Jump to content

cant quite get rid of Fast and Safe program


Recommended Posts

i been having problems with trying to get rid of this Fast and Safe program from my Programs and Features Uninstall

it keeps giveing me an error RunDLL there was a problem starting C:\progra~3\FASTAN~1\FASTAN~1.DLL

and i also remember runing malware bytes and it did pick up on this program well the hole folder really and deleted it.

but not i cant get rid of it from my unintall list and feels like its still there on my computer.

 

any help on how to remove this program would be appreciated.

Link to post
Share on other sites

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
 
 
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.


 
 
 
 
 
Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt




Please attach this file to your next reply.

Link to post
Share on other sites

just want to say that i have solved my problem my self by going back to an old system restore point and the problems have disapered.

beginning to think it was becuase of the old game roms i downloaded.

but i have done some reports for you any ways just to look over.

 

~~~FRST~~~

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-06-2014
Ran by bananaf4p (administrator) on BANANAF4P-PC on 25-06-2014 11:16:03
Running from D:\firefox downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(VIA Technologies, Inc.) C:\VIA_XHCI\usb3Monitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
() C:\Windows\SysWOW64\HsMgr.exe
() C:\Windows\system\HsMgr64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Flux Software LLC) C:\Users\bananaf4p\AppData\Local\FluxSoftware\Flux\flux.exe
(CMedia) C:\Program Files\ASUS Xonar DSX Audio\Customapp\AsusAudioCenter.exe
(SteelSeries ApS) D:\programs\SteelSeries Engine\SteelSeriesEngine.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) D:\programs\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
(Valve Corporation) D:\programs\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Akamai Technologies, Inc.) C:\Users\bananaf4p\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\bananaf4p\AppData\Local\Akamai\netsession_win.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [VIAxHCUtl] => C:\VIA_XHCI\usb3Monitor.exe [331776 2011-07-12] (VIA Technologies, Inc.)
HKLM\...\Run: [Cmaudio8788] => C:\Windows\Syswow64\cmicnfgp.dll [8769536 2011-05-12] (C-Media Corporation)
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-08] (NVIDIA Corporation)
HKLM\...\Run: [shadowPlay] => C:\Windows\system32\nvspcap64.dll [1100248 2013-12-09] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-09] (NVIDIA Corporation)
HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-27] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5263504 2012-08-09] (VIA)
HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => D:\programs\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKU\S-1-5-21-2762169966-4023530144-2529529029-1000\...\Run: [F.lux] => C:\Users\bananaf4p\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-15] (Flux Software LLC)
HKU\S-1-5-21-2762169966-4023530144-2529529029-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2762169966-4023530144-2529529029-1000\...\Run: [Akamai NetSession Interface] => C:\Users\bananaf4p\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2762169966-4023530144-2529529029-1000\...\Run: [LiveSupport] => "C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /log
HKU\S-1-5-21-2762169966-4023530144-2529529029-1000\...\Run: [steelSeries Engine] => D:\programs\SteelSeries Engine\SteelSeriesEngine.exe [252928 2014-04-15] (SteelSeries ApS)
HKU\S-1-5-21-2762169966-4023530144-2529529029-1000\...\Run: [EPSON Stylus NX400 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEGA.EXE [221696 2007-12-17] (SEIKO EPSON CORPORATION)

==================== Internet (Whitelisted) ====================

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\bananaf4p\AppData\Roaming\Mozilla\Firefox\Profiles\et8ib76z.default
FF DefaultSearchEngine: DuckDuckGo
FF SelectedSearchEngine: DuckDuckGo
FF Homepage: www.duckduckgo.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect - D:\programs\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - D:\programs\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - D:\programs\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect - D:\programs\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\bananaf4p\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\bananaf4p\AppData\Roaming\Mozilla\Firefox\Profiles\et8ib76z.default\searchplugins\duckduckgo.xml
FF Extension: HTTPS-Everywhere - C:\Users\bananaf4p\AppData\Roaming\Mozilla\Firefox\Profiles\et8ib76z.default\Extensions\https-everywhere@eff.org [2014-04-26]
FF Extension: Blender - C:\Users\bananaf4p\AppData\Roaming\Mozilla\Firefox\Profiles\et8ib76z.default\Extensions\blender@meh.paranoid.pk.xpi [2013-09-29]
FF Extension: AutocardAnywhere - C:\Users\bananaf4p\AppData\Roaming\Mozilla\Firefox\Profiles\et8ib76z.default\Extensions\jid1-NdFvHAkquJrpvA@jetpack.xpi [2013-09-29]
FF Extension: Reddit Enhancement Suite - C:\Users\bananaf4p\AppData\Roaming\Mozilla\Firefox\Profiles\et8ib76z.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2014-04-20]
FF Extension: DuckDuckGo Plus - C:\Users\bananaf4p\AppData\Roaming\Mozilla\Firefox\Profiles\et8ib76z.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2013-09-29]
FF Extension: HTTPS Finder - C:\Users\bananaf4p\AppData\Roaming\Mozilla\Firefox\Profiles\et8ib76z.default\Extensions\{6bdc61ae-7b80-44a3-9476-e1d121ec2238}.xpi [2013-09-29]
FF Extension: Adblock Plus - C:\Users\bananaf4p\AppData\Roaming\Mozilla\Firefox\Profiles\et8ib76z.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-29]
FF Extension: BetterPrivacy - C:\Users\bananaf4p\AppData\Roaming\Mozilla\Firefox\Profiles\et8ib76z.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2013-09-29]

Chrome:
=======
CHR HomePage: hxxp://search.easylifeapp.com/
CHR RestoreOnStartup: "hxxp://search.easylifeapp.com/"
CHR StartupUrls: "hxxp://search.easylifeapp.com/"
CHR Plugin: (Shockwave Flash) - D:\programs\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - D:\programs\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - D:\programs\Google\Chrome\Application\28.0.1500.95\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.7.4) - D:\programs\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - D:\programs\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - D:\programs\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - D:\programs\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - D:\programs\plugins\npqtplugin5.dll No File
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Unity Player) - C:\Users\bananaf4p\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll No File
CHR Plugin: (AdobeExManDetect) - D:\programs\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
CHR Plugin: (iTunes Application Detector) - D:\programs\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Extension: (Google Docs) - C:\Users\bananaf4p\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-15]
CHR Extension: (Google Drive) - C:\Users\bananaf4p\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-15]
CHR Extension: (YouTube) - C:\Users\bananaf4p\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-15]
CHR Extension: (Webmail Ads Blocker Pro) - C:\Users\bananaf4p\AppData\Local\Google\Chrome\User Data\Default\Extensions\caekfkkddhehlmdhmpdlanagffponmpn [2014-06-23]
CHR Extension: (Google Search) - C:\Users\bananaf4p\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-15]
CHR Extension: (Gmail) - C:\Users\bananaf4p\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-15]

==================== Services (Whitelisted) =================

S4 mi-raysat_3dsmax2014_64; D:\programs\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe [86016 2011-09-14] () [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-09] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-09] (NVIDIA Corporation)
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S4 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-02] (VIA Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2727936 2011-12-20] (C-Media Inc)
R1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation)
U5 GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [33240 2012-08-21] (GEAR Software Inc.)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
R3 SAlphamHid; C:\Windows\System32\DRIVERS\SAlpham64.sys [38016 2013-05-31] (SteelSeries Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-06-01] (Duplex Secure Ltd.)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [205312 2012-01-19] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [254464 2012-01-19] (VIA Technologies, Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-25 11:15 - 2014-06-25 11:16 - 00000000 ____D () C:\FRST
2014-06-24 21:04 - 2014-06-24 21:04 - 00003424 ____N () C:\bootsqm.dat
2014-06-24 11:34 - 2014-06-24 11:34 - 00017072 _____ () C:\Users\bananaf4p\Documents\install.txt
2014-06-24 11:17 - 2014-06-24 18:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-24 10:15 - 2014-06-24 18:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-24 10:13 - 2014-06-24 10:13 - 00000000 ____D () C:\Program Files\Java
2014-06-23 10:19 - 2014-06-24 21:15 - 00000000 ____D () C:\ProgramData\cc7b0d7b12d027e
2014-06-23 10:19 - 2014-06-24 18:28 - 00000000 ____D () C:\ProgramData\eiasytoshOp
2014-06-23 10:19 - 2014-06-23 10:19 - 00000000 ____D () C:\Users\bananaf4p\AppData\Local\Packages
2014-06-21 18:58 - 2014-06-21 18:58 - 00000000 ____D () C:\Users\bananaf4p\Documents\CAPCOM
2014-06-18 09:13 - 2014-06-25 02:00 - 00000000 ____D () C:\Users\bananaf4p\AppData\Local\Adobe
2014-06-18 00:49 - 2014-06-24 21:15 - 00000000 ____D () C:\ProgramData\EPSON
2014-06-18 00:49 - 2007-12-07 02:08 - 00108032 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_ILMEGA.DLL
2014-06-18 00:49 - 2007-12-07 02:01 - 00081408 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_IBCBEGA.DLL
2014-06-18 00:34 - 2014-06-24 21:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2014-06-18 00:34 - 2014-06-18 00:34 - 00000934 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk
2014-06-18 00:34 - 2014-06-18 00:34 - 00000000 ____D () C:\Program Files (x86)\epson
2014-06-18 00:34 - 2007-07-13 00:00 - 00083968 _____ (SEIKO EPSON CORP.) C:\Windows\system32\esxcwiad.dll
2014-06-11 17:00 - 2014-06-24 21:15 - 00000000 ____D () C:\Users\bananaf4p\AppData\Local\SteelSeries_ApS
2014-06-11 17:00 - 2014-06-11 17:00 - 00000000 ____D () C:\Users\bananaf4p\AppData\Roaming\SteelSeries
2014-06-11 16:59 - 2014-06-11 16:59 - 00000000 ____D () C:\Users\bananaf4p\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SteelSeries
2014-06-11 16:59 - 2014-06-11 16:59 - 00000000 ____D () C:\ProgramData\SteelSeries
2014-06-10 21:44 - 2014-05-30 04:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-10 21:44 - 2014-05-30 04:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-10 21:44 - 2014-05-30 04:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-10 21:44 - 2014-05-30 03:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-10 21:44 - 2014-05-30 03:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-10 21:44 - 2014-05-30 03:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-10 21:44 - 2014-05-30 03:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-10 21:44 - 2014-05-30 03:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-10 21:44 - 2014-05-30 03:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-10 21:44 - 2014-05-30 03:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-10 21:44 - 2014-05-30 03:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-10 21:44 - 2014-05-30 03:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-10 21:44 - 2014-05-30 03:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-10 21:44 - 2014-05-30 03:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-10 21:44 - 2014-05-30 03:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-10 21:44 - 2014-05-30 03:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-10 21:44 - 2014-05-30 03:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-10 21:44 - 2014-05-30 03:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-10 21:44 - 2014-05-30 02:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-10 21:44 - 2014-05-30 02:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-10 21:44 - 2014-05-30 02:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-10 21:44 - 2014-05-30 02:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-10 21:44 - 2014-05-30 02:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-10 21:44 - 2014-05-30 02:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-10 21:44 - 2014-05-30 02:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-10 21:44 - 2014-05-30 02:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-10 21:44 - 2014-05-30 02:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-10 21:44 - 2014-05-30 02:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-10 21:44 - 2014-05-30 02:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-10 21:44 - 2014-05-30 02:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-10 21:44 - 2014-05-30 02:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-10 21:44 - 2014-05-30 02:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-10 21:44 - 2014-05-30 02:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-10 21:44 - 2014-05-30 02:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-10 21:44 - 2014-05-30 02:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-10 21:44 - 2014-05-30 02:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-10 21:44 - 2014-05-30 02:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-10 21:44 - 2014-05-30 02:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-10 21:44 - 2014-05-30 02:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-10 21:44 - 2014-05-30 02:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-10 21:44 - 2014-05-30 01:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-10 21:44 - 2014-05-30 01:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-10 21:44 - 2014-05-30 01:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-10 21:44 - 2014-05-30 01:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-10 21:44 - 2014-05-30 01:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-10 21:44 - 2014-05-30 01:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-10 21:44 - 2014-05-30 01:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-10 21:44 - 2014-05-30 01:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-10 21:44 - 2014-05-30 01:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-10 21:44 - 2014-05-30 01:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-10 21:44 - 2014-05-30 01:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-10 21:44 - 2014-05-30 01:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-10 21:44 - 2014-05-08 03:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-10 21:44 - 2014-05-08 03:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-10 21:44 - 2014-04-24 20:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-10 21:44 - 2014-04-24 20:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-10 21:44 - 2014-04-04 20:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-10 21:44 - 2014-04-04 20:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-10 21:44 - 2014-03-26 08:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-10 21:44 - 2014-03-26 08:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-10 21:44 - 2014-03-26 08:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-10 21:44 - 2014-03-26 08:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-10 21:44 - 2014-03-26 08:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-10 21:44 - 2014-03-26 08:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-10 21:44 - 2014-03-26 08:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-10 21:44 - 2014-03-26 08:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-10 21:43 - 2014-06-08 03:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-10 21:43 - 2014-06-08 03:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-10 13:42 - 2014-06-10 13:42 - 00000000 ____D () C:\Users\bananaf4p\AppData\Roaming\NoTimeToExplain
2014-06-04 23:46 - 2014-06-04 23:49 - 00000000 ____D () C:\Users\bananaf4p\AppData\Roaming\To the Moon - Freebird Games
2014-06-04 20:51 - 2014-06-04 20:51 - 00000000 ____D () C:\Users\bananaf4p\AppData\Local\BIT.TRIP BEAT
2014-06-04 18:54 - 2014-06-04 18:54 - 00000000 ____D () C:\Users\bananaf4p\Documents\Larian Studios
2014-06-03 00:33 - 2011-08-22 17:54 - 00461824 _____ () C:\Users\bananaf4p\Desktop\pokesav_bw_06c_en.exe
2014-06-03 00:31 - 2014-06-03 00:31 - 00000136 _____ () C:\Users\bananaf4p\Desktop\Bulbasaur_Black(Black001).pkm
2014-06-03 00:07 - 2013-08-03 00:52 - 00524288 _____ () C:\Users\bananaf4p\Desktop\5585 - Pokemon - Black Version.sav
2014-06-02 23:16 - 2014-06-02 23:16 - 00000000 ____D () C:\Users\bananaf4p\AppData\Local\Harebrained Schemes
2014-06-02 20:07 - 2014-06-02 20:07 - 00000000 ____D () C:\Users\bananaf4p\AppData\Local\3DVIA
2014-06-02 19:54 - 2014-06-02 20:08 - 00000000 ____D () C:\ProgramData\sangFroidData
2014-06-02 00:08 - 2014-06-02 00:08 - 00001845 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-06-02 00:08 - 2014-06-02 00:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-06-02 00:07 - 2014-06-24 21:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-02 00:07 - 2014-06-24 21:15 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-02 00:07 - 2014-06-02 00:07 - 00001545 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-06-02 00:07 - 2014-06-02 00:07 - 00000000 ____D () C:\Program Files\iTunes
2014-06-02 00:07 - 2014-06-02 00:07 - 00000000 ____D () C:\Program Files\iPod
2014-06-01 23:01 - 2014-06-01 23:01 - 00002958 _____ () C:\Windows\System32\Tasks\{3A7F5A92-9D42-4774-9679-A384C18EB3D3}
2014-06-01 23:01 - 2014-06-01 23:01 - 00000000 ____D () C:\Windows\SysWOW64\Wave
2014-06-01 23:01 - 2014-06-01 23:01 - 00000000 ____D () C:\Windows\SysWOW64\StateSave
2014-06-01 23:01 - 2014-06-01 23:01 - 00000000 ____D () C:\Windows\SysWOW64\Snapshot
2014-06-01 23:01 - 2014-06-01 23:01 - 00000000 ____D () C:\Windows\SysWOW64\Setting
2014-06-01 23:01 - 2014-06-01 23:01 - 00000000 ____D () C:\Windows\SysWOW64\CDIndex
2014-06-01 23:01 - 2014-06-01 23:01 - 00000000 ____D () C:\Windows\SysWOW64\Backup
2014-06-01 22:25 - 2014-06-01 22:27 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-06-01 22:24 - 2014-06-01 23:22 - 00000000 ____D () C:\Users\bananaf4p\AppData\Roaming\DAEMON Tools Lite
2014-06-01 22:24 - 2014-06-01 22:24 - 00386680 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys
2014-06-01 22:18 - 2014-06-01 23:21 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2014-06-01 22:13 - 2014-06-01 22:13 - 00000000 ____D () C:\ProgramData\DAEMON Tools Ultra
2014-05-29 13:29 - 2014-05-29 13:29 - 00000000 ____D () C:\Users\bananaf4p\Documents\Reus

==================== One Month Modified Files and Folders =======

2014-06-25 11:16 - 2014-06-25 11:15 - 00000000 ____D () C:\FRST
2014-06-25 11:09 - 2013-10-07 19:13 - 00000000 ____D () C:\Users\bananaf4p\AppData\Local\Akamai
2014-06-25 10:21 - 2013-09-29 00:36 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-25 10:20 - 2009-07-13 22:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-25 10:20 - 2009-07-13 22:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-25 10:19 - 2009-07-13 23:13 - 00782994 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-25 10:17 - 2013-09-28 22:25 - 01550247 _____ () C:\Windows\WindowsUpdate.log
2014-06-25 10:13 - 2013-11-24 02:00 - 00036623 _____ () C:\Windows\setupact.log
2014-06-25 10:13 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-25 02:00 - 2014-06-18 09:13 - 00000000 ____D () C:\Users\bananaf4p\AppData\Local\Adobe
2014-06-24 21:16 - 2013-09-29 00:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-06-24 21:16 - 2013-09-28 22:25 - 00000000 ____D () C:\Users\bananaf4p
2014-06-24 21:15 - 2014-06-23 10:19 - 00000000 ____D () C:\ProgramData\cc7b0d7b12d027e
2014-06-24 21:15 - 2014-06-18 00:49 - 00000000 ____D () C:\ProgramData\EPSON
2014-06-24 21:15 - 2014-06-18 00:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2014-06-24 21:15 - 2014-06-11 17:00 - 00000000 ____D () C:\Users\bananaf4p\AppData\Local\SteelSeries_ApS
2014-06-24 21:15 - 2014-06-02 00:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-24 21:15 - 2014-06-02 00:07 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-24 21:15 - 2014-04-28 19:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-24 21:15 - 2014-04-28 09:38 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-06-24 21:15 - 2014-04-28 09:32 - 00000000 ____D () C:\Users\bananaf4p\AppData\Roaming\Battle.net
2014-06-24 21:15 - 2014-04-17 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-24 21:15 - 2014-01-07 17:29 - 00000000 ____D () C:\NVIDIA
2014-06-24 21:15 - 2013-11-24 17:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SSDlife
2014-06-24 21:15 - 2013-11-23 14:21 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-24 21:15 - 2013-10-26 11:39 - 00000000 ____D () C:\Users\bananaf4p\AppData\Roaming\Malwarebytes
2014-06-24 21:15 - 2013-09-29 00:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-24 21:15 - 2013-09-29 00:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-06-24 21:15 - 2013-09-29 00:50 - 00000000 ____D () C:\Users\bananaf4p\AppData\Roaming\uTorrent
2014-06-24 21:15 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\registration
2014-06-24 21:04 - 2014-06-24 21:04 - 00003424 ____N () C:\bootsqm.dat
2014-06-24 18:28 - 2014-06-24 11:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-24 18:28 - 2014-06-24 10:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-24 18:28 - 2014-06-23 10:19 - 00000000 ____D () C:\ProgramData\eiasytoshOp
2014-06-24 18:26 - 2014-04-28 09:32 - 00000000 ____D () C:\Users\bananaf4p\AppData\Local\Battle.net
2014-06-24 11:36 - 2013-11-24 17:21 - 00000000 ____D () C:\ProgramData\Binarysense
2014-06-24 11:34 - 2014-06-24 11:34 - 00017072 _____ () C:\Users\bananaf4p\Documents\install.txt
2014-06-24 11:29 - 2013-10-15 21:30 - 00000000 ____D () C:\Users\bananaf4p\AppData\Roaming\FileZilla
2014-06-24 11:29 - 2013-09-29 00:22 - 00000000 ____D () C:\Windows\Panther
2014-06-24 10:13 - 2014-06-24 10:13 - 00000000 ____D () C:\Program Files\Java
2014-06-23 17:42 - 2013-10-07 00:23 - 00000000 ____D () C:\Users\bananaf4p\Documents\SavedGames
2014-06-23 10:19 - 2014-06-23 10:19 - 00000000 ____D () C:\Users\bananaf4p\AppData\Local\Packages
2014-06-21 18:58 - 2014-06-21 18:58 - 00000000 ____D () C:\Users\bananaf4p\Documents\CAPCOM
2014-06-20 07:37 - 2009-07-13 22:45 - 04932704 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-19 19:54 - 2013-09-28 23:54 - 00071576 _____ () C:\Users\bananaf4p\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-18 01:14 - 2013-09-29 00:36 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-18 01:14 - 2013-09-29 00:36 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-18 01:14 - 2013-09-29 00:36 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-18 00:34 - 2014-06-18 00:34 - 00000934 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk
2014-06-18 00:34 - 2014-06-18 00:34 - 00000000 ____D () C:\Program Files (x86)\epson
2014-06-15 19:18 - 2013-12-05 20:51 - 00470023 _____ () C:\Windows\DirectX.log
2014-06-12 10:30 - 2014-04-28 19:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-12 10:30 - 2013-11-25 11:04 - 00171770 _____ () C:\Windows\PFRO.log
2014-06-11 18:41 - 2014-04-28 19:18 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-11 18:41 - 2014-04-28 19:18 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-11 17:00 - 2014-06-11 17:00 - 00000000 ____D () C:\Users\bananaf4p\AppData\Roaming\SteelSeries
2014-06-11 16:59 - 2014-06-11 16:59 - 00000000 ____D () C:\Users\bananaf4p\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SteelSeries
2014-06-11 16:59 - 2014-06-11 16:59 - 00000000 ____D () C:\ProgramData\SteelSeries
2014-06-11 14:30 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-06-11 01:59 - 2013-09-28 22:52 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-11 01:58 - 2013-10-16 19:46 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-11 01:58 - 2013-09-28 22:52 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-11 01:57 - 2014-05-06 15:19 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-10 13:42 - 2014-06-10 13:42 - 00000000 ____D () C:\Users\bananaf4p\AppData\Roaming\NoTimeToExplain
2014-06-08 03:13 - 2014-06-10 21:43 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 03:08 - 2014-06-10 21:43 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-05 21:57 - 2014-02-25 21:31 - 00000132 _____ () C:\Users\bananaf4p\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-06-04 23:49 - 2014-06-04 23:46 - 00000000 ____D () C:\Users\bananaf4p\AppData\Roaming\To the Moon - Freebird Games
2014-06-04 20:51 - 2014-06-04 20:51 - 00000000 ____D () C:\Users\bananaf4p\AppData\Local\BIT.TRIP BEAT
2014-06-04 20:51 - 2014-01-06 17:43 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-06-04 20:51 - 2013-09-29 11:43 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2014-06-04 20:51 - 2013-09-29 11:43 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2014-06-04 20:51 - 2013-09-29 11:43 - 00122904 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2014-06-04 20:51 - 2013-09-29 11:43 - 00109080 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2014-06-04 20:51 - 2013-09-29 11:43 - 00000000 ____D () C:\Program Files (x86)\OpenAL
2014-06-04 18:54 - 2014-06-04 18:54 - 00000000 ____D () C:\Users\bananaf4p\Documents\Larian Studios
2014-06-03 20:22 - 2014-05-25 14:09 - 00000000 ____D () C:\Users\bananaf4p\Desktop\Pokemon new
2014-06-03 00:31 - 2014-06-03 00:31 - 00000136 _____ () C:\Users\bananaf4p\Desktop\Bulbasaur_Black(Black001).pkm
2014-06-02 23:16 - 2014-06-02 23:16 - 00000000 ____D () C:\Users\bananaf4p\AppData\Local\Harebrained Schemes
2014-06-02 20:08 - 2014-06-02 19:54 - 00000000 ____D () C:\ProgramData\sangFroidData
2014-06-02 20:07 - 2014-06-02 20:07 - 00000000 ____D () C:\Users\bananaf4p\AppData\Local\3DVIA
2014-06-02 00:08 - 2014-06-02 00:08 - 00001845 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-06-02 00:08 - 2014-06-02 00:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-06-02 00:08 - 2014-05-16 18:45 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-06-02 00:07 - 2014-06-02 00:07 - 00001545 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-06-02 00:07 - 2014-06-02 00:07 - 00000000 ____D () C:\Program Files\iTunes
2014-06-02 00:07 - 2014-06-02 00:07 - 00000000 ____D () C:\Program Files\iPod
2014-06-01 23:22 - 2014-06-01 22:24 - 00000000 ____D () C:\Users\bananaf4p\AppData\Roaming\DAEMON Tools Lite
2014-06-01 23:21 - 2014-06-01 22:18 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2014-06-01 23:01 - 2014-06-01 23:01 - 00002958 _____ () C:\Windows\System32\Tasks\{3A7F5A92-9D42-4774-9679-A384C18EB3D3}
2014-06-01 23:01 - 2014-06-01 23:01 - 00000000 ____D () C:\Windows\SysWOW64\Wave
2014-06-01 23:01 - 2014-06-01 23:01 - 00000000 ____D () C:\Windows\SysWOW64\StateSave
2014-06-01 23:01 - 2014-06-01 23:01 - 00000000 ____D () C:\Windows\SysWOW64\Snapshot
2014-06-01 23:01 - 2014-06-01 23:01 - 00000000 ____D () C:\Windows\SysWOW64\Setting
2014-06-01 23:01 - 2014-06-01 23:01 - 00000000 ____D () C:\Windows\SysWOW64\CDIndex
2014-06-01 23:01 - 2014-06-01 23:01 - 00000000 ____D () C:\Windows\SysWOW64\Backup
2014-06-01 22:27 - 2014-06-01 22:25 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-06-01 22:24 - 2014-06-01 22:24 - 00386680 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys
2014-06-01 22:13 - 2014-06-01 22:13 - 00000000 ____D () C:\ProgramData\DAEMON Tools Ultra
2014-05-30 21:38 - 2014-01-07 18:36 - 00000000 ____D () C:\Users\bananaf4p\AppData\Roaming\Doublefine
2014-05-30 19:17 - 2014-05-23 09:10 - 00000000 ____D () C:\Users\bananaf4p\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-05-30 04:21 - 2014-06-10 21:44 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 04:02 - 2014-06-10 21:44 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 04:02 - 2014-06-10 21:44 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 03:45 - 2014-06-10 21:44 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 03:39 - 2014-06-10 21:44 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 03:39 - 2014-06-10 21:44 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 03:38 - 2014-06-10 21:44 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 03:28 - 2014-06-10 21:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 03:27 - 2014-06-10 21:44 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 03:24 - 2014-06-10 21:44 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 03:21 - 2014-06-10 21:44 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 03:21 - 2014-06-10 21:44 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 03:20 - 2014-06-10 21:44 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 03:18 - 2014-06-10 21:44 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 03:11 - 2014-06-10 21:44 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 03:08 - 2014-06-10 21:44 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 03:06 - 2014-06-10 21:44 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 03:02 - 2014-06-10 21:44 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 02:55 - 2014-06-10 21:44 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 02:49 - 2014-06-10 21:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 02:46 - 2014-06-10 21:44 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 02:44 - 2014-06-10 21:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 02:44 - 2014-06-10 21:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 02:43 - 2014-06-10 21:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 02:42 - 2014-06-10 21:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 02:38 - 2014-06-10 21:44 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 02:35 - 2014-06-10 21:44 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 02:34 - 2014-06-10 21:44 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 02:33 - 2014-06-10 21:44 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 02:30 - 2014-06-10 21:44 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 02:29 - 2014-06-10 21:44 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 02:28 - 2014-06-10 21:44 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 02:27 - 2014-06-10 21:44 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 02:24 - 2014-06-10 21:44 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 02:23 - 2014-06-10 21:44 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 02:16 - 2014-06-10 21:44 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 02:10 - 2014-06-10 21:44 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 02:06 - 2014-06-10 21:44 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 02:04 - 2014-06-10 21:44 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 02:02 - 2014-06-10 21:44 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 01:56 - 2014-06-10 21:44 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 01:56 - 2014-06-10 21:44 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 01:54 - 2014-06-10 21:44 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 01:50 - 2014-06-10 21:44 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 01:49 - 2014-06-10 21:44 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 01:43 - 2014-06-10 21:44 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 01:40 - 2014-06-10 21:44 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 01:30 - 2014-06-10 21:44 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 01:21 - 2014-06-10 21:44 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 01:15 - 2014-06-10 21:44 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 01:13 - 2014-06-10 21:44 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 01:13 - 2014-06-10 21:44 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-29 13:29 - 2014-05-29 13:29 - 00000000 ____D () C:\Users\bananaf4p\Documents\Reus
2014-05-27 23:53 - 2013-09-28 22:25 - 00000000 ____D () C:\Users\bananaf4p\AppData\Local\VirtualStore
2014-05-26 17:07 - 2013-09-30 17:55 - 00000000 ____D () C:\Users\bananaf4p\Documents\my games

Some content of TEMP:
====================
C:\Users\bananaf4p\AppData\Local\Temp\bitool.dll
C:\Users\bananaf4p\AppData\Local\Temp\ftd2xx5878503245972666120.dll
C:\Users\bananaf4p\AppData\Local\Temp\jna6726008173407865255.dll
C:\Users\bananaf4p\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\bananaf4p\AppData\Local\Temp\LiveSupport_setup.exe
C:\Users\bananaf4p\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\bananaf4p\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\bananaf4p\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\bananaf4p\AppData\Local\Temp\nvStInst.exe
C:\Users\bananaf4p\AppData\Local\Temp\OptimizerPro.exe
C:\Users\bananaf4p\AppData\Local\Temp\optprosetup.exe
C:\Users\bananaf4p\AppData\Local\Temp\x2blapi.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-18 10:25

==================== End Of Log ============================

Link to post
Share on other sites

Yes, looks good.

Let´s do a final check:

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

Link to post
Share on other sites

hmm found some problems i guess

 

~~~ESET online scanner~~~

 

C:\Users\bananaf4p\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PI4VTCTR\BiTool[1].dll    Win32/Somoto.C potentially unwanted application
C:\Users\bananaf4p\AppData\Local\Temp\OptimizerPro.exe    a variant of Win32/AdWare.SpeedingUpMyPC.N application
C:\Users\bananaf4p\AppData\Local\Temp\optprosetup.exe    multiple threats
C:\Users\bananaf4p\Downloads\spsetup123.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\firefox downloads\ccsetup407.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\firefox downloads\ccsetup413.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\firefox downloads\ccsetup414.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\firefox downloads\easyminer.exe    a variant of Win32/BitCoinMiner.AN potentially unsafe application
D:\firefox downloads\SFInstaller_SFFZ_filezilla_8992693_.exe    a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
D:\firefox downloads\Shockwave_Installer_Slim.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\firefox downloads\spsetup123(1).exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\firefox downloads\spsetup123.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\firefox downloads\spsetup124.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\programs\remo-recover-windows.exe    Win32/MyPCBackup.A potentially unwanted application
D:\Torrent Download\Adobe Illustrator CS6 16.2.0 (32-64 bit) [ChingLiu]\1.Application manager - Patch painter\aam-patch.painter.exe    a variant of Win32/HackTool.Patcher.AD potentially unsafe application
D:\Torrent Download\Adobe Photoshop CS6 13.1.2 Extended Multilanguage [ChingLiu]\1.Application manager - Patch painter\aam-patch.painter.exe    a variant of Win32/HackTool.Patcher.AD potentially unsafe application
D:\Torrent Download\Adobe Premiere Pro CS5 [Win]-[CyberPiraten]\Activation Blocker [CS5] v2.0.bat    BAT/HostsChanger.A potentially unsafe application
 

Link to post
Share on other sites

These programs aren´t malware but contain security risks. I would delete them immediately - your choice.

 

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[s1].txt also




Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.





SecurityCheck

Reboot your system before starting!

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.

Link to post
Share on other sites

  • 1 month later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.