Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Infected "zoomify"

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Infected "zoomify"

Unread postby beattheexams » December 17th, 2014, 3:14 pm

Hello,

I'm terrible with computers as a heads up.

Last night I believe I downloaded some stuff and a bunch of other programs came along for the ride. My laptop is totally messed up now. I have gone to control panel and uninstalled the programs. Now, whenever I go to chrome or mozilla, I'll open a tab for any generic website, say if I search "cats" on wikipedia. While looking at the page, if I click anywhere on it I'm bombarded with popups and redirected to .bz spam websites for porn or other nonsense. Moreover, just going to certain websites, I'm subjected to those advertisements that float over the website, so you can't read the text behind it. I'm freaking out, I need to fix this ASAP. I have an ASUS computer and windows 8. Please tell me exactly what to do to remove ALL OF THIS. Now, when I go to click on mozilla or google chrome, I get a series of windows popups and I can't even get onto the web (I'm posting from my son's computer). Thanks.
beattheexams
Active Member
 
Posts: 4
Joined: December 17th, 2014, 3:10 pm
Advertisement
Register to Remove

Re: Infected "zoomify"

Unread postby beattheexams » December 17th, 2014, 3:38 pm

I ran AdwCleaner and removed everything by hitting the "clean" button. Here was the text document I received upon completion (and then my laptop automatically rebooted, and then this text document opened upon starting up):

# AdwCleaner v4.105 - Report created 17/12/2014 at 14:33:14
# Updated 08/12/2014 by Xplode
# Database : 2014-12-16.1 [Live]
# Operating System : Windows 8 (64 bits)
# Username : eman - KAOSAR
# Running from : C:\Users\eman\Downloads\adwcleaner_4.105 (1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\zoomify2
Folder Deleted : C:\Users\eman\AppData\LocalLow\zoomify
Folder Deleted : C:\Users\eman\AppData\Roaming\Search Protection
File Deleted : C:\Users\eman\AppData\Roaming\Mozilla\Firefox\Profiles\2xcc5fvm.default\searchplugins\trovi-search.xml
File Deleted : C:\Users\eman\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.trovi.com_0.localstorage
File Deleted : C:\Users\eman\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.trovi.com_0.localstorage-journal

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Search Protection]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Key Deleted : HKLM\SOFTWARE\Classes\wit4ie.WitBHO
Key Deleted : HKLM\SOFTWARE\Classes\wit4ie.WitBHO.2
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\StormWatchApp
Key Deleted : HKCU\Software\AppDataLow\Software\Search Protection
Key Deleted : HKCU\Software\AppDataLow\Software\zoomify
Key Deleted : HKLM\SOFTWARE\zoomify
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search Protection

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.17116

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v30.0 (en-US)

[2xcc5fvm.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "Trovi search");
[2xcc5fvm.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Trovi search");

-\\ Google Chrome v39.0.2171.95

[C:\Users\eman\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\eman\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [3239 octets] - [17/12/2014 13:49:52]
AdwCleaner[R1].txt - [3303 octets] - [17/12/2014 14:28:45]
AdwCleaner[S0].txt - [2829 octets] - [17/12/2014 14:33:14]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2889 octets] ##########
beattheexams
Active Member
 
Posts: 4
Joined: December 17th, 2014, 3:10 pm

Re: Infected "zoomify"

Unread postby beattheexams » December 17th, 2014, 3:45 pm

I have also just finished running FRST: here is the completion log as well as the additional log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-12-2014
Ran by eman (administrator) on KAOSAR on 17-12-2014 14:38:38
Running from C:\Users\eman\Desktop
Loaded Profile: eman (Available profiles: eman)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17074_none_6233bc1f5106b696\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [90832 2012-06-07] (ASUS)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-27] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-505654950-3803389433-952683398-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22067296 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-505654950-3803389433-952683398-1001\...\MountPoints2: {72d7fb20-57c3-11e4-bec1-3085a9282d5e} - "F:\LG_PC_Programs.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-505654950-3803389433-952683398-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-505654950-3803389433-952683398-1001 -> {FB6425C0-D5B5-4907-A0FF-0A2FACCDAECA} URL = http://search.yahoo.com/search?fr=chr-g ... =903578&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: No Name -> {72351B45-9636-4F99-820B-7C552D27897D}} -> No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: No Name -> {72351B45-9636-4F99-820B-7C552D27897D}} -> No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\eman\AppData\Roaming\Mozilla\Firefox\Profiles\2xcc5fvm.default
FF Homepage: hxxp://webmail.verizon.com/signin/MyVzA ... tion=email
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=green ... =903578&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\eman\AppData\Roaming\Mozilla\Firefox\Profiles\2xcc5fvm.default\searchplugins\yahoo_ff.xml
FF Extension: Zoomify - C:\Users\eman\AppData\Roaming\Mozilla\Firefox\Profiles\2xcc5fvm.default\Extensions\tb@zoomify.com [2014-12-17]
FF Extension: Ad Limiter - C:\Users\eman\AppData\Roaming\Mozilla\Firefox\Profiles\2xcc5fvm.default\Extensions\551f2920-3c19-11e1-b86c-0800200c9a66@jetpack.xpi [2014-10-26]
FF Extension: AdBan - C:\Users\eman\AppData\Roaming\Mozilla\Firefox\Profiles\2xcc5fvm.default\Extensions\adban@ad-ban.appspot.com.xpi [2014-10-26]
FF Extension: Come back - C:\Users\eman\AppData\Roaming\Mozilla\Firefox\Profiles\2xcc5fvm.default\Extensions\come.back.block.image.from@cat-in-136.blogspot.com.xpi [2014-10-26]
FF Extension: Ad-blocker for Gmail - C:\Users\eman\AppData\Roaming\Mozilla\Firefox\Profiles\2xcc5fvm.default\Extensions\jid0-AocRXUCRsLTCYvn6bgJERnwfuqw@jetpack.xpi [2014-10-26]
FF Extension: Smart Ads Blocker - C:\Users\eman\AppData\Roaming\Mozilla\Firefox\Profiles\2xcc5fvm.default\Extensions\jid1-LYopfl0r00ZV5k@jetpack.xpi [2014-10-26]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT333039 ... 2659&SSPV=
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\eman\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\eman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-29]
CHR Extension: (Google Drive) - C:\Users\eman\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-29]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\eman\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Users\eman\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-29]
CHR Extension: (Adblock Plus) - C:\Users\eman\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-17]
CHR Extension: (Google Search) - C:\Users\eman\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-29]
CHR Extension: (Padma) - C:\Users\eman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngifghlmhidnielinpjdkkiadocdffbi [2014-01-30]
CHR Extension: (Google Wallet) - C:\Users\eman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28]
CHR Extension: (Gmail) - C:\Users\eman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-29]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
S2 cozhost; /ts2=1 [X]
S2 cozwhost; C:\PROGRA~3\zoomify2\110~1.29\cozwhost.exe -scm [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-17] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
U0 msahci; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-17 14:38 - 2014-12-17 14:39 - 00015201 _____ () C:\Users\eman\Desktop\FRST.txt
2014-12-17 14:38 - 2014-12-17 14:38 - 00000000 ____D () C:\FRST
2014-12-17 14:36 - 2014-12-17 14:36 - 00002981 _____ () C:\Users\eman\Desktop\AdwCleaner[S0].txt
2014-12-17 14:36 - 2014-12-17 14:32 - 02166272 _____ () C:\Users\eman\Desktop\AdwCleaner.exe
2014-12-17 14:36 - 2014-12-17 14:32 - 02121216 _____ (Farbar) C:\Users\eman\Desktop\FRST64.exe
2014-12-17 14:28 - 2014-12-17 14:28 - 02166272 _____ () C:\Users\eman\Downloads\adwcleaner_4.105 (1).exe
2014-12-17 14:11 - 2014-12-17 14:12 - 00000330 _____ () C:\Windows\Tasks\Tempo Runner coz64host.job
2014-12-17 14:11 - 2014-12-17 14:12 - 00000330 _____ () C:\Windows\Tasks\Tempo Runner coz32host.job
2014-12-17 14:11 - 2014-12-17 14:12 - 00000328 _____ () C:\Windows\Tasks\Tempo Runner cozahost.job
2014-12-17 13:49 - 2014-12-17 14:35 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-17 13:49 - 2014-12-17 14:33 - 00000000 ____D () C:\AdwCleaner
2014-12-17 13:48 - 2014-12-17 13:48 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\eman\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-17 13:48 - 2014-12-17 13:48 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-17 13:48 - 2014-12-17 13:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-17 13:48 - 2014-12-17 13:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-17 13:48 - 2014-12-17 13:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-17 13:48 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-17 13:48 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-17 13:48 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-17 13:40 - 2014-12-17 13:41 - 02166272 _____ () C:\Users\eman\Downloads\adwcleaner_4.105.exe
2014-12-17 13:36 - 2014-12-17 13:36 - 00001233 _____ () C:\Users\eman\Desktop\checkup.txt
2014-12-17 13:34 - 2014-12-17 13:34 - 00852505 _____ () C:\Users\eman\Downloads\SecurityCheck.exe
2014-12-17 13:01 - 2014-12-17 13:02 - 00348192 _____ (Installer Technology Co) C:\Users\eman\Downloads\SoftwareUpdater.exe
2014-12-17 03:06 - 2014-12-17 03:06 - 00000000 ___RD () C:\Users\eman\Documents\Notes
2014-12-16 18:09 - 2014-12-16 18:12 - 00000000 ____D () C:\Users\eman\Desktop\BIO 310
2014-12-16 18:05 - 2014-12-16 18:08 - 00006293 _____ () C:\Users\eman\Documents\Eman-Mp3List2.m3u8
2014-12-16 17:16 - 2014-12-16 18:08 - 00000000 ____D () C:\Users\eman\Desktop\mp3
2014-12-16 12:34 - 2014-12-16 12:34 - 00058115 _____ () C:\Users\eman\Documents\Eman-Mp3List.m3u8
2014-12-14 19:15 - 2014-12-14 19:41 - 00000000 ____D () C:\Users\eman\Desktop\SOC 105
2014-12-14 18:31 - 2014-12-14 19:14 - 00000000 ____D () C:\Users\eman\Desktop\BIO 201
2014-12-14 18:19 - 2014-12-14 18:29 - 00000000 ____D () C:\Users\eman\Desktop\AMS 102
2014-12-14 17:57 - 2014-12-14 18:10 - 00000000 ____D () C:\Users\eman\Desktop\AFS 337

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-17 14:38 - 2012-11-11 12:13 - 01058851 _____ () C:\Windows\WindowsUpdate.log
2014-12-17 14:38 - 2012-07-26 02:28 - 00848230 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-17 14:36 - 2012-07-26 02:21 - 00043672 _____ () C:\Windows\setupact.log
2014-12-17 14:35 - 2013-06-28 18:06 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-17 14:34 - 2012-08-01 20:20 - 00049472 _____ () C:\Windows\PFRO.log
2014-12-17 14:34 - 2012-07-26 02:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-17 14:03 - 2013-06-28 18:06 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-17 14:00 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\system32\sru
2014-12-17 13:16 - 2013-06-22 19:03 - 00000024 _____ () C:\Users\eman\random.dat
2014-12-17 13:04 - 2013-06-22 19:03 - 00000043 _____ () C:\Users\eman\jagex_cl_runescape_LIVE.dat
2014-12-17 04:50 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\rescache
2014-12-17 04:40 - 2012-11-11 12:22 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-505654950-3803389433-952683398-1001
2014-12-17 03:31 - 2012-07-26 00:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-12-17 03:22 - 2014-09-13 12:54 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-17 03:22 - 2012-07-26 03:12 - 00000000 ___RD () C:\Windows\ToastData
2014-12-17 02:28 - 2014-05-27 11:06 - 00000000 ____D () C:\Users\eman\AppData\Roaming\uTorrent
2014-12-17 00:22 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-12-16 18:10 - 2014-09-13 09:30 - 00000000 ____D () C:\Users\eman\AppData\Local\Viber
2014-12-16 17:33 - 2014-09-13 09:31 - 00000000 ____D () C:\Users\eman\AppData\Roaming\ViberPC
2014-12-14 11:05 - 2013-06-28 18:06 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-29 12:49 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\system32\NDF

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\Users\eman\jagex_cl_runescape_LIVE.dat
C:\Users\eman\jagex_cl_runescape_LIVE1.dat
C:\Users\eman\random.dat


Some content of TEMP:
====================
C:\Users\eman\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\eman\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\eman\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\eman\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\eman\AppData\Local\Temp\nse5E44.exe
C:\Users\eman\AppData\Local\Temp\nsg7115.exe
C:\Users\eman\AppData\Local\Temp\nsh59CE.exe
C:\Users\eman\AppData\Local\Temp\nso77EC.exe
C:\Users\eman\AppData\Local\Temp\nsv5549.exe
C:\Users\eman\AppData\Local\Temp\Quarantine.exe
C:\Users\eman\AppData\Local\Temp\SearchProtectionSetup.exe
C:\Users\eman\AppData\Local\Temp\sqlite3.dll
C:\Users\eman\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\eman\AppData\Local\Temp\System.Data.SQLite896a9e0e-7fc5-452a-83c4-14b1930b6d0a.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-17 02:37

==================== End Of Log ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-12-2014
Ran by eman at 2014-12-17 14:40:15
Running from C:\Users\eman\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.2 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.4 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.7 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.3 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.35 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0002 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.6 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.4 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.9.120 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.10.168 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0022 - ASUS)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2828 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Memorex 6136 U Scanner Driver (HKLM-x32\...\Memorex 6136 U Scanner Driver) (Version: - )
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-505654950-3803389433-952683398-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6685 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.27024 - Realtek Semiconductor Corp.)
Secure Download Manager (HKLM-x32\...\{E86B07AE-9F94-44D5-AD47-DC2716EA90D2}) (Version: 3.1.40 - Kivuto Solutions Inc.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Viber (HKU\S-1-5-21-505654950-3803389433-952683398-1001\...\Viber) (Version: 3.0.0.134678 - Viber Media Inc)
Winamp (HKLM-x32\...\Winamp) (Version: 5.66 - Nullsoft, Inc)
Windows Driver Package - ASUS (ATP) Mouse (10/29/2012 1.0.0.148) (HKLM\...\C01F56FBD9B141017E63E2A1A141E59934D4DC67) (Version: 10/29/2012 1.0.0.148 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-505654950-3803389433-952683398-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\eman\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-505654950-3803389433-952683398-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\eman\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-505654950-3803389433-952683398-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\eman\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-505654950-3803389433-952683398-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\eman\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

25-11-2014 19:26:15 Scheduled Checkpoint
17-12-2014 02:32:10 Scheduled Checkpoint
17-12-2014 03:19:58 Restore Operation

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 00:26 - 2012-07-26 00:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0C079093-4F70-4ABB-B71A-3DC2FBE853A6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-28] (Google Inc.)
Task: {1D20F584-DCC0-4B43-8616-0C1C537B1940} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-28] (Google Inc.)
Task: {2B97A964-D62F-4EDB-870D-18C652A79A4C} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-04] (ASUS)
Task: {5A24AF64-B7B6-4A28-98C0-0BC2AAEB2BA5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {85725B2B-AEC4-4181-B053-589151327CE4} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-07-24] (ASUSTek Computer Inc.)
Task: {9289FE18-DECF-4CD9-ABC0-682A89172E8D} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {E170711B-0F67-4FFB-8AC8-DC5E7CC97920} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {E7E597EB-90D7-4A52-A060-8595865CF303} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-06-20] (ASUSTeK Computer Inc.)
Task: {F9E66830-9838-471F-9AF4-64037A0F7D51} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2012-10-31] (AsusTek)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Tempo Runner coz32host.job => C:\ProgramData\zoomify2\1.1.0.29\coz32host.exe
Task: C:\Windows\Tasks\Tempo Runner coz64host.job => C:\ProgramData\zoomify2\1.1.0.29\coz64host.exe
Task: C:\Windows\Tasks\Tempo Runner cozahost.job => C:\ProgramData\zoomify2\1.1.0.29\cozahost.exe

==================== Loaded Modules (whitelisted) =============

2012-08-04 12:34 - 2012-08-04 12:34 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2014-09-16 12:50 - 2014-09-16 12:50 - 08896160 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-09-16 12:50 - 2014-09-16 12:50 - 08896160 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-09-07 07:58 - 2012-06-25 12:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "AsusVibeLauncher.lnk"
HKLM\...\StartupApproved\Run: => "ACMON"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKU\S-1-5-21-505654950-3803389433-952683398-1001\...\StartupApproved\Run: => "Search Protection"
HKU\S-1-5-21-505654950-3803389433-952683398-1001\...\StartupApproved\Run: => "Skype"

========================= Accounts: ==========================

Administrator (S-1-5-21-505654950-3803389433-952683398-500 - Administrator - Disabled)
eman (S-1-5-21-505654950-3803389433-952683398-1001 - Administrator - Enabled) => C:\Users\eman
Guest (S-1-5-21-505654950-3803389433-952683398-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/17/2014 02:12:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: cozhost.exe, version: 1.1.0.29, time stamp: 0x5486c2ba
Faulting module name: ntdll.dll, version: 6.2.9200.17046, time stamp: 0x53b485c4
Exception code: 0xc0000374
Fault offset: 0x000daa14
Faulting process id: 0x668
Faulting application start time: 0xcozhost.exe0
Faulting application path: cozhost.exe1
Faulting module path: cozhost.exe2
Report Id: cozhost.exe3
Faulting package full name: cozhost.exe4
Faulting package-relative application ID: cozhost.exe5

Error: (12/17/2014 02:08:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 6.2.9200.16384, time stamp: 0x5010888a
Faulting module name: zoomifyl32.dll, version: 1.1.0.29, time stamp: 0x530dff94
Exception code: 0xc0000005
Fault offset: 0x0000850a
Faulting process id: 0x40
Faulting application start time: 0xDllHost.exe0
Faulting application path: DllHost.exe1
Faulting module path: DllHost.exe2
Report Id: DllHost.exe3
Faulting package full name: DllHost.exe4
Faulting package-relative application ID: DllHost.exe5

Error: (12/17/2014 02:06:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 6.2.9200.16384, time stamp: 0x5010888a
Faulting module name: zoomifyl32.dll, version: 1.1.0.29, time stamp: 0x530dff94
Exception code: 0xc0000005
Fault offset: 0x0000850a
Faulting process id: 0x1078
Faulting application start time: 0xDllHost.exe0
Faulting application path: DllHost.exe1
Faulting module path: DllHost.exe2
Report Id: DllHost.exe3
Faulting package full name: DllHost.exe4
Faulting package-relative application ID: DllHost.exe5

Error: (12/17/2014 02:06:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 6.2.9200.16384, time stamp: 0x5010888a
Faulting module name: zoomifyl32.dll, version: 1.1.0.29, time stamp: 0x530dff94
Exception code: 0xc000041d
Fault offset: 0x0000850a
Faulting process id: 0x15d0
Faulting application start time: 0xDllHost.exe0
Faulting application path: DllHost.exe1
Faulting module path: DllHost.exe2
Report Id: DllHost.exe3
Faulting package full name: DllHost.exe4
Faulting package-relative application ID: DllHost.exe5

Error: (12/17/2014 02:06:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 6.2.9200.16384, time stamp: 0x5010888a
Faulting module name: zoomifyl32.dll, version: 1.1.0.29, time stamp: 0x530dff94
Exception code: 0xc0000005
Fault offset: 0x0000850a
Faulting process id: 0x15d0
Faulting application start time: 0xDllHost.exe0
Faulting application path: DllHost.exe1
Faulting module path: DllHost.exe2
Report Id: DllHost.exe3
Faulting package full name: DllHost.exe4
Faulting package-relative application ID: DllHost.exe5

Error: (12/17/2014 02:06:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 6.2.9200.16384, time stamp: 0x5010888a
Faulting module name: zoomifyl32.dll, version: 1.1.0.29, time stamp: 0x530dff94
Exception code: 0xc000041d
Fault offset: 0x0000850a
Faulting process id: 0x1010
Faulting application start time: 0xDllHost.exe0
Faulting application path: DllHost.exe1
Faulting module path: DllHost.exe2
Report Id: DllHost.exe3
Faulting package full name: DllHost.exe4
Faulting package-relative application ID: DllHost.exe5

Error: (12/17/2014 02:06:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 6.2.9200.16384, time stamp: 0x5010888a
Faulting module name: zoomifyl32.dll, version: 1.1.0.29, time stamp: 0x530dff94
Exception code: 0xc0000005
Fault offset: 0x0000850a
Faulting process id: 0x1010
Faulting application start time: 0xDllHost.exe0
Faulting application path: DllHost.exe1
Faulting module path: DllHost.exe2
Report Id: DllHost.exe3
Faulting package full name: DllHost.exe4
Faulting package-relative application ID: DllHost.exe5

Error: (12/17/2014 01:52:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: crashreporter.exe, version: 30.0.0.5269, time stamp: 0x539120cd
Faulting module name: zoomifyl32.dll, version: 1.1.0.29, time stamp: 0x530dff94
Exception code: 0xc000041d
Fault offset: 0x0000850a
Faulting process id: 0x10e8
Faulting application start time: 0xcrashreporter.exe0
Faulting application path: crashreporter.exe1
Faulting module path: crashreporter.exe2
Report Id: crashreporter.exe3
Faulting package full name: crashreporter.exe4
Faulting package-relative application ID: crashreporter.exe5

Error: (12/17/2014 01:52:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: crashreporter.exe, version: 30.0.0.5269, time stamp: 0x539120cd
Faulting module name: zoomifyl32.dll, version: 1.1.0.29, time stamp: 0x530dff94
Exception code: 0xc0000005
Fault offset: 0x0000850a
Faulting process id: 0x10e8
Faulting application start time: 0xcrashreporter.exe0
Faulting application path: crashreporter.exe1
Faulting module path: crashreporter.exe2
Report Id: crashreporter.exe3
Faulting package full name: crashreporter.exe4
Faulting package-relative application ID: crashreporter.exe5

Error: (12/17/2014 01:52:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 39.0.2171.95, time stamp: 0x548243f3
Faulting module name: zoomifyl32.dll, version: 1.1.0.29, time stamp: 0x530dff94
Exception code: 0xc000041d
Fault offset: 0x0000850a
Faulting process id: 0x31c
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Faulting package full name: chrome.exe4
Faulting package-relative application ID: chrome.exe5


System errors:
=============
Error: (12/17/2014 02:36:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Media Player Network Sharing Service service depends on the Windows Search service which failed to start because of the following error:
%%1058

Error: (12/17/2014 02:34:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The cozwhost service failed to start due to the following error:
%%2

Error: (12/17/2014 02:34:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The cozhost service failed to start due to the following error:
%%87

Error: (12/17/2014 02:33:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s).

Error: (12/17/2014 02:33:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s).

Error: (12/17/2014 02:33:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Management and Security Application User Notification Service service terminated unexpectedly. It has done this 1 time(s).

Error: (12/17/2014 02:33:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel(R) Management and Security Application Local Management Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (12/17/2014 02:33:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The IconMan_R service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (12/17/2014 02:33:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s).

Error: (12/17/2014 02:33:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel(R) Capability Licensing Service Interface service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (12/17/2014 02:12:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: cozhost.exe1.1.0.295486c2bantdll.dll6.2.9200.1704653b485c4c0000374000daa1466801d01a2d3f0ffad9C:\PROGRA~3\zoomify2\110~1.29\cozhost.exeC:\Windows\SYSTEM32\ntdll.dllacc47b28-8620-11e4-bec6-3085a9282d5e

Error: (12/17/2014 02:08:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DllHost.exe6.2.9200.163845010888azoomifyl32.dll1.1.0.29530dff94c00000050000850a4001d01a2cd1e7ce28C:\Windows\SysWOW64\DllHost.exeC:\ProgramData\zoomify2\1.1.0.29\zoomifyl32.dll1038de88-8620-11e4-bec5-3085a9282d5e

Error: (12/17/2014 02:06:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DllHost.exe6.2.9200.163845010888azoomifyl32.dll1.1.0.29530dff94c00000050000850a107801d01a2c99a6eb1aC:\Windows\SysWOW64\DllHost.exeC:\ProgramData\zoomify2\1.1.0.29\zoomifyl32.dlld758de19-861f-11e4-bec5-3085a9282d5e

Error: (12/17/2014 02:06:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DllHost.exe6.2.9200.163845010888azoomifyl32.dll1.1.0.29530dff94c000041d0000850a15d001d01a2c96e89a8bC:\Windows\SysWOW64\DllHost.exeC:\ProgramData\zoomify2\1.1.0.29\zoomifyl32.dlld594079e-861f-11e4-bec5-3085a9282d5e

Error: (12/17/2014 02:06:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DllHost.exe6.2.9200.163845010888azoomifyl32.dll1.1.0.29530dff94c00000050000850a15d001d01a2c96e89a8bC:\Windows\SysWOW64\DllHost.exeC:\ProgramData\zoomify2\1.1.0.29\zoomifyl32.dlld49788d8-861f-11e4-bec5-3085a9282d5e

Error: (12/17/2014 02:06:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DllHost.exe6.2.9200.163845010888azoomifyl32.dll1.1.0.29530dff94c000041d0000850a101001d01a2c941edd98C:\Windows\SysWOW64\DllHost.exeC:\ProgramData\zoomify2\1.1.0.29\zoomifyl32.dlld3e7d5c3-861f-11e4-bec5-3085a9282d5e

Error: (12/17/2014 02:06:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DllHost.exe6.2.9200.163845010888azoomifyl32.dll1.1.0.29530dff94c00000050000850a101001d01a2c941edd98C:\Windows\SysWOW64\DllHost.exeC:\ProgramData\zoomify2\1.1.0.29\zoomifyl32.dlld1dff173-861f-11e4-bec5-3085a9282d5e

Error: (12/17/2014 01:52:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: crashreporter.exe30.0.0.5269539120cdzoomifyl32.dll1.1.0.29530dff94c000041d0000850a10e801d01a2aa5248940C:\Program Files (x86)\Mozilla Firefox\crashreporter.exeC:\ProgramData\zoomify2\1.1.0.29\zoomifyl32.dlle4483e69-861d-11e4-bec5-3085a9282d5e

Error: (12/17/2014 01:52:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: crashreporter.exe30.0.0.5269539120cdzoomifyl32.dll1.1.0.29530dff94c00000050000850a10e801d01a2aa5248940C:\Program Files (x86)\Mozilla Firefox\crashreporter.exeC:\ProgramData\zoomify2\1.1.0.29\zoomifyl32.dlle2df633c-861d-11e4-bec5-3085a9282d5e

Error: (12/17/2014 01:52:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe39.0.2171.95548243f3zoomifyl32.dll1.1.0.29530dff94c000041d0000850a31c01d01a2a9b8fe981C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\ProgramData\zoomify2\1.1.0.29\zoomifyl32.dlldd76947b-861d-11e4-bec5-3085a9282d5e


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 35%
Total physical RAM: 3981.68 MB
Available physical RAM: 2587.26 MB
Total Pagefile: 4685.68 MB
Available Pagefile: 3299.6 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:186.3 GB) (Free:127.09 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:258.45 GB) (Free:258.33 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: CC1AD6D4)

Partition: GPT Partition Type.

==================== End Of Log ============================
beattheexams
Active Member
 
Posts: 4
Joined: December 17th, 2014, 3:10 pm

Re: Infected "zoomify"

Unread postby beattheexams » December 17th, 2014, 3:45 pm

At this point I am unsure of the status of my computer. I just, very cautiously, opened up google chrome and did a very quick search; my default, I went to "cats" on wikipedia, and no crazy spam or advertisements. How can I run a series of checks to make sure all of these problems are gone? I'm afraid this might only be temporary. Thanks in advance!
beattheexams
Active Member
 
Posts: 4
Joined: December 17th, 2014, 3:10 pm

Re: Infected "zoomify"

Unread postby NonSuch » December 17th, 2014, 7:25 pm

Please see >this topic<, which you should have read prior to starting your topic.

Bumping your topic

In order to see who is still waiting for help, Helpers at this forum look for topics with ZERO REPLIES, any topic that does not have zero replies will be passed by, since the Helper will assume you're already being helped.

When you reply to your topic or try to "bump" it, it will no longer have zero replies, and you will not receive the help you are looking for.

Because of this, when we see that you have replied to your own topic, as you have done here, your topic must be closed and you will need to start a new topic.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27300
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 45 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware