About 2 weeks ago my computer started running slow. Task mgr showed multiple dllhost.exe*32 running. When I would leave my email or facebook account, I had to sign in again. I finally turned off the computer. Until I could research what to do, I only turned on the computer to check email then turned it off. Before I could find time to do anything, I discovered chrome *32 malware. I also started getting a notepad notice with 'Decryption Instructions'. Yesterday I ran the OTL scan, and before it was done I was getting what I knew to be fake update notices for FlashPlayer, two at a time. The computer by then was running so slowly that I could not get back online to post this. I did copy and paste the scan log to WordPerfect to send today. It is pasted below. It has taken me almost an hour to get internet open and get this typed. Please help me. 20 minutes to type what would take 4, frustrating to the highest level.
Thank you,
JudyB
OTL logfile created on: 11/1/2014 2:35:50 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Judy\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17358)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.99 Gb Total Physical Memory | 0.57 Gb Available Physical Memory | 14.39% Memory free
7.98 Gb Paging File | 3.30 Gb Available in Paging File | 41.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584.24 Gb Total Space | 496.86 Gb Free Space | 85.04% Space Free | Partition Type: NTFS
Drive D: | 11.83 Gb Total Space | 2.16 Gb Free Space | 18.28% Space Free | Partition Type: NTFS
Computer Name: JUDY-PC | User Name: Judy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/11/01 11:00:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Judy\Downloads\OTL.exe
PRC - [2014/10/06 21:54:03 | 000,810,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2014/09/18 13:19:26 | 000,231,704 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn15\ytbb.exe
PRC - [2014/09/12 04:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/03/29 14:30:49 | 000,309,704 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2013/12/12 14:56:14 | 003,145,536 | ---- | M] () -- C:\Users\Judy\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
PRC - [2013/02/09 10:12:15 | 000,290,867 | ---- | M] () -- C:\Users\Judy\AppData\Roaming\Viarorhy\ulcyive.exe
PRC - [2012/10/18 11:10:42 | 000,103,864 | ---- | M] () -- C:\Users\Judy\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
PRC - [2012/10/18 11:10:34 | 001,255,352 | ---- | M] (ShopAtHome.com) -- C:\Users\Judy\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe
PRC - [2009/08/28 15:53:00 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/07/23 23:45:52 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/05/26 03:36:13 | 000,656,896 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
PRC - [2008/11/20 13:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/07/24 14:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2000/05/19 16:54:06 | 000,087,040 | ---- | M] (Lotus Development Corporation) -- C:\Lotus\organize\EasyClip.exe
PRC - [1999/04/23 14:02:04 | 000,032,768 | ---- | M] (Lotus Development Corporation.) -- C:\Lotus\smartctr\SUITEST.EXE
PRC - [1998/07/23 16:06:26 | 000,067,584 | ---- | M] (IntelliQuest Communications, Inc.) -- C:\Lotus\register\REMIND32.EXE
========== Modules (No Company Name) ==========
MOD - [2014/10/11 13:05:58 | 001,044,776 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/02/06 01:52:52 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/12/12 14:56:14 | 003,145,536 | ---- | M] () -- C:\Users\Judy\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
MOD - [2013/02/09 10:12:15 | 000,290,867 | ---- | M] () -- C:\Users\Judy\AppData\Roaming\Viarorhy\ulcyive.exe
MOD - [2012/10/18 11:10:42 | 000,103,864 | ---- | M] () -- C:\Users\Judy\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
MOD - [2012/10/18 11:10:18 | 000,049,080 | ---- | M] () -- C:\Users\Judy\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelperPS.dll
MOD - [2009/08/28 15:52:58 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/05/26 03:36:13 | 000,656,896 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
MOD - [1998/08/28 18:42:46 | 000,220,160 | ---- | M] () -- C:\Lotus\organize\ormutil.dll
MOD - [1998/08/28 18:42:46 | 000,153,088 | ---- | M] () -- C:\Lotus\organize\ormmime.dll
MOD - [1998/08/28 18:42:46 | 000,138,752 | ---- | M] () -- C:\Lotus\organize\ormprot.dll
========== Services (SafeList) ==========
SRV:64bit: - [2014/09/18 20:25:49 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/27 13:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV - [2014/09/23 18:58:11 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/09/12 04:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/03/20 17:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/11/04 18:31:56 | 000,092,160 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/07/28 16:36:52 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/07/24 14:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2014/07/28 14:52:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 09:31:42 | 000,233,472 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/09 05:38:42 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/16 06:32:14 | 006,112,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {372DA26F-EE6C-4FA1-98CB-3F1B6DF1E831}
IE:64bit: - HKLM\..\SearchScopes\{372DA26F-EE6C-4FA1-98CB-3F1B6DF1E831}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{DECD5976-D500-4D4B-A856-034E26769E84}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {372DA26F-EE6C-4FA1-98CB-3F1B6DF1E831}
IE - HKLM\..\SearchScopes\{372DA26F-EE6C-4FA1-98CB-3F1B6DF1E831}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{DECD5976-D500-4D4B-A856-034E26769E84}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...bestbuy&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn15\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {FB6DF0ED-9E40-4BE8-90ED-18F55653649A}
IE - HKCU\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = http://vshare.toolba...Terms}&srch=dsp
IE - HKCU\..\SearchScopes\{372DA26F-EE6C-4FA1-98CB-3F1B6DF1E831}: "URL" = http://www.bing.com/...E11SR&pc=HPDTDF
IE - HKCU\..\SearchScopes\{FB6DF0ED-9E40-4BE8-90ED-18F55653649A}: "URL" = http://websearch.sho...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/30 20:37:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/30 20:37:31 | 000,000,000 | ---D | M]
========== Chrome ==========
CHR - homepage: http://www.google.com/
CHR - plugin: Error reading preferences file
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: YouTube = C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn15\yt.dll (Yahoo! Inc.)
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O2 - BHO: (ShopAtHome.com Cash Back Helper) - {66516A07-F617-488A-90CF-4E690CFB3C5F} - C:\Users\Judy\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)
O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Users\Judy\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn15\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (ShopAtHome.com Toolbar) - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Users\Judy\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe ()
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [QuickFinder Scheduler] c:\Program Files (x86)\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE (Corel Corporation)
O4 - HKLM..\Run: [ShopAtHomeWatcher] C:\Users\Judy\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe ()
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Amazon Cloud Player] C:\Users\Judy\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe ()
O4 - HKCU..\Run: [ChromeUpdate] C:\Users\Judy\AppData\Roaming\ChromeUpdate.exe ()
O4 - HKCU..\Run: [GoogleUpdate] C:\Users\Judy\AppData\Roaming\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [Veovumyvyhfexu] C:\Users\Judy\AppData\Roaming\Viarorhy\ulcyive.exe ()
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - Startup: C:\Users\Judy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DECRYPT_INSTRUCTION.HTML ()
O4 - Startup: C:\Users\Judy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DECRYPT_INSTRUCTION.TXT ()
O4 - Startup: C:\Users\Judy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\INSTALL_TOR.URL ()
O4 - Startup: C:\Users\Judy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lotus SmartSuite 9.6 - English Registration.lnk = C:\Lotus\register\REMIND32.EXE (IntelliQuest Communications, Inc.)
F3:64bit: - HKCU WinNT: Load - (C:\Users\Judy\LOCALS~1\Temp\msfbwf.cmd) - C:\Users\Judy\Local Settings\Temp\msfbwf.cmd ()
F3 - HKCU WinNT: Load - (C:\Users\Judy\LOCALS~1\Temp\msfbwf.cmd) - C:\Users\Judy\Local Settings\Temp\msfbwf.cmd ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X4\Programs\WPLauncher.hta ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X4\Programs\WPLauncher.hta ()
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{478427F3-E4A6-4105-A5B2-AD736A740BB3}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\vsharechrome - No CLSID value found
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014/10/28 20:15:33 | 000,000,000 | ---D | C] -- C:\Users\Judy\AppData\Roaming\Viarorhy
[2014/10/28 20:09:10 | 017,817,750 | ---- | C] (Google Inc.) -- C:\Users\Judy\AppData\Roaming\GoogleUpdate.exe
[2014/10/28 20:07:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2014/10/16 21:18:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/10/16 21:18:02 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/10/16 21:18:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014/10/16 21:18:02 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/10/16 21:18:02 | 000,000,000 | ---D | C] -- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
[2007/01/03 17:35:00 | 001,077,248 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\Program Files (x86)\cdintf210.dll
[2006/12/21 05:00:00 | 001,081,344 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\Program Files (x86)\cdintf.dll
[2006/12/21 04:58:00 | 000,191,608 | ---- | C] (AMYUNI Technologies
http://www.amyuni.com) -- C:\Program Files (x86)\acfpdfui.dll
[2006/12/21 04:57:00 | 000,163,789 | ---- | C] (AMYUNI Technologies
http://www.amyuni.com) -- C:\Program Files (x86)\acfpdfu.dll
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/11/01 14:02:16 | 000,001,104 | -H-- | M] () -- C:\ProgramData\@system2.att
[2014/11/01 14:02:00 | 000,001,368 | ---- | M] () -- C:\ProgramData\@system.att
[2014/11/01 14:00:01 | 000,000,802 | ---- | M] () -- C:\Windows\tasks\Security Center Update - 1007410844.job
[2014/11/01 13:58:18 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/11/01 13:53:47 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/11/01 11:00:54 | 000,001,087 | ---- | M] () -- C:\Users\Judy\Desktop\OTL - Shortcut.lnk
[2014/11/01 10:34:46 | 000,018,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/11/01 10:34:46 | 000,018,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/11/01 10:27:03 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/11/01 10:26:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/11/01 10:26:46 | 3212,713,984 | -HS- | M] () -- C:\hiberfil.sys
[2014/10/30 20:26:36 | 000,008,538 | ---- | M] () -- C:\Users\Judy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DECRYPT_INSTRUCTION.HTML
[2014/10/30 20:26:36 | 000,000,274 | ---- | M] () -- C:\Users\Judy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\INSTALL_TOR.URL
[2014/10/30 20:26:31 | 000,008,538 | ---- | M] () -- C:\Users\Judy\Desktop\DECRYPT_INSTRUCTION.HTML
[2014/10/30 20:26:31 | 000,000,274 | ---- | M] () -- C:\Users\Judy\Desktop\INSTALL_TOR.URL
[2014/10/30 20:26:30 | 000,008,538 | ---- | M] () -- C:\Users\Public\Documents\DECRYPT_INSTRUCTION.HTML
[2014/10/30 20:26:30 | 000,000,274 | ---- | M] () -- C:\Users\Public\Documents\INSTALL_TOR.URL
[2014/10/30 20:26:28 | 000,008,538 | ---- | M] () -- C:\Users\Judy\DECRYPT_INSTRUCTION.HTML
[2014/10/30 20:26:28 | 000,000,274 | ---- | M] () -- C:\Users\Judy\INSTALL_TOR.URL
[2014/10/30 20:12:15 | 000,008,538 | ---- | M] () -- C:\Users\Judy\Documents\DECRYPT_INSTRUCTION.HTML
[2014/10/30 20:12:15 | 000,000,274 | ---- | M] () -- C:\Users\Judy\Documents\INSTALL_TOR.URL
[2014/10/30 20:11:38 | 000,008,538 | ---- | M] () -- C:\Users\Judy\AppData\Roaming\DECRYPT_INSTRUCTION.HTML
[2014/10/30 20:11:38 | 000,000,274 | ---- | M] () -- C:\Users\Judy\AppData\Roaming\INSTALL_TOR.URL
[2014/10/30 20:11:13 | 000,008,538 | ---- | M] () -- C:\Users\Judy\AppData\Local\DECRYPT_INSTRUCTION.HTML
[2014/10/30 20:11:13 | 000,000,274 | ---- | M] () -- C:\Users\Judy\AppData\Local\INSTALL_TOR.URL
[2014/10/30 20:09:05 | 000,008,538 | ---- | M] () -- C:\ProgramData\DECRYPT_INSTRUCTION.HTML
[2014/10/30 20:09:05 | 000,000,274 | ---- | M] () -- C:\ProgramData\INSTALL_TOR.URL
[2014/10/28 20:09:03 | 016,932,772 | ---- | M] () -- C:\Users\Judy\AppData\Roaming\ChromeUpdate.exe
[2014/10/28 20:08:38 | 000,000,000 | ---- | M] () -- C:\Users\Judy\AppData\Roaming\brzpop.dll
[2014/10/28 20:08:10 | 000,070,144 | ---- | M] () -- C:\Users\Judy\AppData\Roaming\gxujio.dll
[2014/10/26 08:59:51 | 000,000,848 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2014/10/23 22:12:02 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJudy.job
[2014/10/21 17:16:29 | 000,801,092 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/10/21 17:16:29 | 000,674,826 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/10/21 17:16:29 | 000,128,100 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/10/17 16:58:58 | 000,401,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/10/16 21:18:39 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/11/01 11:00:54 | 000,001,087 | ---- | C] () -- C:\Users\Judy\Desktop\OTL - Shortcut.lnk
[2014/10/30 20:26:36 | 000,008,538 | ---- | C] () -- C:\Users\Judy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DECRYPT_INSTRUCTION.HTML
[2014/10/30 20:26:36 | 000,000,274 | ---- | C] () -- C:\Users\Judy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\INSTALL_TOR.URL
[2014/10/30 20:26:31 | 000,008,538 | ---- | C] () -- C:\Users\Judy\Desktop\DECRYPT_INSTRUCTION.HTML
[2014/10/30 20:26:31 | 000,000,274 | ---- | C] () -- C:\Users\Judy\Desktop\INSTALL_TOR.URL
[2014/10/30 20:26:30 | 000,008,538 | ---- | C] () -- C:\Users\Public\Documents\DECRYPT_INSTRUCTION.HTML
[2014/10/30 20:26:30 | 000,000,274 | ---- | C] () -- C:\Users\Public\Documents\INSTALL_TOR.URL
[2014/10/30 20:26:28 | 000,008,538 | ---- | C] () -- C:\Users\Judy\DECRYPT_INSTRUCTION.HTML
[2014/10/30 20:26:28 | 000,000,274 | ---- | C] () -- C:\Users\Judy\INSTALL_TOR.URL
[2014/10/30 20:12:15 | 000,008,538 | ---- | C] () -- C:\Users\Judy\Documents\DECRYPT_INSTRUCTION.HTML
[2014/10/30 20:12:15 | 000,000,274 | ---- | C] () -- C:\Users\Judy\Documents\INSTALL_TOR.URL
[2014/10/30 20:11:38 | 000,008,538 | ---- | C] () -- C:\Users\Judy\AppData\Roaming\DECRYPT_INSTRUCTION.HTML
[2014/10/30 20:11:38 | 000,000,274 | ---- | C] () -- C:\Users\Judy\AppData\Roaming\INSTALL_TOR.URL
[2014/10/30 20:11:13 | 000,008,538 | ---- | C] () -- C:\Users\Judy\AppData\Local\DECRYPT_INSTRUCTION.HTML
[2014/10/30 20:11:13 | 000,000,274 | ---- | C] () -- C:\Users\Judy\AppData\Local\INSTALL_TOR.URL
[2014/10/30 20:09:05 | 000,008,538 | ---- | C] () -- C:\ProgramData\DECRYPT_INSTRUCTION.HTML
[2014/10/30 20:09:05 | 000,000,274 | ---- | C] () -- C:\ProgramData\INSTALL_TOR.URL
[2014/10/28 20:15:34 | 000,000,802 | ---- | C] () -- C:\Windows\tasks\Security Center Update - 1007410844.job
[2014/10/28 20:09:23 | 000,001,368 | ---- | C] () -- C:\ProgramData\@system.att
[2014/10/28 20:08:58 | 016,932,772 | ---- | C] () -- C:\Users\Judy\AppData\Roaming\ChromeUpdate.exe
[2014/10/28 20:08:58 | 000,001,104 | -H-- | C] () -- C:\ProgramData\@system2.att
[2014/10/28 20:08:38 | 000,000,000 | ---- | C] () -- C:\Users\Judy\AppData\Roaming\brzpop.dll
[2014/10/28 20:08:10 | 000,070,144 | ---- | C] () -- C:\Users\Judy\AppData\Roaming\gxujio.dll
[2014/10/16 21:18:39 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/02/25 23:06:40 | 000,793,214 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/27 12:47:19 | 002,249,968 | ---- | C] () -- C:\Users\Judy\AppData\Local\tmp001.0
[2011/03/27 12:47:19 | 000,393,296 | ---- | C] () -- C:\Users\Judy\AppData\Local\tmp001.JPG
[2010/12/25 18:05:36 | 001,510,507 | ---- | C] () -- C:\Users\Judy\AppData\Local\tmpPHOTO[1].0
[2010/12/25 18:05:36 | 000,499,408 | ---- | C] () -- C:\Users\Judy\AppData\Local\tmpPHOTO[1].JPG
[2010/12/01 21:55:07 | 002,336,768 | ---- | C] () -- C:\Users\Judy\AppData\Local\tmpTABLES 001.JPG
[2010/11/26 18:46:24 | 000,351,280 | ---- | C] () -- C:\Users\Judy\AppData\Local\tmpPHOTO.JPG
[2010/11/26 18:23:38 | 001,183,836 | ---- | C] () -- C:\Users\Judy\AppData\Local\tmpPHOTO.0
[2010/08/16 19:30:46 | 000,861,925 | ---- | C] () -- C:\Users\Judy\AppData\Local\tmpSCAN0001.1
[2010/08/16 19:30:45 | 001,992,325 | ---- | C] () -- C:\Users\Judy\AppData\Local\tmpSCAN0001.0
[2010/08/16 19:30:45 | 000,858,832 | ---- | C] () -- C:\Users\Judy\AppData\Local\tmpSCAN0001.JPG
[2010/05/10 18:18:24 | 000,117,261 | ---- | C] () -- C:\Users\Judy\AppData\Local\tmpSF-AMY-LEIGH-ANDREWS.0
[2010/05/10 18:18:24 | 000,063,968 | ---- | C] () -- C:\Users\Judy\AppData\Local\tmpSF-AMY-LEIGH-ANDREWS.JPG
[2010/03/03 22:48:22 | 000,000,848 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2007/01/04 11:44:52 | 000,000,000 | ---- | C] () -- C:\Program Files (x86)\acfpdf.dat
[2006/12/27 09:47:24 | 000,009,309 | ---- | C] () -- C:\Program Files (x86)\atpdf210.cat
[2006/12/21 04:58:00 | 000,001,100 | ---- | C] () -- C:\Program Files (x86)\amyuni.inf
[2006/12/12 18:26:00 | 000,133,184 | ---- | C] () -- C:\Program Files (x86)\Install.exe
========== ZeroAccess Check ==========
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 21:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 20:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2014/11/01 15:53:57 | 000,000,000 | ---D | M] -- C:\Users\Judy\AppData\Roaming\FrameworkUpdate7
[2014/11/01 15:58:37 | 000,000,000 | ---D | M] -- C:\Users\Judy\AppData\Roaming\Igqewoti
[2010/03/14 17:48:27 | 000,000,000 | ---D | M] -- C:\Users\Judy\AppData\Roaming\MyFamily.com
[2010/03/03 19:00:57 | 000,000,000 | ---D | M] -- C:\Users\Judy\AppData\Roaming\PictureMover
[2014/11/01 15:59:33 | 000,000,000 | ---D | M] -- C:\Users\Judy\AppData\Roaming\Rumowuo
[2014/10/30 20:11:37 | 000,000,000 | ---D | M] -- C:\Users\Judy\AppData\Roaming\ShopAtHome
[2014/10/28 20:15:33 | 000,000,000 | ---D | M] -- C:\Users\Judy\AppData\Roaming\Viarorhy
[2010/03/06 00:15:05 | 000,000,000 | ---D | M] -- C:\Users\Judy\AppData\Roaming\WildTangent
[2010/03/11 22:32:06 | 000,000,000 | ---D | M] -- C:\Users\Judy\AppData\Roaming\WinBatch
========== Purity Check ==========
========== Files - Unicode (All) ==========
[2014/10/28 20:08:58 | 000,000,448 | -H-- | M] ()(C:\Users\Judy\AppData\Roaming\????) -- C:\Users\Judy\AppData\Roaming\????
[2014/10/28 20:08:58 | 000,000,448 | -H-- | C] ()(C:\Users\Judy\AppData\Roaming\????) -- C:\Users\Judy\AppData\Roaming\????
< End of report >