Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-11-2014
Ran by Wendy at 2014-11-15 15:58:45 Run:1
Running from C:\Users\Wendy\Desktop
Loaded Profile: Wendy (Available profiles: Wendy)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL =
search.ask.com/web?q={searchterms}&l=dis&o=HPNTDFSearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL =
search.ask.com/web?q={searchterms}&l=dis&o=HPNTDFSearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL =
search.ask.com/web?q={searchterms}&l=dis&o=HPNTDFSearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL =
search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF2014-11-09 23:46 - 2014-11-09 23:46 - 40034920 ____T () C:\Windows\SysWOW64\00020242.tmp
2014-11-09 23:46 - 2014-11-09 23:46 - 40034920 ____T () C:\Windows\SysWOW64\00015423.tmp
2014-11-09 23:46 - 2014-11-09 23:46 - 01180264 ____T () C:\Windows\SysWOW64\00032559.tmp
2014-11-09 23:46 - 2014-11-09 23:46 - 01180264 ____T () C:\Windows\SysWOW64\00031805.tmp
2014-11-09 23:46 - 2014-11-09 23:46 - 01180264 ____T () C:\Windows\SysWOW64\00031377.tmp
2014-11-09 23:46 - 2014-11-09 23:46 - 01180264 ____T () C:\Windows\SysWOW64\00030160.tmp
2014-11-09 23:46 - 2014-11-09 23:46 - 01180264 ____T () C:\Windows\SysWOW64\00030152.tmp
2014-11-09 23:46 - 2014-11-09 23:46 - 01180264 ____T () C:\Windows\SysWOW64\00029840.tmp
2014-11-09 23:46 - 2014-11-09 23:46 - 01180264 ____T () C:\Windows\SysWOW64\00029664.tmp
2014-11-09 23:46 - 2014-11-09 23:46 - 01180264 ____T () C:\Windows\SysWOW64\00029441.tmp
2014-11-09 23:46 - 2014-11-09 23:46 - 01180264 ____T () C:\Windows\SysWOW64\00028984.tmp
2014-11-09 23:46 - 2014-11-09 23:46 - 01180264 ____T () C:\Windows\SysWOW64\00028388.tmp
2014-11-09 23:46 - 2014-11-09 23:46 - 01180264 ____T () C:\Windows\SysWOW64\00028114.tmp
2014-11-09 23:46 - 2014-11-09 23:46 - 01180264 ____T () C:\Windows\SysWOW64\00027790.tmp
2014-11-09 23:46 - 2014-11-09 23:46 - 01180264 ____T () C:\Windows\SysWOW64\00025776.tmp
2014-11-09 23:46 - 2014-11-09 23:46 - 01180264 ____T () C:\Windows\SysWOW64\00024423.tmp
2014-11-09 23:46 - 2014-11-09 23:46 - 01180264 ____T () C:\Windows\SysWOW64\00024282.tmp
2014-11-09 23:46 - 2014-11-09 23:46 - 01180264 ____T () C:\Windows\SysWOW64\00024138.tmp
2014-11-09 23:46 - 2014-11-09 23:46 - 01180264 ____T () C:\Windows\SysWOW64\00024131.tmp
2014-11-09 23:46 - 2014-11-09 23:46 - 01180264 ____T () C:\Windows\SysWOW64\00024102.tmp
2014-11-09 23:46 - 2014-11-09 23:46 - 01180264 ____T () C:\Windows\SysWOW64\00023587.tmp
2014-11-09 23:46 - 2014-11-09 23:46 - 01180264 ____T () C:\Windows\SysWOW64\00023423.tmp
2014-11-09 23:46 - 2014-11-09 23:46 - 01180264 ____T () C:\Windows\SysWOW64\00022914.tmp
2014-11-09 23:46 - 2014-11-09 23:46 - 01180264 ____T () C:\Windows\SysWOW64\00022337.tmp
2014-11-09 23:46 - 2014-11-09 23:46 - 01180264 ____T () C:\Windows\SysWOW64\00021965.tmp
2014-11-09 23:46 - 2014-11-09 23:46 - 01180264 ____T () C:\Windows\SysWOW64\00021285.tmp
2014-11-09 23:46 - 2014-11-09 23:46 - 01180264 ____T () C:\Windows\SysWOW64\00021130.tmp
2014-11-09 23:46 - 2014-11-09 23:46 - 01180264 ____T () C:\Windows\SysWOW64\00021043.tmp
2014-11-09 23:46 - 2014-11-09 23:46 - 01180264 ____T () C:\Windows\SysWOW64\00020149.tmp
2014-11-09 23:46 - 2014-11-09 23:46 - 01180264 ____T () C:\Windows\SysWOW64\00018528.tmp
2014-11-09 23:46 - 2014-11-09 23:46 - 01180264 ____T () C:\Windows\SysWOW64\00018429.tmp
2014-11-09 23:46 - 2014-11-09 23:46 - 01180264 ____T () C:\Windows\SysWOW64\00018314.tmp
2014-11-09 23:46 - 2014-11-09 23:46 - 01180264 ____T () C:\Windows\SysWOW64\00018055.tmp
2014-11-09 23:46 - 2014-11-09 23:46 - 01180264 ____T () C:\Windows\SysWOW64\00017703.tmp
2014-11-09 23:46 - 2014-11-09 23:46 - 01180264 ____T () C:\Windows\SysWOW64\00017697.tmp
2014-11-09 23:46 - 2014-11-09 23:46 - 01180264 ____T () C:\Windows\SysWOW64\00015893.tmp
2014-11-09 23:46 - 2014-11-09 23:46 - 01180264 ____T () C:\Windows\SysWOW64\00015560.tmp
2014-11-09 23:46 - 2014-11-09 23:46 - 01180264 ____T () C:\Windows\SysWOW64\00015161.tmp
2014-11-09 23:46 - 2014-11-09 23:46 - 01180264 ____T () C:\Windows\SysWOW64\00014811.tmp
2014-11-09 23:46 - 2014-11-09 23:46 - 01180264 ____T () C:\Windows\SysWOW64\00014626.tmp
2014-11-09 23:46 - 2014-11-09 23:46 - 01180264 ____T () C:\Windows\SysWOW64\00014232.tmp
2014-11-09 23:46 - 2014-11-09 23:46 - 01180264 ____T () C:\Windows\SysWOW64\00013502.tmp
2014-11-09 23:46 - 2014-11-09 23:46 - 01180264 ____T () C:\Windows\SysWOW64\00013078.tmp
2014-11-09 23:46 - 2014-11-09 23:46 - 01180264 ____T () C:\Windows\SysWOW64\00012791.tmp
2014-11-09 23:46 - 2014-11-09 23:46 - 01180264 ____T () C:\Windows\SysWOW64\00010464.tmp
2014-11-09 23:46 - 2014-11-09 23:46 - 01180264 ____T () C:\Windows\SysWOW64\00009084.tmp
2014-11-09 23:46 - 2014-11-09 23:46 - 01180264 ____T () C:\Windows\SysWOW64\00009015.tmp
2014-11-09 23:46 - 2014-11-09 23:46 - 01180264 ____T () C:\Windows\SysWOW64\00008992.tmp
2014-11-09 23:46 - 2014-11-09 23:46 - 01180264 ____T () C:\Windows\SysWOW64\00008590.tmp
2014-11-09 23:46 - 2014-11-09 23:46 - 01180264 ____T () C:\Windows\SysWOW64\00008549.tmp
2014-11-09 23:46 - 2014-11-09 23:46 - 01180264 ____T () C:\Windows\SysWOW64\00008178.tmp
2014-11-09 23:46 - 2014-11-09 23:46 - 01180264 ____T () C:\Windows\SysWOW64\00006974.tmp
2014-11-09 23:46 - 2014-11-09 23:46 - 01180264 ____T () C:\Windows\SysWOW64\00006814.tmp
2014-11-09 23:46 - 2014-11-09 23:46 - 01180264 ____T () C:\Windows\SysWOW64\00006300.tmp
2014-11-09 23:46 - 2014-11-09 23:46 - 01180264 ____T () C:\Windows\SysWOW64\00004791.tmp
2014-11-09 23:46 - 2014-11-09 23:46 - 01180264 ____T () C:\Windows\SysWOW64\00004684.tmp
2014-11-09 23:46 - 2014-11-09 23:46 - 01180264 ____T () C:\Windows\SysWOW64\00004573.tmp
2014-11-09 23:46 - 2014-11-09 23:46 - 01180264 ____T () C:\Windows\SysWOW64\00004016.tmp
2014-11-09 23:46 - 2014-11-09 23:46 - 01180264 ____T () C:\Windows\SysWOW64\00003274.tmp
2014-11-09 23:46 - 2014-11-09 23:46 - 01180264 ____T () C:\Windows\SysWOW64\00002993.tmp
2014-11-09 23:46 - 2014-11-09 23:46 - 01180264 ____T () C:\Windows\SysWOW64\00002712.tmp
2014-11-09 23:46 - 2014-11-09 23:46 - 01180264 ____T () C:\Windows\SysWOW64\00002130.tmp
2014-11-09 23:46 - 2014-11-09 23:46 - 01180264 ____T () C:\Windows\SysWOW64\00001959.tmp
2014-11-09 23:46 - 2014-11-09 23:46 - 01180264 ____T () C:\Windows\SysWOW64\00001952.tmp
2014-11-09 23:46 - 2014-11-09 23:46 - 01180264 ____T () C:\Windows\SysWOW64\00001841.tmp
2014-11-09 23:46 - 2014-11-09 23:46 - 01180264 ____T () C:\Windows\SysWOW64\00001838.tmp
2014-11-09 23:46 - 2014-11-09 23:46 - 01180264 ____T () C:\Windows\SysWOW64\00001189.tmp
2014-11-09 23:46 - 2014-11-09 23:46 - 01180264 ____T () C:\Windows\SysWOW64\00000782.tmp
2014-11-09 23:45 - 2014-11-09 23:45 - 40034920 ____T () C:\Windows\SysWOW64\00026309.tmp
C:\Users\Wendy\AppData\Local\Temp\1_flashplayer.exe
C:\Users\Wendy\AppData\Local\Temp\EdRegAcd.dll
C:\Users\Wendy\AppData\Local\Temp\IMS.dll
C:\Users\Wendy\AppData\Local\Temp\ose00000.exe
C:\Users\Wendy\AppData\Local\Temp\sp64126.exe
C:\Users\Wendy\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\Wendy\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Wendy\AppData\Local\Temp\_is7196.exe
C:\Users\Wendy\AppData\Local\Temp\_isC180.exe
HKU\S-1-5-21-271291821-3194552175-2611417889-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
CustomCLSID: HKU\S-1-5-21-271291821-3194552175-2611417889-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
Reboot:
end
*****************
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key deleted successfully.
"HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key deleted successfully.
"HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key not found.
"HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key not found.
C:\Windows\SysWOW64\00020242.tmp => Moved successfully.
C:\Windows\SysWOW64\00015423.tmp => Moved successfully.
C:\Windows\SysWOW64\00032559.tmp => Moved successfully.
C:\Windows\SysWOW64\00031805.tmp => Moved successfully.
C:\Windows\SysWOW64\00031377.tmp => Moved successfully.
C:\Windows\SysWOW64\00030160.tmp => Moved successfully.
C:\Windows\SysWOW64\00030152.tmp => Moved successfully.
C:\Windows\SysWOW64\00029840.tmp => Moved successfully.
C:\Windows\SysWOW64\00029664.tmp => Moved successfully.
C:\Windows\SysWOW64\00029441.tmp => Moved successfully.
C:\Windows\SysWOW64\00028984.tmp => Moved successfully.
C:\Windows\SysWOW64\00028388.tmp => Moved successfully.
C:\Windows\SysWOW64\00028114.tmp => Moved successfully.
C:\Windows\SysWOW64\00027790.tmp => Moved successfully.
C:\Windows\SysWOW64\00025776.tmp => Moved successfully.
C:\Windows\SysWOW64\00024423.tmp => Moved successfully.
C:\Windows\SysWOW64\00024282.tmp => Moved successfully.
C:\Windows\SysWOW64\00024138.tmp => Moved successfully.
C:\Windows\SysWOW64\00024131.tmp => Moved successfully.
C:\Windows\SysWOW64\00024102.tmp => Moved successfully.
C:\Windows\SysWOW64\00023587.tmp => Moved successfully.
C:\Windows\SysWOW64\00023423.tmp => Moved successfully.
C:\Windows\SysWOW64\00022914.tmp => Moved successfully.
C:\Windows\SysWOW64\00022337.tmp => Moved successfully.
C:\Windows\SysWOW64\00021965.tmp => Moved successfully.
C:\Windows\SysWOW64\00021285.tmp => Moved successfully.
C:\Windows\SysWOW64\00021130.tmp => Moved successfully.
C:\Windows\SysWOW64\00021043.tmp => Moved successfully.
C:\Windows\SysWOW64\00020149.tmp => Moved successfully.
C:\Windows\SysWOW64\00018528.tmp => Moved successfully.
C:\Windows\SysWOW64\00018429.tmp => Moved successfully.
C:\Windows\SysWOW64\00018314.tmp => Moved successfully.
C:\Windows\SysWOW64\00018055.tmp => Moved successfully.
C:\Windows\SysWOW64\00017703.tmp => Moved successfully.
C:\Windows\SysWOW64\00017697.tmp => Moved successfully.
C:\Windows\SysWOW64\00015893.tmp => Moved successfully.
C:\Windows\SysWOW64\00015560.tmp => Moved successfully.
C:\Windows\SysWOW64\00015161.tmp => Moved successfully.
C:\Windows\SysWOW64\00014811.tmp => Moved successfully.
C:\Windows\SysWOW64\00014626.tmp => Moved successfully.
C:\Windows\SysWOW64\00014232.tmp => Moved successfully.
C:\Windows\SysWOW64\00013502.tmp => Moved successfully.
C:\Windows\SysWOW64\00013078.tmp => Moved successfully.
C:\Windows\SysWOW64\00012791.tmp => Moved successfully.
C:\Windows\SysWOW64\00010464.tmp => Moved successfully.
C:\Windows\SysWOW64\00009084.tmp => Moved successfully.
C:\Windows\SysWOW64\00009015.tmp => Moved successfully.
C:\Windows\SysWOW64\00008992.tmp => Moved successfully.
C:\Windows\SysWOW64\00008590.tmp => Moved successfully.
C:\Windows\SysWOW64\00008549.tmp => Moved successfully.
C:\Windows\SysWOW64\00008178.tmp => Moved successfully.
C:\Windows\SysWOW64\00006974.tmp => Moved successfully.
C:\Windows\SysWOW64\00006814.tmp => Moved successfully.
C:\Windows\SysWOW64\00006300.tmp => Moved successfully.
C:\Windows\SysWOW64\00004791.tmp => Moved successfully.
C:\Windows\SysWOW64\00004684.tmp => Moved successfully.
C:\Windows\SysWOW64\00004573.tmp => Moved successfully.
C:\Windows\SysWOW64\00004016.tmp => Moved successfully.
C:\Windows\SysWOW64\00003274.tmp => Moved successfully.
C:\Windows\SysWOW64\00002993.tmp => Moved successfully.
C:\Windows\SysWOW64\00002712.tmp => Moved successfully.
C:\Windows\SysWOW64\00002130.tmp => Moved successfully.
C:\Windows\SysWOW64\00001959.tmp => Moved successfully.
C:\Windows\SysWOW64\00001952.tmp => Moved successfully.
C:\Windows\SysWOW64\00001841.tmp => Moved successfully.
C:\Windows\SysWOW64\00001838.tmp => Moved successfully.
C:\Windows\SysWOW64\00001189.tmp => Moved successfully.
C:\Windows\SysWOW64\00000782.tmp => Moved successfully.
C:\Windows\SysWOW64\00026309.tmp => Moved successfully.
C:\Users\Wendy\AppData\Local\Temp\1_flashplayer.exe => Moved successfully.
C:\Users\Wendy\AppData\Local\Temp\EdRegAcd.dll => Moved successfully.
C:\Users\Wendy\AppData\Local\Temp\IMS.dll => Moved successfully.
C:\Users\Wendy\AppData\Local\Temp\ose00000.exe => Moved successfully.
C:\Users\Wendy\AppData\Local\Temp\sp64126.exe => Moved successfully.
C:\Users\Wendy\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll => Moved successfully.
C:\Users\Wendy\AppData\Local\Temp\UninstallHPSA.exe => Moved successfully.
C:\Users\Wendy\AppData\Local\Temp\_is7196.exe => Moved successfully.
C:\Users\Wendy\AppData\Local\Temp\_isC180.exe => Moved successfully.
"HKU\S-1-5-21-271291821-3194552175-2611417889-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully.
"HKU\S-1-5-21-271291821-3194552175-2611417889-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
"HKU\S-1-5-21-271291821-3194552175-2611417889-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key not found.
The system needed a reboot.
==== End of Fixlog ====