[Clean] Asus X5DC laptop running very slow.

[jontye]

Hi, My wifes Asus laptop is running very, very slow, not opening files in MS Word, not being able to find files in MS Word, web pages taking an age to load then getting a 'not responding' message.

Reading through previous threads I came across the advice regarding using Junkware Removal Tool and AdwCleaner (Xplode), I've used these two downloads, reports from both attached, and although there has been some improvement, in the main the problems still continue.

Could you please advise on what action to take next.


# AdwCleaner v4.204 - Logfile created 19/05/2015 at 08:55:33
# Updated 12/05/2015 by Xplode
# Database : 2015-05-12.2 [Local]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : USER - USER-PC
# Running from : C:\Users\USER\Downloads\adwcleaner_4.204.exe
# Option : Cleaning
***** [ Services ] *****

***** [ Files / Folders ] *****
File Deleted : C:\USERs\USER\daemonprocess.txt
***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Mobogenie.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\InstallCore
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>
***** [ Web browsers ] *****
-\\ Internet Explorer v11.0.9600.17728

*************************
AdwCleaner[R0].txt - [1990 bytes] - [19/05/2015 08:45:33]
AdwCleaner[R1].txt - [1990 bytes] - [19/05/2015 08:49:13]
AdwCleaner[S0].txt - [1898 bytes] - [19/05/2015 08:55:33]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1957 bytes] ##########




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.3 (05.18.2015:1)
OS: Windows 7 Home Premium x64
Ran by USER on 19/05/2015 at 8:29:33.13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services
Successfully stopped: [Service] util browsesmart
Successfully deleted: [Service] util browsesmart

~~~ Tasks

~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\\URL

~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\APN PIP
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\PIP
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update BrowseSmart
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Util BrowseSmart

~~~ Files
Successfully deleted: [File] C:\Windows\syswow64\shoD55A.tmp
Successfully deleted: [File] C:\Users\USER\AppData\Roaming\microsoft\internet explorer\quick launch\check pc for errors.lnk

~~~ Folders
Successfully deleted: [Folder] C:\Program Files (x86)\mobogenie
Successfully deleted: [Folder] C:\ProgramData\partner
Successfully deleted: [Folder] C:\Users\USER\appdata\local\genienext
Successfully deleted: [Folder] C:\Users\USER\appdata\local\mobogenie


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19/05/2015 at 8:37:03.10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Regards Jontye

 

[seedy21]

Hello Jontyehttp://www.freepchelp.uk/members/12018-jontye


I'm Seedy21 and I will be helping you with your issues.

Please note the following information about the malware forum:

• From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by me
  
• Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  
• Please reply within 48 hours, if you are going to be away for longer please let us know or the topic will be closed for been inactive
  
• If you are using Cracked or Illegal software your thread will be closed
  
• Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close.

Please can you tell me what issues you are still having?

Download

zoek.exe from here: [url]http://hijackthis.nl/smeenk/[/url] and save it to your Desktop.

• Close/disable all anti virus and anti malware programs so they do not interfere with the download or execution of Zoek.exe
  You can find instructions how to disable your security applications >>Here<< or >>Here<<
• Double click zoek.exe to start the program.
• Copy and paste the following script in the code box:
• Note: This script is written for usage on this users computer, do not use it on another computer even if the problems are similar !

installedprogs;
process;
systemspecs;
services-list;
filesrcm;
srinfo;
emptyfolderscheck;
startupall;
firefoxlook;
chromelook;
skipfix-iedefaults;
msconfigcheck;

• Close any open browsers.
• Click the "Run script" button and wait patiently.
• When finished the logfile will be opened in notepad.
• If a reboot is needed the logfile will be opened after reboot.
• The zoek-results.log can also be found on your systemdrive (normally C:\).
• Please post the logfile for further review in your next reply

 

[jontye]

Hi Seedy 21,
Thanks for your reply, The problem with being unable to open files in MS Word seems to have been resolved after running Junkremoval tool /AdwareCleaner. The problem of very slow running of web sites is still there. if not getting worse, constantly getting 'not responding' message, even on this web page.

I've run the Zoek.exe download and the results are attached.

Also told my wife not to do anything with the laptop,other than browse, until we hear back from you

Regards Jontye.


Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by USER on 20/05/2015 at 21:54:51.14.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\USER\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
20/05/2015 22:00:20 Zoek.exe System Restore Point Created Successfully.
==== Empty Folders Check ======================
C:\PROGRA~2\InstallConverter
C:\PROGRA~2\Malwarebytes' Anti-Malware
C:\Program Files\Google
C:\PROGRA~3\AVAST Software
C:\Users\USER\AppData\Roaming\QuickScan
C:\Users\USER\AppData\Roaming\TP
C:\Users\USER\AppData\Local\cache
C:\Users\USER\AppData\Local\StormAlerts
==== Installed Programs ======================
64 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 17 ActiveX
Adobe Reader XI (11.0.11)
Adobe Refresh Manager
Akamai NetSession Interface
Alcor Micro USB Card Reader
Apple Mobile Device Support
ARO 2013
ASUS AI Recovery
ASUS Live Update
ASUS SmartLogon
ASUS Virtual Camera
ATK Generic Function Service
ATK Hotkey
ATK Media
ATKOSD2
Boingo Wi-Fi
BT Desktop Help
BTHomeHub
CCleaner
Choice Guard
Compatibility Pack for the 2007 Office system
ControlDeck
ETDWare PS/2-x64 7.0.5.12_WHQL
Fast Boot
GoToAssist Corporate
Junk Mail filter update
Malwarebytes Anti-Malware version 2.0.4.1028
Microsoft .NET Framework 4.5.2
Microsoft Application Error Reporting
Microsoft Money Plus
Microsoft Money Shared Libraries
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MSVCRT
MSXML 4.0 SP2 P****r and SDK
MSXML 4.0 SP3 P****r (KB2721691)
MSXML 4.0 SP3 P****r (KB2758694)
MSXML 4.0 SP3 P****r (KB973685)
Rapport
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4.5.2 (KB3037581)
SiS VGA Utilities
USB2.0 UVC VGA WebCam
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
WinFlash
Wireless Console 3
==== Running Processes ======================
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\node.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
C:\Program Files\SiS VGA Utilities\SiSTray.exe
C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Users\USER\Desktop\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
==== Services(whitelist) ======================
Powered by E Dev
R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe
R2 - [AFBAgent] - AFBAgent - c:\windows\system32\fbagent.exe
R2 - [ASLDRService] - ASLDR Service - c:\program files (x86)\asus\atk hotkey\asldrsrv.exe
R2 - [ATKGFNEXSrv] - ATKGFNEX Service - c:\program files\atkgfnex\gfnexsrv.exe
R2 - [BT Help Wizard] - BT Help Wizard - c:\program files (x86)\bt broadband desktop help\btbb\ma\8.4.0.53.bt.10\ma\bin\mahostservice.exe
R2 - [cvhsvc] - Client Virtualization Handler - c:\program files (x86)\common files\microsoft shared\virtualization handler\cvhsvc.exe
R2 - [MsMpSvc] - Microsoft Antimalware Service - c:\program files\microsoft security client\msmpeng.exe
R2 - [pcCMService] - pcCMService - c:\program files (x86)\common files\motive\pccmservice.exe
R2 - [pcCMService64] - pcCMService64 - c:\program files\common files\motive\pccmservice.exe
R2 - [sftlist] - Application Virtualization Client - c:\program files (x86)\microsoft application virtualization client\sftlist.exe
R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe
R3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe
R3 - [osppsvc] - Office Software Protection Platform - c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe
R3 - [sftvsa] - Application Virtualization Service Agent - c:\program files (x86)\microsoft application virtualization client\sftvsa.exe
R3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe
R3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe
S2 - [Apple Mobile Device] - Apple Mobile Device - c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe
S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe
S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe
S2 - [RapportMgmtService] - Rapport Management Service - c:\program files (x86)\trusteer\rapport\bin\rapportmgmtservice.exe [x]
S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe
S2 - [UPDATESRV] - BitDefender Desktop Update Service - c:\program files\bitdefender\bitdefender 2012\updatesrv.exe [x]
S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe
S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe
S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
S3 - [ehRecvr] - Windows Media Center Receiver Service - c:\windows\ehome\ehrecvr.exe
S3 - [ehSched] - Windows Media Center Scheduler Service - c:\windows\ehome\ehsched.exe
S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
S3 - [fsssvc] - Windows Live Family Safety - c:\program files (x86)\windows live\family safety\fsssvc.exe
S3 - [GoToAssist] - GoToAssist - c:\program files (x86)\citrix\gotoassist\570\g2aservice.exe
S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe
S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe
S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
S3 - [NisSrv] - Microsoft Network Inspection - c:\program files\microsoft security client\nissrv.exe
S3 - [ose] - Office Source Engine - c:\program files (x86)\common files\microsoft shared\source engine\ose.exe
S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe
S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe
S3 - [Update Server] - BitDefender Update Server v2 - c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [x]
S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe
S3 - [WatAdminSvc] - Windows Activation Technologies Service - c:\windows\system32\wat\watadminsvc.exe
S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe
S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe
S4 - [aspnet_state] - ASP.NET State Service - c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe
S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe
S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe
S4 - [VSSERV] - BitDefender Virus Shield - c:\program files\bitdefender\bitdefender 2012\vsserv.exe [x]
S4 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
==== System Specs ======================
Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 1912 MB
CPU Info: Intel(R) Celeron(R) D CPU 220 @ 1.20GHz
CPU Speed: 1510.9 MHz
Sound Card: Speakers (Realtek High Definiti |
Display Adapters: SiS Mirage 3 Graphics | SiS Mirage 3 Graphics | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: Microsoft Virtual WiFi Miniport Adapter | Realtek PCIe GBE Family Controller | Atheros AR9285 Wireless Network Adapter
CD / DVD Drives: 1x (E: | ) E: HL-DT-STDVDRAM GT32N
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 2 Button Mouse Present
Hard Disks: C: 58.2GB | D: 155.1GB | Q: 0.0MB
Hard Disks - Free: C: 15.2GB | D: 154.9GB | Q: 0.0MB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 01/06/10 | _ASUS_ - 20100106
Time Zone: GMT Standard Time
Motherboard *: ASUS CORPORATION K50C
Country: United Kingdom
Language: ENG
==== System Specs (Software) ======================
Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated)
Anti-Spyware: Microsoft Security Essentials disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Internet Explorer Version: 11.0.9600.17728
Adobe Reader version: 11.0.11.18
==== Files Recently Created / Modified ======================
====== C:\Windows ====
2015-05-19 07:29:57 CA2A8AF1DBAD0F31F9B33A2827DFBC16 207 ----a-w- C:\Windows\tweaking.com-regbackup-USER-PC-Windows-7-Home-Premium-(64-bit).dat
====== C:\Users\USER\AppData\Local\Temp ====
2015-05-19 07:29:14 FDD26A402322F212DCA153FF8B1FFB6E 78816 ----a-w- C:\Users\USER\AppData\Local\Temp\jrt\tweaking.com_registry_backup_portable\pcwintech_tasksch.dll
2015-05-19 07:29:14 DC7A3BC0FC185CD68848DC6F7D7B026B 40960 ----a-w- C:\Users\USER\AppData\Local\Temp\jrt\tweaking.com_registry_backup_portable\SSubTmr6.dll
2015-05-19 07:29:14 D202BAA425176287017FFE1FB5D1B77C 103424 ----a-w- C:\Users\USER\AppData\Local\Temp\jrt\libintl3.dll
2015-05-19 07:29:14 57CAC848FA14AE38F14F9441F8933282 140288 ----a-w- C:\Users\USER\AppData\Local\Temp\jrt\pcre3.dll
2015-05-19 07:29:14 547C43567AB8C08EB30F6C6BACB479A3 79360 ----a-w- C:\Users\USER\AppData\Local\Temp\jrt\regex2.dll
2015-05-19 07:29:13 E0DC8C6BBC787B972A9A468648DBFD85 1008128 ----a-w- C:\Users\USER\AppData\Local\Temp\jrt\libiconv2.dll
2015-05-19 07:29:13 A107DE2D120C0571B544EEC53D1971AB 1406208 ----a-w- C:\Users\USER\AppData\Local\Temp\jrt\tweaking.com_registry_backup_portable\TweakingRegistryBackup.exe
2015-05-19 07:29:13 1B128828BF5E4353811B6DA58156B7F4 6656 ----a-w- C:\Users\USER\AppData\Local\Temp\jrt\tweaking.com_registry_backup_portable\files\dosdev.exe
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
======= C: =====
====== C:\Users\USER\AppData\Roaming ======
2015-05-19 11:45:26 -------- d-----w- C:\Users\USER\AppData\Local\LogMeIn Rescue Applet
2015-05-18 18:55:37 -------- d-----w- C:\Users\USER\AppData\Local\ElevatedDiagnostics
====== C:\Users\USER ======
2015-05-19 07:43:56 33C195F50AAECA7337A7B493359E91F3 2209792 ----a-w- C:\Users\USER\Downloads\adwcleaner_4.204.exe
2015-05-19 07:27:53 E758311867AD3A9D9226576ECFC51CF2 2720186 ----a-w- C:\Users\USER\Downloads\JRT (1).exe
2015-05-19 07:26:09 E758311867AD3A9D9226576ECFC51CF2 2720186 ----a-w- C:\Users\USER\Downloads\JRT.exe
====== C: exe-files ==
=== C: other files ==
======== System Restore Points ========
RP519: 19/05/2015 08:53:47 - Windows Update
RP520: 20/05/2015 21:58:06 - zoek.exe restore point
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_USERS\S-1-5-21-3541754850-2695821152-2261588209-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="C:\Windows\system32\Macromed\Flash\FlashUtil64_17_0_0_169_ActiveX.exe -update activex"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Wireless Console 3"="C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"HControlUser"="C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe"
"CLMLServer"="C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
"ATKOSD2"="C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe"
"ATKMEDIA"="C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe"
"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="C:\Windows\system32\Macromed\Flash\FlashUtil64_17_0_0_169_ActiveX.exe -update activex"
==== Startup Registry Enabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"MSC"="C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"
"ASUS WebStorage"="C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe"
"ETDWare"="%ProgramFiles%\Elantech\ETDCtrl.exe "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"519_13439321549542"="C:\Users\USER\AppData\Local\LOGMEI~1\LMIR0001.tmp_r.bat"
==== Startup Registry Disabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AmIcoSinglun64]
"command"="C:\\Program Files (x86)\\AmIcoSingLun\\AmIcoSinglun64.exe"
"hkey"="HKLM"
"item"="AmIcoSinglun64"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AppleSyncNotifier]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AppleSyncNotifier"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Common Files\\Apple\\Mobile Device Support\\AppleSyncNotifier.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ASUS Screen Saver Protector]
"command"="C:\\Windows\\AsScrPro.exe"
"hkey"="HKLM"
"item"="ASUS Screen Saver Protector"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\btbb_McciTrayApp]
"command"="\"C:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpNotifier.exe\""
"hkey"="HKLM"
"item"="btbb_McciTrayApp"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SiSTray]
"command"="%ProgramFiles%\\SiS VGA Utilities\\SiSTray.exe"
"hkey"="HKLM"
"item"="SiSTray"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Zune Launcher]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Zune Launcher"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Zune\\ZuneLauncher.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
"backup"="C:\\Windows\\pss\\HP Digital Imaging Monitor.lnk.CommonStartup"
"command"=" "
"item"="HP Digital Imaging Monitor"
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\HP Digital Imaging Monitor.lnk"
"backupExtension"=".CommonStartup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SkypeUpdate]

==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [15/04/2015 00:12]
==== Other Scheduled Tasks ======================
"C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\ASUS Live Update" [C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe]
"C:\Windows\SysNative\tasks\ASUS SmartLogon Console Sensor" [C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe]
"C:\Windows\SysNative\tasks\ASUSControlDeck" [C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\{1093C846-1EE7-4D81-8591-3343E834F234}" [E:\SETUP.EXE]
"C:\Windows\SysNative\tasks\{1E5A0F11-ABE4-4CAF-9E76-7F23F9694F6F}" [E:\SETUP.EXE]
"C:\Windows\SysNative\tasks\{22F79F6A-D10C-43C1-8F88-C7AB160D03AC}" ["c:\program files (x86)\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/5.3.0.116....t,google-chrome:notoffered;systemlevelpresent]
"C:\Windows\SysNative\tasks\{2558B993-19CF-47B9-AC68-D54073142D5A}" [E:\SETUP.EXE]
"C:\Windows\SysNative\tasks\{2D9A255D-570A-4CBD-8D1B-16EBBAC97244}" [C:\Users\USER\Downloads\USMoneyBizSunset.exe]
"C:\Windows\SysNative\tasks\{33DF929F-6347-444B-89CA-760FB174763F}" [E:\SETUP.EXE]
"C:\Windows\SysNative\tasks\{568A8A7B-637B-45F4-8B10-9138199CB876}" [E:\SETUP.EXE]
"C:\Windows\SysNative\tasks\{5E030617-A263-4EDD-8889-3BE63D5ADDF3}" [E:\SETUP.EXE]
"C:\Windows\SysNative\tasks\{91CA1C24-61DA-4EDB-ACEC-5B5D7A7D80C4}" ["c:\program files\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/5.1.0.112/...d,google-chrome:offered-installed;madedefault]
"C:\Windows\SysNative\tasks\{A19146D1-0AB1-494F-B59B-D6A690D35126}" [C:\Program Files (x86)\Skype\\Phone\Skype.exe]
"C:\Windows\SysNative\tasks\{CE0C8EBF-1A4C-4520-859D-76694FD3699D}" [E:\SETUP.EXE]
"C:\Windows\SysNative\tasks\{E0164DAC-F928-4A1F-B5DC-AAB86AA242FB}" ["c:\program files (x86)\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/5.5.0.114....t,google-chrome:notoffered;systemlevelpresent]
"C:\Windows\SysNative\tasks\{F17FE1E3-76A7-4C6E-9D81-A65903F84304}" [C:\Program Files (x86)\Samsung\Samsung PC Studio 7\LaunchApplication.exe]
"C:\Windows\SysNative\tasks\{FA878209-E33C-4974-A1A0-687C2DE10B67}" [E:\SETUP.EXE]
"C:\Windows\SysNative\tasks\{FF755179-EF35-4F09-8208-F944CED971CB}" ["c:\program files\internet explorer\iexplore.exe" http://www.skype.com/go/downloading?source=lightinstaller&ver=5.1.0.112&LastError=404]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
==== Chromium Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
edmgmpmklgfbohogafcfobonnkogchec - C:\Program Files (x86)\Common Files\Motive\extensions\MotiveRequest.crx[15/02/2013 16:56]
==== IE Start and Search Settings ======================
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{67A2568C-7A0A-4EED-AECC-B5405DE63B64} Google Url="https://www.google.com/search?q={searchTerms}"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search"
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher deleted successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=0 folders=0 0 bytes)
==== EOF on 20/05/2015 at 22:12:12.77 ======================

 

[seedy21]

Hi jontye

Are you aware that you have GoToAssist Corporate installed on your machine? This software can allow people outside your network to remote control your machine. Some IT Deptments will use software like this to help you.

If you didnt install this software please uninstall it.

Step 1

We need to re-run Zoek

• Close/disable all anti virus and anti malware programs so they do not interfere with the download or execution of Zoek.exe. You can find instructions how to disable your security applications >>Here<< or >>Here<<
• Double click zoek.exe to start the program.
• Copy and paste the following script in the code box:
• Note: This script is written for usage on this users computer, do not use it on another computer even if the problems are similar !

UPDATESRV;u
Update Server;u
VSSERV;u
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce];r64
"519_13439321549542"=-;r64
c:\program files\bitdefender\bitdefender 2012\;fs
c:\program files\common files\bitdefender\;fs
C:\Windows\system32\Tasks\{E5D12496-C098-4DB0-84A6-34F83BA0874E};f
C:\Users\USER\AppData\Local\  LOGMEI~1\LMIR0001.tmp_r.bat;f
C:\Windows\SysNative\tasks\{1093C846-1EE7-4D81-8591-3343E834F234};f
C:\Windows\SysNative\tasks\{1E5A0F11-ABE4-4CAF-9E76-7F23F9694F6F};f
"C:\Windows\SysNative\tasks\{2558B993-19CF-47B9-AC68-D54073142D5A};f
"C:\Windows\SysNative\tasks\{33DF929F-6347-444B-89CA-760FB174763F};f
"C:\Windows\SysNative\tasks\{568A8A7B-637B-45F4-8B10-9138199CB876};f
"C:\Windows\SysNative\tasks\{5E030617-A263-4EDD-8889-3BE63D5ADDF3};f
"C:\Windows\SysNative\tasks\{CE0C8EBF-1A4C-4520-859D-76694FD3699D};f
"C:\Windows\SysNative\tasks\{FA878209-E33C-4974-A1A0-687C2DE10B67};f
services-list;
emptyalltemp;
standardsearch;

• Close any open browsers.
• Click the "Run script" button and wait patiently.
• When finished the logfile will be opened in notepad.
• If a reboot is needed the logfile will be opened after reboot.
• The zoek-results.log can also be found on your systemdrive (normally C:\).
• Please post the logfile for further review in your next reply

Step 2

We need to re-run MalwareBytes Anti-malware

• Double Click to start the program and select Update Now
• Once it has updated select Settings > Detection and Protection >Tick Scan for rootkits
• Go back to the Dashboard and select Scan Now
• If threats are detected, click the Apply Actions button, MBAM will ask for a reboot
• On completion of the scan (or after the reboot) select View Detailed Log
• Select Export > Select text file and save to the desktop.

Please post that log for my review.


Please try your Internet Browser and let me know if the fault still persists.

 

[jontye]

Hi Seedy21, I have followed your instructions but got stuck. I tried to open Zoek.exe and it would not open. I then thought something had gone wrong with it and tried to download it again but it would not fully download. So I then tried to delete the original from the desktop but the message I got was that it could not be deleted because the programme was open. I entered Zoek.exe in the search box but the search could not find the programme. I had no problems with this last night - everything ran smoothly. Please advise. Regards Jontye.

 

[jontye]

Hi Seedy21, I restarted the laptop then retried running Zoek.exe and it worked. The results are attached. I will run a MalwareBytes scan when this is sent. Regards, Jontye

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by USER on 21/05/2015 at 18:42:39.57.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\USER\Desktop\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2015-05-20-211212.log 24376 bytes
==== Running Processes ======================
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe
C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\node.exe
C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
C:\Users\USER\Desktop\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\AsScrPro.exe
C:\Program Files\SiS VGA Utilities\SiSTray.exe
C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
C:\Windows\SysWOW64\cmd.exe
==== Services(whitelist) ======================
Powered by E Dev
R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe
R2 - [AFBAgent] - AFBAgent - c:\windows\system32\fbagent.exe
R2 - [ASLDRService] - ASLDR Service - c:\program files (x86)\asus\atk hotkey\asldrsrv.exe
R2 - [ATKGFNEXSrv] - ATKGFNEX Service - c:\program files\atkgfnex\gfnexsrv.exe
R2 - [BT Help Wizard] - BT Help Wizard - c:\program files (x86)\bt broadband desktop help\btbb\ma\8.4.0.53.bt.10\ma\bin\mahostservice.exe
R2 - [cvhsvc] - Client Virtualization Handler - c:\program files (x86)\common files\microsoft shared\virtualization handler\cvhsvc.exe
R2 - [MsMpSvc] - Microsoft Antimalware Service - c:\program files\microsoft security client\msmpeng.exe
R2 - [pcCMService] - pcCMService - c:\program files (x86)\common files\motive\pccmservice.exe
R2 - [pcCMService64] - pcCMService64 - c:\program files\common files\motive\pccmservice.exe
R2 - [sftlist] - Application Virtualization Client - c:\program files (x86)\microsoft application virtualization client\sftlist.exe
R2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe
R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe
R3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe
R3 - [sftvsa] - Application Virtualization Service Agent - c:\program files (x86)\microsoft application virtualization client\sftvsa.exe
S2 - [Apple Mobile Device] - Apple Mobile Device - c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe
S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe
S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe
S2 - [RapportMgmtService] - Rapport Management Service - c:\program files (x86)\trusteer\rapport\bin\rapportmgmtservice.exe [x]
S2 - [UPDATESRV] - BitDefender Desktop Update Service - c:\program files\bitdefender\bitdefender 2012\updatesrv.exe [x]
S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe
S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe
S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
S3 - [ehRecvr] - Windows Media Center Receiver Service - c:\windows\ehome\ehrecvr.exe
S3 - [ehSched] - Windows Media Center Scheduler Service - c:\windows\ehome\ehsched.exe
S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
S3 - [fsssvc] - Windows Live Family Safety - c:\program files (x86)\windows live\family safety\fsssvc.exe
S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe
S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe
S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
S3 - [NisSrv] - Microsoft Network Inspection - c:\program files\microsoft security client\nissrv.exe
S3 - [ose] - Office Source Engine - c:\program files (x86)\common files\microsoft shared\source engine\ose.exe
S3 - [osppsvc] - Office Software Protection Platform - c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe
S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe
S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe
S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe
S3 - [Update Server] - BitDefender Update Server v2 - c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [x]
S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe
S3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe
S3 - [WatAdminSvc] - Windows Activation Technologies Service - c:\windows\system32\wat\watadminsvc.exe
S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe
S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe
S4 - [aspnet_state] - ASP.NET State Service - c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe
S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe
S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe
S4 - [VSSERV] - BitDefender Virus Shield - c:\program files\bitdefender\bitdefender 2012\vsserv.exe [x]
S4 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
==== Registry Fix Code x64 ======================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"519_13439321549542"=-
==== Deleting Files \ Folders ======================
c:\program files\bitdefender\bitdefender 2012\ not found
"C:\windows\SysNative\Tasks\{E5D12496-C098-4DB0-84A6-34F83BA0874E}" not found
"C:\Users\USER\AppData\Local\ LOGMEI~1\LMIR0001.tmp_r.bat" not found
c:\program files\common files\bitdefender\ deleted
"C:\Windows\SysNative\tasks\{1093C846-1EE7-4D81-8591-3343E834F234}" deleted
"C:\Windows\SysNative\tasks\{1E5A0F11-ABE4-4CAF-9E76-7F23F9694F6F}" deleted
==== System Specs ======================
Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 1912 MB
CPU Info: Intel(R) Celeron(R) D CPU 220 @ 1.20GHz
CPU Speed: 1523.0 MHz
Sound Card: Speakers (Realtek High Definiti |
Display Adapters: SiS Mirage 3 Graphics | SiS Mirage 3 Graphics | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: Microsoft Virtual WiFi Miniport Adapter | Realtek PCIe GBE Family Controller | Atheros AR9285 Wireless Network Adapter
CD / DVD Drives: 1x (E: | ) E: HL-DT-STDVDRAM GT32N
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 2 Button Mouse Present
Hard Disks: C: 58.2GB | D: 155.1GB | Q: 0.0MB
Hard Disks - Free: C: 15.8GB | D: 154.9GB | Q: 0.0MB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 01/06/10 | _ASUS_ - 20100106
Time Zone: GMT Standard Time
Motherboard *: ASUS CORPORATION K50C
Country: United Kingdom
Language: ENG
==== System Specs (Software) ======================
Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated)
Anti-Spyware: Microsoft Security Essentials disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Internet Explorer Version: 11.0.9600.17728
Adobe Reader version: 11.0.11.18
==== Files Recently Created / Modified ======================
====== C:\Windows ====
2015-05-19 07:29:57 CA2A8AF1DBAD0F31F9B33A2827DFBC16 207 ----a-w- C:\Windows\tweaking.com-regbackup-USER-PC-Windows-7-Home-Premium-(64-bit).dat
====== C:\Users\USER\AppData\Local\Temp ====
2015-05-19 07:29:14 FDD26A402322F212DCA153FF8B1FFB6E 78816 ----a-w- C:\Users\USER\AppData\Local\Temp\jrt\tweaking.com_registry_backup_portable\pcwintech_tasksch.dll
2015-05-19 07:29:14 DC7A3BC0FC185CD68848DC6F7D7B026B 40960 ----a-w- C:\Users\USER\AppData\Local\Temp\jrt\tweaking.com_registry_backup_portable\SSubTmr6.dll
2015-05-19 07:29:14 D202BAA425176287017FFE1FB5D1B77C 103424 ----a-w- C:\Users\USER\AppData\Local\Temp\jrt\libintl3.dll
2015-05-19 07:29:14 57CAC848FA14AE38F14F9441F8933282 140288 ----a-w- C:\Users\USER\AppData\Local\Temp\jrt\pcre3.dll
2015-05-19 07:29:14 547C43567AB8C08EB30F6C6BACB479A3 79360 ----a-w- C:\Users\USER\AppData\Local\Temp\jrt\regex2.dll
2015-05-19 07:29:13 E0DC8C6BBC787B972A9A468648DBFD85 1008128 ----a-w- C:\Users\USER\AppData\Local\Temp\jrt\libiconv2.dll
2015-05-19 07:29:13 A107DE2D120C0571B544EEC53D1971AB 1406208 ----a-w- C:\Users\USER\AppData\Local\Temp\jrt\tweaking.com_registry_backup_portable\TweakingRegistryBackup.exe
2015-05-19 07:29:13 1B128828BF5E4353811B6DA58156B7F4 6656 ----a-w- C:\Users\USER\AppData\Local\Temp\jrt\tweaking.com_registry_backup_portable\files\dosdev.exe
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
======= C: =====
====== C:\Users\USER\AppData\Roaming ======
2015-05-19 11:45:26 -------- d-----w- C:\Users\USER\AppData\Local\LogMeIn Rescue Applet
2015-05-18 18:55:37 -------- d-----w- C:\Users\USER\AppData\Local\ElevatedDiagnostics
====== C:\Users\USER ======
2015-05-19 07:43:56 33C195F50AAECA7337A7B493359E91F3 2209792 ----a-w- C:\Users\USER\Downloads\adwcleaner_4.204.exe
2015-05-19 07:27:53 E758311867AD3A9D9226576ECFC51CF2 2720186 ----a-w- C:\Users\USER\Downloads\JRT (1).exe
2015-05-19 07:26:09 E758311867AD3A9D9226576ECFC51CF2 2720186 ----a-w- C:\Users\USER\Downloads\JRT.exe
====== C: exe-files ==
=== C: other files ==
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Wireless Console 3"="C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"HControlUser"="C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe"
"CLMLServer"="C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
"ATKOSD2"="C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe"
"ATKMEDIA"="C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe"
"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
==== Startup Registry Enabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"MSC"="C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"
"ASUS WebStorage"="C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe"
"ETDWare"="%ProgramFiles%\Elantech\ETDCtrl.exe "
==== Startup Registry Disabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AmIcoSinglun64]
"command"="C:\\Program Files (x86)\\AmIcoSingLun\\AmIcoSinglun64.exe"
"hkey"="HKLM"
"item"="AmIcoSinglun64"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ASUS Screen Saver Protector]
"command"="C:\\Windows\\AsScrPro.exe"
"hkey"="HKLM"
"item"="ASUS Screen Saver Protector"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\btbb_McciTrayApp]
"command"="\"C:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpNotifier.exe\""
"hkey"="HKLM"
"item"="btbb_McciTrayApp"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SiSTray]
"command"="%ProgramFiles%\\SiS VGA Utilities\\SiSTray.exe"
"hkey"="HKLM"
"item"="SiSTray"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
"backup"="C:\\Windows\\pss\\HP Digital Imaging Monitor.lnk.CommonStartup"
"command"=" "
"item"="HP Digital Imaging Monitor"
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\HP Digital Imaging Monitor.lnk"
"backupExtension"=".CommonStartup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SkypeUpdate]

==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [15/04/2015 00:12]
==== Other Scheduled Tasks ======================
"C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\ASUS Live Update" [C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe]
"C:\Windows\SysNative\tasks\ASUS SmartLogon Console Sensor" [C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe]
"C:\Windows\SysNative\tasks\ASUSControlDeck" [C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\{22F79F6A-D10C-43C1-8F88-C7AB160D03AC}" ["c:\program files (x86)\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/5.3.0.116....t,google-chrome:notoffered;systemlevelpresent]
"C:\Windows\SysNative\tasks\{2558B993-19CF-47B9-AC68-D54073142D5A}" [E:\SETUP.EXE]
"C:\Windows\SysNative\tasks\{2D9A255D-570A-4CBD-8D1B-16EBBAC97244}" [C:\Users\USER\Downloads\USMoneyBizSunset.exe]
"C:\Windows\SysNative\tasks\{33DF929F-6347-444B-89CA-760FB174763F}" [E:\SETUP.EXE]
"C:\Windows\SysNative\tasks\{568A8A7B-637B-45F4-8B10-9138199CB876}" [E:\SETUP.EXE]
"C:\Windows\SysNative\tasks\{5E030617-A263-4EDD-8889-3BE63D5ADDF3}" [E:\SETUP.EXE]
"C:\Windows\SysNative\tasks\{91CA1C24-61DA-4EDB-ACEC-5B5D7A7D80C4}" ["c:\program files\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/5.1.0.112/...d,google-chrome:offered-installed;madedefault]
"C:\Windows\SysNative\tasks\{A19146D1-0AB1-494F-B59B-D6A690D35126}" [C:\Program Files (x86)\Skype\\Phone\Skype.exe]
"C:\Windows\SysNative\tasks\{CE0C8EBF-1A4C-4520-859D-76694FD3699D}" [E:\SETUP.EXE]
"C:\Windows\SysNative\tasks\{E0164DAC-F928-4A1F-B5DC-AAB86AA242FB}" ["c:\program files (x86)\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/5.5.0.114....t,google-chrome:notoffered;systemlevelpresent]
"C:\Windows\SysNative\tasks\{F17FE1E3-76A7-4C6E-9D81-A65903F84304}" [C:\Program Files (x86)\Samsung\Samsung PC Studio 7\LaunchApplication.exe]
"C:\Windows\SysNative\tasks\{FA878209-E33C-4974-A1A0-687C2DE10B67}" [E:\SETUP.EXE]
"C:\Windows\SysNative\tasks\{FF755179-EF35-4F09-8208-F944CED971CB}" ["c:\program files\internet explorer\iexplore.exe" http://www.skype.com/go/downloading?source=lightinstaller&ver=5.1.0.112&LastError=404]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
==== Chromium Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
edmgmpmklgfbohogafcfobonnkogchec - C:\Program Files (x86)\Common Files\Motive\extensions\MotiveRequest.crx[15/02/2013 16:56]
==== IE Start and Search Settings ======================
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{67A2568C-7A0A-4EED-AECC-B5405DE63B64} Google Url="https://www.google.com/search?q={searchTerms}"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search"
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-3541754850-2695821152-2261588209-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8E5E2654-AD2D-48BF-AC2D-D17F00898D06} deleted successfully
HKEY_USERS\S-1-5-21-3541754850-2695821152-2261588209-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8E5E2654-AD2D-48BF-AC2D-D17F00898D06} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{8E5E2654-AD2D-48BF-AC2D-D17F00898D06} deleted successfully
==== Deleting CLSID Registry Values ======================

==== HijackThis Entries ======================
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Boingo Wi-Fi] "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk"
O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: BT Help Wizard - Alcatel-Lucent - C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: pcCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
O23 - Service: pcCMService64 - Alcatel-Lucent - C:\Program Files\Common Files\Motive\pcCMService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Rapport Management Service (RapportMgmtService) - Unknown owner - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: BitDefender Update Server v2 (Update Server) - Unknown owner - C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe (file missing)
O23 - Service: BitDefender Desktop Update Service (UPDATESRV) - Unknown owner - C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=3 folders=1 7039 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\USER\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\USER\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on 21/05/2015 at 19:06:51.29 ======================

 

[jontye]

Hi Seedy21, here are the 2 logs from the MalwareBytes scan:. The browser seems to be working quicker than it was. I'll continue to test it this evening. Just one point, when I openend MawareBytes, it took at least 90 seconds to open the programme. Regards, Jontye.

Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 21/05/2015
Scan Time: 19:20:42
Logfile: scanlog.txt
Administrator: Yes
Version: 2.01.6.1022
Malware Database: v2015.05.21.03
Rootkit Database: v2015.05.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: USER
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 332542
Time Elapsed: 34 min, 29 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)

(end)

Malwarebytes Anti-Malware
www.malwarebytes.org

Update, 21/05/2015 17:58:33, SYSTEM, USER-PC, Manual, Rootkit Database, 0.0.0.0, 2015.5.16.1,
Update, 21/05/2015 17:58:34, SYSTEM, USER-PC, Manual, Remediation Database, 0.0.0.0, 2015.5.13.1,
Update, 21/05/2015 17:59:00, SYSTEM, USER-PC, Manual, Malware Database, 0.0.0.0, 2015.5.21.2,
Update, 21/05/2015 19:19:13, SYSTEM, USER-PC, Manual, Malware Database, 2015.5.21.2, 2015.5.21.3,
Scan, 21/05/2015 19:55:13, SYSTEM, USER-PC, Manual, Start:21/05/2015 19:20:42, Duration:34 min 29 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,
(end)

 

[seedy21]

Thank you Jontye, Let me know how the machine is running when you have had time to test it.

 

[jontye]

Is it ok to install windows updates now, or should I wait until I've see how the laptop is running .

Jontye.

 

[seedy21]

Is it ok to install windows updates now, or should I wait until I've see how the laptop is running .

Jontye.

I would just test the machine and see how the machine is running.

 

[jontye]

Hi Seedy21. I have tested the machine a few times over the last couple of days. It is still running slow and on occassion still not responding. A few examples are: I firstly had my Gmail open, my FB page and a Local Authority website, all at the same time. On closing the Local Authority site I got the message 'not responding' for my FB page. It took about 45 seconds to load. After closing the FB page and my mail down to come off the internet, the Windows page showed all my programme shortcut logos as blank and the little blue circle was going round for about 30 seconds before the logos loaded properly. I then went back into the internet and it took 50 seconds to load my Google home page, then 30 seconds to load Etsy. Yesterday I went onto Ebay and input a search. It took about 20 seconds to respond. I then asked for the search items in the UK only. This took 112 minutes to start loading, then the screen went pale and I got the same old 'not responding' message. I came out of the internet and tried to load my games page. That took 45 seconds. Today it took 50 seconds from clicking the windows 'welcome' to loading my windows page and all the shortcuts. I clicked to open internet and almost immediately got the 'not responding' message. My home page then took 52 seconds to load. I realise that having more than one thing open at a time can slow down the machine but even with only one internet page open, it is still slow and I wanted to give it a good test before getting back to you. I hope these examples give you an idea of the way the machine is working (or not as the case may be). Regards, Jontye.

 

[seedy21]

Hi Jontye,

Thanks for the update. Lets have another look with another tool.

Step 1

We need to re-run Zoek

• Close/disable all anti virus and anti malware programs so they do not interfere with the download or execution of Zoek.exe
  You can find instructions how to disable your security applications >>Here<< or >>Here<<
• Double click zoek.exe to start the program.
• Copy and paste the following script in the code box:
• Note: This script is written for usage on this users computer, do not use it on another computer even if the problems are similar !

UPDATESRV;s
Update Server;s 
VSSERV;s
services-list;
emptyalltemp;
standardsearch;

• Close any open browsers.
• Click the "Run script" button and wait patiently.
• When finished the logfile will be opened in notepad.
• If a reboot is needed the logfile will be opened after reboot.
• The zoek-results.log can also be found on your systemdrive (normally C:\).
• Please post the logfile for further review in your next reply

Step 2

Please Download Farbar Recovery Scan Tool x64 and save it to your Desktop.

• Double-click the downloaded icon to run the tool.
  
  
  
• When the tool opens click Yes to disclaimer.
  
  
  
• Press Scan button.
  
  
  
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.

 

[jontye]

Hi Seedy, I've followed your instructions and the logs are attached on two posts, the script is to long for one. Jontye


Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by USER on 26/05/2015 at 19:58:52.94.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\USER\Desktop\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2015-05-20-211212.log 24376 bytes
C:\zoek-results2015-05-21-180651.log 29022 bytes
==== Running Processes ======================
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe
C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\node.exe
C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
C:\Program Files\SiS VGA Utilities\SiSTray.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\node.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe
C:\Users\USER\Desktop\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
==== Services(whitelist) ======================
Powered by E Dev
R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe
R2 - [AFBAgent] - AFBAgent - c:\windows\system32\fbagent.exe
R2 - [ASLDRService] - ASLDR Service - c:\program files (x86)\asus\atk hotkey\asldrsrv.exe
R2 - [ATKGFNEXSrv] - ATKGFNEX Service - c:\program files\atkgfnex\gfnexsrv.exe
R2 - [BT Help Wizard] - BT Help Wizard - c:\program files (x86)\bt broadband desktop help\btbb\ma\8.4.0.53.bt.10\ma\bin\mahostservice.exe
R2 - [cvhsvc] - Client Virtualization Handler - c:\program files (x86)\common files\microsoft shared\virtualization handler\cvhsvc.exe
R2 - [MsMpSvc] - Microsoft Antimalware Service - c:\program files\microsoft security client\msmpeng.exe
R2 - [pcCMService] - pcCMService - c:\program files (x86)\common files\motive\pccmservice.exe
R2 - [pcCMService64] - pcCMService64 - c:\program files\common files\motive\pccmservice.exe
R2 - [sftlist] - Application Virtualization Client - c:\program files (x86)\microsoft application virtualization client\sftlist.exe
R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe
R3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe
R3 - [osppsvc] - Office Software Protection Platform - c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe
R3 - [sftvsa] - Application Virtualization Service Agent - c:\program files (x86)\microsoft application virtualization client\sftvsa.exe
S2 - [Apple Mobile Device] - Apple Mobile Device - c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe
S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe
S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe
S2 - [RapportMgmtService] - Rapport Management Service - c:\program files (x86)\trusteer\rapport\bin\rapportmgmtservice.exe [x]
S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe
S2 - [UPDATESRV] - BitDefender Desktop Update Service - c:\program files\bitdefender\bitdefender 2012\updatesrv.exe [x]
S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe
S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe
S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
S3 - [ehRecvr] - Windows Media Center Receiver Service - c:\windows\ehome\ehrecvr.exe
S3 - [ehSched] - Windows Media Center Scheduler Service - c:\windows\ehome\ehsched.exe
S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
S3 - [fsssvc] - Windows Live Family Safety - c:\program files (x86)\windows live\family safety\fsssvc.exe
S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe
S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe
S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
S3 - [NisSrv] - Microsoft Network Inspection - c:\program files\microsoft security client\nissrv.exe
S3 - [ose] - Office Source Engine - c:\program files (x86)\common files\microsoft shared\source engine\ose.exe
S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe
S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe
S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe
S3 - [Update Server] - BitDefender Update Server v2 - c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [x]
S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe
S3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe
S3 - [WatAdminSvc] - Windows Activation Technologies Service - c:\windows\system32\wat\watadminsvc.exe
S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe
S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe
S4 - [aspnet_state] - ASP.NET State Service - c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe
S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe
S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe
S4 - [VSSERV] - BitDefender Virus Shield - c:\program files\bitdefender\bitdefender 2012\vsserv.exe [x]
S4 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UPDATESRV deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\UPDATESRV deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Update Server deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Update Server deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSSERV deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\VSSERV deleted successfully
==== System Specs ======================
Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 1912 MB
CPU Info: Intel(R) Celeron(R) D CPU 220 @ 1.20GHz
CPU Speed: 1523.3 MHz
Sound Card: Speakers (Realtek High Definiti |
Display Adapters: SiS Mirage 3 Graphics | SiS Mirage 3 Graphics | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: Microsoft Virtual WiFi Miniport Adapter | Realtek PCIe GBE Family Controller | Atheros AR9285 Wireless Network Adapter
CD / DVD Drives: 1x (E: | ) E: HL-DT-STDVDRAM GT32N
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 2 Button Mouse Present
Hard Disks: C: 58.2GB | D: 155.1GB | Q: 0.0MB
Hard Disks - Free: C: 15.7GB | D: 154.9GB | Q: 0.0MB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 01/06/10 | _ASUS_ - 20100106
Time Zone: GMT Standard Time
Motherboard *: ASUS CORPORATION K50C
Country: United Kingdom
Language: ENG
==== System Specs (Software) ======================
Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated)
Anti-Spyware: Microsoft Security Essentials disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Internet Explorer Version: 11.0.9600.17728
Adobe Reader version: 11.0.11.18
==== Files Recently Created / Modified ======================
====== C:\Windows ====
2015-05-19 07:29:57 CA2A8AF1DBAD0F31F9B33A2827DFBC16 207 ----a-w- C:\Windows\tweaking.com-regbackup-USER-PC-Windows-7-Home-Premium-(64-bit).dat
====== C:\Users\USER\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
======= C: =====
====== C:\Users\USER\AppData\Roaming ======
2015-05-21 18:03:52 -------- d-----w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp
2015-05-21 18:03:52 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp
2015-05-21 18:03:52 -------- d-----w- C:\Users\Default\AppData\Local\Temp
2015-05-21 18:03:52 -------- d-----w- C:\Users\Default User\AppData\Local\Temp
2015-05-21 18:03:51 -------- d-----w- C:\Users\USER\AppData\Local\Temp
2015-05-19 11:45:26 -------- d-----w- C:\Users\USER\AppData\Local\LogMeIn Rescue Applet
2015-05-18 18:55:37 -------- d-----w- C:\Users\USER\AppData\Local\ElevatedDiagnostics
====== C:\Users\USER ======
2015-05-26 18:49:38 992C71D01586683F3B112C87821065E5 2108928 ----a-w- C:\Users\USER\Desktop\FRST64.exe
2015-05-19 07:43:56 33C195F50AAECA7337A7B493359E91F3 2209792 ----a-w- C:\Users\USER\Downloads\adwcleaner_4.204.exe
2015-05-19 07:27:53 E758311867AD3A9D9226576ECFC51CF2 2720186 ----a-w- C:\Users\USER\Downloads\JRT (1).exe
2015-05-19 07:26:09 E758311867AD3A9D9226576ECFC51CF2 2720186 ----a-w- C:\Users\USER\Downloads\JRT.exe
====== C: exe-files ==
2015-05-26 18:49:38 992C71D01586683F3B112C87821065E5 2108928 ----a-w- C:\Users\USER\Desktop\FRST64.exe
=== C: other files ==
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Wireless Console 3"="C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"HControlUser"="C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe"
"CLMLServer"="C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
"ATKOSD2"="C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe"
"ATKMEDIA"="C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe"
"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
==== Startup Registry Enabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"MSC"="C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"
"ASUS WebStorage"="C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe"
"ETDWare"="%ProgramFiles%\Elantech\ETDCtrl.exe "
==== Startup Registry Disabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AmIcoSinglun64]
"command"="C:\\Program Files (x86)\\AmIcoSingLun\\AmIcoSinglun64.exe"
"hkey"="HKLM"
"item"="AmIcoSinglun64"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ASUS Screen Saver Protector]
"command"="C:\\Windows\\AsScrPro.exe"
"hkey"="HKLM"
"item"="ASUS Screen Saver Protector"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\btbb_McciTrayApp]
"command"="\"C:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpNotifier.exe\""
"hkey"="HKLM"
"item"="btbb_McciTrayApp"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SiSTray]
"command"="%ProgramFiles%\\SiS VGA Utilities\\SiSTray.exe"
"hkey"="HKLM"
"item"="SiSTray"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
"backup"="C:\\Windows\\pss\\HP Digital Imaging Monitor.lnk.CommonStartup"
"command"=" "
"item"="HP Digital Imaging Monitor"
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\HP Digital Imaging Monitor.lnk"
"backupExtension"=".CommonStartup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SkypeUpdate]

==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [Undetermined Task]
==== Other Scheduled Tasks ======================
"C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\ASUS Live Update" [C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe]
"C:\Windows\SysNative\tasks\ASUS SmartLogon Console Sensor" [C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe]
"C:\Windows\SysNative\tasks\ASUSControlDeck" [C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\{22F79F6A-D10C-43C1-8F88-C7AB160D03AC}" ["c:\program files (x86)\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/5.3.0.116....t,google-chrome:notoffered;systemlevelpresent]
"C:\Windows\SysNative\tasks\{2558B993-19CF-47B9-AC68-D54073142D5A}" [E:\SETUP.EXE]
"C:\Windows\SysNative\tasks\{2D9A255D-570A-4CBD-8D1B-16EBBAC97244}" [C:\Users\USER\Downloads\USMoneyBizSunset.exe]
"C:\Windows\SysNative\tasks\{33DF929F-6347-444B-89CA-760FB174763F}" [E:\SETUP.EXE]
"C:\Windows\SysNative\tasks\{568A8A7B-637B-45F4-8B10-9138199CB876}" [E:\SETUP.EXE]
"C:\Windows\SysNative\tasks\{5E030617-A263-4EDD-8889-3BE63D5ADDF3}" [E:\SETUP.EXE]
"C:\Windows\SysNative\tasks\{91CA1C24-61DA-4EDB-ACEC-5B5D7A7D80C4}" ["c:\program files\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/5.1.0.112/...d,google-chrome:offered-installed;madedefault]
"C:\Windows\SysNative\tasks\{A19146D1-0AB1-494F-B59B-D6A690D35126}" [C:\Program Files (x86)\Skype\\Phone\Skype.exe]
"C:\Windows\SysNative\tasks\{CE0C8EBF-1A4C-4520-859D-76694FD3699D}" [E:\SETUP.EXE]
"C:\Windows\SysNative\tasks\{E0164DAC-F928-4A1F-B5DC-AAB86AA242FB}" ["c:\program files (x86)\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/5.5.0.114....t,google-chrome:notoffered;systemlevelpresent]
"C:\Windows\SysNative\tasks\{F17FE1E3-76A7-4C6E-9D81-A65903F84304}" [C:\Program Files (x86)\Samsung\Samsung PC Studio 7\LaunchApplication.exe]
"C:\Windows\SysNative\tasks\{FA878209-E33C-4974-A1A0-687C2DE10B67}" [E:\SETUP.EXE]
"C:\Windows\SysNative\tasks\{FF755179-EF35-4F09-8208-F944CED971CB}" ["c:\program files\internet explorer\iexplore.exe" http://www.skype.com/go/downloading?source=lightinstaller&ver=5.1.0.112&LastError=404]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
==== Chromium Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
edmgmpmklgfbohogafcfobonnkogchec - C:\Program Files (x86)\Common Files\Motive\extensions\MotiveRequest.crx[15/02/2013 16:56]
==== IE Start and Search Settings ======================
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{67A2568C-7A0A-4EED-AECC-B5405DE63B64} Google Url="https://www.google.com/search?q={searchTerms}"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search"
==== HijackThis Entries ======================
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Boingo Wi-Fi] "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk"
O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: BT Help Wizard - Alcatel-Lucent - C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: pcCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
O23 - Service: pcCMService64 - Alcatel-Lucent - C:\Program Files\Common Files\Motive\pcCMService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Rapport Management Service (RapportMgmtService) - Unknown owner - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3VPXIGCT will be deleted at reboot
C:\Users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EO4US0K1 will be deleted at reboot
C:\Users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LVAFRBCA will be deleted at reboot
C:\Users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SD4YW2P2 will be deleted at reboot
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=3 folders=1 7039 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\USER\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\USER\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3VPXIGCT" not found
"C:\Users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EO4US0K1" not found
"C:\Users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LVAFRBCA" not found
"C:\Users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SD4YW2P2" not found
==== EOF on 26/05/2015 at 20:14:49.04 ======================

 

[jontye]

Logs for Recovery scan tool.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-05-2015
Ran by USER (administrator) on USER-PC on 26-05-2015 20:15:48
Running from C:\Users\USER\Desktop
Loaded Profiles: USER (Available Profiles: USER)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(Alcatel-Lucent) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe
(Joyent, Inc) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\node.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
() C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Boingo Wireless, Inc.) C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe

==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-06-10] (ELAN Microelectronic Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8061984 2009-08-12] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd
HKLM\...\Run: [ASUS WebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
HKLM-x32\...\Run: [Boingo Wi-Fi] => C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk [2429 2010-09-22] ()
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1597440 2010-07-02] ()
HKLM-x32\...\Run: [APSDaemon] => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM-x32\...\Run: [NPSStartup] => [X]
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [CLMLServer] => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [6859392 2009-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [170624 2009-08-20] (ASUS)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3541754850-2695821152-2261588209-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search
SearchScopes: HKU\S-1-5-21-3541754850-2695821152-2261588209-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3541754850-2695821152-2261588209-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search
BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll [2008-12-08] (Microsoft Corporation)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-3541754850-2695821152-2261588209-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-3541754850-2695821152-2261588209-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-04] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2012-11-23] (Alcatel-Lucent)
FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll [2012-11-23] (Alcatel-Lucent)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files (x86)\Common Files\Motive\extensions\MotiveRequest.crx [2013-01-11]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () []
R2 BT Help Wizard; C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe [321024 2014-04-09] (Alcatel-Lucent) []
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) []
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [467256 2013-11-11] (Alcatel-Lucent)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) []
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 RapportMgmtService; "C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) []
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) []
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R3 SiS6350; C:\Windows\System32\DRIVERS\SISGRKMD.sys [558080 2009-11-12] (Silicon Integrated Systems Corporation) []
R0 SISAGP; C:\Windows\System32\DRIVERS\SISAGPX.sys [67104 2009-08-01] (Silicon Integrated Systems Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800192 2009-08-20] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [51712 2011-02-18] (Apple, Inc.) []
U4 bdselfpr; No ImagePath
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S1 RapportCerberus_51755; \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_51755.sys [X]
S1 RapportEI64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [X]
S0 RapportKE64; System32\Drivers\RapportKE64.sys [X]
S1 RapportPG64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [X]
U3 tmlwf; No ImagePath
U3 tmwfp; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-05-26 20:15 - 2015-05-26 20:16 - 00012121 _____ () C:\Users\USER\Desktop\FRST.txt
2015-05-26 20:15 - 2015-05-26 20:15 - 00000000 ____D () C:\FRST
2015-05-26 20:10 - 2015-05-26 19:58 - 00024064 _____ () C:\Windows\zoek-delete.exe
2015-05-26 20:00 - 2015-05-21 19:06 - 00029022 _____ () C:\zoek-results2015-05-21-180651.log
2015-05-26 19:49 - 2015-05-26 19:49 - 02108928 _____ (Farbar) C:\Users\USER\Desktop\FRST64.exe
2015-05-21 18:46 - 2015-05-20 22:12 - 00024376 _____ () C:\zoek-results2015-05-20-211212.log
2015-05-21 18:39 - 2015-05-26 20:13 - 00001736 _____ () C:\Windows\PFRO.log
2015-05-20 21:57 - 2015-05-26 20:14 - 00028588 _____ () C:\zoek-results.log
2015-05-20 21:54 - 2015-05-21 18:48 - 00000000 ____D () C:\zoek_backup
2015-05-20 21:42 - 2015-05-20 21:42 - 01308672 _____ () C:\Users\USER\Desktop\zoek.exe
2015-05-19 12:45 - 2015-05-21 18:40 - 00000000 ____D () C:\Users\USER\AppData\Local\LogMeIn Rescue Applet
2015-05-19 08:45 - 2015-05-19 08:56 - 00000000 ____D () C:\AdwCleaner
2015-05-19 08:43 - 2015-05-19 08:48 - 02209792 _____ () C:\Users\USER\Downloads\adwcleaner_4.204.exe
2015-05-19 08:37 - 2015-05-19 10:31 - 00001873 _____ () C:\Users\USER\Desktop\JRT.txt
2015-05-19 08:29 - 2015-05-19 08:29 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-USER-PC-Windows-7-Home-Premium-(64-bit).dat
2015-05-19 08:29 - 2015-05-19 08:29 - 00000000 ____D () C:\RegBackup
2015-05-19 08:27 - 2015-05-19 08:27 - 02720186 _____ (Thisisu) C:\Users\USER\Downloads\JRT (1).exe
2015-05-19 08:26 - 2015-05-19 08:28 - 02720186 _____ (Thisisu) C:\Users\USER\Downloads\JRT.exe
2015-05-18 22:15 - 2015-05-26 20:14 - 00000280 _____ () C:\Windows\setupact.log
2015-05-18 22:15 - 2015-05-18 22:15 - 00000000 _____ () C:\Windows\setuperr.log
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-05-26 20:14 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-26 20:11 - 2013-03-07 16:07 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-26 20:11 - 2011-03-18 20:44 - 00000000 ____D () C:\Users\USER\AppData\Roaming\SoftGrid Client
2015-05-26 20:11 - 2010-09-22 01:00 - 01311372 _____ () C:\Windows\WindowsUpdate.log
2015-05-24 17:40 - 2009-07-14 05:45 - 00019056 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-24 17:40 - 2009-07-14 05:45 - 00019056 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-21 19:20 - 2014-07-14 16:41 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-20 10:34 - 2011-03-12 16:39 - 00045896 _____ () C:\Users\USER\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-19 19:18 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-05-18 22:31 - 2014-12-23 10:34 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-18 22:14 - 2015-04-14 20:19 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-18 22:14 - 2014-07-14 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-18 22:14 - 2014-07-14 16:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-18 22:14 - 2013-03-23 23:46 - 00000000 ____D () C:\Windows\pss
2015-05-18 22:14 - 2010-09-22 01:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SiS VGA Utilities
2015-05-18 22:14 - 2010-09-22 01:37 - 00000000 ____D () C:\Program Files\SiS VGA Utilities
2015-05-18 22:14 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-18 22:14 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2015-05-18 22:14 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
==================== Files in the root of some directories =======
2013-06-05 20:10 - 2013-06-05 20:10 - 4096000 _____ () C:\Program Files (x86)\GUT3016.tmp
2010-07-08 10:37 - 2010-07-08 10:37 - 0101544 _____ () C:\Program Files\Common Files\LinkInstaller.exe
2012-05-21 20:58 - 2012-05-21 20:58 - 0003584 _____ () C:\Users\USER\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-03-14 20:40 - 2012-03-14 20:40 - 0309251 _____ () C:\ProgramData\1331753412.bdinstall.bin
2013-03-15 10:52 - 2013-03-15 10:52 - 0449941 _____ () C:\ProgramData\1363340704.bdinstall.bin
2013-03-15 10:56 - 2013-03-15 10:56 - 0013059 _____ () C:\ProgramData\1363341366.bdinstall.bin
2013-03-15 10:56 - 2013-03-15 10:56 - 0013059 _____ () C:\ProgramData\1363341383.bdinstall.bin
2013-03-15 11:16 - 2013-03-15 11:16 - 0086494 _____ () C:\ProgramData\1363341871.bdinstall.bin
2014-05-12 14:31 - 2014-05-12 14:31 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-05-14 19:11 - 2012-03-14 20:24 - 0075273 _____ () C:\ProgramData\bdinstall.bin
2011-03-12 18:28 - 2011-03-12 18:28 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2010-09-22 01:26 - 2009-12-24 13:38 - 0131368 _____ () C:\ProgramData\FullRemove.exe
2011-06-08 21:48 - 2014-05-13 14:56 - 0006887 _____ () C:\ProgramData\hpzinstall.log
2012-02-25 21:17 - 2012-02-26 15:37 - 0001515 _____ () C:\ProgramData\search_result.xml
2010-09-22 01:20 - 2010-09-22 01:21 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-09-22 01:19 - 2010-09-22 01:20 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-05-12 15:04
==================== End of log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-05-2015
Ran by USER at 2015-05-26 20:17:56
Running from C:\Users\USER\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-3541754850-2695821152-2261588209-500 - Administrator - Disabled)
Guest (S-1-5-21-3541754850-2695821152-2261588209-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3541754850-2695821152-2261588209-1002 - Limited - Enabled)
USER (S-1-5-21-3541754850-2695821152-2261588209-1000 - Administrator - Enabled) => C:\Users\USER
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Disabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Disabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.1860 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.0.32.18 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-3541754850-2695821152-2261588209-1000\...\Akamai) (Version: - Akamai Technologies, Inc)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{A7B8A5E9-CA44-44A0-9393-9EA0FFE4C3FB}) (Version: 1.6.17.25401 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.6.17.25401 - Alcor Micro Corp.) Hidden
Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.)
ARO 2013 (HKLM\...\ARO 2013_is1) (Version: 8.0 - Support.com)
ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.10 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0008 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.19 - asus)
ATK Generic Function Service (HKLM-x32\...\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}) (Version: 1.00.0008 - ATK)
ATK Hotkey (HKLM-x32\...\{7C05592D-424B-46CB-B505-E0013E8E75C9}) (Version: 1.0.0052 - ASUS)
ATK Media (HKLM-x32\...\{D1E5870E-E3E5-4475-98A6-ADD614524ADF}) (Version: 2.0.0006 - ASUS)
ATKOSD2 (HKLM-x32\...\{3B05F2FB-745B-4012-ADF2-439F36B2E70B}) (Version: 7.0.0006 - ASUS)
Boingo Wi-Fi (HKLM-x32\...\{B653A2EC-D816-4498-A4FD-651047AB9DC9}) (Version: 1.7.0048 - Boingo Wireless, Inc.)
BT Desktop Help (HKLM-x32\...\BT Desktop Help) (Version: - )
BTHomeHub (HKLM-x32\...\BTHomeHub) (Version: - British Telecommunications Plc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.7 - ASUS)
ETDWare PS/2-x64 7.0.5.12_WHQL (HKLM\...\Elantech) (Version: 7.0.5.12 - ELAN Microelectronics Corp.)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.5 - ASUS)
GoToAssist Corporate (x32 Version: 9.0.570 - Citrix) Hidden
Junk Mail filter update (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Money Plus (HKLM-x32\...\Money2008b) (Version: 17 - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 P****r and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 P****r (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 P****r (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 P****r (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Rapport (HKLM-x32\...\Rapport_msi) (Version: 3.5.1208.34 - Trusteer)
Rapport (Version: 3.5.1201.94 - Trusteer) Hidden
Rapport (x32 Version: 3.5.1208.34 - Trusteer) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0008 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5915 - Realtek Semiconductor Corp.)
SiS VGA Utilities (HKLM\...\SiS VGA Utilities) (Version: 5.24T - Silicon Integrated Systems Corporation)
USB2.0 UVC VGA WebCam (HKLM\...\USB2.0 UVC VGA WebCam) (Version: 5.8.54000.205 - Sonix)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.30.2 - ASUS)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.17 - ASUS)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================
19-05-2015 08:53:47 Windows Update
20-05-2015 21:58:06 zoek.exe restore point
22-05-2015 10:13:37 Windows Update
26-05-2015 20:01:18 Windows Update
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0173B4CC-718B-47B9-BEA0-40DA8B5DFB55} - System32\Tasks\{7054C847-7F9C-439C-BEC0-A503A5F3DD2F} => pcalua.exe -a "C:\Users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C3H1KRXD\USMoneyDlxSunset.exe" -d C:\Users\USER\Desktop
Task: {0B19C0A4-03AE-415E-B913-3E7E81C53C01} - System32\Tasks\{33DF929F-6347-444B-89CA-760FB174763F} => E:\SETUP.EXE
Task: {0FF8BFED-1AAB-40D1-A233-5DB6EDD78337} - System32\Tasks\{D9C7AFBF-B909-49CF-81CB-23F6B5537E8E} => pcalua.exe -a C:\Users\USER\Downloads\USMoneyBizSunset.exe -d C:\Users\USER\Desktop
Task: {10032674-9D51-4317-8BE4-860374BAFF18} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {13FF278A-CD23-4F7C-94FE-35339B04D2F4} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe [2010-05-17] (asus)
Task: {29F3FD9C-AF6E-458F-BE3C-8A2879CA1192} - System32\Tasks\{5E030617-A263-4EDD-8889-3BE63D5ADDF3} => E:\SETUP.EXE
Task: {323B4AD5-A833-4E1F-814C-C4E72EFFD396} - System32\Tasks\{F17FE1E3-76A7-4C6E-9D81-A65903F84304} => C:\Program Files (x86)\Samsung\Samsung PC Studio 7\LaunchApplication.exe
Task: {3BA839D4-04BA-4F47-9C6B-3A4CF293BD23} - System32\Tasks\{2558B993-19CF-47B9-AC68-D54073142D5A} => E:\SETUP.EXE
Task: {3E419FCC-704F-4307-ABCC-4DAF07C8F53F} - \{1093C846-1EE7-4D81-8591-3343E834F234} No Task File <==== ATTENTION
Task: {56B902D7-170F-4F81-B4DF-16D10155AB04} - System32\Tasks\{22F79F6A-D10C-43C1-8F88-C7AB160D03AC} => Iexplore.exe http://ui.skype.com/ui/0/5.3.0.116....t,google-chrome:notoffered;systemlevelpresent
Task: {5ABB26E8-8F81-4562-BB61-E9060B634546} - System32\Tasks\{FF755179-EF35-4F09-8208-F944CED971CB} => Iexplore.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=5.1.0.112&LastError=404
Task: {7A216F5E-DAAF-40C1-BE5B-C3361D225F7B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {7FB278C4-5DAB-4745-BA94-B1EB963F60B4} - System32\Tasks\{91CA1C24-61DA-4EDB-ACEC-5B5D7A7D80C4} => Iexplore.exe http://ui.skype.com/ui/0/5.1.0.112/...d,google-chrome:offered-installed;madedefault
Task: {8126D4D5-6171-4BA0-9248-9FFCD1641652} - System32\Tasks\{FA878209-E33C-4974-A1A0-687C2DE10B67} => E:\SETUP.EXE
Task: {84757E3D-4DE8-4732-A3DD-7AEB980B5D8F} - System32\Tasks\{CE0C8EBF-1A4C-4520-859D-76694FD3699D} => E:\SETUP.EXE
Task: {8660BED7-0EFC-4E3D-B6C7-8016F3C8927A} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {941F848E-32C2-41E1-9B06-2A2B2F8238D2} - \{1E5A0F11-ABE4-4CAF-9E76-7F23F9694F6F} No Task File <==== ATTENTION
Task: {9444B87C-8EEA-45B3-A685-3A01E374B5CF} - System32\Tasks\{568A8A7B-637B-45F4-8B10-9138199CB876} => E:\SETUP.EXE
Task: {96451FEE-CF72-4141-B56C-60634BF085E1} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {B5DBCF4B-10B0-4BF4-BA83-B6D13D5CF40A} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {BCBCF914-E68B-453D-B8A1-F98A0253B3B3} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-07-31] (ASUS)
Task: {CA39D8B8-AB18-402E-9144-2F41B324C729} - System32\Tasks\{E0164DAC-F928-4A1F-B5DC-AAB86AA242FB} => Iexplore.exe http://ui.skype.com/ui/0/5.5.0.114....t,google-chrome:notoffered;systemlevelpresent
Task: {DD041FBC-8CD4-48D3-946C-C055F3FB3540} - System32\Tasks\{2D9A255D-570A-4CBD-8D1B-16EBBAC97244} => C:\Users\USER\Downloads\USMoneyBizSunset.exe [2014-01-12] (Microsoft Corporation)
Task: {DF495EAB-4049-4CD0-9745-4DF954DE0CB3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {F0F34095-9FA0-4C44-B5DC-F03D5C3DA92D} - System32\Tasks\{A19146D1-0AB1-494F-B59B-D6A690D35126} => C:\Program Files (x86)\Skype\\Phone\Skype.exe
Task: {F3D70838-8143-416F-BA4E-FA751C2C5B3B} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {FCB40258-F061-4137-8B88-1A0AFDEC2C0E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (Whitelisted) ==============
2010-09-22 01:36 - 2007-08-08 08:08 - 00094208 _____ () C:\Program Files\ATKGFNEX\GFNEXSrv.exe
2010-09-22 01:42 - 2007-11-30 19:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
2008-08-14 04:59 - 2008-08-14 04:59 - 00301624 _____ () C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
2010-07-02 21:36 - 2010-07-02 21:36 - 01597440 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2013-11-07 18:58 - 2013-11-07 18:58 - 00244736 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\motive-activex-wrapper\build\Release\NodeActiveXWrapper.node
2013-11-07 18:58 - 2013-11-07 18:58 - 00271360 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\motive-osbridge\build\Release\MotiveOSBridgeNodeModule.node
2013-11-07 18:57 - 2013-11-07 18:57 - 00237056 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\motive-xmpps\build\Release\MotiveXMPPSNode.node
2013-04-24 08:55 - 2013-04-24 08:55 - 01581056 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\libxmljs\build\Release\xmljs.node
2013-04-18 17:55 - 2013-04-18 17:55 - 00068608 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\dnode\node_modules\weak\build\Release\weakref.node
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\S-1-5-21-3541754850-2695821152-2261588209-1000\...\systweak.com -> www.systweak.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3541754850-2695821152-2261588209-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\USER\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupreg: AmIcoSinglun64 => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: btbb_McciTrayApp => "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe"
MSCONFIG\startupreg: SiSTray => %ProgramFiles%\SiS VGA Utilities\SiSTray.exe
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{33E008EB-E7A5-48A7-9FEE-4669B06DB3E5}] => (Allow) LPort=5353
FirewallRules: [{79313BBF-BAC3-4A43-9B6D-57BCCF9852DA}] => (Allow) LPort=8182
FirewallRules: [{3ABDBAA1-F0EF-46ED-A06F-9C4A04FD7E38}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{30633164-EDC7-4F3B-B161-A585E1EF55F4}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{1D0BAA57-E691-4740-B523-BF1B5F12D17E}] => (Allow) svchost.exe
FirewallRules: [{7F1BF30F-C62B-425A-B9DC-DDAEADB71BCC}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [TCP Query User{8E9CC859-7900-4C12-8341-44F3F99B0E16}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe] => (Block) C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe
FirewallRules: [UDP Query User{0A7B7F47-A12C-4732-A3C8-FA680BB3192C}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe] => (Block) C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe
FirewallRules: [{3FE4E741-84F5-44B2-A4E2-6DC7831353CF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{893BB79F-99CD-42DB-B96E-8BCF098E5D67}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{36A54B37-0C64-4DAE-BEC4-D9B6C4925F6D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{9309D524-BEA7-4B6B-A45F-69773069AD5D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{4C7271A6-70AA-48CA-8A8C-981363C023EB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{51F3E621-0A59-49CC-AF08-B3C77CF0D3E4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{A52CBB80-ECB4-435B-9583-99A6615ED83B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{CC34E1BA-5910-48BC-9707-08FE4BEE4EF9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{B3A1D0D2-78AF-4035-82E7-233456C4BA22}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{4D04732A-DB65-41D5-A43F-F34E88D8B98F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{D23D6529-F089-4CD4-B500-FBBC488B33C0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{EF2F415C-DDA0-4BA5-BA8B-66193EFDA0DE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{9D2138B8-6280-49CA-A6C4-240685F6D3E8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{F362099B-4E01-4606-B1C3-261FB563E85C}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{9777B4F5-0C00-4C1E-AD6F-253E3D282336}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{DF749126-B967-4174-8BF8-972BD7170C4B}] => (Allow) C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsasvr.exe
FirewallRules: [{F23294E4-F0BB-4EAD-BECE-8D7264C4C2B9}] => (Allow) C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsasvr.exe
FirewallRules: [{48758D19-4365-45F6-9D30-94D059141E49}] => (Allow) C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsvsvr.exe
FirewallRules: [{E8673CEA-C924-4587-B233-472B9B3CA7C6}] => (Allow) C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsvsvr.exe
FirewallRules: [TCP Query User{09594A55-4758-48B6-AD73-245A867D01D5}C:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe] => (Block) C:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe
FirewallRules: [UDP Query User{07AEA663-D535-40DE-9780-EF828CE868E3}C:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe] => (Block) C:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe
FirewallRules: [{B5BB6B13-337A-4B5E-9DC3-970FBAFB1CD6}] => (Allow) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.3.1.7.bt.1.3\ma\bin\node.exe
FirewallRules: [{50B76C60-4E05-44BE-A6FF-BD98563864E1}] => (Allow) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.3.1.7.bt.1.3\ma\bin\node.exe
FirewallRules: [TCP Query User{47087B00-3536-494C-B046-FFE28BB388B6}C:\program files (x86)\bt broadband desktop help\btbb\ma\8.3.1.7.bt.1.3\ma\bin\node.exe] => (Block) C:\program files (x86)\bt broadband desktop help\btbb\ma\8.3.1.7.bt.1.3\ma\bin\node.exe
FirewallRules: [UDP Query User{DFB05B70-11DD-455A-B30F-A66629D9047D}C:\program files (x86)\bt broadband desktop help\btbb\ma\8.3.1.7.bt.1.3\ma\bin\node.exe] => (Block) C:\program files (x86)\bt broadband desktop help\btbb\ma\8.3.1.7.bt.1.3\ma\bin\node.exe
FirewallRules: [TCP Query User{07B1EC03-B209-4A23-83B6-195C2D2D3459}C:\users\user\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\user\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{E4C7C2B3-0239-4823-B169-D222C2430F49}C:\users\user\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\user\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{1696F0B9-037D-49C4-BE6C-65CD2C37DD67}C:\users\user\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\user\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{79FCC80F-BAE0-4775-94A3-81DAB77EDFAE}C:\users\user\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\user\appdata\local\akamai\netsession_win.exe
FirewallRules: [{216A196C-CA71-4FF1-BB0F-C6E4B22AF210}] => (Allow) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe
FirewallRules: [{783E8E44-DC83-4ECC-95A7-209D2989F7DF}] => (Allow) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe
FirewallRules: [{362C9715-D3E7-414E-A20B-23DFEF6F07FA}] => (Allow) C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
FirewallRules: [{FC739636-A4B4-462D-80B5-62F672E50853}] => (Allow) C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
FirewallRules: [{F897346B-11CF-4516-9C08-3968CB329948}] => (Allow) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\node.exe
FirewallRules: [{AADDC468-6DE1-439D-832C-5CD76B56FCCA}] => (Allow) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\node.exe
==================== Faulty Device Manager Devices =============
Name: RapportCerberus_51755
Description: RapportCerberus_51755
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: RapportCerberus_51755
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: RapportEI64
Description: RapportEI64
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: RapportEI64
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: RapportPG64
Description: RapportPG64
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: RapportPG64
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================
Application errors:
==================
Error: (05/26/2015 08:14:14 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (05/26/2015 08:01:53 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service BitDefender Virus Shield since QueryServiceConfig API failed
System Error:
The system cannot find the file specified.
.
Error: (05/26/2015 08:01:53 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service BitDefender Desktop Update Service since QueryServiceConfig API failed
System Error:
The system cannot find the file specified.
.
Error: (05/26/2015 08:01:53 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service BitDefender Update Server v2 since QueryServiceConfig API failed
System Error:
The system cannot find the file specified.
.
Error: (05/26/2015 07:16:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17728 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1064
Start Time: 01d097dccf8b5c86
Termination Time: 0
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Report Id:
Error: (05/21/2015 07:06:26 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (05/21/2015 06:39:53 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (05/21/2015 05:11:48 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
Error: (05/20/2015 01:48:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17728 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1210
Start Time: 01d092f89b17641d
Termination Time: 1623
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Report Id:
Error: (05/19/2015 07:10:41 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.

System errors:
=============
Error: (05/26/2015 08:14:37 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
RapportKE64
Error: (05/26/2015 08:14:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Apple Mobile Device service failed to start due to the following error:
%%14001
Error: (05/26/2015 08:14:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Rapport Management Service service failed to start due to the following error:
%%2
Error: (05/26/2015 08:12:28 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.
Error: (05/26/2015 08:01:34 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (05/26/2015 08:01:32 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (05/26/2015 08:01:31 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (05/26/2015 08:01:30 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (05/26/2015 08:01:29 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (05/26/2015 08:01:28 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Microsoft Office:
=========================
Error: (05/26/2015 08:14:14 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
Error: (05/26/2015 08:01:53 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service BitDefender Virus Shield since QueryServiceConfig API failed
System Error:
The system cannot find the file specified.
Error: (05/26/2015 08:01:53 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service BitDefender Desktop Update Service since QueryServiceConfig API failed
System Error:
The system cannot find the file specified.
Error: (05/26/2015 08:01:53 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service BitDefender Update Server v2 since QueryServiceConfig API failed
System Error:
The system cannot find the file specified.
Error: (05/26/2015 07:16:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17728106401d097dccf8b5c860C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Error: (05/21/2015 07:06:26 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
Error: (05/21/2015 06:39:53 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
Error: (05/21/2015 05:11:48 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
Error: (05/20/2015 01:48:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17728121001d092f89b17641d1623C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Error: (05/19/2015 07:10:41 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe

CodeIntegrity Errors:
===================================
Date: 2013-03-14 13:28:47.821
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BitDefender\Bitdefender 2012\Active Virus Control\Avc3_00185_050\avcuf64.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-03-14 12:10:44.820
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BitDefender\Bitdefender 2012\Active Virus Control\Avc3_00185_050\avcuf64.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-03-14 11:46:11.610
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BitDefender\Bitdefender 2012\Active Virus Control\Avc3_00185_050\avcuf64.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-03-14 00:04:50.307
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BitDefender\Bitdefender 2012\Active Virus Control\Avc3_00185_050\avcuf64.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-03-13 23:55:12.275
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BitDefender\Bitdefender 2012\Active Virus Control\Avc3_00185_050\avcuf64.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-03-13 23:26:19.764
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BitDefender\Bitdefender 2012\Active Virus Control\Avc3_00185_050\avcuf64.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-03-13 23:20:20.511
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BitDefender\Bitdefender 2012\Active Virus Control\Avc3_00185_050\avcuf64.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-03-13 23:13:05.098
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BitDefender\Bitdefender 2012\Active Virus Control\Avc3_00185_050\avcuf64.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-03-13 22:47:58.082
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BitDefender\Bitdefender 2012\Active Virus Control\Avc3_00185_050\avcuf64.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-03-13 20:03:41.734
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BitDefender\Bitdefender 2012\Active Virus Control\Avc3_00182_049\avcuf64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================
Processor: Intel(R) Celeron(R) D CPU 220 @ 1.20GHz
Percentage of memory in use: 51%
Total physical RAM: 1911.62 MB
Available physical RAM: 932.8 MB
Total Pagefile: 3823.23 MB
Available Pagefile: 2680.27 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:58.22 GB) (Free:15.58 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:155.13 GB) (Free:154.95 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: E0C5913D)
Partition 1: (Not Active) - (Size=19.5 GB) - (Type=1C)
Partition 2: (Active) - (Size=58.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=155.1 GB) - (Type=OF Extended)
==================== End of log ============================

 

[seedy21]

Hi Jontye,

Step 1

Open notepad. Please copy the contents of the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it on the Desktop as fixlist.txt

CloseProcesses:
HKLM-x32\...\Run: [NPSStartup] => [X]
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
Toolbar: HKU\S-1-5-21-3541754850-2695821152-2261588209-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-3541754850-2695821152-2261588209-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
U4 bdselfpr; No ImagePath
U3 tmlwf; No ImagePath
U3 tmwfp; No ImagePath
Task: {3E419FCC-704F-4307-ABCC-4DAF07C8F53F} - \{1093C846-1EE7-4D81-8591-3343E834F234} No Task File <==== ATTENTION
Task: {941F848E-32C2-41E1-9B06-2A2B2F8238D2} - \{1E5A0F11-ABE4-4CAF-9E76-7F23F9694F6F} No Task File <==== ATTENTION
CMD: ipconfig /flushdns
EmptyTemp:
Reboot:

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the desktop (Fixlog.txt) please post it to your reply.

Step 2

Perform an Online Antivirus Scan with ESET:


Note:ESET recommends disabling your resident antivirus's active protection component BEFORE scanning , how to do so can be read here. Use Internet Explorer to navigate to the scanner website because you must approve install an ActiveX add-on to complete the scan. If you are using Vista or Windows 7 or 8, launch Internet Explorer by right-clicking the Start Menu icon & selecting "Run as Administrator".

Please go here then click on Run ESET ONLINE SCANNER
Select the option YES, I accept the Terms of Use then click on START
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is checked.
Now click on Advanced Settings and select the following:


Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology

Now click on START
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.



When the scan is complete,

If no threats were found:

Check in "Uninstall application on close"
Close program


If threats were found:

Select "list of threats found"
Select "Export to Text File" & Save the Report to your Desktop as ESETScanLog"
Select Back
Place a checkmark in "Uninstall application on close"
Select Finish & Exit the program
Copy and paste ESETScanLog.txt in your next reply

 

[jontye]

Hi Seedy21, I've followed the instructions for step 1, the log is attached.
When I've tried step 2 I hit a problem,
I closed down MS Security Essentials,
right clicked on IE icon,
clicked 'run as administrator'
ticked the request permissiom box,
IE opened,
nothing appeared regarding 'run eset online scanner.
Tried three times, same result.
Help please. jontye

Fix result of Farbar Recovery Scan Tool (x64) Version: 26-05-2015
Ran by USER at 2015-05-27 19:12:43 Run:1
Running from C:\Users\USER\Desktop
Loaded Profiles: USER (Available Profiles: USER)
Boot Mode: Normal
==============================================
fixlist content:
*****************
CloseProcesses:
HKLM-x32\...\Run: [NPSStartup] => [X]
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
Toolbar: HKU\S-1-5-21-3541754850-2695821152-2261588209-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-3541754850-2695821152-2261588209-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File
U4 bdselfpr; No ImagePath
U3 tmlwf; No ImagePath
U3 tmwfp; No ImagePath
Task: {3E419FCC-704F-4307-ABCC-4DAF07C8F53F} - \{1093C846-1EE7-4D81-8591-3343E834F234} No Task File <==== ATTENTION
Task: {941F848E-32C2-41E1-9B06-2A2B2F8238D2} - \{1E5A0F11-ABE4-4CAF-9E76-7F23F9694F6F} No Task File <==== ATTENTION
CMD: ipconfig /flushdns
EmptyTemp:
Reboot:
*****************
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\NPSStartup => value Removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => key Removed successfully
HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => key not found.
HKU\S-1-5-21-3541754850-2695821152-2261588209-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value Removed successfully
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => key not found.
HKU\S-1-5-21-3541754850-2695821152-2261588209-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value Removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
"HKCR\PROTOCOLS\Handler\skype4com" => key Removed successfully
HKCR\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} => key not found.
bdselfpr => Service Removed successfully
tmlwf => Service Removed successfully
tmwfp => Service Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3E419FCC-704F-4307-ABCC-4DAF07C8F53F}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E419FCC-704F-4307-ABCC-4DAF07C8F53F}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1093C846-1EE7-4D81-8591-3343E834F234}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{941F848E-32C2-41E1-9B06-2A2B2F8238D2}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{941F848E-32C2-41E1-9B06-2A2B2F8238D2}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1E5A0F11-ABE4-4CAF-9E76-7F23F9694F6F}" => key Removed successfully
========= ipconfig /flushdns =========

Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End of CMD: =========
EmptyTemp: => Removed 12.5 MB temporary data.

The system needed a reboot.
==== End of Fixlog 19:14:06 ====

 

[seedy21]

Hi Jontye

Yes I can see the issue, its removed my link.

The link address is http://www.eset.com/int/home//products/online-scanner/

 

[jontye]

Hi Seedy, this time I got as far as, run ESET ONLINE SCANNER, ticked the yes box and start, it then asked to install add-on Online Scanner.cab, not Active X. So I cancelled and came out of the site.
Jontye.

 

[seedy21]

Thank you Jontye. Looks like they have moved onto Online Scanner.cab . Can you continue running Eset Online Scanner for me?

 

[jontye]

Hi Seedy21, Just run the ESET ONLINE SCANNER, no threats found. Jontye.