- Aug 2, 2014
- 6
You know the MOST stupid thing about it; I downloaded the movie in Spanish, so I can't watch in anyway. El stupido! Gutted.
Spigot Yahoo browser redirect - help with removal please
- Thread starter GoodWthAnimalsNotCmptrs
- Start date
- Status
- Mar 8, 2013
- 22,627
Hi,
Before we begin, I want you to have this in mind:
SpyBot S&D Warning
MVPS.org is no longer recommending SpyBot S&D due to very poor testing results (scroll down and read under Freeware Antispyware Products).
My advice is to get rid of this program. To do so:
This is optional, but please consider it.
Multiple Resident Protection warning!
Always have one (and no more than one!) AntiVirus program! In this case having more of them will not provide you with better protection - instead they may cause slowness, lock-ups and even mark another ones as harmful, leading to leave your system unstable and even damaged. Please choose only one from the listed below to stay with and uninstall the others:
Scan with ZOEK
Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Post its content into your next reply.
Before we begin, I want you to have this in mind:
- At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
- Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
- Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
- Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
- All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
- If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
- I visit forum several times at day, making sure to respond to everyone's topic as fast as possible. But bear in mind that I have private life like everyone and I cannot be here 24/7. So please be patient with me. Also, some infections require less, and some more time to be removed completely, so bear this in mind and be patient.
- Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. If you solved your problem yourself, set aside two minutes to let me know.
- Please attach all report using
button below. Doing this, you make it easier for me to analyze and fix your problem.
MVPS.org is no longer recommending SpyBot S&D due to very poor testing results (scroll down and read under Freeware Antispyware Products).
My advice is to get rid of this program. To do so:
- Press the
+ R on your keyboard at the same time. Type appwiz.cpl and click OK.
- Search for SpyBot, right-click the entry and click Uninstall.
This is optional, but please consider it.
Always have one (and no more than one!) AntiVirus program! In this case having more of them will not provide you with better protection - instead they may cause slowness, lock-ups and even mark another ones as harmful, leading to leave your system unstable and even damaged. Please choose only one from the listed below to stay with and uninstall the others:
- AVG AntiVirus 2014
- Ad-Aware Antivirus
- Press the
+ R on your keyboard at the same time. Type appwiz.cpl and click OK.
- Search for each uninstalled entry, right-click it and select Uninstall.
Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
- Right-click on
icon and select
Run as Administrator to start the tool.
- Wait patiently until the main console will appear, it may take a minute or two.
- In the main box please paste in the following script:
Code:createsrpoint; gpt.ini;z C:\Windows\System32\GroupPolicy;v C:\Windows\SysWOW64\GroupPolicy;v process; services-list; systemspecs; startupall; skipfix-iedefaults; firefoxlook; chromelook; filesrcm; installedprogs; - Make sure that Scan All Users option is checked.
- Push Run Script and wait patiently. The scan may take a couple of minutes.
- When the scan completes, a zoek-results logfile should open in notepad.
- If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Post its content into your next reply.
- Aug 2, 2014
- 6
Thank you so much for your reply!
I've uninstalled both Spybot S&D and Ad-Aware antivirus, and run Zoek. This is my logfile:
Zoek.exe v5.0.0.0 Updated 31-07-2014
Tool run by User on 02/08/2014 at 12:56:59.21.
Microsoft Windows 8 6.2.9200 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\User\Downloads\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
02/08/2014 13:03:07 Zoek.exe System Restore Point Created Succesfully.
==== Installed Programs ======================
Ad-Aware Browsing Protection
AllSharePlayLink
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2014
Bitcasa version 0.9.20.4135
Bonjour
Easy File Share
ETDWare X64 11.7.5.5_WHQL
Google Chrome
Google Update Helper
Help Desk
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Intel(R) SDK for OpenCL - CPU Only Runtime Package
Intel(R) Update Manager
Intel© Trusted Connect Service Client
iTunes
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Qualcomm Atheros Bluetooth Suite (64)
Qualcomm Atheros Client Installation Program
Quick Starter
Rapport
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Recovery
S Agent
S Service
Settings
SkypeT 6.16
Support Center
Support Center FAQ
SW Update
Trusteer Endpoint Protection
User Guide
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
VLC media player 2.1.3
==== Running Processes ======================
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files (x86)\Samsung\Settings\sSettings.exe
C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\User\Downloads\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
==== Services (whitelist) ======================
Powered by E Dev
R2 - [Apple Mobile Device] - Apple Mobile Device - "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
R2 - [AtherosSvc] - AtherosSvc - "C:\Program Files (x86)\Bluetooth Suite\adminservice.exe"
R2 - [avgwd] - AVG WatchDog - "C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe"
R2 - [Bonjour Service] - Bonjour Service - "C:\Program Files\Bonjour\mDNSResponder.exe"
R2 - [ETDService] - Elan Service - C:\Program Files\Elantech\ETDService.exe
R2 - [Intel(R) Capability Licensing Service Interface] - Intel(R) Capability Licensing Service Interface - "C:\Program Files\Intel\iCLS Client\HeciServer.exe"
R2 - [Intel(R) ME Service] - Intel(R) ME Service - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
R2 - [jhi_service] - Intel(R) Dynamic Application Loader Host Interface Service - "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
R2 - [LMS] - Intel(R) Management and Security Application Local Management Service - "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
R2 - [RapportMgmtService] - Rapport Management Service - "C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe"
R2 - [UNS] - Intel(R) Management and Security Application User Notification Service - "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - "C:\Program Files\Windows Media Player\wmpnetwk.exe"
R2 - [WSearch] - Windows Search - C:\Windows\system32\SearchIndexer.exe /Embedding
R2 - [ZAtheros Bt and Wlan Coex Agent] - ZAtheros Bt and Wlan Coex Agent - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
R3 - [ICCS] - Intel(R) Integrated Clock Controller Service - Intel(R) ICCS - "C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe"
R3 - [iPod Service] - iPod Service - "C:\Program Files\iPod\bin\iPodService.exe"
R3 - [msiserver] - Windows Installer - C:\Windows\system32\msiexec.exe /V
R3 - [VSS] - Volume Shadow Copy - C:\Windows\system32\vssvc.exe
S2 - [AVGIDSAgent] - AVGIDSAgent - "C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe"
S2 - [gupdate] - Google Update Service (gupdate) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc
S2 - [SkypeUpdate] - Skype Updater - "C:\Program Files (x86)\Skype\Updater\Updater.exe"
S2 - [sppsvc] - Software Protection - C:\Windows\system32\sppsvc.exe
S3 - [ALG] - Application Layer Gateway Service - C:\Windows\System32\alg.exe
S3 - [COMSysApp] - COM+ System Application - C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S3 - [cphs] - Intel(R) Content Protection HECI Service - C:\Windows\SysWow64\IntelCpHeciSvc.exe
S3 - [Fax] - Fax - C:\Windows\system32\fxssvc.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
S3 - [gupdatem] - Google Update Service (gupdatem) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc
S3 - [Intel(R) Capability Licensing Service TCP IP Interface] - Intel(R) Capability Licensing Service TCP IP Interface - "C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe"
S3 - [iumsvc] - Intel(R) Update Manager - "C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe"
S3 - [MSDTC] - Distributed Transaction Coordinator - C:\Windows\System32\msdtc.exe
S3 - [PerfHost] - Performance Counter DLL Host - C:\Windows\SysWow64\perfhost.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - C:\Windows\system32\locator.exe
S3 - [SNMPTRAP] - SNMP Trap - C:\Windows\System32\snmptrap.exe
S3 - [TrustedInstaller] - Windows Modules Installer - C:\Windows\servicing\TrustedInstaller.exe
S3 - [vds] - Virtual Disk - C:\Windows\System32\vds.exe
S3 - [wbengine] - Block Level Backup Engine Service - "C:\Windows\system32\wbengine.exe"
S3 - [WinDefend] - Windows Defender Service - "C:\Program Files\Windows Defender\MsMpEng.exe"
S3 - [wmiApSrv] - WMI Performance Adapter - C:\Windows\system32\wbem\WmiApSrv.exe
==== Folders Found ======================
==== Files Found ======================
==== System Specs ======================
Windows: Windows Version 6.2 (Build 9200)
Memory (RAM): 6030 MB
CPU Info: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
CPU Speed: 2495.6 MHz
Sound Card: Speakers (Realtek High Definiti |
Display Adapters: Intel(R) HD Graphics 4000 | Intel(R) HD Graphics 4000 | Intel(R) HD Graphics 4000
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: Microsoft Hosted Network Virtual Adapter | Bluetooth Device (Personal Area Network) | Microsoft Wi-Fi Direct Virtual Adapter | Realtek PCIe GBE Family Controller | Qualcomm Atheros AR9485WB-EG Wireless Network Adapter
CD / DVD Drives: No optical drives found.
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 2 Button Mouse Present
Hard Disks: C: 340.0GB | D: 336.7GB
Hard Disks - Free: C: 295.3GB | D: 257.2GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | | SECCSD - 1072009
Time Zone: GMT Standard Time
Motherboard *: SAMSUNG ELECTRONICS CO., LTD. NP370R5E-A07UK
Country: United Kingdom
Language: ENG
==== System Specs (Software) ======================
Anti-Virus: AVG AntiVirus 2014 On-access scanning disabled (Outdated)
Anti-Virus: Windows Defender On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: AVG AntiVirus 2014 disabled (Outdated)
Default Browser: Google Chrome 36.0.1985.125
Internet Explorer Version: 10.0.9200.17028
Google Chrome version: 36.0.1985.125
==== Files Recently Created / Modified ======================
====== C:\Windows ====
2014-08-02 11:34:31 0A34066D56D57C0DA73BFFC1E4169FF2 85 ----a-w- C:\Windows\wininit.ini
====== C:\Users\User\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-08-02 11:40:14 8C64829D720733298E5CAD99E5F82448 703968 ----a-w- C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-02 11:40:14 06493306FF37328C0B8DC94F7A82DA85 105440 ----a-w- C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-29 20:31:53 A30A616F4026FD52E519EA401DE0C2FC 1440256 ----a-w- C:\Windows\SysWOW64\osk.exe
2014-07-29 20:31:39 A6F3DB155D86513C142C4CC8A0E7B6C0 452608 ----a-w- C:\Windows\SysWOW64\SHCore.dll
2014-07-29 20:30:20 8795FB612463119D7560EBA9C7F8784D 14368768 ----a-w- C:\Windows\SysWOW64\mshtml.dll
2014-07-29 20:30:12 49E69D3C71522F14E88361139C96C4A7 226816 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll
2014-07-29 20:30:09 A3FB2F617F15586B66A6E0ACF3A380FE 13732352 ----a-w- C:\Windows\SysWOW64\ieframe.dll
2014-07-29 20:30:08 D143C6B9624E29E0AA1D682C9A678C95 2863616 ----a-w- C:\Windows\SysWOW64\jscript9.dll
2014-07-29 20:30:07 43E4E8F5AFDD1A5E0D269D1DE5C717EB 2051072 ----a-w- C:\Windows\SysWOW64\iertutil.dll
2014-07-29 20:30:05 27631A4D65AB1FA5718EBBFED05B7815 1766400 ----a-w- C:\Windows\SysWOW64\wininet.dll
2014-07-29 20:30:04 61B1C74ED24F2CD5D1B0C20AC51492F6 1141760 ----a-w- C:\Windows\SysWOW64\urlmon.dll
2014-07-29 20:30:02 1B91409DA29A30D899D257BCF86FD5B3 357888 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll
2014-07-29 20:30:01 2ECF28B5EE03B12FAB7DFA680178B0BC 1440768 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl
2014-07-29 20:29:59 D97646D8E83B5AA8198182449C7FDCBF 226816 ----a-w- C:\Windows\SysWOW64\dxtrans.dll
2014-07-29 20:29:59 841997B03FC48A0713247837563EF1D6 493056 ----a-w- C:\Windows\SysWOW64\msfeeds.dll
2014-07-29 20:29:58 26582E103FD52094FC5ECA619BDE93FF 109056 ----a-w- C:\Windows\SysWOW64\iesysprep.dll
2014-07-29 20:29:57 4A09112A94AC63DA93FF17F1E76DFA68 80896 ----a-w- C:\Windows\SysWOW64\mshtmled.dll
2014-07-29 20:29:57 45E1DA8EF50FB8E5227CE8423EA43055 690688 ----a-w- C:\Windows\SysWOW64\jscript.dll
2014-07-29 20:29:56 5FE1032BC879A8F39EA6F90FDD8DD838 163840 ----a-w- C:\Windows\SysWOW64\msrating.dll
2014-07-29 20:29:55 9A598E8923FBF88DF356D6A523D56FA0 44032 ----a-w- C:\Windows\SysWOW64\UXInit.dll
2014-07-29 20:29:54 1DB8DD378F5851CFC0D699A4B5EBA559 33280 ----a-w- C:\Windows\SysWOW64\iernonce.dll
2014-07-29 20:29:51 EFFC098B09760FFEEAE1C10533D74017 39936 ----a-w- C:\Windows\SysWOW64\jsproxy.dll
2014-07-29 20:29:50 71A5B696671E2CC42376FF1ED9575C37 61440 ----a-w- C:\Windows\SysWOW64\iesetup.dll
2014-07-29 20:29:50 6D4A861C832CD598DE1267939CCEB154 2706432 ----a-w- C:\Windows\SysWOW64\mshtml.tlb
2014-07-29 20:29:50 2347AFDAF9DA06C99091227C93B884CC 534528 ----a-w- C:\Windows\SysWOW64\uxtheme.dll
2014-07-29 20:29:32 1F3780A663053B4CAF108C3524E8CD40 497152 ----a-w- C:\Windows\SysWOW64\qedit.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-08-02 11:47:10 C6CAD077D636D2D58EE8284B17A1093B 281088 ----a-w- C:\Windows\Sysnative\FNTCACHE.DAT
2014-07-29 20:31:55 3B3BCB93ACAC16C8BAB1F0CBBFADDC05 4038144 ----a-w- C:\Windows\Sysnative\win32k.sys
2014-07-29 20:31:53 462E0B687C91D7366854C2F6BFB00E58 1557504 ----a-w- C:\Windows\Sysnative\osk.exe
2014-07-29 20:31:40 B4D60F193E7088A5020A9BFDAF0A8488 1281536 ----a-w- C:\Windows\Sysnative\lsasrv.dll
2014-07-29 20:31:40 863C8A0F3F90E0E8D715AE9AB46FAC3B 588288 ----a-w- C:\Windows\Sysnative\SHCore.dll
2014-07-29 20:31:39 1DC9B701F8EB7D67774035AC9C3104F6 439808 ----a-w- C:\Windows\Sysnative\lsm.dll
2014-07-29 20:30:18 0DF61F84BC5542FFDA2F64D6697358E1 19277312 ----a-w- C:\Windows\Sysnative\mshtml.dll
2014-07-29 20:30:14 B56946EED9F6571EE1DB2A7FF6C0E47C 15369728 ----a-w- C:\Windows\Sysnative\ieframe.dll
2014-07-29 20:30:12 B07200A237E54AC9D453DE3661FF31C4 3959296 ----a-w- C:\Windows\Sysnative\jscript9.dll
2014-07-29 20:30:11 DAF42D53210C8FEC9087AD1E44C67854 255488 ----a-w- C:\Windows\Sysnative\iedkcs32.dll
2014-07-29 20:30:08 3A691F30BB012EE0A4CC3E74BAFF1D66 2650624 ----a-w- C:\Windows\Sysnative\iertutil.dll
2014-07-29 20:30:06 CE6BBFFF2FEB9E43C58350AA506EDAB1 1366528 ----a-w- C:\Windows\Sysnative\urlmon.dll
2014-07-29 20:30:06 27E552632E6394DE0FA555EFDBA29A49 2239488 ----a-w- C:\Windows\Sysnative\wininet.dll
2014-07-29 20:30:04 E40183B5A2DC1C5761AE51E34312ACA5 452096 ----a-w- C:\Windows\Sysnative\dxtmsft.dll
2014-07-29 20:30:03 74869FE2697E4A881B7C8C9F615F1204 1508864 ----a-w- C:\Windows\Sysnative\inetcpl.cpl
2014-07-29 20:30:02 91FC6F95B04FD48DC6EBB99AE218D21B 281600 ----a-w- C:\Windows\Sysnative\dxtrans.dll
2014-07-29 20:30:01 CD2974BD1BB6551260AAB3D4D04BECD5 603136 ----a-w- C:\Windows\Sysnative\msfeeds.dll
2014-07-29 20:30:00 5A000C8F02B22EF8F99F6D988A7A0444 97792 ----a-w- C:\Windows\Sysnative\mshtmled.dll
2014-07-29 20:29:59 C0B6B7F1A1DFE1D6BC9C708AC221C82C 915968 ----a-w- C:\Windows\Sysnative\uxtheme.dll
2014-07-29 20:29:58 FC66C25C9060E0681A4ABCB96EC26A4F 855552 ----a-w- C:\Windows\Sysnative\jscript.dll
2014-07-29 20:29:58 F43351A68833FC80135A394A656F4F4B 136704 ----a-w- C:\Windows\Sysnative\iesysprep.dll
2014-07-29 20:29:56 CAB7A75725D29A63F464996A9FA2752E 51712 ----a-w- C:\Windows\Sysnative\ie4uinit.exe
2014-07-29 20:29:55 9046B20273767138A1A0CFABD005DFF0 39936 ----a-w- C:\Windows\Sysnative\iernonce.dll
2014-07-29 20:29:55 200E468E3E83481DE4C08CB786DB19FC 197120 ----a-w- C:\Windows\Sysnative\msrating.dll
2014-07-29 20:29:54 10E1EC58E8B8BCD14DA36AAB8647009F 53760 ----a-w- C:\Windows\Sysnative\UXInit.dll
2014-07-29 20:29:51 9489C3323D2BCFB3AF60475CCDA66B1A 53760 ----a-w- C:\Windows\Sysnative\jsproxy.dll
2014-07-29 20:29:50 A6B7A11B37C1BF854D9AC43CFE215A22 67072 ----a-w- C:\Windows\Sysnative\iesetup.dll
2014-07-29 20:29:49 239293442AE3873D253BFEE72AD01874 2706432 ----a-w- C:\Windows\Sysnative\mshtml.tlb
2014-07-29 20:29:39 962025110A396E6D7790DA2CD4D8D424 265216 ----a-w- C:\Windows\Sysnative\InkEd.dll
2014-07-29 20:29:32 47C22FAAC1EC02467790C79B8DB6FCCB 596480 ----a-w- C:\Windows\Sysnative\qedit.dll
====== C:\Windows\Sysnative\drivers =====
2014-07-29 20:29:34 FE7FB9612D354EB41DF4F0FF5D6FB259 576512 ----a-w- C:\Windows\Sysnative\drivers\afd.sys
2014-07-29 20:01:50 EB4BF3DA0A8D99584D8D1A9E47BD5E07 8 ----a-w- C:\Windows\Sysnative\drivers\rtkhdaud.dat
====== C:\Windows\Tasks ======
2014-08-02 12:02:55 404BC6F4245119880CB0B7347ECE9904 3722 ----a-w- C:\Windows\Sysnative\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
======= C: =====
====== C:\Users\User\AppData\Roaming ======
2014-08-02 11:48:45 -------- d-----r- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-08-02 11:40:40 -------- d-----w- C:\Users\Default\AppData\Local\Trusteer
2014-08-02 11:40:40 -------- d-----w- C:\Users\Default User\AppData\Local\Trusteer
2014-08-02 11:35:38 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\PnrpSqm
2014-08-02 11:34:03 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Roaming\PeerNetworking
2014-07-29 20:04:21 -------- d-----w- C:\Users\Default\AppData\Roaming\TuneUp Software
2014-07-29 20:04:21 -------- d-----w- C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-07-29 19:56:46 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Trusteer
====== C:\Users\User ======
2014-08-02 12:02:48 -------- d-----w- C:\ProgramData\Intel(R) Update Manager
2014-08-02 09:27:03 83C0AF64AC7B777A61C13E608D9B4CC6 2094080 ----a-w- C:\Users\User\Downloads\FRST64 (1).exe
2014-08-02 09:25:05 83C0AF64AC7B777A61C13E608D9B4CC6 2094080 ----a-w- C:\Users\User\Downloads\FRST64.exe
2014-08-01 20:22:54 6DB21D0C2AE966AB1EBC3D9741935460 272664 ----a-w- C:\Users\User\Videos\RpprtSetup.exe
====== C: exe-files ==
2014-08-02 11:40:14 8C64829D720733298E5CAD99E5F82448 703968 ----a-w- C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-02 09:27:03 83C0AF64AC7B777A61C13E608D9B4CC6 2094080 ----a-w- C:\Users\User\Downloads\FRST64 (1).exe
2014-08-02 09:25:05 83C0AF64AC7B777A61C13E608D9B4CC6 2094080 ----a-w- C:\Users\User\Downloads\FRST64.exe
2014-08-01 20:22:55 CDBCA1B89486D6715CBAF5165CF99FD6 1551008 ----a-w- C:\Users\User\Videos\Alex\Documents\SkypeSetup.exe
2014-08-01 20:22:54 6DB21D0C2AE966AB1EBC3D9741935460 272664 ----a-w- C:\Users\User\Videos\RpprtSetup.exe
2014-07-29 20:31:54 3627331CB17CAD13004EE9F9B2AEB457 394624 ----a-w- C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
2014-07-29 20:31:53 A30A616F4026FD52E519EA401DE0C2FC 1440256 ----a-w- C:\Windows\SysWOW64\osk.exe
2014-07-29 20:31:53 462E0B687C91D7366854C2F6BFB00E58 1557504 ----a-w- C:\Windows\System32\osk.exe
2014-07-29 20:30:03 F37633EA6056B7F7DE685FB7F6DFB1FC 770704 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
2014-07-29 20:30:03 B606732D1F1948DF9CE9E30517E17268 775320 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
2014-07-29 20:29:57 906DD419A6F121F971602CFF4A27B8BC 484352 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe
2014-07-29 20:29:57 8597633E306B3793FB353C02DBFBE52F 469504 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2014-07-29 20:29:56 CAB7A75725D29A63F464996A9FA2752E 51712 ----a-w- C:\Windows\System32\ie4uinit.exe
2014-07-29 20:04:01 C5D237A3DA4A914D19D825C73FDE4487 8848464 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\36.0.1985.125\36.0.1985.125_35.0.1916.153_chrome_updater.exe
2014-07-29 20:01:32 A68E3D97AD845CA78BDE9929E0F5FB51 62992 ----a-w- C:\Program Files (x86)\AVG\AVG2014\avguirux.exe
2014-07-29 20:01:32 7609F3DADD1CE65D3DEDD266215FEA38 16912 ----a-w- C:\Program Files (x86)\AVG\AVG2014\avgrdtesta.exe
2014-07-29 20:01:32 210E4E3E95ECEEF90F6AF4C8B31ACE94 5981584 ----a-w- C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
2014-07-29 20:01:32 1510EB2A2403B5470FA44AF6B6C0E5C0 15888 ----a-w- C:\Program Files (x86)\AVG\AVG2014\avgrdtestx.exe
=== C: other files ==
2014-08-02 11:42:34 7F42165086BB6CD965AE7ADF3B86306F 358040 ----a-w- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_69108.sys
2014-08-02 11:42:34 4C5875E50F49F20C094579F74B4D8A4D 631128 ----a-w- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_69108.sys
2014-08-01 20:22:54 D6CD2F71D9946A4F1967D154F7FBBAE2 14003565 ----a-w- C:\Users\User\Videos\One Minute South.zip
2014-07-29 20:31:55 3B3BCB93ACAC16C8BAB1F0CBBFADDC05 4038144 ----a-w- C:\Windows\System32\win32k.sys
2014-07-29 20:29:34 FE7FB9612D354EB41DF4F0FF5D6FB259 576512 ----a-w- C:\Windows\System32\Drivers\afd.sys
==== Startup Registry Enabled ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="C:\Program Files (x86)\AVG\AVG2014\avgui.exe /TRAYONLY"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"Search Protection"="C:\ProgramData\Search Protection\SearchProtection.exe"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BtvStack"="C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
==== Startup Registry Enabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /S3HpProtect "
"Bitcasa"="C:\Program Files\Bitcasa\Bitcasa.exe /startup"
"ETDCtrl"="%ProgramFiles%\Elantech\ETDCtrl.exe "
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BtvStack"="C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
==== Task Scheduler Jobs ======================
C:\Windows\tasks\0214dUpdateInfo.job --a-------- C:\ProgramData\Avg_Update_0214d\0214d_AVG-Secure-Search-Update.exe [24/03/2014 16:56]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [31/05/2014 13:16]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a-------- [Undetermined Task]
==== Other Scheduled Tasks ======================
"C:\Windows\SysNative\tasks\0214dUpdateInfo" [C:\ProgramData\Avg_Update_0214d\0214d_AVG-Secure-Search-Update.exe]
"C:\Windows\SysNative\tasks\advRecovery" ["C:\Program Files\Samsung\Recovery\WCScheduler.exe"]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473" ["C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe"]
"C:\Windows\SysNative\tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon" ["C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe"]
"C:\Windows\SysNative\tasks\RtHDVBg" ["C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe"]
"C:\Windows\SysNative\tasks\RTKCPL" ["C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe"]
"C:\Windows\SysNative\tasks\SAgent" ["%ProgramFiles%\Samsung\S Agent\CommonAgent.exe"]
"C:\Windows\SysNative\tasks\Settings" ["C:\Program Files (x86)\Samsung\Settings\sSettings.exe"]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
==== Chrome Look ======================
Google Docs - Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Wallet - Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Docs - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Give as you Live - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fceblikkhnkbdimejiaapjnijnfegnii
Google Wallet - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== IE Start and Search Settings ======================
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://securedsearch2.lavasoft.com/...net&ent=hp&u=61020731AE20003577F29D53B061DB98"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{39241D7B-4DD9-446D-9DC6-21D1624EB527}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"
{39241D7B-4DD9-446D-9DC6-21D1624EB527} Yahoo Url="https://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}"
==== C:\zoek_backup content ======================
C:\zoek_backup (files=0 folders=0 0 bytes)
==== EOF on 02/08/2014 at 13:08:06.78 ======================
I've uninstalled both Spybot S&D and Ad-Aware antivirus, and run Zoek. This is my logfile:
Zoek.exe v5.0.0.0 Updated 31-07-2014
Tool run by User on 02/08/2014 at 12:56:59.21.
Microsoft Windows 8 6.2.9200 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\User\Downloads\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
02/08/2014 13:03:07 Zoek.exe System Restore Point Created Succesfully.
==== Installed Programs ======================
Ad-Aware Browsing Protection
AllSharePlayLink
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2014
Bitcasa version 0.9.20.4135
Bonjour
Easy File Share
ETDWare X64 11.7.5.5_WHQL
Google Chrome
Google Update Helper
Help Desk
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Intel(R) SDK for OpenCL - CPU Only Runtime Package
Intel(R) Update Manager
Intel© Trusted Connect Service Client
iTunes
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Qualcomm Atheros Bluetooth Suite (64)
Qualcomm Atheros Client Installation Program
Quick Starter
Rapport
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Recovery
S Agent
S Service
Settings
SkypeT 6.16
Support Center
Support Center FAQ
SW Update
Trusteer Endpoint Protection
User Guide
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
VLC media player 2.1.3
==== Running Processes ======================
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files (x86)\Samsung\Settings\sSettings.exe
C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\User\Downloads\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
==== Services (whitelist) ======================
Powered by E Dev
R2 - [Apple Mobile Device] - Apple Mobile Device - "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
R2 - [AtherosSvc] - AtherosSvc - "C:\Program Files (x86)\Bluetooth Suite\adminservice.exe"
R2 - [avgwd] - AVG WatchDog - "C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe"
R2 - [Bonjour Service] - Bonjour Service - "C:\Program Files\Bonjour\mDNSResponder.exe"
R2 - [ETDService] - Elan Service - C:\Program Files\Elantech\ETDService.exe
R2 - [Intel(R) Capability Licensing Service Interface] - Intel(R) Capability Licensing Service Interface - "C:\Program Files\Intel\iCLS Client\HeciServer.exe"
R2 - [Intel(R) ME Service] - Intel(R) ME Service - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
R2 - [jhi_service] - Intel(R) Dynamic Application Loader Host Interface Service - "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
R2 - [LMS] - Intel(R) Management and Security Application Local Management Service - "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
R2 - [RapportMgmtService] - Rapport Management Service - "C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe"
R2 - [UNS] - Intel(R) Management and Security Application User Notification Service - "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - "C:\Program Files\Windows Media Player\wmpnetwk.exe"
R2 - [WSearch] - Windows Search - C:\Windows\system32\SearchIndexer.exe /Embedding
R2 - [ZAtheros Bt and Wlan Coex Agent] - ZAtheros Bt and Wlan Coex Agent - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
R3 - [ICCS] - Intel(R) Integrated Clock Controller Service - Intel(R) ICCS - "C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe"
R3 - [iPod Service] - iPod Service - "C:\Program Files\iPod\bin\iPodService.exe"
R3 - [msiserver] - Windows Installer - C:\Windows\system32\msiexec.exe /V
R3 - [VSS] - Volume Shadow Copy - C:\Windows\system32\vssvc.exe
S2 - [AVGIDSAgent] - AVGIDSAgent - "C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe"
S2 - [gupdate] - Google Update Service (gupdate) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc
S2 - [SkypeUpdate] - Skype Updater - "C:\Program Files (x86)\Skype\Updater\Updater.exe"
S2 - [sppsvc] - Software Protection - C:\Windows\system32\sppsvc.exe
S3 - [ALG] - Application Layer Gateway Service - C:\Windows\System32\alg.exe
S3 - [COMSysApp] - COM+ System Application - C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S3 - [cphs] - Intel(R) Content Protection HECI Service - C:\Windows\SysWow64\IntelCpHeciSvc.exe
S3 - [Fax] - Fax - C:\Windows\system32\fxssvc.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
S3 - [gupdatem] - Google Update Service (gupdatem) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc
S3 - [Intel(R) Capability Licensing Service TCP IP Interface] - Intel(R) Capability Licensing Service TCP IP Interface - "C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe"
S3 - [iumsvc] - Intel(R) Update Manager - "C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe"
S3 - [MSDTC] - Distributed Transaction Coordinator - C:\Windows\System32\msdtc.exe
S3 - [PerfHost] - Performance Counter DLL Host - C:\Windows\SysWow64\perfhost.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - C:\Windows\system32\locator.exe
S3 - [SNMPTRAP] - SNMP Trap - C:\Windows\System32\snmptrap.exe
S3 - [TrustedInstaller] - Windows Modules Installer - C:\Windows\servicing\TrustedInstaller.exe
S3 - [vds] - Virtual Disk - C:\Windows\System32\vds.exe
S3 - [wbengine] - Block Level Backup Engine Service - "C:\Windows\system32\wbengine.exe"
S3 - [WinDefend] - Windows Defender Service - "C:\Program Files\Windows Defender\MsMpEng.exe"
S3 - [wmiApSrv] - WMI Performance Adapter - C:\Windows\system32\wbem\WmiApSrv.exe
==== Folders Found ======================
==== Files Found ======================
==== System Specs ======================
Windows: Windows Version 6.2 (Build 9200)
Memory (RAM): 6030 MB
CPU Info: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
CPU Speed: 2495.6 MHz
Sound Card: Speakers (Realtek High Definiti |
Display Adapters: Intel(R) HD Graphics 4000 | Intel(R) HD Graphics 4000 | Intel(R) HD Graphics 4000
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: Microsoft Hosted Network Virtual Adapter | Bluetooth Device (Personal Area Network) | Microsoft Wi-Fi Direct Virtual Adapter | Realtek PCIe GBE Family Controller | Qualcomm Atheros AR9485WB-EG Wireless Network Adapter
CD / DVD Drives: No optical drives found.
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 2 Button Mouse Present
Hard Disks: C: 340.0GB | D: 336.7GB
Hard Disks - Free: C: 295.3GB | D: 257.2GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | | SECCSD - 1072009
Time Zone: GMT Standard Time
Motherboard *: SAMSUNG ELECTRONICS CO., LTD. NP370R5E-A07UK
Country: United Kingdom
Language: ENG
==== System Specs (Software) ======================
Anti-Virus: AVG AntiVirus 2014 On-access scanning disabled (Outdated)
Anti-Virus: Windows Defender On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: AVG AntiVirus 2014 disabled (Outdated)
Default Browser: Google Chrome 36.0.1985.125
Internet Explorer Version: 10.0.9200.17028
Google Chrome version: 36.0.1985.125
==== Files Recently Created / Modified ======================
====== C:\Windows ====
2014-08-02 11:34:31 0A34066D56D57C0DA73BFFC1E4169FF2 85 ----a-w- C:\Windows\wininit.ini
====== C:\Users\User\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-08-02 11:40:14 8C64829D720733298E5CAD99E5F82448 703968 ----a-w- C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-02 11:40:14 06493306FF37328C0B8DC94F7A82DA85 105440 ----a-w- C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-29 20:31:53 A30A616F4026FD52E519EA401DE0C2FC 1440256 ----a-w- C:\Windows\SysWOW64\osk.exe
2014-07-29 20:31:39 A6F3DB155D86513C142C4CC8A0E7B6C0 452608 ----a-w- C:\Windows\SysWOW64\SHCore.dll
2014-07-29 20:30:20 8795FB612463119D7560EBA9C7F8784D 14368768 ----a-w- C:\Windows\SysWOW64\mshtml.dll
2014-07-29 20:30:12 49E69D3C71522F14E88361139C96C4A7 226816 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll
2014-07-29 20:30:09 A3FB2F617F15586B66A6E0ACF3A380FE 13732352 ----a-w- C:\Windows\SysWOW64\ieframe.dll
2014-07-29 20:30:08 D143C6B9624E29E0AA1D682C9A678C95 2863616 ----a-w- C:\Windows\SysWOW64\jscript9.dll
2014-07-29 20:30:07 43E4E8F5AFDD1A5E0D269D1DE5C717EB 2051072 ----a-w- C:\Windows\SysWOW64\iertutil.dll
2014-07-29 20:30:05 27631A4D65AB1FA5718EBBFED05B7815 1766400 ----a-w- C:\Windows\SysWOW64\wininet.dll
2014-07-29 20:30:04 61B1C74ED24F2CD5D1B0C20AC51492F6 1141760 ----a-w- C:\Windows\SysWOW64\urlmon.dll
2014-07-29 20:30:02 1B91409DA29A30D899D257BCF86FD5B3 357888 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll
2014-07-29 20:30:01 2ECF28B5EE03B12FAB7DFA680178B0BC 1440768 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl
2014-07-29 20:29:59 D97646D8E83B5AA8198182449C7FDCBF 226816 ----a-w- C:\Windows\SysWOW64\dxtrans.dll
2014-07-29 20:29:59 841997B03FC48A0713247837563EF1D6 493056 ----a-w- C:\Windows\SysWOW64\msfeeds.dll
2014-07-29 20:29:58 26582E103FD52094FC5ECA619BDE93FF 109056 ----a-w- C:\Windows\SysWOW64\iesysprep.dll
2014-07-29 20:29:57 4A09112A94AC63DA93FF17F1E76DFA68 80896 ----a-w- C:\Windows\SysWOW64\mshtmled.dll
2014-07-29 20:29:57 45E1DA8EF50FB8E5227CE8423EA43055 690688 ----a-w- C:\Windows\SysWOW64\jscript.dll
2014-07-29 20:29:56 5FE1032BC879A8F39EA6F90FDD8DD838 163840 ----a-w- C:\Windows\SysWOW64\msrating.dll
2014-07-29 20:29:55 9A598E8923FBF88DF356D6A523D56FA0 44032 ----a-w- C:\Windows\SysWOW64\UXInit.dll
2014-07-29 20:29:54 1DB8DD378F5851CFC0D699A4B5EBA559 33280 ----a-w- C:\Windows\SysWOW64\iernonce.dll
2014-07-29 20:29:51 EFFC098B09760FFEEAE1C10533D74017 39936 ----a-w- C:\Windows\SysWOW64\jsproxy.dll
2014-07-29 20:29:50 71A5B696671E2CC42376FF1ED9575C37 61440 ----a-w- C:\Windows\SysWOW64\iesetup.dll
2014-07-29 20:29:50 6D4A861C832CD598DE1267939CCEB154 2706432 ----a-w- C:\Windows\SysWOW64\mshtml.tlb
2014-07-29 20:29:50 2347AFDAF9DA06C99091227C93B884CC 534528 ----a-w- C:\Windows\SysWOW64\uxtheme.dll
2014-07-29 20:29:32 1F3780A663053B4CAF108C3524E8CD40 497152 ----a-w- C:\Windows\SysWOW64\qedit.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-08-02 11:47:10 C6CAD077D636D2D58EE8284B17A1093B 281088 ----a-w- C:\Windows\Sysnative\FNTCACHE.DAT
2014-07-29 20:31:55 3B3BCB93ACAC16C8BAB1F0CBBFADDC05 4038144 ----a-w- C:\Windows\Sysnative\win32k.sys
2014-07-29 20:31:53 462E0B687C91D7366854C2F6BFB00E58 1557504 ----a-w- C:\Windows\Sysnative\osk.exe
2014-07-29 20:31:40 B4D60F193E7088A5020A9BFDAF0A8488 1281536 ----a-w- C:\Windows\Sysnative\lsasrv.dll
2014-07-29 20:31:40 863C8A0F3F90E0E8D715AE9AB46FAC3B 588288 ----a-w- C:\Windows\Sysnative\SHCore.dll
2014-07-29 20:31:39 1DC9B701F8EB7D67774035AC9C3104F6 439808 ----a-w- C:\Windows\Sysnative\lsm.dll
2014-07-29 20:30:18 0DF61F84BC5542FFDA2F64D6697358E1 19277312 ----a-w- C:\Windows\Sysnative\mshtml.dll
2014-07-29 20:30:14 B56946EED9F6571EE1DB2A7FF6C0E47C 15369728 ----a-w- C:\Windows\Sysnative\ieframe.dll
2014-07-29 20:30:12 B07200A237E54AC9D453DE3661FF31C4 3959296 ----a-w- C:\Windows\Sysnative\jscript9.dll
2014-07-29 20:30:11 DAF42D53210C8FEC9087AD1E44C67854 255488 ----a-w- C:\Windows\Sysnative\iedkcs32.dll
2014-07-29 20:30:08 3A691F30BB012EE0A4CC3E74BAFF1D66 2650624 ----a-w- C:\Windows\Sysnative\iertutil.dll
2014-07-29 20:30:06 CE6BBFFF2FEB9E43C58350AA506EDAB1 1366528 ----a-w- C:\Windows\Sysnative\urlmon.dll
2014-07-29 20:30:06 27E552632E6394DE0FA555EFDBA29A49 2239488 ----a-w- C:\Windows\Sysnative\wininet.dll
2014-07-29 20:30:04 E40183B5A2DC1C5761AE51E34312ACA5 452096 ----a-w- C:\Windows\Sysnative\dxtmsft.dll
2014-07-29 20:30:03 74869FE2697E4A881B7C8C9F615F1204 1508864 ----a-w- C:\Windows\Sysnative\inetcpl.cpl
2014-07-29 20:30:02 91FC6F95B04FD48DC6EBB99AE218D21B 281600 ----a-w- C:\Windows\Sysnative\dxtrans.dll
2014-07-29 20:30:01 CD2974BD1BB6551260AAB3D4D04BECD5 603136 ----a-w- C:\Windows\Sysnative\msfeeds.dll
2014-07-29 20:30:00 5A000C8F02B22EF8F99F6D988A7A0444 97792 ----a-w- C:\Windows\Sysnative\mshtmled.dll
2014-07-29 20:29:59 C0B6B7F1A1DFE1D6BC9C708AC221C82C 915968 ----a-w- C:\Windows\Sysnative\uxtheme.dll
2014-07-29 20:29:58 FC66C25C9060E0681A4ABCB96EC26A4F 855552 ----a-w- C:\Windows\Sysnative\jscript.dll
2014-07-29 20:29:58 F43351A68833FC80135A394A656F4F4B 136704 ----a-w- C:\Windows\Sysnative\iesysprep.dll
2014-07-29 20:29:56 CAB7A75725D29A63F464996A9FA2752E 51712 ----a-w- C:\Windows\Sysnative\ie4uinit.exe
2014-07-29 20:29:55 9046B20273767138A1A0CFABD005DFF0 39936 ----a-w- C:\Windows\Sysnative\iernonce.dll
2014-07-29 20:29:55 200E468E3E83481DE4C08CB786DB19FC 197120 ----a-w- C:\Windows\Sysnative\msrating.dll
2014-07-29 20:29:54 10E1EC58E8B8BCD14DA36AAB8647009F 53760 ----a-w- C:\Windows\Sysnative\UXInit.dll
2014-07-29 20:29:51 9489C3323D2BCFB3AF60475CCDA66B1A 53760 ----a-w- C:\Windows\Sysnative\jsproxy.dll
2014-07-29 20:29:50 A6B7A11B37C1BF854D9AC43CFE215A22 67072 ----a-w- C:\Windows\Sysnative\iesetup.dll
2014-07-29 20:29:49 239293442AE3873D253BFEE72AD01874 2706432 ----a-w- C:\Windows\Sysnative\mshtml.tlb
2014-07-29 20:29:39 962025110A396E6D7790DA2CD4D8D424 265216 ----a-w- C:\Windows\Sysnative\InkEd.dll
2014-07-29 20:29:32 47C22FAAC1EC02467790C79B8DB6FCCB 596480 ----a-w- C:\Windows\Sysnative\qedit.dll
====== C:\Windows\Sysnative\drivers =====
2014-07-29 20:29:34 FE7FB9612D354EB41DF4F0FF5D6FB259 576512 ----a-w- C:\Windows\Sysnative\drivers\afd.sys
2014-07-29 20:01:50 EB4BF3DA0A8D99584D8D1A9E47BD5E07 8 ----a-w- C:\Windows\Sysnative\drivers\rtkhdaud.dat
====== C:\Windows\Tasks ======
2014-08-02 12:02:55 404BC6F4245119880CB0B7347ECE9904 3722 ----a-w- C:\Windows\Sysnative\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
======= C: =====
====== C:\Users\User\AppData\Roaming ======
2014-08-02 11:48:45 -------- d-----r- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-08-02 11:40:40 -------- d-----w- C:\Users\Default\AppData\Local\Trusteer
2014-08-02 11:40:40 -------- d-----w- C:\Users\Default User\AppData\Local\Trusteer
2014-08-02 11:35:38 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\PnrpSqm
2014-08-02 11:34:03 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Roaming\PeerNetworking
2014-07-29 20:04:21 -------- d-----w- C:\Users\Default\AppData\Roaming\TuneUp Software
2014-07-29 20:04:21 -------- d-----w- C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-07-29 19:56:46 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Trusteer
====== C:\Users\User ======
2014-08-02 12:02:48 -------- d-----w- C:\ProgramData\Intel(R) Update Manager
2014-08-02 09:27:03 83C0AF64AC7B777A61C13E608D9B4CC6 2094080 ----a-w- C:\Users\User\Downloads\FRST64 (1).exe
2014-08-02 09:25:05 83C0AF64AC7B777A61C13E608D9B4CC6 2094080 ----a-w- C:\Users\User\Downloads\FRST64.exe
2014-08-01 20:22:54 6DB21D0C2AE966AB1EBC3D9741935460 272664 ----a-w- C:\Users\User\Videos\RpprtSetup.exe
====== C: exe-files ==
2014-08-02 11:40:14 8C64829D720733298E5CAD99E5F82448 703968 ----a-w- C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-02 09:27:03 83C0AF64AC7B777A61C13E608D9B4CC6 2094080 ----a-w- C:\Users\User\Downloads\FRST64 (1).exe
2014-08-02 09:25:05 83C0AF64AC7B777A61C13E608D9B4CC6 2094080 ----a-w- C:\Users\User\Downloads\FRST64.exe
2014-08-01 20:22:55 CDBCA1B89486D6715CBAF5165CF99FD6 1551008 ----a-w- C:\Users\User\Videos\Alex\Documents\SkypeSetup.exe
2014-08-01 20:22:54 6DB21D0C2AE966AB1EBC3D9741935460 272664 ----a-w- C:\Users\User\Videos\RpprtSetup.exe
2014-07-29 20:31:54 3627331CB17CAD13004EE9F9B2AEB457 394624 ----a-w- C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
2014-07-29 20:31:53 A30A616F4026FD52E519EA401DE0C2FC 1440256 ----a-w- C:\Windows\SysWOW64\osk.exe
2014-07-29 20:31:53 462E0B687C91D7366854C2F6BFB00E58 1557504 ----a-w- C:\Windows\System32\osk.exe
2014-07-29 20:30:03 F37633EA6056B7F7DE685FB7F6DFB1FC 770704 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
2014-07-29 20:30:03 B606732D1F1948DF9CE9E30517E17268 775320 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
2014-07-29 20:29:57 906DD419A6F121F971602CFF4A27B8BC 484352 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe
2014-07-29 20:29:57 8597633E306B3793FB353C02DBFBE52F 469504 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2014-07-29 20:29:56 CAB7A75725D29A63F464996A9FA2752E 51712 ----a-w- C:\Windows\System32\ie4uinit.exe
2014-07-29 20:04:01 C5D237A3DA4A914D19D825C73FDE4487 8848464 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\36.0.1985.125\36.0.1985.125_35.0.1916.153_chrome_updater.exe
2014-07-29 20:01:32 A68E3D97AD845CA78BDE9929E0F5FB51 62992 ----a-w- C:\Program Files (x86)\AVG\AVG2014\avguirux.exe
2014-07-29 20:01:32 7609F3DADD1CE65D3DEDD266215FEA38 16912 ----a-w- C:\Program Files (x86)\AVG\AVG2014\avgrdtesta.exe
2014-07-29 20:01:32 210E4E3E95ECEEF90F6AF4C8B31ACE94 5981584 ----a-w- C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
2014-07-29 20:01:32 1510EB2A2403B5470FA44AF6B6C0E5C0 15888 ----a-w- C:\Program Files (x86)\AVG\AVG2014\avgrdtestx.exe
=== C: other files ==
2014-08-02 11:42:34 7F42165086BB6CD965AE7ADF3B86306F 358040 ----a-w- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_69108.sys
2014-08-02 11:42:34 4C5875E50F49F20C094579F74B4D8A4D 631128 ----a-w- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_69108.sys
2014-08-01 20:22:54 D6CD2F71D9946A4F1967D154F7FBBAE2 14003565 ----a-w- C:\Users\User\Videos\One Minute South.zip
2014-07-29 20:31:55 3B3BCB93ACAC16C8BAB1F0CBBFADDC05 4038144 ----a-w- C:\Windows\System32\win32k.sys
2014-07-29 20:29:34 FE7FB9612D354EB41DF4F0FF5D6FB259 576512 ----a-w- C:\Windows\System32\Drivers\afd.sys
==== Startup Registry Enabled ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="C:\Program Files (x86)\AVG\AVG2014\avgui.exe /TRAYONLY"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"Search Protection"="C:\ProgramData\Search Protection\SearchProtection.exe"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BtvStack"="C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
==== Startup Registry Enabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /S3HpProtect "
"Bitcasa"="C:\Program Files\Bitcasa\Bitcasa.exe /startup"
"ETDCtrl"="%ProgramFiles%\Elantech\ETDCtrl.exe "
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BtvStack"="C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
==== Task Scheduler Jobs ======================
C:\Windows\tasks\0214dUpdateInfo.job --a-------- C:\ProgramData\Avg_Update_0214d\0214d_AVG-Secure-Search-Update.exe [24/03/2014 16:56]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [31/05/2014 13:16]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a-------- [Undetermined Task]
==== Other Scheduled Tasks ======================
"C:\Windows\SysNative\tasks\0214dUpdateInfo" [C:\ProgramData\Avg_Update_0214d\0214d_AVG-Secure-Search-Update.exe]
"C:\Windows\SysNative\tasks\advRecovery" ["C:\Program Files\Samsung\Recovery\WCScheduler.exe"]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473" ["C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe"]
"C:\Windows\SysNative\tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon" ["C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe"]
"C:\Windows\SysNative\tasks\RtHDVBg" ["C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe"]
"C:\Windows\SysNative\tasks\RTKCPL" ["C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe"]
"C:\Windows\SysNative\tasks\SAgent" ["%ProgramFiles%\Samsung\S Agent\CommonAgent.exe"]
"C:\Windows\SysNative\tasks\Settings" ["C:\Program Files (x86)\Samsung\Settings\sSettings.exe"]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
==== Chrome Look ======================
Google Docs - Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Wallet - Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Docs - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Give as you Live - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fceblikkhnkbdimejiaapjnijnfegnii
Google Wallet - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== IE Start and Search Settings ======================
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://securedsearch2.lavasoft.com/...net&ent=hp&u=61020731AE20003577F29D53B061DB98"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{39241D7B-4DD9-446D-9DC6-21D1624EB527}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"
{39241D7B-4DD9-446D-9DC6-21D1624EB527} Yahoo Url="https://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}"
==== C:\zoek_backup content ======================
C:\zoek_backup (files=0 folders=0 0 bytes)
==== EOF on 02/08/2014 at 13:08:06.78 ======================
- Mar 8, 2013
- 22,627
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
- Right-click on
icon and select
Run as Administrator to start the tool.
- Wait patiently until the main console will appear, it may take a minute or two.
- In the main box please paste in the following script:
Code:createsrpoint; [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run];r "Search Protection"=-;r C:\ProgramData\Search Protection;fs emptyalltemp; autoclean; cmd: ipconfig /flushdns;b - Make sure that Scan All Users option is checked.
- Push Run Script and wait patiently. The scan may take a couple of minutes.
- When the scan completes, a zoek-results logfile should open in notepad.
- If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Post its content into your next reply.
- Aug 2, 2014
- 6
Amazing. I could never do this by myself. Thanks so much. Zoek says:
Zoek.exe v5.0.0.0 Updated 31-07-2014
Tool run by User on 02/08/2014 at 14:12:35.30.
Microsoft Windows 8 6.2.9200 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\User\Downloads\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-08-02-120806.log 25441 bytes
==== System Restore Info ======================
02/08/2014 14:13:40 Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-329411724-2178590721-1631619472-1001\Software\Microsoft\Internet Explorer\SearchScopes\{39241D7B-4DD9-446D-9DC6-21D1624EB527} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Search Protection"=-
==== Batch Command(s) Run By Tool======================
==== Deleting Files \ Folders ======================
C:\ProgramData\Search Protection not found
C:\prefs.js deleted
C:\Users\User\AppData\Roaming\SecureSearch deleted
C:\PROGRA~3\Avg_Update_0214d deleted
C:\PROGRA~3\boost_interprocess deleted
C:\Users\User\Searches deleted
C:\Windows\wininit.ini deleted
C:\Windows\tasks\0214dUpdateInfo.job deleted
C:\windows\SysNative\tasks\0214dUpdateInfo deleted
C:\PROGRA~3\MakeMarkerFile.exe deleted
==== Chrome Look ======================
Give as you Live - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fceblikkhnkbdimejiaapjnijnfegnii
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://securedsearch2.lavasoft.com/...net&ent=hp&u=61020731AE20003577F29D53B061DB98"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{39241D7B-4DD9-446D-9DC6-21D1624EB527}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{39241D7B-4DD9-446D-9DC6-21D1624EB527}] not found
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1G05J7V3 will be deleted at reboot
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EVNDFCQA will be deleted at reboot
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=13 folders=4 4767561 bytes)
==== Empty Temp Folders ======================
C:\Users\Alex\AppData\Local\Temp emptied successfully
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\User\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\User\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1G05J7V3" not found
"C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EVNDFCQA" not found
==== EOF on 02/08/2014 at 14:28:01.12 ======================
Zoek.exe v5.0.0.0 Updated 31-07-2014
Tool run by User on 02/08/2014 at 14:12:35.30.
Microsoft Windows 8 6.2.9200 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\User\Downloads\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-08-02-120806.log 25441 bytes
==== System Restore Info ======================
02/08/2014 14:13:40 Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-329411724-2178590721-1631619472-1001\Software\Microsoft\Internet Explorer\SearchScopes\{39241D7B-4DD9-446D-9DC6-21D1624EB527} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Search Protection"=-
==== Batch Command(s) Run By Tool======================
==== Deleting Files \ Folders ======================
C:\ProgramData\Search Protection not found
C:\prefs.js deleted
C:\Users\User\AppData\Roaming\SecureSearch deleted
C:\PROGRA~3\Avg_Update_0214d deleted
C:\PROGRA~3\boost_interprocess deleted
C:\Users\User\Searches deleted
C:\Windows\wininit.ini deleted
C:\Windows\tasks\0214dUpdateInfo.job deleted
C:\windows\SysNative\tasks\0214dUpdateInfo deleted
C:\PROGRA~3\MakeMarkerFile.exe deleted
==== Chrome Look ======================
Give as you Live - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fceblikkhnkbdimejiaapjnijnfegnii
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://securedsearch2.lavasoft.com/...net&ent=hp&u=61020731AE20003577F29D53B061DB98"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{39241D7B-4DD9-446D-9DC6-21D1624EB527}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{39241D7B-4DD9-446D-9DC6-21D1624EB527}] not found
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1G05J7V3 will be deleted at reboot
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EVNDFCQA will be deleted at reboot
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=13 folders=4 4767561 bytes)
==== Empty Temp Folders ======================
C:\Users\Alex\AppData\Local\Temp emptied successfully
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\User\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\User\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1G05J7V3" not found
"C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EVNDFCQA" not found
==== EOF on 02/08/2014 at 14:28:01.12 ======================
- Mar 8, 2013
- 22,627
- Aug 2, 2014
- 6
I think it's fixed 
no sign of yahoo anywhere, google browser loads without any nasties popping up. YAY! Thanks so much.
no sign of yahoo anywhere, google browser loads without any nasties popping up. YAY! Thanks so much.
- Mar 8, 2013
- 22,627
Below you will find my thoughts about securing your machine. Go ahead through it, you will benefit from some useful advice about safe computing.
MUST READ - security tips: Computer Security - a short guide to staying safer online. Simple and easy ways to keep your computer safe and secure on the Internet
MUST READ - general maintenance: What to do if your Computer is running slowly?
TFC - to clean unneeded temporary files.
Malwarebytes' Anti-Malware - to scan your system from time to time in search for malware.
Malwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.
McShield - to prevent infections spread by removable media.
CryptoPrevent - to secure yourself from very severe CryptoLocker infection.
Unchecky - to prevent from installing additional foistware, implemented in legitimate installations.
• The following will implement some post-cleanup procedures:
=> Please download DelFix by Xplode to your Desktop.
Run the tool and check the following boxes below;
Remove disinfection tools
Create registry backup
Purge System Restore
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.
Stay safe,
TwinHeadedEagle
Recommended reading:
Recommended additional software:
• The following will implement some post-cleanup procedures:
=> Please download DelFix by Xplode to your Desktop.
Run the tool and check the following boxes below;
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.
My help is free for everybody.
If you're happy with the help provided and/or wish to buy me a beer for the assistance you received, then you can consider a donation:
Thank you!
If you're happy with the help provided and/or wish to buy me a beer for the assistance you received, then you can consider a donation:
Thank you!
Stay safe,
TwinHeadedEagle
- Aug 2, 2014
- 6
I really can't thank you enough. I'll download everything you suggest and do my recommended reading. My saviour. You have certainly earned yourself a beer. And a shot of something stronger. Enjoy your weekend. Thank you thank you thank you!! x
- Mar 8, 2013
- 22,627
- Mar 8, 2013
- 22,627
Since this issue appears to be resolved, I am closing the topic. If that is not the case and you need or wish to continue with this topic, please contact me or any staff member with the address of the thread.
Other members who need assistance please start your own topic in a new thread. Thanks!
Other members who need assistance please start your own topic in a new thread. Thanks!
- Aug 2, 2014
- 6
- Mar 8, 2013
- 22,627
Hi, again
I would like to see MalwareBytes report:
Please re-run
Malwarebytes' Anti-Malware.
I would like to see MalwareBytes report:
Please re-run
- Click the History tab.
- Click Application Logs and double-click the newest Scan Log.
- At the bottom click Export and choose Text file.
- Mar 8, 2013
- 22,627
- Status
Similar threads
- Locked
