Hello you guys I would like help getting rid of malware related to yevins.com, every time I use Google Chrome a tab opens offering an update to a flash player
Yevins.com Malware
- Thread starter Eduardo Ortiz
- Start date
- Status
- Mar 8, 2013
- 22,627
Hello,
They call me TwinHeadedEagle around here, and I'll be working with you.
Before we start please read and note the following:
Scan with ZOEK
Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Post its content into your next reply.
They call me TwinHeadedEagle around here, and I'll be working with you.
Before we start please read and note the following:
- At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
- Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
- Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
- Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
- All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
- If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
- I visit forum several times at day, making sure to respond to everyone's topic as fast as possible. But bear in mind that I have private life like everyone and I cannot be here 24/7. So please be patient with me. Also, some infections require less, and some more time to be removed completely, so bear this in mind and be patient.
- Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. If you solved your problem yourself, set aside two minutes to let me know.
- Please attach all report using
button below. Doing this, you make it easier for me to analyze and fix your problem.
- If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
- Right-click on
icon and select
Run as Administrator to start the tool.
- Wait patiently until the main console will appear, it may take a minute or two.
- In the main box please paste in the following script:
Code:createsrpoint; gpt.ini;z C:\Windows\System32\GroupPolicy;v C:\Windows\SysWOW64\GroupPolicy;v process; services-list; systemspecs; startupall; skipfix-iedefaults; firefoxlook; chromelook; filesrcm; installedprogs; - Make sure that Scan All Users option is checked.
- Push Run Script and wait patiently. The scan may take a couple of minutes.
- When the scan completes, a zoek-results logfile should open in notepad.
- If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Post its content into your next reply.
Zoek.exe v5.0.0.0 Updated 04-August-2014
Tool run by Daniel and Monica on Wed 08/06/2014 at 15:58:23.91.
Microsoft Windows 8 6.2.9200 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Daniel and Monica\Downloads\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
8/6/2014 3:59:34 PM Zoek.exe System Restore Point Created Succesfully.
==== Installed Programs ======================
4 Elements II
7-Zip 9.20 (x64 edition)
Adobe Shockwave Player 11.6
Airport Mania
AMD Accelerated Video Transcoding
AMD Catalyst Install Manager
AMD Fuel
AMD VISION Engine Control Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AT&T Communication Manager
Azteca
Bejeweled 3
Bonjour
Bounce Symphony
Build-a-lot
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cradle Of Egypt Collector's Edition
Cradle of Rome 2
Curse at Twilight
Cyberlink PhotoDirector
CyberLink PowerDirector 10
CyberLink YouCam
D3DX10
Delicious: Emily's Childhood Memories Premium Edition
Dragon NaturallySpeaking 12
Energy Star
Farm Frenzy
Google Chrome
Google Update Helper
Governor of Poker 2 Premium Edition
Hewlett-Packard ACLM.NET v1.2.1.1
House of 1000 Doors: Family Secrets
HP 3D DriveGuard
HP Connected Music (Meridian - installer)
HP Connected Music (Meridian - player)
HP CoolSense
HP Customer Experience Enhancements
HP Documentation
HP MyRoom
HP Postscript Converter
HP Quick Start
HP Recovery Manager
HP Registration Service
HP Support Assistant
HP System Event Utility
HP Utility Center
HP Wireless Button Driver
HTC Driver Installer
HTC Sync Manager
IDT Audio
IPTInstaller
iTunes
Java 7 Update 60
Java Auto Updater
Jewel Match 3
Luxor Evolved
Mah Jong Medley
Mahjongg Dimensions Deluxe: Tiles in Time
McAfee AntiVirus
Microsoft Application Error Reporting
Microsoft Office
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
Movie Maker
MSVCRT
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP2 Parser and SDK
Mystery P.I. - Curious Case of Counterfeit Cove
Nike+ Connect
OEM Application Profile
Peggle Nights
Photo Common
Photo Gallery
Plants vs. Zombies - Game of the Year
Polar Bowler
Ralink Bluetooth Stack64
Ralink RT3290 802.11bgn Wi-Fi Adapter
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
Roads of Rome 3
Royal Envoy 2 Collector's Edition
swMSM
Synaptics Pointing Device Driver
Tales of Lagoona
Update Installer for WildTangent Games App
Vacation QuestT - Australia
WildTangent Games
WildTangent Games App (HP Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Youda Jewel Shop
Zuma's Revenge
==== Running Processes ======================
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\Flash Update\winclient32.exe
C:\Program Files (x86)\Nike\Nike+ Connect\Nike+ Connect daemon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Daniel and Monica\Downloads\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
==== Services (whitelist) ======================
Powered by E Dev
R2 - [AMD External Events Utility] - AMD External Events Utility - C:\Windows\system32\atiesrxx.exe
R2 - [AMD FUEL Service] - AMD FUEL Service - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe /launchService
R2 - [Apple Mobile Device] - Apple Mobile Device - "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
R2 - [Bonjour Service] - Bonjour Service - "C:\Program Files\Bonjour\mDNSResponder.exe"
R2 - [cvhsvc] - Client Virtualization Handler - "C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE"
R2 - [HP Support Assistant Service] - HP Support Assistant Service - "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
R2 - [hpsrv] - HP Service - C:\Windows\system32\Hpservice.exe
R2 - [HTCMonitorService] - HTCMonitorService - "C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe"
R2 - [IconMan_R] - IconMan_R - "C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe"
R2 - [McAPExe] - McAfee AP Service - "C:\Program Files\McAfee\MSC\McAPExe.exe"
R2 - [mfecore] - McAfee Anti-Malware Core - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
R2 - [mfefire] - McAfee Firewall Core Service - "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe"
R2 - [mfevtp] - McAfee Validation Trust Protection Service - "C:\Windows\system32\mfevtps.exe"
R2 - [PassThru Service] - Internet Pass-Through Service - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
R2 - [sftlist] - Application Virtualization Client - "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe"
R2 - [STacSV] - Audio Service - C:\Program Files\IDT\WDM\STacSV64.exe
R2 - [WSearch] - Windows Search - C:\Windows\system32\SearchIndexer.exe /Embedding
R3 - [BsHelpCS] - BsHelpCS - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
R3 - [hpqwmiex] - HP Software Framework Service - "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe"
R3 - [sftvsa] - Application Virtualization Service Agent - "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe"
R3 - [VSS] - Volume Shadow Copy - C:\Windows\system32\vssvc.exe
S2 - [gupdate] - Google Update Service (gupdate) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc
S2 - [sppsvc] - Software Protection - C:\Windows\system32\sppsvc.exe
S3 - [ALG] - Application Layer Gateway Service - C:\Windows\System32\alg.exe
S3 - [aspnet_state] - ASP.NET State Service - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
S3 - [ATTRcAppSvc] - AT&T RcAppSvc - "C:\Program Files (x86)\AT&T\Communication Manager\RcAppSvc.exe" /n "ATTRcAppSvc"
S3 - [CAATT] - AT&T Con App Svc - "C:\Program Files (x86)\AT&T\Communication Manager\ConAppsSvc.exe" /n "CAATT"
S3 - [COMSysApp] - COM+ System Application - C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S3 - [Fax] - Fax - C:\Windows\system32\fxssvc.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
S3 - [GamesAppService] - GamesAppService - "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe"
S3 - [gupdatem] - Google Update Service (gupdatem) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc
S3 - [iPod Service] - iPod Service - "C:\Program Files\iPod\bin\iPodService.exe"
S3 - [McODS] - McAfee Scanner - "C:\Program Files\McAfee\VirusScan\mcods.exe"
S3 - [MSDTC] - Distributed Transaction Coordinator - C:\Windows\System32\msdtc.exe
S3 - [msiserver] - Windows Installer - C:\Windows\system32\msiexec.exe /V
S3 - [ose] - Office Source Engine - "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
S3 - [osppsvc] - Office Software Protection Platform - "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
S3 - [PerfHost] - Performance Counter DLL Host - C:\Windows\SysWow64\perfhost.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - C:\Windows\system32\locator.exe
S3 - [SNMPTRAP] - SNMP Trap - C:\Windows\System32\snmptrap.exe
S3 - [TrustedInstaller] - Windows Modules Installer - C:\Windows\servicing\TrustedInstaller.exe
S3 - [vds] - Virtual Disk - C:\Windows\System32\vds.exe
S3 - [wbengine] - Block Level Backup Engine Service - "C:\Windows\system32\wbengine.exe"
S3 - [WinDefend] - Windows Defender Service - C:\Program Files\Windows Defender\MsMpEng.exe
S3 - [wmiApSrv] - WMI Performance Adapter - C:\Windows\system32\wbem\WmiApSrv.exe
S3 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - "C:\Program Files\Windows Media Player\wmpnetwk.exe"
==== Folders Found ======================
==== Files Found ======================
==== System Specs ======================
Windows: Windows Version 6.2 (Build 9200)
Memory (RAM): 5337 MB
CPU Info: AMD A10-5745M APU with Radeon(tm) HD Graphics
CPU Speed: 2098.4 MHz
Sound Card: Speakers / HP (IDT High Definit |
Display Adapters: AMD Radeon HD 8610G | AMD Radeon HD 8610G
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: GlobeTrotter GI4xx - Network Interface | Realtek PCIe GBE Family Controller
CD / DVD Drives: No optical drives found.
Ports: COM4 | COM6 | COM7 | COM5 | COM8 | COM9 LPT Port NOT Present.
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C: 669.5GB | D: 28.3GB | Q: 0.0MB
Hard Disks - Free: C: 617.9GB | D: 2.8GB | Q: 0.0MB
Manufacturer *: Insyde
BIOS Info: AT/AT COMPATIBLE | | HPQOEM - 1
Time Zone: Central Standard Time
Motherboard *: Hewlett-Packard 1995
Country: United States
Language: ENU
==== System Specs (Software) ======================
Anti-Virus: McAfee Anti-Virus and Anti-Spyware On-access scanning disabled (Outdated)
Anti-Virus: Windows Defender On-access scanning disabled (Outdated)
Anti-Spyware: McAfee Anti-Virus and Anti-Spyware disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Default Browser: Google Chrome 36.0.1985.125
Internet Explorer Version: 10.0.9200.16484
Google Chrome version: 36.0.1985.125
Sun Java version: 1.7.0_65 (32-bit)
Shockwave Player version: 11.6.6r636
==== Files Recently Created / Modified ======================
====== C:\Windows ====
====== C:\Users\DANIEL~1\AppData\Local\Temp ====
====== Java Cache =====
2014-07-25 22:03:30 0719A8334BEBACBFCA55555E98B66AB2 932 ----a-w- C:\Users\Daniel and Monica\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\31b19ba-78b3bc34
====== C:\Windows\SysWOW64 =====
2014-08-05 23:16:17 0DC5AF80D059DEC792B665ED598C6567 536576 ----a-w- C:\Windows\SysWOW64\sqlite3.dll
2014-07-25 21:30:31 7F26D694BC7E78958BE38D1D9AAFC2B9 272808 ----a-w- C:\Windows\SysWOW64\javaws.exe
2014-07-25 21:30:25 FFAECE8AEC1D9CCDCEC1C55C2CA450BA 175528 ----a-w- C:\Windows\SysWOW64\java.exe
2014-07-25 21:30:25 67BE34FBF29E783691C713517102E67E 175528 ----a-w- C:\Windows\SysWOW64\javaw.exe
2014-07-25 21:30:25 419094DF76A32252ECD70730382029ED 98216 ----a-w- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
====== C:\Windows\Tasks ======
2014-07-31 17:36:58 353900A9E4222DE11BBD598229BC2218 3232 ----a-w- C:\Windows\Sysnative\Tasks\HPCeeScheduleForDaniel and Monica
2014-07-31 17:36:57 448FFE031315F66D821261DDD44E8C16 394 ----a-w- C:\Windows\Tasks\HPCeeScheduleForDaniel and Monica.job
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2014-07-25 21:30:35 -------- d-----w- C:\PROGRA~2\COMMON~1\Java
======= C: =====
====== C:\Users\Daniel and Monica\AppData\Roaming ======
2014-07-25 22:03:37 -------- d-----w- C:\Users\Daniel and Monica\AppData\Roaming\Oracle
====== C:\Users\Daniel and Monica ======
2014-08-06 13:09:46 814F04C518BE150CC0A729633D4BA625 64376 ----a-w- C:\Users\Daniel and Monica\Downloads\Flash_Player_Pro_Update_Setup (1).exe
2014-08-05 23:30:48 814F04C518BE150CC0A729633D4BA625 64376 ----a-w- C:\Users\Daniel and Monica\Downloads\Flash_Player_Pro_Update_Setup.exe
2014-08-05 23:13:44 065B9F528580B2C8A54E9A14C6890685 1361309 ----a-w- C:\Users\Daniel and Monica\Downloads\AdwCleaner.exe
2014-07-25 21:30:25 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
====== C: exe-files ==
2014-08-06 13:09:46 814F04C518BE150CC0A729633D4BA625 64376 ----a-w- C:\Users\Daniel and Monica\Downloads\Flash_Player_Pro_Update_Setup (1).exe
2014-08-05 23:30:48 814F04C518BE150CC0A729633D4BA625 64376 ----a-w- C:\Users\Daniel and Monica\Downloads\Flash_Player_Pro_Update_Setup.exe
2014-08-05 23:13:44 065B9F528580B2C8A54E9A14C6890685 1361309 ----a-w- C:\Users\Daniel and Monica\Downloads\AdwCleaner.exe
2014-08-05 22:36:58 E8E6B607F2D74A880E58AC72ACB81A5A 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2915622603-1112060549-1817267183-1002\$IUHBT34.exe
2014-08-05 22:36:58 E3C6779B5833D03A737C0054C7AB925B 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2915622603-1112060549-1817267183-1002\$IGX2466.exe
2014-08-05 22:36:58 E01AA640A4036A93E2200A9BEC7CA603 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2915622603-1112060549-1817267183-1002\$I1XMUAV.exe
2014-08-05 22:36:58 D448ABBF5201BE9CEB383AE6E9179715 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2915622603-1112060549-1817267183-1002\$IIIY2M9.exe
2014-08-05 22:36:58 C55780BCEFA1DE271789EDDBCC014F6A 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2915622603-1112060549-1817267183-1002\$I3LGZCV.exe
2014-08-05 22:36:58 BBE2FFB9AEB0A545B56D882FEEE6CBFF 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2915622603-1112060549-1817267183-1002\$IDOQTG7.exe
2014-08-05 22:36:58 B5C7AAF094FD7392ECFEACBD58E53223 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2915622603-1112060549-1817267183-1002\$I4UA757.exe
2014-08-05 22:36:58 AE22158D34F8002162420D8A12501723 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2915622603-1112060549-1817267183-1002\$IX9W6BK.exe
2014-08-05 22:36:58 A6EA2BACE1CD1D0FBBC5ADCE5E34C5D8 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2915622603-1112060549-1817267183-1002\$IORX9VK.exe
2014-08-05 22:36:58 8C718F14666BEDA285C0D8F349B01B48 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2915622603-1112060549-1817267183-1002\$ITDHF98.exe
2014-08-05 22:36:58 79283B39FC49984768612AD396D7F16F 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2915622603-1112060549-1817267183-1002\$I8BHCHX.exe
2014-08-05 22:36:58 6EBEA15F003CC1CBF32300C5EAA1145B 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2915622603-1112060549-1817267183-1002\$IAUUNXU.exe
2014-08-05 22:36:58 6C370C508A2451FFDF5D3D03DACFE7F3 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2915622603-1112060549-1817267183-1002\$IDF2GP3.exe
2014-08-05 22:36:58 54A5665C1AA658154094CECFFAA6744D 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2915622603-1112060549-1817267183-1002\$IFPFFXG.exe
2014-08-05 22:36:58 4CF715E7CDC2F76B2FDCCBD405B991AC 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2915622603-1112060549-1817267183-1002\$IFG57NV.exe
2014-08-05 22:36:58 45DC917698BC1703C1C5E60B02DCB797 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2915622603-1112060549-1817267183-1002\$IINE5AW.exe
2014-08-05 22:36:58 052CEE929CE8BEBF092898028034093C 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2915622603-1112060549-1817267183-1002\$ITHS3VO.exe
2014-08-05 22:36:58 0302F45089C0B7593787DA2483F4D438 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2915622603-1112060549-1817267183-1002\$I0R06KA.exe
2014-08-05 22:31:49 814F04C518BE150CC0A729633D4BA625 64376 ----a-w- C:\$Recycle.Bin\S-1-5-21-2915622603-1112060549-1817267183-1002\$RTHS3VO.exe
2014-08-05 22:30:07 814F04C518BE150CC0A729633D4BA625 64376 ----a-w- C:\$Recycle.Bin\S-1-5-21-2915622603-1112060549-1817267183-1002\$RX9W6BK.exe
2014-08-05 22:29:47 814F04C518BE150CC0A729633D4BA625 64376 ----a-w- C:\$Recycle.Bin\S-1-5-21-2915622603-1112060549-1817267183-1002\$R8BHCHX.exe
2014-08-05 22:29:29 814F04C518BE150CC0A729633D4BA625 64376 ----a-w- C:\$Recycle.Bin\S-1-5-21-2915622603-1112060549-1817267183-1002\$RIIY2M9.exe
2014-08-05 22:29:26 814F04C518BE150CC0A729633D4BA625 64376 ----a-w- C:\$Recycle.Bin\S-1-5-21-2915622603-1112060549-1817267183-1002\$R3LGZCV.exe
2014-08-05 17:12:26 CD65B184796ED3925EEC131FEFABB9BA 64376 ----a-w- C:\$Recycle.Bin\S-1-5-21-2915622603-1112060549-1817267183-1002\$RTDHF98.exe
=== C: other files ==
==== Startup Registry Enabled ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"
"BtTray"="C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe"
"AccelerometerSysTrayApplet"="C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe"
"ISUSPM"="C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler"
"HPMessageService"="C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe"
"HP CoolSense"="C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey"
"AT&T Communication Manager"="C:\Program Files (x86)\AT&T\Communication Manager\ATTCM.exe -a"
"mcpltui_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"Windows Client Manager"="C:\Program Files (x86)\Flash Update\winclient32.exe"
"Nike+ Connect"="C:\Program Files (x86)\Nike\Nike+ Connect\Nike+ Connect daemon.exe"
"Windows Server Manager"="C:\Program Files (x86)\Java Service Manager\srvmoz32.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
==== Startup Registry Enabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe Update"
==== Task Scheduler Jobs ======================
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [06/27/2014 07:52 PM]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:76C:\ProgramC:FilesC:x86\Google\Update\GoogleUpdate.exe []
C:\Windows\tasks\HPCeeScheduleForDaniel and Monica.job --a-------- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [09/14/2010 12:15 AM]
==== Other Scheduled Tasks ======================
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\HPCeeScheduleForDaniel and Monica" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe]
"C:\Windows\SysNative\tasks\MirageAgent" [C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe]
"C:\Windows\SysNative\tasks\Synaptics TouchPad Enhancements" [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{872A5910-C429-4111-9D41-F184C43A1D9E}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack"="C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi" [07/18/2012 09:13 PM]
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
eihhgekonheiliaidomffpplfhecmkag - No path found[]
mikhcaiakabeeokmenglcdebplfdjicn - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\chromeShim.crx[07/18/2012 09:13 PM]
Google Drive - Daniel and Monica\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Google Voice Search Hotword (Beta) - Daniel and Monica\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
YouTube - Daniel and Monica\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Daniel and Monica\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Dragon NaturallySpeaking Rich Internet Application Support - Daniel and Monica\AppData\Local\Google\Chrome\User Data\Default\Extensions\mikhcaiakabeeokmenglcdebplfdjicn
Google Wallet - Daniel and Monica\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Daniel and Monica\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Chromium Startpages ======================
C:\Users\Daniel and Monica\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://www.google.com/",
"startup_urls": [ "http://www.google.com/" ],
==== IE Start and Search Settings ======================
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS"
{B41F438D-D448-49EE-A00F-B241291CED05} Yahoo! Search Url="http://us.yhs4.search.yahoo.com/yhs..._DS,221,0_0,Search,20140418,19669,0,GC34,8178"
{D944BB61-2E34-4DBF-A683-47E505C587DC} eBay Url="http://rover.ebay.com/rover/1/711-154371-11896-2/4"
==== C:\zoek_backup content ======================
C:\zoek_backup (files=0 folders=0 0 bytes)
==== EOF on Wed 08/06/2014 at 16:03:22.54 ======================
Tool run by Daniel and Monica on Wed 08/06/2014 at 15:58:23.91.
Microsoft Windows 8 6.2.9200 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Daniel and Monica\Downloads\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
8/6/2014 3:59:34 PM Zoek.exe System Restore Point Created Succesfully.
==== Installed Programs ======================
4 Elements II
7-Zip 9.20 (x64 edition)
Adobe Shockwave Player 11.6
Airport Mania
AMD Accelerated Video Transcoding
AMD Catalyst Install Manager
AMD Fuel
AMD VISION Engine Control Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AT&T Communication Manager
Azteca
Bejeweled 3
Bonjour
Bounce Symphony
Build-a-lot
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cradle Of Egypt Collector's Edition
Cradle of Rome 2
Curse at Twilight
Cyberlink PhotoDirector
CyberLink PowerDirector 10
CyberLink YouCam
D3DX10
Delicious: Emily's Childhood Memories Premium Edition
Dragon NaturallySpeaking 12
Energy Star
Farm Frenzy
Google Chrome
Google Update Helper
Governor of Poker 2 Premium Edition
Hewlett-Packard ACLM.NET v1.2.1.1
House of 1000 Doors: Family Secrets
HP 3D DriveGuard
HP Connected Music (Meridian - installer)
HP Connected Music (Meridian - player)
HP CoolSense
HP Customer Experience Enhancements
HP Documentation
HP MyRoom
HP Postscript Converter
HP Quick Start
HP Recovery Manager
HP Registration Service
HP Support Assistant
HP System Event Utility
HP Utility Center
HP Wireless Button Driver
HTC Driver Installer
HTC Sync Manager
IDT Audio
IPTInstaller
iTunes
Java 7 Update 60
Java Auto Updater
Jewel Match 3
Luxor Evolved
Mah Jong Medley
Mahjongg Dimensions Deluxe: Tiles in Time
McAfee AntiVirus
Microsoft Application Error Reporting
Microsoft Office
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
Movie Maker
MSVCRT
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP2 Parser and SDK
Mystery P.I. - Curious Case of Counterfeit Cove
Nike+ Connect
OEM Application Profile
Peggle Nights
Photo Common
Photo Gallery
Plants vs. Zombies - Game of the Year
Polar Bowler
Ralink Bluetooth Stack64
Ralink RT3290 802.11bgn Wi-Fi Adapter
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
Roads of Rome 3
Royal Envoy 2 Collector's Edition
swMSM
Synaptics Pointing Device Driver
Tales of Lagoona
Update Installer for WildTangent Games App
Vacation QuestT - Australia
WildTangent Games
WildTangent Games App (HP Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Youda Jewel Shop
Zuma's Revenge
==== Running Processes ======================
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\Flash Update\winclient32.exe
C:\Program Files (x86)\Nike\Nike+ Connect\Nike+ Connect daemon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Daniel and Monica\Downloads\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
==== Services (whitelist) ======================
Powered by E Dev
R2 - [AMD External Events Utility] - AMD External Events Utility - C:\Windows\system32\atiesrxx.exe
R2 - [AMD FUEL Service] - AMD FUEL Service - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe /launchService
R2 - [Apple Mobile Device] - Apple Mobile Device - "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
R2 - [Bonjour Service] - Bonjour Service - "C:\Program Files\Bonjour\mDNSResponder.exe"
R2 - [cvhsvc] - Client Virtualization Handler - "C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE"
R2 - [HP Support Assistant Service] - HP Support Assistant Service - "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
R2 - [hpsrv] - HP Service - C:\Windows\system32\Hpservice.exe
R2 - [HTCMonitorService] - HTCMonitorService - "C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe"
R2 - [IconMan_R] - IconMan_R - "C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe"
R2 - [McAPExe] - McAfee AP Service - "C:\Program Files\McAfee\MSC\McAPExe.exe"
R2 - [mfecore] - McAfee Anti-Malware Core - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
R2 - [mfefire] - McAfee Firewall Core Service - "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe"
R2 - [mfevtp] - McAfee Validation Trust Protection Service - "C:\Windows\system32\mfevtps.exe"
R2 - [PassThru Service] - Internet Pass-Through Service - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
R2 - [sftlist] - Application Virtualization Client - "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe"
R2 - [STacSV] - Audio Service - C:\Program Files\IDT\WDM\STacSV64.exe
R2 - [WSearch] - Windows Search - C:\Windows\system32\SearchIndexer.exe /Embedding
R3 - [BsHelpCS] - BsHelpCS - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
R3 - [hpqwmiex] - HP Software Framework Service - "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe"
R3 - [sftvsa] - Application Virtualization Service Agent - "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe"
R3 - [VSS] - Volume Shadow Copy - C:\Windows\system32\vssvc.exe
S2 - [gupdate] - Google Update Service (gupdate) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc
S2 - [sppsvc] - Software Protection - C:\Windows\system32\sppsvc.exe
S3 - [ALG] - Application Layer Gateway Service - C:\Windows\System32\alg.exe
S3 - [aspnet_state] - ASP.NET State Service - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
S3 - [ATTRcAppSvc] - AT&T RcAppSvc - "C:\Program Files (x86)\AT&T\Communication Manager\RcAppSvc.exe" /n "ATTRcAppSvc"
S3 - [CAATT] - AT&T Con App Svc - "C:\Program Files (x86)\AT&T\Communication Manager\ConAppsSvc.exe" /n "CAATT"
S3 - [COMSysApp] - COM+ System Application - C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S3 - [Fax] - Fax - C:\Windows\system32\fxssvc.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
S3 - [GamesAppService] - GamesAppService - "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe"
S3 - [gupdatem] - Google Update Service (gupdatem) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc
S3 - [iPod Service] - iPod Service - "C:\Program Files\iPod\bin\iPodService.exe"
S3 - [McODS] - McAfee Scanner - "C:\Program Files\McAfee\VirusScan\mcods.exe"
S3 - [MSDTC] - Distributed Transaction Coordinator - C:\Windows\System32\msdtc.exe
S3 - [msiserver] - Windows Installer - C:\Windows\system32\msiexec.exe /V
S3 - [ose] - Office Source Engine - "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
S3 - [osppsvc] - Office Software Protection Platform - "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
S3 - [PerfHost] - Performance Counter DLL Host - C:\Windows\SysWow64\perfhost.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - C:\Windows\system32\locator.exe
S3 - [SNMPTRAP] - SNMP Trap - C:\Windows\System32\snmptrap.exe
S3 - [TrustedInstaller] - Windows Modules Installer - C:\Windows\servicing\TrustedInstaller.exe
S3 - [vds] - Virtual Disk - C:\Windows\System32\vds.exe
S3 - [wbengine] - Block Level Backup Engine Service - "C:\Windows\system32\wbengine.exe"
S3 - [WinDefend] - Windows Defender Service - C:\Program Files\Windows Defender\MsMpEng.exe
S3 - [wmiApSrv] - WMI Performance Adapter - C:\Windows\system32\wbem\WmiApSrv.exe
S3 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - "C:\Program Files\Windows Media Player\wmpnetwk.exe"
==== Folders Found ======================
==== Files Found ======================
==== System Specs ======================
Windows: Windows Version 6.2 (Build 9200)
Memory (RAM): 5337 MB
CPU Info: AMD A10-5745M APU with Radeon(tm) HD Graphics
CPU Speed: 2098.4 MHz
Sound Card: Speakers / HP (IDT High Definit |
Display Adapters: AMD Radeon HD 8610G | AMD Radeon HD 8610G
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: GlobeTrotter GI4xx - Network Interface | Realtek PCIe GBE Family Controller
CD / DVD Drives: No optical drives found.
Ports: COM4 | COM6 | COM7 | COM5 | COM8 | COM9 LPT Port NOT Present.
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C: 669.5GB | D: 28.3GB | Q: 0.0MB
Hard Disks - Free: C: 617.9GB | D: 2.8GB | Q: 0.0MB
Manufacturer *: Insyde
BIOS Info: AT/AT COMPATIBLE | | HPQOEM - 1
Time Zone: Central Standard Time
Motherboard *: Hewlett-Packard 1995
Country: United States
Language: ENU
==== System Specs (Software) ======================
Anti-Virus: McAfee Anti-Virus and Anti-Spyware On-access scanning disabled (Outdated)
Anti-Virus: Windows Defender On-access scanning disabled (Outdated)
Anti-Spyware: McAfee Anti-Virus and Anti-Spyware disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Default Browser: Google Chrome 36.0.1985.125
Internet Explorer Version: 10.0.9200.16484
Google Chrome version: 36.0.1985.125
Sun Java version: 1.7.0_65 (32-bit)
Shockwave Player version: 11.6.6r636
==== Files Recently Created / Modified ======================
====== C:\Windows ====
====== C:\Users\DANIEL~1\AppData\Local\Temp ====
====== Java Cache =====
2014-07-25 22:03:30 0719A8334BEBACBFCA55555E98B66AB2 932 ----a-w- C:\Users\Daniel and Monica\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\31b19ba-78b3bc34
====== C:\Windows\SysWOW64 =====
2014-08-05 23:16:17 0DC5AF80D059DEC792B665ED598C6567 536576 ----a-w- C:\Windows\SysWOW64\sqlite3.dll
2014-07-25 21:30:31 7F26D694BC7E78958BE38D1D9AAFC2B9 272808 ----a-w- C:\Windows\SysWOW64\javaws.exe
2014-07-25 21:30:25 FFAECE8AEC1D9CCDCEC1C55C2CA450BA 175528 ----a-w- C:\Windows\SysWOW64\java.exe
2014-07-25 21:30:25 67BE34FBF29E783691C713517102E67E 175528 ----a-w- C:\Windows\SysWOW64\javaw.exe
2014-07-25 21:30:25 419094DF76A32252ECD70730382029ED 98216 ----a-w- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
====== C:\Windows\Tasks ======
2014-07-31 17:36:58 353900A9E4222DE11BBD598229BC2218 3232 ----a-w- C:\Windows\Sysnative\Tasks\HPCeeScheduleForDaniel and Monica
2014-07-31 17:36:57 448FFE031315F66D821261DDD44E8C16 394 ----a-w- C:\Windows\Tasks\HPCeeScheduleForDaniel and Monica.job
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2014-07-25 21:30:35 -------- d-----w- C:\PROGRA~2\COMMON~1\Java
======= C: =====
====== C:\Users\Daniel and Monica\AppData\Roaming ======
2014-07-25 22:03:37 -------- d-----w- C:\Users\Daniel and Monica\AppData\Roaming\Oracle
====== C:\Users\Daniel and Monica ======
2014-08-06 13:09:46 814F04C518BE150CC0A729633D4BA625 64376 ----a-w- C:\Users\Daniel and Monica\Downloads\Flash_Player_Pro_Update_Setup (1).exe
2014-08-05 23:30:48 814F04C518BE150CC0A729633D4BA625 64376 ----a-w- C:\Users\Daniel and Monica\Downloads\Flash_Player_Pro_Update_Setup.exe
2014-08-05 23:13:44 065B9F528580B2C8A54E9A14C6890685 1361309 ----a-w- C:\Users\Daniel and Monica\Downloads\AdwCleaner.exe
2014-07-25 21:30:25 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
====== C: exe-files ==
2014-08-06 13:09:46 814F04C518BE150CC0A729633D4BA625 64376 ----a-w- C:\Users\Daniel and Monica\Downloads\Flash_Player_Pro_Update_Setup (1).exe
2014-08-05 23:30:48 814F04C518BE150CC0A729633D4BA625 64376 ----a-w- C:\Users\Daniel and Monica\Downloads\Flash_Player_Pro_Update_Setup.exe
2014-08-05 23:13:44 065B9F528580B2C8A54E9A14C6890685 1361309 ----a-w- C:\Users\Daniel and Monica\Downloads\AdwCleaner.exe
2014-08-05 22:36:58 E8E6B607F2D74A880E58AC72ACB81A5A 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2915622603-1112060549-1817267183-1002\$IUHBT34.exe
2014-08-05 22:36:58 E3C6779B5833D03A737C0054C7AB925B 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2915622603-1112060549-1817267183-1002\$IGX2466.exe
2014-08-05 22:36:58 E01AA640A4036A93E2200A9BEC7CA603 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2915622603-1112060549-1817267183-1002\$I1XMUAV.exe
2014-08-05 22:36:58 D448ABBF5201BE9CEB383AE6E9179715 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2915622603-1112060549-1817267183-1002\$IIIY2M9.exe
2014-08-05 22:36:58 C55780BCEFA1DE271789EDDBCC014F6A 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2915622603-1112060549-1817267183-1002\$I3LGZCV.exe
2014-08-05 22:36:58 BBE2FFB9AEB0A545B56D882FEEE6CBFF 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2915622603-1112060549-1817267183-1002\$IDOQTG7.exe
2014-08-05 22:36:58 B5C7AAF094FD7392ECFEACBD58E53223 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2915622603-1112060549-1817267183-1002\$I4UA757.exe
2014-08-05 22:36:58 AE22158D34F8002162420D8A12501723 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2915622603-1112060549-1817267183-1002\$IX9W6BK.exe
2014-08-05 22:36:58 A6EA2BACE1CD1D0FBBC5ADCE5E34C5D8 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2915622603-1112060549-1817267183-1002\$IORX9VK.exe
2014-08-05 22:36:58 8C718F14666BEDA285C0D8F349B01B48 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2915622603-1112060549-1817267183-1002\$ITDHF98.exe
2014-08-05 22:36:58 79283B39FC49984768612AD396D7F16F 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2915622603-1112060549-1817267183-1002\$I8BHCHX.exe
2014-08-05 22:36:58 6EBEA15F003CC1CBF32300C5EAA1145B 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2915622603-1112060549-1817267183-1002\$IAUUNXU.exe
2014-08-05 22:36:58 6C370C508A2451FFDF5D3D03DACFE7F3 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2915622603-1112060549-1817267183-1002\$IDF2GP3.exe
2014-08-05 22:36:58 54A5665C1AA658154094CECFFAA6744D 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2915622603-1112060549-1817267183-1002\$IFPFFXG.exe
2014-08-05 22:36:58 4CF715E7CDC2F76B2FDCCBD405B991AC 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2915622603-1112060549-1817267183-1002\$IFG57NV.exe
2014-08-05 22:36:58 45DC917698BC1703C1C5E60B02DCB797 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2915622603-1112060549-1817267183-1002\$IINE5AW.exe
2014-08-05 22:36:58 052CEE929CE8BEBF092898028034093C 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2915622603-1112060549-1817267183-1002\$ITHS3VO.exe
2014-08-05 22:36:58 0302F45089C0B7593787DA2483F4D438 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2915622603-1112060549-1817267183-1002\$I0R06KA.exe
2014-08-05 22:31:49 814F04C518BE150CC0A729633D4BA625 64376 ----a-w- C:\$Recycle.Bin\S-1-5-21-2915622603-1112060549-1817267183-1002\$RTHS3VO.exe
2014-08-05 22:30:07 814F04C518BE150CC0A729633D4BA625 64376 ----a-w- C:\$Recycle.Bin\S-1-5-21-2915622603-1112060549-1817267183-1002\$RX9W6BK.exe
2014-08-05 22:29:47 814F04C518BE150CC0A729633D4BA625 64376 ----a-w- C:\$Recycle.Bin\S-1-5-21-2915622603-1112060549-1817267183-1002\$R8BHCHX.exe
2014-08-05 22:29:29 814F04C518BE150CC0A729633D4BA625 64376 ----a-w- C:\$Recycle.Bin\S-1-5-21-2915622603-1112060549-1817267183-1002\$RIIY2M9.exe
2014-08-05 22:29:26 814F04C518BE150CC0A729633D4BA625 64376 ----a-w- C:\$Recycle.Bin\S-1-5-21-2915622603-1112060549-1817267183-1002\$R3LGZCV.exe
2014-08-05 17:12:26 CD65B184796ED3925EEC131FEFABB9BA 64376 ----a-w- C:\$Recycle.Bin\S-1-5-21-2915622603-1112060549-1817267183-1002\$RTDHF98.exe
=== C: other files ==
==== Startup Registry Enabled ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"
"BtTray"="C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe"
"AccelerometerSysTrayApplet"="C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe"
"ISUSPM"="C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler"
"HPMessageService"="C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe"
"HP CoolSense"="C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey"
"AT&T Communication Manager"="C:\Program Files (x86)\AT&T\Communication Manager\ATTCM.exe -a"
"mcpltui_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"Windows Client Manager"="C:\Program Files (x86)\Flash Update\winclient32.exe"
"Nike+ Connect"="C:\Program Files (x86)\Nike\Nike+ Connect\Nike+ Connect daemon.exe"
"Windows Server Manager"="C:\Program Files (x86)\Java Service Manager\srvmoz32.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
==== Startup Registry Enabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe Update"
==== Task Scheduler Jobs ======================
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [06/27/2014 07:52 PM]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:76C:\ProgramC:FilesC:x86\Google\Update\GoogleUpdate.exe []
C:\Windows\tasks\HPCeeScheduleForDaniel and Monica.job --a-------- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [09/14/2010 12:15 AM]
==== Other Scheduled Tasks ======================
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\HPCeeScheduleForDaniel and Monica" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe]
"C:\Windows\SysNative\tasks\MirageAgent" [C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe]
"C:\Windows\SysNative\tasks\Synaptics TouchPad Enhancements" [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{872A5910-C429-4111-9D41-F184C43A1D9E}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack"="C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi" [07/18/2012 09:13 PM]
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
eihhgekonheiliaidomffpplfhecmkag - No path found[]
mikhcaiakabeeokmenglcdebplfdjicn - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\chromeShim.crx[07/18/2012 09:13 PM]
Google Drive - Daniel and Monica\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Google Voice Search Hotword (Beta) - Daniel and Monica\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
YouTube - Daniel and Monica\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Daniel and Monica\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Dragon NaturallySpeaking Rich Internet Application Support - Daniel and Monica\AppData\Local\Google\Chrome\User Data\Default\Extensions\mikhcaiakabeeokmenglcdebplfdjicn
Google Wallet - Daniel and Monica\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Daniel and Monica\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Chromium Startpages ======================
C:\Users\Daniel and Monica\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://www.google.com/",
"startup_urls": [ "http://www.google.com/" ],
==== IE Start and Search Settings ======================
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS"
{B41F438D-D448-49EE-A00F-B241291CED05} Yahoo! Search Url="http://us.yhs4.search.yahoo.com/yhs..._DS,221,0_0,Search,20140418,19669,0,GC34,8178"
{D944BB61-2E34-4DBF-A683-47E505C587DC} eBay Url="http://rover.ebay.com/rover/1/711-154371-11896-2/4"
==== C:\zoek_backup content ======================
C:\zoek_backup (files=0 folders=0 0 bytes)
==== EOF on Wed 08/06/2014 at 16:03:22.54 ======================
- Mar 8, 2013
- 22,627
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
- Right-click on
icon and select
Run as Administrator to start the tool.
- Wait patiently until the main console will appear, it may take a minute or two.
- In the main box please paste in the following script:
Code:createsrpoint; eihhgekonheiliaidomffpplfhecmkag;chr autoclean; emptyalltemp; ipconfig /flushdns;b ipconfig /release;b ipconfig /renew;b - Make sure that Scan All Users option is checked.
- Push Run Script and wait patiently. The scan may take a couple of minutes.
- When the scan completes, a zoek-results logfile should open in notepad.
- If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Post its content into your next reply.
- Mar 8, 2013
- 22,627
Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to me or any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.
Other members who need assistance please start your own topic in a new thread. Thanks!
Other members who need assistance please start your own topic in a new thread. Thanks!
- Status
Similar threads
-
- Locked
