Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Multiple malwares on my computer [Solved]

dllhost.exe*32 chrome*32 decrypt instruction

  • This topic is locked This topic is locked

#16
JudyDB

JudyDB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

Sorry, no luck.  In fact, as soon as I clicked 'download' the security message popped up. :no:

 

I have noticed that the computer seems to be running better.

 

Here's the fix log that I ran first today:

 

All processes killed
========== COMMANDS ==========
System Restore Service not available.
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\DusutIfazz deleted successfully.
File move failed. C:\Windows\SysWOW64\regsvr32.exe scheduled to be moved on reboot.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Faigxevyirnu deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\fwcflu32 deleted successfully.
C:\Users\Judy\AppData\Local\Temp\DHCPprxy.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ivijios deleted successfully.
C:\Users\Judy\AppData\Local\ivijios.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Rsugiwopzzep deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Svc2dll deleted successfully.
C:\Users\Judy\AppData\Local\svcxdcl32.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\UujfaVojaf deleted successfully.
File move failed. C:\Windows\SysWOW64\regsvr32.exe scheduled to be moved on reboot.
========== FILES ==========
C:\Users\Judy\AppData\Roaming\PictureMover\Log folder moved successfully.
C:\Users\Judy\AppData\Roaming\PictureMover\Bin folder moved successfully.
C:\Users\Judy\AppData\Roaming\PictureMover folder moved successfully.
C:\Users\Judy\AppData\Roaming\MyFamily.com\FTW\13 folder moved successfully.
C:\Users\Judy\AppData\Roaming\MyFamily.com\FTW folder moved successfully.
C:\Users\Judy\AppData\Roaming\MyFamily.com folder moved successfully.
C:\Users\Judy\AppData\Roaming\Microsoft\{6ED5EACF-F59D-D096-EF82-F90493D63D78} folder moved successfully.
C:\Users\Judy\AppData\Roaming\Microsoft\Windows\Themes folder moved successfully.
C:\Users\Judy\AppData\Roaming\Microsoft\Windows\PrivacIE folder moved successfully.
C:\Users\Judy\AppData\Roaming\Microsoft\Windows\IETldCache folder moved successfully.
C:\Users\Judy\AppData\Roaming\Microsoft\Windows\IEDownloadHistory folder moved successfully.
C:\Users\Judy\AppData\Roaming\Microsoft\Windows\iecompatuaCache folder moved successfully.
C:\Users\Judy\AppData\Roaming\Microsoft\Windows\IECompatCache folder moved successfully.
C:\Users\Judy\AppData\Roaming\Microsoft\Windows\DNTException folder moved successfully.
C:\Users\Judy\AppData\Roaming\Microsoft\Windows folder moved successfully.
C:\Users\Judy\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs folder moved successfully.
C:\Users\Judy\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs folder moved successfully.
C:\Users\Judy\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates folder moved successfully.
C:\Users\Judy\AppData\Roaming\Microsoft\SystemCertificates\My folder moved successfully.
Folder move failed. C:\Users\Judy\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.
C:\Users\Judy\AppData\Roaming\Microsoft\Spelling\en-US folder moved successfully.
C:\Users\Judy\AppData\Roaming\Microsoft\Spelling folder moved successfully.
C:\Users\Judy\AppData\Roaming\Microsoft\Protect\S-1-5-21-977744973-2552835015-2244764293-1001 folder moved successfully.
Folder move failed. C:\Users\Judy\AppData\Roaming\Microsoft\Protect scheduled to be moved on reboot.
C:\Users\Judy\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk folder moved successfully.
C:\Users\Judy\AppData\Roaming\Microsoft\Network\Connections\Pbk folder moved successfully.
C:\Users\Judy\AppData\Roaming\Microsoft\Network\Connections folder moved successfully.
C:\Users\Judy\AppData\Roaming\Microsoft\Network folder moved successfully.
C:\Users\Judy\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low folder moved successfully.
C:\Users\Judy\AppData\Roaming\Microsoft\Internet Explorer\UserData folder moved successfully.
C:\Users\Judy\AppData\Roaming\Microsoft\Internet Explorer folder moved successfully.
C:\Users\Judy\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-977744973-2552835015-2244764293-1001 folder moved successfully.
C:\Users\Judy\AppData\Roaming\Microsoft\Crypto\RSA folder moved successfully.
Folder move failed. C:\Users\Judy\AppData\Roaming\Microsoft\Crypto scheduled to be moved on reboot.
Folder move failed. C:\Users\Judy\AppData\Roaming\Microsoft\Credentials scheduled to be moved on reboot.
Folder move failed. C:\Users\Judy\AppData\Roaming\Microsoft scheduled to be moved on reboot.
C:\Users\Judy\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#s.ytimg.com folder moved successfully.
C:\Users\Judy\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#foodplanet.thesyndicationserver.co.uk folder moved successfully.
C:\Users\Judy\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys folder moved successfully.
C:\Users\Judy\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer folder moved successfully.
C:\Users\Judy\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support folder moved successfully.
C:\Users\Judy\AppData\Roaming\Macromedia\Flash Player\macromedia.com folder moved successfully.
C:\Users\Judy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKJLSA6E\vox-static.liverail.com folder moved successfully.
C:\Users\Judy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKJLSA6E\s.ytimg.com folder moved successfully.
C:\Users\Judy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKJLSA6E\foodplanet.thesyndicationserver.co.uk\SyndPlugins\flowplayer.unlimited-3.2.16_thesyndicationserver.co.uk.swf folder moved successfully.
C:\Users\Judy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKJLSA6E\foodplanet.thesyndicationserver.co.uk\SyndPlugins folder moved successfully.
C:\Users\Judy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKJLSA6E\foodplanet.thesyndicationserver.co.uk folder moved successfully.
C:\Users\Judy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKJLSA6E\cdn-static.liverail.com folder moved successfully.
C:\Users\Judy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DKJLSA6E folder moved successfully.
C:\Users\Judy\AppData\Roaming\Macromedia\Flash Player\#SharedObjects folder moved successfully.
C:\Users\Judy\AppData\Roaming\Macromedia\Flash Player folder moved successfully.
C:\Users\Judy\AppData\Roaming\Macromedia folder moved successfully.
C:\Users\Judy\AppData\Roaming\Intuit\Quicken\Log folder moved successfully.
C:\Users\Judy\AppData\Roaming\Intuit\Quicken\Data folder moved successfully.
C:\Users\Judy\AppData\Roaming\Intuit\Quicken\Config folder moved successfully.
C:\Users\Judy\AppData\Roaming\Intuit\Quicken folder moved successfully.
C:\Users\Judy\AppData\Roaming\Intuit folder moved successfully.
C:\Users\Judy\AppData\Roaming\Hewlett-Packard\HP Support Framework folder moved successfully.
C:\Users\Judy\AppData\Roaming\Hewlett-Packard folder moved successfully.
C:\Users\Judy\AppData\Roaming\Google\Local Search History folder moved successfully.
C:\Users\Judy\AppData\Roaming\Google folder moved successfully.
C:\Users\Judy\AppData\Roaming\Corel\WordPerfect Office X4\User Config folder moved successfully.
C:\Users\Judy\AppData\Roaming\Corel\WordPerfect Office X4\DateTime folder moved successfully.
C:\Users\Judy\AppData\Roaming\Corel\WordPerfect Office X4 folder moved successfully.
C:\Users\Judy\AppData\Roaming\Corel\WordPerfect\14\EN\Labels folder moved successfully.
C:\Users\Judy\AppData\Roaming\Corel\WordPerfect\14\EN folder moved successfully.
C:\Users\Judy\AppData\Roaming\Corel\WordPerfect\14 folder moved successfully.
C:\Users\Judy\AppData\Roaming\Corel\WordPerfect folder moved successfully.
C:\Users\Judy\AppData\Roaming\Corel\PerfectScript\14\EN\WordPerfect folder moved successfully.
C:\Users\Judy\AppData\Roaming\Corel\PerfectScript\14\EN folder moved successfully.
C:\Users\Judy\AppData\Roaming\Corel\PerfectScript\14 folder moved successfully.
C:\Users\Judy\AppData\Roaming\Corel\PerfectScript folder moved successfully.
C:\Users\Judy\AppData\Roaming\Corel\PerfectExpert\14\EN\Custom WP Templates\XML folder moved successfully.
C:\Users\Judy\AppData\Roaming\Corel\PerfectExpert\14\EN\Custom WP Templates folder moved successfully.
C:\Users\Judy\AppData\Roaming\Corel\PerfectExpert\14\EN folder moved successfully.
C:\Users\Judy\AppData\Roaming\Corel\PerfectExpert\14 folder moved successfully.
C:\Users\Judy\AppData\Roaming\Corel\PerfectExpert folder moved successfully.
C:\Users\Judy\AppData\Roaming\Corel\Messages\540232237_807010 folder moved successfully.
C:\Users\Judy\AppData\Roaming\Corel\Messages folder moved successfully.
C:\Users\Judy\AppData\Roaming\Corel folder moved successfully.
C:\Users\Judy\AppData\Roaming\Apple Computer\Preferences folder moved successfully.
C:\Users\Judy\AppData\Roaming\Apple Computer\Logs folder moved successfully.
C:\Users\Judy\AppData\Roaming\Apple Computer\iTunes\iTunes Plug-ins folder moved successfully.
C:\Users\Judy\AppData\Roaming\Apple Computer\iTunes\Cookies folder moved successfully.
C:\Users\Judy\AppData\Roaming\Apple Computer\iTunes folder moved successfully.
C:\Users\Judy\AppData\Roaming\Apple Computer folder moved successfully.
C:\Users\Judy\AppData\Roaming\Adobe\Flash Player\NativeCache folder moved successfully.
C:\Users\Judy\AppData\Roaming\Adobe\Flash Player\AssetCache\DBEZKWE9 folder moved successfully.
C:\Users\Judy\AppData\Roaming\Adobe\Flash Player\AssetCache folder moved successfully.
C:\Users\Judy\AppData\Roaming\Adobe\Flash Player folder moved successfully.
C:\Users\Judy\AppData\Roaming\Adobe folder moved successfully.
Folder move failed. C:\Users\Judy\AppData\Roaming scheduled to be moved on reboot.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Judy
->Temp folder emptied: 2886000 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 15650 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 12748 bytes
 
Total Files Cleaned = 3.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 11062014_181400

Files\Folders moved on Reboot...
File move failed. C:\Windows\SysWOW64\regsvr32.exe scheduled to be moved on reboot.
C:\Users\Judy\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs folder moved successfully.
C:\Users\Judy\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs folder moved successfully.
C:\Users\Judy\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates folder moved successfully.
C:\Users\Judy\AppData\Roaming\Microsoft\SystemCertificates\My folder moved successfully.
Folder move failed. C:\Users\Judy\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.
Folder move failed. C:\Users\Judy\AppData\Roaming\Microsoft\Protect scheduled to be moved on reboot.
Folder move failed. C:\Users\Judy\AppData\Roaming\Microsoft\Crypto scheduled to be moved on reboot.
Folder move failed. C:\Users\Judy\AppData\Roaming\Microsoft\Credentials scheduled to be moved on reboot.
C:\Users\Judy\AppData\Roaming\Microsoft\{6ED5EACF-F59D-D096-EF82-F90493D63D78} folder moved successfully.
C:\Users\Judy\AppData\Roaming\Microsoft\Windows\Themes folder moved successfully.
C:\Users\Judy\AppData\Roaming\Microsoft\Windows\PrivacIE folder moved successfully.
C:\Users\Judy\AppData\Roaming\Microsoft\Windows\IETldCache folder moved successfully.
C:\Users\Judy\AppData\Roaming\Microsoft\Windows\IEDownloadHistory folder moved successfully.
C:\Users\Judy\AppData\Roaming\Microsoft\Windows\DNTException folder moved successfully.
C:\Users\Judy\AppData\Roaming\Microsoft\Windows folder moved successfully.
Folder move failed. C:\Users\Judy\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.
Folder move failed. C:\Users\Judy\AppData\Roaming\Microsoft\Protect scheduled to be moved on reboot.
C:\Users\Judy\AppData\Roaming\Microsoft\Internet Explorer\UserData folder moved successfully.
C:\Users\Judy\AppData\Roaming\Microsoft\Internet Explorer folder moved successfully.
Folder move failed. C:\Users\Judy\AppData\Roaming\Microsoft\Crypto scheduled to be moved on reboot.
Folder move failed. C:\Users\Judy\AppData\Roaming\Microsoft\Credentials scheduled to be moved on reboot.
Folder move failed. C:\Users\Judy\AppData\Roaming\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Users\Judy\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.
Folder move failed. C:\Users\Judy\AppData\Roaming\Microsoft\Protect scheduled to be moved on reboot.
Folder move failed. C:\Users\Judy\AppData\Roaming\Microsoft\Crypto scheduled to be moved on reboot.
Folder move failed. C:\Users\Judy\AppData\Roaming\Microsoft\Credentials scheduled to be moved on reboot.
Folder move failed. C:\Users\Judy\AppData\Roaming\Microsoft scheduled to be moved on reboot.
C:\Users\Judy\AppData\Roaming\Hewlett-Packard\HP Support Framework folder moved successfully.
C:\Users\Judy\AppData\Roaming\Hewlett-Packard folder moved successfully.
Folder move failed. C:\Users\Judy\AppData\Roaming scheduled to be moved on reboot.
File\Folder C:\Users\Judy\AppData\Local\Temp\etilqs_4F5bENvvvdL9JACdn3ee not found!
File\Folder C:\Users\Judy\AppData\Local\Temp\fla2684.tmp not found!
File\Folder C:\Users\Judy\AppData\Local\Temp\fla2A3C.tmp not found!
File\Folder C:\Users\Judy\AppData\Local\Temp\fla5D6B.tmp not found!
File\Folder C:\Users\Judy\AppData\Local\Temp\fla6805.tmp not found!
File\Folder C:\Users\Judy\AppData\Local\Temp\flaD8E2.tmp not found!
C:\Users\Judy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

 

 

 

Here's the scan log:

 

OTL logfile created on: 11/6/2014 7:37:34 PM - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Judy\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17358)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.99 Gb Total Physical Memory | 2.63 Gb Available Physical Memory | 66.03% Memory free
7.98 Gb Paging File | 6.56 Gb Available in Paging File | 82.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584.24 Gb Total Space | 511.05 Gb Free Space | 87.47% Space Free | Partition Type: NTFS
Drive D: | 11.83 Gb Total Space | 2.16 Gb Free Space | 18.28% Space Free | Partition Type: NTFS
 
Computer Name: JUDY-PC | User Name: Judy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/11/01 10:00:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Judy\Downloads\OTL.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/09/18 19:25:49 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/27 12:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV - [2014/09/23 17:58:11 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/09/12 03:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/03/20 16:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/11/04 17:31:56 | 000,092,160 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/07/28 15:36:52 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/07/24 13:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/07/28 13:52:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 08:31:42 | 000,233,472 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/09 04:38:42 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/16 05:32:14 | 006,112,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...bestbuy&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn15\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IESR02
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/30 19:37:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/30 19:37:31 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2014/11/06 18:18:03 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn15\yt.dll (Yahoo! Inc.)
O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn15\yt.dll (Yahoo! Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe ()
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [QuickFinder Scheduler] c:\Program Files (x86)\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE (Corel Corporation)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Amazon Cloud Player] "C:\Users\Judy\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe" File not found
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X4\Programs\WPLauncher.hta ()
O8 - Extra context menu item: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X4\Programs\WPLauncher.hta ()
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{478427F3-E4A6-4105-A5B2-AD736A740BB3}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{478427F3-E4A6-4105-A5B2-AD736A740BB3}: NameServer = 8.8.8.8,8.8.8.8
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/11/06 19:18:33 | 000,000,000 | ---D | C] -- C:\Users\Judy\AppData\Roaming\Macromedia
[2014/11/06 19:18:15 | 000,000,000 | ---D | C] -- C:\Users\Judy\AppData\Roaming\Google
[2014/11/06 19:18:14 | 000,000,000 | ---D | C] -- C:\Users\Judy\AppData\Roaming\Adobe
[2014/11/06 19:17:33 | 000,000,000 | ---D | C] -- C:\Users\Judy\AppData\Roaming\PictureMover
[2014/11/06 19:17:32 | 000,000,000 | ---D | C] -- C:\Users\Judy\AppData\Roaming\Apple Computer
[2014/11/05 21:45:03 | 000,000,000 | ---D | C] -- C:\Users\Judy\AppData\Local\Apple Computer
[2014/11/05 20:20:24 | 000,000,000 | ---D | C] -- C:\Users\Judy\AppData\Local\Microsoft Games
[2014/11/04 19:27:54 | 000,000,000 | ---D | C] -- C:\ProgramData\DusutIfazz
[2014/11/04 19:27:53 | 000,000,000 | ---D | C] -- C:\ProgramData\UujfaVojaf
[2014/11/04 18:15:29 | 000,000,000 | ---D | C] -- C:\Users\Judy\AppData\Local\Google
[2014/11/04 18:13:01 | 000,000,000 | -HSD | C] -- C:\Users\Judy\AppData\Local\EmieUserList
[2014/11/04 18:13:01 | 000,000,000 | -HSD | C] -- C:\Users\Judy\AppData\Local\EmieSiteList
[2014/11/04 18:12:53 | 000,000,000 | ---D | C] -- C:\Users\Judy\AppData\Local\VirtualStore
[2014/11/04 18:10:51 | 000,000,000 | ---D | C] -- C:\Users\Judy\AppData\Local\Hewlett-Packard
[2014/11/03 17:10:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/10/28 19:07:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2014/10/16 20:18:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/10/16 20:18:02 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/10/16 20:18:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014/10/16 20:18:02 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2007/01/03 16:35:00 | 001,077,248 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\Program Files (x86)\cdintf210.dll
[2006/12/21 04:00:00 | 001,081,344 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\Program Files (x86)\cdintf.dll
[2006/12/21 03:58:00 | 000,191,608 | ---- | C] (AMYUNI Technologies
http://www.amyuni.com) -- C:\Program Files (x86)\acfpdfui.dll
[2006/12/21 03:57:00 | 000,163,789 | ---- | C] (AMYUNI Technologies
http://www.amyuni.com) -- C:\Program Files (x86)\acfpdfu.dll
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/11/06 19:18:14 | 000,018,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/11/06 19:18:14 | 000,018,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/11/06 19:11:04 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/11/06 19:10:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/11/06 19:10:51 | 3212,713,984 | -HS- | M] () -- C:\hiberfil.sys
[2014/11/06 19:00:01 | 000,000,800 | ---- | M] () -- C:\Windows\tasks\Security Center Update - 3835951123.job
[2014/11/06 19:00:01 | 000,000,798 | ---- | M] () -- C:\Windows\tasks\Security Center Update - 2575515691.job
[2014/11/06 18:58:31 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/11/06 18:54:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/11/06 18:18:03 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/11/06 18:09:28 | 000,000,081 | ---- | M] () -- C:\Users\Judy\AppData\Local\svcxdcl32.dat
[2014/11/05 21:52:08 | 000,000,074 | ---- | M] () -- C:\Windows\MPLAYER.INI
[2014/11/05 21:44:32 | 000,000,848 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2014/11/04 17:29:33 | 000,001,104 | -H-- | M] () -- C:\ProgramData\@system2.att
[2014/11/04 17:29:17 | 000,001,368 | ---- | M] () -- C:\ProgramData\@system.att
[2014/11/02 16:33:22 | 000,801,092 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/11/02 16:33:22 | 000,674,826 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/11/02 16:33:22 | 000,128,100 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/11/02 14:19:19 | 000,000,160 | -H-- | M] () -- C:\ProgramData\@system3.att
[2014/11/02 14:19:01 | 000,000,424 | ---- | M] () -- C:\ProgramData\@system.temp
[2014/11/01 15:13:41 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJudy.job
[2014/11/01 10:00:54 | 000,001,087 | ---- | M] () -- C:\Users\Judy\Desktop\OTL - Shortcut.lnk
[2014/10/17 15:58:58 | 000,401,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/10/16 20:18:39 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/11/05 21:44:32 | 000,000,848 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2014/11/05 21:42:35 | 000,000,074 | ---- | C] () -- C:\Windows\MPLAYER.INI
[2014/11/04 19:28:09 | 000,000,081 | ---- | C] () -- C:\Users\Judy\AppData\Local\svcxdcl32.dat
[2014/11/03 18:07:31 | 000,001,104 | -H-- | C] () -- C:\ProgramData\@system2.att
[2014/11/03 18:07:03 | 000,001,368 | ---- | C] () -- C:\ProgramData\@system.att
[2014/11/01 14:59:33 | 000,000,798 | ---- | C] () -- C:\Windows\tasks\Security Center Update - 2575515691.job
[2014/11/01 14:58:37 | 000,000,800 | ---- | C] () -- C:\Windows\tasks\Security Center Update - 3835951123.job
[2014/11/01 14:55:09 | 000,000,160 | -H-- | C] () -- C:\ProgramData\@system3.att
[2014/11/01 14:54:40 | 000,000,424 | ---- | C] () -- C:\ProgramData\@system.temp
[2014/11/01 10:00:54 | 000,001,087 | ---- | C] () -- C:\Users\Judy\Desktop\OTL - Shortcut.lnk
[2014/10/16 20:18:39 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/02/25 22:06:40 | 000,793,214 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/27 11:47:19 | 002,249,968 | ---- | C] () -- C:\Users\Judy\AppData\Local\tmp001.0
[2011/03/27 11:47:19 | 000,393,296 | ---- | C] () -- C:\Users\Judy\AppData\Local\tmp001.JPG
[2010/12/25 17:05:36 | 001,510,507 | ---- | C] () -- C:\Users\Judy\AppData\Local\tmpPHOTO[1].0
[2010/12/25 17:05:36 | 000,499,408 | ---- | C] () -- C:\Users\Judy\AppData\Local\tmpPHOTO[1].JPG
[2010/12/01 20:55:07 | 002,336,768 | ---- | C] () -- C:\Users\Judy\AppData\Local\tmpTABLES 001.JPG
[2010/11/26 17:46:24 | 000,351,280 | ---- | C] () -- C:\Users\Judy\AppData\Local\tmpPHOTO.JPG
[2010/11/26 17:23:38 | 001,183,836 | ---- | C] () -- C:\Users\Judy\AppData\Local\tmpPHOTO.0
[2010/08/16 18:30:46 | 000,861,925 | ---- | C] () -- C:\Users\Judy\AppData\Local\tmpSCAN0001.1
[2010/08/16 18:30:45 | 001,992,325 | ---- | C] () -- C:\Users\Judy\AppData\Local\tmpSCAN0001.0
[2010/08/16 18:30:45 | 000,858,832 | ---- | C] () -- C:\Users\Judy\AppData\Local\tmpSCAN0001.JPG
[2010/05/10 17:18:24 | 000,117,261 | ---- | C] () -- C:\Users\Judy\AppData\Local\tmpSF-AMY-LEIGH-ANDREWS.0
[2010/05/10 17:18:24 | 000,063,968 | ---- | C] () -- C:\Users\Judy\AppData\Local\tmpSF-AMY-LEIGH-ANDREWS.JPG
 
========== ZeroAccess Check ==========
 
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 20:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 19:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/11/06 19:17:34 | 000,000,000 | ---D | M] -- C:\Users\Judy\AppData\Roaming\PictureMover
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2014/10/28 19:08:58 | 000,000,448 | -H-- | M] ()(C:\Users\Judy\AppData\Roaming\????) -- C:\Users\Judy\AppData\Roaming\麽鎒駓覜
[2014/10/28 19:08:58 | 000,000,448 | -H-- | C] ()(C:\Users\Judy\AppData\Roaming\????) -- C:\Users\Judy\AppData\Roaming\麽鎒駓覜

< End of report >


  • 0

Advertisements


#17
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Ok, I don't think we have any choice, so disable your protection software and try to download the next tool and run it. If that won't work, try safe mode.


  • 0

#18
JudyDB

JudyDB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

Hi, happy Saturday!

I've just spent an hour trying to disable security settings.  I tried to follow steps outlined on the JRT software site to disable through Microsoft Security Essentials, but apparently I do not have that on my computer, as I've run a search and it turns up nothing. 

In the System Protection screen, it says the C drive protection is on, but I can see no means of turning it off.

Do I want to turn off the firewall?

I am petrified and paralyzed about doing that.

What a way to spend a sunny Saturday - ugh.


  • 0

#19
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

I'm sorry that you are having such trouble.

 

Can you provide a screen shot of what is blocking the download? Or, can you use a USB drive on a different machine or a friends machine to download the suggested programs (adwCleaner, JRT, etc.) to run?


  • 0

#20
JudyDB

JudyDB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

Okay, I've downloaded all three programs to the USB drive and will try it when I get home.

 

I'm sorry to be so difficult about all of this.  I'm just not good with knowing what the inner workings of a computer are.  I can follow directions very well, but when I have to figure out something like disabling security, it gets scary.  In trying to clean up my computer a few years ago, I inadvertently deleted some photos.  I was able to get a retrieval program and get most of them back (and have started backing up everything), but it has made me gun-shy to do anything that seems like programming.  I even had a Windows 7 manual, which helped me not at all.

 

The chrome*32 has not shown up since the first fix.  I did have the dllhost *32 appear Saturday evening after the computer had been on for several hours.  I shut down and turned it back on later for about an hour and it did not reappear.  And whenever I open this page I get a 'do you want to debug' window, which I keep telling no.

 

Let's see what I can do this evening from the USB.  Will report back later.

Thanks!


  • 0

#21
JudyDB

JudyDB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

Yes!  Excellent suggestion.  It worked.  Here are the logs:

 

# AdwCleaner v4.101 - Report created 10/11/2014 at 19:50:00
# Updated 09/11/2014 by Xplode
# Database : 2014-11-10.9 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Judy - JUDY-PC
# Running from : H:\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Found : C:\Users\Public\Desktop\eBay.lnk

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\babylon.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\babylon.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\delta.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.ask.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.delta.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\vShare
Key Found : HKCU\Software\Zugo
Key Found : [x64] HKCU\Software\vShare
Key Found : [x64] HKCU\Software\Zugo
Key Found : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Found : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Found : HKLM\SOFTWARE\Classes\Interface\{20ED5AF7-D9C4-409E-9EB3-D2A44A77FB6D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Found : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Found : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{3E315C81-442B-431C-AEC8-ED189699EC24}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Found : HKLM\SOFTWARE\Classes\vShare.IMedixProtocol
Key Found : HKLM\SOFTWARE\Classes\vShare.IMedixProtocol.1
Key Found : HKLM\SOFTWARE\Classes\vShare.PugiObj
Key Found : HKLM\SOFTWARE\Classes\vShare.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers
Key Found : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers.1
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vShare
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{20ED5AF7-D9C4-409E-9EB3-D2A44A77FB6D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344

*************************

AdwCleaner[R0].txt - [9025 octets] - [10/11/2014 19:50:00]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [9085 octets] ##########

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.7 (11.08.2014:1)
OS: Windows 7 Home Premium x64
Ran by Judy on Mon 11/10/2014 at 19:58:06.63
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{DECD5976-D500-4D4B-A856-034E26769E84}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 11/10/2014 at 20:07:54.43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

 

Zoek.exe v5.0.0.0 Updated 10-November-2014
Tool run by Judy on Mon 11/10/2014 at 20:09:38.86.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: H:\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

11/10/2014 8:13:51 PM Zoek.exe System Restore Point Created Succesfully.

==== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) 
64 Bit HP CIO Components Installer 
Acrobat.com 
Activate Norton Online Backup 
Activation Assistant for the 2007 Microsoft Office suites 
Adobe Acrobat 4.0 
Adobe AIR 
Adobe Flash Player 15 ActiveX 
Adobe Reader XI (11.0.09) 
Amazon Cloud Player 
AnswerWorks 5.0 English Runtime 
Apple Application Support 
Apple Mobile Device Support 
Apple Software Update 
Bejeweled 2 Deluxe 
Blackhawk Striker 2 
Blasterball 2 Revolution 
Bob the Builder Can-Do-Zoo 
Bonjour 
BufferChm 
Build-a-lot 3 
C4600 
Chuzzle Deluxe 
Compatibility Pack for the 2007 Office system 
Corel WordPerfect Office - iFilter 64 Bit 
CyberLink DVD Suite Deluxe 
Destinations 
DeviceDiscovery 
DirectX for Managed Code Update (Summer 2004) 
Dora's Carnival Adventure 
Eighteen Wheels of Steel Haulin' 
Family Feud 3 
Family Tree Maker Version 16 
Farm Frenzy - Pizza Party 
FATE Undiscovered Realms 
FTMVistaUpdater 
Google Toolbar for Internet Explorer 
Google Update Helper 
GPBaseService2 
Hardware Diagnostic Tools 
Hewlett-Packard ACLM.NET v1.2.2.3 
Homepage Protection 
HP Advisor 
HP Customer Experience Enhancements 
HP Customer Participation Program 13.0 
HP Game Console 
HP Games 
HP Imaging Device Functions 13.0 
HP MediaSmart Demo 
HP MediaSmart DVD 
HP MediaSmart Movie Themes 
HP MediaSmart Music/Photo/Video 
HP MediaSmart SmartMenu 
HP Odometer 
HP Photosmart C4600 All-In-One Driver Software 13.0 Rel .5 
HP Print Projects 1.0 
HP Remote Solution 
HP Setup 
HP Smart Web Printing 4.60 
HP Solution Center 13.0 
HP Support Assistant 
HP Support Information 
HP Update 
HPPhotoGadget 
hpPrintProjects 
HPProductAssistant 
HPSSupply 
hpWLPGInstaller 
iTunes 
Jewel Quest Solitaire 2 
John Deere Drive Green 
LabelPrint 
LightScribe System Software 
Liong - The Lost Amulets 
Lotus NotesSQL 2.06 driver 
Lotus SmartSuite - English 
LSI PCI-SV92EX Soft Modem 
Mah Jong Medley 
MarketResearch 
Microsoft .NET Framework 4.5.1 
Microsoft Live Search Toolbar 
Microsoft Office 2007 Service Pack 3 (SP3) 
Microsoft Office Excel MUI (English) 2007 
Microsoft Office File Validation Add-In 
Microsoft Office Home and Student 2007 
Microsoft Office Office 64-bit Components 2007 
Microsoft Office OneNote MUI (English) 2007 
Microsoft Office PowerPoint MUI (English) 2007 
Microsoft Office PowerPoint Viewer 2007 (English) 
Microsoft Office Proof (English) 2007 
Microsoft Office Proof (French) 2007 
Microsoft Office Proof (Spanish) 2007 
Microsoft Office Proofing (English) 2007 
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) 
Microsoft Office Shared 64-bit MUI (English) 2007 
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 
Microsoft Office Shared MUI (English) 2007 
Microsoft Office Shared Setup Metadata MUI (English) 2007 
Microsoft Office Word MUI (English) 2007 
Microsoft Silverlight 
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 
Microsoft Visual C++ 2005 Redistributable 
Microsoft Visual C++ 2005 Redistributable (x64) 
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 
Microsoft Works 
More Games from HP Games 
Mortimer Beckett and the Time Paradox 
MSXML 4.0 SP2 (KB954430) 
MSXML 4.0 SP2 (KB973688) 
Mystery P.I. - The New York Fortune 
Mystery P.I. - The Vegas Heist 
Peggle 
Penguins 
Picasa 3 
PictureMover 
Polar Bowler 
Polar Golfer 
Power2Go 
PowerDirector 
PowerRecover 
PS_AIO_05_C4600_Software_Min 
Quicken 2009 
Realtek High Definition Audio Driver 
Scan 
Scrabble 
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2) 
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869) 
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126) 
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368) 
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107) 
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216) 
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2) 
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition  
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition  
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition  
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition  
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition  
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition  
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition  
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition  
Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition  
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition  
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition  
Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition  
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition  
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition  
Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition  
Security Update for Microsoft Office 2007 suites (KB2883031) 32-Bit Edition  
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition  
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition  
Security Update for Microsoft Office OneNote 2007 (KB2596857) 32-Bit Edition  
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition 
Security Update for Microsoft Office Word 2007 (KB2883032) 32-Bit Edition  
Shop for HP Supplies 
ShopAtHome.com Helper 
ShopAtHome.com Toolbar 
Slingo Deluxe 
SmartWebPrinting 
SolutionCenter 
Status 
The Hidden Object Game Show 
Toolbox 
Totem Tribe 
TrayApp 
Update for 2007 Microsoft Office System (KB967642) 
Update for Microsoft Office 2007 Help for Common Features (KB963673) 
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition 
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition 
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition 
Update for Microsoft Office Excel 2007 Help (KB963678) 
Update for Microsoft Office OneNote 2007 Help (KB963670) 
Update for Microsoft Office Powerpoint 2007 Help (KB963669) 
Update for Microsoft Office Script Editor Help (KB963671) 
Update for Microsoft Office Word 2007 Help (KB963665) 
Virtual Villagers - The Secret City 
vShare Plugin 
WebReg 
Wheel of Fortune 2 
WordPerfect Office X4 - Common 
WordPerfect Office X4 - Content 
WordPerfect Office X4 - EN 
WordPerfect Office X4 - Filters 
WordPerfect Office X4 - Graphics 
WordPerfect Office X4 - ICA 
WordPerfect Office X4 - IPM 
WordPerfect Office X4 - IPM EN 
WordPerfect Office X4 - Migration Manager 
WordPerfect Office X4 - PerfectExperts 
WordPerfect Office X4 - PR 
WordPerfect Office X4 - QP 
WordPerfect Office X4 - Skins 
WordPerfect Office X4 - System 
WordPerfect Office X4 - WP 
WordPerfect Office X4 
World of Goo 
Yahoo Messenger 
Yahoo Software Update 
Yahoo Toolbar 
Zuma Deluxe 

==== Running Processes ======================

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\SysWOW64\svchost.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Yahoo\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
C:\Lotus\organize\easyclip.exe
C:\Lotus\smartctr\SUITEST.EXE
C:\LOTUS\REGISTER\remind32.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
H:\JRT.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\syswow64\upnpcont.exe
C:\Windows\syswow64\msfeedssync.exe
C:\Windows\syswow64\systray.exe
C:\Windows\SysWOW64\notepad.exe
H:\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\SysWOW64\cmd.exe

==== Services(whitelist) ======================
Powered by E Dev

R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe
R2 - [AgereModemAudio] - Agere Modem Call Progress Audio - c:\program files\lsi softmodem\agr64svc.exe
R2 - [Apple Mobile Device] - Apple Mobile Device - c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe
R2 - [Bonjour Service] - Bonjour Service - c:\program files\bonjour\mdnsresponder.exe
R2 - [HP Support Assistant Service] - HP Support Assistant Service - c:\program files (x86)\hewlett-packard\hp support framework\hpsa_service.exe
R2 - [LightScribeService] - LightScribeService Direct Disc Labeling Service - c:\program files (x86)\common files\lightscribe\lssrvc.exe
R2 - [PSI_SVC_2] - Protexis Licensing V2 - c:\program files (x86)\common files\protexis\license service\psiservice_2.exe
R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe
R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
R2 - [YahooAUService] - Yahoo! Updater - c:\program files (x86)\yahoo!\softwareupdate\yahooauservice.exe
R3 - [iPod Service] - iPod Service - c:\program files\ipod\bin\ipodservice.exe
R3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe
S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe
S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe
S2 - [gupdate] - Google Update Service (gupdate) - c:\program files (x86)\google\update\googleupdate.exe
S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe
S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe
S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe
S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
S3 - [ehRecvr] - Windows Media Center Receiver Service - c:\windows\ehome\ehrecvr.exe
S3 - [ehSched] - Windows Media Center Scheduler Service - c:\windows\ehome\ehsched.exe
S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe
S3 - [GameConsoleService] - GameConsoleService - c:\program files (x86)\hp games\hp game console\gameconsoleservice.exe
S3 - [gupdatem] - Google Update Service (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe
S3 - [gusvc] - Google Software Updater - c:\program files (x86)\google\common\google updater\googleupdaterservice.exe
S3 - [hpqwmiex] - HP Software Framework Service - c:\program files (x86)\hewlett-packard\shared\hpqwmiex.exe
S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe
S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe
S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
S3 - [odserv] - Microsoft Office Diagnostics Service - c:\program files (x86)\common files\microsoft shared\office12\odserv.exe
S3 - [ose] - Office Source Engine - c:\program files (x86)\common files\microsoft shared\source engine\ose.exe
S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe
S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe
S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe
S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe
S3 - [WatAdminSvc] - Windows Activation Technologies Service - c:\windows\system32\wat\watadminsvc.exe
S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe
S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe
S4 - [aspnet_state] - ASP.NET State Service - c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe
S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe
S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe

==== Batch Command(s) Run By Tool======================

C:\Windows\system32\appdata deleted

==== System Specs ======================

Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 4086 MB
CPU Info: Pentium® Dual-Core  CPU      E5300  @ 2.60GHz
CPU Speed: 2588.0 MHz
Sound Card: Speakers (Realtek High Definiti |
Display Adapters: Intel® G33/G31 Express Chipset Family | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1280 X 960 - 32 bit
Network: Network Present
Network Adapters: Realtek PCIe FE Family Controller
CD / DVD Drives: 1x (E: | ) E: hp      DVD-RAM GH40L
Ports: COM3 LPT Port NOT Present.
Mouse: 8 Button Wheel Mouse Present
Hard Disks: C:  584.2GB | D:  11.8GB
Hard Disks - Free: C:  511.5GB | D:  2.2GB
Manufacturer *: Phoenix Technologies, LTD
BIOS Info: AT/AT COMPATIBLE | 05/07/09 | HPQOEM - 42302e31
Time Zone: Central Standard Time
Motherboard *: MSI Boston
Country: United States
Language: ENU

==== System Specs (Software) ======================

Anti-Spyware: Windows Defender disabled (Outdated)
Internet Explorer Version: 11.0.9600.17358
Adobe Reader version: 11.0.9.29

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2014-11-06 03:42:35 9BBCF59A4150064607080F7B83A3D094 74 ----a-w- C:\Windows\MPLAYER.INI
====== C:\Users\Judy\AppData\Local\Temp ====
2014-11-11 01:47:40 E0DC8C6BBC787B972A9A468648DBFD85 1008128 ----a-w- C:\Users\Judy\AppData\Local\Temp\jrt\libiconv2.dll
2014-11-11 01:47:40 D202BAA425176287017FFE1FB5D1B77C 103424 ----a-w- C:\Users\Judy\AppData\Local\Temp\jrt\libintl3.dll
2014-11-11 01:47:40 57CAC848FA14AE38F14F9441F8933282 140288 ----a-w- C:\Users\Judy\AppData\Local\Temp\jrt\pcre3.dll
2014-11-11 01:47:40 547C43567AB8C08EB30F6C6BACB479A3 79360 ----a-w- C:\Users\Judy\AppData\Local\Temp\jrt\regex2.dll
2014-11-11 01:47:40 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\Judy\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
2014-10-16 22:40:36 FE571E088C2D83619D2D48D4E961BF41 212480 ----a-w- C:\Windows\Sysnative\drivers\rdpwd.sys
2014-10-16 22:40:34 E232A3B43A894BB327FC161529BD9ED1 39936 ----a-w- C:\Windows\Sysnative\drivers\tssecsrv.sys
====== C:\Windows\Tasks ======
2014-10-29 01:08:11 8688CE11763503AF0AD1AF9679F140DD 4032 ----a-w- C:\Windows\Sysnative\Tasks\{CE9EBBCB-828A-A04A-D80F-4FE91FD4B1E3}
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-10-17 02:18:02 -------- d-----w- C:\Program Files\iTunes
2014-10-17 02:18:02 -------- d-----w- C:\Program Files\iPod
======= C:\PROGRA~2 =====
2014-10-17 02:18:02 -------- d-----w- C:\PROGRA~2\iTunes
======= C: =====
====== C:\Users\Judy\AppData\Roaming ======
2014-11-07 23:06:03 -------- d-----w- C:\Users\Judy\AppData\Local\Amazon Cloud Player
2014-11-07 22:57:08 -------- d-----w- C:\Users\Judy\AppData\Roaming\Hewlett-Packard
2014-11-07 02:46:01 -------- d-----w- C:\Users\Judy\AppData\Local\Apple
2014-11-07 01:18:15 -------- d-----w- C:\Users\Judy\AppData\Roaming\Google
2014-11-07 01:18:14 -------- d-----w- C:\Users\Judy\AppData\Roaming\Adobe
2014-11-07 01:17:33 -------- d-----w- C:\Users\Judy\AppData\Roaming\PictureMover
2014-11-07 01:17:32 -------- d-----w- C:\Users\Judy\AppData\Roaming\Apple Computer
2014-11-06 03:45:03 -------- d-----w- C:\Users\Judy\AppData\Local\Apple Computer
2014-11-06 02:20:24 -------- d-----w- C:\Users\Judy\AppData\Local\Microsoft Games
2014-11-05 01:28:09 3CB810015B4B89EF32A9F3E6212CCBEA 81 ----a-w- C:\Users\Judy\AppData\Local\svcxdcl32.dat
2014-11-05 00:15:29 -------- d-----w- C:\Users\Judy\AppData\Local\Google
2014-11-05 00:13:01 -------- d-sh--w- C:\Users\Judy\AppData\Local\EmieUserList
2014-11-05 00:13:01 -------- d-sh--w- C:\Users\Judy\AppData\Local\EmieSiteList
2014-11-05 00:12:53 -------- d-----w- C:\Users\Judy\AppData\Local\VirtualStore
2014-11-05 00:10:51 -------- d-----w- C:\Users\Judy\AppData\Local\Hewlett-Packard
2014-11-05 00:10:28 -------- d-s---w- C:\Users\Judy\AppData\Locallow\Microsoft
2014-10-31 01:11:38 D0C50053E71E64EF5AF9E213FDDE7CD4 4210 ----a-w- C:\Users\Judy\AppData\Roaming\DECRYPT_INSTRUCTION.TXT
2014-10-31 01:11:13 D0C50053E71E64EF5AF9E213FDDE7CD4 4210 ----a-w- C:\Users\Judy\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-10-29 01:08:58 20D67D64202582415EC8E345BFEF4AE6 448 ---ha-w- C:\Users\Judy\AppData\Roaming\????
====== C:\Users\Judy ======
2014-11-06 03:44:32 58BD7B0D8288E9D852E89A34CD64625A 848 --sha-w- C:\ProgramData\KGyGaAvL.sys
2014-11-05 01:27:54 -------- d-----w- C:\ProgramData\DusutIfazz
2014-11-05 01:27:53 -------- d-----w- C:\ProgramData\UujfaVojaf
2014-11-04 00:07:31 A4E1FDEFA610E9028D2CB60670EFE7A4 1104 ---ha-w- C:\ProgramData\@system2.att
2014-11-04 00:07:03 BE22162245D4BBDAE28FD406EFEE7397 1368 ----a-w- C:\ProgramData\@system.att
2014-11-01 20:55:09 96146C09AC7DF8E0B8E3069CF6391929 160 ---ha-w- C:\ProgramData\@system3.att
2014-11-01 20:54:40 ACA84D9B0EB51EE54B2EA82161A9504E 424 ----a-w- C:\ProgramData\@system.temp
2014-11-01 16:00:20 4ADCFEE16EE9978F06157634669D36FB 602112 ----a-w- C:\Users\Judy\Downloads\OTL.exe
2014-10-31 01:26:30 D0C50053E71E64EF5AF9E213FDDE7CD4 4210 ----a-w- C:\Users\Public\DECRYPT_INSTRUCTION.TXT
2014-10-31 01:26:30 447B24E23ABBE5021D55F70DB7D1702D 8538 ----a-w- C:\Users\Public\DECRYPT_INSTRUCTION.HTML
2014-10-31 01:26:30 12F2129A991C4104E8E5D6FA2F724CD4 274 ----a-w- C:\Users\Public\INSTALL_TOR.URL
2014-10-31 01:26:28 D0C50053E71E64EF5AF9E213FDDE7CD4 4210 ----a-w- C:\Users\Judy\DECRYPT_INSTRUCTION.TXT
2014-10-31 01:09:05 D0C50053E71E64EF5AF9E213FDDE7CD4 4210 ----a-w- C:\ProgramData\DECRYPT_INSTRUCTION.TXT
2014-10-29 01:09:17 BC72573C8048741D0D12DC8C91AC5B69 87200 ----a-w- C:\ProgramData\wrnhoah.tmp
2014-10-29 01:07:40 -------- d-----w- C:\ProgramData\Windows Genuine Advantage
2014-10-17 02:18:39 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

====== C: exe-files ==
=== C: other files ==
2014-11-11 01:47:40 FB39370AD0B39DB5BBC0BDEC20A077D2 10452 ----a-w- C:\Users\Judy\AppData\Local\Temp\jrt\runvalues.bat
2014-11-11 01:47:40 F56A319979F631C141F5FF02DF87FDB1 43563 ----a-w- C:\Users\Judy\AppData\Local\Temp\jrt\prelim.bat
2014-11-11 01:47:40 DD1E4D974B1672ABD09EFFB225791C4A 1230 ----a-w- C:\Users\Judy\AppData\Local\Temp\jrt\TDL4.bat
2014-11-11 01:47:40 D74254972B01EDE311F554F11AEBD61F 14957 ----a-w- C:\Users\Judy\AppData\Local\Temp\jrt\get.bat
2014-11-11 01:47:40 AD2F52DC72B10AF331692E4A4DD80DFC 18670 ----a-w- C:\Users\Judy\AppData\Local\Temp\jrt\medfos.bat
2014-11-11 01:47:40 AA0C656F898523BEDF2DA6923197BB80 1264 ----a-w- C:\Users\Judy\AppData\Local\Temp\jrt\surfvox.bat
2014-11-11 01:47:40 8E6020C14F982CF11B3FE7DBB0CB8EDE 24738 ----a-w- C:\Users\Judy\AppData\Local\Temp\jrt\searchlnk.bat
2014-11-11 01:47:40 86707BCE5CBB65D9B1C41E249B4423BA 152733 ----a-w- C:\Users\Judy\AppData\Local\Temp\jrt\firefox.bat
2014-11-11 01:47:40 842342D73FA6112A895093D257C36D63 187592 ----a-w- C:\Users\Judy\AppData\Local\Temp\jrt\misc.bat
2014-11-11 01:47:40 83F691D8398F0E37E71E9355BF730DB9 719 ----a-w- C:\Users\Judy\AppData\Local\Temp\jrt\ev_clear.bat
2014-11-11 01:47:40 4D80C7010E2CE44AB25FA25B013649E4 8085 ----a-w- C:\Users\Judy\AppData\Local\Temp\jrt\mws.bat
2014-11-11 01:47:40 38A0BDF322ACCC968B0A824C38D50157 29635 ----a-w- C:\Users\Judy\AppData\Local\Temp\jrt\ask.bat
2014-11-11 01:47:40 335DFF8F23E5EC02B5426362F0F8509B 31401 ----a-w- C:\Users\Judy\AppData\Local\Temp\jrt\iexplore.bat
2014-11-11 01:47:40 0C4649A62845AB5D5DBCC4998477FF6D 1813 ----a-w- C:\Users\Judy\AppData\Local\Temp\jrt\delfolders.bat
2014-11-11 01:47:40 048407135C9B1FB6A355E256BD96160D 14192 ----a-w- C:\Users\Judy\AppData\Local\Temp\jrt\chrome.bat
2014-11-06 03:44:32 58BD7B0D8288E9D852E89A34CD64625A 848 --sha-w- C:\ProgramData\KGyGaAvL.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-977744973-2552835015-2244764293-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"Amazon Cloud Player"="C:\Users\Judy\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe"
"HP Software Update"="c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe"
"NortonOnlineBackupReminder"="C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe UNATTENDED"
"UpdatePRCShortCut"="C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\Hewlett-Packard\Recovery UpdateWithCreateOnce Software\CyberLink\PowerRecover"
"QuickFinder Scheduler"="c:\Program Files (x86)\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"HP Remote Solution"="%ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Amazon Cloud Player"="C:\Users\Judy\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"SmartMenu"="C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe Update"

==== Startup Folders ======================

2010-03-16 21:48:17 2101 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
2010-03-07 04:55:03 607 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lotus Organizer EasyClip.lnk
2010-03-07 04:55:03 599 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lotus QuickStart.lnk
2010-03-07 04:55:03 775 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lotus SuiteStart.lnk
2009-11-16 19:51:54 1937 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ :C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe []
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [10/17/2014 04:48 PM]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [10/17/2014 04:48 PM]
C:\Windows\tasks\HPCeeScheduleForJudy.job --a------ C:\Program Files (x86)\Hewlett-PaC:kard\HP C:eement\HPC:EE.exe []
C:\Windows\tasks\PCDRScheduledMaintenance.job --a------ C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe [07/02/2009 05:04 AM]
C:\Windows\tasks\Security Center Update - 2575515691.job --a------ C:\Users\Judy\AppData\Roaming\Rumowuo\fyysira.exe []
C:\Windows\tasks\Security Center Update - 3835951123.job --a------ C:\Users\Judy\AppData\Roaming\Igqewoti\ygqely.exe []

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\CLMLSvc" [c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe]
"C:\Windows\SysNative\tasks\DVDAgent" [c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\HPCeeScheduleForJudy" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe]
"C:\Windows\SysNative\tasks\PCDRScheduledMaintenance" [C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe]
"C:\Windows\SysNative\tasks\RecoveryCDWin7" ["C:\Program Files (x86)\Hewlett-Packard\HP TCS\RemEngine.exe"]
"C:\Windows\SysNative\tasks\Security Center Update - 1007410844" [C:\Users\Judy\AppData\Roaming\Viarorhy\ulcyive.exe]
"C:\Windows\SysNative\tasks\Security Center Update - 2575515691" [C:\Users\Judy\AppData\Roaming\Rumowuo\fyysira.exe]
"C:\Windows\SysNative\tasks\Security Center Update - 3835951123" [C:\Users\Judy\AppData\Roaming\Igqewoti\ygqely.exe]
"C:\Windows\SysNative\tasks\{3540FD7D-3018-41E8-B012-DF863E500D9A}" [C:\Program Files (x86)\iTunes\iTunes.exe]
"C:\Windows\SysNative\tasks\{CE9EBBCB-828A-A04A-D80F-4FE91FD4B1E3}" [C:\Windows\system32\regsvr32.exe]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"[email protected]"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [04/30/2010 07:37 PM]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"[email protected]"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [04/30/2010 07:37 PM]

==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/"
"Default_Page_URL"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/...Box&FORM=IESR02"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Unknown  Url="Not_Found"

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on Mon 11/10/2014 at 20:21:41.78 ======================


  • 0

#22
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Hi there :)

 

Bad news, you have some really nasty infections on the machine, however, I think we can clean them up. However, we're going to need a couple more tools. Sorry to have to chase you to the other machine :)

 

FRST.gif Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • When the tool opens click Yes to disclaimer.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please copy and paste their content into your next reply.

  • Download RogueKiller (by tigzy) on to your desktop
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until the Prescan has finished ...
  • Click on Scan. Once finished, click on Report and save the report for me.
  • Then click Delete (if offered). It might be necessary to rerun RogueKiller to perform the Delete.

Please post the contents of the RKreport.txt in your next Reply.


  • 0

#23
JudyDB

JudyDB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

No worries, I'm here at work five days a week anyway!

 

Considering how my machine was acting, I'm not surprised at the general condition.  If is were a child or a pet, I'd probably say 'poor little thing.'

 

I'll get these two new programs run tonight.

 

As an aside, I did seem to lose some things in the cleaning.  My folders are in my Pictures file, but there are no photos in the folders.  My Family Tree Maker is also empty.  They and Picasa all give me a message that I have to run an update, which seemed suspicious because it was the same message for all three, and which I will not do unless you say it is okay.  Fortunately I do have FTM and photos backed up on a flash drive, and Picasa is stored in the cloud anyway, so it will just be a matter of reactivating the program.  Quicken, WordPerfect, and i-Tunes all seem okay.

 

Again, thanks.


  • 0

#24
JudyDB

JudyDB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

Partial success.  FRST says I need FRST64 for my OS.  But I did run RogueKiller.  Here's the log:

 

RogueKiller V10.0.5.0 [Nov 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Judy [Administrator]
Mode : Scan -- Date : 11/11/2014  20:42:44

¤¤¤ Processes : 2 ¤¤¤
[Tr.Poweliks] dllhost.exe -- [x] -> Killed [TermProc]
[Tr.Poweliks] dllhost.exe -- C:\Windows\syswow64\dllhost.exe[7] -> Killed [TermThr]

¤¤¤ Registry : 13 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 [UNITED STATES (US)][UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 [UNITED STATES (US)][UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 [UNITED STATES (US)][UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{478427F3-E4A6-4105-A5B2-AD736A740BB3} | DhcpNameServer : 209.18.47.61 209.18.47.62 [UNITED STATES (US)][UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{478427F3-E4A6-4105-A5B2-AD736A740BB3} | DhcpNameServer : 209.18.47.61 209.18.47.62 [UNITED STATES (US)][UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{478427F3-E4A6-4105-A5B2-AD736A740BB3} | DhcpNameServer : 209.18.47.61 209.18.47.62 [UNITED STATES (US)][UNITED STATES (US)]  -> Found
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[Tr.Poweliks] (X64) HKEY_USERS\S-1-5-21-977744973-2552835015-2244764293-1001\Software\classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\LocalServer32 -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost
[C:\Windows\System32\drivers\etc\hosts] ::1       localhost

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] 328dee19c8d077856ba620183d751b1c
[BSP] 8d8ea49bdbac1bbcf4d86659e9a2d064 : Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206911 | Size: 598262 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1225449472 | Size: 12115 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1:  +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2:  +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3:  +++++
--- User ---
[MBR] 5c2255dfee312983294fefbafda236cb
[BSP] 096ca65415799301792a33c93b5e78da : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT16-LBA (0xe) [VISIBLE] Offset (sectors): 32 | Size: 243 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )


  • 0

#25
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Sorry about the script error and not informing you about FRST 64. :blush:

 

Rogue Killer showed a very nasty infection called Poweliks. I think these tools, run in this order, will help.

 

How do I remove Poweliks?

  • Please download Malwarebytes Anti-Rootkit BETA to your desktop.
  • If you are using Internet Explorer and receive a prompt that the security settings block the download, follow the instructions to reset Internet Explorer posted below first.
  • Double-click mbar-version-number.exe and follow the prompts to install the program.
  • Use the "Update" button to get the latest definitions.
  • Before you run the Malwarebytes Anti-Rootkit BETA scan you may be prompted to exit Malwarebytes Anti-Malware.
    xexitMBAM.png.pagespeed.ic.CH5dJn235W.pn
    Please do so using the icon in your taskbar and click "Previous" to go back to the "Scan" option.
  • Wait for the scan to finish and use the "Cleanup" button if Malwarebytes Anti-Rootkit BETA found the malware.
    xFoundit2.png.pagespeed.ic.siCw-49Hic.pn

Reset the advanced settings and zones in Internet Explorer.

  • Open Internet Explorer
  • Click on Tools > Internet Options and open the "Advanced" tab
  • Click on the "Reset" button, the "Apply" and "OK"
  • On the Security tab click the button "Reset all zones to default level".

Finially, finish with an FRST 64 scan.


  • 0

Advertisements


#26
JudyDB

JudyDB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

Hi again  :)

 

Is the FRST 64 in the download that I already have or do I have to go someplace else to get it?


  • 0

#27
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts
Yes, at the same download location.
  • 0

#28
JudyDB

JudyDB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

There were 21 malwares found in the malwarebytes scan!

 

Here's the FRST 64 scan log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2014
Ran by Judy (administrator) on JUDY-PC on 12-11-2014 20:58:52
Running from C:\Users\Judy\Downloads
Loaded Profile: Judy (Available profiles: Judy)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
(Lotus Development Corporation) C:\Lotus\organize\EasyClip.exe
(Lotus Development Corporation.) C:\Lotus\smartctr\SUITEST.EXE
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(IntelliQuest Communications, Inc.) C:\Lotus\register\REMIND32.EXE
(Hewlett-Packard Co.) C:\Program Files (x86)\hp\Digital Imaging\bin\hpqste08.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\hp\Digital Imaging\bin\hpqbam08.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\Digital Imaging\bin\hpqgpc01.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-07-08] ()
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Remote Solution] => C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-05-26] ()
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [581480 2009-05-12] (Symantec Corporation)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [QuickFinder Scheduler] => c:\Program Files (x86)\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE [83232 2009-06-22] (Corel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard)
HKLM Group Policy restriction on software: C:\Program Files (x86)\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-977744973-2552835015-2244764293-1001\...\Run: [Amazon Cloud Player] => "C:\Users\Judy\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"
HKU\S-1-5-21-977744973-2552835015-2244764293-1001\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lotus Organizer EasyClip.lnk
ShortcutTarget: Lotus Organizer EasyClip.lnk -> C:\Lotus\organize\EasyClip.exe (Lotus Development Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lotus QuickStart.lnk
ShortcutTarget: Lotus QuickStart.lnk -> C:\Lotus\wordpro\ltsstart.exe (Lotus Development Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lotus SuiteStart.lnk
ShortcutTarget: Lotus SuiteStart.lnk -> C:\Lotus\smartctr\SUITEST.EXE (Lotus Development Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk
ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
Startup: C:\_OTL\MovedFiles\11042014_173518\C_Users\Judy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lotus SmartSuite 9.6 - English Registration.lnk
ShortcutTarget: Lotus SmartSuite 9.6 - English Registration.lnk -> C:\Lotus\register\REMIND32.EXE (IntelliQuest Communications, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn15\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-977744973-2552835015-2244764293-1001 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKU\S-1-5-21-977744973-2552835015-2244764293-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{478427F3-E4A6-4105-A5B2-AD736A740BB3}: [NameServer] 8.8.8.8,8.8.8.8

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-04-30]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-05-18] (Hewlett-Packard Company) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-11-11] ()

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-12 20:58 - 2014-11-12 20:59 - 00012553 _____ () C:\Users\Judy\Downloads\FRST.txt
2014-11-12 20:58 - 2014-11-12 20:58 - 02116096 _____ (Farbar) C:\Users\Judy\Downloads\FRST64.exe
2014-11-12 20:58 - 2014-11-12 20:58 - 00000000 ____D () C:\FRST
2014-11-12 20:54 - 2014-11-12 20:54 - 01107968 _____ (Farbar) C:\Users\Judy\Downloads\FRST.exe
2014-11-12 19:50 - 2014-11-12 20:03 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-11-12 19:50 - 2014-11-12 19:50 - 00131800 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-12 19:50 - 2014-11-12 19:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-12 19:47 - 2014-11-12 20:02 - 00000000 ____D () C:\Users\Judy\Desktop\mbar
2014-11-12 19:47 - 2014-11-12 19:47 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-12 19:28 - 2014-11-12 19:28 - 00000000 __SHD () C:\Users\Judy\AppData\Local\EmieBrowserModeList
2014-11-11 20:38 - 2014-11-11 20:38 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-11-11 20:37 - 2014-11-11 20:38 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-11-11 19:44 - 2014-11-07 13:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-11 19:44 - 2014-11-07 13:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-11 19:44 - 2014-11-05 22:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-11 19:44 - 2014-11-05 22:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-11 19:44 - 2014-11-05 21:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-11 19:44 - 2014-11-05 21:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-11 19:44 - 2014-11-05 21:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-11 19:44 - 2014-11-05 21:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-11 19:44 - 2014-11-05 21:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-11 19:44 - 2014-11-05 21:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-11 19:44 - 2014-11-05 21:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-11 19:44 - 2014-11-05 21:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-11 19:44 - 2014-11-05 21:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-11 19:44 - 2014-11-05 21:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-11 19:44 - 2014-11-05 21:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-11 19:44 - 2014-11-05 21:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-11 19:44 - 2014-11-05 21:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-11 19:44 - 2014-11-05 21:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-11 19:44 - 2014-11-05 20:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-11 19:44 - 2014-11-05 20:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-11 19:44 - 2014-11-05 20:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-11 19:44 - 2014-11-05 20:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-11 19:44 - 2014-11-05 20:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-11 19:44 - 2014-11-05 20:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-11 19:44 - 2014-11-05 20:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-11 19:44 - 2014-11-05 20:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-11 19:44 - 2014-11-05 20:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-11 19:44 - 2014-11-05 20:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-11 19:44 - 2014-11-05 20:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-11 19:44 - 2014-11-05 20:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-11 19:44 - 2014-11-05 20:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-11 19:44 - 2014-11-05 19:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-11 19:44 - 2014-11-05 19:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-11 19:44 - 2014-11-05 19:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-11 19:44 - 2014-11-05 11:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-11 19:44 - 2014-11-05 11:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-11 19:44 - 2014-11-05 11:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-11 19:44 - 2014-10-13 20:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-11 19:44 - 2014-10-13 20:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-11 19:44 - 2014-10-13 20:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-11 19:44 - 2014-10-13 20:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-11 19:44 - 2014-10-13 20:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-11 19:44 - 2014-10-13 19:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-11 19:44 - 2014-10-13 19:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-11 19:44 - 2014-10-13 19:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-11 19:44 - 2014-10-13 19:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-11 19:43 - 2014-11-05 22:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-11 19:43 - 2014-11-05 21:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-11 19:43 - 2014-11-05 21:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-11 19:43 - 2014-11-05 21:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-11 19:43 - 2014-11-05 21:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-11 19:43 - 2014-11-05 21:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-11 19:43 - 2014-11-05 21:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-11 19:43 - 2014-11-05 21:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-11 19:43 - 2014-11-05 21:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-11 19:43 - 2014-11-05 21:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-11 19:43 - 2014-11-05 21:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-11 19:43 - 2014-11-05 21:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-11 19:43 - 2014-11-05 21:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-11 19:43 - 2014-11-05 21:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-11 19:43 - 2014-11-05 20:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-11 19:43 - 2014-11-05 20:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-11 19:43 - 2014-11-05 20:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-11 19:43 - 2014-11-05 20:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-11 19:43 - 2014-11-05 20:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-11 19:43 - 2014-11-05 20:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-11 19:43 - 2014-11-05 20:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-11 19:43 - 2014-11-05 19:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-11 19:42 - 2014-10-24 19:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-11 19:42 - 2014-10-24 19:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-11 19:42 - 2014-10-17 20:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-11 19:42 - 2014-10-17 19:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-11 19:42 - 2014-10-13 20:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-11 19:42 - 2014-10-13 19:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-11 19:42 - 2014-10-09 18:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-11 19:42 - 2014-10-02 20:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-11 19:42 - 2014-10-02 20:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-11 19:42 - 2014-10-02 20:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-11 19:42 - 2014-10-02 20:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-11 19:42 - 2014-10-02 20:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-11 19:42 - 2014-10-02 19:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-11 19:42 - 2014-10-02 19:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-11 19:42 - 2014-10-02 19:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-11 19:42 - 2014-09-19 03:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-11 19:42 - 2014-09-19 03:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-11 19:42 - 2014-09-19 03:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-11 19:42 - 2014-09-19 03:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-11 19:42 - 2014-09-19 03:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-11 19:42 - 2014-09-19 03:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-11 19:42 - 2014-09-19 03:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-11 19:42 - 2014-09-19 03:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-11 19:42 - 2014-09-19 03:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-11 19:42 - 2014-09-19 03:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-11 19:42 - 2014-09-19 03:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-11 19:42 - 2014-09-19 03:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-11 19:42 - 2014-09-19 03:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-11 19:42 - 2014-09-19 03:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-11 19:42 - 2014-08-21 00:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-11 19:42 - 2014-08-21 00:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-11 19:42 - 2014-08-21 00:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-11 19:42 - 2014-08-21 00:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-11 19:42 - 2014-08-11 20:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-11 19:42 - 2014-08-11 19:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-10 20:13 - 2014-11-10 20:21 - 00030519 _____ () C:\zoek-results.log
2014-11-10 20:09 - 2014-11-10 20:09 - 00000000 ____D () C:\zoek_backup
2014-11-10 20:07 - 2014-11-10 20:07 - 00002108 _____ () C:\Users\Judy\Desktop\JRT.txt
2014-11-10 19:47 - 2014-11-10 19:47 - 00000630 _____ () C:\Users\Judy\Desktop\AdwCleaner - Shortcut.lnk
2014-11-10 19:47 - 2014-11-10 19:47 - 00000000 ____D () C:\Windows\ERUNT
2014-11-10 19:45 - 2014-11-10 19:51 - 00000000 ____D () C:\AdwCleaner
2014-11-07 17:06 - 2014-11-07 17:06 - 00000000 ____D () C:\Users\Judy\AppData\Local\Amazon Cloud Player
2014-11-07 16:57 - 2014-11-07 16:57 - 00000000 ____D () C:\Users\Judy\AppData\Roaming\Hewlett-Packard
2014-11-06 20:46 - 2014-11-06 20:46 - 00000000 ____D () C:\Users\Judy\AppData\Local\Apple
2014-11-06 19:18 - 2014-11-07 16:54 - 00000000 ____D () C:\Users\Judy\AppData\Roaming\Google
2014-11-06 19:18 - 2014-11-06 19:18 - 00000000 ____D () C:\Users\Judy\AppData\Roaming\Macromedia
2014-11-06 19:18 - 2014-11-06 19:18 - 00000000 ____D () C:\Users\Judy\AppData\Roaming\Adobe
2014-11-06 19:17 - 2014-11-06 19:17 - 00000000 ____D () C:\Users\Judy\AppData\Roaming\PictureMover
2014-11-06 19:17 - 2014-11-06 19:17 - 00000000 ____D () C:\Users\Judy\AppData\Roaming\Apple Computer
2014-11-05 21:45 - 2014-11-05 21:45 - 00000000 ____D () C:\Users\Judy\AppData\Local\Apple Computer
2014-11-05 21:44 - 2014-11-05 21:44 - 00000848 ___SH () C:\ProgramData\KGyGaAvL.sys
2014-11-05 21:42 - 2014-11-05 21:52 - 00000074 _____ () C:\Windows\MPLAYER.INI
2014-11-05 20:20 - 2014-11-10 21:57 - 00000000 ____D () C:\Users\Judy\AppData\Local\Microsoft Games
2014-11-04 19:28 - 2014-11-04 19:28 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
2014-11-04 19:27 - 2014-11-12 20:01 - 00000000 ____D () C:\ProgramData\UujfaVojaf
2014-11-04 19:27 - 2014-11-12 20:01 - 00000000 ____D () C:\ProgramData\DusutIfazz
2014-11-04 18:15 - 2014-11-05 21:53 - 00000000 ____D () C:\Users\Judy\AppData\Local\Google
2014-11-04 18:13 - 2014-11-04 18:15 - 00000000 __SHD () C:\Users\Judy\AppData\Local\EmieUserList
2014-11-04 18:13 - 2014-11-04 18:15 - 00000000 __SHD () C:\Users\Judy\AppData\Local\EmieSiteList
2014-11-04 18:12 - 2014-11-04 18:12 - 00000000 ____D () C:\Users\Judy\AppData\Local\VirtualStore
2014-11-04 18:10 - 2014-11-09 16:55 - 00000000 ____D () C:\Users\Judy\AppData\Local\Hewlett-Packard
2014-11-03 18:07 - 2014-11-04 17:29 - 00001368 _____ () C:\ProgramData\@system.att
2014-11-03 18:07 - 2014-11-04 17:29 - 00001104 ____H () C:\ProgramData\@system2.att
2014-11-03 17:10 - 2014-11-03 17:10 - 00000000 ____D () C:\_OTL
2014-11-01 14:55 - 2014-11-02 14:19 - 00000160 ____H () C:\ProgramData\@system3.att
2014-11-01 14:54 - 2014-11-02 14:19 - 00000424 _____ () C:\ProgramData\@system.temp
2014-11-01 13:34 - 2014-11-01 13:34 - 00089948 _____ () C:\Users\Judy\Downloads\Extras.Txt
2014-11-01 12:32 - 2014-11-06 19:43 - 00054476 _____ () C:\Users\Judy\Downloads\OTL.Txt
2014-11-01 10:00 - 2014-11-01 10:00 - 00602112 _____ (OldTimer Tools) C:\Users\Judy\Downloads\OTL.exe
2014-11-01 10:00 - 2014-11-01 10:00 - 00001087 _____ () C:\Users\Judy\Desktop\OTL - Shortcut.lnk
2014-10-30 19:26 - 2014-10-30 19:26 - 00008538 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.HTML
2014-10-30 19:26 - 2014-10-30 19:26 - 00004210 _____ () C:\Users\Public\Documents\DECRYPT_INSTRUCTION.TXT
2014-10-30 19:26 - 2014-10-30 19:26 - 00004210 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.TXT
2014-10-30 19:26 - 2014-10-30 19:26 - 00004210 _____ () C:\Users\Judy\DECRYPT_INSTRUCTION.TXT
2014-10-30 19:26 - 2014-10-30 19:26 - 00000274 _____ () C:\Users\Public\INSTALL_TOR.URL
2014-10-30 19:12 - 2014-10-30 19:12 - 00008538 _____ () C:\Users\Judy\Downloads\DECRYPT_INSTRUCTION.HTML
2014-10-30 19:12 - 2014-10-30 19:12 - 00004210 _____ () C:\Users\Judy\Downloads\DECRYPT_INSTRUCTION.TXT
2014-10-30 19:12 - 2014-10-30 19:12 - 00004210 _____ () C:\Users\Judy\Documents\DECRYPT_INSTRUCTION.TXT
2014-10-30 19:12 - 2014-10-30 19:12 - 00000274 _____ () C:\Users\Judy\Downloads\INSTALL_TOR.URL
2014-10-30 19:11 - 2014-10-30 19:11 - 00008538 _____ () C:\Users\Judy\AppData\DECRYPT_INSTRUCTION.HTML
2014-10-30 19:11 - 2014-10-30 19:11 - 00004210 _____ () C:\Users\Judy\AppData\Roaming\DECRYPT_INSTRUCTION.TXT
2014-10-30 19:11 - 2014-10-30 19:11 - 00004210 _____ () C:\Users\Judy\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-10-30 19:11 - 2014-10-30 19:11 - 00004210 _____ () C:\Users\Judy\AppData\DECRYPT_INSTRUCTION.TXT
2014-10-30 19:11 - 2014-10-30 19:11 - 00000274 _____ () C:\Users\Judy\AppData\INSTALL_TOR.URL
2014-10-30 19:09 - 2014-10-30 19:09 - 00004210 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT
2014-10-28 19:15 - 2014-10-28 19:15 - 00003808 _____ () C:\Windows\System32\Tasks\Security Center Update - 1007410844
2014-10-28 19:09 - 2014-11-04 17:29 - 00087200 _____ () C:\ProgramData\wrnhoah.tmp
2014-10-28 19:08 - 2014-10-28 19:08 - 00004032 _____ () C:\Windows\System32\Tasks\{CE9EBBCB-828A-A04A-D80F-4FE91FD4B1E3}
2014-10-28 19:08 - 2014-10-28 19:08 - 00000448 ____H () C:\Users\Judy\AppData\Roaming\麽鎒駓覜
2014-10-28 19:07 - 2014-11-04 19:27 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-10-16 20:18 - 2014-10-16 20:18 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-10-16 20:18 - 2014-10-16 20:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-16 20:18 - 2014-10-16 20:18 - 00000000 ____D () C:\Program Files\iTunes
2014-10-16 20:18 - 2014-10-16 20:18 - 00000000 ____D () C:\Program Files\iPod
2014-10-16 20:18 - 2014-10-16 20:18 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-10-16 16:41 - 2014-06-18 16:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 16:41 - 2014-06-18 16:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 16:41 - 2014-06-18 16:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 16:41 - 2014-06-18 16:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 16:41 - 2014-06-18 16:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 16:41 - 2014-06-18 16:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 16:40 - 2014-09-03 23:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 16:40 - 2014-09-03 23:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-16 16:40 - 2014-07-16 20:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 16:40 - 2014-07-16 20:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-16 16:40 - 2014-07-16 20:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 16:40 - 2014-07-16 20:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 16:40 - 2014-07-16 20:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 16:40 - 2014-07-16 19:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-16 16:40 - 2014-07-16 19:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-16 16:40 - 2014-07-16 19:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-16 16:40 - 2014-07-16 19:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-16 16:40 - 2014-07-16 19:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 16:40 - 2014-07-16 19:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-12 20:58 - 2012-07-17 16:52 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-12 20:53 - 2010-03-20 18:31 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-12 20:53 - 2009-07-13 23:13 - 00801092 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-12 20:41 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-11-12 20:11 - 2009-07-13 22:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-12 20:11 - 2009-07-13 22:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-12 20:08 - 2009-11-16 15:29 - 01425272 _____ () C:\Windows\WindowsUpdate.log
2014-11-12 20:03 - 2010-03-20 18:31 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-12 20:03 - 2010-03-03 17:51 - 00332176 _____ () C:\Windows\PFRO.log
2014-11-12 20:03 - 2009-07-13 23:32 - 00000000 ____D () C:\Windows\Offline Web Pages
2014-11-12 20:03 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-12 20:03 - 2009-07-13 22:51 - 00137724 _____ () C:\Windows\setupact.log
2014-11-12 19:24 - 2009-07-13 22:45 - 00401464 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 19:22 - 2014-05-06 21:36 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-11 21:34 - 2010-03-03 21:11 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-11 21:30 - 2013-08-14 20:59 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-11 21:29 - 2010-03-07 11:00 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-11 19:58 - 2012-07-17 16:52 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-11 19:58 - 2012-04-19 16:19 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-11 19:58 - 2011-05-16 17:49 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-09 16:55 - 2011-10-30 14:47 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-11-09 16:55 - 2010-03-11 21:29 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-11-08 10:13 - 2013-08-11 15:51 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJudy
2014-11-08 10:13 - 2013-08-11 15:51 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForJudy.job
2014-11-07 17:05 - 2014-01-15 17:41 - 00001722 _____ () C:\Users\Judy\Desktop\Amazon Cloud Player.lnk
2014-11-05 21:53 - 2010-03-03 22:10 - 00000000 ____D () C:\Users\Judy\Documents\Quicken
2014-11-05 21:52 - 2009-07-13 20:34 - 00000463 _____ () C:\Windows\win.ini
2014-11-05 21:44 - 2009-07-13 23:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-11-03 17:12 - 2010-03-03 19:55 - 00000000 ____D () C:\Users\Judy
2014-10-31 18:36 - 2010-03-20 17:51 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-30 19:26 - 2010-03-03 21:42 - 00000000 ____D () C:\Users\Public\Documents\WordPerfect Office
2014-10-30 19:12 - 2010-06-23 19:24 - 00000000 ____D () C:\Users\Judy\Documents\My Scans
2014-10-30 19:12 - 2010-03-03 23:01 - 00000000 ____D () C:\Users\Judy\Documents\Chats
2014-10-30 19:09 - 2009-11-16 14:01 - 00000000 ____D () C:\ProgramData\WildTangent
2014-10-30 19:06 - 2010-03-03 22:07 - 00000000 ____D () C:\ProgramData\Intuit
2014-10-30 19:05 - 2010-03-03 21:43 - 00000000 ____D () C:\ProgramData\Corel
2014-10-30 19:05 - 2009-11-16 13:47 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-10-28 05:34 - 2010-03-03 20:08 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-19 14:53 - 2013-06-28 16:44 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-10-17 16:48 - 2010-03-20 18:31 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-17 16:48 - 2010-03-20 18:31 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-16 20:18 - 2012-10-29 20:07 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-10-16 20:17 - 2014-09-11 19:49 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

Some content of TEMP:
====================
C:\Users\Judy\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-06 19:55

==================== End Of Log ============================

 

And here's the Addition log:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-11-2014
Ran by Judy at 2014-11-12 21:00:14
Running from C:\Users\Judy\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Activate Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.1.20.0 - Symantec)
Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0.1 - Microsoft Corporation) Hidden
Adobe Acrobat 4.0 (HKLM-x32\...\Adobe Acrobat 4.0) (Version: 4.0 - Adobe Systems, Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Amazon Cloud Player (HKU\S-1-5-21-977744973-2552835015-2244764293-1001\...\Amazon Amazon Cloud Player) (Version: 2.2.0.399 - Amazon Services LLC)
AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
C4600 (x32 Version: 130.0.425.000 - Hewlett-Packard) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Corel WordPerfect Office - iFilter 64 Bit (HKLM\...\{1B45B85C-99E8-4523-8FB3-0248B3DECFC8}) (Version: 1.01.000 - Corel Corporation)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Family Tree Maker Version 16 (HKLM-x32\...\{2B59AB31-EBD0-45E4-A725-7112904DA605}) (Version:  - )
FTMVistaUpdater (HKLM-x32\...\{EE295D30-A10C-44F6-B14C-05E0D99429E4}) (Version: 1.0.0 - Family Tree Maker)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5434.08 - PC-Doctor, Inc.)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Homepage Protection (HKLM-x32\...\Homepage Protection) (Version:  - AOL Products)
HP Advisor (HKLM-x32\...\{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}) (Version: 3.2.8946.3086 - Hewlett-Packard)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP MediaSmart Demo (HKLM-x32\...\{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}) (Version: 1.00.0000 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.0.3123 - Hewlett-Packard)
HP MediaSmart Movie Themes (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.0.3102 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.0.3228 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{26280024-DFB7-4967-90DB-7F9C6660D01E}) (Version: 3.0.28.2 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Photosmart C4600 All-In-One Driver Software 13.0 Rel .5 (HKLM\...\{44C81D1A-0520-49BB-B510-98B8DD414EA1}) (Version: 13.0 - HP)
HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.9.0 - TopSeed)
HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
hpPrintProjects (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1901 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1901 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{DD6C316A-FE75-4FBB-9D22-4C1920232B72}) (Version: 1.18.5.1 - LightScribe)
Lotus NotesSQL 2.06 driver (HKLM-x32\...\Lotus NotesSQL 2.06 driver) (Version:  - )
Lotus SmartSuite - English (HKLM-x32\...\{536D6172-7453-7569-7465-392E36300409}) (Version:  - Lotus Development Corporation)
LSI PCI-SV92EX Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.96 - LSI Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.560.0 - Microsoft Live Search Toolbar)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.19 - Hewlett-Packard Company)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3101 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3101 - CyberLink Corp.) Hidden
PowerRecover (x32 Version: 5.5.1923 - CyberLink Corp.) Hidden
PS_AIO_05_C4600_Software_Min (x32 Version: 130.0.425.000 - Hewlett-Packard) Hidden
Quicken 2009 (HKLM-x32\...\{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}) (Version: 18.1.1.29 - Intuit)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5882 - Realtek Semiconductor Corp.)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
ShopAtHome.com Helper (HKLM-x32\...\ShopAtHome.com Helper) (Version: 7.0.1.0 - ShopAtHome.com) <==== ATTENTION
ShopAtHome.com Toolbar (HKLM-x32\...\ShopAtHome.com Toolbar) (Version: 7.0.1.0 - ShopAtHome.com) <==== ATTENTION
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
vShare Plugin (HKLM-x32\...\vShare) (Version:  - )
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
WordPerfect Office X4 - Common (x32 Version: 14.2 - Corel Corporation) Hidden
WordPerfect Office X4 - Content (x32 Version: 14.2 - Corel Corporation) Hidden
WordPerfect Office X4 - EN (x32 Version: 14.2 - Corel Corporation) Hidden
WordPerfect Office X4 - Filters (x32 Version: 14.2 - Corel Corporation) Hidden
WordPerfect Office X4 - Graphics (x32 Version: 14.2 - Corel Corporation) Hidden
WordPerfect Office X4 - ICA (x32 Version: 14.1 - Corel Corporation) Hidden
WordPerfect Office X4 - IPM (x32 Version: 14.2 - Corel Corporation) Hidden
WordPerfect Office X4 - IPM EN (x32 Version: 14.2 - Corel Corporation) Hidden
WordPerfect Office X4 - Migration Manager (x32 Version: 14.2 - Corel Corporation) Hidden
WordPerfect Office X4 - PerfectExperts (x32 Version: 14.2 - Corel Corporation) Hidden
WordPerfect Office X4 - PR (x32 Version: 14.2 - Corel Corporation) Hidden
WordPerfect Office X4 - QP (x32 Version: 14.2 - Corel Corporation) Hidden
WordPerfect Office X4 - Skins (x32 Version: 14.2 - Corel Corporation) Hidden
WordPerfect Office X4 - System (x32 Version: 14.1 - Corel Corporation) Hidden
WordPerfect Office X4 - WP (x32 Version: 14.2 - Corel Corporation) Hidden
WordPerfect Office X4 (HKLM-x32\...\_{DCDAB2ED-5741-4C30-A1A4-0FCB8A529001}) (Version:  - Corel Corporation)
WordPerfect Office X4 (x32 Version: 14.2 - Corel Corporation) Hidden
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

05-11-2014 02:22:25 Windows Update
05-11-2014 03:03:58 Windows Update
05-11-2014 23:26:39 Windows Update
06-11-2014 04:03:01 Windows Update
07-11-2014 04:09:32 Windows Update
08-11-2014 03:48:16 Windows Update
09-11-2014 01:15:58 Windows Update
09-11-2014 03:56:17 Windows Update
09-11-2014 15:07:53 Windows Update
10-11-2014 04:01:55 Windows Update
11-11-2014 02:13:25 zoek.exe restore point
11-11-2014 04:16:44 Windows Update
12-11-2014 03:27:30 Windows Update
13-11-2014 02:01:30 Malwarebytes Anti-Rootkit Restore Point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2014-11-06 18:18 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0672DEFE-74BA-494F-9CA2-72D171249F25} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {0B4F020C-52E7-40FD-AC81-5003B91BF25D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-11] (Adobe Systems Incorporated)
Task: {18F8862C-FEBA-4A0C-97E5-5230C757E0B2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)
Task: {2119B64A-09CF-4572-BD17-CF47BDBDCA74} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)
Task: {38D4DAB2-0242-49F1-A716-6FAB7BA7DA5D} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-08-28] (CyberLink)
Task: {4B1DCDBC-98CC-4F0A-91C1-E845F550249C} - System32\Tasks\{3540FD7D-3018-41E8-B012-DF863E500D9A} => C:\Program Files (x86)\iTunes\iTunes.exe [2014-10-15] (Apple Inc.)
Task: {5DA47784-7A6C-4F51-9254-49D51AD6427A} - System32\Tasks\HPCeeScheduleForJudy => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {6D72B306-36DC-4F4C-9922-6697D853C49F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {836795DB-DE31-4CBA-B5D6-3625A5AC722F} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP TCS\RemEngine.exe [2009-07-08] ()
Task: {8E9DFDA8-6ED9-430C-8C7A-D6F376F9F83D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {9586D627-7619-44C6-B39E-A6D4D5E4E1B9} - System32\Tasks\Security Center Update - 1007410844 => C:\Users\Judy\AppData\Roaming\Viarorhy\ulcyive.exe <==== ATTENTION
Task: {9A20EE7D-92EB-4FF0-898E-CB707476189D} - System32\Tasks\{CE9EBBCB-828A-A04A-D80F-4FE91FD4B1E3} => C:\Users\Judy\AppData\Roaming\gxujio.dll/s "C:\Users\Judy\AppData\Roaming\gxujio.dll" <==== ATTENTION
Task: {A5EE824D-A41F-4027-9349-8E61AB0AFDB1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)
Task: {BDB48A92-CB95-4092-8559-1C7F8AE787F2} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [2009-07-23] (CyberLink Corp.)
Task: {C3FBFB0D-5F17-495C-A91A-1F97BA7CCD80} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-07-02] (PC-Doctor, Inc.)
Task: {E6D7AAD9-1170-4831-A471-59EBBBB4A976} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForJudy.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe

==================== Loaded Modules (whitelisted) =============

2009-07-08 16:35 - 2009-07-08 16:35 - 00610360 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2009-05-26 02:36 - 2009-05-26 02:36 - 00656896 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
1998-08-28 17:42 - 1998-08-28 17:42 - 00138752 _____ () C:\Lotus\organize\ormprot.dll
1998-08-28 17:42 - 1998-08-28 17:42 - 00220160 _____ () C:\Lotus\organize\ormutil.dll
1998-08-28 17:42 - 1998-08-28 17:42 - 00153088 _____ () C:\Lotus\organize\ormmime.dll
2009-08-28 14:52 - 2009-08-28 14:52 - 00931112 ____N () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-977744973-2552835015-2244764293-500 - Administrator - Disabled)
Guest (S-1-5-21-977744973-2552835015-2244764293-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-977744973-2552835015-2244764293-1002 - Limited - Enabled)
Judy (S-1-5-21-977744973-2552835015-2244764293-1001 - Administrator - Enabled) => C:\Users\Judy

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/11/2014 09:32:53 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Works - Update 'Security Update for Microsoft Works 9 (KB2754670)' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127

Error: (11/11/2014 09:32:53 PM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Microsoft Works -- Error 1606.Could not access network location %APPDATA%\.

Error: (11/11/2014 09:32:53 PM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Microsoft Works -- Error 1606.Could not access network location %APPDATA%\.

Error: (11/11/2014 08:13:28 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (11/10/2014 10:21:24 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Works - Update 'Security Update for Microsoft Works 9 (KB2754670)' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127

Error: (11/10/2014 10:21:24 PM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Microsoft Works -- Error 1606.Could not access network location %APPDATA%\.

Error: (11/10/2014 10:21:24 PM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Microsoft Works -- Error 1606.Could not access network location %APPDATA%\.

Error: (11/10/2014 10:11:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bcb52
Faulting module name: jscript9.dll, version: 11.0.9600.17344, time stamp: 0x541b85e6
Exception code: 0xc0000005
Fault offset: 0x000d0821
Faulting process id: 0x27a0
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

System errors:
=============
Error: (11/11/2014 09:32:53 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Works 9 (KB2754670).

Error: (11/11/2014 08:38:01 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\System32\drivers\TrueSight.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (11/11/2014 08:35:21 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/10/2014 10:21:25 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Works 9 (KB2754670).

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU E5300 @ 2.60GHz
Percentage of memory in use: 39%
Total physical RAM: 4085.18 MB
Available physical RAM: 2482.82 MB
Total Pagefile: 8168.54 MB
Available Pagefile: 6530.09 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:584.24 GB) (Free:511.54 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.83 GB) (Free:2.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive h: () (Removable) (Total:0.24 GB) (Free:0.2 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 62C848B8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=584.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.8 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 244 MB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

 

What's next?


  • 0

#29
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

When Malwarebytes indicated that it found Malware, did you press the Clean Up button?

 

If so, then then perform Plan "A" if not, please re-run and select Clean Up and then post a fresh FRST64 scan.

 

Plan "A"

 

 

FRST.gif Fix with Farbar Recovery Scan Tool


 

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

Press the WindowsKey.png + R on your keyboard at the same time. Type Notepad and click OK.

Copy the entire content of the codebox below and paste into the Notepad document:
 

HKLM Group Policy restriction on software: C:\Program Files (x86)\Symantec <====== ATTENTION

HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION

HKLM Group Policy restriction on software: C:\Program Files (x86)\Symantec <====== ATTENTION

HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION

Toolbar: HKU\S-1-5-21-977744973-2552835015-2244764293-1001 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM-x32 - DefaultScope value is missing.

SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =

ShopAtHome.com Helper (HKLM-x32\...\ShopAtHome.com Helper) (Version: 7.0.1.0 - ShopAtHome.com) <==== ATTENTION

ShopAtHome.com Toolbar (HKLM-x32\...\ShopAtHome.com Toolbar) (Version: 7.0.1.0 - ShopAtHome.com) <==== ATTENTION

2014-10-30 19:26 - 2014-10-30 19:26 - 00008538 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.HTML 

2014-10-30 19:26 - 2014-10-30 19:26 - 00004210 _____ () C:\Users\Public\Documents\DECRYPT_INSTRUCTION.TXT 

2014-10-30 19:26 - 2014-10-30 19:26 - 00004210 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.TXT 

2014-10-30 19:26 - 2014-10-30 19:26 - 00004210 _____ () C:\Users\Judy\DECRYPT_INSTRUCTION.TXT 

2014-10-30 19:26 - 2014-10-30 19:26 - 00000274 _____ () C:\Users\Public\INSTALL_TOR.URL 

2014-10-30 19:12 - 2014-10-30 19:12 - 00008538 _____ () C:\Users\Judy\Downloads\DECRYPT_INSTRUCTION.HTML 

2014-10-30 19:12 - 2014-10-30 19:12 - 00004210 _____ () C:\Users\Judy\Downloads\DECRYPT_INSTRUCTION.TXT 

2014-10-30 19:12 - 2014-10-30 19:12 - 00004210 _____ () C:\Users\Judy\Documents\DECRYPT_INSTRUCTION.TXT 

2014-10-30 19:12 - 2014-10-30 19:12 - 00000274 _____ () C:\Users\Judy\Downloads\INSTALL_TOR.URL 

2014-10-30 19:11 - 2014-10-30 19:11 - 00008538 _____ () C:\Users\Judy\AppData\DECRYPT_INSTRUCTION.HTML 

2014-10-30 19:11 - 2014-10-30 19:11 - 00004210 _____ () C:\Users\Judy\AppData\Roaming\DECRYPT_INSTRUCTION.TXT 

2014-10-30 19:11 - 2014-10-30 19:11 - 00004210 _____ () C:\Users\Judy\AppData\Local\DECRYPT_INSTRUCTION.TXT 

2014-10-30 19:11 - 2014-10-30 19:11 - 00004210 _____ () C:\Users\Judy\AppData\DECRYPT_INSTRUCTION.TXT 

2014-10-30 19:11 - 2014-10-30 19:11 - 00000274 _____ () C:\Users\Judy\AppData\INSTALL_TOR.URL 

2014-10-30 19:09 - 2014-10-30 19:09 - 00004210 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT 

2014-10-28 19:09 - 2014-11-04 17:29 - 00087200 _____ () C:\ProgramData\wrnhoah.tmp

2014-10-28 19:08 - 2014-10-28 19:08 - 00000448 ____H () C:\Users\Judy\AppData\Roaming\麽鎒駓覜

2014-10-16 20:17 - 2014-09-11 19:49 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

Task: {9586D627-7619-44C6-B39E-A6D4D5E4E1B9} - System32\Tasks\Security Center Update - 1007410844 => C:\Users\Judy\AppData\Roaming\Viarorhy\ulcyive.exe <==== ATTENTION

Task: {9A20EE7D-92EB-4FF0-898E-CB707476189D} - System32\Tasks\{CE9EBBCB-828A-A04A-D80F-4FE91FD4B1E3} => C:\Users\Judy\AppData\Roaming\gxujio.dll/s "C:\Users\Judy\AppData\Roaming\gxujio.dll" <==== ATTENTION
Emptytemp:
 
  • Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

 

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.

 

Do not Reboot

 

 

I. Re-enable downloads in Internet Explorer

  1. Close all Internet Explorer windows.
  2. Press the Windows key 23x20xwindows_key_icon.jpg.pagespeed.ic. + R.
  3. Type inetcpl.cpl into the Open field and click OK. This will open Internet Properties (otherwise known as Internet Options).

    428x227xSOLN3587Fig1-1.png.pagespeed.ic.

    Figure 1-1

  4. Click the Security tab 10x9xicon-rarr_10x9.png.pagespeed.ic.VgdReset all zones to default level.

    438x556xSOLN3587Fig1-2.png.pagespeed.ic.

    Figure 1-2

  5. When you are finished, click OK to save your changes.

II. Remove Poweliks using the removal tool

  1. Right-click the link below, select Save target as (or Save link as in Mozilla Firefox) from the context menu and then select your Desktop as the save destination.
  2. When the download is complete, navigate to your Desktop, double-click ESETPoweliksCleaner.exe.
  3. Read the terms of the End-user license agreement and click Agree if you agree to them.
  4. The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.

640x327xSOLN3587FIG2-1.png.pagespeed.ic.

Figure 2-1

  1. If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed. Press any key to exit the tool.

640x327xSOLN3587FIG2-2.png.pagespeed.ic.

Figure 2-2

  1. After removing an infection we highly recommend that you restart your computer.

  • 0

#30
JudyDB

JudyDB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

Hi,

I had used the Clean up button last night.  Sorry I didn't mention that.

Tonight I think things are even cleaner :D 

Here's the fix log and I'm sending the ESET log too, just in case you need it.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-11-2014 02
Ran by Judy at 2014-11-13 20:12:56 Run:1
Running from C:\Users\Judy\Downloads
Loaded Profile: Judy (Available profiles: Judy)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM Group Policy restriction on software: C:\Program Files (x86)\Symantec <====== ATTENTION

HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION

HKLM Group Policy restriction on software: C:\Program Files (x86)\Symantec <====== ATTENTION

HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION

Toolbar: HKU\S-1-5-21-977744973-2552835015-2244764293-1001 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM-x32 - DefaultScope value is missing.

SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =

ShopAtHome.com Helper (HKLM-x32\...\ShopAtHome.com Helper) (Version: 7.0.1.0 - ShopAtHome.com) <==== ATTENTION

ShopAtHome.com Toolbar (HKLM-x32\...\ShopAtHome.com Toolbar) (Version: 7.0.1.0 - ShopAtHome.com) <==== ATTENTION

2014-10-30 19:26 - 2014-10-30 19:26 - 00008538 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.HTML

2014-10-30 19:26 - 2014-10-30 19:26 - 00004210 _____ () C:\Users\Public\Documents\DECRYPT_INSTRUCTION.TXT

2014-10-30 19:26 - 2014-10-30 19:26 - 00004210 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.TXT

2014-10-30 19:26 - 2014-10-30 19:26 - 00004210 _____ () C:\Users\Judy\DECRYPT_INSTRUCTION.TXT

2014-10-30 19:26 - 2014-10-30 19:26 - 00000274 _____ () C:\Users\Public\INSTALL_TOR.URL

2014-10-30 19:12 - 2014-10-30 19:12 - 00008538 _____ () C:\Users\Judy\Downloads\DECRYPT_INSTRUCTION.HTML

2014-10-30 19:12 - 2014-10-30 19:12 - 00004210 _____ () C:\Users\Judy\Downloads\DECRYPT_INSTRUCTION.TXT

2014-10-30 19:12 - 2014-10-30 19:12 - 00004210 _____ () C:\Users\Judy\Documents\DECRYPT_INSTRUCTION.TXT

2014-10-30 19:12 - 2014-10-30 19:12 - 00000274 _____ () C:\Users\Judy\Downloads\INSTALL_TOR.URL

2014-10-30 19:11 - 2014-10-30 19:11 - 00008538 _____ () C:\Users\Judy\AppData\DECRYPT_INSTRUCTION.HTML

2014-10-30 19:11 - 2014-10-30 19:11 - 00004210 _____ () C:\Users\Judy\AppData\Roaming\DECRYPT_INSTRUCTION.TXT

2014-10-30 19:11 - 2014-10-30 19:11 - 00004210 _____ () C:\Users\Judy\AppData\Local\DECRYPT_INSTRUCTION.TXT

2014-10-30 19:11 - 2014-10-30 19:11 - 00004210 _____ () C:\Users\Judy\AppData\DECRYPT_INSTRUCTION.TXT

2014-10-30 19:11 - 2014-10-30 19:11 - 00000274 _____ () C:\Users\Judy\AppData\INSTALL_TOR.URL

2014-10-30 19:09 - 2014-10-30 19:09 - 00004210 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT

2014-10-28 19:09 - 2014-11-04 17:29 - 00087200 _____ () C:\ProgramData\wrnhoah.tmp

2014-10-28 19:08 - 2014-10-28 19:08 - 00000448 ____H () C:\Users\Judy\AppData\Roaming\麽鎒駓覜

2014-10-16 20:17 - 2014-09-11 19:49 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

Task: {9586D627-7619-44C6-B39E-A6D4D5E4E1B9} - System32\Tasks\Security Center Update - 1007410844 => C:\Users\Judy\AppData\Roaming\Viarorhy\ulcyive.exe <==== ATTENTION

Task: {9A20EE7D-92EB-4FF0-898E-CB707476189D} - System32\Tasks\{CE9EBBCB-828A-A04A-D80F-4FE91FD4B1E3} => C:\Users\Judy\AppData\Roaming\gxujio.dll/s "C:\Users\Judy\AppData\Roaming\gxujio.dll" <==== ATTENTION
Emptytemp:

*****************

HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKU\S-1-5-21-977744973-2552835015-2244764293-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => value deleted successfully.
"HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
"HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key not found.
ShopAtHome.com Helper (HKLM-x32\...\ShopAtHome.com Helper) (Version: 7.0.1.0 - ShopAtHome.com) <==== ATTENTION => Error: No automatic fix found for this entry.
ShopAtHome.com Toolbar (HKLM-x32\...\ShopAtHome.com Toolbar) (Version: 7.0.1.0 - ShopAtHome.com) <==== ATTENTION => Error: No automatic fix found for this entry.
C:\Users\Public\DECRYPT_INSTRUCTION.HTML => Moved successfully.
"C:\Users\Public\Documents\DECRYPT_INSTRUCTION.TXT" => File/Directory not found.
C:\Users\Public\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Judy\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Public\INSTALL_TOR.URL => Moved successfully.
"C:\Users\Judy\Downloads\DECRYPT_INSTRUCTION.HTML" => File/Directory not found.
"C:\Users\Judy\Downloads\DECRYPT_INSTRUCTION.TXT" => File/Directory not found.
"C:\Users\Judy\Documents\DECRYPT_INSTRUCTION.TXT" => File/Directory not found.
C:\Users\Judy\Downloads\INSTALL_TOR.URL => Moved successfully.
C:\Users\Judy\AppData\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\Judy\AppData\Roaming\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Judy\AppData\Local\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Judy\AppData\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Judy\AppData\INSTALL_TOR.URL => Moved successfully.
C:\ProgramData\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\ProgramData\wrnhoah.tmp => Moved successfully.
C:\Users\Judy\AppData\Roaming\麽鎒駓覜 => Moved successfully.
C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9586D627-7619-44C6-B39E-A6D4D5E4E1B9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9586D627-7619-44C6-B39E-A6D4D5E4E1B9}" => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 1007410844 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 1007410844" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9A20EE7D-92EB-4FF0-898E-CB707476189D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A20EE7D-92EB-4FF0-898E-CB707476189D}" => Key deleted successfully.
C:\Windows\System32\Tasks\{CE9EBBCB-828A-A04A-D80F-4FE91FD4B1E3} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CE9EBBCB-828A-A04A-D80F-4FE91FD4B1E3}" => Key deleted successfully.
EmptyTemp: => Removed 17.6 MB temporary data.

The system needed a reboot.

==== End of Fixlog ====

 

 

ESET log:

 

[2014.11.13 20:33:55.514] - Begin
[2014.11.13 20:33:55.514] -
[2014.11.13 20:33:55.514] -     ....................................
[2014.11.13 20:33:55.514] -   ..::::::::::::::::::....................
[2014.11.13 20:33:55.514] -   .::EEEEEE:::SSSSSS::..EEEEEE..TTTTTTTT..    Win32/Poweliks
[2014.11.13 20:33:55.514] -  .::EE::::EE:SS:::::::.EE....EE....TT......   Version: 1.0.0.1
[2014.11.13 20:33:55.514] -  .::EEEEEEEE::SSSSSS::.EEEEEEEE....TT......   Built: Oct 15 2014
[2014.11.13 20:33:55.530] -  .::EE:::::::::::::SS:.EE..........TT......
[2014.11.13 20:33:55.530] -   .::EEEEEE:::SSSSSS::..EEEEEE.....TT.....    Copyright © ESET, spol. s r.o.
[2014.11.13 20:33:55.530] -   ..::::::::::::::::::....................    1992-2013. All rights reserved.
[2014.11.13 20:33:55.530] -     ....................................
[2014.11.13 20:33:55.530] -
[2014.11.13 20:33:55.530] - --------------------------------------------------------------------------------
[2014.11.13 20:33:55.530] -
[2014.11.13 20:33:55.530] - INFO: OS: 6.1.7601 SP1
[2014.11.13 20:33:55.530] - INFO: Product Type: Workstation
[2014.11.13 20:33:55.530] - INFO: WoW64: True
[2014.11.13 20:33:55.530] - INFO: Machine guid: 285388AA-6FF9-42D7-8B42-F690E58FD516
[2014.11.13 20:33:55.530] -
[2014.11.13 20:35:19.006] - INFO: Scanning for system infection...
[2014.11.13 20:35:19.006] - --------------------------------------------------------------------------------
[2014.11.13 20:35:19.006] -
[2014.11.13 20:35:19.006] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]...
[2014.11.13 20:35:19.006] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]...
[2014.11.13 20:35:19.006] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce]...
[2014.11.13 20:35:19.006] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce]...
[2014.11.13 20:35:19.006] - INFO: Processing classes...
[2014.11.13 20:35:19.006] - INFO: Processing clsid [\Registry\User\S-1-5-21-977744973-2552835015-2244764293-1001\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]
[2014.11.13 20:35:19.021] - WARNING: Found suspicous classid [\Registry\User\S-1-5-21-977744973-2552835015-2244764293-1001\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]
[2014.11.13 20:35:19.021] - INFO: Processing [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.13 20:35:19.021] - INFO: Processing value [] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.11.13 20:35:19.021] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.13 20:35:19.021] - INFO: Processing invalid values in [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.13 20:35:19.021] - INFO: Processing value [] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.11.13 20:35:19.021] - INFO: Processing value [ServerExecutable] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.11.13 20:35:19.021] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.13 20:35:19.021] - INFO: Processing value [ServerExecutable] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.13 20:35:19.021] - INFO: Processing invalid subkeys in [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.13 20:35:19.021] - INFO: Processing [HKLM\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]...
[2014.11.13 20:35:19.021] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]
[2014.11.13 20:35:19.021] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]
[2014.11.13 20:35:19.021] - INFO: Win32/Poweliks found
[2014.11.13 20:35:40.347] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]...
[2014.11.13 20:35:40.347] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]...
[2014.11.13 20:35:40.347] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce]...
[2014.11.13 20:35:40.347] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce]...
[2014.11.13 20:35:40.347] - INFO: Processing classes...
[2014.11.13 20:35:40.347] - INFO: Processing clsid [\Registry\User\S-1-5-21-977744973-2552835015-2244764293-1001\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]
[2014.11.13 20:35:40.347] - INFO: Deleted classid [\Registry\User\S-1-5-21-977744973-2552835015-2244764293-1001\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]
[2014.11.13 20:35:40.347] - INFO: Processing [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.13 20:35:40.347] - INFO: Processing value [] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.11.13 20:35:40.347] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.13 20:35:40.347] - INFO: Processing invalid values in [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.13 20:35:40.347] - INFO: Processing value [] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.11.13 20:35:40.347] - INFO: Processing value [ServerExecutable] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.11.13 20:35:40.347] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.13 20:35:40.347] - INFO: Processing value [ServerExecutable] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.13 20:35:40.347] - INFO: Processing invalid subkeys in [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.13 20:35:40.347] - INFO: Processing [HKLM\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]...
[2014.11.13 20:35:40.347] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]
[2014.11.13 20:35:40.347] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]
[2014.11.13 20:35:40.347] - INFO: Cleaning status: 0
[2014.11.13 20:35:44.637] - End

 

 

What's next?
 


  • 0






Similar Topics


Also tagged with one or more of these keywords: dllhost.exe*32, chrome*32, decrypt instruction

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP