Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Freezing, screens "jumping"...... [Solved]

Started by Robin Weisbrod , Jun 09 2014 06:51 AM

  • This topic is locked This topic is locked

#1
Robin Weisbrod
Posted 09 June 2014 - 06:51 AM

Robin Weisbrod

    Member

  • Member
  • PipPip
  • 26 posts

Windows 7 Professional

Service Pack 1

 

Intel Celeron CPU [email protected] GHz 2.19 GHz

 

Compaq Presario CQ56 (Laptop)

 

Computer locks up for no apparent reason.  Have to either do ctl alt del or pull the battery, to restart.  Have Microsoft Security Essentials, had Malware Bytes (Trial version), removed it this morning.  Have CCleaner and WinPatrol (Free).

 

Watching a video is impossible. But, that might be that the video card (?) needs to be upgraded.

 

Last night, when on Facebook, suddenly, FB (via Firefox) shrunk down and there was my desktop picture and just as quickly, FB reopened.

 

There also seems to be a slight lag when typing.

 

We have a "lap cooler" to help the fans keep the CPU cooler.

 

In the process of defragging.

 

I ran OTL and here is the report:

 

OTL logfile created on: 6/9/2014 7:54:17 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Heather\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.93 Gb Total Physical Memory | 0.41 Gb Available Physical Memory | 21.47% Memory free
3.87 Gb Paging File | 1.82 Gb Available in Paging File | 47.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 197.41 Gb Free Space | 84.80% Space Free | Partition Type: NTFS
 
Computer Name: GW-PC | User Name: Heather | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/06/09 07:53:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Heather\Desktop\OTL.exe
PRC - [2014/06/02 11:37:43 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/05/13 21:52:48 | 001,863,856 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
PRC - [2014/04/22 21:11:10 | 000,533,568 | ---- | M] (BillP Studios) -- C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2014/04/11 19:45:50 | 001,764,992 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2014/04/11 19:45:42 | 001,390,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2013/12/30 10:05:02 | 000,250,712 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
PRC - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/09/09 14:38:16 | 000,452,016 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
PRC - [2010/06/14 14:56:02 | 004,573,664 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
PRC - [2010/03/22 20:07:22 | 000,268,768 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/06/02 11:36:36 | 003,839,088 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/05/13 21:52:46 | 016,361,136 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
MOD - [2014/04/22 14:39:24 | 000,645,592 | ---- | M] () -- C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2010/06/14 14:56:02 | 004,573,664 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
MOD - [2009/08/28 16:50:18 | 000,282,624 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvcLib.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/03/11 12:34:10 | 000,347,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/03/11 12:34:10 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2014/03/06 04:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/06/24 16:24:12 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [1999/12/31 20:00:00 | 000,290,520 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV:64bit: - [1999/12/31 20:00:00 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2014/06/02 11:45:37 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/06/02 11:37:41 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/04/11 19:45:50 | 001,764,992 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2014/04/11 19:45:42 | 001,390,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2014/03/14 10:17:00 | 000,036,392 | ---- | M] (Just Develop It) [Auto | Running] -- C:\Program Files (x86)\MyPC Backup\BackupStack.exe -- (BackupStack)
SRV - [2013/12/30 10:05:02 | 000,250,712 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/11/04 19:31:56 | 000,092,160 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/22 20:07:22 | 000,268,768 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe -- (WSWNA1100)
SRV - [2010/03/22 20:05:40 | 000,960,992 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe -- (jswpsapi)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/06/09 06:22:09 | 000,016,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2014/06/05 16:28:00 | 000,061,016 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}Gw64.sys -- ({a3f28269-ad17-41a8-b032-3e0313ef8979}Gw64)
DRV:64bit: - [2014/03/11 09:52:30 | 000,133,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/11/26 15:49:44 | 000,888,536 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2013/10/01 22:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/03/02 09:35:27 | 001,390,640 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2013/02/22 17:29:08 | 002,426,672 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/11/14 17:57:06 | 010,629,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/04/13 10:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/09 16:33:10 | 001,849,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/15 02:28:00 | 000,026,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\jswpslwfx.sys -- (JSWPSLWF)
DRV:64bit: - [2007/01/19 18:24:24 | 000,025,312 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://speedial.com/...r=179315033&ir=
IE:64bit: - HKLM\..\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}: "URL" = http://speedial.com/...r=131636252&ir=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 41 2A A2 BB 42 7E CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "https://www.facebook.com/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Heather\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/06/02 11:35:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/06/02 11:35:57 | 000,000,000 | ---D | M]
 
[2014/03/09 17:55:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heather\AppData\Roaming\mozilla\Extensions
[2014/06/07 21:16:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heather\AppData\Roaming\mozilla\Firefox\Profiles\gkav90u3.default\extensions
[2014/06/02 11:35:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/06/02 11:37:49 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Speedial (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Error reading preferences file
CHR - Extension: Google Drive = C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: Google Wallet = C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
 
O1 HOSTS File: ([2014/03/09 07:39:35 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [4DAADDCB9FA62970F2B2FB4C7C7D6AF5DD866168._service_run] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service File not found
O4 - HKCU..\Run: [GoogleDriveSync] C:\PROGRAM FILES (X86)\Google\Drive\GOOGLEDRIVESYNC.EXE  /autostart File not found
O4 - HKCU..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - Startup: C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk = C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.h...pdetect119b.cab (GMNRev Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0CB83738-22F2-41E6-AFA7-950924D9E39E}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1705C9F-2B27-4A0B-99DD-862AAC30C80F}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/06/09 07:53:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Heather\Desktop\OTL.exe
[2014/06/08 22:01:30 | 000,000,000 | ---D | C] -- C:\Users\Heather\AppData\Local\Adobe
[2014/06/07 23:38:17 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/06/06 23:45:10 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2014/06/06 20:10:38 | 000,000,000 | ---D | C] -- C:\Users\Heather\AppData\Roaming\Mipony
[2014/06/05 22:06:02 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2014/06/05 22:06:01 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2014/06/05 22:06:00 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2014/06/05 22:05:59 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2014/06/05 22:05:42 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2014/06/05 22:05:41 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2014/06/05 22:00:56 | 000,113,576 | ---- | C] (Real Sound Lab SIA) -- C:\Windows\SysNative\CONEQMSAPOGUILibrary.dll
[2014/06/05 21:52:44 | 000,061,016 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}Gw64.sys
[2014/06/05 21:42:33 | 000,888,536 | ---- | C] (Realtek                                            ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2014/06/05 21:26:04 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2014/06/05 21:08:24 | 000,000,000 | ---D | C] -- C:\ProgramData\SlimWare Utilities, Inc
[2014/06/05 20:55:20 | 000,000,000 | ---D | C] -- C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
[2014/06/05 20:55:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup
[2014/06/05 20:55:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate
[2014/06/05 20:53:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiPony
[2014/06/05 20:53:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MiPony
[2014/06/05 20:50:39 | 000,000,000 | ---D | C] -- C:\Users\Heather\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
[2014/06/05 20:48:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak
[2014/06/05 20:47:29 | 000,000,000 | -HSD | C] -- C:\Users\Heather\AppData\Local\EmieUserList
[2014/06/05 20:47:29 | 000,000,000 | -HSD | C] -- C:\Users\Heather\AppData\Local\EmieSiteList
[2014/06/05 20:47:29 | 000,000,000 | ---D | C] -- C:\Users\Heather\AppData\Roaming\Systweak
[2014/06/05 20:46:49 | 000,000,000 | ---D | C] -- C:\Users\Heather\AppData\Roaming\DigitalSites
[2014/06/02 11:43:02 | 000,000,000 | ---D | C] -- C:\Users\Heather\AppData\Roaming\UpdaterEX
[2014/06/02 11:35:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
 
========== Files - Modified Within 30 Days ==========
 
[2014/06/09 07:53:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Heather\Desktop\OTL.exe
[2014/06/09 07:53:00 | 000,000,300 | ---- | M] () -- C:\Windows\tasks\Digital Sites.job
[2014/06/09 07:52:16 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/06/09 07:49:03 | 000,000,300 | ---- | M] () -- C:\Windows\tasks\Speedial.job
[2014/06/09 07:43:03 | 000,000,300 | ---- | M] () -- C:\Windows\tasks\UpdaterEX.job
[2014/06/09 07:24:03 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/09 07:04:44 | 000,015,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/09 07:04:44 | 000,015,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/09 06:57:21 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/09 06:57:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/09 06:57:01 | 1556,287,488 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/09 06:22:09 | 000,016,152 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2014/06/09 06:21:20 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHeather.job
[2014/06/08 21:10:33 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2591928319-2057418030-2561847195-1000UA.job
[2014/06/08 18:10:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2591928319-2057418030-2561847195-1000Core.job
[2014/06/06 18:53:02 | 000,000,069 | ---- | M] () -- C:\Users\Heather\AppData\Roaming\WB.CFG
[2014/06/05 20:55:42 | 000,001,973 | ---- | M] () -- C:\Users\Heather\Desktop\Sync Folder.lnk
[2014/06/05 20:55:20 | 000,001,101 | ---- | M] () -- C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
[2014/06/05 20:55:20 | 000,001,091 | ---- | M] () -- C:\Users\Heather\Desktop\MyPC Backup.lnk
[2014/06/05 20:55:05 | 000,002,469 | ---- | M] () -- C:\Users\Public\Desktop\DriverUpdate.lnk
[2014/06/05 20:46:21 | 000,782,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/06/05 20:46:21 | 000,662,650 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/06/05 20:46:21 | 000,122,486 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/06/05 16:28:00 | 000,061,016 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}Gw64.sys
[2014/06/02 11:49:25 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
 
========== Files Created - No Company Name ==========
 
[2014/06/05 22:05:44 | 000,757,301 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2014/06/05 20:55:42 | 000,001,973 | ---- | C] () -- C:\Users\Heather\Desktop\Sync Folder.lnk
[2014/06/05 20:55:20 | 000,001,101 | ---- | C] () -- C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
[2014/06/05 20:55:20 | 000,001,091 | ---- | C] () -- C:\Users\Heather\Desktop\MyPC Backup.lnk
[2014/06/05 20:55:05 | 000,002,469 | ---- | C] () -- C:\Users\Public\Desktop\DriverUpdate.lnk
[2014/06/05 20:49:05 | 000,000,300 | ---- | C] () -- C:\Windows\tasks\Speedial.job
[2014/06/05 20:48:05 | 000,016,896 | ---- | C] () -- C:\Windows\SysNative\sasnative64.exe
[2014/06/05 20:46:56 | 000,000,300 | ---- | C] () -- C:\Windows\tasks\Digital Sites.job
[2014/06/02 11:43:19 | 000,000,069 | ---- | C] () -- C:\Users\Heather\AppData\Roaming\WB.CFG
[2014/06/02 11:43:09 | 000,000,300 | ---- | C] () -- C:\Windows\tasks\UpdaterEX.job
[2014/04/18 22:06:11 | 000,775,124 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/03/17 13:42:16 | 000,001,084 | ---- | C] () -- C:\Users\Heather\Documents - Shortcut.lnk
[2014/02/19 19:19:25 | 000,003,584 | ---- | C] () -- C:\Users\Heather\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/05/15 08:19:55 | 000,454,656 | ---- | C] () -- C:\Windows\SysWow64\PaintX.dll
[2013/02/15 17:24:45 | 000,033,134 | ---- | C] () -- C:\Users\Heather\AppData\Roaming\UserTile.png
[2013/01/16 21:40:52 | 000,102,248 | ---- | C] () -- C:\Users\Heather\GoToAssistDownloadHelper.exe
[2012/11/14 17:57:08 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2012/11/14 17:57:06 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2012/11/14 17:57:04 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2012/10/20 09:41:32 | 000,000,000 | ---- | C] () -- C:\ProgramData\0x0304A000.sfl
[2012/08/19 16:11:18 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 22:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 22:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/06/05 20:50:39 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
[2013/11/18 16:42:01 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\0S1F1O2Z0S2Y1H1T
[2014/06/06 19:55:51 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\DigitalSites
[2014/01/20 15:51:54 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Garmin
[2014/06/06 20:12:55 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Mipony
[2013/05/15 08:35:05 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\MyHeritage
[2014/02/20 18:31:31 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Nico Mak Computing
[2012/08/19 16:37:12 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\ooVoo Details
[2012/08/19 16:29:11 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Panda Security
[2013/12/02 16:37:26 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\SystemRequirementsLab
[2014/06/06 19:55:52 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Systweak
[2013/05/15 08:19:54 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\The Complete Genealogy Reporter - FTB
[2014/06/02 11:43:02 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\UpdaterEX
[2014/03/28 10:24:09 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\WinPatrol
 
========== Purity Check ==========
 
 

< End of report >
 

 


  • 0

Advertisements

#2
Naathim
Posted 09 June 2014 - 07:11 AM

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
Greetings! welcome.gif

My name's Naathim, I'm a GeekU Minion and I'm pleased to meet you!
Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat :)
I know that it is quite frustrating to have a corrupted machine because I was once in your shoes. Don't worry! Maybe I'm not a super-human, I don't know everything nor I am limitless, but I promise to do my best to fix your issues!

Here are some notes that should make our work faster and easier, please take a look and stay familiar with them :happy:
 

icon_exclaim.gif


icon_arrow.gif Malware removal is a long-time process due to tough analysis and research. Stay with me until I say we're done.
icon_arrow.gif Read my instructions completely before proceeding and always run the tools in the order given!
icon_arrow.gifDon't try to fix anything on your own or run any other tools. They may interfere what may lead to prevent your System from the next boot-up.
icon_arrow.gif To make my work easier post the logs directly in your replies, unless asked to attach them.



icon_question.gif


icon_idea.gifIf any unexpected problem will appear, interrupt processing and return here with a note!
icon_idea.gifNever be afraid to ask if in doubt!

Now that we have formalities out of the way, let's get started! :rockon:
 
 
 
On your desktop there should be also second one file, named Extras.txt. Could you please post also that one for me?
 


= = = = = = = = = = = = = = = = = = = =



 
After that we'll run ZOEK.

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Please also download the attached scriptfile, named zoekscript.txt.
Attached File  zoekscript.txt   143bytes   141 downloads

icon_idea.gif Disable your AntiVirus and AntiSpyware programs, so they do not interfere with the running of Zoek.exe. You can find instructions how to disable your security applications here.

Now, on your Desktop, drag and drop zoekscript.txt on Zoek.exe as shown below:

51dd31d8563a6-output_TD9fmK.gif

Please approve any UAC prompt to allow this action to proceed.

Answer Yes to the following prompt to allow the zoek script to run:


zoek-script-warning.jpg

This action causes Zoek.exe to start automatically. Please be patient while Zoek is scanning.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please post the zoek-results.log in your reply.


= = = = = = = = = = = = = = = = = = = =



Now in your next reply please include these ones for my review:
icon_arrow.gif Extras report
icon_arrow.gif ZOEK report


I don't mind multiple posts if necessary.

Cheers,
Naat :)
  • 0

#3
Robin Weisbrod
Posted 09 June 2014 - 07:31 AM

Robin Weisbrod

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Here us the Extra log

 

OTL Extras logfile created on: 6/9/2014 7:54:17 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Heather\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.93 Gb Total Physical Memory | 0.41 Gb Available Physical Memory | 21.47% Memory free
3.87 Gb Paging File | 1.82 Gb Available in Paging File | 47.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 197.41 Gb Free Space | 84.80% Space Free | Partition Type: NTFS
 
Computer Name: GW-PC | User Name: Heather | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05B92BC7-DBA1-452B-B865-8D0427C0F155}" = lport=2869 | protocol=6 | dir=in | app=system |
"{157482A1-4100-4B78-B6E7-204AD0DB0441}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1B0FBC24-6FC6-431B-8E6C-1793CED7275F}" = lport=137 | protocol=17 | dir=in | app=system |
"{216831A4-E353-44BD-A3D9-336FAC48B4B8}" = rport=445 | protocol=6 | dir=out | app=system |
"{24CF5EFB-3BAF-48A7-9F03-277B5E518CC3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{287E7E61-3490-49E7-B4E2-CCF4F61EDB3A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2EFC8F7F-FF15-41C2-AE4E-6FEAD8797EA0}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{38F8F23F-4510-487A-81E7-BED9EF6CB041}" = rport=137 | protocol=17 | dir=out | app=system |
"{3B80CA3D-CCAE-45D9-8C0A-AF2AF3EAF298}" = rport=138 | protocol=17 | dir=out | app=system |
"{4651330B-7F41-4C51-A19E-E86791BC6127}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{471C40B9-7013-4BAE-A973-9C35DB3125BF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4B481E97-B92E-4C46-A6B6-96370BC778A6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{53037066-14C1-41FC-B2E0-4FD0DDC27A6C}" = rport=2869 | protocol=6 | dir=out | app=system |
"{547743D6-24AC-4E80-A664-1F706345C9A9}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{5BA45242-7FDB-41D5-9A07-E5A003DA3928}" = lport=2869 | protocol=6 | dir=in | app=system |
"{72B45D48-17C9-400D-BFCD-0999F1501BF9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7397749E-851E-4D5F-97A7-1A7DE09DC3C9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{75400E50-05F5-40D4-A0CB-DC4EE83F4F44}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{81151CA4-828D-4661-B6E8-972D79BBB465}" = rport=10243 | protocol=6 | dir=out | app=system |
"{8318EDAF-C292-4CD6-BECC-CCA945F493FA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{860D8774-AD51-4E24-9C94-479E56EE1CE8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{8A929A1E-CE0C-4720-B654-F11E011800C8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8EC78474-606A-4F0C-AF8A-DF58217FDEE7}" = rport=139 | protocol=6 | dir=out | app=system |
"{906610AA-5184-4BCF-940A-0C3E619FC26D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{97D7EB5D-4D87-49AD-8B33-7FFE8920CF91}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9AF938C0-5DCB-4EE6-B3D1-16A43319EA16}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9DC89AFC-618A-4950-91F8-66DCFF1B4510}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{9FE02666-5716-4DF1-8CBE-B73ACCBC822B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A9CC5F3E-4079-4996-92F2-0787DF4AAF1A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AF7DDE9A-7EE1-4BAF-B050-45BAA6C10695}" = lport=138 | protocol=17 | dir=in | app=system |
"{B3DD90BE-57AC-40CA-B31A-C62AA7156889}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B4746460-076F-4637-AB6F-25B7FBA30CC0}" = lport=139 | protocol=6 | dir=in | app=system |
"{B77FF82A-C235-4617-AA06-C016313A2F54}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C6EFBE9E-F39C-401F-966C-81462D3F29AF}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{D577AA72-5C06-4785-BE55-455F1AEB03A1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E7FB5B95-C9EC-4456-90B2-75C4E6E0358C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E9A7264B-D1E1-42BB-B58A-774873B7179A}" = lport=445 | protocol=6 | dir=in | app=system |
"{EFB2F519-1600-480F-A62F-E854C2D4A9E0}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F1E390DD-B3DD-4857-9BF9-03AE4D4CC3D4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{042790BB-2E9D-4D92-9A96-60FB44062505}" = protocol=58 | dir=in | [email protected],-148 |
"{07EC2B24-572C-4EED-A669-79ACDD2A3D99}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{0D90774D-704A-4B63-86BD-C92646E6BDDC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{119C77AB-5D1F-4CE5-B573-C3F289C2878E}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{1A1F649C-5630-442F-B453-F7975564D052}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1DDF9387-13FD-49B7-BD31-541FEBB1F3B1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1F8ABDA2-4FC1-49A1-8750-0463885F9C1A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{24A4A479-3E51-4EA8-B6F4-D60AF0A827FC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{29210D08-FC3D-46FB-A7F4-15E0C98D5CD1}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{454B97C4-8506-4DB9-A514-CF3EED4538A1}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpwarrantychecker.exe |
"{4AAFFE68-5EFC-42BC-B869-E84C8B4CB8D2}" = protocol=58 | dir=in | [email protected],-28545 |
"{4B4A0467-4A7F-4088-BF5F-BA66D186911E}" = protocol=1 | dir=out | [email protected],-28544 |
"{4EB376B5-B1DC-4BC8-8F60-21C9692A78E2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{52351FB9-2285-4391-830E-D1759BDC527C}" = protocol=6 | dir=in | app=c:\program files (x86)\panda security\panda security toolbar\dtuser.exe |
"{5A6A6BD6-5AC2-4444-B7F9-B070AC7067DE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{635F1BFD-6769-45BD-81F9-07157A60F551}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{64DBC583-2D97-487B-9AA8-9E28F02E316F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{66DCFD4C-9E44-4B7B-837E-CBF1736BA1F4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{69527B69-5CDD-47C8-8E84-700D01DD0AB6}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{78E4A293-F99F-48DA-9382-DF22B337AB6A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7D86D0FB-8513-41A7-A4B1-93EC68468779}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7FE194CB-1E62-4838-86F2-6F306200628A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{878FEED7-D459-4B97-A717-B0DD1A584687}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{87F2E3AA-ABD7-4EAF-A381-583EDDE914BE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{93965F65-390F-404C-A344-14D8EE43DA09}" = protocol=6 | dir=out | app=system |
"{95E97A2E-720F-4E1B-8E4C-9CF2CB9D8CF0}" = protocol=17 | dir=in | app=c:\program files (x86)\panda security\panda security toolbar\dtuser.exe |
"{9A9FEED7-4E55-442B-B564-2C882569F647}" = protocol=58 | dir=out | [email protected],-28546 |
"{9BA4DED8-7963-47C4-BEEB-38F40BCE45F5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A1BE2D78-398E-46BB-86F4-0B65E493335E}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe |
"{ABF75EE8-1967-4D88-A209-89BB117AD258}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CF9B3356-689A-4070-AC58-8DDD85AF63AA}" = protocol=1 | dir=in | [email protected],-28543 |
"{D3EB77CD-6510-408A-95F6-4608B0B01983}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DA10F169-85D4-4FDF-A15C-9FFCAE80FE6C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F645D500-23A3-485A-B487-14F9FE815123}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FA1CEB3A-A69C-43F8-BC70-BE27246196B2}" = dir=in | app=c:\users\heather\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"TCP Query User{3E4782BC-672E-48F6-A445-673EEDD9419F}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"TCP Query User{D537294A-1ACA-43B0-B1E9-08A8E7A79BD2}C:\program files (x86)\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ares\ares.exe |
"TCP Query User{ECA19542-A823-4D4A-A570-EB169758927A}C:\program files (x86)\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ares\ares.exe |
"UDP Query User{7941C5D3-FF8F-410E-9FD9-AD5F612AFFBD}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"UDP Query User{931A020F-0C42-4BD4-8464-086C52B55D43}C:\program files (x86)\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ares\ares.exe |
"UDP Query User{F88C1B68-9376-4D3B-983F-E292E414131D}C:\program files (x86)\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ares\ares.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{091A0130-A82F-4A6D-9C61-3BBBB3289030}" = RtVOsd
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX410_series" = Canon MX410 series MP Drivers
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{787136D2-F0F8-4625-AA3F-72D7795AC842}" = Apple Mobile Device Support
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{84481A87-2316-4923-8FAB-3BA8CA29323D}" = WinPatrol
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{B8BA155B-1E75-405F-9CB4-8A99615D09DC}" = iTunes
"{BFAE8D5B-F918-486F-B74E-90762DF11C5C}" = Microsoft Security Client
"CCleaner" = CCleaner
"Microsoft Security Client" = Microsoft Security Essentials
"MyPC Backup" = MyPC Backup
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0904cc72-1b29-426a-b0f0-228d2744a4f6}" = Garmin Express
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{18FEC022-D8CE-48DF-A57A-1085D4F58F6E}" = Elevated Installer
"{26A24AE4-039D-4CA4-87B4-2F83217055FF}" = Java 7 Update 55
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros for Acer MyAllm Driver v7.1.0.90 Installation Program
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F38594F-2C4A-4C42-B2C4-505E225F6F80}" = HP Product Detection
"{53C63F43-B827-42D9-8886-4698D91EA33B}" = System Requirements Lab for Intel
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.2.3
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}" = Facebook Video Calling 2.0.0.447
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT5390 802.11b/g/n WiFi Adapter
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{9608B011-02E9-4A66-A0FC-3264A79F808A}" = Garmin Express
"{97C97FAC-9153-409E-A9C8-A19AFABE7547}" = DriverUpdate
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2AE9709-283B-4B48-AA34-729C070A62FB}" = NETGEAR WNA1100 wireless USB 2.0 adapter
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}" = Apple Application Support
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.07)
"{BB285C9F-C821-4770-8970-56C4AB52C87E}" = Skype Click to Call
"{CB47925A-50F0-493A-B3B0-3F6C632FCE8D}" = Garmin Express Tray
"{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}" = HP Support Assistant
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.1
"Ares" = Ares 2.1.8
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"Family Tree Builder" = MyHeritage Family Tree Builder
"Mozilla Firefox 29.0.1 (x86 en-US)" = Mozilla Firefox 29.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PhotoScape" = PhotoScape
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"PhotoScape Packages" = PhotoScape Packages
"UpdaterEX" = Extended Update
"Zip Opener Packages" = Zip Opener Packages
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 6/8/2014 5:20:05 PM | Computer Name = GW-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 6/8/2014 5:20:05 PM | Computer Name = GW-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2777
 
Error - 6/8/2014 5:20:05 PM | Computer Name = GW-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2777
 
Error - 6/8/2014 5:54:31 PM | Computer Name = GW-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 6/8/2014 5:54:31 PM | Computer Name = GW-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2067933
 
Error - 6/8/2014 5:54:31 PM | Computer Name = GW-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2067933
 
Error - 6/8/2014 5:54:32 PM | Computer Name = GW-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 6/8/2014 5:54:32 PM | Computer Name = GW-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2068932
 
Error - 6/8/2014 5:54:32 PM | Computer Name = GW-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2068932
 
Error - 6/9/2014 6:56:24 AM | Computer Name = GW-PC | Source = Application Error | ID = 1000
Description = Faulting application name: mbamscheduler.exe, version: 3.0.2.0, time
 stamp: 0x5339cec3  Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
 code: 0xc0000005  Fault offset: 0x00000000  Faulting process id: 0x5ac  Faulting application
 start time: 0x01cf83d11b0fc99d  Faulting application path: C:\Program Files (x86)\Malwarebytes
 Anti-Malware\mbamscheduler.exe  Faulting module path: unknown  Report Id: b259c8e9-efc4-11e3-a410-984be19a5d88
 
[ System Events ]
Error - 6/7/2014 10:25:11 PM | Computer Name = GW-PC | Source = ipnathlp | ID = 31004
Description =
 
Error - 6/8/2014 3:59:40 PM | Computer Name = GW-PC | Source = ipnathlp | ID = 31004
Description =
 
Error - 6/8/2014 4:59:35 PM | Computer Name = GW-PC | Source = ipnathlp | ID = 31004
Description =
 
Error - 6/8/2014 6:24:39 PM | Computer Name = GW-PC | Source = ipnathlp | ID = 31004
Description =
 
Error - 6/8/2014 6:54:40 PM | Computer Name = GW-PC | Source = ipnathlp | ID = 31004
Description =
 
Error - 6/8/2014 8:09:35 PM | Computer Name = GW-PC | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
 period.
 
Error - 6/8/2014 8:10:35 PM | Computer Name = GW-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the Garmin Core Update Service service.
 
Error - 6/8/2014 8:15:04 PM | Computer Name = GW-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
 Error Reporting Service service to connect.
 
Error - 6/8/2014 8:19:36 PM | Computer Name = GW-PC | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
 period.
 
Error - 6/9/2014 6:53:30 AM | Computer Name = GW-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:40:00 AM on ?6/?9/?2014 was unexpected.
 
 
< End of report >
 


  • 0

#4
Robin Weisbrod
Posted 09 June 2014 - 07:46 AM

Robin Weisbrod

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Zoek.exe v5.0.0.0 Updated 02-June-2014
Tool run by Heather on Mon 06/09/2014 at  9:38:47.03.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Heather\Desktop\zoek.exe
Script used: C:\Users\Heather\Desktop\zoekscript.txt

==== System Restore Info ======================

6/9/2014 9:41:49 AM Zoek.exe System Restore Point Created Succesfully.

==== Installed Programs ======================

Adobe Flash Player 13 ActiveX  
Adobe Flash Player 13 Plugin  
Adobe Reader XI (11.0.07)  
Adobe Shockwave Player 12.1  
Apple Application Support  
Apple Mobile Device Support  
Apple Software Update  
Ares 2.1.8  
Atheros for Acer MyAllm Driver v7.1.0.90 Installation Program  
Bonjour  
Canon IJ Network Scanner Selector EX  
Canon IJ Network Tool  
Canon MX410 series MP Drivers  
CCleaner  
Compatibility Pack for the 2007 Office system  
DriverUpdate  
Elevated Installer  
Extended Update  
Facebook Video Calling 2.0.0.447  
Garmin Express  
Garmin Express Tray  
Google Update Helper  
Hewlett-Packard ACLM.NET v1.2.2.3  
HP Customer Experience Enhancements  
HP Product Detection  
HP Support Assistant  
Intel® Graphics Media Accelerator Driver  
Intel® Rapid Storage Technology  
iTunes  
Java 7 Update 55  
Java Auto Updater  
Microsoft .NET Framework 4.5.1  
Microsoft Office Word Viewer 2003  
Microsoft Security Client  
Microsoft Security Essentials  
Microsoft Silverlight  
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17  
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161  
Mozilla Firefox 29.0.1 (x86 en-US)  
Mozilla Maintenance Service  
MyHeritage Family Tree Builder  
MyPC Backup   
NETGEAR WNA1100 wireless USB 2.0 adapter  
PhotoScape  
PhotoScape Packages  
Ralink RT5390 802.11b/g/n WiFi Adapter  
Realtek Ethernet Controller Driver  
Realtek High Definition Audio Driver  
Realtek WLAN Driver  
RtVOsd  
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)  
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)  
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)  
Skype Click to Call  
swMSM  
Synaptics Pointing Device Driver  
System Requirements Lab for Intel  
WinPatrol  
Zip Opener Packages  

==== Running Processes ======================

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
C:\PROGRAM FILES (X86)\CANON\IJ NETWORK SCANNER SELECTOR EX\CNMNSST.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\Users\Heather\Desktop\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe

==== Services (whitelist) ======================
Powered by E Dev

R2 - [AdobeARMservice] - Adobe Acrobat Update Service - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
R2 - [AERTFilters] - Andrea RT Filters Service - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
R2 - [Apple Mobile Device] - Apple Mobile Device - "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
R2 - [BackupStack] - Computer Backup (MyPC Backup) - C:\Program Files (x86)\MyPC Backup\BackupStack.exe
R2 - [Bonjour Service] - Bonjour Service - "C:\Program Files\Bonjour\mDNSResponder.exe"
R2 - [c2cautoupdatesvc] - Skype Click to Call Updater - "C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service
R2 - [c2cpnrsvc] - Skype Click to Call PNR Service - "C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service
R2 - [Garmin Core Update Service] - Garmin Core Update Service - "C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe"
R2 - [HP Support Assistant Service] - HP Support Assistant Service - "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
R2 - [MsMpSvc] - Microsoft Antimalware Service - "c:\Program Files\Microsoft Security Client\MsMpEng.exe"
R2 - [RtkAudioService] - Realtek Audio Service - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
R2 - [RtVOsdService] - RtVOsdService Installer - "C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe"
R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - "C:\Program Files\Windows Media Player\wmpnetwk.exe"
R2 - [WSearch] - Windows Search - C:\Windows\system32\SearchIndexer.exe /Embedding
R3 - [ALG] - Application Layer Gateway Service - C:\Windows\System32\alg.exe
R3 - [VSS] - Volume Shadow Copy - C:\Windows\system32\vssvc.exe
S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
S2 - [gupdate] - Google Update Service (gupdate) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc
S2 - [sppsvc] - Software Protection - C:\Windows\system32\sppsvc.exe
S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
S3 - [COMSysApp] - COM+ System Application - C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S3 - [ehRecvr] - Windows Media Center Receiver Service - C:\Windows\ehome\ehRecvr.exe
S3 - [ehSched] - Windows Media Center Scheduler Service - C:\Windows\ehome\ehsched.exe
S3 - [Fax] - Fax - C:\Windows\system32\fxssvc.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
S3 - [gupdatem] - Google Update Service (gupdatem) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc
S3 - [hpqwmiex] - HP Software Framework Service - "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe"
S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - C:\Windows\system32\IEEtwCollector.exe /V
S3 - [iPod Service] - iPod Service - "C:\Program Files\iPod\bin\iPodService.exe"
S3 - [jswpsapi] - JumpStart Wi-Fi Protected Setup - C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe
S3 - [MozillaMaintenance] - Mozilla Maintenance Service - "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
S3 - [MSDTC] - Distributed Transaction Coordinator - C:\Windows\System32\msdtc.exe
S3 - [msiserver] - Windows Installer - C:\Windows\system32\msiexec.exe /V
S3 - [NisSrv] - Microsoft Network Inspection - "c:\Program Files\Microsoft Security Client\NisSrv.exe"
S3 - [ose] - Office Source Engine - "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
S3 - [PerfHost] - Performance Counter DLL Host - C:\Windows\SysWow64\perfhost.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - C:\Windows\system32\locator.exe
S3 - [SNMPTRAP] - SNMP Trap - C:\Windows\System32\snmptrap.exe
S3 - [TrustedInstaller] - Windows Modules Installer - C:\Windows\servicing\TrustedInstaller.exe
S3 - [vds] - Virtual Disk - C:\Windows\System32\vds.exe
S3 - [WatAdminSvc] - Windows Activation Technologies Service - C:\Windows\system32\Wat\WatAdminSvc.exe
S3 - [wbengine] - Block Level Backup Engine Service - "C:\Windows\system32\wbengine.exe"
S3 - [wmiApSrv] - WMI Performance Adapter - C:\Windows\system32\wbem\WmiApSrv.exe
S4 - [aspnet_state] - ASP.NET State Service - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

==== System Specs ======================

Windows: Windows 7 Professional Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 1979 MB
CPU Info: Intel® Celeron® CPU          900  @ 2.20GHz
CPU Speed: 1034.2 MHz
Sound Card: Speakers (Realtek High Definiti |
Display Adapters: Mobile Intel® 4 Series Express Chipset Family | Mobile Intel® 4 Series Express Chipset Family | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: Ralink RT5390 802.11b/g/n WiFi Adapter | Realtek PCIe FE Family Controller
CD / DVD Drives: 1x (D: | ) D: hp      CDDVDW TS-L633R
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 16 Button Wheel Mouse Present
Hard Disks: C:  232.8GB
Hard Disks - Free: C:  197.2GB
Manufacturer *: Hewlett-Packard
BIOS Info: AT/AT COMPATIBLE | 04/07/11 | HPQOEM - 1
Time Zone: Eastern Standard Time
Motherboard *: Hewlett-Packard 1605
Country: United States
Language: ENU

==== System Specs (Software) ======================

Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: Microsoft Security Essentials disabled (Outdated)
Default Browser: Firefox    29.0.1
Internet Explorer Version: 11.0.9600.17107
Mozilla Firefox version: 29.0.1 (x86 en-US)
Adobe Reader version: 11.0.07.79
Sun Java version: 1.7.0_55 (32-bit)
Flash Player version: 13.0.0.214
Shockwave Player version: 12.1.2r152

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-2591928319-2057418030-2561847195-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"4DAADDCB9FA62970F2B2FB4C7C7D6AF5DD866168._service_run"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --type=service"
"WinPatrol"="C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot"
"GoogleDriveSync"="C:\PROGRAM FILES (X86)\Google\Drive\GOOGLEDRIVESYNC.EXE  /autostart"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"panda4_0dn"="reg.exe delete HKCU\Software\AppDataLow\Software\panda4_0dn /f"
"panda4_0dn_XP"="reg.exe delete HKCU\Software\panda4_0dn /f"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"panda4_0dn"="reg.exe delete HKCU\Software\AppDataLow\Software\panda4_0dn /f"
"panda4_0dn_XP"="reg.exe delete HKCU\Software\panda4_0dn /f"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"4DAADDCB9FA62970F2B2FB4C7C7D6AF5DD866168._service_run"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --type=service"
"WinPatrol"="C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot"
"GoogleDriveSync"="C:\PROGRAM FILES (X86)\Google\Drive\GOOGLEDRIVESYNC.EXE  /autostart"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe Update"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Family Tree Builder Update]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Family Tree Builder Update"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\MyHeritage\\Bin\\FTBCheckUpdates.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GarminExpressTrayApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GarminExpressTrayApp"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Garmin\\Express Tray\\ExpressTray.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""


==== Startup Folders ======================

2014-06-06 00:55:20    1101    ----a-w-    C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
2012-08-19 19:40:14    912    ----a-w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA1100 Smart Wizard.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [06/02/2014 11:45 AM]
C:\Windows\tasks\Digital Sites.job --a------ C:\Users\Heather\AppData\Roaming\DIGITA1\UPDATE1\UPDATE1.exe []
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2591928319-2057418030-2561847195-1000Core.job --a------ C:\Users\Heather\AppData\Local\Facebook\Update\FacebookUpdate.exe [03/26/2014 06:05 PM]
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2591928319-2057418030-2561847195-1000UA.job --a------ C:\Users\Heather\AppData\Local\Facebook\Update\FacebookUpdate.exe [03/26/2014 06:05 PM]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [02/14/2013 04:51 PM]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [02/14/2013 04:51 PM]
C:\Windows\tasks\HPCeeScheduleForHeather.job --a------ C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [07/15/2011 05:43 AM]
C:\Windows\tasks\Speedial.job --a------ [Undetermined Task]
C:\Windows\tasks\UpdaterEX.job --a------ C:\Users\Heather\AppData\Roaming\UPDATE1\UPDATE1\UPDATE1.exe []

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\Advanced System Protector_startup" [C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\Digital Sites" [C:\Users\Heather\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE]
"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-2591928319-2057418030-2561847195-1000Core" [C:\Users\Heather\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-2591928319-2057418030-2561847195-1000UA" [C:\Users\Heather\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\HPCeeScheduleForHeather" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe]
"C:\Windows\SysNative\tasks\LaunchApp" [C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe]
"C:\Windows\SysNative\tasks\RegClean Pro" [C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe]
"C:\Windows\SysNative\tasks\Speedial" [C:\Users\Heather\AppData\Roaming\Speedial\UPDATE~1\UPDATE~1.EXE]
"C:\Windows\SysNative\tasks\UpdaterEX" [C:\Users\Heather\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe]

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\gkav90u3.default
C195AC4544729A69CFF30BB62F473054    - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll -    Shockwave for Director / Shockwave for Director
A58DE0A570148AF5FF3512B2A340D09F    - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll -    Shockwave Flash
E37EAD09D28AE19D8A39B6A95F47513A    - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll -    Shockwave for Director / Shockwave for Director
FF0D6F82A0EC13952E83B9439100E45D    - C:\Users\Heather\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll -    Facebook Video Calling Plugin


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
bakijjialdiiboeaknfpmflphhmljfkd - No path found[]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[04/11/2014 07:46 PM]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
apdfllckaahabafndbhieahigkjlhalf - C:\Users\Heather\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx[]
bakijjialdiiboeaknfpmflphhmljfkd - No path found[]

Google Drive - Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Google Voice Search Hotword (Beta) - Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
Google Wallet - Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Google Docs - Heather\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Heather\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Heather\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Heather\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Skype for Chromium - Heather\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
AVG SafeGuard - Heather\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Google Wallet - Heather\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Heather\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] not found

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{31090377-0740-419E-BEFC-A56E50500D5B} Unknown  Url="Not_Found"

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on Mon 06/09/2014 at  9:44:35.94 ======================
 


  • 0

#5
Robin Weisbrod
Posted 09 June 2014 - 09:38 AM

Robin Weisbrod

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Additional FYI -- what the heck is this?  Teredo Tunneling Pseudo-Interface -- I have drivers missing?


  • 0

#6
Naathim
Posted 09 June 2014 - 11:49 AM

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Hi  :)
 

Additional FYI -- what the heck is this? Teredo Tunneling Pseudo-Interface -- I have drivers missing?

A strong indicator for this particular drivers would be missing internet WiFi connection, so if you don't face this kind of issues I'd say - No  :)


OK, let's try to fix the issues appearing in your logs. But first, please read the three warnings below. They address some additional security risks and vulnerabilities that I've spotted.


Registry Cleaner/Optimizer advice and warning!
CCleaner

Looks like there's this kind of software installed on your machine. I really doubt it will speed up your machine's performance, but it will surely increase the risk to damage it. Without even the basic Registry knowledge, this type of application may bring more harm than good. There were cases when such software left PC's unstable and unbootable. Below you can find Microsoft statement and some wise people talking about Registry Cleaners and this kind of Windows tweaking:
icon_idea.gifMicrosoft policy for the use of registry cleaners
icon_idea.gifMike Russinovich (Microsoft)
icon_idea.gifMiekiemoes (Malwarebytes)
icon_idea.gifMacboatmaster (G2G)
In your own interest should be staying away from this kind of applications. My best advice is that they should be removed/uninstalled. Or at least please refrain from using CCleaner for registry cleaning purposes.



I've spotted signs of a P2P program installed on your machine.
Ares 2.1.8
 

icon_exclaim.gifBe warned:

P2P programs, as they are legal itself, are often used to obtain some illegal downloads. Currently it's one of the best ways to get infected: unsecured ports, downloaded cracks... There have been some extreme cases in which passwords, private or financial data was exposed to file sharing network because of bad P2P configuration.

I'm rather sure that if you'll continue using P2P, you'll be often visiting our Malware Removal Forum.
I strongly recommend full uninstallation of any P2P apps (if so, please do it from the Control Panel > Add/Remove Programs), but if you want to leave them on your OS (cause this is optional), at least please refrain from using it until we finish our work with cleaning your computer now.
 

My friendly advice: at least, when downloading any files from P2P network, scan them at Jotti or VirScan.


 

Windows Sidebar vulnerability

You have Windows Sidebar running on your machine, and it has been well-known lately for some security issues.
Here you can read a little about it, as Microsoft desdcribed it in this article.

 

icon_idea.gif The fix to disable Windows Sidebar may be downloaded from here.

 

= = = = = = = = = = = = = = = = = = = =

 

icon_arrow.gifFIRST

We need to uninstall some software from your machine.

Please open Start > Control Panel > Uninstall a program or Programs and Features if in Classic View, locate these programs on the list and uninstall them one after another:

  • Ares 2.1.8 (optional)
  • CCleaner (optional)
  • Extended Update
  • MyPC Backup
  • Zip Opener Packages

All of these are unwanted, so don't hesitate to get rid of them!
If you won't find some of them in the Control Panel, just move on and notify me  :)


 

= = = = = = = = = = = = = = = = = = = =

 

icon_arrow.gifSECOND

I need you to download the attached script:


icon_idea.gif Disable your AntiVirus and AntiSpyware programs, so they do not interfere with the running of Zoek.exe. You can find instructions how to disable your security applications here.

Now, on your Desktop, drag and drop zoekscript.txt on Zoek.exe as shown below:

 

51dd31d8563a6-output_TD9fmK.gif

 

Please approve any UAC prompt to allow this action to proceed.

Answer Yes to the following prompt to allow the zoek script to run:

 

zoek-script-warning.jpg

 

This action causes Zoek.exe to start automatically. Please be patient while Zoek is scanning.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please post the zoek-results.log in your reply.


Cheers,
Naat  :)


  • 0

#7
Robin Weisbrod
Posted 09 June 2014 - 01:28 PM

Robin Weisbrod

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Zoek.exe v5.0.0.0 Updated 02-June-2014
Tool run by Heather on Mon 06/09/2014 at 14:22:36.46.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Heather\Desktop\zoek.exe [Scan all users]   [Deep Scan]

==== System Restore Info ======================

6/9/2014 2:23:50 PM Zoek.exe System Restore Point Created Succesfully.

==== Running Processes ======================

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
C:\PROGRAM FILES (X86)\CANON\IJ NETWORK SCANNER SELECTOR EX\CNMNSST.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\Users\Heather\Desktop\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe

==== System Specs ======================

Windows: Windows 7 Professional Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 1979 MB
CPU Info: Intel® Celeron® CPU          900  @ 2.20GHz
CPU Speed: 493.1 MHz
Sound Card: Speakers (Realtek High Definiti |
Display Adapters: Mobile Intel® 4 Series Express Chipset Family | Mobile Intel® 4 Series Express Chipset Family | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: Ralink RT5390 802.11b/g/n WiFi Adapter | Realtek PCIe FE Family Controller
CD / DVD Drives: 1x (D: | ) D: hp      CDDVDW TS-L633R
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 16 Button Wheel Mouse Present
Hard Disks: C:  232.8GB
Hard Disks - Free: C:  196.8GB
Manufacturer *: Hewlett-Packard
BIOS Info: AT/AT COMPATIBLE | 04/07/11 | HPQOEM - 1
Time Zone: Eastern Standard Time
Motherboard *: Hewlett-Packard 1605
Country: United States
Language: ENU

==== System Specs (Software) ======================

Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: Microsoft Security Essentials disabled (Outdated)
Default Browser: Firefox    29.0.1
Internet Explorer Version: 11.0.9600.17107
Mozilla Firefox version: 29.0.1 (x86 en-US)
Adobe Reader version: 11.0.07.79
Sun Java version: 1.7.0_55 (32-bit)
Flash Player version: 13.0.0.214
Shockwave Player version: 12.1.2r152

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\Heather\AppData\Local\Temp ====
2014-06-09 18:18:19    BF375A90FE0B135395E20B0EB9190C11    572739    ----a-w-    C:\Users\Heather\AppData\Local\Temp\26485085.Uninstall\uninstaller.exe
2014-06-09 18:17:48    BF375A90FE0B135395E20B0EB9190C11    572739    ----a-w-    C:\Users\Heather\AppData\Local\Temp\26454119.Uninstall\uninstaller.exe
2014-06-09 11:09:02    FE447D1CD38CECAC2331FA932078D9A0    271360    ----a-w-    C:\Users\Heather\AppData\Local\Temp\7318583B-9773-48F1-8C47-033E42C02C4D\SmiProvider.dll
2014-06-09 11:09:02    FC2DB5842190C6E78A40CD7DA483B27C    435712    ----a-w-    C:\Users\Heather\AppData\Local\Temp\7318583B-9773-48F1-8C47-033E42C02C4D\DmiProvider.dll
2014-06-09 11:09:02    FC00A05639494779002682A9B965EF9C    471040    ----a-w-    C:\Users\Heather\AppData\Local\Temp\7318583B-9773-48F1-8C47-033E42C02C4D\WimProvider.dll
2014-06-09 11:09:02    F2B0771A7CD27F20689E0AB787B7EB7C    289792    ----a-w-    C:\Users\Heather\AppData\Local\Temp\7318583B-9773-48F1-8C47-033E42C02C4D\DismCore.dll
2014-06-09 11:09:02    EFCB002ABC3529D71B61E6FB6434566C    762368    ----a-w-    C:\Users\Heather\AppData\Local\Temp\7318583B-9773-48F1-8C47-033E42C02C4D\CbsProvider.dll
2014-06-09 11:09:02    E7CAED467F80B29F4E63BA493614DBB1    127488    ----a-w-    C:\Users\Heather\AppData\Local\Temp\7318583B-9773-48F1-8C47-033E42C02C4D\OSProvider.dll
2014-06-09 11:09:02    C9D74156913061BE6C51D8FC3ACF8E93    53760    ----a-w-    C:\Users\Heather\AppData\Local\Temp\7318583B-9773-48F1-8C47-033E42C02C4D\FolderProvider.dll
2014-06-09 11:09:02    BBB9E4FA2561F6A6E5CCF25DA069AC1B    313344    ----a-w-    C:\Users\Heather\AppData\Local\Temp\7318583B-9773-48F1-8C47-033E42C02C4D\IntlProvider.dll
2014-06-09 11:09:02    9A821D8D62F4C60232B856E98CBA7E4F    96768    ----a-w-    C:\Users\Heather\AppData\Local\Temp\7318583B-9773-48F1-8C47-033E42C02C4D\DismHost.exe
2014-06-09 11:09:02    8D3855B133E21143E8B4BFADB9FB14A3    302080    ----a-w-    C:\Users\Heather\AppData\Local\Temp\7318583B-9773-48F1-8C47-033E42C02C4D\UnattendProvider.dll
2014-06-09 11:09:02    8CA117CB9338C0351236939717CB7084    186368    ----a-w-    C:\Users\Heather\AppData\Local\Temp\7318583B-9773-48F1-8C47-033E42C02C4D\DismProv.dll
2014-06-09 11:09:02    7B38D7916A7CD058C16A0A6CA5077901    271360    ----a-w-    C:\Users\Heather\AppData\Local\Temp\7318583B-9773-48F1-8C47-033E42C02C4D\wdscore.dll
2014-06-09 11:09:02    739968678548BA15F6B9372E8760C012    444416    ----a-w-    C:\Users\Heather\AppData\Local\Temp\7318583B-9773-48F1-8C47-033E42C02C4D\TransmogProvider.dll
2014-06-09 11:09:02    6A4BD682396F29FD7DF5AB389509B950    183296    ----a-w-    C:\Users\Heather\AppData\Local\Temp\7318583B-9773-48F1-8C47-033E42C02C4D\CompatProvider.dll
2014-06-09 11:09:02    5488E381238FF19687FDD7AB2F44CFCC    111616    ----a-w-    C:\Users\Heather\AppData\Local\Temp\7318583B-9773-48F1-8C47-033E42C02C4D\DismCorePS.dll
2014-06-09 11:09:02    45FF4FA5CA5432BFCCDED4433FE2A85B    216576    ----a-w-    C:\Users\Heather\AppData\Local\Temp\7318583B-9773-48F1-8C47-033E42C02C4D\MsiProvider.dll
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-06-06 01:26:04    4B2E28731AC72530E58ED1F1EB0A93A1    53248    ----a-w-    C:\Windows\SysWOW64\CSVer.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-06-06 02:07:08    F0D94C5786977B4C44A914683DEBAA9A    1958616    ----a-w-    C:\Windows\Sysnative\RTSnMg64.cpl
2014-06-06 02:07:04    80B20B593B6E1A6739DCC02A6F9E7B01    2825432    ----a-w-    C:\Windows\Sysnative\RtPgEx64.dll
2014-06-06 02:06:55    CA1D7D09854D305A64B100DC1400BA21    331880    ----a-w-    C:\Windows\Sysnative\RtlCPAPI64.dll
2014-06-06 02:06:32    8814A281406553A2640D6A04702C63BD    14952    ----a-w-    C:\Windows\Sysnative\RtkCoLDR64.dll
2014-06-06 02:06:31    0805289E121F3E3C458C970B08314EB2    149608    ----a-w-    C:\Windows\Sysnative\RtkCfg64.dll
2014-06-06 02:06:28    9F1152244ACE17E902AB52109E538CDE    2792152    ----a-w-    C:\Windows\Sysnative\RtkAPO64.dll
2014-06-06 02:06:16    859A6A3DCA742EA7ECDB4165ACDE835B    1024216    ----a-w-    C:\Windows\Sysnative\RtkApi64.dll
2014-06-06 02:06:02    D0D0D82B7366E691275E433CD34F89B2    375128    ----a-w-    C:\Windows\Sysnative\RTEEP64A.dll
2014-06-06 02:06:01    ECAEC5FBBBEF8612AF0A866AFA5F7EF2    101208    ----a-w-    C:\Windows\Sysnative\RTEEL64A.dll
2014-06-06 02:06:00    6F4CD493196100EEF349D7132CECAFD9    78680    ----a-w-    C:\Windows\Sysnative\RTEEG64A.dll
2014-06-06 02:05:59    A6286A6C7A1BBFCBA17AA54384A21D1C    204120    ----a-w-    C:\Windows\Sysnative\RTEED64A.dll
2014-06-06 02:05:58    AB41DE46A8AF724A2F3AFA9196BADD6E    624344    ----a-w-    C:\Windows\Sysnative\RtDataProc64.dll
2014-06-06 02:05:49    14034C2BA3D17139EEC0CB1D4D213DA6    1286872    ----a-w-    C:\Windows\Sysnative\RTCOM64.dll
2014-06-06 02:05:42    B6FE01558CC03F3866C9AD0ED19261D8    310104    ----a-w-    C:\Windows\Sysnative\RP3DHT64.dll
2014-06-06 02:05:41    E9D4A333DF15D06C68AC4BFB9B6581CB    310104    ----a-w-    C:\Windows\Sysnative\RP3DAA64.dll
2014-06-06 02:05:26    9520A3509F6FB3ED3DDAD652790947EF    56270848    ----a-w-    C:\Windows\Sysnative\RCoRes64.dat
2014-06-06 02:05:25    67EFC411D07A73BF4F894A363850C73D    946392    ----a-w-    C:\Windows\Sysnative\RCoInstII64.dll
2014-06-06 02:00:56    6E14F444A2506049EEC25CB5EDFE0905    113576    ----a-w-    C:\Windows\Sysnative\CONEQMSAPOGUILibrary.dll
2014-06-06 02:00:39    B3E9EA31E37EDCC1D54CE20504549ABE    108640    ----a-w-    C:\Windows\Sysnative\AERTAR64.dll
2014-06-06 02:00:39    2CBDC11690656A1A2D03EC65AE2BCE68    209096    ----a-w-    C:\Windows\Sysnative\AERTAC64.dll
2014-06-06 01:42:33    0D2106264D437A031DD64A9DA514357F    73800    ----a-w-    C:\Windows\Sysnative\RtNicProp64.dll
2014-06-06 00:48:05    CB8572E790FCE09714143741C20E9934    16896    ----a-w-    C:\Windows\Sysnative\sasnative64.exe
====== C:\Windows\Sysnative\drivers =====
2014-06-06 02:06:51    ECA5E9DA350D2D21376260CD3602449A    3872984    ----a-w-    C:\Windows\Sysnative\drivers\RTKVHD64.sys
2014-06-06 02:05:44    D53A0800A3E7E720F12C1FD2854CC97B    757301    ----a-w-    C:\Windows\Sysnative\drivers\RTAIODAT.DAT
2014-06-06 01:52:44    A76194BC2B0941029D5099BAA6997181    61016    ----a-w-    C:\Windows\Sysnative\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}Gw64.sys
2014-06-06 01:42:33    AC4CA62572CA516945AB92D6C9F501F4    888536    ----a-w-    C:\Windows\Sysnative\drivers\Rt64win7.sys
2014-05-14 14:19:37    1C2D8E18AA8FD50CD04C15CC27F7F5AB    155072    ----a-w-    C:\Windows\Sysnative\drivers\ksecpkg.sys
2014-05-14 14:19:35    353009DEDF918B2A51414F330CF72DEC    95680    ----a-w-    C:\Windows\Sysnative\drivers\ksecdd.sys
====== C:\Windows\Tasks ======
2014-06-06 02:06:27    73602891AA4F3BD1758F00B29AFFB16A    4024    ----a-w-    C:\Windows\Sysnative\Tasks\LaunchApp
2014-06-06 00:49:59    B314B206B6B7F44121E7F2F249EBE694    3120    ----a-w-    C:\Windows\Sysnative\Tasks\Advanced System Protector_startup
2014-06-06 00:49:05    7C04D71CB86A709F17F69A66E2C165FE    3238    ----a-w-    C:\Windows\Sysnative\Tasks\Speedial
2014-06-06 00:49:05    3869E7454AA84C839A25454D9C614C83    300    ----a-w-    C:\Windows\Tasks\Speedial.job
2014-06-06 00:47:31    D8113471914AF22112C7EF7C7837A406    3108    ----a-w-    C:\Windows\Sysnative\Tasks\RegClean Pro
2014-06-06 00:46:57    B02D3A83C2BA95CA6AFD57533652B46E    3234    ----a-w-    C:\Windows\Sysnative\Tasks\Digital Sites
2014-06-06 00:46:56    5D54EAE870E51D2FDABD2F1673AB2124    300    ----a-w-    C:\Windows\Tasks\Digital Sites.job
2014-06-02 15:43:10    69F1C665049721815CF358884C1E4D56    3238    ----a-w-    C:\Windows\Sysnative\Tasks\UpdaterEX
2014-06-02 15:43:09    51CB00CA2A31E4DE86C17D2EB42652B2    300    ----a-w-    C:\Windows\Tasks\UpdaterEX.job
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2014-06-06 00:53:09    --------    d-----w-    C:\PROGRA~2\MiPony
======= C: =====
====== C:\Users\Heather\AppData\Roaming ======
2014-06-09 02:01:30    --------    d-----w-    C:\Users\Heather\AppData\Local\Adobe
2014-06-07 00:10:38    --------    d-----w-    C:\Users\Heather\AppData\Roaming\Mipony
2014-06-06 01:59:25    --------    d-----r-    C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-06 01:59:19    --------    d-----r-    C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-06-06 01:59:18    --------    d-----w-    C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Programs
2014-06-06 00:47:29    --------    d-sh--w-    C:\Users\Heather\AppData\Local\EmieUserList
2014-06-06 00:47:29    --------    d-sh--w-    C:\Users\Heather\AppData\Local\EmieSiteList
2014-06-06 00:47:29    --------    d-----w-    C:\Users\Heather\AppData\Roaming\Systweak
2014-06-06 00:46:49    --------    d-----w-    C:\Users\Heather\AppData\Roaming\DigitalSites
2014-06-02 15:43:19    340B3089637863F40E71D13191AF66FF    69    ----a-w-    C:\Users\Heather\AppData\Roaming\WB.CFG
2014-06-02 15:43:02    --------    d-----w-    C:\Users\Heather\AppData\Roaming\UpdaterEX
====== C:\Users\Heather ======
2014-06-09 11:53:58    4ADCFEE16EE9978F06157634669D36FB    602112    ----a-w-    C:\Users\Heather\Desktop\OTL.exe
2014-06-06 01:59:29    --------    d-----r-    C:\Windows\sysWoW64\config\systemprofile\Saved Games
2014-06-06 01:59:29    --------    d-----r-    C:\Windows\sysWoW64\config\systemprofile\Links
2014-06-06 01:59:23    --------    d-----r-    C:\Windows\sysWoW64\config\systemprofile\Downloads
2014-06-06 01:59:21    --------    d-----r-    C:\Windows\sysWoW64\config\systemprofile\Documents
2014-06-06 01:59:18    --------    d-----r-    C:\Windows\sysWoW64\config\systemprofile\Favorites
2014-06-06 01:59:17    --------    d-----r-    C:\Windows\sysWoW64\config\systemprofile\Contacts
2014-06-06 01:59:16    --------    d-----r-    C:\Windows\sysWoW64\config\systemprofile\Pictures
2014-06-06 01:59:16    --------    d-----r-    C:\Windows\sysWoW64\config\systemprofile\Desktop
2014-06-06 01:59:12    --------    d-----r-    C:\Windows\sysWoW64\config\systemprofile\Videos
2014-06-06 01:59:01    --------    d-----r-    C:\Windows\sysWoW64\config\systemprofile\Music
2014-06-06 01:59:00    --------    d-----r-    C:\Windows\sysWoW64\config\systemprofile\Searches
2014-06-06 01:08:24    --------    d-----w-    C:\ProgramData\SlimWare Utilities, Inc
2014-06-06 00:55:04    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate
2014-06-06 00:53:10    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiPony
2014-06-06 00:52:45    67C3FB8B1199C3CA41CBE48895CF4527    676144    ----a-w-    C:\Users\Heather\Downloads\DownloadManagerSetup.exe
2014-06-06 00:48:25    --------    d-----w-    C:\ProgramData\Systweak
2014-06-06 00:45:18    1FE8478B627E6008BA9DF2A582CEE351    678768    ----a-w-    C:\Users\Heather\Downloads\ZipSetup (1).exe
2014-06-06 00:44:48    1FE8478B627E6008BA9DF2A582CEE351    678768    ----a-w-    C:\Users\Heather\Downloads\ZipSetup.exe
2014-06-02 15:48:33    A61A24E28CE5E961941D61C1D342AC39    4748896    ----a-w-    C:\Users\Heather\Downloads\ccsetup414.exe
2014-06-02 15:44:59    9EB650979D6F9B4AEFFA3AD34A278C3D    1130024    ----a-w-    C:\Users\Heather\Downloads\wpsetup (1).exe
2014-06-02 15:41:01    F4D86DE67DD7D8E058130639950D5799    831968    ----a-w-    C:\Users\Heather\Downloads\Adobe_Flash_Setup.exe

====== C: exe-files ==
2014-06-09 18:18:19    BF375A90FE0B135395E20B0EB9190C11    572739    ----a-w-    C:\Users\Heather\AppData\Local\Temp\26485085.Uninstall\uninstaller.exe
2014-06-09 18:17:48    BF375A90FE0B135395E20B0EB9190C11    572739    ----a-w-    C:\Users\Heather\AppData\Local\Temp\26454119.Uninstall\uninstaller.exe
2014-06-09 11:53:58    4ADCFEE16EE9978F06157634669D36FB    602112    ----a-w-    C:\Users\Heather\Desktop\OTL.exe
2014-06-09 11:09:02    9A821D8D62F4C60232B856E98CBA7E4F    96768    ----a-w-    C:\Users\Heather\AppData\Local\Temp\7318583B-9773-48F1-8C47-033E42C02C4D\DismHost.exe
2014-06-07 03:49:22    F7E6167884E80909A4D5140C752947F7    88530    ----a-w-    C:\Windows\SysWOW64\Adobe\Shockwave 12\uninstaller.exe
2014-06-07 00:19:28    3AF5806AAB54D86CDA7AAA034FD2C35E    38382160    ----a-w-    C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\35.0.1916.114\35.0.1916.114_chrome_installer.exe
2014-06-06 02:17:11    72C58C9DE23EE6B9B15E9D3A33E5B59E    1719512    ------w-    C:\Program Files (x86)\Realtek\Audio\InstallShield\Rtkupd64.exe
2014-06-06 02:12:41    58CE5E3CC9457FDB8F3EC0B8A6F95542    2232320    ----a-w-    C:\ProgramData\Ralink Driver\RT2860 Wireless LAN Card\RT\RT28.exe
2014-06-06 02:12:41    4EBC8B16E4FFA41F36B8D13CF1FCF211    83296    ----a-w-    C:\ProgramData\Ralink Driver\RT2860 Wireless LAN Card\RT\devcon.exe
2014-06-06 02:12:41    394EA0490D4A382627D5D3951633DE16    86880    ----a-w-    C:\ProgramData\Ralink Driver\RT2860 Wireless LAN Card\RT\devcon64.exe
2014-06-06 02:12:34    F9512D59CD0ACC0CA2F436FF820F0977    461888    ----a-w-    C:\Program Files (x86)\InstallShield Installation Information\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}\setup.exe
2014-06-06 02:08:33    72C58C9DE23EE6B9B15E9D3A33E5B59E    1719512    ------w-    C:\Program Files (x86)\Realtek\Audio\Drivers\RtlUpd64.exe
2014-06-06 02:06:56    72C58C9DE23EE6B9B15E9D3A33E5B59E    1719512    ----a-w-    C:\Program Files\Realtek\Audio\HDA\RtlUpd64.exe
2014-06-06 02:06:50    D50641A2D01DE51173084D42E87DD269    7541976    ----a-w-    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
2014-06-06 02:06:29    F1D20C2B36F78863530B251DF504CC51    290520    ----a-w-    C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
2014-06-06 02:05:22    37C6C318D6AFAFA2EBA99820EDF21DA6    13667032    ----a-w-    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
2014-06-06 02:04:58    AAA55BD633DBDB39746CC2394A04187F    1381744    ----a-w-    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
2014-06-06 02:00:40    D1E343BC00136CE03C4D403194D06A80    98208    ----a-w-    C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
2014-06-06 02:00:30    49B3D2077199C44C1F3BBB16B4094AE6    121064    ----a-w-    C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe
2014-06-06 01:59:57    D87A2C80695F22C428BD4A64291D45E3    5632    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2014-06-06 01:52:43    49B3D2077199C44C1F3BBB16B4094AE6    121064    ------w-    C:\Program Files (x86)\Realtek\Audio\Drivers\HDADrv\Setup.exe
2014-06-06 01:42:31    1DD071EF86CC8E5C020A484F852F2245    187024    ----a-w-    C:\Program Files (x86)\Realtek\NICDRV_8169\RTINSTALLER64.EXE
2014-06-06 01:09:27    DB5EAC1973399BB63B0E992553E893E6    956341    ----a-w-    C:\ProgramData\SlimWare Utilities, Inc\DriverApp\Downloads\00DB5EAC1973399BB63B0E992553E893E600000000000E97B5.exe
2014-06-06 01:09:14    16DED7281767295641C932058640C483    31523720    ----a-w-    C:\ProgramData\SlimWare Utilities, Inc\DriverApp\Downloads\0016DED7281767295641C932058640C4830000000001E10388.exe
2014-06-06 01:08:33    F30D6E58DA4E088F28F8E6B6111EC7D9    85941826    ----a-w-    C:\ProgramData\SlimWare Utilities, Inc\DriverApp\Downloads\00F30D6E58DA4E088F28F8E6B6111EC7D900000000051F5E42.exe
2014-06-06 01:08:30    0D49AE8E1B10C2528A764F558B753353    5679387    ----a-w-    C:\ProgramData\SlimWare Utilities, Inc\DriverApp\Downloads\000D49AE8E1B10C2528A764F558B753353000000000056A91B.exe
2014-06-06 01:08:28    D2491F791222F764EDB7871B3FEFD2B3    2903935    ----a-w-    C:\ProgramData\SlimWare Utilities, Inc\DriverApp\Downloads\00D2491F791222F764EDB7871B3FEFD2B300000000002C4F7F.exe
2014-06-06 01:08:24    0A537B146A7183E47A399E4A0D2FEE67    1245367    ----a-w-    C:\ProgramData\SlimWare Utilities, Inc\DriverApp\Downloads\000A537B146A7183E47A399E4A0D2FEE6700000000001300B7.exe
2014-06-06 01:08:22    F930BD0EF1692682585D231A3AD3C576    387616    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\pci\ven_8086&dev_2a42\hkcmd.exe
2014-06-06 01:08:22    C093D574EADF8C38A55295DA499816FE    163360    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\pci\ven_8086&dev_2a42\igfxtray.exe
2014-06-06 01:08:22    B5B73117A07E39A6133F4205BB57DA1B    3158560    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\pci\ven_8086&dev_2a42\GfxUI.exe
2014-06-06 01:08:22    8403FC72F30E6BFE257F51460F9F8A83    511008    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\pci\ven_8086&dev_2a42\igfxsrvc.exe
2014-06-06 01:08:22    7A51AD1412A3F80FEC861408E8577BD4    154656    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\pci\ven_8086&dev_2a42\difx64.exe
2014-06-06 01:08:22    787AA6DB88EC95A677C6386E34CBE12C    224800    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\pci\ven_8086&dev_2a42\igfxext.exe
2014-06-06 01:08:22    1B36E598B77FBAFD94BBB48A6F1758D2    418336    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\pci\ven_8086&dev_2a42\igfxpers.exe
2014-06-06 01:08:07    F930BD0EF1692682585D231A3AD3C576    387616    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\pci\ven_8086&dev_2a43\hkcmd.exe
2014-06-06 01:08:07    B5B73117A07E39A6133F4205BB57DA1B    3158560    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\pci\ven_8086&dev_2a43\GfxUI.exe
2014-06-06 01:08:07    787AA6DB88EC95A677C6386E34CBE12C    224800    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\pci\ven_8086&dev_2a43\igfxext.exe
2014-06-06 01:08:07    1B36E598B77FBAFD94BBB48A6F1758D2    418336    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\pci\ven_8086&dev_2a43\igfxpers.exe
2014-06-06 01:08:06    C093D574EADF8C38A55295DA499816FE    163360    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\pci\ven_8086&dev_2a43\igfxtray.exe
2014-06-06 01:08:06    8403FC72F30E6BFE257F51460F9F8A83    511008    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\pci\ven_8086&dev_2a43\igfxsrvc.exe
2014-06-06 01:08:06    7A51AD1412A3F80FEC861408E8577BD4    154656    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\pci\ven_8086&dev_2a43\difx64.exe
2014-06-06 00:52:45    67C3FB8B1199C3CA41CBE48895CF4527    676144    ----a-w-    C:\Users\Heather\Downloads\DownloadManagerSetup.exe
2014-06-06 00:48:34    2CD0390BE76B133DDC9D683A44520613    644616    ----a-w-    C:\Users\Heather\AppData\Roaming\Systweak\ssd\SSDPTstub.exe
2014-06-06 00:48:05    CB8572E790FCE09714143741C20E9934    16896    ----a-w-    C:\Windows\System32\sasnative64.exe
2014-06-06 00:45:18    1FE8478B627E6008BA9DF2A582CEE351    678768    ----a-w-    C:\Users\Heather\Downloads\ZipSetup (1).exe
2014-06-06 00:44:48    1FE8478B627E6008BA9DF2A582CEE351    678768    ----a-w-    C:\Users\Heather\Downloads\ZipSetup.exe
=== C: other files ==
2014-06-06 02:06:51    ECA5E9DA350D2D21376260CD3602449A    3872984    ----a-w-    C:\Windows\System32\drivers\RTKVHD64.sys
2014-06-06 01:52:44    A76194BC2B0941029D5099BAA6997181    61016    ----a-w-    C:\Windows\System32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}Gw64.sys
2014-06-06 01:42:33    AC4CA62572CA516945AB92D6C9F501F4    888536    ----a-w-    C:\Windows\System32\drivers\Rt64win7.sys
2014-06-06 01:42:33    AC4CA62572CA516945AB92D6C9F501F4    888536    ----a-w-    C:\Program Files (x86)\Realtek\NICDRV_8169\WIN7\rt64win7.sys
2014-06-06 01:08:24    03EDB043586CCEBA243D689BDDA370A8    38912    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\root\compositebus\CompositeBus.sys
2014-06-06 01:08:23    61583EE3C3A17003C4ACD0475646B4D3    45056    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\root\blbdrive\blbdrive.sys
2014-06-06 01:08:21    F036CE71586E93D94DAB220D7BDF4416    147456    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\gencdrom\cdrom.sys
2014-06-06 01:08:21    8D1196CFBB223621F2C67D45710F25BA    343040    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\pci\ven_8086&dev_2938\usbhub.sys
2014-06-06 01:08:21    8814F0B9A09C647D3D7BE735450E7B4C    10629408    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\pci\ven_8086&dev_2a42\igdkmd64.sys
2014-06-06 01:08:20    FFA06EF43987ED0DD42AD59B260C0C78    7808    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\usb\root_hub20\usbd.sys
2014-06-06 01:08:20    DD253AFC3BC6CBA412342DE60C3647F3    30720    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\pci\ven_8086&dev_2938\usbuhci.sys
2014-06-06 01:08:20    DD253AFC3BC6CBA412342DE60C3647F3    30720    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\pci\ven_8086&dev_2937\usbuhci.sys
2014-06-06 01:08:20    DD253AFC3BC6CBA412342DE60C3647F3    30720    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\pci\ven_8086&dev_2936\usbuhci.sys
2014-06-06 01:08:20    DC54A574663A895C8763AF0FA1FF7561    48640    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\root\umbus\umbus.sys
2014-06-06 01:08:20    D916874BBD4F8B07BFB7FA9B3CCAE29D    15424    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\pci\ven_8086&dev_2919\msisadrv.sys
2014-06-06 01:08:20    D3BF052C40B0C4166D9FD86A4288C1E6    31232    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\hid_device_system_mouse\mouhid.sys
2014-06-06 01:08:20    D2AAFD421940F640B407AEFAAEBD91B0    71552    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\root\volmgr\volmgr.sys
2014-06-06 01:08:20    C5C876CCFC083FF3B128F933823E87BD    36432    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\root\vdrvroot\vdrvroot.sys
2014-06-06 01:08:20    94575C0571D1462A0F70BDE6BD6EE6B3    184704    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\pci\ven_8086&dev_2942\pci.sys
2014-06-06 01:08:20    94575C0571D1462A0F70BDE6BD6EE6B3    184704    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\pci\ven_8086&dev_2448\pci.sys
2014-06-06 01:08:20    8D1196CFBB223621F2C67D45710F25BA    343040    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\usb\root_hub20\usbhub.sys
2014-06-06 01:08:20    8D1196CFBB223621F2C67D45710F25BA    343040    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\pci\ven_8086&dev_2937\usbhub.sys
2014-06-06 01:08:20    8D1196CFBB223621F2C67D45710F25BA    343040    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\pci\ven_8086&dev_2936\usbhub.sys
2014-06-06 01:08:20    7D27EA49F3C1F687D357E77A470AEA99    49216    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\hid_device_system_mouse\mouclass.sys
2014-06-06 01:08:20    12FEB33791920678F8433701C822BCFD    325120    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\pci\ven_8086&dev_2938\usbport.sys
2014-06-06 01:08:20    12FEB33791920678F8433701C822BCFD    325120    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\pci\ven_8086&dev_2937\usbport.sys
2014-06-06 01:08:20    12FEB33791920678F8433701C822BCFD    325120    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\pci\ven_8086&dev_2936\usbport.sys
2014-06-06 01:08:19    561E7E1F06895D78DE991E01DD0FB6E5    63360    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\root\rdp_mou\termdd.sys
2014-06-06 01:08:19    2EED549279D7FBD10B846B5397573967    2350176    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\pci\ven_1814&dev_5390&subsys_1636103c\netr28x.sys
2014-06-06 01:08:18    FFA06EF43987ED0DD42AD59B260C0C78    7808    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\usb\root_hub\usbd.sys
2014-06-06 01:08:18    DD253AFC3BC6CBA412342DE60C3647F3    30720    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\pci\ven_8086&dev_2935\usbuhci.sys
2014-06-06 01:08:18    94575C0571D1462A0F70BDE6BD6EE6B3    184704    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\pci\ven_8086&dev_2940\pci.sys
2014-06-06 01:08:18    8D1196CFBB223621F2C67D45710F25BA    343040    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\usb\root_hub\usbhub.sys
2014-06-06 01:08:18    8D1196CFBB223621F2C67D45710F25BA    343040    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\pci\ven_8086&dev_2935\usbhub.sys
2014-06-06 01:08:18    4FBDA07EF0A3097CE14C5CABF723B278    347680    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\pci\ven_10ec&dev_8136&subsys_1605103c&rev_02\Rt64win7.sys
2014-06-06 01:08:18    302DA2A0539F2CF54D7C6CC30C1F2D8D    24064    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\root\rdpbus\rdpbus.sys
2014-06-06 01:08:18    12FEB33791920678F8433701C822BCFD    325120    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\pci\ven_8086&dev_2935\usbport.sys
2014-06-06 01:08:18    0D08D2F3B3FF84E433346669B5E0F639    295808    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\storage\volume\volsnap.sys
2014-06-06 01:08:17    FED648B01349A3C8395A5169DB5FB7D6    91648    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\usb\class_08&subclass_06&prot_50\USBSTOR.SYS
2014-06-06 01:08:17    F4DE2AE7A9E1BADAC70BC71EA2C17612    28240    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\acpi\acpi0003\battc.sys
2014-06-06 01:08:17    DD253AFC3BC6CBA412342DE60C3647F3    30720    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\pci\ven_8086&dev_2934\usbuhci.sys
2014-06-06 01:08:17    DC54A574663A895C8763AF0FA1FF7561    48640    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\umb\umbus\umbus.sys
2014-06-06 01:08:17    ADA036632C664CAA754079041CF1F8C1    62464    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\acpi\genuineintel_-_intel64\intelppm.sys
2014-06-06 01:08:17    97BFED39B6B79EB12CDDBFEED51F56BB    122368    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\pci\cc_0403\hdaudbus.sys
2014-06-06 01:08:17    9592090A7E2B61CD582B612B6DF70536    30208    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\generic_hid_device\hidusb.sys
2014-06-06 01:08:17    8D1196CFBB223621F2C67D45710F25BA    343040    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\pci\ven_8086&dev_293c\usbhub.sys
2014-06-06 01:08:17    8D1196CFBB223621F2C67D45710F25BA    343040    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\pci\ven_8086&dev_2934\usbhub.sys
2014-06-06 01:08:17    856E76B3641746ABBC2946BED1372098    32896    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\generic_hid_device\hidparse.sys
2014-06-06 01:08:17    597C3699384E53CC59587ED50CCE5CA2    76800    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\generic_hid_device\hidclass.sys
2014-06-06 01:08:17    18A85013A3E0F7E1755365D287443965    53248    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\pci\ven_8086&dev_293c\usbehci.sys
2014-06-06 01:08:17    12FEB33791920678F8433701C822BCFD    325120    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\pci\ven_8086&dev_293c\usbport.sys
2014-06-06 01:08:17    12FEB33791920678F8433701C822BCFD    325120    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\pci\ven_8086&dev_2934\usbport.sys
2014-06-06 01:08:17    0840155D0BDDF1190F84A663C284BD33    17664    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\acpi\acpi0003\CmBatt.sys
2014-06-06 01:08:16    F4DE2AE7A9E1BADAC70BC71EA2C17612    28240    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\acpi\pnp0c0a\battc.sys
2014-06-06 01:08:16    9819EEE8B5EA3784EC4AF3B137A5244C    73280    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\gendisk\disk.sys
2014-06-06 01:08:16    0840155D0BDDF1190F84A663C284BD33    17664    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\acpi\pnp0c0a\CmBatt.sys
2014-06-06 01:08:15    8D1196CFBB223621F2C67D45710F25BA    343040    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\pci\ven_8086&dev_293a\usbhub.sys
2014-06-06 01:08:15    18A85013A3E0F7E1755365D287443965    53248    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\pci\ven_8086&dev_293a\usbehci.sys
2014-06-06 01:08:15    12FEB33791920678F8433701C822BCFD    325120    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\pci\ven_8086&dev_293a\usbport.sys
2014-06-06 01:08:14    DCA68B0943D6FA415F0C56C92158A83A    99840    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\usb\composite\usbccgp.sys
2014-06-06 01:08:12    0EED230E37515A0EAEE3C2E1BC97B288    32320    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\root\mssmbios\mssmbios.sys
2014-06-06 01:08:04    F4DE2AE7A9E1BADAC70BC71EA2C17612    28240    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\composite_battery\battc.sys
2014-06-06 01:08:04    DD253AFC3BC6CBA412342DE60C3647F3    30720    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\pci\ven_8086&dev_2939\usbuhci.sys
2014-06-06 01:08:04    8D1196CFBB223621F2C67D45710F25BA    343040    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\pci\ven_8086&dev_2939\usbhub.sys
2014-06-06 01:08:04    8814F0B9A09C647D3D7BE735450E7B4C    10629408    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\pci\ven_8086&dev_2a43\igdkmd64.sys
2014-06-06 01:08:04    1384872112E8E7FD5786ECEB8BDDF4C9    540696    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\pci\ven_8086&dev_2929&cc_0106\iaStor.sys
2014-06-06 01:08:04    12FEB33791920678F8433701C822BCFD    325120    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\pci\ven_8086&dev_2939\usbport.sys
2014-06-06 01:08:04    102DE219C3F61415F964C88E9085AD14    21584    ----a-w-    C:\Users\Heather\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20140606T010803767340\composite_battery\compbatt.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-2591928319-2057418030-2561847195-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"4DAADDCB9FA62970F2B2FB4C7C7D6AF5DD866168._service_run"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --type=service"
"WinPatrol"="C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot"
"GoogleDriveSync"="C:\PROGRAM FILES (X86)\Google\Drive\GOOGLEDRIVESYNC.EXE  /autostart"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"panda4_0dn"="reg.exe delete HKCU\Software\AppDataLow\Software\panda4_0dn /f"
"panda4_0dn_XP"="reg.exe delete HKCU\Software\panda4_0dn /f"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"panda4_0dn"="reg.exe delete HKCU\Software\AppDataLow\Software\panda4_0dn /f"
"panda4_0dn_XP"="reg.exe delete HKCU\Software\panda4_0dn /f"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"4DAADDCB9FA62970F2B2FB4C7C7D6AF5DD866168._service_run"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --type=service"
"WinPatrol"="C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot"
"GoogleDriveSync"="C:\PROGRAM FILES (X86)\Google\Drive\GOOGLEDRIVESYNC.EXE  /autostart"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe Update"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Family Tree Builder Update]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Family Tree Builder Update"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\MyHeritage\\Bin\\FTBCheckUpdates.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GarminExpressTrayApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GarminExpressTrayApp"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Garmin\\Express Tray\\ExpressTray.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""


==== Startup Folders ======================

2012-08-19 19:40:14    912    ----a-w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA1100 Smart Wizard.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [06/02/2014 11:45 AM]
C:\Windows\tasks\Digital Sites.job --a------ C:\Users\Heather\AppData\Roaming\DIGITA1\UPDATE1\UPDATE1.exe []
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2591928319-2057418030-2561847195-1000Core.job --a------ C:\Users\Heather\AppData\Local\Facebook\Update\FacebookUpdate.exe [03/26/2014 06:05 PM]
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2591928319-2057418030-2561847195-1000UA.job --a------ C:\Users\Heather\AppData\Local\Facebook\Update\FacebookUpdate.exe [03/26/2014 06:05 PM]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [02/14/2013 04:51 PM]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [02/14/2013 04:51 PM]
C:\Windows\tasks\HPCeeScheduleForHeather.job --a------ C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [07/15/2011 05:43 AM]
C:\Windows\tasks\Speedial.job --a------ [Undetermined Task]
C:\Windows\tasks\UpdaterEX.job --a------ C:\Users\Heather\AppData\Roaming\UPDATE1\UPDATE1\UPDATE1.exe []

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\Advanced System Protector_startup" [C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe]
"C:\Windows\SysNative\tasks\Digital Sites" [C:\Users\Heather\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE]
"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-2591928319-2057418030-2561847195-1000Core" [C:\Users\Heather\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-2591928319-2057418030-2561847195-1000UA" [C:\Users\Heather\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\HPCeeScheduleForHeather" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe]
"C:\Windows\SysNative\tasks\LaunchApp" [C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe]
"C:\Windows\SysNative\tasks\RegClean Pro" [C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe]
"C:\Windows\SysNative\tasks\Speedial" [C:\Users\Heather\AppData\Roaming\Speedial\UPDATE~1\UPDATE~1.EXE]
"C:\Windows\SysNative\tasks\UpdaterEX" [C:\Users\Heather\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe]

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\gkav90u3.default
C195AC4544729A69CFF30BB62F473054    - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll -    Shockwave for Director / Shockwave for Director
A58DE0A570148AF5FF3512B2A340D09F    - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll -    Shockwave Flash
E37EAD09D28AE19D8A39B6A95F47513A    - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll -    Shockwave for Director / Shockwave for Director
FF0D6F82A0EC13952E83B9439100E45D    - C:\Users\Heather\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll -    Facebook Video Calling Plugin


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
bakijjialdiiboeaknfpmflphhmljfkd - No path found[]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[04/11/2014 07:46 PM]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
apdfllckaahabafndbhieahigkjlhalf - C:\Users\Heather\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx[]
bakijjialdiiboeaknfpmflphhmljfkd - No path found[]

Google Drive - Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Google Voice Search Hotword (Beta) - Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
Google Wallet - Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Google Docs - Heather\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Heather\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Heather\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Heather\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Skype for Chromium - Heather\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
AVG SafeGuard - Heather\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Google Wallet - Heather\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Heather\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] not found

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{31090377-0740-419E-BEFC-A56E50500D5B} Unknown  Url="Not_Found"

==== HijackThis Entries ======================

F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [4DAADDCB9FA62970F2B2FB4C7C7D6AF5DD866168._service_run] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service
O4 - HKCU\..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [GoogleDriveSync] C:\PROGRAM FILES (X86)\Google\Drive\GOOGLEDRIVESYNC.EXE  /autostart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [panda4_0dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_0dn" /f (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [panda4_0dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_0dn" /f (User 'Default user')
O4 - Global Startup: NETGEAR WNA1100 Smart Wizard.lnk = ?
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20614.www2.h...pdetect119b.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Garmin Core Update Service - Garmin Ltd or its subsidiaries - C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: JumpStart Wi-Fi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: RtVOsdService Installer (RtVOsdService) - Realtek Semiconductor Corp. - C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: WSWNA1100 - Unknown owner - C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on Mon 06/09/2014 at 14:31:06.53 ======================
 


  • 0

#8
Naathim
Posted 10 June 2014 - 07:15 AM

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Hi :)

 

Sorry for a little delay, I had totally unplanned family invasion yesterday.

 

Now let's get back to work :)

 

 

I need you to download the attached script:

Attached File  zoekscript.txt   1.78KB   154 downloads

icon_idea.gif Disable your AntiVirus and AntiSpyware programs, so they do not interfere with the running of Zoek.exe. You can find instructions how to disable your security applications here.

Now, on your Desktop, drag and drop zoekscript.txt on Zoek.exe as shown below:

51dd31d8563a6-output_TD9fmK.gif


Please approve any UAC prompt to allow this action to proceed.

Answer Yes to the following prompt to allow the zoek script to run:


zoek-script-warning.jpg


This action causes Zoek.exe to start automatically. Please be patient while Zoek is scanning.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please post the zoek-results.log in your reply.

 

 

Cheers,

Naat :)


  • 0

#9
Robin Weisbrod
Posted 10 June 2014 - 11:21 AM

Robin Weisbrod

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

I understand about family.  Here is the latest scan.

 

Zoek.exe v5.0.0.0 Updated 02-June-2014
Tool run by Heather on Tue 06/10/2014 at 10:52:50.63.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Heather\Desktop\zoek.exe
Script used: C:\Users\Heather\Desktop\zoekscript.txt

==== Older Logs ======================

C:\zoek-results2014-06-09-183106.log    53406 bytes
C:\zoek-results2014-06-09-185914.log    20972 bytes

==== System Restore Info ======================

6/10/2014 10:55:52 AM Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Installed Programs ======================

Adobe Flash Player 13 ActiveX  
Adobe Flash Player 13 Plugin  
Adobe Reader XI (11.0.07)  
Adobe Shockwave Player 12.1  
Apple Application Support  
Apple Mobile Device Support  
Apple Software Update  
Atheros for Acer MyAllm Driver v7.1.0.90 Installation Program  
Bonjour  
Canon IJ Network Scanner Selector EX  
Canon IJ Network Tool  
Canon MX410 series MP Drivers  
Compatibility Pack for the 2007 Office system  
DriverUpdate  
Elevated Installer  
Facebook Video Calling 2.0.0.447  
Garmin Express  
Garmin Express Tray  
Google Update Helper  
Hewlett-Packard ACLM.NET v1.2.2.3  
HP Customer Experience Enhancements  
HP Product Detection  
HP Support Assistant  
Intel® Graphics Media Accelerator Driver  
Intel® Rapid Storage Technology  
iTunes  
Java 7 Update 55  
Java Auto Updater  
Microsoft .NET Framework 4.5.1  
Microsoft Office Word Viewer 2003  
Microsoft Security Client  
Microsoft Security Essentials  
Microsoft Silverlight  
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17  
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161  
Mozilla Firefox 29.0.1 (x86 en-US)  
Mozilla Maintenance Service  
MyHeritage Family Tree Builder  
NETGEAR WNA1100 wireless USB 2.0 adapter  
PhotoScape  
PhotoScape Packages  
Ralink RT5390 802.11b/g/n WiFi Adapter  
Realtek Ethernet Controller Driver  
Realtek High Definition Audio Driver  
Realtek WLAN Driver  
RtVOsd  
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)  
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)  
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)  
Skype Click to Call  
swMSM  
Synaptics Pointing Device Driver  
System Requirements Lab for Intel  
WinPatrol  

==== Running Processes ======================

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
C:\PROGRAM FILES (X86)\CANON\IJ NETWORK SCANNER SELECTOR EX\CNMNSST.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Heather\Desktop\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe

==== Services (whitelist) ======================
Powered by E Dev

R2 - [AdobeARMservice] - Adobe Acrobat Update Service - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
R2 - [AERTFilters] - Andrea RT Filters Service - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
R2 - [Apple Mobile Device] - Apple Mobile Device - "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
R2 - [Bonjour Service] - Bonjour Service - "C:\Program Files\Bonjour\mDNSResponder.exe"
R2 - [c2cautoupdatesvc] - Skype Click to Call Updater - "C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service
R2 - [c2cpnrsvc] - Skype Click to Call PNR Service - "C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service
R2 - [Garmin Core Update Service] - Garmin Core Update Service - "C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe"
R2 - [HP Support Assistant Service] - HP Support Assistant Service - "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
R2 - [MsMpSvc] - Microsoft Antimalware Service - "c:\Program Files\Microsoft Security Client\MsMpEng.exe"
R2 - [RtkAudioService] - Realtek Audio Service - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
R2 - [RtVOsdService] - RtVOsdService Installer - "C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe"
R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - "C:\Program Files\Windows Media Player\wmpnetwk.exe"
R2 - [WSearch] - Windows Search - C:\Windows\system32\SearchIndexer.exe /Embedding
R3 - [ALG] - Application Layer Gateway Service - C:\Windows\System32\alg.exe
S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
S2 - [gupdate] - Google Update Service (gupdate) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc
S2 - [sppsvc] - Software Protection - C:\Windows\system32\sppsvc.exe
S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
S3 - [COMSysApp] - COM+ System Application - C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S3 - [ehRecvr] - Windows Media Center Receiver Service - C:\Windows\ehome\ehRecvr.exe
S3 - [ehSched] - Windows Media Center Scheduler Service - C:\Windows\ehome\ehsched.exe
S3 - [Fax] - Fax - C:\Windows\system32\fxssvc.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
S3 - [gupdatem] - Google Update Service (gupdatem) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc
S3 - [hpqwmiex] - HP Software Framework Service - "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe"
S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - C:\Windows\system32\IEEtwCollector.exe /V
S3 - [iPod Service] - iPod Service - "C:\Program Files\iPod\bin\iPodService.exe"
S3 - [jswpsapi] - JumpStart Wi-Fi Protected Setup - C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe
S3 - [MozillaMaintenance] - Mozilla Maintenance Service - "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
S3 - [MSDTC] - Distributed Transaction Coordinator - C:\Windows\System32\msdtc.exe
S3 - [msiserver] - Windows Installer - C:\Windows\system32\msiexec.exe /V
S3 - [NisSrv] - Microsoft Network Inspection - "c:\Program Files\Microsoft Security Client\NisSrv.exe"
S3 - [ose] - Office Source Engine - "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
S3 - [PerfHost] - Performance Counter DLL Host - C:\Windows\SysWow64\perfhost.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - C:\Windows\system32\locator.exe
S3 - [SNMPTRAP] - SNMP Trap - C:\Windows\System32\snmptrap.exe
S3 - [TrustedInstaller] - Windows Modules Installer - C:\Windows\servicing\TrustedInstaller.exe
S3 - [vds] - Virtual Disk - C:\Windows\System32\vds.exe
S3 - [VSS] - Volume Shadow Copy - C:\Windows\system32\vssvc.exe
S3 - [WatAdminSvc] - Windows Activation Technologies Service - C:\Windows\system32\Wat\WatAdminSvc.exe
S3 - [wbengine] - Block Level Backup Engine Service - "C:\Windows\system32\wbengine.exe"
S3 - [wmiApSrv] - WMI Performance Adapter - C:\Windows\system32\wbem\WmiApSrv.exe
S4 - [aspnet_state] - ASP.NET State Service - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{a3f28269-ad17-41a8-b032-3e0313ef8979}Gw64 deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\{a3f28269-ad17-41a8-b032-3e0313ef8979}Gw64 deleted successfully

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"panda4_0dn"=-
"panda4_0dn_XP"=-
[-HKEY_CURRENT_USER\Software\AppDataLow\Software\panda4_0dn]
[-HKEY_CURRENT_USER\Software\panda4_0dn]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"panda4_0dn"=-
"panda4_0dn_XP"=-

==== Deleting Files \ Folders ======================

C:\Program Files (x86)\MyPC Backup not found
C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup not found
C:\Users\Heather\AppData\Roaming\DIGITA1 not found
C:\Program Files (x86)\Advanced System Protector not found
C:\Program Files (x86)\RegClean Pro not found
C:\Users\Heather\AppData\Roaming\Speedial not found
"C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk" not found
"C:\Users\Heather\Desktop\MyPC Backup.lnk" not found
C:\ProgramData\Systweak deleted
C:\Users\Heather\AppData\Roaming\Systweak deleted
C:\Users\Heather\AppData\Roaming\DigitalSites deleted
C:\Users\Heather\AppData\Roaming\UpdaterEX deleted
C:\PROGRA~2\The Weather Channel deleted
C:\PROGRA~3\InstallMate deleted
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons deleted
C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing Presentations.lnk deleted
C:\windows\SysNative\Tasks\LaunchApp deleted
C:\Windows\SysNative\sasnative64.exe deleted
C:\Users\Heather\Downloads\DownloadManagerSetup.exe deleted
C:\Users\Heather\Downloads\CouponPrinter.exe deleted
C:\Windows\SysNative\config\systemprofile\AppData\LocalLow\pandasecuritytb deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\pandasecuritytb deleted
C:\windows\SysNative\tasks\UpdaterEX deleted
C:\Windows\tasks\UpdaterEX.job deleted
C:\windows\SysNative\Tasks\Advanced System Protector_startup deleted
C:\windows\SysNative\tasks\Digital Sites deleted
C:\Windows\tasks\Digital Sites.job deleted
C:\windows\SysNative\tasks\RegClean Pro deleted
C:\Users\Heather\Downloads\wpsetup (1).exe deleted
"C:\Windows\SysNative\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}Gw64.sys" deleted
"C:\Windows\tasks\Speedial.job" deleted
"C:\Windows\SysNative\tasks\Speedial" deleted

==== Folders Found In C:\Users\Heather\AppData\Roaming\0S1F1O2Z0S2Y1H1T ======================

2013-11-18 20:42:01    d-----w-    C:\Users\Heather\AppData\Roaming\0S1F1O2Z0S2Y1H1T\PhotoScape Packages

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-2591928319-2057418030-2561847195-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"4DAADDCB9FA62970F2B2FB4C7C7D6AF5DD866168._service_run"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --type=service"
"WinPatrol"="C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot"
"GoogleDriveSync"="C:\PROGRAM FILES (X86)\Google\Drive\GOOGLEDRIVESYNC.EXE  /autostart"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"4DAADDCB9FA62970F2B2FB4C7C7D6AF5DD866168._service_run"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --type=service"
"WinPatrol"="C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot"
"GoogleDriveSync"="C:\PROGRAM FILES (X86)\Google\Drive\GOOGLEDRIVESYNC.EXE  /autostart"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe Update"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Family Tree Builder Update]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Family Tree Builder Update"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\MyHeritage\\Bin\\FTBCheckUpdates.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GarminExpressTrayApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GarminExpressTrayApp"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Garmin\\Express Tray\\ExpressTray.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""


==== Startup Folders ======================

2012-08-19 19:40:14    912    ----a-w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA1100 Smart Wizard.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [06/02/2014 11:45 AM]
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2591928319-2057418030-2561847195-1000Core.job --a------ C:\Users\Heather\AppData\Local\Facebook\Update\FacebookUpdate.exe [03/26/2014 06:05 PM]
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2591928319-2057418030-2561847195-1000UA.job --a------ C:\Users\Heather\AppData\Local\Facebook\Update\FacebookUpdate.exe [03/26/2014 06:05 PM]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [02/14/2013 04:51 PM]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [02/14/2013 04:51 PM]
C:\Windows\tasks\HPCeeScheduleForHeather.job --a------ C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [07/15/2011 05:43 AM]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-2591928319-2057418030-2561847195-1000Core" [C:\Users\Heather\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-2591928319-2057418030-2561847195-1000UA" [C:\Users\Heather\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\HPCeeScheduleForHeather" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe]

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\gkav90u3.default
C195AC4544729A69CFF30BB62F473054    - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll -    Shockwave for Director / Shockwave for Director
A58DE0A570148AF5FF3512B2A340D09F    - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll -    Shockwave Flash
E37EAD09D28AE19D8A39B6A95F47513A    - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll -    Shockwave for Director / Shockwave for Director
FF0D6F82A0EC13952E83B9439100E45D    - C:\Users\Heather\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll -    Facebook Video Calling Plugin


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
bakijjialdiiboeaknfpmflphhmljfkd - No path found[]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[04/11/2014 07:46 PM]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
apdfllckaahabafndbhieahigkjlhalf - C:\Users\Heather\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx[]
bakijjialdiiboeaknfpmflphhmljfkd - No path found[]

Google Drive - Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Google Voice Search Hotword (Beta) - Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
Google Wallet - Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Google Docs - Heather\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Heather\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Heather\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Heather\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Skype for Chromium - Heather\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
AVG SafeGuard - Heather\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Google Wallet - Heather\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Heather\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chrome Fix ======================

C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bakijjialdiiboeaknfpmflphhmljfkd deleted successfully
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof deleted successfully
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf deleted successfully
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft..../?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/...ox&FORM=IE8SRC"
{31090377-0740-419E-BEFC-A56E50500D5B} Unknown  Url="Not_Found"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.co...ge={startPage}"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2591928319-2057418030-2561847195-1000\Software\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{84481A87-2316-4923-8FAB-3BA8CA29323D} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\apdfllckaahabafndbhieahigkjlhalf deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Heather\AppData\Local\Mozilla\Firefox\Profiles\gkav90u3.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=289 folders=154 20543039 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Heather\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Heather\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on Tue 06/10/2014 at 13:18:21.98 ======================
 


  • 0

#10
Naathim
Posted 11 June 2014 - 06:53 AM

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Hi :)

This log is looking better :thumbsup:

Please tell me how your machine is behaving after those actions.
 

= = = = = = = = = = = = = = = = = = = =



icon_arrow.gifFIRST
Download ADWCleaner by Xplode to your desktop.

  • Close all programs and right-click on the adwcleaner.png icon - select Run as Administrator.
    (Users of Windows XP please just double-click).
  • You will be presented with the console like the one below:

    adwcleaner-start.jpg

  • Click on Scan and follow the prompts.
  • Let it run unhindered.
  • When done, click on the Clean button, and follow the prompts.
  • Allow the system to reboot.

After that, you will then be presented with the report. Copy & Paste this report on your next reply.

icon_idea.gif The report will be saved in the C:\AdwCleaner folder, as AdwCleaner[S0].txt.

 

= = = = = = = = = = = = = = = = = = = =



icon_arrow.gifSECOND

Scan with Junkware Removal Tool

Please download Junkware Removal Tool by Thisisu to your desktop.
Shut down your protection software now to avoid potential conflicts! If you don't know how to do it, take a look at this topic.

  • Run the tool by double-clicking the junkware_removal_tool.png icon.
    If you are using Windows Vista, 7 or 8 instead of double-clicking, right-click and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

= = = = = = = = = = = = = = = = = = = =



icon_arrow.gifTHIRD


GMER scanner for the lurking rootkits


Please download GMER and save it to your desktop.

  • it will come as a randomly named file (like a6ge38b4.exe) - that's absolutely normal.
  • Disconnect from the Internet and close all running programs
  • Temporarily disable any real-time active protection
  • It is very important you do not use your computer while GMER is running
  • Right-click on the randomly named GMER gmericon.png icon and choose Run as Administrator
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan

If you receive a warning about rootkit activity and are asked to fully scan your system click NO!

icon_arrow.gif Please check in the Quick scan box
icon_arrow.gif Please uncheck the following:

  • IAT/EAT
  • Show All

GMER2new_zpsdd936679.jpg

  • Click Scan
  • If you see a rootkit warning window click OK
  • When the scan is finished, Save the results to your desktop as gmer.log
  • Click Copy then paste the results in your reply
  • Exit GMER and be sure to re-enable your Antivirus, Firewall and any other security programs you had disabled

icon_idea.gif

  • If you encounter any problems, try running GMER in Safe Mode
  • If GMER crashes or keeps resulting in a Blue Screen of Death, uncheck Devices on the right side before scanning

= = = = = = = = = = = = = = = = = = = =



Now in your next reply please include these ones for my review:
icon_arrow.gif AdwCleaner report
icon_arrow.gif JRT report
icon_arrow.gif Gmer report
icon_arrow.gif info about the actual performance

I don't mind multiple posts if necessary.

Cheers,
Naat :)


  • 0

Advertisements

#11
Robin Weisbrod
Posted 11 June 2014 - 09:00 AM

Robin Weisbrod

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

# AdwCleaner v3.212 - Report created 11/06/2014 at 10:56:26
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Heather - GW-PC
# Running from : C:\Users\Heather\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\gkav90u3.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\UpdaterEX
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\systweak

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\gkav90u3.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=sumamsd1103&cd=2XzuyEtN2Y1L1QzuzyzzyE0B0EtCzy0AyD0Dzzzz0DyCtB0AtN0D0Tzu0CyCzzzztN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCtD1B1P1R&cr=200593463&ir=
Deleted [Search Provider] : hxxp://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10042&barid={B1035152-D957-11E2-AC7C-001E33A97500}
Deleted [Search Provider] : hxxp://start.sweetpacks.com?src=6&q={searchTerms}&barid={B1035152-D957-11E2-AC7C-001E33A97500}&crg=3.5000006.10042&st=23
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN96334182631939386&ctid=CT3291325&UM=2
Deleted [Search Provider] : hxxp://search.tb.ask.com/search/GGmain.jhtml?searchfor={searchTerms}&st=kwd&ptb=60AAB1FF-84E8-4123-A50F-F83B15164995&n=780bd601&ind=2014041601&p2=^HJ^xdm636^S09444^us&si=314029
Deleted [Search Provider] : hxxp://speedial.com/results.php?f=4&q={searchTerms}&a=spd_dsites05_14_23_ch&cd=2XzuyEtN2Y1L1QzuzyzzyE0B0EtCzy0AyD0Dzzzz0DyCtB0AtN0D0Tzu0SzzzzyBtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StB0Fzy0D0AzztCyEtGtA0A0CyDtGtB0DzzyCtGzyyC0D0CtGtD0ByB0A0A0EyD0AzzyEtA0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyEtA0B0F0Bzz0DtGtByC0A0AtGzy0C0C0CtGtBtByB0EtGyC0DyDtCzy0BtAtAyCzzzzyD2Q&cr=179315033&ir=

*************************

AdwCleaner[R0].txt - [4706 octets] - [09/03/2014 11:59:25]
AdwCleaner[R1].txt - [3551 octets] - [11/06/2014 10:27:33]
AdwCleaner[S0].txt - [4588 octets] - [09/03/2014 12:03:20]
AdwCleaner[S1].txt - [3334 octets] - [11/06/2014 10:56:26]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3394 octets] ##########
 


  • 0

#12
Robin Weisbrod
Posted 11 June 2014 - 12:03 PM

Robin Weisbrod

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by Heather on Wed 06/11/2014 at 13:51:31.08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 06/11/2014 at 14:02:13.45
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


  • 0

#13
Robin Weisbrod
Posted 11 June 2014 - 12:17 PM

Robin Weisbrod

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-06-11 14:13:00
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD25 rev.02.0 232.89GB
Running: ux1s9o1s.exe; Driver: C:\Users\Heather\AppData\Local\Temp\pxldqpoc.sys


---- Threads - GMER 2.1 ----

Thread   [476:516]                                                          000007fefd751f00
Thread   [476:520]                                                          000007fefd751c90
Thread   [476:524]                                                          000007fefd7b4be4
Thread   [476:528]                                                          000007fefd7b3ff0
Thread   [476:540]                                                          000007fefd7b4be4
Thread   [476:552]                                                          000007fefd753710
Thread   [476:564]                                                          000007fefd753710
Thread   [476:3056]                                                         000007fefd7b4be4
Thread   [476:3372]                                                         000007fefd7b4be4
Thread  C:\Windows\System32\svchost.exe [928:960]                           000007fefb46dc50
Thread  C:\Windows\System32\svchost.exe [928:964]                           000007fefb4828b0
Thread  C:\Windows\System32\svchost.exe [928:556]                           000007fefb31f2f4
Thread  C:\Windows\System32\svchost.exe [928:356]                           000007fefbaf6204
Thread  C:\Windows\System32\svchost.exe [928:1296]                          000007fef9f25428
Thread  C:\Windows\System32\svchost.exe [928:1676]                          000007fefb46d604
Thread  C:\Windows\System32\svchost.exe [928:1680]                          000007fefb46d604
Thread  C:\Windows\System32\svchost.exe [928:1688]                          000007fefb46d604
Thread  C:\Windows\System32\svchost.exe [928:3564]                          000007fef2856b8c
Thread  C:\Windows\System32\svchost.exe [928:3400]                          000007fef2851d88
Thread  C:\Windows\System32\svchost.exe [972:372]                           000007fefb31f2f4
Thread  C:\Windows\System32\svchost.exe [972:480]                           000007fefbaf6204
Thread  C:\Windows\System32\svchost.exe [972:1036]                          000007fefa4ad8f8
Thread  C:\Windows\System32\svchost.exe [972:1048]                          000007fefa4a5620
Thread  C:\Windows\System32\svchost.exe [972:1056]                          000007fefa4a6e74
Thread  C:\Windows\System32\svchost.exe [972:1136]                          000007fefa47ffc0
Thread  C:\Windows\System32\svchost.exe [972:1144]                          000007fefa1b331c
Thread  C:\Windows\System32\svchost.exe [972:1468]                          000007fef99359a0
Thread  C:\Windows\System32\svchost.exe [972:2336]                          000007fefd1b1a70
Thread  C:\Windows\System32\svchost.exe [972:2620]                          000007fef6a220c0
Thread  C:\Windows\System32\svchost.exe [972:2688]                          000007fef6a226a8
Thread  C:\Windows\System32\svchost.exe [972:3280]                          000007fef80e44e0
Thread  C:\Windows\System32\svchost.exe [972:3296]                          000007fef84388f8
Thread  C:\Windows\System32\svchost.exe [972:2728]                          000007fef6a229dc
Thread  C:\Windows\System32\svchost.exe [972:2904]                          000007fefdee52e0
Thread  C:\Windows\system32\svchost.exe [784:1164]                          000007fefa3a8274
Thread  C:\Windows\system32\svchost.exe [784:1352]                          000007fefa3a8274
Thread  C:\Windows\system32\svchost.exe [1264:1300]                         000007fef9ef341c
Thread  C:\Windows\system32\svchost.exe [1264:1304]                         000007fef9ef3a2c
Thread  C:\Windows\system32\svchost.exe [1264:1308]                         000007fef9ef3768
Thread  C:\Windows\system32\svchost.exe [1264:1312]                         000007fef9ef5c20
Thread  C:\Windows\system32\svchost.exe [1264:2064]                         000007fef83ebd88
Thread  C:\Windows\system32\svchost.exe [1264:2096]                         000007fef80883d8
Thread  C:\Windows\system32\svchost.exe [1264:2224]                         000007fef77e3f1c
Thread  C:\Windows\system32\svchost.exe [1264:2232]                         000007fef77b1a38
Thread  C:\Windows\system32\svchost.exe [1264:2244]                         000007fef77a5388
Thread  C:\Windows\system32\svchost.exe [1264:2248]                         000007fef7787738
Thread  C:\Windows\system32\svchost.exe [1264:2252]                         000007fef7771f90
Thread  C:\Windows\system32\svchost.exe [1264:2900]                         000007fef8365124
Thread  C:\Windows\system32\svchost.exe [1264:900]                          000007fef8725170
Thread  C:\Windows\system32\svchost.exe [1264:3696]                         000007fefdee52e0
Thread  C:\Windows\System32\spoolsv.exe [1524:2364]                         000007fef6f510c8
Thread  C:\Windows\System32\spoolsv.exe [1524:2372]                         000007fef6f16144
Thread  C:\Windows\System32\spoolsv.exe [1524:2376]                         000007fef6d05fd0
Thread  C:\Windows\System32\spoolsv.exe [1524:2380]                         000007fef6cf3438
Thread  C:\Windows\System32\spoolsv.exe [1524:2384]                         000007fef6d063ec
Thread  C:\Windows\System32\spoolsv.exe [1524:2392]                         000007fef7045e5c
Thread  C:\Windows\System32\spoolsv.exe [1524:2396]                         000007fef7075074
Thread  C:\Windows\System32\spoolsv.exe [1524:3060]                         000007fef70e2288
Thread  C:\Windows\System32\spoolsv.exe [1524:3984]                         000000006ae91e74
Thread  C:\Windows\system32\svchost.exe [1564:2008]                         000007fef86a35c0
Thread  C:\Windows\system32\svchost.exe [1564:2508]                         000007fef86a5600
Thread  C:\Windows\system32\svchost.exe [1564:2648]                         000007fef6862888
Thread  C:\Windows\system32\svchost.exe [1564:2672]                         000007fef67b2940
Thread  C:\Windows\system32\svchost.exe [1564:3480]                         000007fef6862a40
Thread  C:\Windows\system32\taskhost.exe [1632:1724]                        000007fef89f2740
Thread  C:\Windows\system32\taskhost.exe [1632:1728]                        000007fef89d1f38
Thread  C:\Windows\system32\taskhost.exe [1632:1776]                        000007fef8983d18
Thread  C:\Windows\system32\taskhost.exe [1632:1376]                        000007fefa171010
Thread  C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [2164:2180]      0000000075947587
Thread  C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [2164:2616]      0000000077ba3e85
Thread  C:\Windows\system32\svchost.exe [2780:2880]                         000007fef67d8470
Thread  C:\Windows\system32\svchost.exe [2780:2892]                         000007fef67e2418
Thread  C:\Windows\system32\svchost.exe [2780:3048]                         000007fef3e9f130
Thread  C:\Windows\system32\svchost.exe [2780:3792]                         000007fef3e94734
Thread  C:\Windows\system32\svchost.exe [2780:3884]                         000007fef3e94734
Thread  C:\Windows\system32\svchost.exe [2780:2652]                         000007fef67d9750
Thread  C:\Program Files\Microsoft Security Client\msseces.exe [3012:2664]  000007fefbd52a7c
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [1736:1432]      000007fefbd52a7c
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [1736:1388]      000007feeeff4830
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [1736:2420]      000007fef8365124

---- EOF - GMER 2.1 ----
 


  • 0

#14
Robin Weisbrod
Posted 11 June 2014 - 12:21 PM

Robin Weisbrod

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

The computer seems to be running better -- faster, but video's are still choppy and/or not running at all.  Could it be something with those drivers or time for an update?


  • 0

#15
Naathim
Posted 12 June 2014 - 06:51 AM

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Hi :)

 

First let's finish junkware cleaning.

Being honest, the answer to your question is not that simple - there can be dozen of reasons for this kind of behavior.

Updating drivers may help, but please refrain from implementing any updates and changes right now. We need to complete this task first.

 

Download Security Check by screen317.
icon_arrow.gif Save it to your Desktop and:

  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt;

Please post the content of that document.

 

Cheers,

Naat :)


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP