[Clean] Asus X5DC laptop running very slow.

jontye · May 19, 2015

Hi, My wifes Asus laptop is running very, very slow, not opening files in MS Word, not being able to find files in MS Word, web pages taking an age to load then getting a 'not responding' message.

Reading through previous threads I came across the advice regarding using Junkware Removal Tool and AdwCleaner (Xplode), I've used these two downloads, reports from both attached, and although there has been some improvement, in the main the problems still continue.

Could you please advise on what action to take next.

# AdwCleaner v4.204 - Logfile created 19/05/2015 at 08:55:33

# Updated 12/05/2015 by Xplode

# Database : 2015-05-12.2 [Local]

# Operating system : Windows 7 Home Premium Service Pack 1 (x64)

# Username : USER - USER-PC

# Running from : C:\Users\USER\Downloads\adwcleaner_4.204.exe

# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

File Deleted : C:\USERs\USER\daemonprocess.txt

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Mobogenie.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKLM\SOFTWARE\Conduit

Key Deleted : HKLM\SOFTWARE\InstallCore

Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17728

*************************

AdwCleaner[R0].txt - [1990 bytes] - [19/05/2015 08:45:33]

AdwCleaner[R1].txt - [1990 bytes] - [19/05/2015 08:49:13]

AdwCleaner[s0].txt - [1898 bytes] - [19/05/2015 08:55:33]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1957 bytes] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.7.3 (05.18.2015:1)

OS: Windows 7 Home Premium x64

Ran by USER on 19/05/2015 at 8:29:33.13

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

Successfully stopped: [service] util browsesmart

Successfully deleted: [service] util browsesmart

~~~ Tasks

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\\DisplayName

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\\URL

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\APN PIP

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\PIP

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update BrowseSmart

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Util BrowseSmart

~~~ Files

Successfully deleted: [File] C:\Windows\syswow64\shoD55A.tmp

Successfully deleted: [File] C:\Users\USER\AppData\Roaming\microsoft\internet explorer\quick launch\check pc for errors.lnk

~~~ Folders

Successfully deleted: [Folder] C:\Program Files (x86)\mobogenie

Successfully deleted: [Folder] C:\ProgramData\partner

Successfully deleted: [Folder] C:\Users\USER\appdata\local\genienext

Successfully deleted: [Folder] C:\Users\USER\appdata\local\mobogenie

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 19/05/2015 at 8:37:03.10

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Regards Jontye

seedy21 · May 20, 2015

Hello Jontye

I'm Seedy21 and I will be helping you with your issues.

Please note the following information about the malware forum:

From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by me
Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
Please reply within 48 hours, if you are going to be away for longer please let us know or the topic will be closed for been inactive
If you are using Cracked or Illegal software your thread will be closed
Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close.

Please can you tell me what issues you are still having?

Download http://www.imgdumper.nl/uploads6/51a612a8b2bc1/51a612a8b27e2-Zoek.png zoek.exe from here: http://hijackthis.nl/smeenk/ and save it to your Desktop.

Close/disable all anti virus and anti malware programs so they do not interfere with the download or execution of Zoek.exe
You can find instructions how to disable your security applications >>Here<< or >>Here<<
Double click zoek.exe to start the program.
Copy and paste the following script in the code box:
Note: This script is written for usage on this users computer, do not use it on another computer even if the problems are similar !

installedprogs;
process;
systemspecs;
services-list;
filesrcm;
srinfo;
emptyfolderscheck;
startupall;
firefoxlook;
chromelook;
skipfix-iedefaults;
msconfigcheck;

Close any open browsers.
Click the "Run script" button and wait patiently.
When finished the logfile will be opened in notepad.
If a reboot is needed the logfile will be opened after reboot.
The zoek-results.log can also be found on your systemdrive (normally C:\).
Please post the logfile for further review in your next reply

jontye · May 20, 2015

Hi Seedy 21,

Thanks for your reply, The problem with being unable to open files in MS Word seems to have been resolved after running Junkremoval tool /AdwareCleaner. The problem of very slow running of web sites is still there. if not getting worse, constantly getting 'not responding' message, even on this web page.

I've run the Zoek.exe download and the results are attached.

Also told my wife not to do anything with the laptop,other than browse, until we hear back from you

Regards Jontye.

Zoek.exe v5.0.0.0 Updated 04-May-2015

Tool run by USER on 20/05/2015 at 21:54:51.14.

Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\USER\Desktop\zoek.exe [scan all users] [script inserted]

==== System Restore Info ======================

20/05/2015 22:00:20 Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~2\InstallConverter

C:\PROGRA~2\Malwarebytes' Anti-Malware

C:\Program Files\Google

C:\PROGRA~3\AVAST Software

C:\Users\USER\AppData\Roaming\QuickScan

C:\Users\USER\AppData\Roaming\TP

C:\Users\USER\AppData\Local\cache

C:\Users\USER\AppData\Local\StormAlerts

==== Installed Programs ======================

64 Bit HP CIO Components Installer

Acrobat.com

Adobe AIR

Adobe Flash Player 10 Plugin

Adobe Flash Player 17 ActiveX

Adobe Reader XI (11.0.11)

Adobe Refresh Manager

Akamai NetSession Interface

Alcor Micro USB Card Reader

Apple Mobile Device Support

ARO 2013

ASUS AI Recovery

ASUS Live Update

ASUS SmartLogon

ASUS Virtual Camera

ATK Generic Function Service

ATK Hotkey

ATK Media

ATKOSD2

Boingo Wi-Fi

BT Desktop Help

BTHomeHub

CCleaner

Choice Guard

Compatibility Pack for the 2007 Office system

ControlDeck

ETDWare PS/2-x64 7.0.5.12_WHQL

Fast Boot

GoToAssist Corporate

Junk Mail filter update

Malwarebytes Anti-Malware version 2.0.4.1028

Microsoft .NET Framework 4.5.2

Microsoft Application Error Reporting

Microsoft Money Plus

Microsoft Money Shared Libraries

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Starter 2010 - English

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

MSVCRT

MSXML 4.0 SP2 P****r and SDK

MSXML 4.0 SP3 P****r (KB2721691)

MSXML 4.0 SP3 P****r (KB2758694)

MSXML 4.0 SP3 P****r (KB973685)

Rapport

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

Security Update for Microsoft .NET Framework 4.5.2 (KB3037581)

SiS VGA Utilities

USB2.0 UVC VGA WebCam

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

WinFlash

Wireless Console 3

==== Running Processes ======================

C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe

C:\Program Files\ATKGFNEX\GFNEXSrv.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe

C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe

C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\node.exe

C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe

C:\Program Files (x86)\Common Files\Motive\pcCMService.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe

C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe

C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe

C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe

C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe

C:\Windows\AsScrPro.exe

C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe

C:\Program Files\SiS VGA Utilities\SiSTray.exe

C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE

C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe

C:\Users\USER\Desktop\zoek.exe

C:\Windows\SysWOW64\cmd.exe

==== Services(whitelist) ======================

Powered by E Dev

R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe

R2 - [AFBAgent] - AFBAgent - c:\windows\system32\fbagent.exe

R2 - [ASLDRService] - ASLDR Service - c:\program files (x86)\asus\atk hotkey\asldrsrv.exe

R2 - [ATKGFNEXSrv] - ATKGFNEX Service - c:\program files\atkgfnex\gfnexsrv.exe

R2 - [bT Help Wizard] - BT Help Wizard - c:\program files (x86)\bt broadband desktop help\btbb\ma\8.4.0.53.bt.10\ma\bin\mahostservice.exe

R2 - [cvhsvc] - Client Virtualization Handler - c:\program files (x86)\common files\microsoft shared\virtualization handler\cvhsvc.exe

R2 - [MsMpSvc] - Microsoft Antimalware Service - c:\program files\microsoft security client\msmpeng.exe

R2 - [pcCMService] - pcCMService - c:\program files (x86)\common files\motive\pccmservice.exe

R2 - [pcCMService64] - pcCMService64 - c:\program files\common files\motive\pccmservice.exe

R2 - [sftlist] - Application Virtualization Client - c:\program files (x86)\microsoft application virtualization client\sftlist.exe

R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe

R3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe

R3 - [osppsvc] - Office Software Protection Platform - c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe

R3 - [sftvsa] - Application Virtualization Service Agent - c:\program files (x86)\microsoft application virtualization client\sftvsa.exe

R3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe

R3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe

S2 - [Apple Mobile Device] - Apple Mobile Device - c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe

S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe

S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe

S2 - [RapportMgmtService] - Rapport Management Service - c:\program files (x86)\trusteer\rapport\bin\rapportmgmtservice.exe [x]

S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe

S2 - [uPDATESRV] - BitDefender Desktop Update Service - c:\program files\bitdefender\bitdefender 2012\updatesrv.exe [x]

S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe

S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe

S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe

S3 - [ehRecvr] - Windows Media Center Receiver Service - c:\windows\ehome\ehrecvr.exe

S3 - [ehSched] - Windows Media Center Scheduler Service - c:\windows\ehome\ehsched.exe

S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe

S3 - [fsssvc] - Windows Live Family Safety - c:\program files (x86)\windows live\family safety\fsssvc.exe

S3 - [GoToAssist] - GoToAssist - c:\program files (x86)\citrix\gotoassist\570\g2aservice.exe

S3 - [iEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe

S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe

S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe

S3 - [NisSrv] - Microsoft Network Inspection - c:\program files\microsoft security client\nissrv.exe

S3 - [ose] - Office Source Engine - c:\program files (x86)\common files\microsoft shared\source engine\ose.exe

S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe

S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe

S3 - [sNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe

S3 - [update Server] - BitDefender Update Server v2 - c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [x]

S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe

S3 - [WatAdminSvc] - Windows Activation Technologies Service - c:\windows\system32\wat\watadminsvc.exe

S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe

S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe

S4 - [aspnet_state] - ASP.NET State Service - c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe

S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe

S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe

S4 - [VSSERV] - BitDefender Virus Shield - c:\program files\bitdefender\bitdefender 2012\vsserv.exe [x]

S4 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe

==== System Specs ======================

Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)

Memory (RAM): 1912 MB

CPU Info: Intel® Celeron® D CPU 220 @ 1.20GHz

CPU Speed: 1510.9 MHz

Sound Card: Speakers (Realtek High Definiti |

Display Adapters: SiS Mirage 3 Graphics | SiS Mirage 3 Graphics | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver

Monitors: 1x; Generic PnP Monitor |

Screen Resolution: 1366 X 768 - 32 bit

Network: Network Present

Network Adapters: Microsoft Virtual WiFi Miniport Adapter | Realtek PCIe GBE Family Controller | Atheros AR9285 Wireless Network Adapter

CD / DVD Drives: 1x (E: | ) E: HL-DT-STDVDRAM GT32N

Ports: COM Ports NOT Present. LPT Port NOT Present.

Mouse: 2 Button Mouse Present

Hard Disks: C: 58.2GB | D: 155.1GB | Q: 0.0MB

Hard Disks - Free: C: 15.2GB | D: 154.9GB | Q: 0.0MB

Manufacturer *: American Megatrends Inc.

BIOS Info: AT/AT COMPATIBLE | 01/06/10 | _ASUS_ - 20100106

Time Zone: GMT Standard Time

Motherboard *: ASUS CORPORATION K50C

Country: United Kingdom

Language: ENG

==== System Specs (Software) ======================

Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated)

Anti-Spyware: Microsoft Security Essentials disabled (Outdated)

Anti-Spyware: Windows Defender disabled (Outdated)

Internet Explorer Version: 11.0.9600.17728

Adobe Reader version: 11.0.11.18

==== Files Recently Created / Modified ======================

====== C:\Windows ====

2015-05-19 07:29:57 CA2A8AF1DBAD0F31F9B33A2827DFBC16 207 ----a-w- C:\Windows\tweaking.com-regbackup-USER-PC-Windows-7-Home-Premium-(64-bit).dat

====== C:\Users\USER\AppData\Local\Temp ====

2015-05-19 07:29:14 FDD26A402322F212DCA153FF8B1FFB6E 78816 ----a-w- C:\Users\USER\AppData\Local\Temp\jrt\tweaking.com_registry_backup_portable\pcwintech_tasksch.dll

2015-05-19 07:29:14 DC7A3BC0FC185CD68848DC6F7D7B026B 40960 ----a-w- C:\Users\USER\AppData\Local\Temp\jrt\tweaking.com_registry_backup_portable\SSubTmr6.dll

2015-05-19 07:29:14 D202BAA425176287017FFE1FB5D1B77C 103424 ----a-w- C:\Users\USER\AppData\Local\Temp\jrt\libintl3.dll

2015-05-19 07:29:14 57CAC848FA14AE38F14F9441F8933282 140288 ----a-w- C:\Users\USER\AppData\Local\Temp\jrt\pcre3.dll

2015-05-19 07:29:14 547C43567AB8C08EB30F6C6BACB479A3 79360 ----a-w- C:\Users\USER\AppData\Local\Temp\jrt\regex2.dll

2015-05-19 07:29:13 E0DC8C6BBC787B972A9A468648DBFD85 1008128 ----a-w- C:\Users\USER\AppData\Local\Temp\jrt\libiconv2.dll

2015-05-19 07:29:13 A107DE2D120C0571B544EEC53D1971AB 1406208 ----a-w- C:\Users\USER\AppData\Local\Temp\jrt\tweaking.com_registry_backup_portable\TweakingRegistryBackup.exe

2015-05-19 07:29:13 1B128828BF5E4353811B6DA58156B7F4 6656 ----a-w- C:\Users\USER\AppData\Local\Temp\jrt\tweaking.com_registry_backup_portable\files\dosdev.exe

====== Java Cache =====

====== C:\Windows\SysWOW64 =====

====== C:\Windows\SysWOW64\drivers =====

====== C:\Windows\Sysnative =====

====== C:\Windows\Sysnative\drivers =====

====== C:\Windows\Tasks ======

====== C:\Windows\Temp ======

======= C:\Program Files =====

======= C:\PROGRA~2 =====

======= C: =====

====== C:\Users\USER\AppData\Roaming ======

2015-05-19 11:45:26 -------- d-----w- C:\Users\USER\AppData\Local\LogMeIn Rescue Applet

2015-05-18 18:55:37 -------- d-----w- C:\Users\USER\AppData\Local\ElevatedDiagnostics

====== C:\Users\USER ======

2015-05-19 07:43:56 33C195F50AAECA7337A7B493359E91F3 2209792 ----a-w- C:\Users\USER\Downloads\adwcleaner_4.204.exe

2015-05-19 07:27:53 E758311867AD3A9D9226576ECFC51CF2 2720186 ----a-w- C:\Users\USER\Downloads\JRT (1).exe

2015-05-19 07:26:09 E758311867AD3A9D9226576ECFC51CF2 2720186 ----a-w- C:\Users\USER\Downloads\JRT.exe

====== C: exe-files ==

=== C: other files ==

======== System Restore Points ========

RP519: 19/05/2015 08:53:47 - Windows Update

RP520: 20/05/2015 21:58:06 - zoek.exe restore point

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-21-3541754850-2695821152-2261588209-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"FlashPlayerUpdate"="C:\Windows\system32\Macromed\Flash\FlashUtil64_17_0_0_169_ActiveX.exe -update activex"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Wireless Console 3"="C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe"

"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

"HControlUser"="C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe"

"CLMLServer"="C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

"ATKOSD2"="C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe"

"ATKMEDIA"="C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe"

"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"FlashPlayerUpdate"="C:\Windows\system32\Macromed\Flash\FlashUtil64_17_0_0_169_ActiveX.exe -update activex"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"

"MSC"="C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"

"ASUS WebStorage"="C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe"

"ETDWare"="%ProgramFiles%\Elantech\ETDCtrl.exe "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"519_13439321549542"="C:\Users\USER\AppData\Local\LOGMEI~1\LMIR0001.tmp_r.bat"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AmIcoSinglun64]

"command"="C:\\Program Files (x86)\\AmIcoSingLun\\AmIcoSinglun64.exe"

"hkey"="HKLM"

"item"="AmIcoSinglun64"

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AppleSyncNotifier]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="AppleSyncNotifier"

"hkey"="HKLM"

"command"="C:\\Program Files (x86)\\Common Files\\Apple\\Mobile Device Support\\AppleSyncNotifier.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ASUS Screen Saver Protector]

"command"="C:\\Windows\\AsScrPro.exe"

"hkey"="HKLM"

"item"="ASUS Screen Saver Protector"

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\btbb_McciTrayApp]

"command"="\"C:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpNotifier.exe\""

"hkey"="HKLM"

"item"="btbb_McciTrayApp"

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="iTunesHelper"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SiSTray]

"command"="%ProgramFiles%\\SiS VGA Utilities\\SiSTray.exe"

"hkey"="HKLM"

"item"="SiSTray"

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Zune Launcher]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Zune Launcher"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Zune\\ZuneLauncher.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

"backup"="C:\\Windows\\pss\\HP Digital Imaging Monitor.lnk.CommonStartup"

"command"=" "

"item"="HP Digital Imaging Monitor"

"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\HP Digital Imaging Monitor.lnk"

"backupExtension"=".CommonStartup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SkypeUpdate]

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [15/04/2015 00:12]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]

"C:\Windows\SysNative\tasks\ASUS Live Update" [C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe]

"C:\Windows\SysNative\tasks\ASUS SmartLogon Console Sensor" [C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe]

"C:\Windows\SysNative\tasks\ASUSControlDeck" [C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe]

"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]

"C:\Windows\SysNative\tasks\{1093C846-1EE7-4D81-8591-3343E834F234}" [E:\SETUP.EXE]

"C:\Windows\SysNative\tasks\{1E5A0F11-ABE4-4CAF-9E76-7F23F9694F6F}" [E:\SETUP.EXE]

"C:\Windows\SysNative\tasks\{22F79F6A-D10C-43C1-8F88-C7AB160D03AC}" ["c:\program files (x86)\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/5.3.0.116.261/en/abandoninstall?page=tsMain&installinfo=google-toolbar:notoffered;toolbarpresent,google-chrome:notoffered;systemlevelpresent]

"C:\Windows\SysNative\tasks\{2558B993-19CF-47B9-AC68-D54073142D5A}" [E:\SETUP.EXE]

"C:\Windows\SysNative\tasks\{2D9A255D-570A-4CBD-8D1B-16EBBAC97244}" [C:\Users\USER\Downloads\USMoneyBizSunset.exe]

"C:\Windows\SysNative\tasks\{33DF929F-6347-444B-89CA-760FB174763F}" [E:\SETUP.EXE]

"C:\Windows\SysNative\tasks\{568A8A7B-637B-45F4-8B10-9138199CB876}" [E:\SETUP.EXE]

"C:\Windows\SysNative\tasks\{5E030617-A263-4EDD-8889-3BE63D5ADDF3}" [E:\SETUP.EXE]

"C:\Windows\SysNative\tasks\{91CA1C24-61DA-4EDB-ACEC-5B5D7A7D80C4}" ["c:\program files\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/5.1.0.112/en/abandoninstall?source=lightinstaller&page=tsProblems&LastError=404&installinfo=google-toolbar:notoffered;userdeclined,google-chrome:offered-installed;madedefault]

"C:\Windows\SysNative\tasks\{A19146D1-0AB1-494F-B59B-D6A690D35126}" [C:\Program Files (x86)\Skype\\Phone\Skype.exe]

"C:\Windows\SysNative\tasks\{CE0C8EBF-1A4C-4520-859D-76694FD3699D}" [E:\SETUP.EXE]

"C:\Windows\SysNative\tasks\{E0164DAC-F928-4A1F-B5DC-AAB86AA242FB}" ["c:\program files (x86)\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/5.5.0.114.261/en/abandoninstall?page=tsPlugin&installinfo=google-toolbar:notoffered;toolbarpresent,google-chrome:notoffered;systemlevelpresent]

"C:\Windows\SysNative\tasks\{F17FE1E3-76A7-4C6E-9D81-A65903F84304}" [C:\Program Files (x86)\Samsung\Samsung PC Studio 7\LaunchApplication.exe]

"C:\Windows\SysNative\tasks\{FA878209-E33C-4974-A1A0-687C2DE10B67}" [E:\SETUP.EXE]

"C:\Windows\SysNative\tasks\{FF755179-EF35-4F09-8208-F944CED971CB}" ["c:\program files\internet explorer\iexplore.exe" http://www.skype.com/go/downloading?source=lightinstaller&ver=5.1.0.112&LastError=404]

"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

edmgmpmklgfbohogafcfobonnkogchec - C:\Program Files (x86)\Common Files\Motive\extensions\MotiveRequest.crx[15/02/2013 16:56]

==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.com/"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.com"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.com"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]

"Tabs"="www.google.com"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]

"Tabs"="www.google.com"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

{67A2568C-7A0A-4EED-AECC-B5405DE63B64} Google Url="https://www.google.com/search?q={searchTerms}"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher deleted successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on 20/05/2015 at 22:12:12.77 ======================

seedy21 · May 21, 2015

Hi jontye

Are you aware that you have GoToAssist Corporate installed on your machine? This software can allow people outside your network to remote control your machine. Some IT Deptments will use software like this to help you.

If you didnt install this software please uninstall it.

Step 1

We need to re-run Zoek

Close/disable all anti virus and anti malware programs so they do not interfere with the download or execution of Zoek.exe. You can find instructions how to disable your security applications >>Here<< or >>Here<<
Double click zoek.exe to start the program.
Copy and paste the following script in the code box:
Note: This script is written for usage on this users computer, do not use it on another computer even if the problems are similar !

UPDATESRV;u
Update Server;u
VSSERV;u
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce];r64
"519_13439321549542"=-;r64
c:\program files\bitdefender\bitdefender 2012\;fs
c:\program files\common files\bitdefender\;fs
C:\Windows\system32\Tasks\{E5D12496-C098-4DB0-84A6-34F83BA0874E};f
C:\Users\USER\AppData\Local\  LOGMEI~1\LMIR0001.tmp_r.bat;f
C:\Windows\SysNative\tasks\{1093C846-1EE7-4D81-8591-3343E834F234};f
C:\Windows\SysNative\tasks\{1E5A0F11-ABE4-4CAF-9E76-7F23F9694F6F};f
"C:\Windows\SysNative\tasks\{2558B993-19CF-47B9-AC68-D54073142D5A};f
"C:\Windows\SysNative\tasks\{33DF929F-6347-444B-89CA-760FB174763F};f
"C:\Windows\SysNative\tasks\{568A8A7B-637B-45F4-8B10-9138199CB876};f
"C:\Windows\SysNative\tasks\{5E030617-A263-4EDD-8889-3BE63D5ADDF3};f
"C:\Windows\SysNative\tasks\{CE0C8EBF-1A4C-4520-859D-76694FD3699D};f
"C:\Windows\SysNative\tasks\{FA878209-E33C-4974-A1A0-687C2DE10B67};f
services-list;
emptyalltemp;
standardsearch;

Close any open browsers.
Click the "Run script" button and wait patiently.
When finished the logfile will be opened in notepad.
If a reboot is needed the logfile will be opened after reboot.
The zoek-results.log can also be found on your systemdrive (normally C:\).
Please post the logfile for further review in your next reply

Step 2

We need to re-run MalwareBytes Anti-malware

Double Click to start the program and select Update Now
Once it has updated select Settings > Detection and Protection >Tick Scan for rootkits
Go back to the Dashboard and select Scan Now
If threats are detected, click the Apply Actions button, MBAM will ask for a reboot
On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop.

Please post that log for my review.

Please try your Internet Browser and let me know if the fault still persists.

jontye · May 21, 2015

Hi Seedy21, I have followed your instructions but got stuck. I tried to open Zoek.exe and it would not open. I then thought something had gone wrong with it and tried to download it again but it would not fully download. So I then tried to delete the original from the desktop but the message I got was that it could not be deleted because the programme was open. I entered Zoek.exe in the search box but the search could not find the programme. I had no problems with this last night - everything ran smoothly. Please advise. Regards Jontye.

jontye · May 21, 2015

Hi Seedy21, I restarted the laptop then retried running Zoek.exe and it worked. The results are attached. I will run a MalwareBytes scan when this is sent. Regards, Jontye

Zoek.exe v5.0.0.0 Updated 04-May-2015

Tool run by USER on 21/05/2015 at 18:42:39.57.

Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\USER\Desktop\zoek.exe [scan all users] [script inserted]

==== Older Logs ======================

C:\zoek-results2015-05-20-211212.log 24376 bytes