Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Need help removing Zoomify malware.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Need help removing Zoomify malware.

Unread postby jorynrox » December 29th, 2014, 2:43 pm

I was browsing yesterday and all of this crazy adware started popping up and asking me to download and run crazy things. My children are frequently playing on the computer so I don't know if I happened across it or they did, but I have narrowed it down to the "Zoomifyapp" from what I have read. I have gone through and tried to remove most of its components manually, but there is one file that says I do not have permission to remove it. Also I want to make sure I get the registry cleaned up as well. Please help!! :?

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16599 BrowserJavaVersion: 10.67.2
Run by Family-PC at 12:47:23 on 2014-12-29
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Coupons\CouponPrinterService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Alwil Software\Avast5\avastui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Users\Family-PC\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/?gws_rd=ssl
uWindow Title = Internet Explorer provided by Dell
uSearch Bar = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
uSearch Page = hxxp://us.yhs4.search.yahoo.com/yhs/sea ... yhs-001&p={searchTerms}
mStart Page = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
uURLSearchHooks: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - <orphaned>
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - <orphaned>
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
uRun: [AB982D307C26CA15BB65A62C73D94CCF85EFD862._service_run] "c:\program files\google\chrome\application\chrome.exe" --type=service
uRun: [Uploader] c:\program files\seagate\seagate dashboard 2.0\Seagate.Dashboard.Uploader.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AvastUI.exe] "c:\program files\alwil software\avast5\AvastUI.exe" /nogui
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [IminentMessenger] c:\program files\iminent\Iminent.Messengers.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [WinCheck] c:\users\family-pc\appdata\local\wincheck\wincheck.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 10.0.0.1
TCP: Interfaces\{86F32CD1-768E-4A68-BBD5-ED1403779BD2} : DHCPNameServer = 10.0.0.1
Notify: igfxcui - igfxdev.dll
AppInit_DLLs=
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\39.0.2171.95\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R? androidusb;SAMSUNG Android Composite ADB Interface Driver
R? BTCFilterService;USB Networking Driver Filter Service
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? cozaghost;cozaghost
R? dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
R? FlyUsb;FLY Fusion
R? hlnfd;hlnfd
R? motccgp;Motorola USB Composite Device Driver
R? motccgpfl;MotCcgpFlService
R? Motousbnet;Motorola USB Networking Driver Service
R? motusbdevice;Motorola USB Dev Driver
R? slsusb;Edge CS/CTS Device Driver
R? ssadbus;SAMSUNG Android USB Composite Device driver (WDM)
R? ssadmdfl;SAMSUNG Android USB Modem (Filter)
R? ssadmdm;SAMSUNG Android USB Modem Drivers
R? ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7
S? aswHwid;avast! HardwareID
S? aswMonFlt;aswMonFlt
S? aswRvrt;avast! Revert
S? aswSnx;aswSnx
S? aswSP;aswSP
S? aswVmm;avast! VM Monitor
S? avast! Antivirus;avast! Antivirus
S? CouponPrinterService;Coupon Printer Service
S? DockLoginService;Dock Login Service
S? FontCache;Windows Font Cache Service
.
=============== Created Last 30 ================
.
2014-12-29 03:04:53 -------- d-----w- c:\programdata\zoomify_29
2014-12-26 07:47:15 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a3b0f147-8cc6-4f45-bc34-003b19439348}\offreg.dll
2014-12-26 07:42:35 9054624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a3b0f147-8cc6-4f45-bc34-003b19439348}\mpengine.dll
2014-12-10 09:11:36 2048 ----a-w- c:\windows\system32\tzres.dll
2014-12-10 09:11:06 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-12-10 09:02:18 278528 ----a-w- c:\windows\system32\schannel.dll
2014-12-03 18:06:20 188304 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2014-11-25 19:16:31 787800 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-11-25 19:16:10 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-11-25 19:16:10 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-11-25 19:16:10 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-11-25 19:16:10 206248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-11-25 19:16:09 43152 ----a-w- c:\windows\avastSS.scr
2014-11-24 20:44:32 367104 ----a-w- c:\windows\system32\html.iec
2014-11-24 20:40:49 1810944 ----a-w- c:\windows\system32\jscript9.dll
2014-11-24 20:35:25 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-11-24 20:34:40 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-11-24 20:33:56 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-11-24 20:33:47 421376 ----a-w- c:\windows\system32\vbscript.dll
2014-11-24 20:32:47 11776 ----a-w- c:\windows\system32\mshta.exe
2014-11-24 20:32:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-11-24 20:04:58 229000 ------w- c:\windows\system32\MpSigStub.exe
2014-11-18 20:56:48 1202848 ----a-w- c:\windows\system32\FM20.DLL
2014-10-24 01:04:29 67072 ----a-w- c:\windows\system32\packager.dll
2014-10-24 01:03:40 499200 ----a-w- c:\windows\system32\kerberos.dll
2014-10-18 01:08:10 564224 ----a-w- c:\windows\system32\oleaut32.dll
2014-10-12 23:34:54 2054656 ----a-w- c:\windows\system32\win32k.sys
2014-10-10 01:01:27 449536 ----a-w- c:\windows\system32\termsrv.dll
2014-10-10 01:00:34 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-10-10 01:00:27 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2014-10-09 23:22:16 619520 ----a-w- c:\windows\system32\adtschema.dll
2014-10-03 01:18:20 274432 ----a-w- c:\windows\system32\AUDIOKSE.dll
2014-10-03 01:17:28 170496 ----a-w- c:\windows\system32\EncDump.dll
2014-10-03 01:17:16 396800 ----a-w- c:\windows\system32\AudioEng.dll
2014-10-03 01:17:16 316928 ----a-w- c:\windows\system32\audiosrv.dll
2014-10-01 13:37:05 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
============= FINISH: 12:48:40.89 ===============


.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Photoshop Elements 7.0
Adobe Reader X (10.1.13)
Adobe Refresh Manager
Adobe Shockwave Player 11.6
Apple Software Update
Avast Free Antivirus
Bonjour
BufferChm
Choice Guard
Compatibility Pack for the 2007 Office system
Copy
Coupon Printer for Windows
Dell Dock
Dell Getting Started Guide
DELL0604
Destinations
DeviceDiscovery
DJ_AIO_05_F4400_Software_Min
Dropbox
EDocs
F4400
Google Chrome
Google Update Helper
GPBaseService2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 14.0
HP Deskjet F4400 Printer Driver Software 14.0 Rel. 5
HP Imaging Device Functions 14.0
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
HPDiagnosticAlert
HPPhotoGadget
HPProductAssistant
Intel(R) PRO Network Connections 12.1.11.0
iTunes
Java 7 Update 67
Java Auto Updater
Java(TM) 6 Update 7
MarketResearch
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft IntelliPoint 6.3
Microsoft IntelliType Pro 6.3
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
MotoHelper MergeModules
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OGA Notifier 2.0.0048.0
Realtek High Definition Audio Driver
ROES.whcc
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
SAMSUNG USB Driver for Mobile Phones
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596927) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2920790) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2920792) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2984942) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office OneNote 2007 (KB2596857) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2920793) 32-Bit Edition
Shutterfly Express Uploader
SmartWebPrinting
SolutionCenter
Sonic Activation Module
Status
swMSM
Toolbox
TrayApp
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office PowerPoint 2007 (KB2597972) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
WebReg
WHCC ROES
Windows Live Communications Platform
Windows Live Essentials
Windows Live Photo Gallery
Windows Live Upload Tool
Zoomify
.
==== End Of File ===========================
jorynrox
Active Member
 
Posts: 10
Joined: December 29th, 2014, 2:38 pm
Advertisement
Register to Remove

Re: Need help removing Zoomify malware.

Unread postby askey127 » December 29th, 2014, 3:47 pm

Hi jorynrox,
-----------------------------------------------------------
Download and Run the Farbar Scan Tool
  • Download FRST and save to your Desktop.
  • Double click Frst.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press the Scan button.
    • When finished scanning, 2 logs will open on your Desktop, FRST.txt and Addition.txt
    • Please post them in your next reply.
If you lose track of them, they will be saved in the same location as FRST.exe
Feel free to use separate replies if it's more convenient.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Need help removing Zoomify malware.

Unread postby jorynrox » December 29th, 2014, 4:27 pm

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-12-2014
Ran by Family-PC (administrator) on FAMILYCOMP-PC on 29-12-2014 14:24:59
Running from C:\Users\Family-PC\Downloads
Loaded Profile: Family-PC (Available profiles: Family-PC)
Platform: Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Coupons.com Inc.) C:\Program Files\Coupons\CouponPrinterService.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Dropbox, Inc.) C:\Users\Family-PC\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4452352 2007-05-11] (Realtek Semiconductor)
HKLM\...\Run: [itype] => C:\Program Files\Microsoft IntelliType Pro\itype.exe [1442888 2008-06-10] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [1406024 2008-06-10] (Microsoft Corporation)
HKLM\...\Run: [dellsupportcenter] => "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: [RoxWatchTray] => C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [221184 2006-11-05] (Sonic Solutions)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [5227112 2014-12-12] (AVAST Software)
HKLM\...\Run: [UnlockerAssistant] => "C:\Program Files\Unlocker\UnlockerAssistant.exe"
HKLM\...\Run: [IminentMessenger] => C:\Program Files\Iminent\Iminent.Messengers.exe
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [WinCheck] => C:\Users\Family-PC\AppData\Local\wincheck\wincheck.exe
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3547222466-1095153349-50681056-1000\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [86960 2006-09-11] (Macrovision Corporation)
HKU\S-1-5-21-3547222466-1095153349-50681056-1000\...\Run: [AB982D307C26CA15BB65A62C73D94CCF85EFD862._service_run] => C:\Program Files\Google\Chrome\Application\chrome.exe [856904 2014-12-05] (Google Inc.)
HKU\S-1-5-21-3547222466-1095153349-50681056-1000\...\Run: [Uploader] => C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
HKU\S-1-5-21-3547222466-1095153349-50681056-1000\...\MountPoints2: {57e186ca-1eb2-11e0-b1d1-00219b26e807} - J:\rcaeasyrip_setup.exe
HKU\S-1-5-21-3547222466-1095153349-50681056-1000\...\MountPoints2: {735aea9c-927f-11df-b767-00219b26e807} - K:\LaunchU3.exe -a
HKU\S-1-5-21-3547222466-1095153349-50681056-1000\...\MountPoints2: {7f11c6fe-c190-11e1-8299-00219b26e807} - K:\setup.exe
HKU\S-1-5-21-3547222466-1095153349-50681056-1000\...\MountPoints2: {be30c044-a2a1-11e2-8941-00219b26e807} - J:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-3547222466-1095153349-50681056-1000\...\MountPoints2: {bfd6c8ec-9c57-11e2-8bb0-00219b26e807} - J:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-3547222466-1095153349-50681056-1000\...\MountPoints2: {cadf832d-f858-11e2-9c2b-00219b26e807} - J:\setup.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Family-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Family-PC\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Family-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll (AVAST Software)
CHR HKU\S-1-5-21-3547222466-1095153349-50681056-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3547222466-1095153349-50681056-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.yhs4.search.yahoo.com/yhs/sea ... yhs-001&p={searchTerms}
HKU\S-1-5-21-3547222466-1095153349-50681056-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
HKU\S-1-5-21-3547222466-1095153349-50681056-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=avastbcl
URLSearchHook: HKU\S-1-5-21-3547222466-1095153349-50681056-1000 - (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = http://us.yhs4.search.yahoo.com/yhs/sea ... yhs-001&p={searchTerms}
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = http://us.yhs4.search.yahoo.com/yhs/sea ... yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3547222466-1095153349-50681056-1000 -> DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&AF=110788&babsrc=SP_ss&mntrId=f06b893600000000000000219b26e807
SearchScopes: HKU\S-1-5-21-3547222466-1095153349-50681056-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&AF=110788&babsrc=SP_ss&mntrId=f06b893600000000000000219b26e807
SearchScopes: HKU\S-1-5-21-3547222466-1095153349-50681056-1000 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?clien ... src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=HE&apn_dtid=YYYYYYCCUS&apn_uid=9DDF4B91-514E-4813-8232-A5D591B27791&apn_sauid=F14CC2A4-9EE1-4537-9910-F32198CBA016
SearchScopes: HKU\S-1-5-21-3547222466-1095153349-50681056-1000 -> {1BEB0442-7DBF-B36E-F029-8EFD002724D5} URL = http://www.bing.com/search?q={searchTerms}&pc=Z041&form=ZGAIDF
SearchScopes: HKU\S-1-5-21-3547222466-1095153349-50681056-1000 -> {838B22EA-99F3-486C-9284-BA97963566F8} URL = http://www.bing.com/search?q={searchTerms}&FORM=DLCDF7&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3547222466-1095153349-50681056-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = http://us.yhs4.search.yahoo.com/yhs/sea ... yhs-001&p={searchTerms}
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: No Name -> {84FF7BD6-B47F-46F8-9130-01B2696B36CB} -> No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: No Name -> {9D425283-D487-4337-BAB6-AB8354A81457} -> No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - {9D425283-D487-4337-BAB6-AB8354A81457} - No File
Toolbar: HKU\S-1-5-21-3547222466-1095153349-50681056-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-3547222466-1095153349-50681056-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-3547222466-1095153349-50681056-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\S-1-5-21-3547222466-1095153349-50681056-1000 -> No Name - {9D425283-D487-4337-BAB6-AB8354A81457} - No File
Toolbar: HKU\S-1-5-21-3547222466-1095153349-50681056-1000 -> No Name - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1

FireFox:
========
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3547222466-1095153349-50681056-1000: @soe.sony.com/installer,version=1.0.3 -> C:\Users\Family-PC\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll No File
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-03-19]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-08-28]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-02-28]
FF HKU\S-1-5-21-3547222466-1095153349-50681056-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Family-PC\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Family-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-29]
CHR Extension: (Google Drive) - C:\Users\Family-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-29]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Family-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-29]
CHR Extension: (YouTube) - C:\Users\Family-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-29]
CHR Extension: (Google Search) - C:\Users\Family-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-29]
CHR Extension: (Avast Online Security) - C:\Users\Family-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-12-29]
CHR Extension: (Google Wallet) - C:\Users\Family-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-29]
CHR Extension: (Gmail) - C:\Users\Family-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-29]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-11-25]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor7.0; C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [169312 2008-09-16] (Adobe Systems Incorporated)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-11-25] (AVAST Software)
R2 CouponPrinterService; C:\Program Files\Coupons\CouponPrinterService.exe [153072 2014-09-05] (Coupons.com Inc.)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-09-23] (Stardock Corporation) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2010-03-18] (Macrovision Europe Ltd.) [File not signed]
S3 IDriverT; C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S3 RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [880640 2006-11-05] (Sonic Solutions) [File not signed]
S2 RoxWatch9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [159744 2006-11-05] (Sonic Solutions) [File not signed]
S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-09-14] (MicroVision Development, Inc.) [File not signed]
S4 cozaghost; "C:\ProgramData\zoomify_29\1.1.0.29\cozaghost.exe" /ts2=1 [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-25] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-25] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55240 2014-11-25] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-25] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-25] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-11-25] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57928 2014-11-25] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-25] ()
S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [19456 2007-06-18] (LeapFrog)
R3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
S3 slsusb; C:\Windows\System32\Drivers\slsusb.sys [26208 2009-08-03] (System Level Solutions (India) Pvt. Ltd.)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S1 hlnfd; system32\drivers\hlnfd.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U3 mbr; \??\C:\Users\FAMILY~1\AppData\Local\Temp\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-29 14:24 - 2014-12-29 14:25 - 00020822 _____ () C:\Users\Family-PC\Downloads\FRST.txt
2014-12-29 14:24 - 2014-12-29 14:25 - 00000000 ____D () C:\FRST
2014-12-29 14:23 - 2014-12-29 14:24 - 01114624 _____ (Farbar) C:\Users\Family-PC\Desktop\FRST.exe
2014-12-29 12:48 - 2014-12-29 12:48 - 00011922 _____ () C:\Users\Family-PC\Desktop\dds.txt
2014-12-29 12:48 - 2014-12-29 12:48 - 00006651 _____ () C:\Users\Family-PC\Desktop\attach.txt
2014-12-29 12:47 - 2014-12-29 12:47 - 00688992 ____R (Swearware) C:\Users\Family-PC\Desktop\dds.scr
2014-12-28 21:09 - 2014-12-28 21:19 - 00000000 ____D () C:\Users\Family-PC\Documents\ProPCCleaner
2014-12-28 21:04 - 2014-12-28 21:04 - 00000000 ____D () C:\ProgramData\zoomify_29
2014-12-15 17:54 - 2014-12-15 17:55 - 00000000 _____ () C:\Users\Family-PC\Downloads\f (1).txt
2014-12-10 03:11 - 2014-11-06 19:33 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 03:11 - 2014-11-03 18:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 03:02 - 2014-12-02 20:06 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-12-09 21:07 - 2014-11-24 14:44 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-09 21:07 - 2014-11-24 14:41 - 12369920 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-09 21:07 - 2014-11-24 14:40 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-09 21:07 - 2014-11-24 14:37 - 09740800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-09 21:07 - 2014-11-24 14:35 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-09 21:07 - 2014-11-24 14:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-09 21:07 - 2014-11-24 14:34 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-09 21:07 - 2014-11-24 14:34 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-12-09 21:07 - 2014-11-24 14:33 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-09 21:07 - 2014-11-24 14:33 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-09 21:07 - 2014-11-24 14:33 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-09 21:07 - 2014-11-24 14:33 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-09 21:07 - 2014-11-24 14:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-09 21:07 - 2014-11-24 14:33 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-09 21:07 - 2014-11-24 14:33 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-12-09 21:07 - 2014-11-24 14:32 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-09 21:07 - 2014-11-24 14:32 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-09 21:07 - 2014-11-24 14:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-09 21:07 - 2014-11-24 14:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-09 21:07 - 2014-11-24 14:32 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-09 21:07 - 2014-11-24 14:32 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-12-09 21:07 - 2014-11-24 14:32 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-29 14:11 - 2006-11-02 06:45 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-29 14:11 - 2006-11-02 06:45 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-29 14:05 - 2010-03-18 12:31 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-29 11:29 - 2010-03-18 12:31 - 00000000 ____D () C:\Users\Family-PC\AppData\Local\Google
2014-12-29 11:29 - 2010-03-18 12:31 - 00000000 ____D () C:\ProgramData\Google
2014-12-29 11:29 - 2010-03-18 12:31 - 00000000 ____D () C:\Program Files\Google
2014-12-29 08:16 - 2009-02-11 16:10 - 01058312 _____ () C:\Windows\WindowsUpdate.log
2014-12-29 08:13 - 2014-07-23 22:01 - 00000000 ___RD () C:\Users\Family-PC\Dropbox
2014-12-29 08:13 - 2014-07-23 21:58 - 00000000 ____D () C:\Users\Family-PC\AppData\Roaming\Dropbox
2014-12-29 08:11 - 2010-03-18 12:31 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-29 08:11 - 2006-11-02 06:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-29 08:10 - 2008-01-20 21:02 - 01246642 _____ () C:\Windows\PFRO.log
2014-12-28 22:40 - 2006-11-02 06:58 - 00032596 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-28 19:56 - 2014-02-13 19:37 - 00000000 ____D () C:\Users\Family-PC\Documents\My Scans
2014-12-21 09:13 - 2006-11-02 04:33 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-16 17:35 - 2014-07-23 22:01 - 00000933 _____ () C:\Users\Family-PC\Desktop\Dropbox.lnk
2014-12-16 17:35 - 2014-07-23 22:00 - 00000000 ____D () C:\Users\Family-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-16 17:29 - 2009-02-11 22:33 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-14 14:56 - 2011-10-12 06:16 - 00002587 _____ () C:\Users\Family-PC\Desktop\MS Word.lnk
2014-12-14 03:01 - 2010-06-05 02:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-12 15:42 - 2011-08-25 20:23 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-12-10 23:52 - 2014-09-09 19:12 - 00000000 ____D () C:\Users\Family-PC\Documents\Custody Calendar
2014-12-10 23:51 - 2013-01-31 15:37 - 00000000 ____D () C:\Users\Family-PC\Documents\Important Docs
2014-12-10 12:38 - 2010-08-13 09:35 - 00001933 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-10 03:47 - 2006-11-02 05:18 - 00000000 ____D () C:\Windows\rescache
2014-12-10 03:12 - 2010-03-18 13:13 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 03:09 - 2013-08-10 02:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 03:04 - 2006-11-02 04:24 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

Some content of TEMP:
====================
C:\Users\Family-PC\AppData\Local\Temp\782946dc-fdea-4008-bd62-735adf78b396.setup.exe
C:\Users\Family-PC\AppData\Local\Temp\dae7f75d-9fe1-4e37-b49b-d32a6a6d7e94.setup.exe
C:\Users\Family-PC\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpujmz2u.dll
C:\Users\Family-PC\AppData\Local\Temp\insHv18.exe
C:\Users\Family-PC\AppData\Local\Temp\MML_Installer-v1.5.2060.2_signed.exe
C:\Users\Family-PC\AppData\Local\Temp\ose00000.exe
C:\Users\Family-PC\AppData\Local\Temp\setup.exe
C:\Users\Family-PC\AppData\Local\Temp\SpotifyUninstall.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-29 08:17

==================== End Of Log ============================
jorynrox
Active Member
 
Posts: 10
Joined: December 29th, 2014, 2:38 pm

Re: Need help removing Zoomify malware.

Unread postby jorynrox » December 29th, 2014, 4:28 pm

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-12-2014
Ran by Family-PC at 2014-12-29 14:25:48
Running from C:\Users\Family-PC\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
Adobe Photoshop Elements 7.0 (HKLM\...\Adobe Photoshop Elements 7) (Version: 7.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM\...\avast) (Version: 10.0.2208 - AVAST Software)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Copy (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.1.2) (Version: 5.0.1.2 - Coupons.com Incorporated)
Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)
Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
DELL0604 (Version: 1.0.0 - WildTangent) Hidden
Destinations (Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 140.0.212.000 - Hewlett-Packard) Hidden
DJ_AIO_05_F4400_Software_Min (Version: 140.0.690.000 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-3547222466-1095153349-50681056-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
EDocs (HKLM\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version: - )
F4400 (Version: 140.0.696.000 - Hewlett-Packard) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService2 (Version: 140.0.211.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Deskjet F4400 Printer Driver Software 14.0 Rel. 5 (HKLM\...\{A800FCC9-8E1E-4D84-9CED-47870701FDE1}) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Intel(R) PRO Network Connections 12.1.11.0 (HKLM\...\PROSetDX) (Version: - Intel)
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java(TM) 6 Update 7 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.)
MarketResearch (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft IntelliPoint 6.3 (HKLM\...\{66A9D30D-1464-4C7F-B2F3-507DADAF2595}) (Version: 6.30.191.0 - Microsoft)
Microsoft IntelliType Pro 6.3 (HKLM\...\{02F6993D-B763-4F40-8F93-2A9CD97586E3}) (Version: 6.30.191.0 - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MotoHelper MergeModules (Version: 1.2.0 - Motorola) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - )
ROES.whcc (HKU\S-1-5-21-3547222466-1095153349-50681056-1000\...\ROES.whcc) (Version: - WHCC)
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio)
Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
Roxio Creator DE (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio)
Roxio Drag-to-Disc (HKLM\...\{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}) (Version: 9.0 - Roxio)
Roxio Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)
Roxio MyDVD DE (HKLM\...\{D639085F-4B6E-4105-9F37-A0DBB023E2FB}) (Version: 9.0.117 - Roxio, Inc.)
Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Roxio)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{9F153AD3-3523-4542-818E-AE2F92249667}) (Version: 1.3.550.0 - SAMSUNG Electronics CO., LTD.)
Scan (Version: 140.0.80.000 - Hewlett-Packard) Hidden
Shutterfly Express Uploader (HKLM\...\com.Shutterfly.ExpressUploader) (Version: 1.0.0.4 - Shutterfly, Inc.)
Shutterfly Express Uploader (Version: 1.0.0 - Shutterfly, Inc.) Hidden
SmartWebPrinting (Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 140.0.213.000 - Hewlett-Packard) Hidden
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
Status (Version: 140.0.212.000 - Hewlett-Packard) Hidden
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Toolbox (Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
WebReg (Version: 140.0.212.017 - Hewlett-Packard) Hidden
WHCC ROES (HKU\S-1-5-21-3547222466-1095153349-50681056-1000\...\WHCC ROES) (Version: - WHCC)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Zoomify (HKLM\...\zoomify) (Version: 1.1.0.29 - Zoomify) <==== ATTENTION!

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3547222466-1095153349-50681056-1000_Classes\CLSID\{000F1EA4-5E08-4564-A29B-29076F63A37A}\InprocServer32 -> C:\Users\Family-PC\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll No F (the data entry has 3 more characters).
CustomCLSID: HKU\S-1-5-21-3547222466-1095153349-50681056-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Family-PC\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3547222466-1095153349-50681056-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Family-PC\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3547222466-1095153349-50681056-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Family-PC\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3547222466-1095153349-50681056-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Family-PC\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3547222466-1095153349-50681056-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Family-PC\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3547222466-1095153349-50681056-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Family-PC\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3547222466-1095153349-50681056-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Family-PC\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3547222466-1095153349-50681056-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Family-PC\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3547222466-1095153349-50681056-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Family-PC\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Restore Points =========================

09-12-2014 02:28:04 Windows Update
10-12-2014 00:00:06 Scheduled Checkpoint
10-12-2014 03:00:31 Windows Update
11-12-2014 00:41:24 Scheduled Checkpoint
12-12-2014 21:17:54 Scheduled Checkpoint
14-12-2014 00:00:09 Scheduled Checkpoint
14-12-2014 03:00:11 Windows Update
15-12-2014 00:00:09 Scheduled Checkpoint
16-12-2014 00:00:09 Scheduled Checkpoint
16-12-2014 21:50:16 Scheduled Checkpoint
18-12-2014 00:00:04 Scheduled Checkpoint
19-12-2014 00:00:04 Scheduled Checkpoint
19-12-2014 02:04:16 Windows Update
20-12-2014 00:00:12 Scheduled Checkpoint
21-12-2014 16:54:23 Scheduled Checkpoint
22-12-2014 17:18:47 Scheduled Checkpoint
23-12-2014 01:42:10 Windows Update
24-12-2014 00:00:04 Scheduled Checkpoint
25-12-2014 00:00:04 Scheduled Checkpoint
26-12-2014 00:00:05 Scheduled Checkpoint
27-12-2014 00:00:06 Scheduled Checkpoint
28-12-2014 00:00:08 Scheduled Checkpoint
28-12-2014 21:15:03 Removed Pro PC Cleaner
28-12-2014 21:17:14 Removed Pro PC Cleaner

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 04:23 - 2006-09-18 15:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {12A13776-F5F8-4795-B062-D490C1BC2D8C} - System32\Tasks\{53107A80-4872-45D1-89C5-59C5AB81FAE1} => pcalua.exe -a C:\Users\Family-PC\AppData\Local\Temp\Temp1_DST_Tuner_Setup.zip\DSTuner_demo.exe
Task: {1B852552-E484-4793-B0A3-D0C699DA7466} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\IType.exe [2008-06-10] (Microsoft Corporation)
Task: {1BA3D7F2-0734-4316-970B-DC9F4631C97A} - System32\Tasks\ProPCCleaner_Start => C:\Program Files\Pro PC Cleaner\ProPCCleaner.exe
Task: {22637CCF-DC96-4327-8BCF-C3F4BDFFB23B} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files\Pro PC Cleaner\Splash.exe
Task: {2D87F644-6528-4F5C-819D-8CD7041518AA} - System32\Tasks\{9D828218-8662-4F9A-BF9D-43398C01A88D} => pcalua.exe -a C:\Windows\iun507.exe -c C:\Program Files\JET\DSTunerDemo\irunin.ini
Task: {2DAF678C-D62C-411A-BC2C-875D901DD761} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {43206633-C456-49FD-AB7E-7B200F0A8ABE} - System32\Tasks\{EBA90429-241F-4DD7-B6D3-3D0785B0132F} => pcalua.exe -a "J:\TunerPro RT\unins000.exe" -d "J:\TunerPro RT"
Task: {59B08FA6-2216-4D29-BAAA-1453E9CC72F1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {6A1CC4E0-1227-45E0-BED2-545329C2A4DC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {7ED4F3F6-4088-4080-9FB7-38484B74F48A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {AC9123CB-1071-4050-8EC5-D105AEA575B7} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2008-06-10] (Microsoft Corporation)
Task: {C2B850A0-4289-49EF-86D0-ADC5E4B7518B} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2014-11-25] (AVAST Software)
Task: {EA9FE91F-992A-4C3C-A212-179AB4DBC4E0} - System32\Tasks\Seagate_Install_Launch => C:\Program Files\Seagate\Seagate Dashboard 2.0\Dashboard.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-12-23 21:44 - 2006-10-26 16:21 - 00056056 _____ () C:\Windows\system32\DLAAPI_W.DLL
2014-12-29 12:15 - 2014-12-29 12:15 - 02908160 _____ () C:\Program Files\Alwil Software\Avast5\defs\14122901\algo.dll
2006-11-05 10:58 - 2006-11-05 10:58 - 00516096 _____ () C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\LayoutDll9.dll
2006-11-05 10:28 - 2006-11-05 10:28 - 04587520 ____R () C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
2013-12-02 18:05 - 2014-11-25 13:16 - 38562088 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll
2014-10-21 18:22 - 2014-10-21 18:22 - 00750080 _____ () C:\Users\Family-PC\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2014-12-29 08:12 - 2014-12-29 08:12 - 00043008 _____ () c:\Users\Family-PC\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpujmz2u.dll
2014-10-21 18:22 - 2014-10-21 18:22 - 00047616 _____ () C:\Users\Family-PC\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-21 18:22 - 2014-10-21 18:22 - 00863744 _____ () C:\Users\Family-PC\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-21 18:22 - 2014-10-21 18:22 - 00200704 _____ () C:\Users\Family-PC\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-12-10 12:37 - 2014-12-05 19:50 - 09009480 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-10 12:37 - 2014-12-05 19:50 - 01677128 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-04-10 06:45 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\Family-PC\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-04-10 06:45 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\Family-PC\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:5D432CE3

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Windows Defender => C:\Program Files\Windows Defender\MSASCui.exe -hide

========================= Accounts: ==========================

Administrator (S-1-5-21-3547222466-1095153349-50681056-500 - Administrator - Disabled)
Family-PC (S-1-5-21-3547222466-1095153349-50681056-1000 - Administrator - Enabled) => C:\Users\Family-PC
Guest (S-1-5-21-3547222466-1095153349-50681056-501 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/29/2014 08:12:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/22/2014 04:47:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/22/2014 07:22:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/21/2014 09:06:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/16/2014 05:30:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/12/2014 03:53:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/12/2014 03:37:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/10/2014 03:31:55 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/10/2014 03:09:00 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (12/10/2014 03:09:00 AM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4


System errors:
=============
Error: (12/29/2014 08:12:02 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: hlnfd

Error: (12/28/2014 10:40:23 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}

Error: (12/28/2014 10:20:27 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (12/28/2014 10:20:26 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (12/28/2014 10:20:25 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (12/28/2014 10:20:24 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (12/28/2014 10:20:23 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (12/28/2014 10:20:22 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (12/28/2014 10:20:21 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (12/28/2014 10:20:20 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.


Microsoft Office Sessions:
=========================
Error: (12/02/2012 01:38:55 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 157672 seconds with 2100 seconds of active time. This session ended with a crash.


CodeIntegrity Errors:
===================================
Date: 2013-08-12 09:10:13.299
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\igdumd32.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-08-12 09:10:12.969
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\igdumd32.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-08-11 13:46:10.687
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\igdumd32.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-08-11 13:46:10.398
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\igdumd32.dll because the set of per-page image hashes could not be found on the system.

Date: 2012-05-01 13:15:02.037
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\igdumd32.dll because the set of per-page image hashes could not be found on the system.

Date: 2012-05-01 13:15:01.860
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\igdumd32.dll because the set of per-page image hashes could not be found on the system.

Date: 2012-05-01 13:15:01.250
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\igdumd32.dll because the set of per-page image hashes could not be found on the system.

Date: 2012-05-01 13:15:01.076
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\igdumd32.dll because the set of per-page image hashes could not be found on the system.

Date: 2012-04-21 18:54:40.150
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\igdumd32.dll because the set of per-page image hashes could not be found on the system.

Date: 2012-04-21 18:54:39.956
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\igdumd32.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz
Percentage of memory in use: 67%
Total physical RAM: 2036.45 MB
Available physical RAM: 667.25 MB
Total Pagefile: 4308.2 MB
Available Pagefile: 2439.66 MB
Total Virtual: 2047.88 MB
Available Virtual: 1897.95 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:172.58 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:9.67 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 9AEE0D57)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=283.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================
jorynrox
Active Member
 
Posts: 10
Joined: December 29th, 2014, 2:38 pm

Re: Need help removing Zoomify malware.

Unread postby askey127 » December 29th, 2014, 4:46 pm

jorynrox,
We will replace Adobe reader later.
I know you probably tried to Uninstall Zoomify earlier, but I included it anyway.
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Programs and Features
Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:

Adobe Reader X
Coupon Printer for Windows
Java(TM) 6 Update 7
Zoomify

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine

--------------------------------------------------------
Run A Fix With FRST
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both the program FRST.exe and Fixlist.txt be in the same location, or the fix will not work.
(Both on the Desktop is OK, or both in the same folder elsewhere)

Run FRST and press the Fix button just once and wait. DO NOT PRESS THE SCAN BUTTON.
If for some reason the tool needs a restart, please make sure you let the system restart normally.
The tool may start automatically and complete its work after the system restart. Let the tool complete its run.
When finished, FRST will generate a log on the Desktop (Fixlog.txt). Please post the contents in your reply.

---------------------------------------------
Please download SystemLook from the link below and save it to your Desktop.
Download Mirror #1 (32-bit)

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield. Do not include "Code: Select All":
    Code: Select all
    :filefind
    *zoomify*
    :folderfind 
    *zoomify*
    :regfind
    zoomify
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The results log can also be found on your Desktop, entitled SystemLook.txt

So we will be looking for the FIXlog from FRST, and the report from SystemLook.

askey127
You do not have the required permissions to view the files attached to this post.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Need help removing Zoomify malware.

Unread postby jorynrox » December 29th, 2014, 5:22 pm

Here are the logs you requested.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 28-12-2014
Ran by Family-PC at 2014-12-29 15:19:44 Run:1
Running from C:\Users\Family-PC\Desktop
Loaded Profile: Family-PC (Available profiles: Family-PC)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Task: {1BA3D7F2-0734-4316-970B-DC9F4631C97A} - System32\Tasks\ProPCCleaner_Start => C:\Program Files\Pro PC Cleaner\ProPCCleaner.exe
Task: {22637CCF-DC96-4327-8BCF-C3F4BDFFB23B} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files\Pro PC Cleaner\Splash.exe
HKLM\...\Run: [] => [X]
HKLM\...\Run: [IminentMessenger] => C:\Program Files\Iminent\Iminent.Messengers.exe
CHR HKU\S-1-5-21-3547222466-1095153349-50681056-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3547222466-1095153349-50681056-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.yhs4.search.yahoo.com/yhs/sea ... yhs-001&p= {searchTerms}
URLSearchHook: HKU\S-1-5-21-3547222466-1095153349-50681056-1000 - (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = http://us.yhs4.search.yahoo.com/yhs/sea ... yhs-001&p= {searchTerms}
SearchScopes: HKU\S-1-5-21-3547222466-1095153349-50681056-1000 -> DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q= {searchTerms}&AF=110788&babsrc=SP_ss&mntrId=f06b893600000000000000219b26e807
SearchScopes: HKU\S-1-5-21-3547222466-1095153349-50681056-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q= {searchTerms}&AF=110788&babsrc=SP_ss&mntrId=f06b893600000000000000219b26e807
SearchScopes: HKU\S-1-5-21-3547222466-1095153349-50681056-1000 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?clien ... src=crm&q= {searchTerms}&locale=en_US&apn_ptnrs=HE&apn_dtid=YYYYYYCCUS&apn_uid=9DDF4B91-514E-4813-8232-A5D591B27791&apn_sauid=F14CC2A4-9EE1-4537-9910-F32198CBA016
SearchScopes: HKU\S-1-5-21-3547222466-1095153349-50681056-1000 -> {1BEB0442-7DBF-B36E-F029-8EFD002724D5} URL = http://www.bing.com/search?q= {searchTerms}&pc=Z041&form=ZGAIDF
SearchScopes: HKU\S-1-5-21-3547222466-1095153349-50681056-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = http://us.yhs4.search.yahoo.com/yhs/sea ... yhs-001&p= {searchTerms}
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO: No Name -> {84FF7BD6-B47F-46F8-9130-01B2696B36CB} -> No File
BHO: No Name -> {9D425283-D487-4337-BAB6-AB8354A81457} -> No File
Toolbar: HKLM - No Name - {9D425283-D487-4337-BAB6-AB8354A81457} - No File
Toolbar: HKU\S-1-5-21-3547222466-1095153349-50681056-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\S-1-5-21-3547222466-1095153349-50681056-1000 -> No Name - {9D425283-D487-4337-BAB6-AB8354A81457} - No File
R2 CouponPrinterService; C:\Program Files\Coupons\CouponPrinterService.exe [153072 2014-09-05] (Coupons.com Inc.)
S4 cozaghost; "C:\ProgramData\zoomify_29\1.1.0.29\cozaghost.exe" /ts2=1 [X]
C:\ProgramData\zoomify_29\1.1.0.29\cozaghost.exe

*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1BA3D7F2-0734-4316-970B-DC9F4631C97A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1BA3D7F2-0734-4316-970B-DC9F4631C97A}" => Key deleted successfully.
C:\Windows\System32\Tasks\ProPCCleaner_Start => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Start" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{22637CCF-DC96-4327-8BCF-C3F4BDFFB23B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{22637CCF-DC96-4327-8BCF-C3F4BDFFB23B}" => Key deleted successfully.
C:\Windows\System32\Tasks\ProPCCleaner_Popup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Popup" => Key deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\IminentMessenger => value deleted successfully.
"HKU\S-1-5-21-3547222466-1095153349-50681056-1000\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\S-1-5-21-3547222466-1095153349-50681056-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKU\S-1-5-21-3547222466-1095153349-50681056-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{84FF7BD6-B47F-46F8-9130-01B2696B36CB} => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKU\S-1-5-21-3547222466-1095153349-50681056-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-3547222466-1095153349-50681056-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}" => Key deleted successfully.
HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found.
"HKU\S-1-5-21-3547222466-1095153349-50681056-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}" => Key deleted successfully.
HKCR\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => Key not found.
"HKU\S-1-5-21-3547222466-1095153349-50681056-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1BEB0442-7DBF-B36E-F029-8EFD002724D5}" => Key deleted successfully.
HKCR\CLSID\{1BEB0442-7DBF-B36E-F029-8EFD002724D5} => Key not found.
"HKU\S-1-5-21-3547222466-1095153349-50681056-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}" => Key deleted successfully.
HKCR\CLSID\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key deleted successfully.
HKCR\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}" => Key deleted successfully.
HKCR\CLSID\{84FF7BD6-B47F-46F8-9130-01B2696B36CB} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}" => Key deleted successfully.
HKCR\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{9D425283-D487-4337-BAB6-AB8354A81457} => value deleted successfully.
HKCR\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457} => Key not found.
HKU\S-1-5-21-3547222466-1095153349-50681056-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value deleted successfully.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
HKU\S-1-5-21-3547222466-1095153349-50681056-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9D425283-D487-4337-BAB6-AB8354A81457} => value deleted successfully.
HKCR\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457} => Key not found.
CouponPrinterService => Service not found.
cozaghost => Service deleted successfully.
"C:\ProgramData\zoomify_29\1.1.0.29\cozaghost.exe" => File/Directory not found.

==== End of Fixlog 15:19:45 ====
jorynrox
Active Member
 
Posts: 10
Joined: December 29th, 2014, 2:38 pm

Re: Need help removing Zoomify malware.

Unread postby jorynrox » December 29th, 2014, 5:30 pm

SystemLook 04.09.10 by jpshortstuff
Log created at 15:23 on 29/12/2014 by Family-PC
Administrator - Elevation successful

========== filefind ==========

Searching for "*zoomify*"
C:\ProgramData\zoomify_29\1.1.0.29\zoomifyL32.dll ------- 318976 bytes [16:10 24/12/2014] [16:10 24/12/2014] 943E8E60720FDFA574339C21A37BEDB0
C:\Users\All Users\zoomify_29\1.1.0.29\zoomifyL32.dll ------- 318976 bytes [16:10 24/12/2014] [16:10 24/12/2014] 943E8E60720FDFA574339C21A37BEDB0
C:\Users\Family-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5PILZVXU\zoomify_2512[1].exe --a---- 1235782 bytes [03:03 29/12/2014] [03:03 29/12/2014] 8B664B78111F1F801E78424FA033E130
C:\Users\Family-PC\AppData\Local\Temp\zoomify_installer_{0A3EC4AA-226A-4A8F-9CDD-01FBCDFA1DC8-2014_12_28}_1419822292.txt --a---- 2891 bytes [03:04 29/12/2014] [03:07 29/12/2014] C5A2ED8FEC57BCDA58D1569AE030E13C

========== folderfind ==========

Searching for "*zoomify*"
C:\ProgramData\zoomify_29 d------ [03:04 29/12/2014]
C:\Users\All Users\zoomify_29 d------ [03:04 29/12/2014]

========== regfind ==========

Searching for "zoomify"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\zoomify]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\zoomify_29]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\2f189aaa_0]
@="{0.0.0.00000000}.{78db556e-2cf1-4855-a6ab-ff1c8750f817}|\Device\HarddiskVolume3\ProgramData\zoomify_29\1.1.0.29\cozaghost.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\zoomify_29]
[HKEY_LOCAL_MACHINE\SOFTWARE\zoomify_29]
"logfile"="C:\Users\FAMILY~1\AppData\Local\Temp\zoomify_installer_{0A3EC4AA-226A-4A8F-9CDD-01FBCDFA1DC8-2014_12_28}_1419822292.txt"
[HKEY_LOCAL_MACHINE\SOFTWARE\zoomify_29]
@="C:\ProgramData\zoomify_29"
[HKEY_LOCAL_MACHINE\SOFTWARE\zoomify_29]
"lowpath"="C:\Users\Family-PC\AppData\LocalLow\zoomify\content\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3A283DC3-B184-44F0-B130-8290D89FAE41}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\ProgramData\zoomify_29\1.1.0.29\cozaghost.exe|Name=zoomify|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{B02116AB-5F4D-475A-9EAF-318F58ED8022}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=C:\ProgramData\zoomify_29\1.1.0.29\cozaghost.exe|Name=zoomify|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{B79008AA-4EE9-4E9A-AF04-23EF4F5F7872}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|App=C:\ProgramData\zoomify_29\1.1.0.29\cozaghost.exe|Name=zoomify|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0236C1A6-7B6D-4AC6-8CE6-164E49EC9C62}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\zoomify_29\1.1.0.29\cozaghost.exe|Name=zoomify|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{60B99362-52ED-4A2A-ADE4-D7F6BC8799EC}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\zoomify_29\1.1.0.29\cozaghost.exe|Name=zoomify|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3A283DC3-B184-44F0-B130-8290D89FAE41}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\ProgramData\zoomify_29\1.1.0.29\cozaghost.exe|Name=zoomify|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\cozaghost]
"ImagePath"=""C:\ProgramData\zoomify_29\1.1.0.29\cozaghost.exe" /ts2=1"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3A283DC3-B184-44F0-B130-8290D89FAE41}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\ProgramData\zoomify_29\1.1.0.29\cozaghost.exe|Name=zoomify|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{B02116AB-5F4D-475A-9EAF-318F58ED8022}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=C:\ProgramData\zoomify_29\1.1.0.29\cozaghost.exe|Name=zoomify|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{B79008AA-4EE9-4E9A-AF04-23EF4F5F7872}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|App=C:\ProgramData\zoomify_29\1.1.0.29\cozaghost.exe|Name=zoomify|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0236C1A6-7B6D-4AC6-8CE6-164E49EC9C62}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\zoomify_29\1.1.0.29\cozaghost.exe|Name=zoomify|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{60B99362-52ED-4A2A-ADE4-D7F6BC8799EC}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\zoomify_29\1.1.0.29\cozaghost.exe|Name=zoomify|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3A283DC3-B184-44F0-B130-8290D89FAE41}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\ProgramData\zoomify_29\1.1.0.29\cozaghost.exe|Name=zoomify|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{B02116AB-5F4D-475A-9EAF-318F58ED8022}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=C:\ProgramData\zoomify_29\1.1.0.29\cozaghost.exe|Name=zoomify|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{B79008AA-4EE9-4E9A-AF04-23EF4F5F7872}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|App=C:\ProgramData\zoomify_29\1.1.0.29\cozaghost.exe|Name=zoomify|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0236C1A6-7B6D-4AC6-8CE6-164E49EC9C62}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\zoomify_29\1.1.0.29\cozaghost.exe|Name=zoomify|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{60B99362-52ED-4A2A-ADE4-D7F6BC8799EC}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\zoomify_29\1.1.0.29\cozaghost.exe|Name=zoomify|Edge=FALSE|"
[HKEY_USERS\S-1-5-21-3547222466-1095153349-50681056-1000\Software\AppDataLow\Software\zoomify]
[HKEY_USERS\S-1-5-21-3547222466-1095153349-50681056-1000\Software\AppDataLow\Software\zoomify_29]
[HKEY_USERS\S-1-5-21-3547222466-1095153349-50681056-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\2f189aaa_0]
@="{0.0.0.00000000}.{78db556e-2cf1-4855-a6ab-ff1c8750f817}|\Device\HarddiskVolume3\ProgramData\zoomify_29\1.1.0.29\cozaghost.exe%b{00000000-0000-0000-0000-000000000000}"

-= EOF =-
jorynrox
Active Member
 
Posts: 10
Joined: December 29th, 2014, 2:38 pm

Re: Need help removing Zoomify malware.

Unread postby askey127 » December 29th, 2014, 6:28 pm

jorynrox,
---------------------------------------------
Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.
----------------------------------------------
Perform a Custom Fix with OTL
Right click OTL on your desktop, and choose "Run as administrator" to open it.
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include "Code:Select all"):
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :processes
    killallprocesses
    
    :Reg
    [-HKEY_CURRENT_USER\Software\AppDataLow\Software\zoomify]
    [-HKEY_CURRENT_USER\Software\AppDataLow\Software\zoomify_29]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\2f189aaa_0]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\zoomify_29]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{3A283DC3-B184-44F0-B130-8290D89FAE41}"=-
    "{B02116AB-5F4D-475A-9EAF-318F58ED8022}"=-
    "{B79008AA-4EE9-4E9A-AF04-23EF4F5F7872}"=-
    "v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=-
    "{0236C1A6-7B6D-4AC6-8CE6-164E49EC9C62}"=-
    "{60B99362-52ED-4A2A-ADE4-D7F6BC8799EC}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{3A283DC3-B184-44F0-B130-8290D89FAE41}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\cozaghost]
    "ImagePath"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{3A283DC3-B184-44F0-B130-8290D89FAE41}"=-
    "{B02116AB-5F4D-475A-9EAF-318F58ED8022}"=-
    "{B79008AA-4EE9-4E9A-AF04-23EF4F5F7872}"=-
    "{0236C1A6-7B6D-4AC6-8CE6-164E49EC9C62}"=-
    "{60B99362-52ED-4A2A-ADE4-D7F6BC8799EC}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{3A283DC3-B184-44F0-B130-8290D89FAE41}"=-
    "{B02116AB-5F4D-475A-9EAF-318F58ED8022}"=-
    "{B79008AA-4EE9-4E9A-AF04-23EF4F5F7872}"=-
    "{0236C1A6-7B6D-4AC6-8CE6-164E49EC9C62}"=-
    "{60B99362-52ED-4A2A-ADE4-D7F6BC8799EC}"=-
    [-HKEY_USERS\S-1-5-21-3547222466-1095153349-50681056-1000\Software\AppDataLow\Software\zoomify]
    [-HKEY_USERS\S-1-5-21-3547222466-1095153349-50681056-1000\Software\AppDataLow\Software\zoomify_29]
    [-HKEY_USERS\S-1-5-21-3547222466-1095153349-50681056-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\2f189aaa_0]
    
    :Files
    C:\Users\Family-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5PILZVXU\zoomify_2512[1].exe
    C:\Users\Family-PC\AppData\Local\Temp\zoomify_installer_{0A3EC4AA-226A-4A8F-9CDD-01FBCDFA1DC8-2014_12_28}_1419822292.txt
    C:\ProgramData\zoomify_29
    C:\Users\All Users\zoomify_29
    ipconfig /flushdns /c
    
    :Commands
    [EMPTYTEMP]
    
  • Then click the Run Fix button at the top. DO NOT CLICK Run Scan
  • Let the program run unhindered, and click to allow the Reboot when it is done.
    When the computer Reboots, and you start your usual account, a Notepad text file will appear.
  • That is the FIX log file. Copy the contents of that file and post it in your next reply.
    It will also be available and named by timestamp here: C:\_OTL\Moved Files\mmddyyyy_hhmmss.log

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Need help removing Zoomify malware.

Unread postby jorynrox » December 29th, 2014, 7:08 pm

A window popped up that said that OTL had stopped working correctly and would be shutdown. Then another window popped up and said "OTL has stopped working. A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available."

This is the log that came up on the reboot.


Files\Folders moved on Reboot...
File\Folder C:\Users\Family-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Family-PC\AppData\Roaming\Dropbox\shellext \l\5409bc96 not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
jorynrox
Active Member
 
Posts: 10
Joined: December 29th, 2014, 2:38 pm

Re: Need help removing Zoomify malware.

Unread postby askey127 » December 29th, 2014, 10:27 pm

I would run the same custom Fix again and see how it does.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Need help removing Zoomify malware.

Unread postby jorynrox » December 30th, 2014, 1:06 am

Same thing happened. Here is the log I got this time.



Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
jorynrox
Active Member
 
Posts: 10
Joined: December 29th, 2014, 2:38 pm

Re: Need help removing Zoomify malware.

Unread postby askey127 » December 30th, 2014, 7:39 am

joynrox,
Let's try this one.
----------------------------------------------
Perform a Custom Fix with OTL
Right click OTL on your desktop, and choose "Run as administrator" to open it.
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include "Code: Select all"):
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :processes
    killallprocesses
    
    :Reg
    [-HKEY_CURRENT_USER\Software\AppDataLow\Software\zoomify]
    [-HKEY_CURRENT_USER\Software\AppDataLow\Software\zoomify_29]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\2f189aaa_0]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\zoomify_29]
    
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{3A283DC3-B184-44F0-B130-8290D89FAE41}"=-
    "{B02116AB-5F4D-475A-9EAF-318F58ED8022}"=-
    "{B79008AA-4EE9-4E9A-AF04-23EF4F5F7872}"=-
    "{0236C1A6-7B6D-4AC6-8CE6-164E49EC9C62}"=-
    "{60B99362-52ED-4A2A-ADE4-D7F6BC8799EC}"=-
    
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{3A283DC3-B184-44F0-B130-8290D89FAE41}"=-
    
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\cozaghost]
    "ImagePath"=-
    
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{3A283DC3-B184-44F0-B130-8290D89FAE41}"=-
    "{B02116AB-5F4D-475A-9EAF-318F58ED8022}"=-
    "{B79008AA-4EE9-4E9A-AF04-23EF4F5F7872}"=-
    "{0236C1A6-7B6D-4AC6-8CE6-164E49EC9C62}"=-
    "{60B99362-52ED-4A2A-ADE4-D7F6BC8799EC}"=-
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{3A283DC3-B184-44F0-B130-8290D89FAE41}"=-
    "{B02116AB-5F4D-475A-9EAF-318F58ED8022}"=-
    "{B79008AA-4EE9-4E9A-AF04-23EF4F5F7872}"=-
    "{0236C1A6-7B6D-4AC6-8CE6-164E49EC9C62}"=-
    "{60B99362-52ED-4A2A-ADE4-D7F6BC8799EC}"=-
    
    [-HKEY_USERS\S-1-5-21-3547222466-1095153349-50681056-1000\Software\AppDataLow\Software\zoomify]
    [-HKEY_USERS\S-1-5-21-3547222466-1095153349-50681056-1000\Software\AppDataLow\Software\zoomify_29]
    [-HKEY_USERS\S-1-5-21-3547222466-1095153349-50681056-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\2f189aaa_0]
    
    :Files
    C:\Users\Family-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5PILZVXU\zoomify_2512[1].exe
    C:\Users\Family-PC\AppData\Local\Temp\zoomify_installer_{0A3EC4AA-226A-4A8F-9CDD-01FBCDFA1DC8-2014_12_28}_1419822292.txt
    C:\ProgramData\zoomify_29
    C:\Users\All Users\zoomify_29
    ipconfig /flushdns /c
    
    :Commands
    [Reboot]
    
  • Then click the Run Fix button at the top. DO NOT CLICK Run Scan
  • Let the program run unhindered, and click to allow the Reboot when it is done.
    When the computer Reboots, and you start your usual account, a Notepad text file will appear.
  • That is the FIX log file. Copy the contents of that file and post it in your next reply.
    It will also be available and named by timestamp here: C:\_OTL\Moved Files\mmddyyyy_hhmmss.log

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Need help removing Zoomify malware.

Unread postby jorynrox » December 30th, 2014, 11:21 am

This time it ran correctly and asked to reboot at the end. Here is the log.


========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== PROCESSES ==========
All processes killed
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\AppDataLow\Software\zoomify\ not found.
Registry key HKEY_CURRENT_USER\Software\AppDataLow\Software\zoomify_29\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\2f189aaa_0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\zoomify_29\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3A283DC3-B184-44F0-B130-8290D89FAE41} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3A283DC3-B184-44F0-B130-8290D89FAE41}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B02116AB-5F4D-475A-9EAF-318F58ED8022} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B02116AB-5F4D-475A-9EAF-318F58ED8022}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B79008AA-4EE9-4E9A-AF04-23EF4F5F7872} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B79008AA-4EE9-4E9A-AF04-23EF4F5F7872}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0236C1A6-7B6D-4AC6-8CE6-164E49EC9C62} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0236C1A6-7B6D-4AC6-8CE6-164E49EC9C62}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{60B99362-52ED-4A2A-ADE4-D7F6BC8799EC} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60B99362-52ED-4A2A-ADE4-D7F6BC8799EC}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3A283DC3-B184-44F0-B130-8290D89FAE41} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3A283DC3-B184-44F0-B130-8290D89FAE41}\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\cozaghost not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3A283DC3-B184-44F0-B130-8290D89FAE41} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3A283DC3-B184-44F0-B130-8290D89FAE41}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B02116AB-5F4D-475A-9EAF-318F58ED8022} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B02116AB-5F4D-475A-9EAF-318F58ED8022}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B79008AA-4EE9-4E9A-AF04-23EF4F5F7872} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B79008AA-4EE9-4E9A-AF04-23EF4F5F7872}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0236C1A6-7B6D-4AC6-8CE6-164E49EC9C62} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0236C1A6-7B6D-4AC6-8CE6-164E49EC9C62}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{60B99362-52ED-4A2A-ADE4-D7F6BC8799EC} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60B99362-52ED-4A2A-ADE4-D7F6BC8799EC}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3A283DC3-B184-44F0-B130-8290D89FAE41} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3A283DC3-B184-44F0-B130-8290D89FAE41}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B02116AB-5F4D-475A-9EAF-318F58ED8022} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B02116AB-5F4D-475A-9EAF-318F58ED8022}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B79008AA-4EE9-4E9A-AF04-23EF4F5F7872} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B79008AA-4EE9-4E9A-AF04-23EF4F5F7872}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0236C1A6-7B6D-4AC6-8CE6-164E49EC9C62} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0236C1A6-7B6D-4AC6-8CE6-164E49EC9C62}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{60B99362-52ED-4A2A-ADE4-D7F6BC8799EC} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60B99362-52ED-4A2A-ADE4-D7F6BC8799EC}\ not found.
Registry key HKEY_USERS\S-1-5-21-3547222466-1095153349-50681056-1000\Software\AppDataLow\Software\zoomify\ not found.
Registry key HKEY_USERS\S-1-5-21-3547222466-1095153349-50681056-1000\Software\AppDataLow\Software\zoomify_29\ not found.
Registry key HKEY_USERS\S-1-5-21-3547222466-1095153349-50681056-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\2f189aaa_0\ not found.
========== FILES ==========
File\Folder C:\Users\Family-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5PILZVXU\zoomify_2512[1].exe not found.
File\Folder C:\Users\Family-PC\AppData\Local\Temp\zoomify_installer_{0A3EC4AA-226A-4A8F-9CDD-01FBCDFA1DC8-2014_12_28}_1419822292.txt not found.
File\Folder C:\ProgramData\zoomify_29 not found.
File\Folder C:\Users\All Users\zoomify_29 not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Family-PC\Desktop\cmd.bat deleted successfully.
C:\Users\Family-PC\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 12302014_091646

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
jorynrox
Active Member
 
Posts: 10
Joined: December 29th, 2014, 2:38 pm

Re: Need help removing Zoomify malware.

Unread postby jorynrox » December 31st, 2014, 4:40 pm

Do I need to do anything else?
jorynrox
Active Member
 
Posts: 10
Joined: December 29th, 2014, 2:38 pm

Re: Need help removing Zoomify malware.

Unread postby askey127 » January 2nd, 2015, 8:52 am

You should be OK, if the problem is gone.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 41 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware