CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [mbot_au_300] => C:\Program Files (x86)\mbot_au_300\mbot_au_300.exe [3981968 2015-02-05] ()
C:\Program Files (x86)\mbot_au_300
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\RunOnce: [Application Restart #1] => C:\Users\Rick\AppData\Local\Pokki\Engine\HostAppService.exe [7805256 2014-11-21] (Pokki)
C:\Users\Rick\AppData\Local\Pokki
HKU\S-1-5-21-1630993411-145381888-747447847-1001\...\MountPoints2: {07374292-edfb-11e3-825e-40f02f1b2390} - "H:\HPLauncher.exe"
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.websse...1R1XXXXW1D2X1R1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://istart.websse...1R1XXXXW1D2X1R1
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.websse...q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.websse...q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.websse...q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.websse...q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1630993411-145381888-747447847-1001 -> {2EE8CAB0-3292-4D28-A7B7-2A77AFAA1ACE} URL = 
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\XTab\SupTab.dll (Thinknice Co. Limited)
C:\Program Files (x86)\XTab
CHR HomePage: Default -> hxxp://istart.webssearches.com/?type=hp&ts=1423210458&from=exp&uid=ST1000DM003-1CH162_W1D2X1R1XXXXW1D2X1R1
CHR StartupUrls: Default -> "hxxp://istart.webssearches.com/?type=hp&ts=1423210458&from=exp&uid=ST1000DM003-1CH162_W1D2X1R1XXXXW1D2X1R1"
CHR DefaultSuggestURL: Default -> http://ss-sym.ask.co...pe=prefix&li=ff
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
R2 ColorMedia; C:\ProgramData\PicColor Utility\ColorMedia.exe [1844232 2015-01-27] (CartCrunch Israel Ltd.) [File not signed]
C:\ProgramData\PicColor Utility
R2 PicColor Service; C:\ProgramData\PicColor Utility\PicColor.exe [567296 2015-02-05] () [File not signed]
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [487056 2015-02-06] (SysTool PasSame LIMITED)
C:\ProgramData\WindowsMangerProtect
U2 TMAgent; No ImagePath
2015-02-06 19:17 - 2015-02-06 19:17 - 00000000 ____D () C:\Program Files (x86)\XTab
2015-02-06 19:16 - 2015-02-06 19:16 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2015-02-06 19:14 - 2015-02-07 01:14 - 00000000 ____D () C:\ProgramData\620dd37ef2a8478593bc1a87489239da
2015-02-06 19:14 - 2015-02-07 00:37 - 00000000 ____D () C:\Users\Rick\AppData\Local\mbot_au_300
2015-02-06 19:14 - 2015-02-06 20:33 - 00000025 _____ () C:\momotor.txt
2015-02-06 19:14 - 2015-02-06 20:33 - 00000000 ____D () C:\ProgramData\MailUpdate
2015-02-06 19:14 - 2015-02-06 19:55 - 00000000 ____D () C:\ProgramData\PicColor Utility
2015-02-06 19:14 - 2015-02-06 19:18 - 00005328 _____ () C:\Windows\SysWOW64\ColorMedia.ini
2015-02-06 19:14 - 2015-02-06 19:14 - 00003744 _____ () C:\Windows\System32\Tasks\AKKKFNVQ
2015-02-06 19:14 - 2015-02-06 19:14 - 00000000 ____D () C:\Users\Rick\AppData\Roaming\MailUpdate
2015-02-06 19:14 - 2015-02-06 19:14 - 00000000 ____D () C:\ProgramData\PicColorData
2015-02-06 19:14 - 2015-02-06 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MYBESTOFFERSTODAY
2015-02-06 19:14 - 2015-02-06 19:14 - 00000000 ____D () C:\Program Files (x86)\mbot_au_300
2015-02-06 19:14 - 2015-01-27 17:31 - 00344440 _____ (CartCrunch Israel Ltd.) C:\Windows\system32\ColorMedia64.dll
2015-02-06 19:14 - 2015-01-27 17:31 - 00301168 _____ (CartCrunch Israel Ltd.) C:\Windows\SysWOW64\ColorMedia.dll
2015-02-06 19:13 - 2015-02-07 00:37 - 00000000 ____D () C:\Program Files (x86)\LuckyTab
2015-02-06 19:13 - 2015-02-06 19:13 - 00003392 _____ () C:\Windows\System32\Tasks\LuckyTab
2015-02-06 19:13 - 2015-02-06 19:13 - 00000000 ____D () C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\LuckyTab
2015-01-21 02:40 - 2015-01-21 02:40 - 00000000 ____D () C:\Users\Rick\AppData\Local\FileViewPro
2014-07-23 14:24 - 2014-07-23 14:26 - 0000000 _____ () C:\Users\Rick\AppData\Local\{2AAD4F13-2E60-496D-973A-CD42F1C0A3B5}
Task: {03B2AF92-508F-45D7-8F0C-CE6CDBA93D59} - System32\Tasks\{26CEFDD0-9DA3-4239-BF17-453EAB283E09} => pcalua.exe -a E:\setup.exe -d E:\
Task: {271AD97C-8A32-4975-A2FD-BC8BB5D270F2} - System32\Tasks\AKKKFNVQ => C:\ProgramData\620dd37ef2a8478593bc1a87489239da\620dd37ef2a8478593bc1a87489239da.exe
C:\ProgramData\620dd37ef2a8478593bc1a87489239da
Task: {B6C534EE-3BC1-4807-B06E-9C3660CFC661} - System32\Tasks\LuckyTab => C:\Program Files (x86)\LuckyTab\LuckyTab.exe <==== ATTENTION
C:\Program Files (x86)\LuckyTab
C:\ProgramData\PicColor Utility
2015-02-06 19:14 - 2015-01-27 17:31 - 00344440 _____ (CartCrunch Israel Ltd.) C:\Windows\system32\ColorMedia64.dll
2015-02-06 19:14 - 2015-01-27 17:31 - 00301168 _____ (CartCrunch Israel Ltd.) C:\Windows\SysWOW64\ColorMedia.dll
Winsock: Catalog9 01 C:\Windows\SysWOW64\ColorMedia.dll [301168] (CartCrunch Israel Ltd.)
Winsock: Catalog9 02 C:\Windows\SysWOW64\ColorMedia.dll [301168] (CartCrunch Israel Ltd.)
Winsock: Catalog9 03 C:\Windows\SysWOW64\ColorMedia.dll [301168] (CartCrunch Israel Ltd.)
Winsock: Catalog9 04 C:\Windows\SysWOW64\ColorMedia.dll [301168] (CartCrunch Israel Ltd.)
Winsock: Catalog9 16 C:\Windows\SysWOW64\ColorMedia.dll [301168] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 01 C:\Windows\system32\ColorMedia64.dll [344440] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 02 C:\Windows\system32\ColorMedia64.dll [344440] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 03 C:\Windows\system32\ColorMedia64.dll [344440] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 04 C:\Windows\system32\ColorMedia64.dll [344440] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 16 C:\Windows\system32\ColorMedia64.dll [344440] (CartCrunch Israel Ltd.)
EmptyTemp:
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved" /F
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew