Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Dllhost.exe help needed


  • This topic is locked This topic is locked
25 replies to this topic

#1 Akornn

Akornn

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 12 November 2014 - 11:13 PM

After installing Malwarebytes (PAID) the workstation keep reporting that it "Successfully blocked access to a potantially malicious website"
The type is Outgoing. 
The port number is changing.
The process is always dllhost.exe
 
This all started after a Encription attack on one workstation, that also found the network drive share to the server. All the files on the server have been restored and the user's files are not needed to I will just delete the encripted files.  
 
Malwarebytes found and removed virus on this system. However the workstation is still trying to connect to the outside website. and I need help stop this process.
 
This outgoing connection happens every other second.
 
I have ran DDS, Powelikscleaner, and FRST. See attached log files.
 
*************** Malwarebytes LOG****************
2014/11/12 22:11:37 -0500 KIM-PC kim IP-BLOCK 31.184.192.177 (Type: outgoing, Port: 51772, Process: dllhost.exe)
2014/11/12 22:12:25 -0500 KIM-PC kim IP-BLOCK 31.184.192.177 (Type: outgoing, Port: 51882, Process: dllhost.exe)
2014/11/12 22:12:25 -0500 KIM-PC kim IP-BLOCK 31.184.192.177 (Type: outgoing, Port: 51883, Process: dllhost.exe)
2014/11/12 22:12:25 -0500 KIM-PC kim IP-BLOCK 31.184.192.80 (Type: outgoing, Port: 51885, Process: dllhost.exe)
2014/11/12 22:12:25 -0500 KIM-PC kim IP-BLOCK 31.184.192.80 (Type: outgoing, Port: 51884, Process: dllhost.exe)
2014/11/12 22:12:25 -0500 KIM-PC kim IP-BLOCK 31.184.192.80 (Type: outgoing, Port: 51886, Process: dllhost.exe)
2014/11/12 22:12:25 -0500 KIM-PC kim IP-BLOCK 31.184.192.80 (Type: outgoing, Port: 51887, Process: dllhost.exe)
2014/11/12 22:12:33 -0500 KIM-PC kim IP-BLOCK 31.184.192.80 (Type: outgoing, Port: 51889, Process: dllhost.exe)
2014/11/12 22:12:33 -0500 KIM-PC kim IP-BLOCK 31.184.192.80 (Type: outgoing, Port: 51892, Process: dllhost.exe)
2014/11/12 22:12:33 -0500 KIM-PC kim IP-BLOCK 31.184.192.80 (Type: outgoing, Port: 51893, Process: dllhost.exe)
2014/11/12 22:12:33 -0500 KIM-PC kim IP-BLOCK 31.184.192.80 (Type: outgoing, Port: 51895, Process: dllhost.exe)
2014/11/12 22:12:33 -0500 KIM-PC kim IP-BLOCK 31.184.192.177 (Type: outgoing, Port: 51896, Process: dllhost.exe)
2014/11/12 22:12:33 -0500 KIM-PC kim IP-BLOCK 31.184.192.80 (Type: outgoing, Port: 51897, Process: dllhost.exe)
2014/11/12 22:12:34 -0500 KIM-PC kim IP-BLOCK 31.184.192.80 (Type: outgoing, Port: 51899, Process: dllhost.exe)
2014/11/12 22:12:34 -0500 KIM-PC kim IP-BLOCK 31.184.192.177 (Type: outgoing, Port: 51900, Process: dllhost.exe)
2014/11/12 22:12:34 -0500 KIM-PC kim IP-BLOCK 31.184.192.80 (Type: outgoing, Port: 51901, Process: dllhost.exe)
2014/11/12 22:12:34 -0500 KIM-PC kim IP-BLOCK 31.184.192.177 (Type: outgoing, Port: 51902, Process: dllhost.exe)
2014/11/12 22:12:34 -0500 KIM-PC kim IP-BLOCK 31.184.192.80 (Type: outgoing, Port: 51904, Process: dllhost.exe)
2014/11/12 22:12:42 -0500 KIM-PC kim IP-BLOCK 31.184.192.80 (Type: outgoing, Port: 51906, Process: dllhost.exe)
**************** END *********************


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-11-2014
Ran by kim (administrator) on KIM-PC on 12-11-2014 22:36:40
Running from E:\My Tools\Bleepingcomputer\FarBar
Loaded Profile: kim (Available profiles: kim & KIM)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NetSupport Ltd) C:\Program Files\NetSupport\NetSupport Manager\client32.exe
(Kenonic Controls Ltd.) C:\Windows\System32\Crypserv.exe
(HP) C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NetSupport Ltd) C:\Program Files\NetSupport\NetSupport Manager\client32.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files\Pervasive\bin\w3dbsmgr.exe
(www.shadowexplorer.com) C:\Program Files\ShadowExplorer\sesvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Hewlett-Packard Company) C:\Program Files\HP\HP Color LaserJet CM2320 MFP Series\hppfaxprintersrv.exe
() C:\UPS\WSTD\UPSNA1Msgr.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(HP) C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HP Color LaserJet CM2320 MFP Series Fax] => C:\Program Files\HP\HP Color LaserJet CM2320 MFP Series\hppfaxprintersrv.exe [2453504 2009-09-22] (Hewlett-Packard Company)
HKLM\...\Run: [HPUsageTracking] => C:\Program Files\HP\HP UT\bin\hppusg.exe [24576 2009-05-11] (Hewlett-Packard Company)
HKLM\...\Run: [TeletracFDC_Update] => C:\Program Files\Teletrac\Fleet Director Client\FdcAutoUpdate.exe [77824 2006-09-13] (Teletrac Inc)
HKLM\...\Run: [NA1Messenger] => C:\UPS\WSTD\UPSNA1Msgr.exe [24576 2009-12-01] ()
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [ToolBoxFX] => C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe [53248 2009-10-22] (HP)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKU\S-1-5-21-2407052180-3221251107-2235898140-1150\...\Run: [HP Officejet 6600 (NET)] => C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2407052180-3221251107-2235898140-1150\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-01-21] (Google Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2407052180-3221251107-2235898140-1150\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM - {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query={searchTerms}&invocationType=tb50trie7
SearchScopes: HKCU - {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL =
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E4124BA9-9CDA-4954-893E-CB7A035CA0BC} http://192.168.1.180:8080/CVVideoControl2.dll
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
Winsock: Catalog9 01 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 02 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 03 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 04 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 23 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4 192.168.1.211
Tcpip\..\Interfaces\{3ABAC8D1-3F0F-4FB6-8E1F-A7BDB9F199AA}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\KIM.DDI\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\KIM.DDI\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-12]
CHR Extension: (Google Drive) - C:\Users\KIM.DDI\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-12]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\KIM.DDI\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-28]
CHR Extension: (YouTube) - C:\Users\KIM.DDI\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-12]
CHR Extension: (Google Search) - C:\Users\KIM.DDI\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-12]
CHR Extension: (Google Wallet) - C:\Users\KIM.DDI\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-28]
CHR Extension: (Gmail) - C:\Users\KIM.DDI\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-12]
CHR StartMenuInternet: Google Chrome - C:\Users\KIM.DDI\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Client32; C:\Program Files\NetSupport\NetSupport Manager\client32.exe [120864 2012-10-03] (NetSupport Ltd)
R2 Crypkey License; C:\Windows\system32\crypserv.exe [52224 2000-06-29] (Kenonic Controls Ltd.) [File not signed]
R2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [136192 2009-06-01] (HP) [File not signed]
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2009-05-14] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2009-05-14] (Hewlett-Packard) [File not signed]
R2 psqlWGE; C:\Program Files\Pervasive\bin\w3dbsmgr.exe [455968 2008-08-18] ()
R2 sesvc; C:\Program Files\ShadowExplorer\sesvc.exe [9216 2013-01-02] (www.shadowexplorer.com) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 gdihook5; C:\Windows\System32\DRIVERS\gdihook5.sys [68576 2011-08-17] (NetSupport Ltd)
R2 Haspnt; C:\Windows\system32\drivers\Haspnt.sys [47616 2010-01-21] (Aladdin Knowledge Systems) [File not signed]
S2 HIT_PARA; C:\Windows\system32\Drivers\HIT_PARA.sys [8204 2000-07-23] () [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R1 NetworkX; C:\Windows\system32\ckldrv.sys [24608 2000-02-03] () [File not signed]
R3 nskbfltr; C:\Windows\system32\drivers\nskbfltr.sys [14336 2012-05-01] (Windows ® Codename Longhorn DDK provider) [File not signed]
R1 PCISys; C:\Windows\System32\drivers\pcisys.sys [41376 2012-08-24] (NetSupport Ltd)
S3 catchme; \??\C:\Users\ADMINI~1.DDI\AppData\Local\Temp\catchme.sys [X]
U3 mbr; \??\C:\Users\KIM.DDI\AppData\Local\Temp\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-12 22:33 - 2014-11-12 22:33 - 00008994 _____ () C:\Users\KIM.DDI\Desktop\attach.txt
2014-11-12 22:33 - 2014-11-12 22:32 - 00014165 _____ () C:\Users\KIM.DDI\Desktop\dds.txt
2014-11-12 21:23 - 2014-11-12 22:36 - 00000000 ____D () C:\FRST
2014-11-12 20:22 - 2014-11-12 20:22 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-11-12 17:01 - 2014-11-12 17:01 - 00111702 _____ () C:\Users\KIM.DDI\Documents\cc_20141112_170105.reg
2014-11-12 16:44 - 2014-11-12 16:44 - 00001073 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-12 16:44 - 2014-11-12 16:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-11-12 16:44 - 2014-11-12 16:44 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-11-12 16:44 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-12 16:21 - 2014-11-12 16:21 - 00000000 ____D () C:\Users\administrator.DDI\AppData\Roaming\Adobe
2014-11-12 16:15 - 2014-11-12 16:21 - 00000000 ____D () C:\Users\administrator.DDI\AppData\Roaming\Google
2014-11-12 16:15 - 2014-11-12 16:15 - 00000000 ____D () C:\Users\administrator.DDI\AppData\Local\Google
2014-11-12 15:49 - 2014-11-12 15:49 - 00008772 _____ () C:\ComboFix.txt
2014-11-12 15:33 - 2014-11-12 15:33 - 00124096 _____ () C:\Users\administrator.DDI\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-12 15:33 - 2014-11-12 15:33 - 00001415 _____ () C:\Users\administrator.DDI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-12 15:33 - 2014-11-12 15:33 - 00000000 ____D () C:\Users\administrator.DDI\AppData\Roaming\HP
2014-11-12 15:29 - 2014-11-12 15:33 - 00000000 ____D () C:\Users\administrator.DDI
2014-11-12 15:29 - 2014-11-12 15:29 - 00000020 ___SH () C:\Users\administrator.DDI\ntuser.ini
2014-11-12 15:29 - 2010-01-21 15:44 - 00000000 ____D () C:\Users\administrator.DDI\AppData\Roaming\Macromedia
2014-11-12 15:29 - 2009-07-13 23:42 - 00000000 ___RD () C:\Users\administrator.DDI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-12 15:29 - 2009-07-13 23:37 - 00000000 ___RD () C:\Users\administrator.DDI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-11-12 13:51 - 2014-10-27 14:10 - 12366848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 13:51 - 2014-10-27 14:05 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 13:51 - 2014-10-27 14:02 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 13:51 - 2014-10-27 13:59 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 13:51 - 2014-10-27 13:59 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 13:51 - 2014-10-27 13:58 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 13:51 - 2014-10-27 13:57 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-11-12 13:51 - 2014-10-27 13:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 13:51 - 2014-10-27 13:56 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 13:51 - 2014-10-27 13:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-12 13:51 - 2014-10-27 13:56 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 13:51 - 2014-10-27 13:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 13:51 - 2014-10-27 13:56 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 13:51 - 2014-10-27 13:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 13:51 - 2014-10-27 13:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 13:51 - 2014-10-27 13:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 13:51 - 2014-10-27 13:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 13:51 - 2014-10-27 13:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-11-12 13:51 - 2014-10-27 13:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-11-12 13:51 - 2014-10-27 13:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-11-12 13:51 - 2014-10-27 13:54 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 13:51 - 2014-10-09 19:45 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 13:51 - 2014-10-02 20:44 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 13:51 - 2014-10-02 20:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 13:51 - 2014-10-02 20:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 13:51 - 2014-10-02 20:44 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 13:51 - 2014-10-02 20:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 13:51 - 2014-09-19 04:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-12 13:51 - 2014-09-19 04:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 13:51 - 2014-09-19 04:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 13:51 - 2014-09-19 04:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 13:51 - 2014-09-19 04:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 13:51 - 2014-09-19 04:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 13:51 - 2014-09-19 04:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 13:50 - 2014-11-05 12:50 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 13:50 - 2014-11-05 12:50 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 13:50 - 2014-11-05 12:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 13:50 - 2014-10-24 20:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 13:50 - 2014-10-17 20:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 13:50 - 2014-10-13 20:56 - 00136632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 13:50 - 2014-10-13 20:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 13:50 - 2014-10-13 20:50 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 13:50 - 2014-10-13 20:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 13:50 - 2014-10-13 20:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 13:50 - 2014-10-13 20:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 13:50 - 2014-08-21 01:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 13:50 - 2014-08-21 01:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 13:50 - 2014-08-11 20:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 12:04 - 2014-11-12 12:04 - 01182720 _____ (Wilson WindowWare, Inc.) C:\Windows\WBDNA44I.DLL
2014-11-11 19:30 - 2014-11-11 20:30 - 17926832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2014-11-11 15:54 - 2014-11-11 15:54 - 00001529 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Sage DacEasy - Business Center.lnk
2014-11-11 15:54 - 2014-11-11 15:54 - 00001523 _____ () C:\Users\Public\Desktop\Sage DacEasy - Business Center.lnk
2014-11-11 15:54 - 2014-11-11 15:54 - 00000000 ____D () C:\Windows\system32\Redistr_MS_MSI
2014-11-11 15:53 - 2009-08-06 09:51 - 01821192 _____ (Microsoft Corporation) C:\Windows\system32\vcredist_x86.exe
2014-11-11 15:52 - 2011-06-11 11:13 - 00198984 _____ (Sage Software, Inc.) C:\Windows\system32\deagnt.exe
2014-11-11 15:52 - 2009-08-06 09:51 - 00154624 _____ (Blue Sky Software) C:\Windows\system32\HLP25632.DLL
2014-11-11 15:52 - 2009-08-06 09:51 - 00049152 _____ (Blue Sky Software Corporation.) C:\Windows\system32\INETWH32.DLL
2014-11-11 15:51 - 2014-11-11 15:54 - 00000000 ____D () C:\Sage DacEasy
2014-11-11 15:51 - 2014-11-11 15:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sage DacEasy
2014-11-11 15:17 - 2014-11-11 15:17 - 00000000 ____D () C:\ProgramData\RegriDrecu
2014-11-11 15:17 - 2014-11-11 15:17 - 00000000 ____D () C:\ProgramData\FezlApaqs
2014-11-11 14:56 - 2014-11-11 15:18 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
2014-11-11 14:56 - 2014-11-11 14:56 - 00139636 _____ (Корпорация Майкрософт) C:\Windows\brdgcsvc.dll
2014-11-11 14:56 - 2014-11-11 14:56 - 00000000 ____D () C:\ProgramData\EuduJgak
2014-11-11 14:56 - 2014-11-11 14:56 - 00000000 ____D () C:\ProgramData\EejeVful
2014-11-11 14:13 - 2014-11-11 14:13 - 00001849 _____ () C:\Users\KIM.DDI\Desktop\ShadowExplorer.lnk
2014-11-11 14:13 - 2014-11-11 14:13 - 00000000 ____D () C:\Users\KIM.DDI\AppData\Roaming\www.shadowexplorer.com
2014-11-11 14:13 - 2014-11-11 14:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer
2014-11-11 14:13 - 2014-11-11 14:13 - 00000000 ____D () C:\Program Files\ShadowExplorer
2014-11-10 09:53 - 2014-11-11 14:57 - 00000272 ____H () C:\ProgramData\@system3.att
2014-11-10 09:52 - 2014-11-11 14:57 - 00000536 _____ () C:\ProgramData\@system.temp
2014-11-10 09:52 - 2014-11-10 12:01 - 00000000 ____D () C:\ProgramData\PotlUgoni
2014-11-10 09:52 - 2014-11-10 12:01 - 00000000 ____D () C:\ProgramData\DaytOxdo
2014-11-10 09:52 - 2014-11-10 09:52 - 00000448 ____H () C:\Users\KIM.DDI\AppData\Roaming\麽鎒駓覜
2014-11-07 16:32 - 2014-11-07 16:32 - 00000276 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.URL
2014-11-07 16:32 - 2014-11-07 16:32 - 00000276 _____ () C:\Users\KIM.DDI\DECRYPT_INSTRUCTION.URL
2014-11-07 16:32 - 2014-11-07 16:32 - 00000276 _____ () C:\Users\DECRYPT_INSTRUCTION.URL
2014-11-07 16:32 - 2014-11-07 16:32 - 00000276 _____ () C:\DECRYPT_INSTRUCTION.URL
2014-11-07 16:19 - 2014-11-07 16:19 - 00000276 _____ () C:\Users\KIM.DDI\Downloads\DECRYPT_INSTRUCTION.URL
2014-11-07 16:18 - 2014-11-07 16:18 - 00000276 _____ () C:\Users\KIM.DDI\Documents\DECRYPT_INSTRUCTION.URL
2014-11-07 16:16 - 2014-11-07 16:16 - 00000276 _____ () C:\Users\KIM.DDI\AppData\Roaming\DECRYPT_INSTRUCTION.URL
2014-11-07 16:16 - 2014-11-07 16:16 - 00000276 _____ () C:\Users\KIM.DDI\AppData\Local\DECRYPT_INSTRUCTION.URL
2014-11-07 16:16 - 2014-11-07 16:16 - 00000276 _____ () C:\Users\KIM.DDI\AppData\DECRYPT_INSTRUCTION.URL
2014-11-07 16:11 - 2014-11-07 16:11 - 00000276 _____ () C:\Users\KIM\DECRYPT_INSTRUCTION.URL
2014-11-07 16:11 - 2014-11-07 16:11 - 00000276 _____ () C:\Users\KIM\AppData\Local\DECRYPT_INSTRUCTION.URL
2014-11-07 16:11 - 2014-11-07 16:11 - 00000276 _____ () C:\Users\KIM\AppData\DECRYPT_INSTRUCTION.URL
2014-11-07 16:05 - 2014-11-07 16:05 - 00000276 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.URL
2014-11-07 15:56 - 2014-11-08 07:04 - 00000000 ____D () C:\3745004
2014-11-07 10:22 - 2014-11-10 12:01 - 00000000 ____D () C:\ProgramData\QunfUzto
2014-11-07 10:22 - 2014-11-10 12:01 - 00000000 ____D () C:\ProgramData\EejzUcgeq
2014-11-07 09:49 - 2014-11-10 20:40 - 00000000 ____D () C:\Users\KIM.DDI\AppData\Local\Amnworks
2014-11-07 09:49 - 2014-11-10 09:53 - 00000000 ____D () C:\Users\KIM.DDI\AppData\Local\Odics
2014-11-07 09:47 - 2014-11-10 12:01 - 00000000 ____D () C:\ProgramData\YaweYatn
2014-11-07 09:47 - 2014-11-10 12:01 - 00000000 ____D () C:\ProgramData\XadicFonah
2014-11-06 09:51 - 2014-11-10 20:41 - 00000000 __SHD () C:\Windows\ftpcache
2014-10-16 09:23 - 2014-10-16 09:23 - 00002155 _____ () C:\Users\Public\Desktop\Shop for HP Supplies.lnk
2014-10-16 09:22 - 2014-10-16 09:23 - 00000305 _____ () C:\Windows\system32\msiexec.log
2014-10-16 09:15 - 2010-01-21 19:42 - 00176849 ____N () C:\Windows\hppins12.dat.temp
2014-10-16 09:10 - 2014-11-08 06:59 - 00000000 ____D () C:\CM_2320_Full_Solution_Win7_3_1_AM-EMEA1
2014-10-14 22:18 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-14 22:18 - 2014-08-28 20:44 - 04922368 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-14 22:18 - 2014-08-28 20:44 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-14 22:18 - 2014-08-28 20:44 - 01050112 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-14 22:18 - 2014-08-28 20:44 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-10-14 22:18 - 2014-08-28 20:44 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-10-14 22:18 - 2014-08-18 21:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-14 22:18 - 2014-08-18 21:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-14 22:18 - 2014-08-18 21:41 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-14 22:18 - 2014-08-18 21:40 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-14 22:18 - 2014-08-18 21:40 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-14 22:18 - 2014-08-18 20:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-14 22:18 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-14 22:18 - 2014-07-16 20:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-14 22:18 - 2014-07-16 20:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-14 22:18 - 2014-07-16 20:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-14 22:18 - 2014-07-16 20:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-14 22:18 - 2014-07-06 20:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-14 22:18 - 2014-07-06 20:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-14 22:18 - 2014-07-06 20:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-14 22:18 - 2014-07-06 20:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-14 22:18 - 2014-07-06 20:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-14 22:18 - 2014-07-06 20:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-14 22:18 - 2014-07-06 20:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-14 22:18 - 2014-07-06 20:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-14 22:18 - 2014-07-06 20:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-14 22:18 - 2014-07-06 20:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-14 22:18 - 2014-07-06 20:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-14 22:18 - 2014-07-06 20:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-14 22:18 - 2014-07-06 20:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-14 22:18 - 2014-07-06 20:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-14 22:18 - 2014-07-06 20:40 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-14 22:18 - 2014-07-06 20:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-14 22:18 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-14 22:18 - 2014-07-06 20:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-14 22:18 - 2014-07-06 20:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-14 22:18 - 2014-07-06 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-14 22:18 - 2014-07-06 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-14 22:18 - 2014-07-06 20:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-14 22:18 - 2014-07-06 20:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-10-14 22:18 - 2014-07-06 20:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-14 22:18 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-14 22:18 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-14 22:18 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-14 22:18 - 2014-07-06 20:28 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-14 22:18 - 2014-06-27 19:21 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-14 22:18 - 2014-06-27 19:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-14 22:18 - 2014-06-27 19:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-14 22:18 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-14 22:18 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-14 22:18 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-13 15:03 - 2014-10-13 15:03 - 00000597 _____ () C:\Users\KIM.DDI\Desktop\Vermont Country.url

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-12 22:30 - 2012-12-26 14:16 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-12 21:01 - 2009-07-13 23:34 - 00025424 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-12 21:01 - 2009-07-13 23:34 - 00025424 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-12 20:42 - 2010-01-21 14:36 - 00803166 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-12 20:42 - 2010-01-21 14:33 - 01236755 ____N () C:\Windows\WindowsUpdate.log
2014-11-12 20:37 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-12 20:36 - 2010-02-25 13:45 - 00000008 _____ () C:\Windows\system32\pcisys.ntk
2014-11-12 17:43 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\rescache
2014-11-12 17:02 - 2011-07-08 15:32 - 00000000 ____D () C:\Windows\Minidump
2014-11-12 17:00 - 2010-10-18 08:05 - 00000000 ____D () C:\ProgramData\Pervasive
2014-11-12 16:58 - 2010-01-21 14:57 - 00002586 _____ () C:\Windows\ODBC.INI
2014-11-12 15:49 - 2010-04-09 10:09 - 00000000 ____D () C:\Qoobox
2014-11-12 15:48 - 2009-07-13 21:04 - 00000215 _____ () C:\Windows\system.ini
2014-11-12 15:33 - 2009-07-13 23:46 - 00001515 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-11-12 15:05 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-12 14:51 - 2009-07-13 23:33 - 00461352 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 14:50 - 2014-05-06 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-12 14:29 - 2013-08-15 02:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 14:27 - 2010-01-25 13:30 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-12 13:55 - 2010-04-07 13:23 - 00000000 ____D () C:\Users\KIM.DDI\AppData\Roaming\Malwarebytes
2014-11-12 13:38 - 2011-07-08 16:41 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-11-12 12:32 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\PLA
2014-11-12 11:53 - 2011-11-28 15:40 - 00000459 _____ () C:\Users\KIM.DDI\Desktop\Camera View(Live).website
2014-11-12 11:06 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-12 10:37 - 2010-02-18 12:19 - 00000000 ____D () C:\COSTLOC
2014-11-12 10:37 - 2010-01-21 15:50 - 00000000 ____D () C:\LVWIN70
2014-11-11 20:30 - 2012-12-26 14:16 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-11-11 20:30 - 2011-11-28 13:41 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-11-11 15:54 - 2010-01-21 21:37 - 00014509 _____ () C:\Program Files\DeaInstall.log
2014-11-11 15:53 - 2010-01-21 15:30 - 00000806 _____ () C:\Windows\ODBCINST.INI
2014-11-11 15:52 - 2010-10-20 13:11 - 00000000 ____D () C:\Program Files\Pervasive
2014-11-11 15:51 - 2010-01-21 21:40 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-11-11 14:30 - 2010-01-21 14:52 - 00000112 _____ () C:\Windows\system32\config\netlogon.ftl
2014-11-10 12:02 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\IME
2014-11-08 06:59 - 2014-09-25 08:29 - 00000000 ____D () C:\Users\KIM.DDI\Documents\Optimizer Pro
2014-11-08 06:59 - 2014-04-30 13:55 - 00000000 ____D () C:\Users\KIM.DDI\AppData\Roaming\HP
2014-11-08 06:59 - 2013-04-30 12:41 - 00000000 ____D () C:\COSTER
2014-11-08 06:59 - 2011-10-20 10:59 - 00000000 ____D () C:\Users\KIM.DDI\Documents\k
2014-11-08 06:59 - 2011-09-13 15:39 - 00000000 ____D () C:\Users\KIM.DDI\john
2014-11-08 06:59 - 2011-03-18 15:27 - 00000000 ____D () C:\UPS4344E
2014-11-08 06:59 - 2010-06-18 13:07 - 00000000 ____D () C:\ProgramData\WebEx
2014-11-08 06:59 - 2010-03-03 21:41 - 00000000 ____D () C:\UPS
2014-11-08 06:59 - 2010-01-27 15:01 - 00000000 ____D () C:\Users\KIM.DDI\AppData\Roaming\Nvu
2014-11-08 06:59 - 2010-01-26 09:32 - 00000000 ____D () C:\Users\KIM.DDI\AppData\Local\HP
2014-11-08 06:59 - 2010-01-21 19:38 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-11-08 06:59 - 2010-01-21 19:16 - 00000000 ____D () C:\CM_2320_Full_Solution_Win7_3_1_AP
2014-11-08 06:59 - 2010-01-21 15:48 - 00000000 ____D () C:\Users\KIM.DDI\AppData\Local\Google
2014-11-08 06:59 - 2010-01-21 15:41 - 00000000 ____D () C:\Users\KIM.DDI\AppData\Roaming\Adobe
2014-11-08 06:59 - 2010-01-21 15:06 - 00000000 ____D () C:\ProgramFilesServer
2014-11-08 06:59 - 2010-01-21 15:06 - 00000000 ____D () C:\Outlook
2014-11-08 06:59 - 2010-01-21 14:45 - 00000000 ____D () C:\Users\KIM.DDI
2014-11-08 06:59 - 2010-01-21 14:34 - 00000000 ____D () C:\Users\KIM
2014-11-08 06:59 - 2009-11-03 17:45 - 00000000 ____D () C:\dell
2014-11-08 06:59 - 2009-09-10 11:25 - 00000000 ____D () C:\Users\KIM.DDI\Documents\Panasonic
2014-11-08 06:59 - 2009-07-13 21:37 - 00000000 ___RD () C:\Users\Public
2014-11-08 06:59 - 2008-11-07 16:37 - 00000000 ____D () C:\PowerPanel
2014-11-08 06:59 - 2008-04-25 11:10 - 00000000 ____D () C:\I386
2014-11-08 06:59 - 2007-07-12 08:07 - 00000000 ____D () C:\Users\KIM.DDI\Documents\DacEasy Crytsal-Rpts Perv-SQL
2014-11-08 06:59 - 2007-07-10 13:50 - 00000000 ____D () C:\CR-XI-MLB
2014-11-08 06:59 - 2007-05-24 10:40 - 00000000 ____D () C:\Users\KIM.DDI\Documents\Online Store Pics
2014-11-08 06:59 - 2005-11-29 16:44 - 00000000 ___SD () C:\Users\KIM.DDI\Documents\My Data Sources
2014-11-08 06:59 - 2005-11-15 11:47 - 00000000 ____D () C:\x old
2014-11-08 06:59 - 2005-11-10 09:22 - 00000000 ____D () C:\x old 1
2014-11-04 14:30 - 2010-01-21 14:52 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-27 10:54 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-10-16 09:23 - 2010-01-21 19:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-10-16 09:23 - 2010-01-21 19:37 - 00172352 _____ () C:\Windows\hppins12.dat
2014-10-16 09:23 - 2010-01-21 19:18 - 00000000 ____D () C:\Program Files\HP
2014-10-16 09:23 - 2010-01-21 19:17 - 00005466 _____ () C:\ProgramData\hpzinstall.log
2014-10-16 09:23 - 2010-01-21 19:17 - 00000000 ____D () C:\ProgramData\HP
2014-10-15 02:13 - 2009-07-13 21:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories

Files to move or delete:
====================
C:\Users\KIM.DDI\WSSEMAPHORES.dat


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-05 00:25

==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-11-2014
Ran by kim at 2014-11-12 22:37:18
Running from E:\My Tools\Bleepingcomputer\FarBar
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 6.1.2 - Hewlett-Packard) Hidden
4500_G510af_Help_Web (Version: 000.0.440.000 - Hewlett-Packard) Hidden
4500G510af_Software_Min (Version: 000.0.423.000 - Hewlett-Packard) Hidden
4500G510af_web (Version: 000.0.425.000 - Hewlett-Packard) Hidden
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.0.2.12610 - Adobe Systems Inc.)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Belarc Advisor 8.1 (HKLM\...\Belarc Advisor) (Version: - )
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
CCC (Version: 12.00.0000 - United Parcel Service, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.1) (Version: 5.0.0.1 - Coupons.com Incorporated)
Crystal Reports XI (HKLM\...\{7505DE9C-4E85-4636-82F0-50F38077B900}) (Version: 11.0.0.128227 - Business Objects)
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version: - )
DeviceDiscovery (Version: 100.0.190.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
FormsComponent (Version: 12.00.0000 - UPS) Hidden
FOSS (Version: 12.50.0000 - UPS) Hidden
Google Apps Migration For Microsoft Outlook® 2.3.12.34 (HKLM\...\{F5BA02A8-A0FD-4ABB-8F3C-8C5698622343}) (Version: 2.3.12.34 - Google, Inc.)
Google Apps Sync™ for Microsoft Outlook® 3.2.353.947 (HKLM\...\{70F59A75-8753-4D76-94C7-6109AB3525C3}) (Version: 3.2.353.947 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
HP Color LaserJet CM2320 MFP Series 3.1 (HKLM\...\{ECF3E482-9188-4e29-9C31-E02FD8DC74C0}) (Version: 3.1 - HP)
HP Customer Participation Program 10.0 (HKLM\...\HPExtendedCapabilities) (Version: 10.0 - HP)
HP Imaging Device Functions 10.0 (HKLM\...\HP Imaging Device Functions) (Version: 10.0 - HP)
HP Officejet 4500 G510a-f (HKLM\...\{1EB2596D-80B0-4D55-AC31-6FCFE757081E}) (Version: 13.0 - HP)
HP Officejet 6600 Basic Device Software (HKLM\...\{C4C4BECF-764C-406D-A1AD-F73611B0F668}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart D110 All-In-One Driver 14.0 Rel. 7 (HKLM\...\{14BC6853-A74E-4874-B50D-679889D1544D}) (Version: 14.0 - HP)
HP Update (HKLM\...\{11B83AD3-7A46-4C2E-A568-9505981D4C6F}) (Version: 4.000.007.003 - Hewlett-Packard)
hppCLJCM2320 (Version: 003.001.00097 - Hewlett-Packard) Hidden
hppFaxDrvCM2320 (Version: 003.000.00001 - Hewlett-Packard) Hidden
hppFaxUtilityCM2320 (Version: 003.001.00095 - Hewlett-Packard) Hidden
hppFonts (Version: 001.001.00061 - Hewlett-Packard) Hidden
hppLaserJetService (Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppManualsCM2320 (Version: 003.001.00087 - Hewlett-Packard) Hidden
hppPQVideoCM2320 (Version: 003.001.00092 - Hewlett-Packard) Hidden
hppQFolderCM2320 (Version: 1.00.0000 - Hewlett-Packard) Hidden
hppScanToCM2320 (Version: 003.001.00090 - Hewlett-Packard) Hidden
hppSendFaxCM2320 (Version: 003.000.00001 - Hewlett-Packard) Hidden
hppTLBXFXCM2320 (Version: 001.017.00048 - Hewlett-Packard) Hidden
hppusgCM2320 (Version: 1.1.0.1 - Hewlett-Packard) Hidden
HPSSupply (Version: 100.0.170.000 - Hewlett-Packard) Hidden
hpzTLBXFX (Version: 005.003.00171 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
ICCHelp (HKLM\...\{A5763105-D1D5-4862-A3FE-EC058F9AA73E}) (Version: 1.0.0.2 - UPS)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2202 - Intel Corporation)
Intel® TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.510 - Oracle)
LABELVIEW 7.0 (HKLM\...\LabelView) (Version: - )
Malwarebytes Anti-Malware MSI (HKLM\...\{FBC350D5-10D0-4B9B-A9AC-5F2EA07770D5}) (Version: 1.60.2 - Malwarebytes Corporation)
MarketResearch (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Small Business Edition 2003 (HKLM\...\{91CA0409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSIChecker (Version: 9.00.0000 - UPS) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NA1Messenger (Version: 12.00.6000 - Your Company Name) Hidden
NetSupport Manager (HKLM\...\{97417C14-BDF8-4297-90C2-1F19554A91C8}) (Version: 11.30.0002 - NetSupport Ltd)
Network (Version: 140.0.212.000 - Hewlett-Packard) Hidden
NRF (Version: 12.00.0000 - UPS) Hidden
nutraCoster (HKLM\...\nutraCoster) (Version: - )
nutraCoster Workstation (HKLM\...\nutraCoster Workstation) (Version: - )
Nvu 1.0PR (HKLM\...\Nvu_is1) (Version: 1.0PR - Linspire Inc.)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Pervasive PSQL v10 Workgroup (32-bit) (HKLM\...\{0A3238D7-AB32-4E15-B717-F3E3F18B4A8C}) (Version: 10.01.073 - Pervasive Software)
PolicyManager (Version: 12.00.0000 - UPS) Hidden
PS_AIO_07_D110_SW_Min (Version: 140.0.142.000 - Hewlett-Packard) Hidden
Reconciler (Version: 12.00.0000 - UPS) Hidden
ReportServer (Version: 12.00.0000 - Your Company Name) Hidden
RydeSmart (HKLM\...\InstallShield_{28D04412-8F61-485B-8407-2B13698C45B0}) (Version: 7.01 - Teletrac)
RydeSmart (Version: 7.01 - Teletrac) Hidden
Sage DacEasy Version 2012 (HKLM\...\{0E6F3710-0205-4B80-B409-0AADE6233C24}) (Version: 18.0.0 - Sage Software, Inc.)
Scan (Version: 140.0.77.000 - Hewlett-Packard) Hidden
ShadowExplorer 0.9 (HKLM\...\ShadowExplorer_is1) (Version: 0.9.462.0 - ShadowExplorer.com)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 10.0 - HP)
SupportUtility (Version: 12.00.0000 - Your Company Name) Hidden
System (Version: 12.00.0000 - UPS) Hidden
the DacEasy by Sage Version 2010 Developer's SDK (HKLM\...\{B464AA4D-C353-4B9E-8D85-45B76CF93D5A}) (Version: - )
Toolbox (Version: 140.0.424.000 - Hewlett-Packard) Hidden
TrayApp (Version: 100.0.170.000 - Hewlett-Packard) Hidden
UnifiedPrinting (Version: 12.00.0000 - UPS) Hidden
UPS WorldShip (HKLM\...\UPS WorldShip) (Version: 12.0 - UPS)
UPSICC (Version: 1.0.0.16 - UPS) Hidden
UPSlinkHTTP (Version: 1.0.0.13 - UPS) Hidden
UPSVCMM (Version: 12.00.0000 - UPS) Hidden
WebHelp (HKLM\...\{8C5BD501-AD5D-4A75-9321-076509B438FC}) (Version: 1.00.0000 - UPS)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
WorldShip (Version: 12.00.0000 - UPS) Hidden
Zebra Font Downloader 5.1 (HKLM\...\Zebra Font Downloader_is1) (Version: - Zebra)
Zoosk Messenger (HKLM\...\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1) (Version: 2.1.81.20943 - Zoosk, Inc.)
Zoosk Messenger (Version: 2.1.81 - Zoosk, Inc.) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2407052180-3221251107-2235898140-1150_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\KIM.DDI\AppData\Local\Google\Chrome\Application\35.0.1916.153\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2407052180-3221251107-2235898140-1150_Classes\CLSID\{6d05bf60-3eaf-4a97-87c5-10cce505435b}\localserver32 -> C:\Users\KIM.DDI\AppData\Local\Temp\{9c0ba3c1-2b67-45eb-bf69-bed9658d28d2}\IDriver.NonElevated.exe N (the data entry has 6 more characters).

==================== Restore Points =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2011-07-08 15:58 - 2014-11-12 13:29 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {4959E41A-03B3-49A6-9A6C-F0CFB06950D1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {67B83E04-F9FF-4DE0-87EA-908DC8BCA55C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-11] (Adobe Systems Incorporated)
Task: {7B5B0235-E3F5-49BD-9576-A8433E5AE765} - System32\Tasks\wklennty => Rundll32.exe "C:\Windows\system32\mf3216T.dll",gtfov
Task: {C705C673-7CEB-48F7-8196-4AC1FF27F090} - System32\Tasks\Fxxlymsbtv => Rundll32.exe "C:\Windows\system32\ifsutil0.dll",peajoncsj

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2010-04-30 10:58 - 2009-11-05 07:39 - 00087552 _____ () C:\Windows\System32\cpwmon2k.dll
2008-08-18 15:57 - 2008-08-18 15:57 - 00455968 _____ () C:\Program Files\Pervasive\bin\w3dbsmgr.exe
2007-09-05 11:15 - 2007-09-05 11:15 - 00230688 _____ () C:\Program Files\Pervasive\bin\W3COMSRV.DLL
2009-12-01 21:36 - 2009-12-01 21:36 - 00024576 _____ () C:\UPS\WSTD\UPSNA1Msgr.exe
2009-12-01 21:36 - 2009-12-01 21:36 - 00045056 _____ () C:\UPS\WSTD\PolicyMgr\UPS.Components.NA1MessengerServer.dll
2009-12-01 19:34 - 2009-12-01 19:34 - 00018944 _____ () C:\UPS\WSTD\UPSResourceManager.dll
2009-12-01 21:37 - 2009-12-01 21:37 - 00053248 _____ () C:\UPS\WSTD\PolicyMgr\UPS.Components.PolicyHolder.dll
2009-12-01 21:37 - 2009-12-01 21:37 - 00024576 _____ () C:\UPS\WSTD\PolicyMgr\Microsoft.ApplicationBlocks.Data.dll
2009-10-22 08:26 - 2009-10-22 08:26 - 00061440 _____ () C:\Program Files\HP\ToolboxFX\bin\HPTools.dll
2009-10-22 08:26 - 2009-10-22 08:26 - 00069632 _____ () C:\Program Files\HP\ToolboxFX\bin\HPToolkit.dll
2009-10-22 08:26 - 2009-10-22 08:26 - 00069632 _____ () C:\Program Files\HP\ToolboxFX\bin\AppConstants.dll
2009-10-22 08:26 - 2009-10-22 08:26 - 00516096 _____ () C:\Program Files\HP\ToolboxFX\bin\HPAppTools.dll
2009-10-22 08:26 - 2009-10-22 08:26 - 00130560 _____ () C:\Program Files\HP\ToolboxFX\bin\DMBaseObjects.dll
2009-10-22 08:26 - 2009-10-22 08:26 - 00840192 _____ () C:\Program Files\HP\ToolboxFX\bin\PLSDMXMLObjects.dll
2009-10-22 08:26 - 2009-10-22 08:26 - 00674816 _____ () C:\Program Files\HP\ToolboxFX\bin\LEDMXMLObjects.dll
2009-10-22 08:26 - 2009-10-22 08:26 - 00086016 _____ () C:\Program Files\HP\ToolboxFX\bin\HPFaxUtilities.dll
2009-10-22 08:26 - 2009-10-22 08:26 - 00835584 _____ () C:\Program Files\HP\ToolboxFX\bin\Alerts.dll
2009-10-15 07:25 - 2009-10-15 07:25 - 00364544 _____ () C:\Program Files\HP\ToolboxFX\bin\nativeutils.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\26956734.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\26956734.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\client32 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MyOSProtect => ""="service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3931294919-2743926396-4032931659-500 - Administrator - Disabled)
Guest (S-1-5-21-3931294919-2743926396-4032931659-501 - Limited - Disabled)
KIM (S-1-5-21-3931294919-2743926396-4032931659-1000 - Administrator - Enabled) => C:\Users\KIM

==================== Faulty Device Manager Devices =============

Name: HP Color LaserJet CM2320nf MFP
Description: HP Color LaserJet CM2320nf MFP
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Officejet 6600
Description: Officejet 6600
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Officejet 6600
Description: Officejet 6600
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/12/2014 00:52:26 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: DDI)
Description: HRESULT:0x80070643
Description:Cannot complete uninstall wizard. An error has prevented the Security Essentials Uninstall Wizard from continuing. Please restart your computer and try again. Error code:0x80070643. Fatal error during installation.

Error: (11/12/2014 00:52:09 PM) (Source: MsiInstaller) (EventID: 11402) (User: DDI)
Description: Product: Microsoft Security Client -- Error 1402. Could not open key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run. System error 5. Verify that you have sufficient access to that key, or contact your support personnel.

Error: (11/12/2014 00:56:28 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/12/2014 00:52:02 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/11/2014 03:19:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: UpdateFlashPlayer_fe51ccff.exe, version: 1.0.0.1002, time stamp: 0x539d7a76
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00004542
Faulting process id: 0x1e48
Faulting application start time: 0xUpdateFlashPlayer_fe51ccff.exe0
Faulting application path: UpdateFlashPlayer_fe51ccff.exe1
Faulting module path: UpdateFlashPlayer_fe51ccff.exe2
Report Id: UpdateFlashPlayer_fe51ccff.exe3

Error: (11/11/2014 03:18:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: spoolsv.exe, version: 6.1.7601.17777, time stamp: 0x4f35efc3
Faulting module name: hpzjcd01.dll, version: 6.1.7.0, time stamp: 0x47a38eeb
Exception code: 0xc0000005
Fault offset: 0x00012d2e
Faulting process id: 0x5cc
Faulting application start time: 0xspoolsv.exe0
Faulting application path: spoolsv.exe1
Faulting module path: spoolsv.exe2
Report Id: spoolsv.exe3

Error: (11/11/2014 03:18:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: UpdateFlashPlayer_1cc6986b.exe, version: 1.0.0.1002, time stamp: 0x539d7a76
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00004542
Faulting process id: 0x578
Faulting application start time: 0xUpdateFlashPlayer_1cc6986b.exe0
Faulting application path: UpdateFlashPlayer_1cc6986b.exe1
Faulting module path: UpdateFlashPlayer_1cc6986b.exe2
Report Id: UpdateFlashPlayer_1cc6986b.exe3

Error: (11/11/2014 03:18:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: UpdateFlashPlayer_b9c2bd78.exe, version: 1.0.0.1002, time stamp: 0x539d7a76
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00004542
Faulting process id: 0x1d54
Faulting application start time: 0xUpdateFlashPlayer_b9c2bd78.exe0
Faulting application path: UpdateFlashPlayer_b9c2bd78.exe1
Faulting module path: UpdateFlashPlayer_b9c2bd78.exe2
Report Id: UpdateFlashPlayer_b9c2bd78.exe3

Error: (11/11/2014 02:58:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: UpdateFlashPlayer_1606b7f1.exe, version: 1.0.0.1002, time stamp: 0x539d7a76
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00004542
Faulting process id: 0x16a8
Faulting application start time: 0xUpdateFlashPlayer_1606b7f1.exe0
Faulting application path: UpdateFlashPlayer_1606b7f1.exe1
Faulting module path: UpdateFlashPlayer_1606b7f1.exe2
Report Id: UpdateFlashPlayer_1606b7f1.exe3

Error: (11/11/2014 01:19:42 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (11/12/2014 09:24:18 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/12/2014 08:41:46 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: DDI)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (11/12/2014 08:39:02 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (11/12/2014 08:38:32 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The HP CUE DeviceDiscovery Service service hung on starting.

Error: (11/12/2014 08:37:15 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain DDI due to the following:
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.



ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (11/12/2014 08:35:16 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: DDI)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (11/12/2014 08:32:40 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The HP CUE DeviceDiscovery Service service hung on starting.

Error: (11/12/2014 08:32:35 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (11/12/2014 08:30:48 PM) (Source: volsnap) (EventID: 25) (User: )
Description: The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.

Error: (11/12/2014 08:31:02 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain DDI due to the following:
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.



ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.


Microsoft Office Sessions:
=========================
Error: (11/12/2014 00:52:26 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: DDI)
Description: HRESULT:0x80070643
Description:Cannot complete uninstall wizard. An error has prevented the Security Essentials Uninstall Wizard from continuing. Please restart your computer and try again. Error code:0x80070643. Fatal error during installation.

Error: (11/12/2014 00:52:09 PM) (Source: MsiInstaller) (EventID: 11402) (User: DDI)
Description: Product: Microsoft Security Client -- Error 1402. Could not open key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run. System error 5. Verify that you have sufficient access to that key, or contact your support personnel. (NULL)(NULL)(NULL)(NULL)(NULL)

Error: (11/12/2014 00:56:28 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\HP\digital imaging\{ecf3e482-9188-4e29-9c31-e02fd8dc74c0}\setup\faxprinterdrivers\hppfaxprinteremail_x64.exe

Error: (11/12/2014 00:52:02 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Officejet 6600\DriverStore\Pipeline\amd64\hpinkins5D12.exe

Error: (11/11/2014 03:19:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: UpdateFlashPlayer_fe51ccff.exe1.0.0.1002539d7a76unknown0.0.0.000000000c0000005000045421e4801cffdecbccf9061C:\Users\KIM.DDI\AppData\Local\Temp\UpdateFlashPlayer_fe51ccff.exeunknownfbce1ea8-69df-11e4-beca-002564e5d266

Error: (11/11/2014 03:18:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: spoolsv.exe6.1.7601.177774f35efc3hpzjcd01.dll6.1.7.047a38eebc000000500012d2e5cc01cffd50cc4bbf58C:\Windows\System32\spoolsv.exeC:\Windows\System32\hpzjcd01.dllf2737655-69df-11e4-beca-002564e5d266

Error: (11/11/2014 03:18:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: UpdateFlashPlayer_1cc6986b.exe1.0.0.1002539d7a76unknown0.0.0.000000000c00000050000454257801cffdeca306c889C:\Users\KIM.DDI\AppData\Local\Temp\UpdateFlashPlayer_1cc6986b.exeunknowne24cc019-69df-11e4-beca-002564e5d266

Error: (11/11/2014 03:18:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: UpdateFlashPlayer_b9c2bd78.exe1.0.0.1002539d7a76unknown0.0.0.000000000c0000005000045421d5401cffdeca09be2c2C:\Users\KIM.DDI\AppData\Local\Temp\UpdateFlashPlayer_b9c2bd78.exeunknowndf3b39fe-69df-11e4-beca-002564e5d266

Error: (11/11/2014 02:58:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: UpdateFlashPlayer_1606b7f1.exe1.0.0.1002539d7a76unknown0.0.0.000000000c00000050000454216a801cffde9cf938876C:\Users\KIM.DDI\AppData\Local\Temp\UpdateFlashPlayer_1606b7f1.exeunknown0da66e83-69dd-11e4-beca-002564e5d266

Error: (11/11/2014 01:19:42 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\HP\digital imaging\{ecf3e482-9188-4e29-9c31-e02fd8dc74c0}\setup\faxprinterdrivers\hppfaxprinteremail_x64.exe


CodeIntegrity Errors:
===================================
Date: 2011-07-08 17:59:10.297
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

Date: 2011-07-08 17:59:10.266
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

Date: 2011-07-08 17:53:16.750
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

Date: 2011-07-08 17:53:16.718
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

Date: 2011-07-08 17:46:31.099
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

Date: 2011-07-08 17:46:31.068
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

Date: 2011-07-08 17:43:42.852
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

Date: 2011-07-08 17:43:42.821
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

Date: 2011-07-08 17:38:06.721
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

Date: 2011-07-08 17:38:06.675
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU E7500 @ 2.93GHz
Percentage of memory in use: 44%
Total physical RAM: 3036.99 MB
Available physical RAM: 1684.09 MB
Total Pagefile: 6072.27 MB
Available Pagefile: 4248.11 MB
Total Virtual: 2047.88 MB
Available Virtual: 1889.17 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:298.05 GB) (Free:252.77 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (JACK'S PEN) (Removable) (Total:3.91 GB) (Free:0.63 GB) FAT32
Drive z: () (Network) (Total:135.66 GB) (Free:70.58 GB)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: A42D04A3)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=298.1 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (Size: 3.9 GB) (Disk ID: 001B0BB4)
Partition 1: (Active) - (Size=3.9 GB) - (Type=0B)

==================== End Of Log ============================
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16592 BrowserJavaVersion: 10.51.2
Run by kim at 22:31:39 on 2014-11-12
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3037.1783 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\NetSupport\NetSupport Manager\client32.exe
C:\Windows\system32\crypserv.exe
C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\NetSupport\NetSupport Manager\client32.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Pervasive\bin\w3dbsmgr.exe
C:\Program Files\ShadowExplorer\sesvc.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\HP\HP Color LaserJet CM2320 MFP Series\hppfaxprintersrv.exe
C:\UPS\WSTD\UPSNA1Msgr.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k HPService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = www.google.com
uProxyOverride = <-loopback>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [HP Officejet 6600 (NET)] "c:\program files\hp\hp officejet 6600\bin\ScanToPCActivationApp.exe" -deviceID "CN42R8S0SN05RN:NW" -scfn "HP Officejet 6600 (NET)" -AutoStart 1
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [HP Color LaserJet CM2320 MFP Series Fax] c:\program files\hp\hp color laserjet cm2320 mfp series\hppfaxprintersrv.exe "HP Color LaserJet CM2320 MFP Series Fax"
mRun: [HPUsageTracking] "c:\program files\hp\hp ut\bin\hppusg.exe" "c:\program files\hp\hp ut\"
mRun: [TeletracFDC_Update] c:\program files\teletrac\fleet director client\FdcAutoUpdate.exe
mRun: [NA1Messenger] c:\ups\wstd\UPSNA1Msgr.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ToolBoxFX] "c:\program files\hp\toolboxfx\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: c:\windows\system32\MyOSProtect.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E4124BA9-9CDA-4954-893E-CB7A035CA0BC} - hxxp://192.168.1.180:8080/CVVideoControl2.dll
TCP: NameServer = 8.8.8.8 8.8.4.4 192.168.1.211
TCP: Interfaces\{3ABAC8D1-3F0F-4FB6-8E1F-A7BDB9F199AA} : NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
TCP: Interfaces\{3ABAC8D1-3F0F-4FB6-8E1F-A7BDB9F199AA} : DHCPNameServer = 8.8.8.8 8.8.4.4 192.168.1.211
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R2 HP LaserJet Service;HP LaserJet Service;c:\program files\hp\hplaserjetservice\HPLaserJetService.exe [2009-6-1 136192]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2014-11-12 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2014-11-12 701512]
R2 psqlWGE;Pervasive PSQL Workgroup Engine;c:\program files\pervasive\bin\w3dbsmgr.exe [2008-8-18 455968]
R2 sesvc;ShadowExplorer Service;c:\program files\shadowexplorer\sesvc.exe [2014-11-11 9216]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-11-12 22856]
R3 nskbfltr;nskbfltr;c:\windows\system32\drivers\nskbfltr.sys [2010-2-25 14336]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 HIT_PARA;HIT_PARA;c:\windows\system32\drivers\HIT_Para.sys [2010-1-21 8204]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-9-18 14848]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-9-18 49664]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-2 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
.
=============== Created Last 30 ================
.
2014-11-13 02:23:48 -------- d-----w- C:\FRST
2014-11-13 01:22:26 -------- d-----w- C:\TDSSKiller_Quarantine
2014-11-12 21:44:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-12 21:44:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-11-12 20:49:39 -------- d-----w- c:\users\kim.ddi\appdata\local\temp
2014-11-12 20:49:18 -------- d-sh--w- C:\$RECYCLE.BIN
2014-11-12 18:50:54 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-11-12 18:47:49 4915024 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2014-11-12 18:47:45 8901368 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{8d017cc1-fe41-4175-ae1c-01808a1dc70e}\mpengine.dll
2014-11-12 17:04:06 1182720 ----a-w- c:\windows\WBDNA44I.DLL
2014-11-12 00:30:03 17926832 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2014-11-11 20:54:24 -------- d-----w- c:\windows\system32\Redistr_MS_MSI
2014-11-11 20:53:47 1821192 ----a-w- c:\windows\system32\vcredist_x86.exe
2014-11-11 20:52:20 49152 ----a-w- c:\windows\system32\INETWH32.DLL
2014-11-11 20:52:20 154624 ----a-w- c:\windows\system32\HLP25632.DLL
2014-11-11 20:52:15 198984 ----a-w- c:\windows\system32\deagnt.exe
2014-11-11 20:51:58 -------- d-----w- C:\Sage DacEasy
2014-11-11 20:17:47 -------- d-----w- c:\programdata\FezlApaqs
2014-11-11 20:17:44 -------- d-----w- c:\programdata\RegriDrecu
2014-11-11 19:56:30 139636 ----a-w- c:\windows\brdgcsvc.dll
2014-11-11 19:56:25 -------- d-----w- c:\programdata\EejeVful
2014-11-11 19:56:22 -------- d-----w- c:\programdata\EuduJgak
2014-11-11 19:13:54 -------- d-----w- c:\users\kim.ddi\appdata\roaming\www.shadowexplorer.com
2014-11-11 19:13:36 -------- d-----w- c:\program files\ShadowExplorer
2014-11-10 14:52:07 -------- d-----w- c:\programdata\DaytOxdo
2014-11-10 14:52:04 -------- d-----w- c:\programdata\PotlUgoni
2014-11-07 20:56:08 -------- d-----w- C:\3745004
2014-11-07 15:22:15 -------- d-----w- c:\programdata\EejzUcgeq
2014-11-07 15:22:05 -------- d-----w- c:\programdata\QunfUzto
2014-11-07 14:49:25 -------- d-----w- c:\users\kim.ddi\appdata\local\Odics
2014-11-07 14:49:07 -------- d-----w- c:\users\kim.ddi\appdata\local\Amnworks
2014-11-07 14:47:08 -------- d-----w- c:\programdata\YaweYatn
2014-11-07 14:47:01 -------- d-----w- c:\programdata\XadicFonah
2014-11-06 14:51:13 -------- d-sh--w- c:\windows\ftpcache
2014-10-16 14:10:36 -------- d-----w- C:\CM_2320_Full_Solution_Win7_3_1_AM-EMEA1
.
==================== Find3M ====================
.
2014-11-12 01:30:21 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-12 01:30:21 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-11-05 17:50:47 254464 ----a-w- c:\windows\system32\generaltel.dll
2014-11-05 17:50:28 203776 ----a-w- c:\windows\system32\aepdu.dll
2014-11-04 19:30:58 229000 ------w- c:\windows\system32\MpSigStub.exe
2014-10-27 19:05:44 1810944 ----a-w- c:\windows\system32\jscript9.dll
2014-10-27 18:59:06 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-10-27 18:58:19 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-10-27 18:56:58 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-10-27 18:56:40 421376 ----a-w- c:\windows\system32\vbscript.dll
2014-10-27 18:55:20 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-10-27 18:55:17 11776 ----a-w- c:\windows\system32\mshta.exe
2014-10-25 01:32:37 67584 ----a-w- c:\windows\system32\packager.dll
2014-10-18 01:33:18 571904 ----a-w- c:\windows\system32\oleaut32.dll
2014-10-14 01:56:19 136632 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-10-14 01:50:50 523776 ----a-w- c:\windows\system32\termsrv.dll
2014-10-14 01:50:41 2363904 ----a-w- c:\windows\system32\msi.dll
2014-10-14 01:50:39 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-10-14 01:47:30 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-10-14 01:46:02 681984 ----a-w- c:\windows\system32\adtschema.dll
2014-10-10 00:45:54 2379264 ----a-w- c:\windows\system32\win32k.sys
2014-10-03 01:44:42 442880 ----a-w- c:\windows\system32\AUDIOKSE.dll
2014-10-03 01:44:31 275968 ----a-w- c:\windows\system32\EncDump.dll
2014-10-03 01:44:26 475136 ----a-w- c:\windows\system32\audiosrv.dll
2014-10-03 01:44:26 374784 ----a-w- c:\windows\system32\AudioEng.dll
2014-10-03 01:44:26 195584 ----a-w- c:\windows\system32\AudioSes.dll
2014-09-25 01:40:50 519680 ----a-w- c:\windows\system32\qdvd.dll
2014-09-19 09:23:55 172032 ----a-w- c:\windows\system32\wdigest.dll
2014-09-19 09:23:52 65536 ----a-w- c:\windows\system32\TSpkg.dll
2014-09-19 09:23:49 248832 ----a-w- c:\windows\system32\schannel.dll
2014-09-19 09:23:46 221184 ----a-w- c:\windows\system32\ncrypt.dll
2014-09-19 09:23:45 259584 ----a-w- c:\windows\system32\msv1_0.dll
2014-09-19 09:23:42 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-09-19 09:23:36 17408 ----a-w- c:\windows\system32\credssp.dll
2014-09-09 21:47:10 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-04 05:04:15 372736 ----a-w- c:\windows\system32\rastls.dll
2014-09-02 18:21:42 634880 ----a-w- C:\DirectControl.exe
2014-09-01 18:28:20 304776 ----a-w- c:\windows\system32\MyOSProtect.dll
2014-08-29 01:44:52 37376 ----a-w- c:\windows\system32\tsgqec.dll
2014-08-29 01:44:52 2744320 ----a-w- c:\windows\system32\rdpcorets.dll
2014-08-29 01:44:51 4922368 ----a-w- c:\windows\system32\mstscax.dll
2014-08-29 01:44:49 269312 ----a-w- c:\windows\system32\aaclient.dll
2014-08-29 01:44:19 1050112 ----a-w- c:\windows\system32\mstsc.exe
2014-08-23 01:46:55 305152 ----a-w- c:\windows\system32\gdi32.dll
2014-08-21 06:26:21 1237504 ----a-w- c:\windows\system32\msxml3.dll
2014-08-21 06:23:10 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-08-19 02:41:38 50176 ----a-w- c:\windows\system32\setbcdlocale.dll
2014-08-19 02:41:22 50688 ----a-w- c:\windows\system32\appidapi.dll
2014-08-19 02:41:22 27648 ----a-w- c:\windows\system32\appidsvc.dll
2014-08-19 02:40:49 96768 ----a-w- c:\windows\system32\appidpolicyconverter.exe
2014-08-19 02:40:49 16896 ----a-w- c:\windows\system32\appidcertstorecheck.exe
2014-08-19 01:48:34 50176 ----a-w- c:\windows\system32\drivers\appid.sys
.
============= FINISH: 22:32:34.80 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 1/21/2010 2:33:53 PM
System Uptime: 11/12/2014 8:36:46 PM (2 hours ago)
.
Motherboard: Dell Inc. | | 0CKCXH
Processor: Intel® Core™2 Duo CPU E7500 @ 2.93GHz | Socket 775 | 2928/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 252.765 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable
Z: is NetworkDisk (NTFS) - 136 GiB total, 70.583 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: HP Color LaserJet CM2320nf MFP
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer:
Name: HP Color LaserJet CM2320nf MFP
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID:
Description: Officejet 6600
Device ID: ROOT\MULTIFUNCTION\0002
Manufacturer:
Name: Officejet 6600
PNP Device ID: ROOT\MULTIFUNCTION\0002
Service:
.
Class GUID:
Description: Officejet 6600
Device ID: ROOT\MULTIFUNCTION\0004
Manufacturer:
Name: Officejet 6600
PNP Device ID: ROOT\MULTIFUNCTION\0004
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
4500_G510af_Help_Web
4500G510af_Software_Min
4500G510af_web
Acrobat.com
Adobe AIR
Adobe Flash Player 15 ActiveX
Adobe Flash Player 15 Plugin
Adobe Reader XI (11.0.09)
Belarc Advisor 8.1
BufferChm
CCC
CCleaner
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
Crystal Reports XI
CustomerResearchQFolder
CutePDF Writer 2.8
DeviceDiscovery
DeviceManagementQFolder
FormsComponent
FOSS
Google Apps Migration For Microsoft Outlook® 2.3.12.34
Google Apps Sync™ for Microsoft Outlook® 3.2.353.947
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
HP Color LaserJet CM2320 MFP Series 3.1
HP Customer Participation Program 10.0
HP Imaging Device Functions 10.0
HP Officejet 4500 G510a-f
HP Officejet 6600 Basic Device Software
HP Photosmart D110 All-In-One Driver 14.0 Rel. 7
HP Update
hppCLJCM2320
hppFaxDrvCM2320
hppFaxUtilityCM2320
hppFonts
hppLaserJetService
hppManualsCM2320
hppPQVideoCM2320
hppQFolderCM2320
hppScanToCM2320
hppSendFaxCM2320
hppTLBXFXCM2320
hppusgCM2320
HPSSupply
hpzTLBXFX
I.R.I.S. OCR
ICCHelp
Intel® Graphics Media Accelerator Driver
Intel® TV Wizard
Java 7 Update 51
Java Auto Updater
LABELVIEW 7.0
Malwarebytes Anti-Malware MSI
MarketResearch
Microsoft .NET Framework 4.5.1
Microsoft Office File Validation Add-In
Microsoft Office Small Business Edition 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Backward compatibility
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSIChecker
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NA1Messenger
NetSupport Manager
Network
NRF
nutraCoster
nutraCoster Workstation
Nvu 1.0PR
OGA Notifier 2.0.0048.0
Pervasive PSQL v10 Workgroup (32-bit)
PolicyManager
PS_AIO_07_D110_SW_Min
Reconciler
ReportServer
RydeSmart
Sage DacEasy Version 2012
Scan
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
ShadowExplorer 0.9
Shop for HP Supplies
SupportUtility
System
the DacEasy by Sage Version 2010 Developer's SDK
Toolbox
TrayApp
UnifiedPrinting
UPS WorldShip
UPSICC
UPSlinkHTTP
UPSVCMM
WebHelp
WebReg
WorldShip
Zebra Font Downloader 5.1
Zoosk Messenger
.
==== Event Viewer Messages From Past Week ========
.
11/12/2014 9:29:48 AM, Error: Microsoft-Windows-GroupPolicy [1055] - The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. B) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
11/12/2014 8:41:46 PM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
11/12/2014 8:38:32 PM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
11/12/2014 8:37:15 PM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain DDI due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
11/12/2014 8:30:48 PM, Error: volsnap [25] - The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
11/12/2014 4:36:10 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The system cannot find the file specified.
11/12/2014 4:15:48 PM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {ABC01078-F197-4B0B-ADBC-CFE684B39C82}. The error: "2" Happened while starting this command: "C:\Program Files\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe" -Embedding
11/12/2014 3:48:20 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
11/12/2014 10:09:19 AM, Error: Microsoft-Windows-GroupPolicy [1053] - The processing of Group Policy failed. Windows could not resolve the user name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. B) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
11/12/2014 1:33:49 PM, Error: Microsoft Antimalware [3002] -
11/11/2014 3:32:15 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x00000003, 0x87585838, 0x875859a4, 0x82c54ee0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111114-53492-01.
11/11/2014 3:19:32 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/10/2014 6:57:03 PM, Error: Microsoft-Windows-GroupPolicy [1054] - The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
11/10/2014 5:25:02 PM, Error: Microsoft-Windows-GroupPolicy [1030] - The processing of Group Policy failed. Windows attempted to retrieve new Group Policy settings for this user or computer. Look in the details tab for error code and description. Windows will automatically retry this operation at the next refresh cycle. Computers joined to the domain must have proper name resolution and network connectivity to a domain controller for discovery of new Group Policy objects and settings. An event will be logged when Group Policy is successful.
.
==== End Of File ===========================

Attached Files


Edited by Oh My!, 24 November 2014 - 10:00 AM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:33 PM

Posted 18 November 2014 - 11:15 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/555920 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,378 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:33 AM

Posted 24 November 2014 - 09:57 AM

Greetings Akornn and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation I would like for you to provide me with a more current FRST report. Please be sure to copy and paste the information in your reply unless an attachment is requested.

Please do these things.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Double click the FRST icon
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Akornn

Akornn
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 24 November 2014 - 02:45 PM

Hi Gary, 

 

My name is Jack. 

 

Thank you very much for getting back to me. Just to be totally clear. The original problem on this computer appears to have stopped all by itself. That was the DLLhost.exe constantly trying to connect to what Malwarebytes conceded an invalid website.

 

 I have done nothing to this systems configuration. It just stopped on its own. I assume at this point running these test would be a waste of your time and steal your resources away from other uses that currently desperately need your help.

 

Also the computer in question is not my computer but a coworkers. And throughout the time of this problem they have been using the computer as they're normal workstation.

Since the computer is currently not displaying the problem I assume you would want to close this help request , I understand

 

Can you recommend any reasonable training to learn and understand how to read please log files the utilities create?

 

Jack...



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,378 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:33 AM

Posted 24 November 2014 - 03:17 PM

Hi Jack,

I appreciate your consideration for others but my preference would be to look under the hood, so to speak, rather than think all is well because all seems well. Although symptoms can just sort of disappear on occasion, this particular dllhost.exe issue has become more common and can be an indication of malware on a computer. Typically malware issues don't resolve themselves. It is completely up to you but I would feel better if we actually checked things.

Now, in regards to the training. Some of the results produced by these tools can be self explanatory but much of it can only be understood by a trained "eye." The difficult part of fighting malware is that it can become quite complicated and destructive if not done properly. Often times it is not simply a matter of understanding what it says, it is necessary to understand why it says what it says. As an example, you might be able to detect the engine in your car isn't running quite right. That is great, but the real key is finding out why it isn't running quite right. In the first instance you recognize it with your senses, in the second instance you need a deep understanding of the inner workings of an engine to effectively troubleshoot.

BleepingComputer has a Malware Training Program but it is designed for those who want to learn and then serve others on this forum. Not sure that is what you are looking for but the link above can provide some additional information about the Program.

 

You have patiently waited for your turn, feel free to take advantage of it. Let me know what you would like to do.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Akornn

Akornn
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 24 November 2014 - 03:28 PM

Thank you for getting back to me so soon.

 

 I am glad to do the test did you have requested that you wanted make sure that you to continue.

 

 I will run the test as you posted.

As for this training that is exactly what I am looking for thank you.

 

Jack...



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,378 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:33 AM

Posted 24 November 2014 - 03:40 PM

Very good. If you have questions about the training let me know.  It is not for the faint of heart.......


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,378 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:33 AM

Posted 28 November 2014 - 09:57 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Akornn

Akornn
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 28 November 2014 - 10:41 AM

Sorry for the delay. However this is thanksgiving week. 
 
************************** FRST.TXT ******************************
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-11-2014 01
Ran by kim (administrator) on KIM-PC on 28-11-2014 10:32:57
Running from C:\Users\KIM.DDI\Desktop
Loaded Profile: kim (Available profiles: kim & KIM)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
(NetSupport Ltd) C:\Program Files\NetSupport\NetSupport Manager\client32.exe
(Kenonic Controls Ltd.) C:\Windows\System32\Crypserv.exe
(HP) C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files\Pervasive\bin\w3dbsmgr.exe
(www.shadowexplorer.com) C:\Program Files\ShadowExplorer\sesvc.exe
(NetSupport Ltd) C:\Program Files\NetSupport\NetSupport Manager\client32.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Hewlett-Packard Company) C:\Program Files\HP\HP Color LaserJet CM2320 MFP Series\hppfaxprintersrv.exe
(Hewlett-Packard Company) C:\Program Files\HP\HP UT\bin\hppusg.exe
() C:\UPS\WSTD\UPSNA1Msgr.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(HP) C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Dell) C:\Users\KIM.DDI\AppData\Local\Apps\2.0\OWEBGKL3.HXC\ZEDOV7BB.N66\dell..tion_e30b47f5d4a30e9e_0005.000c_1df9a4898fae00de\DellSystemDetect.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\HPWUCli.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [HP Color LaserJet CM2320 MFP Series Fax] => C:\Program Files\HP\HP Color LaserJet CM2320 MFP Series\hppfaxprintersrv.exe [2453504 2009-09-22] (Hewlett-Packard Company)
HKLM\...\Run: [HPUsageTracking] => C:\Program Files\HP\HP UT\bin\hppusg.exe [24576 2009-05-11] (Hewlett-Packard Company)
HKLM\...\Run: [TeletracFDC_Update] => C:\Program Files\Teletrac\Fleet Director Client\FdcAutoUpdate.exe [77824 2006-09-13] (Teletrac Inc)
HKLM\...\Run: [NA1Messenger] => C:\UPS\WSTD\UPSNA1Msgr.exe [24576 2009-12-01] ()
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [ToolBoxFX] => C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe [53248 2009-10-22] (HP)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7514656 2009-05-23] (Realtek Semiconductor)
HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
HKU\S-1-5-21-2407052180-3221251107-2235898140-1150\...\Run: [HP Officejet 6600 (NET)] => C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2407052180-3221251107-2235898140-1150\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-01-21] (Google Inc.)
HKU\S-1-5-21-2407052180-3221251107-2235898140-1150\...\Run: [DellSystemDetect] => C:\Users\KIM.DDI\AppData\Local\Apps\2.0\OWEBGKL3.HXC\ZEDOV7BB.N66\dell..tion_e30b47f5d4a30e9e_0005.000c_1df9a4898fae00de\DellSystemDetect.exe [264488 2014-11-17] (Dell)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-2407052180-3221251107-2235898140-1150\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2407052180-3221251107-2235898140-1150\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2407052180-3221251107-2235898140-1150\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2407052180-3221251107-2235898140-1150\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-2407052180-3221251107-2235898140-1150 -> {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2407052180-3221251107-2235898140-1150 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E4124BA9-9CDA-4954-893E-CB7A035CA0BC} http://192.168.1.180:8080/CVVideoControl2.dll
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
Winsock: Catalog9 01 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 02 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 03 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 04 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 23 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4 192.168.1.211
Tcpip\..\Interfaces\{3ABAC8D1-3F0F-4FB6-8E1F-A7BDB9F199AA}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2407052180-3221251107-2235898140-1150: @tools.google.com/Google Update;version=3 -> C:\Users\KIM.DDI\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-2407052180-3221251107-2235898140-1150: @tools.google.com/Google Update;version=9 -> C:\Users\KIM.DDI\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\KIM.DDI\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\KIM.DDI\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-12]
CHR Extension: (Google Drive) - C:\Users\KIM.DDI\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-12]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\KIM.DDI\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-28]
CHR Extension: (YouTube) - C:\Users\KIM.DDI\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-12]
CHR Extension: (Google Search) - C:\Users\KIM.DDI\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-12]
CHR Extension: (Google Wallet) - C:\Users\KIM.DDI\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-28]
CHR Extension: (Gmail) - C:\Users\KIM.DDI\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-12]
CHR StartMenuInternet: Google Chrome - C:\Users\KIM.DDI\AppData\Local\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Client32; C:\Program Files\NetSupport\NetSupport Manager\client32.exe [120864 2012-10-03] (NetSupport Ltd)
R2 Crypkey License; C:\Windows\system32\crypserv.exe [52224 2000-06-29] (Kenonic Controls Ltd.) [File not signed]
R2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [136192 2009-06-01] (HP) [File not signed]
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2009-05-14] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2009-05-14] (Hewlett-Packard) [File not signed]
R2 psqlWGE; C:\Program Files\Pervasive\bin\w3dbsmgr.exe [455968 2008-08-18] ()
R2 sesvc; C:\Program Files\ShadowExplorer\sesvc.exe [9216 2013-01-02] (www.shadowexplorer.com) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 gdihook5; C:\Windows\System32\DRIVERS\gdihook5.sys [68576 2011-08-17] (NetSupport Ltd)
R2 Haspnt; C:\Windows\system32\drivers\Haspnt.sys [47616 2010-01-21] (Aladdin Knowledge Systems) [File not signed]
S2 HIT_PARA; C:\Windows\system32\Drivers\HIT_PARA.sys [8204 2000-07-23] () [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2014-11-20] (Malwarebytes Corporation)
R1 NetworkX; C:\Windows\system32\ckldrv.sys [24608 2000-02-03] () [File not signed]
R3 nskbfltr; C:\Windows\system32\drivers\nskbfltr.sys [14336 2012-05-01] (Windows ® Codename Longhorn DDK provider) [File not signed]
R1 PCISys; C:\Windows\System32\drivers\pcisys.sys [41376 2012-08-24] (NetSupport Ltd)
S3 catchme; \??\C:\Users\ADMINI~1.DDI\AppData\Local\Temp\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-28 10:33 - 2014-11-28 10:33 - 00013887 _____ () C:\Users\KIM.DDI\Desktop\FRST.txt
2014-11-28 10:30 - 2014-11-28 10:30 - 00000000 ____D () C:\Users\KIM.DDI\Desktop\FRST-OlderVersion
2014-11-20 02:55 - 2014-11-20 02:57 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-11-20 02:22 - 2014-11-20 13:17 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2014-11-19 14:55 - 2014-11-19 14:55 - 00001856 _____ () C:\Rescued document 2.txt
2014-11-18 23:13 - 2014-11-10 21:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-18 23:13 - 2014-11-10 21:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-17 12:01 - 2014-11-17 12:01 - 00000000 ____D () C:\Windows\system32\RTCOM
2014-11-17 12:01 - 2009-05-23 02:03 - 02361952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHDA.sys
2014-11-17 12:01 - 2009-05-23 00:22 - 01157664 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkPgExt.dll
2014-11-17 12:01 - 2009-05-23 00:22 - 00551456 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSndMgr.cpl
2014-11-17 12:01 - 2009-05-23 00:22 - 00326176 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApoApi.dll
2014-11-17 12:01 - 2009-05-23 00:22 - 00048672 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoInst.dll
2014-11-17 12:01 - 2009-05-14 15:59 - 00044032 _____ (Creative Technology Ltd.) C:\Windows\system32\MBPPCn32.dll
2014-11-17 12:01 - 2009-05-13 13:48 - 00047104 _____ (Creative Technology Ltd.) C:\Windows\system32\MBppld32.dll
2014-11-17 12:01 - 2009-04-16 17:23 - 00540672 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2014-11-17 12:01 - 2009-04-16 10:14 - 00142848 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTACap.dll
2014-11-17 12:01 - 2009-03-31 14:07 - 00125952 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTARen.dll
2014-11-17 12:01 - 2009-03-09 05:32 - 00290304 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT32.dll
2014-11-17 12:01 - 2009-03-09 05:30 - 00290304 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA32.dll
2014-11-17 12:01 - 2007-07-25 09:33 - 00135168 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW.dll
2014-11-17 12:01 - 2006-12-13 10:30 - 00339968 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSXT.dll
2014-11-17 11:58 - 2014-11-17 11:58 - 00000000 ____D () C:\Users\KIM.DDI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2014-11-17 09:40 - 2014-11-17 12:01 - 00000087 ___RH () C:\Windows\ctfile.rfc
2014-11-17 09:40 - 2008-12-04 11:57 - 00146432 _____ () C:\Windows\system32\APOMngr.DLL
2014-11-17 09:40 - 2008-09-17 14:05 - 00072704 _____ () C:\Windows\system32\CmdRtr.DLL
2014-11-17 09:39 - 2014-11-17 12:01 - 00000000 ___HD () C:\Program Files\Temp
2014-11-17 09:39 - 2014-11-17 09:39 - 00000000 ____D () C:\Program Files\Realtek
2014-11-17 09:39 - 2009-05-23 00:22 - 02897440 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO.dll
2014-11-17 09:39 - 2009-05-14 15:59 - 00061952 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp32.dll
2014-11-17 09:39 - 2009-05-13 13:48 - 00511488 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO32.dll
2014-11-14 16:06 - 2014-11-14 16:06 - 00000747 _____ () C:\Users\KIM.DDI\Desktop\All Regular Files - Shortcut.lnk
2014-11-13 09:52 - 2014-11-20 13:22 - 00002566 _____ () C:\Windows\setupact.log
2014-11-13 09:52 - 2014-11-13 09:52 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-12 21:23 - 2014-11-28 10:33 - 00000000 ____D () C:\FRST
2014-11-12 21:23 - 2014-11-28 10:30 - 01109504 _____ (Farbar) C:\Users\KIM.DDI\Desktop\FRST.exe
2014-11-12 20:22 - 2014-11-12 20:22 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-11-12 17:01 - 2014-11-12 17:01 - 00111702 _____ () C:\Users\KIM.DDI\Documents\cc_20141112_170105.reg
2014-11-12 16:44 - 2014-11-12 16:44 - 00001073 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-12 16:44 - 2014-11-12 16:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-11-12 16:44 - 2014-11-12 16:44 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-11-12 16:44 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-12 16:21 - 2014-11-12 16:21 - 00000000 ____D () C:\Users\administrator.DDI\AppData\Roaming\Adobe
2014-11-12 16:15 - 2014-11-12 16:21 - 00000000 ____D () C:\Users\administrator.DDI\AppData\Roaming\Google
2014-11-12 16:15 - 2014-11-12 16:15 - 00000000 ____D () C:\Users\administrator.DDI\AppData\Local\Google
2014-11-12 15:49 - 2014-11-12 15:49 - 00008772 _____ () C:\ComboFix.txt
2014-11-12 15:33 - 2014-11-12 15:33 - 00124096 _____ () C:\Users\administrator.DDI\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-12 15:33 - 2014-11-12 15:33 - 00001415 _____ () C:\Users\administrator.DDI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-12 15:33 - 2014-11-12 15:33 - 00000000 ____D () C:\Users\administrator.DDI\AppData\Roaming\HP
2014-11-12 15:29 - 2014-11-12 15:33 - 00000000 ____D () C:\Users\administrator.DDI
2014-11-12 15:29 - 2014-11-12 15:29 - 00000020 ___SH () C:\Users\administrator.DDI\ntuser.ini
2014-11-12 15:29 - 2010-01-21 15:44 - 00000000 ____D () C:\Users\administrator.DDI\AppData\Roaming\Macromedia
2014-11-12 15:29 - 2009-07-13 23:42 - 00000000 ___RD () C:\Users\administrator.DDI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-12 15:29 - 2009-07-13 23:37 - 00000000 ___RD () C:\Users\administrator.DDI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-11-12 13:51 - 2014-10-27 14:10 - 12366848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 13:51 - 2014-10-27 14:05 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 13:51 - 2014-10-27 14:02 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 13:51 - 2014-10-27 13:59 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 13:51 - 2014-10-27 13:59 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 13:51 - 2014-10-27 13:58 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 13:51 - 2014-10-27 13:57 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-11-12 13:51 - 2014-10-27 13:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 13:51 - 2014-10-27 13:56 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 13:51 - 2014-10-27 13:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-12 13:51 - 2014-10-27 13:56 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 13:51 - 2014-10-27 13:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 13:51 - 2014-10-27 13:56 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 13:51 - 2014-10-27 13:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 13:51 - 2014-10-27 13:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 13:51 - 2014-10-27 13:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 13:51 - 2014-10-27 13:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 13:51 - 2014-10-27 13:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-11-12 13:51 - 2014-10-27 13:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-11-12 13:51 - 2014-10-27 13:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-11-12 13:51 - 2014-10-27 13:54 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 13:51 - 2014-10-09 19:45 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 13:51 - 2014-10-02 20:44 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 13:51 - 2014-10-02 20:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 13:51 - 2014-10-02 20:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 13:51 - 2014-10-02 20:44 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 13:51 - 2014-10-02 20:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 13:51 - 2014-09-19 04:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 13:51 - 2014-09-19 04:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 13:51 - 2014-09-19 04:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 13:51 - 2014-09-19 04:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 13:51 - 2014-09-19 04:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 13:51 - 2014-09-19 04:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 13:50 - 2014-11-05 12:50 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 13:50 - 2014-11-05 12:50 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 13:50 - 2014-11-05 12:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 13:50 - 2014-10-24 20:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 13:50 - 2014-10-17 20:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 13:50 - 2014-10-13 20:56 - 00136632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 13:50 - 2014-10-13 20:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 13:50 - 2014-10-13 20:50 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 13:50 - 2014-10-13 20:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 13:50 - 2014-10-13 20:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 13:50 - 2014-10-13 20:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 13:50 - 2014-08-21 01:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 13:50 - 2014-08-21 01:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 13:50 - 2014-08-11 20:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 12:04 - 2014-11-12 12:04 - 01182720 _____ (Wilson WindowWare, Inc.) C:\Windows\WBDNA44I.DLL
2014-11-11 19:30 - 2014-11-26 11:30 - 04443312 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2014-11-11 15:54 - 2014-11-11 15:54 - 00001529 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Sage DacEasy - Business Center.lnk
2014-11-11 15:54 - 2014-11-11 15:54 - 00001523 _____ () C:\Users\Public\Desktop\Sage DacEasy - Business Center.lnk
2014-11-11 15:54 - 2014-11-11 15:54 - 00000000 ____D () C:\Windows\system32\Redistr_MS_MSI
2014-11-11 15:53 - 2009-08-06 09:51 - 01821192 _____ (Microsoft Corporation) C:\Windows\system32\vcredist_x86.exe
2014-11-11 15:52 - 2011-06-11 11:13 - 00198984 _____ (Sage Software, Inc.) C:\Windows\system32\deagnt.exe
2014-11-11 15:52 - 2009-08-06 09:51 - 00154624 _____ (Blue Sky Software) C:\Windows\system32\HLP25632.DLL
2014-11-11 15:52 - 2009-08-06 09:51 - 00049152 _____ (Blue Sky Software Corporation.) C:\Windows\system32\INETWH32.DLL
2014-11-11 15:51 - 2014-11-11 15:54 - 00000000 ____D () C:\Sage DacEasy
2014-11-11 15:51 - 2014-11-11 15:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sage DacEasy
2014-11-11 15:17 - 2014-11-11 15:17 - 00000000 ____D () C:\ProgramData\RegriDrecu
2014-11-11 15:17 - 2014-11-11 15:17 - 00000000 ____D () C:\ProgramData\FezlApaqs
2014-11-11 14:56 - 2014-11-11 15:18 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
2014-11-11 14:56 - 2014-11-11 14:56 - 00139636 _____ (Корпорация Майкрософт) C:\Windows\brdgcsvc.dll
2014-11-11 14:56 - 2014-11-11 14:56 - 00000000 ____D () C:\ProgramData\EuduJgak
2014-11-11 14:56 - 2014-11-11 14:56 - 00000000 ____D () C:\ProgramData\EejeVful
2014-11-11 14:13 - 2014-11-11 14:13 - 00001849 _____ () C:\Users\KIM.DDI\Desktop\ShadowExplorer.lnk
2014-11-11 14:13 - 2014-11-11 14:13 - 00000000 ____D () C:\Users\KIM.DDI\AppData\Roaming\www.shadowexplorer.com
2014-11-11 14:13 - 2014-11-11 14:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer
2014-11-11 14:13 - 2014-11-11 14:13 - 00000000 ____D () C:\Program Files\ShadowExplorer
2014-11-10 09:53 - 2014-11-11 14:57 - 00000272 ____H () C:\ProgramData\@system3.att
2014-11-10 09:52 - 2014-11-11 14:57 - 00000536 _____ () C:\ProgramData\@system.temp
2014-11-10 09:52 - 2014-11-10 12:01 - 00000000 ____D () C:\ProgramData\PotlUgoni
2014-11-10 09:52 - 2014-11-10 12:01 - 00000000 ____D () C:\ProgramData\DaytOxdo
2014-11-10 09:52 - 2014-11-10 09:52 - 00000448 ____H () C:\Users\KIM.DDI\AppData\Roaming\麽鎒駓覜
2014-11-07 16:32 - 2014-11-07 16:32 - 00000276 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.URL
2014-11-07 16:32 - 2014-11-07 16:32 - 00000276 _____ () C:\Users\KIM.DDI\DECRYPT_INSTRUCTION.URL
2014-11-07 16:32 - 2014-11-07 16:32 - 00000276 _____ () C:\Users\DECRYPT_INSTRUCTION.URL
2014-11-07 16:32 - 2014-11-07 16:32 - 00000276 _____ () C:\DECRYPT_INSTRUCTION.URL
2014-11-07 16:18 - 2014-11-07 16:18 - 00000276 _____ () C:\Users\KIM.DDI\Documents\DECRYPT_INSTRUCTION.URL
2014-11-07 16:16 - 2014-11-07 16:16 - 00000276 _____ () C:\Users\KIM.DDI\AppData\Roaming\DECRYPT_INSTRUCTION.URL
2014-11-07 16:16 - 2014-11-07 16:16 - 00000276 _____ () C:\Users\KIM.DDI\AppData\Local\DECRYPT_INSTRUCTION.URL
2014-11-07 16:16 - 2014-11-07 16:16 - 00000276 _____ () C:\Users\KIM.DDI\AppData\DECRYPT_INSTRUCTION.URL
2014-11-07 16:11 - 2014-11-07 16:11 - 00000276 _____ () C:\Users\KIM\DECRYPT_INSTRUCTION.URL
2014-11-07 16:11 - 2014-11-07 16:11 - 00000276 _____ () C:\Users\KIM\AppData\Local\DECRYPT_INSTRUCTION.URL
2014-11-07 16:11 - 2014-11-07 16:11 - 00000276 _____ () C:\Users\KIM\AppData\DECRYPT_INSTRUCTION.URL
2014-11-07 16:05 - 2014-11-07 16:05 - 00000276 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.URL
2014-11-07 15:56 - 2014-11-08 07:04 - 00000000 ____D () C:\3745004
2014-11-07 10:22 - 2014-11-10 12:01 - 00000000 ____D () C:\ProgramData\QunfUzto
2014-11-07 10:22 - 2014-11-10 12:01 - 00000000 ____D () C:\ProgramData\EejzUcgeq
2014-11-07 09:49 - 2014-11-10 20:40 - 00000000 ____D () C:\Users\KIM.DDI\AppData\Local\Amnworks
2014-11-07 09:49 - 2014-11-10 09:53 - 00000000 ____D () C:\Users\KIM.DDI\AppData\Local\Odics
2014-11-07 09:47 - 2014-11-10 12:01 - 00000000 ____D () C:\ProgramData\YaweYatn
2014-11-07 09:47 - 2014-11-10 12:01 - 00000000 ____D () C:\ProgramData\XadicFonah
2014-11-06 09:51 - 2014-11-10 20:41 - 00000000 __SHD () C:\Windows\ftpcache
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-28 10:30 - 2012-12-26 14:16 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-28 05:56 - 2010-01-21 14:33 - 01880842 _____ () C:\Windows\WindowsUpdate.log
2014-11-27 04:27 - 2009-07-13 23:34 - 00025424 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-27 04:27 - 2009-07-13 23:34 - 00025424 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-26 11:30 - 2012-12-26 14:16 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-11-26 11:30 - 2011-11-28 13:41 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-11-25 16:49 - 2010-10-18 08:05 - 00000000 ____D () C:\ProgramData\Pervasive
2014-11-25 13:42 - 2011-11-28 15:40 - 00000459 _____ () C:\Users\KIM.DDI\Desktop\Camera View(Live).website
2014-11-25 11:50 - 2010-01-21 14:57 - 00002586 _____ () C:\Windows\ODBC.INI
2014-11-24 14:38 - 2010-01-21 15:50 - 00000000 ____D () C:\LVWIN70
2014-11-20 13:28 - 2010-01-21 14:36 - 00803166 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-20 13:22 - 2010-02-25 13:45 - 00000008 _____ () C:\Windows\system32\pcisys.ntk
2014-11-20 13:22 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-20 09:52 - 2010-02-18 12:19 - 00000000 ____D () C:\COSTLOC
2014-11-20 02:01 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-20 01:01 - 2010-04-07 14:01 - 00000000 ____D () C:\Users\KIM.DDI\AppData\Local\Deployment
2014-11-20 00:43 - 2009-07-14 02:50 - 00000000 ____D () C:\Windows\CSC
2014-11-19 15:05 - 2013-04-30 12:41 - 00000000 ____D () C:\COSTER
2014-11-17 12:01 - 2010-01-21 21:40 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-11-17 11:58 - 2010-02-19 10:11 - 00000000 ____D () C:\Users\KIM.DDI\AppData\Local\Apps\2.0
2014-11-17 11:00 - 2009-07-13 23:46 - 00001515 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-11-17 09:38 - 2009-11-03 17:45 - 00000000 ____D () C:\dell
2014-11-12 17:43 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\rescache
2014-11-12 17:02 - 2011-07-08 15:32 - 00000000 ____D () C:\Windows\Minidump
2014-11-12 15:49 - 2010-04-09 10:09 - 00000000 ____D () C:\Qoobox
2014-11-12 15:48 - 2009-07-13 21:04 - 00000215 _____ () C:\Windows\system.ini
2014-11-12 15:05 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-12 14:51 - 2009-07-13 23:33 - 00461352 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 14:50 - 2014-05-06 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-12 14:29 - 2013-08-15 02:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 14:27 - 2010-01-25 13:30 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-12 13:55 - 2010-04-07 13:23 - 00000000 ____D () C:\Users\KIM.DDI\AppData\Roaming\Malwarebytes
2014-11-12 13:38 - 2011-07-08 16:41 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-11-12 12:32 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\PLA
2014-11-11 15:54 - 2010-01-21 21:37 - 00014509 _____ () C:\Program Files\DeaInstall.log
2014-11-11 15:53 - 2010-01-21 15:30 - 00000806 _____ () C:\Windows\ODBCINST.INI
2014-11-11 15:52 - 2010-10-20 13:11 - 00000000 ____D () C:\Program Files\Pervasive
2014-11-11 14:30 - 2010-01-21 14:52 - 00000112 _____ () C:\Windows\system32\config\netlogon.ftl
2014-11-10 12:02 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\IME
2014-11-08 06:59 - 2014-10-16 09:10 - 00000000 ____D () C:\CM_2320_Full_Solution_Win7_3_1_AM-EMEA1
2014-11-08 06:59 - 2014-09-25 08:29 - 00000000 ____D () C:\Users\KIM.DDI\Documents\Optimizer Pro
2014-11-08 06:59 - 2014-04-30 13:55 - 00000000 ____D () C:\Users\KIM.DDI\AppData\Roaming\HP
2014-11-08 06:59 - 2011-10-20 10:59 - 00000000 ____D () C:\Users\KIM.DDI\Documents\k
2014-11-08 06:59 - 2011-09-13 15:39 - 00000000 ____D () C:\Users\KIM.DDI\john
2014-11-08 06:59 - 2011-03-18 15:27 - 00000000 ____D () C:\UPS4344E
2014-11-08 06:59 - 2010-06-18 13:07 - 00000000 ____D () C:\ProgramData\WebEx
2014-11-08 06:59 - 2010-03-03 21:41 - 00000000 ____D () C:\UPS
2014-11-08 06:59 - 2010-01-27 15:01 - 00000000 ____D () C:\Users\KIM.DDI\AppData\Roaming\Nvu
2014-11-08 06:59 - 2010-01-26 09:32 - 00000000 ____D () C:\Users\KIM.DDI\AppData\Local\HP
2014-11-08 06:59 - 2010-01-21 19:38 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-11-08 06:59 - 2010-01-21 19:16 - 00000000 ____D () C:\CM_2320_Full_Solution_Win7_3_1_AP
2014-11-08 06:59 - 2010-01-21 15:48 - 00000000 ____D () C:\Users\KIM.DDI\AppData\Local\Google
2014-11-08 06:59 - 2010-01-21 15:41 - 00000000 ____D () C:\Users\KIM.DDI\AppData\Roaming\Adobe
2014-11-08 06:59 - 2010-01-21 15:06 - 00000000 ____D () C:\ProgramFilesServer
2014-11-08 06:59 - 2010-01-21 15:06 - 00000000 ____D () C:\Outlook
2014-11-08 06:59 - 2010-01-21 14:45 - 00000000 ____D () C:\Users\KIM.DDI
2014-11-08 06:59 - 2010-01-21 14:34 - 00000000 ____D () C:\Users\KIM
2014-11-08 06:59 - 2009-09-10 11:25 - 00000000 ____D () C:\Users\KIM.DDI\Documents\Panasonic
2014-11-08 06:59 - 2009-07-13 21:37 - 00000000 ___RD () C:\Users\Public
2014-11-08 06:59 - 2008-11-07 16:37 - 00000000 ____D () C:\PowerPanel
2014-11-08 06:59 - 2008-04-25 11:10 - 00000000 ____D () C:\I386
2014-11-08 06:59 - 2007-07-12 08:07 - 00000000 ____D () C:\Users\KIM.DDI\Documents\DacEasy Crytsal-Rpts Perv-SQL
2014-11-08 06:59 - 2007-07-10 13:50 - 00000000 ____D () C:\CR-XI-MLB
2014-11-08 06:59 - 2007-05-24 10:40 - 00000000 ____D () C:\Users\KIM.DDI\Documents\Online Store Pics
2014-11-08 06:59 - 2005-11-29 16:44 - 00000000 ___SD () C:\Users\KIM.DDI\Documents\My Data Sources
2014-11-08 06:59 - 2005-11-15 11:47 - 00000000 ____D () C:\x old
2014-11-08 06:59 - 2005-11-10 09:22 - 00000000 ____D () C:\x old 1
2014-11-04 14:30 - 2010-01-21 14:52 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 
Files to move or delete:
====================
C:\Users\KIM.DDI\WSSEMAPHORES.dat
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-25 00:41
 
==================== End Of Log ============================
 
 
 
************************************ Addition.txt *******************************
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-11-2014 01
Ran by kim at 2014-11-28 10:33:48
Running from C:\Users\KIM.DDI\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
32 Bit HP CIO Components Installer (Version: 6.1.2 - Hewlett-Packard) Hidden
4500_G510af_Help_Web (Version: 000.0.440.000 - Hewlett-Packard) Hidden
4500G510af_Software_Min (Version: 000.0.423.000 - Hewlett-Packard) Hidden
4500G510af_web (Version: 000.0.425.000 - Hewlett-Packard) Hidden
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.0.2.12610 - Adobe Systems Inc.)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Belarc Advisor 8.1 (HKLM\...\Belarc Advisor) (Version:  - )
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
CCC (Version: 12.00.0000 - United Parcel Service, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.1) (Version: 5.0.0.1 - Coupons.com Incorporated)
Crystal Reports XI (HKLM\...\{7505DE9C-4E85-4636-82F0-50F38077B900}) (Version: 11.0.0.128227 - Business Objects)
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
Dell System Detect (HKU\S-1-5-21-2407052180-3221251107-2235898140-1150\...\73f463568823ebbe) (Version: 5.12.0.3 - Dell)
DeviceDiscovery (Version: 100.0.190.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
FormsComponent (Version: 12.00.0000 - UPS) Hidden
FOSS (Version: 12.50.0000 - UPS) Hidden
Google Apps Migration For Microsoft Outlook® 2.3.12.34 (HKLM\...\{F5BA02A8-A0FD-4ABB-8F3C-8C5698622343}) (Version: 2.3.12.34 - Google, Inc.)
Google Apps Sync™ for Microsoft Outlook® 3.2.353.947 (HKLM\...\{70F59A75-8753-4D76-94C7-6109AB3525C3}) (Version: 3.2.353.947 - Google, Inc.)
Google Chrome (HKU\S-1-5-21-2407052180-3221251107-2235898140-1150\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
HP Color LaserJet CM2320 MFP Series 3.1 (HKLM\...\{ECF3E482-9188-4e29-9C31-E02FD8DC74C0}) (Version: 3.1 - HP)
HP Customer Participation Program 10.0 (HKLM\...\HPExtendedCapabilities) (Version: 10.0 - HP)
HP Imaging Device Functions 10.0 (HKLM\...\HP Imaging Device Functions) (Version: 10.0 - HP)
HP Officejet 4500 G510a-f (HKLM\...\{1EB2596D-80B0-4D55-AC31-6FCFE757081E}) (Version: 13.0 - HP)
HP Officejet 6600 Basic Device Software (HKLM\...\{C4C4BECF-764C-406D-A1AD-F73611B0F668}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart D110 All-In-One Driver 14.0 Rel. 7 (HKLM\...\{14BC6853-A74E-4874-B50D-679889D1544D}) (Version: 14.0 - HP)
HP Update (HKLM\...\{11B83AD3-7A46-4C2E-A568-9505981D4C6F}) (Version: 4.000.007.003 - Hewlett-Packard)
hppCLJCM2320 (Version: 003.001.00097 - Hewlett-Packard) Hidden
hppFaxDrvCM2320 (Version: 003.000.00001 - Hewlett-Packard) Hidden
hppFaxUtilityCM2320 (Version: 003.001.00095 - Hewlett-Packard) Hidden
hppFonts (Version: 001.001.00061 - Hewlett-Packard) Hidden
hppLaserJetService (Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppManualsCM2320 (Version: 003.001.00087 - Hewlett-Packard) Hidden
hppPQVideoCM2320 (Version: 003.001.00092 - Hewlett-Packard) Hidden
hppQFolderCM2320 (Version: 1.00.0000 - Hewlett-Packard) Hidden
hppScanToCM2320 (Version: 003.001.00090 - Hewlett-Packard) Hidden
hppSendFaxCM2320 (Version: 003.000.00001 - Hewlett-Packard) Hidden
hppTLBXFXCM2320 (Version: 001.017.00048 - Hewlett-Packard) Hidden
hppusgCM2320 (Version: 1.1.0.1 - Hewlett-Packard) Hidden
HPSSupply (Version: 100.0.170.000 - Hewlett-Packard) Hidden
hpzTLBXFX (Version: 005.003.00171 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
ICCHelp (HKLM\...\{A5763105-D1D5-4862-A3FE-EC058F9AA73E}) (Version: 1.0.0.2 - UPS)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2202 - Intel Corporation)
Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.510 - Oracle)
LABELVIEW 7.0 (HKLM\...\LabelView) (Version:  - )
Malwarebytes Anti-Malware MSI (HKLM\...\{FBC350D5-10D0-4B9B-A9AC-5F2EA07770D5}) (Version: 1.60.2 - Malwarebytes Corporation)
MarketResearch (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Small Business Edition 2003 (HKLM\...\{91CA0409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSIChecker (Version: 9.00.0000 - UPS) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NA1Messenger (Version: 12.00.6000 - Your Company Name) Hidden
NetSupport Manager (HKLM\...\{97417C14-BDF8-4297-90C2-1F19554A91C8}) (Version: 11.30.0002 - NetSupport Ltd)
Network (Version: 140.0.212.000 - Hewlett-Packard) Hidden
NRF (Version: 12.00.0000 - UPS) Hidden
nutraCoster (HKLM\...\nutraCoster) (Version:  - )
nutraCoster Workstation (HKLM\...\nutraCoster Workstation) (Version:  - )
Nvu 1.0PR (HKLM\...\Nvu_is1) (Version: 1.0PR - Linspire Inc.)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Pervasive PSQL v10 Workgroup (32-bit) (HKLM\...\{0A3238D7-AB32-4E15-B717-F3E3F18B4A8C}) (Version: 10.01.073 - Pervasive Software)
PolicyManager (Version: 12.00.0000 - UPS) Hidden
PS_AIO_07_D110_SW_Min (Version: 140.0.142.000 - Hewlett-Packard) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5859 - Realtek Semiconductor Corp.)
Reconciler (Version: 12.00.0000 - UPS) Hidden
ReportServer (Version: 12.00.0000 - Your Company Name) Hidden
RydeSmart (HKLM\...\InstallShield_{28D04412-8F61-485B-8407-2B13698C45B0}) (Version: 7.01 - Teletrac)
RydeSmart (Version: 7.01 - Teletrac) Hidden
Sage DacEasy Version 2012 (HKLM\...\{0E6F3710-0205-4B80-B409-0AADE6233C24}) (Version: 18.0.0 - Sage Software, Inc.)
Scan (Version: 140.0.77.000 - Hewlett-Packard) Hidden
ShadowExplorer 0.9 (HKLM\...\ShadowExplorer_is1) (Version: 0.9.462.0 - ShadowExplorer.com)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 10.0 - HP)
SupportUtility (Version: 12.00.0000 - Your Company Name) Hidden
System (Version: 12.00.0000 - UPS) Hidden
the DacEasy by Sage Version 2010 Developer's SDK (HKLM\...\{B464AA4D-C353-4B9E-8D85-45B76CF93D5A}) (Version:  - )
Toolbox (Version: 140.0.424.000 - Hewlett-Packard) Hidden
TrayApp (Version: 100.0.170.000 - Hewlett-Packard) Hidden
UnifiedPrinting (Version: 12.00.0000 - UPS) Hidden
UPS WorldShip (HKLM\...\UPS WorldShip) (Version: 12.0 - UPS)
UPSICC (Version: 1.0.0.16 - UPS) Hidden
UPSlinkHTTP (Version: 1.0.0.13 - UPS) Hidden
UPSVCMM (Version: 12.00.0000 - UPS) Hidden
WebHelp (HKLM\...\{8C5BD501-AD5D-4A75-9321-076509B438FC}) (Version: 1.00.0000 - UPS)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
WorldShip (Version: 12.00.0000 - UPS) Hidden
Zebra Font Downloader 5.1 (HKLM\...\Zebra Font Downloader_is1) (Version:  - Zebra)
Zoosk Messenger (HKLM\...\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1) (Version: 2.1.81.20943 - Zoosk, Inc.)
Zoosk Messenger (Version: 2.1.81 - Zoosk, Inc.) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2407052180-3221251107-2235898140-1150_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\KIM.DDI\AppData\Local\Google\Chrome\Application\35.0.1916.153\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2407052180-3221251107-2235898140-1150_Classes\CLSID\{6d05bf60-3eaf-4a97-87c5-10cce505435b}\localserver32 -> C:\Users\KIM.DDI\AppData\Local\Temp\{9c0ba3c1-2b67-45eb-bf69-bed9658d28d2}\IDriver.NonElevated.exe N (the data entry has 6 more characters).
CustomCLSID: HKU\S-1-5-21-3931294919-2743926396-4032931659-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\KIM.DDI\AppData\Local\Google\Chrome\Application\35.0.1916.153\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3931294919-2743926396-4032931659-1000_Classes\CLSID\{6d05bf60-3eaf-4a97-87c5-10cce505435b}\localserver32 -> C:\Users\KIM\AppData\Local\Temp\{9c0ba3c1-2b67-45eb-bf69-bed9658d28d2}\IDriver.NonElevated.exe No Fi (the data entry has 2 more characters).
 
==================== Restore Points  =========================
 
20-11-2014 22:33:44 Scheduled Checkpoint
28-11-2014 05:00:01 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2011-07-08 15:58 - 2014-11-12 13:29 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {4959E41A-03B3-49A6-9A6C-F0CFB06950D1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {67B83E04-F9FF-4DE0-87EA-908DC8BCA55C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-26] (Adobe Systems Incorporated)
Task: {7B5B0235-E3F5-49BD-9576-A8433E5AE765} - System32\Tasks\wklennty => Rundll32.exe "C:\Windows\system32\mf3216T.dll",gtfov
Task: {C705C673-7CEB-48F7-8196-4AC1FF27F090} - System32\Tasks\Fxxlymsbtv => Rundll32.exe "C:\Windows\system32\ifsutil0.dll",peajoncsj
Task: {F21ADED5-9D82-493C-9B62-61A92E551DE3} - System32\Tasks\{3B36BFD0-8B58-486D-A605-7693A73F30F3} => C:\Users\KIM.DDI\Downloads\Realtek_High-Definition-Audi_A00_R229261.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
 
==================== Loaded Modules (whitelisted) =============
 
2010-04-30 10:58 - 2009-11-05 07:39 - 00087552 _____ () C:\Windows\System32\cpwmon2k.dll
2008-08-18 15:57 - 2008-08-18 15:57 - 00455968 _____ () C:\Program Files\Pervasive\bin\w3dbsmgr.exe
2007-09-05 11:15 - 2007-09-05 11:15 - 00230688 _____ () C:\Program Files\Pervasive\bin\W3COMSRV.DLL
2009-12-01 21:36 - 2009-12-01 21:36 - 00024576 _____ () C:\UPS\WSTD\UPSNA1Msgr.exe
2009-12-01 21:36 - 2009-12-01 21:36 - 00045056 _____ () C:\UPS\WSTD\PolicyMgr\UPS.Components.NA1MessengerServer.dll
2009-12-01 19:34 - 2009-12-01 19:34 - 00018944 _____ () C:\UPS\WSTD\UPSResourceManager.dll
2009-12-01 21:37 - 2009-12-01 21:37 - 00053248 _____ () C:\UPS\WSTD\PolicyMgr\UPS.Components.PolicyHolder.dll
2009-12-01 21:37 - 2009-12-01 21:37 - 00024576 _____ () C:\UPS\WSTD\PolicyMgr\Microsoft.ApplicationBlocks.Data.dll
2009-10-22 08:26 - 2009-10-22 08:26 - 00061440 _____ () C:\Program Files\HP\ToolboxFX\bin\HPTools.dll
2009-10-22 08:26 - 2009-10-22 08:26 - 00069632 _____ () C:\Program Files\HP\ToolboxFX\bin\HPToolkit.dll
2009-10-22 08:26 - 2009-10-22 08:26 - 00069632 _____ () C:\Program Files\HP\ToolboxFX\bin\AppConstants.dll
2009-10-22 08:26 - 2009-10-22 08:26 - 00516096 _____ () C:\Program Files\HP\ToolboxFX\bin\HPAppTools.dll
2009-10-22 08:26 - 2009-10-22 08:26 - 00130560 _____ () C:\Program Files\HP\ToolboxFX\bin\DMBaseObjects.dll
2009-10-22 08:26 - 2009-10-22 08:26 - 00840192 _____ () C:\Program Files\HP\ToolboxFX\bin\PLSDMXMLObjects.dll
2009-10-22 08:26 - 2009-10-22 08:26 - 00674816 _____ () C:\Program Files\HP\ToolboxFX\bin\LEDMXMLObjects.dll
2009-10-22 08:26 - 2009-10-22 08:26 - 00086016 _____ () C:\Program Files\HP\ToolboxFX\bin\HPFaxUtilities.dll
2009-10-22 08:26 - 2009-10-22 08:26 - 00835584 _____ () C:\Program Files\HP\ToolboxFX\bin\Alerts.dll
2009-10-15 07:25 - 2009-10-15 07:25 - 00364544 _____ () C:\Program Files\HP\ToolboxFX\bin\nativeutils.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\26956734.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\26956734.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\client32 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MyOSProtect => ""="service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-3931294919-2743926396-4032931659-500 - Administrator - Disabled)
Guest (S-1-5-21-3931294919-2743926396-4032931659-501 - Limited - Disabled)
KIM (S-1-5-21-3931294919-2743926396-4032931659-1000 - Administrator - Enabled) => C:\Users\KIM
 
==================== Faulty Device Manager Devices =============
 
Name: HP Color LaserJet CM2320nf MFP
Description: HP Color LaserJet CM2320nf MFP
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Officejet 6600
Description: Officejet 6600
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Officejet 6600
Description: Officejet 6600
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Officejet Pro 8100
Description: Officejet Pro 8100
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Officejet 6600
Description: Officejet 6600
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/12/2014 00:52:26 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: DDI)
Description: HRESULT:0x80070643
Description:Cannot complete uninstall wizard. An error has prevented the Security Essentials Uninstall Wizard from continuing. Please restart your computer and try again. Error code:0x80070643. Fatal error during installation.
 
Error: (11/12/2014 00:52:09 PM) (Source: MsiInstaller) (EventID: 11402) (User: DDI)
Description: Product: Microsoft Security Client -- Error 1402. Could not open key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.  System error 5.  Verify that you have sufficient access to that key, or contact your support personnel.
 
Error: (11/12/2014 00:56:28 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (11/12/2014 00:52:02 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (11/11/2014 03:19:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: UpdateFlashPlayer_fe51ccff.exe, version: 1.0.0.1002, time stamp: 0x539d7a76
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00004542
Faulting process id: 0x1e48
Faulting application start time: 0xUpdateFlashPlayer_fe51ccff.exe0
Faulting application path: UpdateFlashPlayer_fe51ccff.exe1
Faulting module path: UpdateFlashPlayer_fe51ccff.exe2
Report Id: UpdateFlashPlayer_fe51ccff.exe3
 
Error: (11/11/2014 03:18:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: spoolsv.exe, version: 6.1.7601.17777, time stamp: 0x4f35efc3
Faulting module name: hpzjcd01.dll, version: 6.1.7.0, time stamp: 0x47a38eeb
Exception code: 0xc0000005
Fault offset: 0x00012d2e
Faulting process id: 0x5cc
Faulting application start time: 0xspoolsv.exe0
Faulting application path: spoolsv.exe1
Faulting module path: spoolsv.exe2
Report Id: spoolsv.exe3
 
Error: (11/11/2014 03:18:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: UpdateFlashPlayer_1cc6986b.exe, version: 1.0.0.1002, time stamp: 0x539d7a76
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00004542
Faulting process id: 0x578
Faulting application start time: 0xUpdateFlashPlayer_1cc6986b.exe0
Faulting application path: UpdateFlashPlayer_1cc6986b.exe1
Faulting module path: UpdateFlashPlayer_1cc6986b.exe2
Report Id: UpdateFlashPlayer_1cc6986b.exe3
 
Error: (11/11/2014 03:18:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: UpdateFlashPlayer_b9c2bd78.exe, version: 1.0.0.1002, time stamp: 0x539d7a76
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00004542
Faulting process id: 0x1d54
Faulting application start time: 0xUpdateFlashPlayer_b9c2bd78.exe0
Faulting application path: UpdateFlashPlayer_b9c2bd78.exe1
Faulting module path: UpdateFlashPlayer_b9c2bd78.exe2
Report Id: UpdateFlashPlayer_b9c2bd78.exe3
 
Error: (11/11/2014 02:58:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: UpdateFlashPlayer_1606b7f1.exe, version: 1.0.0.1002, time stamp: 0x539d7a76
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00004542
Faulting process id: 0x16a8
Faulting application start time: 0xUpdateFlashPlayer_1606b7f1.exe0
Faulting application path: UpdateFlashPlayer_1606b7f1.exe1
Faulting module path: UpdateFlashPlayer_1606b7f1.exe2
Report Id: UpdateFlashPlayer_1606b7f1.exe3
 
Error: (11/11/2014 01:19:42 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (11/28/2014 10:33:12 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain DDI due to the following: 
%%1311
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
Error: (11/28/2014 10:27:42 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: DDI)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (11/27/2014 08:15:07 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (11/26/2014 06:57:45 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (11/25/2014 05:40:22 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (11/25/2014 09:18:42 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: DDI)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (11/24/2014 04:40:00 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (11/24/2014 09:07:23 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: DDI)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (11/23/2014 03:32:37 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (11/22/2014 02:16:14 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
 
Microsoft Office Sessions:
=========================
Error: (11/12/2014 00:52:26 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: DDI)
Description: HRESULT:0x80070643
Description:Cannot complete uninstall wizard. An error has prevented the Security Essentials Uninstall Wizard from continuing. Please restart your computer and try again. Error code:0x80070643. Fatal error during installation.
 
Error: (11/12/2014 00:52:09 PM) (Source: MsiInstaller) (EventID: 11402) (User: DDI)
Description: Product: Microsoft Security Client -- Error 1402. Could not open key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.  System error 5.  Verify that you have sufficient access to that key, or contact your support personnel. (NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (11/12/2014 00:56:28 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\HP\digital imaging\{ecf3e482-9188-4e29-9c31-e02fd8dc74c0}\setup\faxprinterdrivers\hppfaxprinteremail_x64.exe
 
Error: (11/12/2014 00:52:02 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Officejet 6600\DriverStore\Pipeline\amd64\hpinkins5D12.exe
 
Error: (11/11/2014 03:19:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: UpdateFlashPlayer_fe51ccff.exe1.0.0.1002539d7a76unknown0.0.0.000000000c0000005000045421e4801cffdecbccf9061C:\Users\KIM.DDI\AppData\Local\Temp\UpdateFlashPlayer_fe51ccff.exeunknownfbce1ea8-69df-11e4-beca-002564e5d266
 
Error: (11/11/2014 03:18:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: spoolsv.exe6.1.7601.177774f35efc3hpzjcd01.dll6.1.7.047a38eebc000000500012d2e5cc01cffd50cc4bbf58C:\Windows\System32\spoolsv.exeC:\Windows\System32\hpzjcd01.dllf2737655-69df-11e4-beca-002564e5d266
 
Error: (11/11/2014 03:18:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: UpdateFlashPlayer_1cc6986b.exe1.0.0.1002539d7a76unknown0.0.0.000000000c00000050000454257801cffdeca306c889C:\Users\KIM.DDI\AppData\Local\Temp\UpdateFlashPlayer_1cc6986b.exeunknowne24cc019-69df-11e4-beca-002564e5d266
 
Error: (11/11/2014 03:18:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: UpdateFlashPlayer_b9c2bd78.exe1.0.0.1002539d7a76unknown0.0.0.000000000c0000005000045421d5401cffdeca09be2c2C:\Users\KIM.DDI\AppData\Local\Temp\UpdateFlashPlayer_b9c2bd78.exeunknowndf3b39fe-69df-11e4-beca-002564e5d266
 
Error: (11/11/2014 02:58:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: UpdateFlashPlayer_1606b7f1.exe1.0.0.1002539d7a76unknown0.0.0.000000000c00000050000454216a801cffde9cf938876C:\Users\KIM.DDI\AppData\Local\Temp\UpdateFlashPlayer_1606b7f1.exeunknown0da66e83-69dd-11e4-beca-002564e5d266
 
Error: (11/11/2014 01:19:42 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\HP\digital imaging\{ecf3e482-9188-4e29-9c31-e02fd8dc74c0}\setup\faxprinterdrivers\hppfaxprinteremail_x64.exe
 
 
CodeIntegrity Errors:
===================================
  Date: 2011-07-08 17:59:10.297
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-07-08 17:59:10.266
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-07-08 17:53:16.750
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-07-08 17:53:16.718
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-07-08 17:46:31.099
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-07-08 17:46:31.068
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-07-08 17:43:42.852
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-07-08 17:43:42.821
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-07-08 17:38:06.721
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-07-08 17:38:06.675
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU E7500 @ 2.93GHz
Percentage of memory in use: 37%
Total physical RAM: 3036.99 MB
Available physical RAM: 1893.34 MB
Total Pagefile: 6072.27 MB
Available Pagefile: 4535.81 MB
Total Virtual: 2047.88 MB
Available Virtual: 1892.29 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:298.05 GB) (Free:249.38 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive z: () (Network) (Total:135.66 GB) (Free:71.09 GB) 
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: A42D04A3)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=298.1 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
 

System will NOT let me upload the summary.INFO or the summary.ZIP file it is to big.

 

Here is a link to the file on my DropBox account.

https://dl.dropboxusercontent.com/u/17366313/summary.zip


Edited by Akornn, 28 November 2014 - 11:02 AM.


#10 Akornn

Akornn
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 28 November 2014 - 11:01 AM

System will NOT let me upload the summary.INFO or the summary.ZIP file it is to big.

 

Here is a link to the file on my DropBox account.

https://dl.dropboxusercontent.com/u/17366313/summary.zip



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,378 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:33 AM

Posted 28 November 2014 - 11:36 AM

Hi Jack,

Sorry, I am trying to manage my workload because there are still a lot of people waiting for assistance. Thanks for posting.

This log is quite complicated because of the number of entries that may or may not be legitimate. I will need some help from you in trying to identify some of them. Can you tell me is these look familiar?

2014-11-20 09:52 - 2010-02-18 12:19 - 00000000 ____D () C:\COSTLOC
2014-11-20 00:43 - 2009-07-14 02:50 - 00000000 ____D () C:\Windows\CSC
2014-11-19 15:05 - 2013-04-30 12:41 - 00000000 ____D () C:\COSTER
2014-11-12 12:32 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\PLA
2014-11-10 12:02 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\IME
2014-11-08 06:59 - 2011-03-18 15:27 - 00000000 ____D () C:\UPS4344E
2014-11-08 06:59 - 2007-07-10 13:50 - 00000000 ____D () C:\CR-XI-MLB


Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-2407052180-3221251107-2235898140-1150\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2407052180-3221251107-2235898140-1150\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-2407052180-3221251107-2235898140-1150 -> {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = 
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-2407052180-3221251107-2235898140-1150: @tools.google.com/Google Update;version=3 -> C:\Users\KIM.DDI\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-2407052180-3221251107-2235898140-1150: @tools.google.com/Google Update;version=9 -> C:\Users\KIM.DDI\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
S3 catchme; \??\C:\Users\ADMINI~1.DDI\AppData\Local\Temp\catchme.sys [X]
2014-11-11 15:17 - 2014-11-11 15:17 - 00000000 ____D () C:\ProgramData\RegriDrecu
2014-11-11 15:17 - 2014-11-11 15:17 - 00000000 ____D () C:\ProgramData\FezlApaqs
2014-11-11 14:56 - 2014-11-11 14:56 - 00139636 _____ (Корпорация Майкрософт) C:\Windows\brdgcsvc.dll
2014-11-11 14:56 - 2014-11-11 14:56 - 00000000 ____D () C:\ProgramData\EuduJgak
2014-11-11 14:56 - 2014-11-11 14:56 - 00000000 ____D () C:\ProgramData\EejeVful
2014-11-10 09:53 - 2014-11-11 14:57 - 00000272 ____H () C:\ProgramData\@system3.att
2014-11-10 09:52 - 2014-11-11 14:57 - 00000536 _____ () C:\ProgramData\@system.temp
2014-11-10 09:52 - 2014-11-10 12:01 - 00000000 ____D () C:\ProgramData\PotlUgoni
2014-11-10 09:52 - 2014-11-10 12:01 - 00000000 ____D () C:\ProgramData\DaytOxdo
2014-11-10 09:52 - 2014-11-10 09:52 - 00000448 ____H () C:\Users\KIM.DDI\AppData\Roaming\麽鎒駓覜
2014-11-07 16:32 - 2014-11-07 16:32 - 00000276 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.URL
2014-11-07 16:32 - 2014-11-07 16:32 - 00000276 _____ () C:\Users\KIM.DDI\DECRYPT_INSTRUCTION.URL
2014-11-07 16:32 - 2014-11-07 16:32 - 00000276 _____ () C:\Users\DECRYPT_INSTRUCTION.URL
2014-11-07 16:32 - 2014-11-07 16:32 - 00000276 _____ () C:\DECRYPT_INSTRUCTION.URL
2014-11-07 16:18 - 2014-11-07 16:18 - 00000276 _____ () C:\Users\KIM.DDI\Documents\DECRYPT_INSTRUCTION.URL
2014-11-07 16:16 - 2014-11-07 16:16 - 00000276 _____ () C:\Users\KIM.DDI\AppData\Roaming\DECRYPT_INSTRUCTION.URL
2014-11-07 16:16 - 2014-11-07 16:16 - 00000276 _____ () C:\Users\KIM.DDI\AppData\Local\DECRYPT_INSTRUCTION.URL
2014-11-07 16:16 - 2014-11-07 16:16 - 00000276 _____ () C:\Users\KIM.DDI\AppData\DECRYPT_INSTRUCTION.URL
2014-11-07 16:11 - 2014-11-07 16:11 - 00000276 _____ () C:\Users\KIM\DECRYPT_INSTRUCTION.URL
2014-11-07 16:11 - 2014-11-07 16:11 - 00000276 _____ () C:\Users\KIM\AppData\Local\DECRYPT_INSTRUCTION.URL
2014-11-07 16:11 - 2014-11-07 16:11 - 00000276 _____ () C:\Users\KIM\AppData\DECRYPT_INSTRUCTION.URL
2014-11-07 16:05 - 2014-11-07 16:05 - 00000276 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.URL
2014-11-07 15:56 - 2014-11-08 07:04 - 00000000 ____D () C:\3745004
2014-11-07 10:22 - 2014-11-10 12:01 - 00000000 ____D () C:\ProgramData\QunfUzto
2014-11-07 10:22 - 2014-11-10 12:01 - 00000000 ____D () C:\ProgramData\EejzUcgeq
2014-11-07 09:49 - 2014-11-10 20:40 - 00000000 ____D () C:\Users\KIM.DDI\AppData\Local\Amnworks
2014-11-07 09:49 - 2014-11-10 09:53 - 00000000 ____D () C:\Users\KIM.DDI\AppData\Local\Odics
2014-11-07 09:47 - 2014-11-10 12:01 - 00000000 ____D () C:\ProgramData\YaweYatn
2014-11-07 09:47 - 2014-11-10 12:01 - 00000000 ____D () C:\ProgramData\XadicFonah
2014-11-06 09:51 - 2014-11-10 20:41 - 00000000 __SHD () C:\Windows\ftpcache
C:\Users\KIM.DDI\WSSEMAPHORES.dat
Task: {7B5B0235-E3F5-49BD-9576-A8433E5AE765} - System32\Tasks\wklennty => Rundll32.exe "C:\Windows\system32\mf3216T.dll",gtfov
Task: {C705C673-7CEB-48F7-8196-4AC1FF27F090} - System32\Tasks\Fxxlymsbtv => Rundll32.exe "C:\Windows\system32\ifsutil0.dll",peajoncsj
C:\Windows\system32\mf3216T.dll
C:\Windows\system32\ifsutil0.dll
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Do those folders look familiar?
  • Fixlog

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Akornn

Akornn
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 28 November 2014 - 12:01 PM

Most of these directories are unfamiliar to me except 2 of this.   

2014-11-20 09:52 - 2010-02-18 12:19 - 00000000 ____D () C:\COSTLOC   ----------------------> This is a required program called nutracoster
2014-11-20 00:43 - 2009-07-14 02:50 - 00000000 ____D () C:\Windows\CSC
2014-11-19 15:05 - 2013-04-30 12:41 - 00000000 ____D () C:\COSTER --------------------------> This is a required program called nutracoster
2014-11-12 12:32 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\PLA
2014-11-10 12:02 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\IME
2014-11-08 06:59 - 2011-03-18 15:27 - 00000000 ____D () C:\UPS4344E
2014-11-08 06:59 - 2007-07-10 13:50 - 00000000 ____D () C:\CR-XI-MLB

 

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-11-2014 01
Ran by kim at 2014-11-28 11:44:43 Run:1
Running from C:\Users\KIM.DDI\Desktop
Loaded Profiles: kim &  (Available profiles: kim & KIM)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-2407052180-3221251107-2235898140-1150\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2407052180-3221251107-2235898140-1150\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-2407052180-3221251107-2235898140-1150 -> {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = 
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-2407052180-3221251107-2235898140-1150: @tools.google.com/Google Update;version=3 -> C:\Users\KIM.DDI\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-2407052180-3221251107-2235898140-1150: @tools.google.com/Google Update;version=9 -> C:\Users\KIM.DDI\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
S3 catchme; \??\C:\Users\ADMINI~1.DDI\AppData\Local\Temp\catchme.sys [X]
2014-11-11 15:17 - 2014-11-11 15:17 - 00000000 ____D () C:\ProgramData\RegriDrecu
2014-11-11 15:17 - 2014-11-11 15:17 - 00000000 ____D () C:\ProgramData\FezlApaqs
2014-11-11 14:56 - 2014-11-11 14:56 - 00139636 _____ (?????????? ??????????) C:\Windows\brdgcsvc.dll
2014-11-11 14:56 - 2014-11-11 14:56 - 00000000 ____D () C:\ProgramData\EuduJgak
2014-11-11 14:56 - 2014-11-11 14:56 - 00000000 ____D () C:\ProgramData\EejeVful
2014-11-10 09:53 - 2014-11-11 14:57 - 00000272 ____H () C:\ProgramData\@system3.att
2014-11-10 09:52 - 2014-11-11 14:57 - 00000536 _____ () C:\ProgramData\@system.temp
2014-11-10 09:52 - 2014-11-10 12:01 - 00000000 ____D () C:\ProgramData\PotlUgoni
2014-11-10 09:52 - 2014-11-10 12:01 - 00000000 ____D () C:\ProgramData\DaytOxdo
2014-11-10 09:52 - 2014-11-10 09:52 - 00000448 ____H () C:\Users\KIM.DDI\AppData\Roaming\????
2014-11-07 16:32 - 2014-11-07 16:32 - 00000276 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.URL
2014-11-07 16:32 - 2014-11-07 16:32 - 00000276 _____ () C:\Users\KIM.DDI\DECRYPT_INSTRUCTION.URL
2014-11-07 16:32 - 2014-11-07 16:32 - 00000276 _____ () C:\Users\DECRYPT_INSTRUCTION.URL
2014-11-07 16:32 - 2014-11-07 16:32 - 00000276 _____ () C:\DECRYPT_INSTRUCTION.URL
2014-11-07 16:18 - 2014-11-07 16:18 - 00000276 _____ () C:\Users\KIM.DDI\Documents\DECRYPT_INSTRUCTION.URL
2014-11-07 16:16 - 2014-11-07 16:16 - 00000276 _____ () C:\Users\KIM.DDI\AppData\Roaming\DECRYPT_INSTRUCTION.URL
2014-11-07 16:16 - 2014-11-07 16:16 - 00000276 _____ () C:\Users\KIM.DDI\AppData\Local\DECRYPT_INSTRUCTION.URL
2014-11-07 16:16 - 2014-11-07 16:16 - 00000276 _____ () C:\Users\KIM.DDI\AppData\DECRYPT_INSTRUCTION.URL
2014-11-07 16:11 - 2014-11-07 16:11 - 00000276 _____ () C:\Users\KIM\DECRYPT_INSTRUCTION.URL
2014-11-07 16:11 - 2014-11-07 16:11 - 00000276 _____ () C:\Users\KIM\AppData\Local\DECRYPT_INSTRUCTION.URL
2014-11-07 16:11 - 2014-11-07 16:11 - 00000276 _____ () C:\Users\KIM\AppData\DECRYPT_INSTRUCTION.URL
2014-11-07 16:05 - 2014-11-07 16:05 - 00000276 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.URL
2014-11-07 15:56 - 2014-11-08 07:04 - 00000000 ____D () C:\3745004
2014-11-07 10:22 - 2014-11-10 12:01 - 00000000 ____D () C:\ProgramData\QunfUzto
2014-11-07 10:22 - 2014-11-10 12:01 - 00000000 ____D () C:\ProgramData\EejzUcgeq
2014-11-07 09:49 - 2014-11-10 20:40 - 00000000 ____D () C:\Users\KIM.DDI\AppData\Local\Amnworks
2014-11-07 09:49 - 2014-11-10 09:53 - 00000000 ____D () C:\Users\KIM.DDI\AppData\Local\Odics
2014-11-07 09:47 - 2014-11-10 12:01 - 00000000 ____D () C:\ProgramData\YaweYatn
2014-11-07 09:47 - 2014-11-10 12:01 - 00000000 ____D () C:\ProgramData\XadicFonah
2014-11-06 09:51 - 2014-11-10 20:41 - 00000000 __SHD () C:\Windows\ftpcache
C:\Users\KIM.DDI\WSSEMAPHORES.dat
Task: {7B5B0235-E3F5-49BD-9576-A8433E5AE765} - System32\Tasks\wklennty => Rundll32.exe "C:\Windows\system32\mf3216T.dll",gtfov
Task: {C705C673-7CEB-48F7-8196-4AC1FF27F090} - System32\Tasks\Fxxlymsbtv => Rundll32.exe "C:\Windows\system32\ifsutil0.dll",peajoncsj
C:\Windows\system32\mf3216T.dll
C:\Windows\system32\ifsutil0.dll
 
*****************
 
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-2407052180-3221251107-2235898140-1150\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-2407052180-3221251107-2235898140-1150\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-2407052180-3221251107-2235898140-1150\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}" => Key deleted successfully.
"HKCR\CLSID\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}" => Key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} => value deleted successfully.
"HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}" => Key not found.
"HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9" => Key deleted successfully.
"HKU\S-1-5-21-2407052180-3221251107-2235898140-1150\Software\MozillaPlugins\@tools.google.com/Google Update;version=3" => Key deleted successfully.
C:\Users\KIM.DDI\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll not found.
"HKU\S-1-5-21-2407052180-3221251107-2235898140-1150\Software\MozillaPlugins\@tools.google.com/Google Update;version=9" => Key deleted successfully.
C:\Users\KIM.DDI\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll not found.
catchme => Service deleted successfully.
C:\ProgramData\RegriDrecu => Moved successfully.
C:\ProgramData\FezlApaqs => Moved successfully.
C:\Windows\brdgcsvc.dll => Moved successfully.
C:\ProgramData\EuduJgak => Moved successfully.
C:\ProgramData\EejeVful => Moved successfully.
C:\ProgramData\@system3.att => Moved successfully.
C:\ProgramData\@system.temp => Moved successfully.
C:\ProgramData\PotlUgoni => Moved successfully.
C:\ProgramData\DaytOxdo => Moved successfully.
 
"C:\Users\KIM.DDI\AppData\Roaming\????" directory move:
 
Could not move "C:\Users\KIM.DDI\AppData\Roaming\????" directory. => Scheduled to move on reboot.
 
C:\Users\Public\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\KIM.DDI\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\KIM.DDI\Documents\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\KIM.DDI\AppData\Roaming\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\KIM.DDI\AppData\Local\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\KIM.DDI\AppData\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\KIM\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\KIM\AppData\Local\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\KIM\AppData\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\ProgramData\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\3745004 => Moved successfully.
C:\ProgramData\QunfUzto => Moved successfully.
C:\ProgramData\EejzUcgeq => Moved successfully.
C:\Users\KIM.DDI\AppData\Local\Amnworks => Moved successfully.
C:\Users\KIM.DDI\AppData\Local\Odics => Moved successfully.
C:\ProgramData\YaweYatn => Moved successfully.
C:\ProgramData\XadicFonah => Moved successfully.
C:\Windows\ftpcache => Moved successfully.
C:\Users\KIM.DDI\WSSEMAPHORES.dat => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{7B5B0235-E3F5-49BD-9576-A8433E5AE765}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7B5B0235-E3F5-49BD-9576-A8433E5AE765}" => Key deleted successfully.
C:\Windows\System32\Tasks\wklennty => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\wklennty" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{C705C673-7CEB-48F7-8196-4AC1FF27F090}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C705C673-7CEB-48F7-8196-4AC1FF27F090}" => Key deleted successfully.
C:\Windows\System32\Tasks\Fxxlymsbtv => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Fxxlymsbtv" => Key deleted successfully.
"C:\Windows\system32\mf3216T.dll" => File/Directory not found.
"C:\Windows\system32\ifsutil0.dll" => File/Directory not found.
 
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-11-28 11:49:41)<=
 
"C:\Users\KIM.DDI\AppData\Roaming\????" => Directory could not move.
 
==== End of Fixlog ====


#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,378 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:33 AM

Posted 28 November 2014 - 01:10 PM

Thanks.

Please do these things.

Using Windows Explorer navigate to C:\Users\KIM.DDI\AppData\Roaming and delete any entries containing either of the following: 
Mehaopitiao
麽鎒駓覜
If you do not see either one let me know if you do see an odd entry.

===================================================

SystemLook by jpshortstuff

--------------------
  • Double-click SystemLook.exe to run it.
  • Vista\Windows 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following codebox into the main textfield:
:dir
C:\Windows\CSC
C:\Windows\PLA
C:\Windows\IME
C:\UPS4344E
C:\CR-XI-MLB
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply. If necessary you can attach or zip and attach the file
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Were you able to delete the folder?
  • SystemLook information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Akornn

Akornn
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 28 November 2014 - 01:38 PM

I found a file named 麽鎒駓覜 BUT not Mehaopitiao.

 

Yes deleted the file names 麽鎒駓覜

 

You asked if I deleted the folder. what folder, did you mean the files in the C:\Users\KIM.DDI\AppData\Roaming folder?

 

SystemLook 30.07.11 by jpshortstuff

Log created at 13:21 on 28/11/2014 by kim
Administrator - Elevation successful
 
========== dir ==========
 
C:\Windows\CSC - Parameters: "(none)"
 
---Files---
None found.
 
---Folders---
v2.0.6 d------ [05:43 20/11/2014]
 
C:\Windows\PLA - Parameters: "(none)"
 
---Files---
None found.
 
---Folders---
Reports d------ [02:37 14/07/2009]
Rules d------ [02:37 14/07/2009]
System d------ [02:37 14/07/2009]
Templates d------ [02:37 14/07/2009]
 
C:\Windows\IME - Parameters: "(none)"
 
---Files---
SPTIP.DLL --a---- 126976 bytes [00:14 14/07/2009] [01:16 14/07/2009]
 
---Folders---
en-US d------ [04:56 14/07/2009]
IMEJP10 d------ [02:37 14/07/2009]
imekr8 d------ [02:37 14/07/2009]
IMESC5 d------ [02:37 14/07/2009]
IMETC10 d------ [02:37 14/07/2009]
 
C:\UPS4344E - Parameters: "(none)"
 
---Files---
140XI3P.CFG --a---- 2702 bytes [13:46 22/07/2005] [13:46 22/07/2005]
140XiIII.bmp --a---- 58678 bytes [20:48 14/07/2005] [20:48 14/07/2005]
2442u.CFG --a---- 1663 bytes [15:58 28/07/2005] [15:58 28/07/2005]
2542u.CFG --a---- 1663 bytes [15:58 28/07/2005] [15:58 28/07/2005]
2543u.CFG --a---- 1663 bytes [15:58 28/07/2005] [15:58 28/07/2005]
2746.bmp --a---- 58678 bytes [22:24 18/11/2002] [22:24 18/11/2002]
2844u.CFG --a---- 1664 bytes [15:58 28/07/2005] [15:58 28/07/2005]
clrgrey.bmp --a---- 30054 bytes [22:24 18/11/2002] [22:24 18/11/2002]
DarkWiz.zpl --a---- 4981 bytes [23:51 14/03/2005] [23:51 14/03/2005]
DarkWiz2.zpl --a---- 4981 bytes [18:59 28/07/2005] [18:59 28/07/2005]
DECRYPT_INSTRUCTION.URL --a---- 276 bytes [21:11 07/11/2014] [21:11 07/11/2014]
Eplfnt12.ufm --a---- 416 bytes [17:15 19/12/2002] [17:15 19/12/2002]
EPLFNT13.UFM --a---- 416 bytes [17:14 19/12/2002] [17:14 19/12/2002]
Eplfnt22.ufm --a---- 416 bytes [17:14 19/12/2002] [17:14 19/12/2002]
Eplfnt23.ufm --a---- 416 bytes [17:14 19/12/2002] [17:14 19/12/2002]
Eplfnt32.ufm --a---- 416 bytes [17:14 19/12/2002] [17:14 19/12/2002]
Eplfnt33.ufm --a---- 416 bytes [17:14 19/12/2002] [17:14 19/12/2002]
Eplfnt42.ufm --a---- 416 bytes [17:13 19/12/2002] [17:13 19/12/2002]
Eplfnt43.ufm --a---- 416 bytes [17:13 19/12/2002] [17:13 19/12/2002]
Eplfnt52.ufm --a---- 416 bytes [17:13 19/12/2002] [17:13 19/12/2002]
Eplfnt53.ufm --a---- 416 bytes [17:13 19/12/2002] [17:13 19/12/2002]
FIRMWARE.CFG --a---- 2193 bytes [16:32 22/04/2005] [16:32 22/04/2005]
Inst_br.lng --a---- 3613 bytes [21:20 01/07/2005] [21:20 01/07/2005]
Inst_ca.lng --a---- 4024 bytes [21:17 01/07/2005] [21:17 01/07/2005]
Inst_cn.lng --a---- 2128 bytes [21:20 01/07/2005] [21:20 01/07/2005]
Inst_de.lng --a---- 3700 bytes [21:15 01/07/2005] [21:15 01/07/2005]
Inst_es.lng --a---- 3818 bytes [21:16 01/07/2005] [21:16 01/07/2005]
Inst_fr.lng --a---- 3983 bytes [21:16 01/07/2005] [21:16 01/07/2005]
Inst_hk.lng --a---- 2151 bytes [21:20 01/07/2005] [21:20 01/07/2005]
Inst_it.lng --a---- 3711 bytes [21:17 01/07/2005] [21:17 01/07/2005]
Inst_jp.lng --a---- 3432 bytes [21:18 01/07/2005] [21:18 01/07/2005]
Inst_kr.lng --a---- 2888 bytes [21:19 01/07/2005] [21:19 01/07/2005]
Inst_tw.lng --a---- 2226 bytes [21:21 01/07/2005] [21:21 01/07/2005]
inst_uk.lng --a---- 3123 bytes [22:02 21/03/2005] [22:02 21/03/2005]
inst_us.lng --a---- 3123 bytes [22:02 21/03/2005] [22:02 21/03/2005]
lang.csv --a---- 624 bytes [16:55 03/08/2006] [16:55 03/08/2006]
language.dll --a---- 90112 bytes [14:45 31/07/2003] [14:45 31/07/2003]
LP2348u.CFG --a---- 1710 bytes [15:59 28/07/2005] [15:59 28/07/2005]
LP2844.bmp --a---- 58678 bytes [22:24 18/11/2002] [22:24 18/11/2002]
LP2844u.CFG --a---- 1661 bytes [15:59 28/07/2005] [15:59 28/07/2005]
Printer Cloning.exe --a---- 319488 bytes [21:12 26/04/2005] [21:12 26/04/2005]
R110XI3.CFG --a---- 2705 bytes [13:46 22/07/2005] [13:46 22/07/2005]
readme.html --a---- 40954 bytes [18:27 10/08/2006] [18:27 10/08/2006]
S4M26.bmp --a---- 58676 bytes [15:20 16/08/2004] [15:20 16/08/2004]
S4MDT.CFG --a---- 2804 bytes [13:52 27/07/2005] [13:52 27/07/2005]
Setup.exe --a---- 335872 bytes [21:11 27/04/2005] [21:11 27/04/2005]
TLP2044u.CFG --a---- 1649 bytes [15:59 28/07/2005] [15:59 28/07/2005]
USBMON.DLL --a---- 28672 bytes [21:24 18/11/2002] [21:24 18/11/2002]
USBPRINT.INF --a---- 752 bytes [22:24 18/11/2002] [22:24 18/11/2002]
USBPRINT.SYS --a---- 22640 bytes [22:24 18/11/2002] [22:24 18/11/2002]
Z4M.bmp --a---- 58678 bytes [04:09 31/05/2003] [04:09 31/05/2003]
ZBU94023.ufm --a---- 608 bytes [17:13 19/12/2002] [17:13 19/12/2002]
zlogo.bmp --a---- 18082 bytes [22:24 18/11/2002] [22:24 18/11/2002]
zm4u.CFG --a---- 2693 bytes [13:52 27/07/2005] [13:52 27/07/2005]
ZP450.bmp --a---- 58676 bytes [14:55 10/03/2005] [14:55 10/03/2005]
ZP450.CFG --a---- 2692 bytes [19:22 28/07/2005] [19:22 28/07/2005]
zplfntA.ufm --a---- 416 bytes [17:13 19/12/2002] [17:13 19/12/2002]
zplfntB.ufm --a---- 416 bytes [17:12 19/12/2002] [17:12 19/12/2002]
zplfntC.ufm --a---- 416 bytes [17:12 19/12/2002] [17:12 19/12/2002]
zplfntD.ufm --a---- 416 bytes [17:12 19/12/2002] [17:12 19/12/2002]
zplfntE1.ufm --a---- 416 bytes [17:12 19/12/2002] [17:12 19/12/2002]
zplfntE2.ufm --a---- 416 bytes [17:12 19/12/2002] [17:12 19/12/2002]
zplfntE3.ufm --a---- 416 bytes [17:11 19/12/2002] [17:11 19/12/2002]
zplfntE6.ufm --a---- 416 bytes [17:11 19/12/2002] [17:11 19/12/2002]
zplfntF.ufm --a---- 416 bytes [17:11 19/12/2002] [17:11 19/12/2002]
zplfntG.ufm --a---- 416 bytes [17:01 19/12/2002] [17:01 19/12/2002]
zplfntGs.ufm --a---- 416 bytes [17:00 19/12/2002] [17:00 19/12/2002]
zplfntH1.ufm --a---- 416 bytes [17:00 19/12/2002] [17:00 19/12/2002]
zplfntH2.ufm --a---- 416 bytes [17:00 19/12/2002] [17:00 19/12/2002]
zplfntH3.ufm --a---- 416 bytes [17:00 19/12/2002] [17:00 19/12/2002]
zplfntH6.ufm --a---- 416 bytes [17:00 19/12/2002] [17:00 19/12/2002]
zsd.cat --a---- 2 bytes [16:42 18/06/2002] [16:42 18/06/2002]
zsd.inf --a---- 13010 bytes [18:08 10/08/2006] [18:08 10/08/2006]
ZSD16.dll --a---- 15900 bytes [22:37 12/11/2003] [22:37 12/11/2003]
zsd32.dll --a---- 28672 bytes [22:36 12/11/2003] [22:36 12/11/2003]
zsdbar.ttf --a---- 24812 bytes [22:24 18/11/2002] [22:24 18/11/2002]
zsdbar.ufm --a---- 472 bytes [22:24 18/11/2002] [22:24 18/11/2002]
zsdbarnt.ttf --a---- 49184 bytes [22:24 18/11/2002] [22:24 18/11/2002]
ZSDCP.dll --a---- 28672 bytes [21:12 26/04/2005] [21:12 26/04/2005]
ZSDCPL.dcl --a---- 757760 bytes [01:23 09/08/2006] [01:23 09/08/2006]
zsdcpl.dll --a---- 57344 bytes [01:19 09/08/2006] [01:19 09/08/2006]
zsdcpl.drv --a---- 132608 bytes [01:18 09/08/2006] [01:18 09/08/2006]
zsdcplui.dll --a---- 79000 bytes [01:21 09/08/2006] [01:21 09/08/2006]
ZSDEPL.dcl --a---- 753664 bytes [01:24 09/08/2006] [01:24 09/08/2006]
zsdepl.def --a---- 51964 bytes [15:53 28/07/2005] [15:53 28/07/2005]
zsdepl.dll --a---- 57344 bytes [01:19 09/08/2006] [01:19 09/08/2006]
zsdepl.drv --a---- 132608 bytes [01:18 09/08/2006] [01:18 09/08/2006]
zsdepl.hlp --a---- 541843 bytes [08:21 05/04/2004] [08:21 05/04/2004]
zsdepl.hlt --a---- 5024 bytes [16:49 01/04/2004] [16:49 01/04/2004]
zsdeplui.dll --a---- 79000 bytes [01:21 09/08/2006] [01:21 09/08/2006]
zsdprd.cfg --a---- 213 bytes [18:07 10/08/2006] [18:07 10/08/2006]
zsdui.dll --a---- 258048 bytes [01:24 09/08/2006] [01:24 09/08/2006]
ZSDZPL.dcl --a---- 790528 bytes [01:24 09/08/2006] [01:24 09/08/2006]
zsdzpl.def --a---- 70694 bytes [17:38 22/04/2005] [17:38 22/04/2005]
zsdzpl.dll --a---- 57344 bytes [01:19 09/08/2006] [01:19 09/08/2006]
zsdzpl.drv --a---- 132608 bytes [01:18 09/08/2006] [01:18 09/08/2006]
zsdzpl.hlp --a---- 624555 bytes [08:21 05/04/2004] [08:21 05/04/2004]
zsdzpl.hlt --a---- 4928 bytes [16:54 01/04/2004] [16:54 01/04/2004]
zsdzplui.dll --a---- 79000 bytes [01:21 09/08/2006] [01:21 09/08/2006]
zsd_br.lng --a---- 21445 bytes [19:08 22/04/2005] [19:08 22/04/2005]
zsd_ca.lng --a---- 21445 bytes [19:08 22/04/2005] [19:08 22/04/2005]
zsd_cn.lng --a---- 21445 bytes [19:08 22/04/2005] [19:08 22/04/2005]
zsd_de.lng --a---- 21445 bytes [19:08 22/04/2005] [19:08 22/04/2005]
zsd_es.lng --a---- 21445 bytes [19:08 22/04/2005] [19:08 22/04/2005]
zsd_fr.lng --a---- 21445 bytes [19:08 22/04/2005] [19:08 22/04/2005]
zsd_hk.lng --a---- 21445 bytes [19:08 22/04/2005] [19:08 22/04/2005]
zsd_it.lng --a---- 21445 bytes [19:08 22/04/2005] [19:08 22/04/2005]
zsd_jp.lng --a---- 21445 bytes [19:08 22/04/2005] [19:08 22/04/2005]
zsd_kr.lng --a---- 21445 bytes [19:08 22/04/2005] [19:08 22/04/2005]
zsd_tw.LNG --a---- 21445 bytes [19:08 22/04/2005] [19:08 22/04/2005]
zsd_uk.lng --a---- 21445 bytes [19:08 22/04/2005] [19:08 22/04/2005]
zsd_us.lng --a---- 21445 bytes [19:08 22/04/2005] [19:08 22/04/2005]
zudfile.DLL --a---- 4760 bytes [15:30 20/12/2002] [15:30 20/12/2002]
zudrmove.exe --a---- 225280 bytes [21:12 26/04/2005] [21:12 26/04/2005]
ZUDSM.exe --a---- 286720 bytes [21:28 28/04/2005] [21:28 28/04/2005]
 
---Folders---
WINNT d------ [20:27 18/03/2011]
 
C:\CR-XI-MLB - Parameters: "(none)"
 
---Files---
autorun.inf --a---- 123 bytes [21:24 01/03/2005] [21:24 01/03/2005]
CRXI_Autorun.exe --a---- 418149 bytes [04:39 03/03/2005] [04:39 03/03/2005]
DECRYPT_INSTRUCTION.URL --a---- 276 bytes [21:00 07/11/2014] [21:00 07/11/2014]
release.pdf --a---- 535968 bytes [21:40 18/03/2005] [21:40 18/03/2005]
release_cn.pdf --a---- 487744 bytes [20:46 18/03/2005] [20:46 18/03/2005]
release_de.pdf --a---- 528880 bytes [20:49 16/03/2005] [20:49 16/03/2005]
release_es.pdf --a---- 522544 bytes [15:25 17/03/2005] [15:25 17/03/2005]
release_fr.pdf --a---- 519600 bytes [19:18 17/03/2005] [19:18 17/03/2005]
release_it.pdf --a---- 514256 bytes [17:27 17/03/2005] [17:27 17/03/2005]
release_ja.pdf --a---- 787040 bytes [21:42 16/03/2005] [21:42 16/03/2005]
release_ko.pdf --a---- 482128 bytes [19:18 18/03/2005] [19:18 18/03/2005]
release_nl.pdf --a---- 507744 bytes [20:15 17/03/2005] [20:15 17/03/2005]
release_tw.pdf --a---- 538176 bytes [18:26 18/03/2005] [18:26 18/03/2005]
Setup.exe --a---- 167936 bytes [07:22 09/03/2005] [07:22 09/03/2005]
setup.ini --a---- 390 bytes [20:20 03/03/2005] [20:20 03/03/2005]
 
---Folders---
Docs d------ [18:50 10/07/2007]
win32 d------ [18:50 10/07/2007]
 
-= EOF =-


#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,378 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:33 AM

Posted 28 November 2014 - 01:51 PM

Thanks for the extra effort Jack, as far as I can tell the folders are not malware related.

Sorry, it was a file we deleted, not a folder. The 2 names I listed were potential variations of the same file. The one you didn't find was the English translated name.

Please do this.

===================================================

RogueKiller by Tigzy

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • For Windows 8/7/Vista users right click on the icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • When prompted, Click Scan
  • A report should open and a copy of the report will be placed on your desktop
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it winlogon.exe (or winlogon.com) and try again
  • Copy and paste the contents of the report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • RogueKiller log
  • How is your computer running, any issues?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users