2014-11-23 01:07:36    8500A7A11E31FDF0B1A7D07DFA360895    21661864    ----a-w-    C:\Program Files (x86)\iolo\System Mechanic\SysMech.exe
2014-11-23 01:07:36    193AC9E3B852307130D4020CBB4A823A    4523168    ----a-w-    C:\Program Files (x86)\iolo\System Mechanic\SMTrayNotify.exe
2014-11-23 01:07:35    FE18456656F6FB6CCA34E6546AF5A03A    4902208    ----a-w-    C:\Program Files (x86)\iolo\System Mechanic\SystemGuardAlerter.exe
2014-11-23 01:07:35    C3644C6EE0E5AF838224F014811594F9    103840    ----a-w-    C:\Program Files (x86)\iolo\System Mechanic\Delay.exe
2014-11-23 01:07:35    6D863C04C60ACCEBC259F9BBDD1C916D    375824    ----a-w-    C:\Program Files (x86)\iolo\Common\Lib\HookDLL64.exe
2014-11-23 01:07:35    33924F60FDFE10DC1DC67F058FA83CBB    198200    ----a-w-    C:\Program Files (x86)\iolo\Common\Lib\HookDLL32.exe
2014-11-23 01:07:27    D16D8B860D5DCDDC67CCF4007E7A5033    5386320    ----a-w-    C:\Program Files (x86)\iolo\System Mechanic\LiveBoost.exe
2014-11-23 01:07:25    C9A9026F4761CC156548685E07010C20    3368552    ----a-w-    C:\Program Files (x86)\iolo\Common\Lib\ioloLM.exe
2014-11-23 01:07:24    0ECFD7BDF881611E84E5A3342A74852A    1185040    ---h--w-    C:\Program Files (x86)\iolo\System Mechanic\unins000.exe
2014-11-20 02:43:46    6DD5337BFB831D2266200DACC302EDC0    138272    ----a-w-    C:\Program Files (x86)\DVDFab Media Player 2\BugReport.exe
2014-11-20 02:43:46    4D880B90ACB3C060F37840D3089F8620    375328    ----a-w-    C:\Program Files (x86)\DVDFab Media Player 2\CheckUpdate.exe
2014-11-20 02:43:44    601307B9329552AF8D8F0F7DAA62CC12    179744    ----a-w-    C:\Program Files (x86)\DVDFab Media Player 2\FabPlayerOption_Patch.exe
2014-11-20 02:43:44    576213EF173E0E54C43FAFCA5D5435AF    14880    ----a-w-    C:\Program Files (x86)\DVDFab Media Player 2\FabPlayerReg.exe
2014-11-20 02:43:44    339241608465B9F65654DE3C1F87BD2F    179232    ----a-w-    C:\Program Files (x86)\DVDFab Media Player 2\FabPlayerOption.exe
2014-11-20 02:43:42    9A52297BEB658A161ED70114407B9ED7    9632800    ----a-w-    C:\Program Files (x86)\DVDFab Media Player 2\FabPlayer.exe
2014-11-20 02:43:42    3832C33BF335597FC8EB8BCC0B1283F7    1413848    ----a-w-    C:\Program Files (x86)\DVDFab Media Player 2\unins000.exe
2014-11-20 02:33:20    A51D90F2F9394F5EA0A3ACAE3BD2B219    163840    ------w-    C:\Program Files (x86)\InstallShield Installation Information\{7FAAB350-2014-4862-AE66-CBAEE20B6AFF}\7z.exe
2014-11-19 04:27:31    3EA8FCE70A43282DE4A20119A531348C    392947    ----a-w-    C:\Program Files (x86)\NSIS Uninstall Information\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}\Setup.exe
2014-11-19 02:00:53    67F763B09F4BC8689E6FA9761E068D74    159656    ----a-w-    C:\Program Files (x86)\Java\jre1.8.0_25\bin\unpack200.exe
2014-11-19 02:00:53    28FC00F89631B0F6E1E9CA386FADD566    16296    ----a-w-    C:\Program Files (x86)\Java\jre1.8.0_25\bin\tnameserv.exe
2014-11-19 02:00:52    57E1F756FAA787623DFCD2C1B2AACC68    51112    ----a-w-    C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssvagent.exe
2014-11-19 02:00:51    DC197DCE6325CBAC905DE0D0E3BA3E8E    15784    ----a-w-    C:\Program Files (x86)\Java\jre1.8.0_25\bin\rmid.exe
2014-11-19 02:00:51    33D2AF53E209DA3E2BA939EB89801DC0    16296    ----a-w-    C:\Program Files (x86)\Java\jre1.8.0_25\bin\rmiregistry.exe
2014-11-19 02:00:51    29E65AC6AFD8A0A9CAA361FF6F7B4886    16296    ----a-w-    C:\Program Files (x86)\Java\jre1.8.0_25\bin\servertool.exe
2014-11-19 02:00:49    75EE99C7F0038C746D82C76221ECA4EF    16296    ----a-w-    C:\Program Files (x86)\Java\jre1.8.0_25\bin\policytool.exe
2014-11-19 02:00:48    E3E6B18458FFB07CB24D7A0BA77C9FDF    15784    ----a-w-    C:\Program Files (x86)\Java\jre1.8.0_25\bin\pack200.exe
2014-11-19 02:00:48    7AB1F1B3FB6C3DACA34EA2F988CDF5AC    16296    ----a-w-    C:\Program Files (x86)\Java\jre1.8.0_25\bin\orbd.exe
2014-11-19 02:00:45    A458E2535E46151690E53E2A03FAA711    15784    ----a-w-    C:\Program Files (x86)\Java\jre1.8.0_25\bin\keytool.exe
2014-11-19 02:00:45    9BFAEF308D50779F6B255CB7BA7DCA5A    15784    ----a-w-    C:\Program Files (x86)\Java\jre1.8.0_25\bin\kinit.exe
2014-11-19 02:00:45    4109C4DB4BD48F5BF8115C7523A6B6F8    15784    ----a-w-    C:\Program Files (x86)\Java\jre1.8.0_25\bin\klist.exe
2014-11-19 02:00:45    26C7F32186B1F0364CD06EA69227A79D    15784    ----a-w-    C:\Program Files (x86)\Java\jre1.8.0_25\bin\ktab.exe
2014-11-19 02:00:42    4367C05B0CF5553E71B34F51003D0615    76200    ----a-w-    C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2launcher.exe
2014-11-19 02:00:40    B719E0F43166037DF46B5CFBE60A5118    15784    ----a-w-    C:\Program Files (x86)\Java\jre1.8.0_25\bin\jjs.exe
2014-11-19 02:00:37    75D477E868CA51EC1B09D730570F322B    176552    ----a-w-    C:\Program Files (x86)\Java\jre1.8.0_25\bin\javaw.exe
2014-11-19 02:00:37    691D49FB44EDE9788288CABE4F7E0DAF    272296    ----a-w-    C:\Program Files (x86)\Java\jre1.8.0_25\bin\javaws.exe
2014-11-19 02:00:35    70E67429D2C011FD0419AF899A8D0D70    68520    ----a-w-    C:\Program Files (x86)\Java\jre1.8.0_25\bin\javacpl.exe
2014-11-19 02:00:34    BB8C890E3E6372F2720709262BD42BF4    30632    ----a-w-    C:\Program Files (x86)\Java\jre1.8.0_25\bin\jabswitch.exe
2014-11-19 02:00:34    AA3520FB0133A56BEE1DB34D74DBEF64    176552    ----a-w-    C:\Program Files (x86)\Java\jre1.8.0_25\bin\java.exe
2014-11-19 02:00:34    74713E9C1B01B152DDD3A1A3519A3647    15784    ----a-w-    C:\Program Files (x86)\Java\jre1.8.0_25\bin\java-rmi.exe
=== C: other files ==
2014-11-23 01:07:38    F3EE3EF609940865154ED95FBC839BAA    32912    ----a-w-    C:\Program Files (x86)\iolo\Common\Lib\rawdsk3.sys
2014-11-23 01:07:35    DC59C40D9E7A9A4A7A3D6A0E72923D42    63488    ----a-w-    C:\Program Files (x86)\iolo\Common\Lib\ioloHook64.sys
2014-11-23 01:07:35    8570C04D9DBFDDD2CCF655DEB4D84715    82160    ----a-w-    C:\Program Files (x86)\iolo\Common\Lib\PDFsFilter.sys
2014-11-23 01:07:35    4EB117C0A931D718650E2A96C58488F0    110    ----a-w-    C:\Program Files (x86)\iolo\Common\Lib\UninstallPDFsFilterDriver.bat
2014-11-23 01:07:35    3AB9737AB0BBA654BAD1DBF87C3FDAA2    109    ----a-w-    C:\Program Files (x86)\iolo\Common\Lib\InstallPDFsFilterDriver.bat
2014-11-19 02:00:55    CE44A9D4918DCDC7CCCF5503BF4D7A3D    14130    ----a-w-    C:\Program Files (x86)\Java\jre1.8.0_25\lib\deploy\ffjcext.zip

======== System Restore Points ========

RP30: 11/25/2014 11:16:12 AM - Scheduled Checkpoint
RP31: 11/25/2014 7:40:57 PM - zoek.exe restore point

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-452358066-1835194576-1080679812-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"="C:\Program Files (x86)\Steam\steam.exe -silent"
"ISUSPM Startup"="C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup"
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
"f.lux"="C:\Users\Strelok\AppData\Local\FluxSoftware\Flux\flux.exe /noshow"
"Facebook Update"="C:\Users\Strelok\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"
"DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun"
"Ohkics"="C:\Windows\SysWOW64\regsvr32.exe C:\Users\Strelok\AppData\Local\Ucmedia\ImMapNetM32.dll"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DelReg"="C:\Program Files (x86)\MSI\OverclockingCenter\DelReg.exe"
"ISUSScheduler"="C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe -start"
"Adobe Photo Downloader"="C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe"
"XtremeTuner HD"="C:\Program Files\XtremeTuner HD\XtremeTuner HD.exe OnlyApplySettings"
"SwitchBoard"="C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
"AdobeCS5ServiceManager"="C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe -launchedbylogin"
"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"RemoteControl11"="C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe"
"AvastUI.exe"="C:\Program Files\Alwil Software\Avast5\AvastUI.exe /nogui"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"="C:\Program Files (x86)\Steam\steam.exe -silent"
"ISUSPM Startup"="C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup"
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
"f.lux"="C:\Users\Strelok\AppData\Local\FluxSoftware\Flux\flux.exe /noshow"
"Facebook Update"="C:\Users\Strelok\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"
"DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun"
"Ohkics"="C:\Windows\SysWOW64\regsvr32.exe C:\Users\Strelok\AppData\Local\Ucmedia\ImMapNetM32.dll"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\Program Files\Microsoft IntelliType Pro\itype.exe"
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"ShadowPlay"="C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart"
"NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="APSDaemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Xvid]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Xvid"
"hkey"="HKCU"
"command"="C:\\Program Files\\Xvid\\CheckUpdate.exe"


==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [11/11/2014 06:45 PM]
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-452358066-1835194576-1080679812-1000Core.job --a------ C:\Users\Strelok\AppData\Local\Facebook\Update\FacebookUpdate.exe [10/02/2013 04:25 PM]
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-452358066-1835194576-1080679812-1000UA.job --a------ C:\Users\Strelok\AppData\Local\Facebook\Update\FacebookUpdate.exe [10/02/2013 04:25 PM]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [10/19/2014 07:58 AM]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [10/19/2014 07:58 AM]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\EVGAPrecision" [C:\Program Files (x86)\EVGA Precision\EVGAPrecision.exe]
"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-452358066-1835194576-1080679812-1000Core" [C:\Users\Strelok\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-452358066-1835194576-1080679812-1000UA" [C:\Users\Strelok\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\Windows\SysNative\tasks\Game_Booster_AutoUpdate" [C:\Program Files (x86)\IObit\Game Booster\AutoUpdate.exe]
"C:\Windows\SysNative\tasks\Game_Booster_Startup" [C:\Program Files (x86)\IObit\Game Booster\gbtray.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\iolo Process Governor" [C:\Program Files (x86)\iolo\System Mechanic\iologovernor64.exe]
"C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files (x86)\Windows Sidebar\sidebar.exe]
"C:\Windows\SysNative\tasks\{0F86B334-C1F0-4DE4-9BEC-A3033929368E}" [C:\Users\Strelok\Local Settings\Apps\F.lux\flux.exe]
"C:\Windows\SysNative\tasks\{18DCA54A-5AE2-452C-8324-66ED2A3F2B85}" ["c:\program files (x86)\mozilla firefox 4.0 beta 8\firefox.exe"]
"C:\Windows\SysNative\tasks\{57A7ACEC-8D92-4913-AFD5-AB8FEF6B6858}" [C:\Users\Strelok\Local Settings\Apps\F.lux\flux.exe]
"C:\Windows\SysNative\tasks\{89CDB40C-9688-493E-AC22-4EA585E73A6F}" [C:\Users\Strelok\Local Settings\Apps\F.lux\flux.exe]
"C:\Windows\SysNative\tasks\{93E101B2-4EE9-4CA3-AA23-8A69B742155A}" [C:\Program Files (x86)\Steam\steamapps\common\real myst\RealMYST.exe]
"C:\Windows\SysNative\tasks\{CA63A42A-CCAD-48B2-B344-E2143E9F21B8}" [C:\Program Files (x86)\Steam\steamapps\common\real myst\RealMYST.exe]
"C:\Windows\SysNative\tasks\{E4F3F941-8A85-4901-8B15-58086769063F}" [C:\Users\Strelok\Local Settings\Apps\F.lux\flux.exe]
"C:\Windows\SysNative\tasks\{EBD101AE-9DDA-4183-B2B2-AEF0B4BEFB3F}" [C:\Program Files (x86)\Skype\\Phone\Skype.exe]
"C:\Windows\SysNative\tasks\{FE20BF4A-3CE5-478C-BE26-F11F2405F19A}" [C:\Users\Strelok\Local Settings\Apps\F.lux\flux.exe]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]

==== Folders in C:\PROGRA~3 0-6 Months Old ======================

2014-11-09 18:27:21    --------    d-----w-    C:\PROGRA~3\Norton
2014-11-09 18:50:17    --------    d-----w-    C:\PROGRA~3\Sophos
2014-11-10 00:17:48    --------    d-----w-    C:\PROGRA~3\TuneClone
2014-11-16 03:03:04    --------    d-----w-    C:\PROGRA~3\HitmanPro
2014-11-16 04:09:46    --------    d-----w-    C:\PROGRA~3\Emsisoft
2014-11-19 02:00:08    --------    d-----w-    C:\PROGRA~3\Oracle
2014-11-19 04:20:08    --------    d-----w-    C:\PROGRA~3\SUPPORTDIR
2014-11-23 00:50:26    --------    d-----w-    C:\PROGRA~3\iolo
2014-11-23 01:07:40    --------    d-----w-    C:\PROGRA~3\ioloGovernor

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\Alwil Software\Avast5\WebRep\FF" [08/29/2014 04:48 PM]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\dws1sad4.default
- Instrument Test - %ProfilePath%\extensions\testpilot@labs.mozilla.com.xpi

ProfilePath: C:\Users\Strelok\AppData\Roaming\Mozilla\Firefox\Profiles\kdw7ftmn.default
- Undetermined - testpilot@labs.mozilla.com
- Undetermined - adblockpopups@jessehakanen.net
- Undetermined - {9AA46F4F-4DC7-4c06-97AF-5035170634FE}
- Adblock Plus Pop-up Addon - %ProfilePath%\extensions\adblockpopups@jessehakanen.net.xpi
- Instrument Test - %ProfilePath%\extensions\testpilot@labs.mozilla.com.xpi
- YouTube High Definition - %ProfilePath%\extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi
- ImTranslator - %ProfilePath%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Strelok\AppData\Roaming\Mozilla\Firefox\Profiles\kdw7ftmn.default
67D325B5AEB28E381B84E8DE1A90C7A8    - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll -    Shockwave Flash
3CD19649B2C3023D65E67C056457A2BC    - C:\Users\Strelok\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll -    Facebook Video Calling Plugin
2147C8ED020B1CE3B82BBDD3C49C8F81    - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll -    WacomTabletPlugin


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx[08/29/2014 04:48 PM]

Google Voice Search Hotword (Beta) - Strelok\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
Avast Online Security - Strelok\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Google Wallet - Strelok\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Google Docs - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
MixiDJ V30 - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen
DefaultTab - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Skype for Chromium - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Chrome In-App Payments service - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chromium Startpages ======================

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://www.google.com",
"urls_to_restore_on_startup": [ "http://www.google.com" ]


==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{F144C38A-9214-46C0-8215-F76254DFF2E3}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F144C38A-9214-46C0-8215-F76254DFF2E3}] not found

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{231BBCBD-0162-40a8-9097-6935B2BE36DA} Google  Url="http://www.google.com/cse?cx=partner-pub-3794288947762788%3A4067623346&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A4067623346"
{44798AFB-B6BE-414b-825D-2DA48302E903} Yahoo  Url="http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=STDVM"
{CD61AC6A-5458-4df8-A991-F5C36CE1AF60} Bing  Url="http://www.bing.com/search?q={searchTerms}&form=SPLBR2&pc=SPLH"

==== Uninstall List x64 ======================

æTorrent  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent]
Adobe Flash Player 15 ActiveX [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX]
Adobe Flash Player 15 Plugin [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin]
Audiokinetic Wwise v2013.2.8 build 4865 - SDK (Windows) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4223FE02-E077-406C-BE90-6D9B0B6728E4}]
Bitcoin  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Bitcoin]
Bitcoin Core (64-bit) [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Bitcoin Core (64-bit)]
Dogecoin  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Dogecoin]
DVDFab Media Player 2 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DVDFab Media Player 2_is1]
f.lux  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Flux]
Google Chrome [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
Google Update Helper [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
HitmanPro 3.7 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\HitmanPro37]
iolo technologies' System Mechanic [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1]
Java 8 Update 25 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83218025F0}]
Litecoin  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Litecoin]
Malwarebytes Anti-Malware version 2.0.3.1025 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes Anti-Malware_is1]
Microsoft .NET Framework 4 Client Profile [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}]
Microsoft .NET Framework 4 Extended [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}]
Microsoft Expression Encoder 4 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BC4A54D6-6591-4D01-AE21-C9ABAAF69D7F}]
Microsoft Expression Encoder 4 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Encoder_4.0.3205.0]
Microsoft Expression Encoder 4 Screen Capture Codec [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F9EC30D1-F688-4708-9850-CB5120074AAA}]
Microsoft IntelliType Pro 8.1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{446EE0D9-1F6B-42BF-8278-8D0B172BA15D}]
Microsoft IntelliType Pro 8.1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft IntelliType Pro 8.1]
Microsoft Office Professional Plus 2007 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PROPLUS]
Microsoft Silverlight [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}]
Microsoft Visual C++ 2005 Redistributable (x64) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{071c9b48-7c32-4621-a0ac-3f809523288f}]
Microsoft Visual C++ 2005 Redistributable (x64) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}]
Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}]
Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7299052b-02a4-4627-81f2-1818da5d550d}]
Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}]
Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A49F249F-0C91-497F-86DF-B2585E8E76B7}]
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8220EEFE-38CD-377E-8595-13398D740ACE}]
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9A25302D-30C0-39D9-BD6F-21E6EC160475}]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F}]
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}]
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}]
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ce085a78-074e-4823-8dc1-8a721b94b76d}]
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}]
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}]
Microsoft_VC80_ATL_x86  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}]
Microsoft_VC80_ATL_x86_x64  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{925D058B-564A-443A-B4B2-7E90C6432E55}]
Microsoft_VC80_CRT_x86  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}]
Microsoft_VC80_CRT_x86_x64  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}]
Microsoft_VC80_MFC_x86  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D1A19B02-817E-4296-A45B-07853FD74D57}]
Microsoft_VC80_MFC_x86_x64  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}]
Microsoft_VC80_MFCLOC_x86  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}]
Microsoft_VC80_MFCLOC_x86_x64  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1E9FC118-651D-4934-97BE-E53CAE5C7D45}]
Microsoft_VC90_ATL_x86  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}]
Microsoft_VC90_ATL_x86_x64  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8557397C-A42D-486F-97B3-A2CBC2372593}]
Microsoft_VC90_CRT_x86  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{08D2E121-7F6A-43EB-97FD-629B44903403}]
Microsoft_VC90_CRT_x86_x64  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}]
Microsoft_VC90_MFC_x86  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}]
Microsoft_VC90_MFC_x86_x64  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}]
Mozilla Firefox 34.0 (x86 en-US) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 34.0 (x86 en-US)]
PPCoin  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\PPCoin]
PreSonus Studio One x64 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\PreSonus Studio One]
S.T.A.L.K.E.R.: Lost Alpha version 1.3003 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\S.T.A.L.K.E.R.: Lost Alpha_is1]
Sophos Virus Removal Tool [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B829E117-D072-41EA-9606-9826A38D34C1}]
WinRAR 5.11 (64-bit) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WinRAR archiver]

==== HijackThis Entries ======================

R3 - URLSearchHook: (no name) - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
O4 - HKLM\..\Run: [DelReg] C:\Program Files (x86)\MSI\OverclockingCenter\DelReg.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [XtremeTuner HD] C:\Program Files\XtremeTuner HD\XtremeTuner HD.exe OnlyApplySettings
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [RemoteControl11] C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [f.lux] "C:\Users\Strelok\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Strelok\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Ohkics] C:\Windows\SysWOW64\regsvr32.exe C:\Users\Strelok\AppData\Local\Ucmedia\ImMapNetM32.dll
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{079F03D1-7FE6-4990-8568-7B9EBD5231B8}: NameServer = 8.8.8.8,8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{0CD66661-051D-453A-9BFB-9CD6256951AA}: NameServer = 8.8.8.8,8.8.8.8,192.168.1.1,192.168.1.101
O17 - HKLM\System\CCS\Services\Tcpip\..\{A08A4BB6-B11E-4B77-9A0D-E78B14633EC4}: NameServer = 8.8.8.8,8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB4178E6-CF82-41C9-BD17-ACD831139D11}: NameServer = 8.8.8.8,8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{079F03D1-7FE6-4990-8568-7B9EBD5231B8}: NameServer = 8.8.8.8,8.8.8.8
O17 - HKLM\System\CS2\Services\Tcpip\..\{079F03D1-7FE6-4990-8568-7B9EBD5231B8}: NameServer = 8.8.8.8,8.8.8.8
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AODService - Unknown owner - C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CLHNServiceForPowerDVD - Unknown owner - C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
O23 - Service: CyberLink PowerDVD 11.0 Monitor Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
O23 - Service: CyberLink PowerDVD 11.0 Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iolo System Service (ioloSystemService) - iolo technologies, LLC - C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: USB MIDI Series Audio Device Monitor (USBMIDIAudioDevMon) - M-Audio - C:\Program Files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wacom Professional Service (WTabletServicePro) - Wacom Technology, Corp. - C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on Tue 11/25/2014 at 19:47:49.57 ======================
 



#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:15 PM

Posted 26 November 2014 - 08:26 AM

First,
====Zoek.exe====

Start 51a612a8b27e2-Zoek.pngZoek.exe again.

Take action to disable your antivirus and antispyware programs, as they may conflict with Zoek.exe
>> Info on how to disable your security applications > http://www.bleepingcomputer.com/forums/topic114351.html

Using Zoek.exe
  • On the Desktop, double-click Zoek.exe to start the tool.
    Windows Vista, 7 and 8 users right-click the file and select: Run as Administrator.
    Give the program a few seconds to appear.
  • Copy and paste the following script in the code box:
  • Note: This script is written for usage on this system only, do not use it on any other computer even if the problems are similar.
    C:\Users\Strelok\AppData\Local\Ucmedia;fs
    C:\Users\Strelok\AppData\Local\Esqtion;fs
    
    [HKEY_USERS\S-1-5-21-452358066-1835194576-1080679812-1000\Software\Microsoft\Windows\CurrentVersion\Run];r
    "Ohkics"=-;r
    
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run];r
    "Ohkics"=-;r
    
    [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F144C38A-9214-46C0-8215-F76254DFF2E3}];r
    
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes];r
    "DefaultScope"=-;r
    
    autoclean;
    emptyfolderscheck;
    
  • Click the "Run script" button and wait patiently.
  • When finished the logfile will be opened in notepad.
  • If a reboot is needed the logfile will be opened after reboot.
  • The zoek-results.log can also be found on your systemdrive.
  • Please post the logfile for further review in your next comment.
Next,
Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Next,
Note: The log can also be found in here: C:\AdwCleaner\

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Next,

Start 51a612a8b27e2-Zoek.pngZoek.exe again.

Take action to disable your antivirus and antispyware programs, as they may conflict with Zoek.exe
>> Info on how to disable your security applications > http://www.bleepingcomputer.com/forums/topic114351.html

Using Zoek.exe
  • On the Desktop, double-click Zoek.exe to start the tool.
    Windows Vista, 7 and 8 users right-click the file and select: Run as Administrator.
    Give the program a few seconds to appear.
  • Copy and paste the following script in the code box:
  • Note: This script is written for usage on this system only, do not use it on any other computer even if the problems are similar.
    standardsearch;
  • Click the "Run script" button and wait patiently.
  • When finished the logfile will be opened in notepad.
  • If a reboot is needed the logfile will be opened after reboot.
  • The zoek-results.log can also be found on your systemdrive.
  • Please post the logfile for further review in your next comment.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 strelok86

strelok86
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 26 November 2014 - 09:08 PM

How long does zoek take to do something like this, it says its still running when i tried to enter the script again, but my task manager says cpu at 0%, and it doesnt show up in the processes. Its been stuck at checking input since 1808 hours local time

#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:15 PM

Posted 27 November 2014 - 10:22 AM

I don't know how long it should take, this depends on your system.

If you are waiting 1808 hours you would have waited 75,333 days ...

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#7 strelok86

strelok86
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 27 November 2014 - 10:44 AM

I'm going to try it again today, but since 1808 hours all the way to 2304 hours (local time, military) it did absolutely nothing, the computer sat idle, last time i ran zoek it show some activity in task manager and the program itself.



#8 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:15 PM

Posted 27 November 2014 - 10:57 AM

I do not understand what you mean with 1808 hours and 2304 hours lol

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#9 strelok86

strelok86
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 27 November 2014 - 11:07 AM

Zoek script log:

 

Zoek.exe v5.0.0.0 Updated 26-11-2014
Tool run by Strelok on Thu 11/27/2014 at  9:45:52.13.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Strelok\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-11-26-014749.log    58477 bytes
C:\zoek-results2014-11-27-000823.log    383 bytes

==== Empty Folders Check ======================

C:\PROGRA~2\536607c4-74f8-4071-8626-83047035fde1 deleted successfully
C:\PROGRA~2\AGEIA Technologies deleted successfully
C:\PROGRA~2\Digidesign deleted successfully
C:\PROGRA~2\InterLok deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\COMMON~1\VST3 deleted successfully
C:\Program Files\ATI Technologies deleted successfully
C:\PROGRA~3\ioloGovernor deleted successfully
C:\PROGRA~3\TuneClone deleted successfully
C:\Users\Guest\AppData\Roaming\Apple Computer deleted successfully
C:\Users\Strelok\AppData\Roaming\freemkvtomp4converter deleted successfully
C:\Users\Strelok\AppData\Roaming\Media Player Classic deleted successfully
C:\Users\Strelok\AppData\Roaming\NetMedia Providers deleted successfully
C:\Users\Strelok\AppData\Roaming\Publish Providers deleted successfully
C:\Users\Strelok\AppData\Local\PACE Anti-Piracy deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-452358066-1835194576-1080679812-1000\Software\Microsoft\Internet Explorer\SearchScopes\{44798AFB-B6BE-414b-825D-2DA48302E903} deleted successfully
HKEY_USERS\S-1-5-21-452358066-1835194576-1080679812-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ce8abdd-7e70-40ae-ae62-2ede71b85afe} deleted successfully
HKEY_USERS\S-1-5-21-452358066-1835194576-1080679812-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{177C0A1E-C2B9-42CD-8DD2-D0241E43A5EF} deleted successfully
HKEY_USERS\S-1-5-21-452358066-1835194576-1080679812-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E96EA06-208-4B11-A95D-BA68405D1A15} deleted successfully
HKEY_USERS\S-1-5-21-452358066-1835194576-1080679812-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2BF70100-154-4A53-86E1-F0FCCFFCBB1} deleted successfully
HKEY_USERS\S-1-5-21-452358066-1835194576-1080679812-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3A683CCF-9130-4D44-AA7-9935398CC4FF} deleted successfully
HKEY_USERS\S-1-5-21-452358066-1835194576-1080679812-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5750B528-BC0E-46E1-9880-C6C818BF34A1} deleted successfully
HKEY_USERS\S-1-5-21-452358066-1835194576-1080679812-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5e9184f9-1120-450c-ac36-900486d40bc7} deleted successfully
HKEY_USERS\S-1-5-21-452358066-1835194576-1080679812-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6A8F36D5-723D-4AEB-AA2-456DB78139CB} deleted successfully
HKEY_USERS\S-1-5-21-452358066-1835194576-1080679812-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78D2F544-302-43D1-BBB6-8540BBEEB9CD} deleted successfully
HKEY_USERS\S-1-5-21-452358066-1835194576-1080679812-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8735A29A-65A2-4497-8EF0-2CB1EF322F6} deleted successfully
HKEY_USERS\S-1-5-21-452358066-1835194576-1080679812-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E66592B-8E7C-4A14-88A5-8BF21032F651} deleted successfully
HKEY_USERS\S-1-5-21-452358066-1835194576-1080679812-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9f3a5861-fdc2-4a62-82fe-1ba066e4b147} deleted successfully
HKEY_USERS\S-1-5-21-452358066-1835194576-1080679812-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A3035851-8108-49A0-B79E-4B9A453B7242} deleted successfully
HKEY_USERS\S-1-5-21-452358066-1835194576-1080679812-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AEA9DD01-5A1E-4A69-9228-26DDCE9BB033} deleted successfully
HKEY_USERS\S-1-5-21-452358066-1835194576-1080679812-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BCF486E-B78F-4C28-9FA4-DA314D3EB95} deleted successfully
HKEY_USERS\S-1-5-21-452358066-1835194576-1080679812-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C266AE84-9F79-4F41-821A-C28F32CB282} deleted successfully
HKEY_USERS\S-1-5-21-452358066-1835194576-1080679812-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C79D0DDB-2380-4C56-BE52-B3889B857E8C} deleted successfully
HKEY_USERS\S-1-5-21-452358066-1835194576-1080679812-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDF8B8CC-BD84-4EC5-BFD-C662B492B6D} deleted successfully
HKEY_USERS\S-1-5-21-452358066-1835194576-1080679812-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F254923D-FD6B-40F6-9671-10CAE9AF870} deleted successfully
HKEY_USERS\S-1-5-21-452358066-1835194576-1080679812-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F4199803-85B-49AA-8B94-CFF8AFAAF232} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ce8abdd-7e70-40ae-ae62-2ede71b85afe} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5e9184f9-1120-450c-ac36-900486d40bc7} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9f3a5861-fdc2-4a62-82fe-1ba066e4b147} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\YahooAUService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\YahooAUService deleted successfully

==== FireFox Fix ======================

ProfilePath: C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\dws1sad4.default

user.js not found
---- Lines Customized removed from prefs.js ----
user_pref("extensions.testpilot.alreadyCustomizedToolbar", true);
---- FireFox user.js and prefs.js backups ----

prefs_20141127_0956_.backup

ProfilePath: C:\Users\Strelok\AppData\Roaming\Mozilla\Firefox\Profiles\kdw7ftmn.default

user.js not found
---- Lines ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170 removed from prefs.js ----
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.62170.active", true);
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.62170.addressbar", "NA");
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.62170.addressbarenhanced", "");
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.62170.asyncdb.was_copied", "true");
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.62170.asyncinternaldb.was_copied", "true");
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.62170.backgroundver", 1);
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.62170.certdomaininstaller", "");
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.62170.changeprevious", false);
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.62170.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Ce
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.62170.cookie.InstallationTime.value", "%221415569949%22");
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.62170.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Cen
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.62170.cookie.InstallerParams.value", "%7B%22source_id%22%3A%22001889%22%2C%22sub_
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.62170.description", "Enhance browsing");
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.62170.domain", "");
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.62170.e38c01fb-ffb2-4c7e-b4c7-1f47c844d855@gmail.comae38c01fbffb24c7eb4c71f47c844
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.62170.e38c01fb-ffb2-4c7e-b4c7-1f47c844d855@gmail.comae38c01fbffb24c7eb4c71f47c844
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.62170.e38c01fb-ffb2-4c7e-b4c7-1f47c844d855@gmail.comasyncdb_dbWasSet", true);
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.62170.e38c01fb-ffb2-4c7e-b4c7-1f47c844d855@gmail.comasyncdb_dbWasSet_FF25_FIX", t
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.62170.e38c01fb-ffb2-4c7e-b4c7-1f47c844d855@gmail.comasyncinternaldb_dbWasSet", tr
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.62170.e38c01fb-ffb2-4c7e-b4c7-1f47c844d855@gmail.comasyncinternaldb_dbWasSet_FF25
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.62170.enablesearch", false);
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.62170.homepage", "");
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.62170.iframe", false);
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.62170.InstallationThankYouPage", false);
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.62170.InstallationTime", 1415569949);
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.62170.internaldb.__defualt_browser__.expiration", "Fri Feb 01 2030 00:00:00 GMT-0
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.62170.internaldb.__defualt_browser__.value", "%22ff%22");
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.62170.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Centr
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.62170.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7B%22install
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.62170.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT-
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.62170.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%22FAEBB7
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.62170.internaldb.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.62170.internaldb.InstallerParams.value", "%7B%22source_id%22%3A%22001889%22%2C%22
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.62170.internaldb.InstallerParamsCache.expiration", "Fri Feb 01 2030 00:00:00 GMT-
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.62170.internaldb.InstallerParamsCache.value", "%7B%22source_id%22%3A%22001889%22%
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.62170.internaldb.InstallerUserIdentifiersCache.expiration", "Fri Feb 01 2030 00:0
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.62170.internaldb.InstallerUserIdentifiersCache.value", "%7B%22installer_bic%22%3A
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.62170.internaldb.monetization_plugin__disable_bi_pixel_.expiration", "Mon Nov 17
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.62170.internaldb.monetization_plugin__disable_bi_pixel_.value", "true");
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.62170.internaldb.monetization_plugin_bundledUrls.expiration", "Fri Feb 01 2030 00
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.62170.internaldb.monetization_plugin_bundledWithHash.expiration", "Fri Feb 01 203
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.62170.internaldb.monetization_plugin_bundledWithHash.value", "null");
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.62170.internaldb.monetization_plugin_last_executable_request.expiration", "Mon No
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.62170.internaldb.monetization_plugin_last_executable_request.value", "%22http%3A/
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.62170.internaldb.monetization_plugin_notBundledArr_.expiration", "Fri Feb 01 2030
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.62170.internaldb.monetization_plugin_notBundledArr_.value", "%5B%5D");
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.62170.internaldb.monetization_plugin_regBundledWithSoftware.expiration", "Fri Feb
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.62170.internaldb.monetization_plugin_regBundledWithSoftware.value", "%7B%7D");
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.62170.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.62170.internaldb.Resources_appVer.value", "45");
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.62170.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.62170.internaldb.Resources_lastVersion.value", "1");
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.62170.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.62170.internaldb.Resources_meta.value", "%7B%7D");
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.62170.internaldb.Resources_nextCheck.expiration", "Mon Nov 10 2014 22:48:17 GMT-0
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.62170.internaldb.Resources_nextCheck.value", "true");
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.62170.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.62170.internaldb.Resources_queue.value", "%7B%7D");
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.62170.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030 00:00:0
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.62170.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D");
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.62170.lastDailyReport", "1415659690955");
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.62170.lastUpdate", "1415659693915");
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.62170.manifesturl", "");
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.62170.name", "enterprise 1.1");
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.62170.newtab", "");
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.62170.opensearch", "");
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.62170.pluginsurl", "http://js.newinputinfoservice.com/plugin/apps/62170/plugins/n
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.62170.pluginsversion", 39);
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.62170.publisher", "Marketi");
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.62170.searchstatus", 0);
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.62170.setnewtab", false);
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.62170.thankyou", "");
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.62170.updateinterval", 360);
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.62170.ver", 45);
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.apps", "62170");
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.bic", "14996962d15127e81decbcaa1ff5183c");
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.cid", 62170);
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.firstrun", false);
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.hadappinstalled", true);
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.installationdate", 1415570665);
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.modetype", "production");
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.reportInstall", true);
user_pref("extensions.ae38c01fbffb24c7eb4c71f47c844d855gmailcom62170.statsDailyCounter", 4);
---- Lines Customized removed from prefs.js ----
user_pref("extensions.testpilot.alreadyCustomizedToolbar", true);
---- Lines defaulttab removed from prefs.js ----
user_pref("extensions.addon@defaulttab.com.install-event-fired", true);
---- FireFox user.js and prefs.js backups ----

prefs_20141127_0956_.backup

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_USERS\S-1-5-21-452358066-1835194576-1080679812-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Ohkics"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Ohkics"=-
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F144C38A-9214-46C0-8215-F76254DFF2E3}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=-

==== Deleting Files \ Folders ======================

"C:\Windows\Installer\2ba00b.msi" not found
C:\Users\Strelok\AppData\Local\Ucmedia deleted
C:\Users\Strelok\AppData\Local\Esqtion deleted
C:\Users\Strelok\.android deleted
C:\PROGRA~2\Yahoo! deleted
C:\install.exe deleted
C:\Users\Strelok\AppData\Roaming\msregsvv.dll deleted
C:\PROGRA~3\Yahoo! deleted
C:\PROGRA~3\boost_interprocess deleted
C:\PROGRA~3\Package Cache deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\GPT.INI deleted
C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted
C:\Users\Strelok\AppData\Roaming\Mozilla\Firefox\Profiles\kdw7ftmn.default\CT3298566 deleted
"C:\Users\Strelok\AppData\Local\18o8t6l1o08i0073i884j60fu72dc0q6mgwsj5y5" deleted
"C:\Users\Strelok\AppData\Local\83528t05c8s0j6powv61" deleted
"C:\ProgramData\18o8t6l1o08i0073i884j60fu72dc0q6mgwsj5y5" deleted
"C:\ProgramData\83528t05c8s0j6powv61" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\Alwil Software\Avast5\WebRep\FF" [08/29/2014 04:48 PM]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\dws1sad4.default
- Instrument Test - %ProfilePath%\extensions\testpilot@labs.mozilla.com.xpi

ProfilePath: C:\Users\Strelok\AppData\Roaming\Mozilla\Firefox\Profiles\kdw7ftmn.default
- Undetermined - testpilot@labs.mozilla.com
- Undetermined - adblockpopups@jessehakanen.net
- Undetermined - {9AA46F4F-4DC7-4c06-97AF-5035170634FE}
- Adblock Plus Pop-up Addon - %ProfilePath%\extensions\adblockpopups@jessehakanen.net.xpi
- Instrument Test - %ProfilePath%\extensions\testpilot@labs.mozilla.com.xpi
- YouTube High Definition - %ProfilePath%\extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi
- ImTranslator - %ProfilePath%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Strelok\AppData\Roaming\Mozilla\Firefox\Profiles\kdw7ftmn.default
8303B3CEC05500F763B4FA75210598BB    - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll -    Shockwave Flash
3CD19649B2C3023D65E67C056457A2BC    - C:\Users\Strelok\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll -    Facebook Video Calling Plugin
2147C8ED020B1CE3B82BBDD3C49C8F81    - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll -    WacomTabletPlugin


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx[08/29/2014 04:48 PM]

Google Voice Search Hotword (Beta) - Strelok\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
Avast Online Security - Strelok\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
MixiDJ V30 - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen
DefaultTab - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Skype for Chromium - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Chrome In-App Payments service - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

==== Chromium Startpages ======================

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://www.google.com",
"urls_to_restore_on_startup": [ "http://www.google.com" ]


==== Chromium Fix ======================

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc deleted successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{231BBCBD-0162-40a8-9097-6935B2BE36DA} Google  Url="http://www.google.com/cse?cx=partner-pub-3794288947762788%3A4067623346&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A4067623346"
{CD61AC6A-5458-4df8-A991-F5C36CE1AF60} Bing  Url="http://www.bing.com/search?q={searchTerms}&form=SPLBR2&pc=SPLH"

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyServer"="http=127.0.0.1:49213;https=127.0.0.1:49213"
"ProxyOverride"="<local>"
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\AD6FB9BD030812A4F94F88657A55F6FC deleted successfully
HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\AD6FB9BD030812A4F94F88657A55F6FC deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Strelok\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Strelok\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Strelok\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Strelok\AppData\Local\Mozilla\Firefox\Profiles\kdw7ftmn.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Strelok\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1220 folders=250 1025071466 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Guest\AppData\Local\Temp emptied successfully
C:\Users\Strelok\AppData\Local\Temp will be emptied at reboot
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Strelok\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Strelok\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on Thu 11/27/2014 at 10:02:36.20 ======================
 



#10 strelok86

strelok86
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 27 November 2014 - 11:17 AM

adw log:

 

# AdwCleaner v4.102 - Report created 27/11/2014 at 10:08:01
# Updated 23/11/2014 by Xplode
# Database : 2014-11-27.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Strelok - SKLADOFSKI
# Running from : C:\Users\Strelok\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found : C:\iolo
Folder Found : C:\Program Files (x86)\iolo
Folder Found : C:\ProgramData\iolo
Folder Found : C:\Users\Strelok\AppData\Roaming\iolo
Folder Found : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\iolo

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7601.17514


-\\ Mozilla Firefox v34.0 (x86 en-US)


-\\ Google Chrome v39.0.2171.71

[C:\Users\Strelok\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}

*************************

AdwCleaner[R0].txt - [1042 octets] - [27/11/2014 10:08:01]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1102 octets] ##########
 



#11 strelok86

strelok86
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 27 November 2014 - 11:25 AM

JRT log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.9 (11.15.2014:2)
OS: Windows 7 Home Premium x64
Ran by Strelok on Thu 11/27/2014 at 10:18:30.00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 11/27/2014 at 10:21:35.64
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#12 strelok86

strelok86
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 27 November 2014 - 11:37 AM

zoek scan log:

 

Zoek.exe v5.0.0.0 Updated 26-11-2014
Tool run by Strelok on Thu 11/27/2014 at 10:28:19.60.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Strelok\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-11-26-014749.log    58477 bytes
C:\zoek-results2014-11-27-000823.log    383 bytes
C:\zoek-results2014-11-27-160236.log    27502 bytes

==== Running Processes ======================

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\Tablet\Wacom\WacomHost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\IObit\Game Booster\gbtray.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Users\Strelok\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\firefox.exe
C:\Users\Strelok\Desktop\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe

==== System Specs ======================

Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 8192 MB
CPU Info: AMD Phenom™ II X4 965 Processor
CPU Speed: 3421.2 MHz
Sound Card: Speakers (Realtek High Definiti |
Realtek Digital Output (Realtek |
Realtek HD Audio 2nd output (Re |
SYLVANIA-1 (NVIDIA High Definit |
Display Adapters: NVIDIA GeForce GTS 450 | NVIDIA GeForce GTS 450 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1768 X 992 - 32 bit
Network: Network Present
Network Adapters: Realtek PCIe GBE Family Controller
CD / DVD Drives: 2x (D: | E: | ) D: ASUS    BR-04B2T         | E: DTSOFT  BDROM
Ports: COM1 LPT1
Mouse: 16 Button Wheel Mouse Present
Hard Disks: C:  931.4GB
Hard Disks - Free: C:  17.9GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 08/16/32 | 7596MS - 20091209
Time Zone: Central Standard Time
Motherboard *: MICRO-STAR INTERNATIONAL CO.,LTD 785GM-E51 (MS-7596)
Country: United States
Language: ENU

==== System Specs (Software) ======================

Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated)
Anti-Spyware: avast! Antivirus disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Default Browser: Firefox    34.0
Internet Explorer version: 8.0.7601.17514
Mozilla Firefox version: 34.0 (x86 en-US)
Google Chrome version: 39.0.2171.71
Adobe Reader version: 9.5.3.305
Sun Java version: 1.8.0_25 (32-bit)
Sun Java version: 1.8.0_25 (64-bit)
Flash Player version: 15.0.0.239

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2014-11-23 00:50:37    DE7ECC022151ACB7375F09C5417E7425    74703    ----a-w-    C:\Windows\SysWOW64mfc45.dll
2014-11-20 01:40:05    84E78276993CBBC6259EBA804C1A57C5    234000    ----a-w-    C:\Windows\RegBootClean64.exe
====== C:\Users\Strelok\AppData\Local\Temp ====
2014-11-27 16:18:14    E0DC8C6BBC787B972A9A468648DBFD85    1008128    ----a-w-    C:\Users\Strelok\AppData\Local\Temp\jrt\libiconv2.dll
2014-11-27 16:18:14    D202BAA425176287017FFE1FB5D1B77C    103424    ----a-w-    C:\Users\Strelok\AppData\Local\Temp\jrt\libintl3.dll
2014-11-27 16:18:14    57CAC848FA14AE38F14F9441F8933282    140288    ----a-w-    C:\Users\Strelok\AppData\Local\Temp\jrt\pcre3.dll
2014-11-27 16:18:14    547C43567AB8C08EB30F6C6BACB479A3    79360    ----a-w-    C:\Users\Strelok\AppData\Local\Temp\jrt\regex2.dll
2014-11-27 16:18:14    2E0323A94915FAAB10A25F3BABF82584    157696    ----a-w-    C:\Users\Strelok\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-11-23 01:07:39    2BA0DA961C0DF14E65E6E9EDCB6FF2D3    2097984    ----a-w-    C:\Windows\SysWOW64\Incinerator32.dll
2014-11-23 01:07:27    163DB46B803E4C83C444A026FF17D269    56200    ----a-w-    C:\Windows\SysWOW64\offreg.dll
2014-11-23 00:58:57    3ECCF5FB9D51A28907F5A7F85490B475    74703    ----a-w-    C:\Windows\SysWOW64\mfc45.dat
2014-11-19 02:02:42    A042349B7208BF8BED858B1E9B48B06D    98216    ----a-w-    C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-11-23 01:07:39    FC5306C9AD680F53D8E75D5BF76EE3FF    2155152    ----a-w-    C:\Windows\Sysnative\Incinerator64.dll
2014-11-23 01:07:35    6D8495C770AF49E3A6570A4265AB1F93    57584    ----a-w-    C:\Windows\Sysnative\iolobtdfg.exe
2014-11-23 01:07:35    5AC58C09D5D12DEFCDE1455DB4916F5B    26184    ----a-w-    C:\Windows\Sysnative\smrgdf.exe
2014-11-23 01:07:27    4D7DFDCE8198221DEE8C50ABA2756A95    69000    ----a-w-    C:\Windows\Sysnative\offreg.dll
2014-11-23 00:56:27    BF7E3A603CA922B25B81DFA503827A11    406    ----a-w-    C:\Windows\Sysnative\ioloBootDefrag.cfg
2014-11-22 01:19:48    5614386D4CFDF9E56F355C45BEEBC976    12872    ----a-w-    C:\Windows\Sysnative\bootdelete.exe
2014-11-22 01:19:46    4F073AD5A3B848752DF064021E4BCD8E    6574    ----a-w-    C:\Windows\Sysnative\bootdelete.lst
2014-11-16 03:52:36    666F960F7A8D2BD2708F995F51E01F4D    6048    ----a-w-    C:\Windows\Sysnative\.crusader
====== C:\Windows\Sysnative\drivers =====
2014-11-23 01:07:35    8570C04D9DBFDDD2CCF655DEB4D84715    82160    ----a-w-    C:\Windows\Sysnative\drivers\PDFsFilter.sys
2014-11-23 00:51:06    F3EE3EF609940865154ED95FBC839BAA    32912    ----a-w-    C:\Windows\Sysnative\drivers\rawdsk3.sys
2014-11-21 01:12:29    0BD205E00C93B8CF828301F43164AA51    173504    ----a-w-    C:\Windows\Sysnative\drivers\tmcomm.sys
2014-11-11 02:26:39    26C43960C99EE861A5D0EDC4DCF3B1C3    129752    ----a-w-    C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2014-11-11 02:26:25    D3311B31C470E7681B14D9B014CBF9ED    93400    ----a-w-    C:\Windows\Sysnative\drivers\mbamchameleon.sys
2014-11-11 02:26:25    95EF63A7827D4E3A229CBBCB42619E93    63704    ----a-w-    C:\Windows\Sysnative\drivers\mwac.sys
2014-11-10 00:17:38    BB7C91D0E97AA8126212838D32DCC83C    26856    ----a-w-    C:\Windows\Sysnative\drivers\tclondrv.sys
====== C:\Windows\Tasks ======
2014-11-23 01:07:28    89B32AC8FE97B590FA337F1C2316CA03    3118    ----a-w-    C:\Windows\Sysnative\Tasks\iolo Process Governor
2014-11-23 00:54:54    F002497B0B2C3BAB7DD0B93CC499F2FB    3242    ----a-w-    C:\Windows\Sysnative\Tasks\SidebarExecute
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-11-16 03:39:34    --------    d-----w-    C:\Program Files\HitmanPro
======= C:\PROGRA~2 =====
2014-11-23 05:39:47    --------    d-----w-    C:\PROGRA~2\ESET
2014-11-20 02:43:42    --------    d-----w-    C:\PROGRA~2\DVDFab Media Player 2
2014-11-19 04:27:31    --------    d-----w-    C:\PROGRA~2\NSIS Uninstall Information
2014-11-19 02:03:07    --------    d-----w-    C:\PROGRA~2\COMMON~1\Java
2014-11-09 18:50:08    --------    d-----w-    C:\PROGRA~2\Sophos
======= C: =====
====== C:\Users\Strelok\AppData\Roaming ======
2014-11-27 16:00:39    --------    d-----w-    C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Temp
2014-11-27 16:00:39    --------    d-----w-    C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp
2014-11-27 16:00:39    --------    d-----w-    C:\Users\Strelok\AppData\Local\Temp
2014-11-27 16:00:39    --------    d-----w-    C:\Users\Guest\AppData\Local\Temp
2014-11-27 16:00:39    --------    d-----w-    C:\Users\Default\AppData\Local\Temp
2014-11-27 16:00:39    --------    d-----w-    C:\Users\Default User\AppData\Local\Temp
2014-11-20 02:28:17    7A2703C351EAABA4D02955C662D12A6F    111104    ----a-w-    C:\Users\Strelok\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-20 01:32:37    F20601E1E5DD5C3480995BC646F24A8B    36    ----a-w-    C:\Users\Strelok\AppData\Local\housecall.guid.cache
2014-11-19 02:03:53    --------    d-----w-    C:\Windows\SysNative\config\systemprofile\AppData\Locallow\Sun
2014-11-13 03:27:40    ADB4A20FDE65D44803D6DD0D0958229F    60    ----a-w-    C:\Users\Strelok\AppData\Roaming\mbam.context.scan
2014-11-09 21:52:36    --------    d-----w-    C:\Users\Strelok\AppData\Local\CrashDumps
2014-11-09 21:51:56    --------    d-----w-    C:\Users\Strelok\AppData\Local\SkinSoft
2014-11-09 21:51:33    --------    d-----w-    C:\Users\Strelok\AppData\Roaming\Convert Audio Free
2014-11-09 18:50:14    --------    d-----w-    C:\Users\Strelok\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2014-11-09 18:27:21    --------    d-----w-    C:\Users\Strelok\AppData\Local\NPE
====== C:\Users\Strelok ======
2014-11-27 00:06:15    8573E3C2603DD23E1A8DE3177D146D18    1707532    ----a-w-    C:\Users\Strelok\Desktop\JRT.exe
2014-11-27 00:05:07    5A6F21141B846BD3CE1ED0BD0F19C3AF    2148864    ----a-w-    C:\Users\Strelok\Desktop\AdwCleaner.exe
2014-11-25 05:40:08    8B968045D75783A09592C3105F2865DA    688992    ------r-    C:\Users\Strelok\Desktop\dds.com
2014-11-23 18:45:47    788FCDDD88240A85039F7F561093B118    448512    ----a-w-    C:\Users\Strelok\Desktop\TFC.exe
2014-11-23 05:38:42    E8D3E34FFDAF21DF7C09CBBBA5763237    2347384    ----a-w-    C:\Users\Strelok\Desktop\esetsmartinstaller_enu.exe
2014-11-23 05:30:14    FCCD0F6A733248E8F624B9FE813F0324    1944824    ----a-w-    C:\Users\Strelok\Downloads\rkill.exe
2014-11-23 01:07:41    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic
2014-11-23 00:50:54    FA94B5216DB657FD2E360C891895BF2F    43462256    ----a-w-    C:\Users\Strelok\Downloads\SystemMechanic.exe
2014-11-23 00:50:11    B54C49047C65C768A430D41B54878A9F    585912    ----a-w-    C:\Users\Strelok\Downloads\smfree_dm.exe
2014-11-20 02:43:47    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab Media Player 2
2014-11-20 02:43:22    C1B84205CF4D70DEA5DE0A5CCA96F0C1    15783672    ----a-w-    C:\Users\Strelok\Downloads\DVDFabMediaPlayer2441.exe
2014-11-20 02:24:12    E5FCF3F6E72807886F81C9F3A30BF301    148478264    ----a-w-    C:\Users\Strelok\Downloads\PowerDVD_v5012_r85663_Ultra_DVD131220-03.exe
2014-11-20 00:00:52    4ADCFEE16EE9978F06157634669D36FB    602112    ----a-w-    C:\Users\Strelok\Downloads\OTL.exe
2014-11-19 23:33:13    21E41B92C06316D9B72D5A8F1CBE2D1F    8372784    ----a-w-    C:\Users\Strelok\Downloads\attk_far_gui_x64.exe
2014-11-19 23:31:37    2AD9820E4B17E78110A6AA06BF5C1CE2    4184008    ----a-w-    C:\Users\Strelok\Downloads\tdsskiller (1).exe
2014-11-19 23:30:26    8E3384C7A0CF27B15D786E665CE74308    5198336    ----a-w-    C:\Users\Strelok\Downloads\aswmbr.exe
2014-11-19 04:20:08    --------    d-----w-    C:\ProgramData\SUPPORTDIR
2014-11-19 02:01:08    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-19 02:00:08    --------    d-----w-    C:\ProgramData\Oracle
2014-11-19 01:59:02    44933ED144874569EB5A43B613CBE88A    638888    ----a-w-    C:\Users\Strelok\Downloads\jxpiinstall.exe
2014-11-16 03:03:04    --------    d-----w-    C:\ProgramData\HitmanPro
2014-11-16 01:47:55    00FD7C6BEDEE9B24B0DB02B68B07AD54    11222744    ----a-w-    C:\Users\Strelok\Downloads\HitmanPro_x64.exe
2014-11-10 00:17:48    --------    d-----w-    C:\Users\Public\Documents\TuneClone
2014-11-09 18:50:17    --------    d-----w-    C:\ProgramData\Sophos

====== C: exe-files ==
2014-11-26 01:16:51    9D83E2859AC027E8C505CB4D1931AF47    1117264    ----a-w-    C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\39.0.2171.71\39.0.2171.71_39.0.2171.65_chrome_updater.exe
2014-11-23 05:40:08    E273331224005C5A8A504164373DE1DC    535304    ----a-w-    C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
2014-11-23 05:40:08    9E47522861242EE002D7F385C35D1322    2887824    ----a-w-    C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
2014-11-23 05:40:08    5B3DE7968D23B476AFB256D8014B25B9    333424    ----a-w-    C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScannerA.exe
2014-11-23 05:40:08    47B06E473B78A792DF07D226E0537D63    119184    ----a-w-    C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
2014-11-23 05:40:08    3C3F35C91F230493B088B334E39D1F7A    358144    ----a-w-    C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
=== C: other files ==
2014-11-27 16:18:14    F69854EA9F4462090B0AEBB3723881B5    14957    ----a-w-    C:\Users\Strelok\AppData\Local\Temp\jrt\get.bat
2014-11-27 16:18:14    F56A319979F631C141F5FF02DF87FDB1    43563    ----a-w-    C:\Users\Strelok\AppData\Local\Temp\jrt\prelim.bat
2014-11-27 16:18:14    DF7FA1F19DECC2671D46B33E6B1C0785    190133    ----a-w-    C:\Users\Strelok\AppData\Local\Temp\jrt\misc.bat
2014-11-27 16:18:14    DD1E4D974B1672ABD09EFFB225791C4A    1230    ----a-w-    C:\Users\Strelok\AppData\Local\Temp\jrt\TDL4.bat
2014-11-27 16:18:14    AD2F52DC72B10AF331692E4A4DD80DFC    18670    ----a-w-    C:\Users\Strelok\AppData\Local\Temp\jrt\medfos.bat
2014-11-27 16:18:14    AA0C656F898523BEDF2DA6923197BB80    1264    ----a-w-    C:\Users\Strelok\AppData\Local\Temp\jrt\surfvox.bat
2014-11-27 16:18:14    8E6020C14F982CF11B3FE7DBB0CB8EDE    24738    ----a-w-    C:\Users\Strelok\AppData\Local\Temp\jrt\searchlnk.bat
2014-11-27 16:18:14    86707BCE5CBB65D9B1C41E249B4423BA    152733    ----a-w-    C:\Users\Strelok\AppData\Local\Temp\jrt\firefox.bat
2014-11-27 16:18:14    83F691D8398F0E37E71E9355BF730DB9    719    ----a-w-    C:\Users\Strelok\AppData\Local\Temp\jrt\ev_clear.bat
2014-11-27 16:18:14    6D12411EDA5A8EFC2018F64A6860BB78    10606    ----a-w-    C:\Users\Strelok\AppData\Local\Temp\jrt\runvalues.bat
2014-11-27 16:18:14    38A0BDF322ACCC968B0A824C38D50157    29635    ----a-w-    C:\Users\Strelok\AppData\Local\Temp\jrt\ask.bat
2014-11-27 16:18:14    335DFF8F23E5EC02B5426362F0F8509B    31401    ----a-w-    C:\Users\Strelok\AppData\Local\Temp\jrt\iexplore.bat
2014-11-27 16:18:14    0C4649A62845AB5D5DBCC4998477FF6D    1813    ----a-w-    C:\Users\Strelok\AppData\Local\Temp\jrt\delfolders.bat
2014-11-27 16:18:14    080CFDE64F31E7B50EECF4552033E84D    9937    ----a-w-    C:\Users\Strelok\AppData\Local\Temp\jrt\mws.bat
2014-11-27 16:18:14    048407135C9B1FB6A355E256BD96160D    14192    ----a-w-    C:\Users\Strelok\AppData\Local\Temp\jrt\chrome.bat
2014-11-25 05:40:08    8B968045D75783A09592C3105F2865DA    688992    ------r-    C:\Users\Strelok\Desktop\dds.com
2014-11-23 01:07:35    8570C04D9DBFDDD2CCF655DEB4D84715    82160    ----a-w-    C:\Windows\System32\drivers\PDFsFilter.sys
2014-11-23 00:51:06    F3EE3EF609940865154ED95FBC839BAA    32912    ----a-w-    C:\Windows\System32\drivers\rawdsk3.sys
2014-11-21 01:12:30    3AB06DCCEC889C145E2373819D8ACC67    2658    ----a-w-    C:\Users\Strelok\Downloads\TrendMicro AntiThreat Toolkit\Updater\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\ini_xml.zip
2014-11-21 01:12:29    99559F8DE53EAC2C8DBC23595803A69D    46352    ----a-w-    C:\Users\Strelok\Downloads\TrendMicro AntiThreat Toolkit\HC_ATTK\TMEBC64.sys
2014-11-21 01:12:29    208A266D6989BA794F3AE073749094C5    111631    ----a-w-    C:\Users\Strelok\Downloads\TrendMicro AntiThreat Toolkit\Output\2014.11.20-1912.27_07E0718A-00C9-00E4-00BE-00E74903D7EB_5621.zip
2014-11-21 01:12:29    0BD205E00C93B8CF828301F43164AA51    173504    ----a-w-    C:\Windows\System32\drivers\tmcomm.sys
2014-11-21 01:12:29    0BD205E00C93B8CF828301F43164AA51    173504    ----a-w-    C:\Users\Strelok\Downloads\TrendMicro AntiThreat Toolkit\HC_ATTK\Tmcomm.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-452358066-1835194576-1080679812-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"="C:\Program Files (x86)\Steam\steam.exe -silent"
"ISUSPM Startup"="C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup"
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
"f.lux"="C:\Users\Strelok\AppData\Local\FluxSoftware\Flux\flux.exe /noshow"
"Facebook Update"="C:\Users\Strelok\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"
"DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DelReg"="C:\Program Files (x86)\MSI\OverclockingCenter\DelReg.exe"
"ISUSScheduler"="C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe -start"
"Adobe Photo Downloader"="C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe"
"XtremeTuner HD"="C:\Program Files\XtremeTuner HD\XtremeTuner HD.exe OnlyApplySettings"
"SwitchBoard"="C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
"AdobeCS5ServiceManager"="C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe -launchedbylogin"
"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"RemoteControl11"="C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe"
"AvastUI.exe"="C:\Program Files\Alwil Software\Avast5\AvastUI.exe /nogui"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"="C:\Program Files (x86)\Steam\steam.exe -silent"
"ISUSPM Startup"="C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup"
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
"f.lux"="C:\Users\Strelok\AppData\Local\FluxSoftware\Flux\flux.exe /noshow"
"Facebook Update"="C:\Users\Strelok\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"
"DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\Program Files\Microsoft IntelliType Pro\itype.exe"
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"ShadowPlay"="C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart"
"NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="APSDaemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Xvid]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Xvid"
"hkey"="HKCU"
"command"="C:\\Program Files\\Xvid\\CheckUpdate.exe"


==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [11/26/2014 06:36 PM]
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-452358066-1835194576-1080679812-1000Core.job --a------ [Undetermined Task]
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-452358066-1835194576-1080679812-1000UA.job --a------ [Undetermined Task]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [10/19/2014 07:58 AM]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [10/19/2014 07:58 AM]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\EVGAPrecision" [C:\Program Files (x86)\EVGA Precision\EVGAPrecision.exe]
"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-452358066-1835194576-1080679812-1000Core" [C:\Users\Strelok\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-452358066-1835194576-1080679812-1000UA" [C:\Users\Strelok\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\Windows\SysNative\tasks\Game_Booster_AutoUpdate" [C:\Program Files (x86)\IObit\Game Booster\AutoUpdate.exe]
"C:\Windows\SysNative\tasks\Game_Booster_Startup" [C:\Program Files (x86)\IObit\Game Booster\gbtray.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\iolo Process Governor" [C:\Program Files (x86)\iolo\System Mechanic\iologovernor64.exe]
"C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files (x86)\Windows Sidebar\sidebar.exe]
"C:\Windows\SysNative\tasks\{0F86B334-C1F0-4DE4-9BEC-A3033929368E}" [C:\Users\Strelok\Local Settings\Apps\F.lux\flux.exe]
"C:\Windows\SysNative\tasks\{18DCA54A-5AE2-452C-8324-66ED2A3F2B85}" ["c:\program files (x86)\mozilla firefox 4.0 beta 8\firefox.exe"]
"C:\Windows\SysNative\tasks\{57A7ACEC-8D92-4913-AFD5-AB8FEF6B6858}" [C:\Users\Strelok\Local Settings\Apps\F.lux\flux.exe]
"C:\Windows\SysNative\tasks\{89CDB40C-9688-493E-AC22-4EA585E73A6F}" [C:\Users\Strelok\Local Settings\Apps\F.lux\flux.exe]
"C:\Windows\SysNative\tasks\{93E101B2-4EE9-4CA3-AA23-8A69B742155A}" [C:\Program Files (x86)\Steam\steamapps\common\real myst\RealMYST.exe]
"C:\Windows\SysNative\tasks\{CA63A42A-CCAD-48B2-B344-E2143E9F21B8}" [C:\Program Files (x86)\Steam\steamapps\common\real myst\RealMYST.exe]
"C:\Windows\SysNative\tasks\{E4F3F941-8A85-4901-8B15-58086769063F}" [C:\Users\Strelok\Local Settings\Apps\F.lux\flux.exe]
"C:\Windows\SysNative\tasks\{EBD101AE-9DDA-4183-B2B2-AEF0B4BEFB3F}" [C:\Program Files (x86)\Skype\\Phone\Skype.exe]
"C:\Windows\SysNative\tasks\{FE20BF4A-3CE5-478C-BE26-F11F2405F19A}" [C:\Users\Strelok\Local Settings\Apps\F.lux\flux.exe]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\Alwil Software\Avast5\WebRep\FF" [08/29/2014 04:48 PM]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\dws1sad4.default
- Instrument Test - %ProfilePath%\extensions\testpilot@labs.mozilla.com.xpi

ProfilePath: C:\Users\Strelok\AppData\Roaming\Mozilla\Firefox\Profiles\kdw7ftmn.default
- Undetermined - testpilot@labs.mozilla.com
- Undetermined - adblockpopups@jessehakanen.net
- Undetermined - {9AA46F4F-4DC7-4c06-97AF-5035170634FE}
- Adblock Plus Pop-up Addon - %ProfilePath%\extensions\adblockpopups@jessehakanen.net.xpi
- Instrument Test - %ProfilePath%\extensions\testpilot@labs.mozilla.com.xpi
- YouTube High Definition - %ProfilePath%\extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi
- ImTranslator - %ProfilePath%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Strelok\AppData\Roaming\Mozilla\Firefox\Profiles\kdw7ftmn.default
8303B3CEC05500F763B4FA75210598BB    - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll -    Shockwave Flash
3CD19649B2C3023D65E67C056457A2BC    - C:\Users\Strelok\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll -    Facebook Video Calling Plugin
2147C8ED020B1CE3B82BBDD3C49C8F81    - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll -    WacomTabletPlugin


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx[08/29/2014 04:48 PM]

Google Voice Search Hotword (Beta) - Strelok\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
Avast Online Security - Strelok\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Google Wallet - Strelok\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Google Docs - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Skype for Chromium - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Chrome In-App Payments service - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chromium Startpages ======================

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://www.google.com",
"urls_to_restore_on_startup": [ "http://www.google.com" ]


==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{231BBCBD-0162-40a8-9097-6935B2BE36DA} Google  Url="http://www.google.com/cse?cx=partner-pub-3794288947762788%3A4067623346&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A4067623346"
{CD61AC6A-5458-4df8-A991-F5C36CE1AF60} Bing  Url="http://www.bing.com/search?q={searchTerms}&form=SPLBR2&pc=SPLH"

==== HijackThis Entries ======================

R3 - URLSearchHook: (no name) - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
O4 - HKLM\..\Run: [DelReg] C:\Program Files (x86)\MSI\OverclockingCenter\DelReg.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [XtremeTuner HD] C:\Program Files\XtremeTuner HD\XtremeTuner HD.exe OnlyApplySettings
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [RemoteControl11] C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [f.lux] "C:\Users\Strelok\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Strelok\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{079F03D1-7FE6-4990-8568-7B9EBD5231B8}: NameServer = 8.8.8.8,8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{0CD66661-051D-453A-9BFB-9CD6256951AA}: NameServer = 8.8.8.8,8.8.8.8,192.168.1.1,192.168.1.101
O17 - HKLM\System\CCS\Services\Tcpip\..\{A08A4BB6-B11E-4B77-9A0D-E78B14633EC4}: NameServer = 8.8.8.8,8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB4178E6-CF82-41C9-BD17-ACD831139D11}: NameServer = 8.8.8.8,8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{079F03D1-7FE6-4990-8568-7B9EBD5231B8}: NameServer = 8.8.8.8,8.8.8.8
O17 - HKLM\System\CS2\Services\Tcpip\..\{079F03D1-7FE6-4990-8568-7B9EBD5231B8}: NameServer = 8.8.8.8,8.8.8.8
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AODService - Unknown owner - C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CLHNServiceForPowerDVD - Unknown owner - C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
O23 - Service: CyberLink PowerDVD 11.0 Monitor Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
O23 - Service: CyberLink PowerDVD 11.0 Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: USB MIDI Series Audio Device Monitor (USBMIDIAudioDevMon) - M-Audio - C:\Program Files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wacom Professional Service (WTabletServicePro) - Wacom Technology, Corp. - C:\Program Files\Tablet\Wacom\WTabletServicePro.exe

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1221 folders=253 1025090816 bytes)

==== EOF on Thu 11/27/2014 at 10:35:24.01 ======================
 



#13 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:15 PM

Posted 27 November 2014 - 12:13 PM

IMPORTANT: You MUST use Internet Explorer for this step!
  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#14 strelok86

strelok86
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 27 November 2014 - 12:14 PM

after all that. avast still decided to block a dropper gen attack, from the same folder. c:/programdata/microsoft/secure/icons/temp/tmpA4F5.exe (which gets turned into an empty .tmp file by avast)



#15 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:15 PM

Posted 27 November 2014 - 12:16 PM

OK please do the ESET scan.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users