Jump to content

infected laptop ... redirects and more


CWB

Recommended Posts

this is a friend's machine , you wouldn't believe the crud that was installed in an attempt to clean things up .

i have removed some of the junk/mal/scumware and conflicting/redundant "anti" programs .

i could not dl FRST from this machine ... blocked/redirected .

i have to dl on another machine and transfer the tool(s) over .

thanks in advance .

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-08-2014
Ran by Eunice (administrator) on EUNICE-PC on 22-08-2014 05:21:14
Running from C:\Users\Eunice\Desktop
Platform: Microsoft® Windows Vista™ Business  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [soundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1183744 2007-02-21] (Analog Devices, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-21] (AVAST Software)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\.DEFAULT\...\RunOnce: [KodakHomeCenter] => C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe [2236792 2013-03-15] (Eastman Kodak Company)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2753105887-202964819-3472692132-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_77_Plugin.exe [841096 2014-03-11] (Adobe Systems Incorporated)
HKU\S-1-5-21-2753105887-202964819-3472692132-1000\...\MountPoints2: {c2dc128f-091d-11e2-9271-001a6b7f90e4} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Info.exe protect.ed 480 480
HKLM\...\AppCertDlls: [x86] -> C:\Program Files\Settings Manager\smdmf\sysapcrt.dll
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope {34CF5EE1-1997-4B50-9290-72EBB10BECD6} URL =
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=100&itype=u&ver=13531&tm=-15857&src=ds&p={searchTerms}
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={C9F3D6C4-4029-4329-82BA-6A5E88950B35}&mid=c1dce11b65d34dfd8b18c95e1d52f584-34a97be74bcdf454d0837f7d2fd283ffeea14af7〈=en&ds=ft013&coid=avgtbdisft&cmpid=&pr=sa&d=2014-02-18 15:17:40&v=18.0.5.292&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={C9F3D6C4-4029-4329-82BA-6A5E88950B35}&mid=c1dce11b65d34dfd8b18c95e1d52f584-34a97be74bcdf454d0837f7d2fd283ffeea14af7〈=en&ds=ft013&coid=avgtbdisft&cmpid=&pr=sa&d=2014-02-18 15:17:40&v=18.0.5.292&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=100&itype=u&ver=13531&tm=-15857&src=ds&p={searchTerms}
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Tcpip\Parameters: [DhcpNameServer] 24.220.0.10 24.220.0.11 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Eunice\AppData\Roaming\Mozilla\Firefox\Profiles\d6l4v9hm.default
FF Homepage: hxxp://search.conduit.com/?ctid=CT3291325&CUI=UN38063915896703205&UM=2&SearchSource=13
FF Keyword.URL: hxxp://trovi.com/ResultsExt.aspx?ctid=CT3289663&SearchSource=2&CUI=UN18707353961068112&UM=&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF user.js: detected! => C:\Users\Eunice\AppData\Roaming\Mozilla\Firefox\Profiles\d6l4v9hm.default\user.js
FF SearchPlugin: C:\Users\Eunice\AppData\Roaming\Mozilla\Firefox\Profiles\d6l4v9hm.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-09-28]
FF HKLM\...\Firefox\Extensions: [lesstabs@lesstabs.com] - C:\Program Files\Mozilla Firefox\extensions\lesstabs@lesstabs.com
FF HKCU\...\Firefox\Extensions: [{c74218e4-e1ee-470d-9d3f-b40d6defe033}] - C:\Program Files\LyricSing\133.xpi

Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\Eunice\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-16]
CHR Extension: (Google Drive) - C:\Users\Eunice\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Eunice\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-14]
CHR Extension: (YouTube) - C:\Users\Eunice\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-16]
CHR Extension: (Google Search) - C:\Users\Eunice\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-16]
CHR Extension: (Google Wallet) - C:\Users\Eunice\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-14]
CHR Extension: (Gmail) - C:\Users\Eunice\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-16]
CHR HKLM\...\Chrome\Extension: [npffmjkglbnioaoncpfmdbmehnbcldfh] - C:\Program Files\LyricSing\133.crx [2013-08-16]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-21] (AVAST Software)
S4 Kodak AiO Network Discovery Service; C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe [395640 2013-03-15] (Eastman Kodak Company)
S4 Kodak AiO Status Monitor Service; C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [780152 2013-01-15] (Eastman Kodak Company)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-08-21] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-08-21] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55112 2014-08-21] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-08-21] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-08-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-08-21] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57800 2014-08-21] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-08-21] ()
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [62216 2013-06-01] (FTDI Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-22] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R3 rismc32; C:\Windows\System32\DRIVERS\rismc32.sys [47616 2006-12-19] (RICOH Company, Ltd.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2014-08-19] ()
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U2 TMAgent;

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-22 05:21 - 2014-08-22 05:21 - 00012614 _____ () C:\Users\Eunice\Desktop\FRST.txt
2014-08-22 05:21 - 2014-08-22 05:21 - 00000000 ____D () C:\FRST
2014-08-22 05:18 - 2014-08-22 04:51 - 01094144 _____ (Farbar) C:\Users\Eunice\Desktop\FRST.exe
2014-08-22 05:01 - 2013-07-10 05:57 - 00204312 _____ (Trend Micro Inc.) C:\Windows\TmNSCIns.dll
2014-08-22 05:01 - 2012-05-02 14:27 - 00319456 _____ (Microsoft Corporation) C:\Windows\DIFxAPI.dll
2014-08-22 03:34 - 2014-08-22 03:34 - 00000000 ____D () C:\Users\Eunice\AppData\Roaming\AVAST Software
2014-08-21 21:36 - 2014-08-22 04:55 - 00000795 _____ () C:\Windows\setupact.log
2014-08-21 21:36 - 2014-08-21 21:36 - 00001873 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-21 21:36 - 2014-08-21 21:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-08-21 21:36 - 2014-08-21 21:36 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-21 21:34 - 2014-08-21 21:35 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-21 21:34 - 2014-08-21 21:34 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-21 21:34 - 2014-08-21 21:34 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-21 21:34 - 2014-08-21 21:34 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-21 21:34 - 2014-08-21 21:34 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-21 21:34 - 2014-08-21 21:34 - 00057800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-08-21 21:34 - 2014-08-21 21:34 - 00055112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2014-08-21 21:34 - 2014-08-21 21:34 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-21 21:34 - 2014-08-21 21:34 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-21 21:34 - 2014-08-21 21:34 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-21 21:32 - 2014-08-21 21:32 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-21 21:29 - 2014-08-21 21:32 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-21 21:26 - 2014-08-21 21:26 - 04862664 _____ (AVAST Software) C:\Users\Guest\Desktop\avast_free_antivirus_setup_online.exe
2014-08-21 21:16 - 2014-08-22 05:04 - 00752112 _____ () C:\Windows\PFRO.log
2014-08-21 21:16 - 2014-08-21 21:16 - 00049952 _____ () C:\Users\Eunice\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-21 21:13 - 2014-08-21 21:13 - 00001060 _____ () C:\Users\Guest\Desktop\stuff.txt
2014-08-21 20:46 - 2014-08-22 05:05 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-21 20:45 - 2014-08-21 20:45 - 00000899 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-21 20:45 - 2014-08-21 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-21 20:45 - 2014-08-21 20:45 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-21 20:45 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-21 20:45 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-21 20:45 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-21 20:44 - 2014-08-21 20:44 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Guest\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-21 20:44 - 2014-08-21 20:44 - 00000000 ____D () C:\Users\Guest\AppData\Local\Macromedia
2014-08-21 19:57 - 2014-08-21 21:16 - 00000000 ____D () C:\SUPERDelete
2014-08-21 19:56 - 2014-08-22 03:56 - 00000512 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task af44188d-5eba-439b-9568-77d11f6274c9.job
2014-08-21 19:56 - 2014-08-21 21:16 - 00000512 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 95252d12-7698-4ea2-a304-6bf92bf3dd30.job
2014-08-21 19:56 - 2014-08-21 19:56 - 00001800 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2014-08-21 19:56 - 2014-08-21 19:56 - 00000000 ____D () C:\Users\Eunice\AppData\Roaming\SUPERAntiSpyware.com
2014-08-21 19:56 - 2014-08-21 19:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-08-21 19:55 - 2014-08-21 21:18 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-08-21 19:55 - 2014-08-21 19:55 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-08-21 19:38 - 2014-08-21 19:38 - 00001057 _____ () C:\Users\Eunice\Desktop\Revo Uninstaller.lnk
2014-08-21 19:38 - 2014-08-21 19:38 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-08-21 19:34 - 2014-08-21 19:36 - 00000000 ____D () C:\CCREGBACKUPS
2014-08-21 19:27 - 2014-08-21 19:27 - 00000804 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-21 19:27 - 2014-08-21 19:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-21 19:27 - 2014-08-21 19:27 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-21 19:25 - 2014-08-21 19:25 - 18840560 _____ (SUPERAntiSpyware) C:\Users\Guest\Desktop\SUPERAntiSpyware.exe
2014-08-21 19:24 - 2014-08-21 19:24 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Mozilla
2014-08-21 19:24 - 2014-08-21 19:24 - 00000000 ____D () C:\Users\Guest\AppData\Local\Mozilla
2014-08-21 19:23 - 2014-08-21 19:23 - 00000858 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-21 19:23 - 2014-08-21 19:23 - 00000846 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-21 19:23 - 2014-08-21 19:23 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-08-19 16:32 - 2014-08-19 16:32 - 00230896 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-19 14:32 - 2014-08-19 15:01 - 00000000 ____D () C:\ProgramData\Max Secure
2014-08-19 14:09 - 2014-08-19 14:10 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\GetRightToGo
2014-08-19 14:09 - 2014-08-19 14:09 - 00000000 ____D () C:\Users\Guest\AppData\Local\Max Secure Software
2014-08-19 14:08 - 2014-08-19 14:08 - 00361666 _____ (RegNow.com) C:\Users\Guest\Downloads\Download_MaxSDDMnew.exe
2014-08-16 12:23 - 2014-08-16 12:25 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\dvdcss
2014-08-16 12:19 - 2014-08-19 16:15 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\vlc
2014-08-16 12:17 - 2014-08-16 12:17 - 00000859 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-08-16 12:17 - 2014-08-16 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-08-16 12:15 - 2014-08-16 12:15 - 00000000 ____D () C:\Program Files\VideoLAN
2014-08-16 12:10 - 2014-08-16 12:11 - 79580504 _____ () C:\Users\Guest\Downloads\vlcmediaplayer-setup.exe
2014-08-16 12:00 - 2014-08-16 12:00 - 00004608 _____ () C:\Users\Guest\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-15 20:52 - 2014-08-16 05:44 - 00000000 ____D () C:\ProgramData\TEMP
2014-08-15 20:52 - 2014-08-15 20:52 - 00000000 ____D () C:\Users\Guest\Documents\All Media Converter Output
2014-08-15 20:52 - 2014-08-15 20:52 - 00000000 ____D () C:\ProgramData\Licenses
2014-08-15 20:39 - 2014-08-15 20:40 - 02015552 _____ (DriverBoost) C:\Users\Guest\Downloads\DriverBoostPro_Setup.exe
2014-08-15 06:42 - 2014-08-15 06:42 - 00096684 _____ () C:\ProgramData\1408102743.bdinstall.bin
2014-08-15 06:39 - 2014-08-15 06:39 - 00037408 _____ () C:\ProgramData\1408102737.bdinstall.bin
2014-08-15 06:15 - 2014-08-15 06:15 - 00251230 _____ () C:\ProgramData\1408099991.bdinstall.bin
2014-08-15 06:05 - 2012-11-02 14:17 - 00242504 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2014-08-14 20:03 - 2014-08-14 20:03 - 00000000 ____D () C:\Users\Guest\AppData\Local\TuneUp Software
2014-08-14 19:52 - 2014-08-14 19:52 - 00000000 ____D () C:\Users\Eunice\AppData\Local\TuneUp Software
2014-08-14 19:43 - 2014-08-14 20:04 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-08-14 19:43 - 2014-08-14 19:53 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-08-14 19:42 - 2014-08-14 19:43 - 28369720 _____ (TuneUp Software) C:\Users\Guest\Downloads\TuneUpUtilities2014_en-US.exe
2014-08-14 16:41 - 2014-08-14 16:41 - 00000000 ____D () C:\Users\Guest\AppData\Local\Eastman Kodak Company
2014-08-14 15:18 - 2014-06-26 17:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-14 15:18 - 2014-06-26 17:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-14 15:18 - 2014-06-26 17:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-14 15:17 - 2014-06-05 23:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-14 15:16 - 2014-08-14 15:19 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Guest\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-13 20:47 - 2014-08-13 20:47 - 00000000 ____D () C:\ProgramData\WindowsSearch
2014-08-13 20:39 - 2014-08-13 20:51 - 00002053 _____ () C:\ProgramData\1407980316.7952.bin
2014-08-13 20:39 - 2014-08-13 20:51 - 00000189 _____ () C:\ProgramData\1407980316.5184.bin
2014-08-13 20:38 - 2014-08-13 20:39 - 00040562 _____ () C:\ProgramData\1407980316.7932.bin
2014-08-13 20:38 - 2014-08-13 20:38 - 00000000 ____D () C:\ProgramData\smdmf
2014-08-13 20:02 - 2014-08-13 20:03 - 00000339 _____ () C:\ProgramData\1407978116.6700.bin
2014-08-13 20:02 - 2014-08-13 20:02 - 00002052 _____ () C:\ProgramData\1407978116.928.bin
2014-08-13 20:01 - 2014-08-15 06:00 - 00000000 ____D () C:\Users\Eunice\AppData\Roaming\QuickScan
2014-08-13 20:01 - 2014-08-13 20:09 - 00040393 _____ () C:\ProgramData\1407978116.6864.bin
2014-08-13 20:01 - 2014-08-13 20:01 - 00000000 ____D () C:\Program Files\Settings Manager
2014-08-13 20:00 - 2014-08-13 20:02 - 13954264 _____ () C:\Users\Eunice\Desktop\allmediaconverter_installer_st_oo.exe
2014-08-13 19:58 - 2014-08-16 06:35 - 00029513 _____ () C:\Users\Guest\AppData\Roaming\setup.exe
2014-08-13 19:48 - 2014-08-13 19:48 - 00001971 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-13 19:48 - 2014-08-13 19:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-13 19:45 - 2014-08-22 04:50 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-13 19:45 - 2014-08-21 21:16 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-13 19:44 - 2014-08-13 19:48 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-08-13 19:42 - 2014-08-13 19:42 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe
2014-08-13 19:35 - 2014-08-13 20:22 - 00209432 _____ () C:\Windows\RegBootClean.exe
2014-08-13 15:44 - 2014-07-07 19:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-13 15:44 - 2014-06-13 19:44 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 15:44 - 2014-06-13 19:33 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-13 15:44 - 2014-06-02 05:31 - 02263552 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 15:44 - 2014-06-02 05:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 15:44 - 2014-06-02 05:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 15:44 - 2014-06-02 05:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-08-13 15:44 - 2014-06-02 03:56 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 15:43 - 2014-07-24 23:26 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-13 15:43 - 2014-07-24 21:53 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-13 15:43 - 2014-07-24 13:07 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-13 15:43 - 2014-07-24 12:58 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-13 15:43 - 2014-07-24 12:57 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-13 15:43 - 2014-07-24 12:52 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-13 15:43 - 2014-07-24 12:51 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-13 15:43 - 2014-07-24 12:51 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-13 15:43 - 2014-07-24 12:50 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-13 15:43 - 2014-07-24 12:50 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-13 15:43 - 2014-07-24 12:49 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-13 15:43 - 2014-07-24 12:49 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-13 15:43 - 2014-07-24 12:49 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-13 15:43 - 2014-07-24 12:49 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-13 15:43 - 2014-07-24 12:49 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-13 15:43 - 2014-07-24 12:48 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-13 15:43 - 2014-07-24 12:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-13 15:43 - 2014-07-24 12:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-13 15:43 - 2014-07-24 12:48 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-13 15:43 - 2014-07-24 12:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-13 15:43 - 2014-07-24 12:48 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-13 15:43 - 2014-07-24 12:48 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-08-13 15:43 - 2014-07-24 12:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-13 14:29 - 2014-08-13 14:29 - 00000000 _____ () C:\Users\Guest\AppData\Local\QSwitch.txt
2014-08-13 14:29 - 2014-08-13 14:29 - 00000000 _____ () C:\Users\Guest\AppData\Local\DSwitch.txt
2014-08-13 14:29 - 2014-08-13 14:29 - 00000000 _____ () C:\Users\Guest\AppData\Local\AtStart.txt
2014-08-13 14:27 - 2014-08-13 14:27 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\NCH Software
2014-08-13 14:26 - 2014-08-19 15:55 - 00049952 _____ () C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-13 14:26 - 2014-08-15 20:49 - 00000944 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-08-13 14:26 - 2014-08-13 14:26 - 00000949 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-13 14:25 - 2014-08-13 14:25 - 00000915 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2014-08-13 14:25 - 2014-08-13 14:25 - 00000000 ____D () C:\Users\Guest\AppData\Local\VirtualStore
2014-08-13 14:21 - 2014-08-14 20:03 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\TuneUp Software
2014-08-13 14:21 - 2014-08-13 14:26 - 00000000 ____D () C:\Users\Guest
2014-08-13 14:21 - 2014-08-13 14:21 - 00000020 ___SH () C:\Users\Guest\ntuser.ini
2014-08-13 14:21 - 2013-08-22 09:12 - 00004964 _____ () C:\Users\Guest\AppData\Local\installer.log
2014-08-13 14:21 - 2013-08-21 16:16 - 00800824 _____ (Microsoft Corporation) C:\Users\Guest\AppData\Roaming\DPInst.exe
2014-08-13 14:21 - 2013-08-21 16:16 - 00106496 _____ (Microsoft Corporation) C:\Users\Guest\AppData\Roaming\gacutil.exe
2014-08-13 14:21 - 2013-08-21 16:16 - 00036352 _____ (Microsoft Corporation) C:\Users\Guest\AppData\Roaming\PnPutil.exe
2014-08-13 14:21 - 2013-08-21 16:16 - 00000181 _____ () C:\Users\Guest\AppData\Roaming\gacutil.exe.config
2014-08-13 14:21 - 2013-08-21 16:16 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\KODAK AiO Home Center337893012
2014-08-13 14:21 - 2013-06-01 15:45 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Macromedia
2014-08-13 14:21 - 2012-10-25 13:03 - 00000000 ____D () C:\Users\Guest\AppData\Local\Eastman_Kodak_Company
2014-08-13 14:21 - 2012-10-25 12:56 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Temp
2014-08-13 14:21 - 2012-10-25 12:56 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\KODAK AiO Home Center98805086
2014-08-13 14:21 - 2012-09-28 17:40 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\hpqLog
2014-08-13 14:21 - 2008-01-20 21:43 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-08-13 14:21 - 2008-01-20 21:43 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-22 05:21 - 2014-08-22 05:21 - 00012614 _____ () C:\Users\Eunice\Desktop\FRST.txt
2014-08-22 05:21 - 2014-08-22 05:21 - 00000000 ____D () C:\FRST
2014-08-22 05:09 - 2008-01-20 20:39 - 01571988 _____ () C:\Windows\WindowsUpdate.log
2014-08-22 05:05 - 2014-08-21 20:46 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-22 05:05 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-22 05:05 - 2006-11-02 07:47 - 00004880 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-22 05:05 - 2006-11-02 07:47 - 00004880 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-22 05:04 - 2014-08-21 21:16 - 00752112 _____ () C:\Windows\PFRO.log
2014-08-22 05:03 - 2012-09-27 22:35 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-08-22 05:03 - 2006-11-02 08:01 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-22 05:02 - 2013-09-29 14:02 - 00000000 ____D () C:\ProgramData\Trend Micro
2014-08-22 05:00 - 2013-09-29 13:33 - 00000000 ____D () C:\Users\Eunice\AppData\Local\Trend Micro
2014-08-22 04:56 - 2006-11-02 05:33 - 00759542 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-22 04:55 - 2014-08-21 21:36 - 00000795 _____ () C:\Windows\setupact.log
2014-08-22 04:51 - 2014-08-22 05:18 - 01094144 _____ (Farbar) C:\Users\Eunice\Desktop\FRST.exe
2014-08-22 04:50 - 2014-08-13 19:45 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-22 04:29 - 2012-10-22 10:39 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-22 04:19 - 2013-09-30 19:52 - 00000306 _____ () C:\Windows\Tasks\PrintProjects Communicator.job
2014-08-22 03:56 - 2014-08-21 19:56 - 00000512 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task af44188d-5eba-439b-9568-77d11f6274c9.job
2014-08-22 03:39 - 2014-02-25 00:45 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-08-22 03:34 - 2014-08-22 03:34 - 00000000 ____D () C:\Users\Eunice\AppData\Roaming\AVAST Software
2014-08-21 21:36 - 2014-08-21 21:36 - 00001873 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-21 21:36 - 2014-08-21 21:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-08-21 21:36 - 2014-08-21 21:36 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-21 21:35 - 2014-08-21 21:34 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-21 21:34 - 2014-08-21 21:34 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-21 21:34 - 2014-08-21 21:34 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-21 21:34 - 2014-08-21 21:34 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-21 21:34 - 2014-08-21 21:34 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-21 21:34 - 2014-08-21 21:34 - 00057800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-08-21 21:34 - 2014-08-21 21:34 - 00055112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2014-08-21 21:34 - 2014-08-21 21:34 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-21 21:34 - 2014-08-21 21:34 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-21 21:34 - 2014-08-21 21:34 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-21 21:32 - 2014-08-21 21:32 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-21 21:32 - 2014-08-21 21:29 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-21 21:26 - 2014-08-21 21:26 - 04862664 _____ (AVAST Software) C:\Users\Guest\Desktop\avast_free_antivirus_setup_online.exe
2014-08-21 21:18 - 2014-08-21 19:55 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-08-21 21:16 - 2014-08-21 21:16 - 00049952 _____ () C:\Users\Eunice\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-21 21:16 - 2014-08-21 19:57 - 00000000 ____D () C:\SUPERDelete
2014-08-21 21:16 - 2014-08-21 19:56 - 00000512 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 95252d12-7698-4ea2-a304-6bf92bf3dd30.job
2014-08-21 21:16 - 2014-08-13 19:45 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-21 21:13 - 2014-08-21 21:13 - 00001060 _____ () C:\Users\Guest\Desktop\stuff.txt
2014-08-21 20:45 - 2014-08-21 20:45 - 00000899 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-21 20:45 - 2014-08-21 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-21 20:45 - 2014-08-21 20:45 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-21 20:44 - 2014-08-21 20:44 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Guest\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-21 20:44 - 2014-08-21 20:44 - 00000000 ____D () C:\Users\Guest\AppData\Local\Macromedia
2014-08-21 19:56 - 2014-08-21 19:56 - 00001800 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2014-08-21 19:56 - 2014-08-21 19:56 - 00000000 ____D () C:\Users\Eunice\AppData\Roaming\SUPERAntiSpyware.com
2014-08-21 19:56 - 2014-08-21 19:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-08-21 19:55 - 2014-08-21 19:55 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-08-21 19:38 - 2014-08-21 19:38 - 00001057 _____ () C:\Users\Eunice\Desktop\Revo Uninstaller.lnk
2014-08-21 19:38 - 2014-08-21 19:38 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-08-21 19:36 - 2014-08-21 19:34 - 00000000 ____D () C:\CCREGBACKUPS
2014-08-21 19:27 - 2014-08-21 19:27 - 00000804 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-21 19:27 - 2014-08-21 19:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-21 19:27 - 2014-08-21 19:27 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-21 19:25 - 2014-08-21 19:25 - 18840560 _____ (SUPERAntiSpyware) C:\Users\Guest\Desktop\SUPERAntiSpyware.exe
2014-08-21 19:24 - 2014-08-21 19:24 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Mozilla
2014-08-21 19:24 - 2014-08-21 19:24 - 00000000 ____D () C:\Users\Guest\AppData\Local\Mozilla
2014-08-21 19:23 - 2014-08-21 19:23 - 00000858 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-21 19:23 - 2014-08-21 19:23 - 00000846 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-21 19:23 - 2014-08-21 19:23 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-08-21 19:23 - 2013-07-13 18:04 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-08-19 17:27 - 2013-08-21 16:15 - 00000000 ____D () C:\ProgramData\PrintProjects
2014-08-19 16:32 - 2014-08-19 16:32 - 00230896 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-19 16:22 - 2012-09-27 23:29 - 00000000 ____D () C:\Windows\Panther
2014-08-19 16:15 - 2014-08-16 12:19 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\vlc
2014-08-19 15:55 - 2014-08-13 14:26 - 00049952 _____ () C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-19 15:01 - 2014-08-19 14:32 - 00000000 ____D () C:\ProgramData\Max Secure
2014-08-19 14:10 - 2014-08-19 14:09 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\GetRightToGo
2014-08-19 14:09 - 2014-08-19 14:09 - 00000000 ____D () C:\Users\Guest\AppData\Local\Max Secure Software
2014-08-19 14:08 - 2014-08-19 14:08 - 00361666 _____ (RegNow.com) C:\Users\Guest\Downloads\Download_MaxSDDMnew.exe
2014-08-19 12:09 - 2013-08-16 15:25 - 00013464 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2014-08-19 11:55 - 2012-09-29 04:31 - 00000000 ____D () C:\Users\Eunice\AppData\Roaming\vlc
2014-08-16 12:25 - 2014-08-16 12:23 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\dvdcss
2014-08-16 12:17 - 2014-08-16 12:17 - 00000859 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-08-16 12:17 - 2014-08-16 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-08-16 12:15 - 2014-08-16 12:15 - 00000000 ____D () C:\Program Files\VideoLAN
2014-08-16 12:11 - 2014-08-16 12:10 - 79580504 _____ () C:\Users\Guest\Downloads\vlcmediaplayer-setup.exe
2014-08-16 12:11 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\Resources
2014-08-16 12:00 - 2014-08-16 12:00 - 00004608 _____ () C:\Users\Guest\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-16 06:35 - 2014-08-13 19:58 - 00029513 _____ () C:\Users\Guest\AppData\Roaming\setup.exe
2014-08-16 05:57 - 2012-10-23 11:16 - 00026624 _____ () C:\Users\Eunice\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-16 05:44 - 2014-08-15 20:52 - 00000000 ____D () C:\ProgramData\TEMP
2014-08-16 04:36 - 2013-08-14 18:51 - 00000000 ____D () C:\Program Files\NCH Software
2014-08-16 04:35 - 2013-08-14 18:51 - 00000000 ____D () C:\ProgramData\NCH Software
2014-08-15 20:52 - 2014-08-15 20:52 - 00000000 ____D () C:\Users\Guest\Documents\All Media Converter Output
2014-08-15 20:52 - 2014-08-15 20:52 - 00000000 ____D () C:\ProgramData\Licenses
2014-08-15 20:49 - 2014-08-13 14:26 - 00000944 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-08-15 20:40 - 2014-08-15 20:39 - 02015552 _____ (DriverBoost) C:\Users\Guest\Downloads\DriverBoostPro_Setup.exe
2014-08-15 06:42 - 2014-08-15 06:42 - 00096684 _____ () C:\ProgramData\1408102743.bdinstall.bin
2014-08-15 06:39 - 2014-08-15 06:39 - 00037408 _____ () C:\ProgramData\1408102737.bdinstall.bin
2014-08-15 06:15 - 2014-08-15 06:15 - 00251230 _____ () C:\ProgramData\1408099991.bdinstall.bin
2014-08-15 06:06 - 2012-09-28 23:36 - 00000000 ____D () C:\Users\Eunice
2014-08-15 06:00 - 2014-08-13 20:01 - 00000000 ____D () C:\Users\Eunice\AppData\Roaming\QuickScan
2014-08-14 20:52 - 2012-10-23 10:54 - 00000000 ____D () C:\ProgramData\Kodak
2014-08-14 20:04 - 2014-08-14 19:43 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-08-14 20:03 - 2014-08-14 20:03 - 00000000 ____D () C:\Users\Guest\AppData\Local\TuneUp Software
2014-08-14 20:03 - 2014-08-13 14:21 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\TuneUp Software
2014-08-14 20:03 - 2013-08-16 13:00 - 00000000 ____D () C:\Users\Eunice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video Downloader
2014-08-14 19:53 - 2014-08-14 19:43 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-08-14 19:52 - 2014-08-14 19:52 - 00000000 ____D () C:\Users\Eunice\AppData\Local\TuneUp Software
2014-08-14 19:52 - 2012-10-22 11:11 - 00000000 ____D () C:\Users\Eunice\AppData\Roaming\TuneUp Software
2014-08-14 19:43 - 2014-08-14 19:42 - 28369720 _____ (TuneUp Software) C:\Users\Guest\Downloads\TuneUpUtilities2014_en-US.exe
2014-08-14 16:41 - 2014-08-14 16:41 - 00000000 ____D () C:\Users\Guest\AppData\Local\Eastman Kodak Company
2014-08-14 16:36 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-08-14 16:27 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\rescache
2014-08-14 15:42 - 2013-08-16 03:38 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-14 15:25 - 2006-11-02 05:24 - 96303304 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-08-14 15:21 - 2013-08-21 10:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-14 15:19 - 2014-08-14 15:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Guest\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-14 15:09 - 2014-03-30 20:14 - 00000000 ____D () C:\Windows\Minidump
2014-08-13 20:51 - 2014-08-13 20:39 - 00002053 _____ () C:\ProgramData\1407980316.7952.bin
2014-08-13 20:51 - 2014-08-13 20:39 - 00000189 _____ () C:\ProgramData\1407980316.5184.bin
2014-08-13 20:47 - 2014-08-13 20:47 - 00000000 ____D () C:\ProgramData\WindowsSearch
2014-08-13 20:39 - 2014-08-13 20:38 - 00040562 _____ () C:\ProgramData\1407980316.7932.bin
2014-08-13 20:38 - 2014-08-13 20:38 - 00000000 ____D () C:\ProgramData\smdmf
2014-08-13 20:37 - 2006-11-02 06:18 - 00000000 ___RD () C:\Users\Public
2014-08-13 20:22 - 2014-08-13 19:35 - 00209432 _____ () C:\Windows\RegBootClean.exe
2014-08-13 20:09 - 2014-08-13 20:01 - 00040393 _____ () C:\ProgramData\1407978116.6864.bin
2014-08-13 20:03 - 2014-08-13 20:02 - 00000339 _____ () C:\ProgramData\1407978116.6700.bin
2014-08-13 20:02 - 2014-08-13 20:02 - 00002052 _____ () C:\ProgramData\1407978116.928.bin
2014-08-13 20:02 - 2014-08-13 20:00 - 13954264 _____ () C:\Users\Eunice\Desktop\allmediaconverter_installer_st_oo.exe
2014-08-13 20:01 - 2014-08-13 20:01 - 00000000 ____D () C:\Program Files\Settings Manager
2014-08-13 19:48 - 2014-08-13 19:48 - 00001971 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-13 19:48 - 2014-08-13 19:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-13 19:48 - 2014-08-13 19:44 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-08-13 19:47 - 2013-08-16 14:50 - 00000000 ____D () C:\Program Files\Google
2014-08-13 19:42 - 2014-08-13 19:42 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe
2014-08-13 14:29 - 2014-08-13 14:29 - 00000000 _____ () C:\Users\Guest\AppData\Local\QSwitch.txt
2014-08-13 14:29 - 2014-08-13 14:29 - 00000000 _____ () C:\Users\Guest\AppData\Local\DSwitch.txt
2014-08-13 14:29 - 2014-08-13 14:29 - 00000000 _____ () C:\Users\Guest\AppData\Local\AtStart.txt
2014-08-13 14:27 - 2014-08-13 14:27 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\NCH Software
2014-08-13 14:26 - 2014-08-13 14:26 - 00000949 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-13 14:26 - 2014-08-13 14:21 - 00000000 ____D () C:\Users\Guest
2014-08-13 14:25 - 2014-08-13 14:25 - 00000915 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2014-08-13 14:25 - 2014-08-13 14:25 - 00000000 ____D () C:\Users\Guest\AppData\Local\VirtualStore
2014-08-13 14:21 - 2014-08-13 14:21 - 00000020 ___SH () C:\Users\Guest\ntuser.ini
2014-07-29 10:29 - 2013-02-23 16:38 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-24 23:26 - 2014-08-13 15:43 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-07-24 21:53 - 2014-08-13 15:43 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-24 13:07 - 2014-08-13 15:43 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-24 12:58 - 2014-08-13 15:43 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-24 12:57 - 2014-08-13 15:43 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-24 12:52 - 2014-08-13 15:43 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-24 12:51 - 2014-08-13 15:43 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-24 12:51 - 2014-08-13 15:43 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-24 12:50 - 2014-08-13 15:43 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-07-24 12:50 - 2014-08-13 15:43 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-24 12:49 - 2014-08-13 15:43 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-24 12:49 - 2014-08-13 15:43 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-24 12:49 - 2014-08-13 15:43 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-24 12:49 - 2014-08-13 15:43 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-24 12:49 - 2014-08-13 15:43 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-24 12:48 - 2014-08-13 15:43 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-24 12:48 - 2014-08-13 15:43 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-24 12:48 - 2014-08-13 15:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-24 12:48 - 2014-08-13 15:43 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-24 12:48 - 2014-08-13 15:43 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-07-24 12:48 - 2014-08-13 15:43 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-07-24 12:48 - 2014-08-13 15:43 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-07-24 12:47 - 2014-08-13 15:43 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-24 03:05 - 2013-02-23 16:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

Some content of TEMP:
====================
C:\Users\Eunice\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Eunice\AppData\Local\Temp\SDShelEx-win32.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-22 05:11

==================== End Of Log ============================

 

--------------------------------------------------------------------------------------------------------------------------------------------------------

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:21-08-2014
Ran by Eunice at 2014-08-22 05:21:58
Running from C:\Users\Eunice\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
aioscnnr (Version: 7.6.13.10 - Your Company Name) Hidden
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software)
C4USelfUpdater (Version: 1.00.0000 - Your Company Name) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
center (Version: 7.7.2.0 - Eastman Kodak Company) Hidden
essentials (Version: 7.7.2.0 - Eastman Kodak Company) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
H&R Block Deluxe + Efile + State 2012 (HKLM\...\{89D20029-0578-4D8D-979A-695C8D868868}) (Version: 12.05.7803 - HRB Technology, LLC.)
H&R Block Deluxe + Efile + State 2013 (HKLM\...\{EDE796DE-0A72-464D-9D21-F04BC41A092B}) (Version: 13.05.6502 - HRB Technology, LLC.)
H&R Block Minnesota 2012 (HKLM\...\{E19DE9C7-C80D-4439-9E55-028D84BD3E61}) (Version: 1.12.4701 - HRB Technology, LLC.)
H&R Block Minnesota 2013 (HKLM\...\{E48C9382-EDCD-45A7-A177-B55DCE785390}) (Version: 1.13.5001 - HRB Technology, LLC.)
HourGuard Time Sheet (HKLM\...\HourGuard) (Version: 1.46 - NCH Software)
HP Quick Launch Buttons (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.14.1 - Hewlett-Packard Company)
Kodak AIO Printer (Version: 7.7.2.0 - Eastman Kodak Company) Hidden
KODAK AiO Software (HKLM\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.7.6.0 - Eastman Kodak Company)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 en-US) (HKLM\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
ocr (Version: 6.2.3.50 - Eastman Kodak Company) Hidden
PreReq (Version: 6.2.4.0 - Eastman Kodak Company) Hidden
PrintMaster Gold 3.00 (HKLM\...\PrintMaster Gold 3.00) (Version:  - )
PrintProjects (HKLM\...\PrintProjects) (Version: 1.0.0.12272 - RocketLife Inc.)
QLBCASL (Version: 6.40.17.2 - Hewlett-Packard) Hidden
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2C06_hpZ1379z) (Version:  - )
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1130 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.24.0 - Synaptics Incorporated)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
VLC media player 2.0.0 (HKLM\...\VLC media player) (Version: 2.0.0 - VideoLAN)
Windows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (04/10/2012 2.08.24) (HKLM\...\4C8545EEB6143B6AD3858B5D1E0AEE76040B1435) (Version: 04/10/2012 2.08.24 - FTDI)
Windows Driver Package - FTDI CDM Driver Package - VCP Driver (04/10/2012 2.08.24) (HKLM\...\6849F67BACD4DA5A5B9D46803E6850D0BE8B3826) (Version: 04/10/2012 2.08.24 - FTDI)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

20-06-2014 14:10:11 Windows Update
25-06-2014 17:13:40 Windows Update
28-06-2014 22:39:27 Windows Update
02-07-2014 17:00:03 Windows Update
06-07-2014 20:12:03 Windows Update
09-07-2014 20:39:01 Windows Update
13-07-2014 18:53:50 Windows Update
15-07-2014 17:53:25 Windows Update
19-07-2014 20:44:02 Windows Update
23-07-2014 06:28:39 Windows Update
24-07-2014 08:00:13 Windows Update
28-07-2014 21:36:29 Windows Update
08-08-2014 00:46:19 Windows Update
14-08-2014 19:50:43 Windows Update
15-08-2014 00:45:01 Installed TuneUp Utilities 2014
15-08-2014 10:51:03 Windows Update
15-08-2014 11:06:11 Device Driver Package Install: BITDEFENDER S.R.L. System devices
16-08-2014 01:42:04 Installed DriverBoost.
16-08-2014 09:29:59 Windows Update
19-08-2014 17:13:04 Windows Update
19-08-2014 20:05:26 Installed Spyware Detector
22-08-2014 00:39:10 Revo Uninstaller's restore point - TuneUp Utilities 2014
22-08-2014 00:40:16 Removed TuneUp Utilities 2014
22-08-2014 00:41:36 Removed TuneUp Utilities 2014 (en-US)
22-08-2014 00:44:32 Revo Uninstaller's restore point - PremierOpinion
22-08-2014 00:47:49 Revo Uninstaller's restore point - DriverUpdate
22-08-2014 00:48:04 Removed DriverUpdate
22-08-2014 00:50:37 Revo Uninstaller's restore point - Free PDF Tablet
22-08-2014 00:52:00 Revo Uninstaller's restore point - Adobe AIR
22-08-2014 02:32:02 avast! antivirus system restore point
22-08-2014 08:37:01 Revo Uninstaller's restore point - Microsoft Security Essentials
22-08-2014 08:48:10 Revo Uninstaller's restore point - All Media Converter version 5.2.3
22-08-2014 08:49:34 Revo Uninstaller's restore point - All Media Converter version 5.2.3

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 05:23 - 2006-09-18 16:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {155723BA-60E2-4354-93AF-84EAC8D3C2D8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {22A04BF9-5F51-4E1B-8B83-03A0BD1F35CD} - System32\Tasks\BrowserSafeguard Update Task => C:\Program Files\Browsersafeguard\uninstall.browsersafeguard.exe <==== ATTENTION
Task: {22E1772E-7DFE-4C5F-841F-1C93FD5D82A4} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {2DE18FE4-6467-484F-8431-206702EC5546} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {2E5B7D97-F14C-4CFF-864E-620AABA892D1} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3CD34698-5202-4D9A-AD51-E3D044E305DB} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-21] (AVAST Software)
Task: {3DC7965C-AC60-4DB9-A384-F85A7185688F} - System32\Tasks\LaunchApp => C:\Program Files\MyPC Backup\MyPC Backup.exe <==== ATTENTION
Task: {4B4B5D9C-6C65-43AA-8F50-BC0747BE1892} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {4D72741E-769C-45DB-8604-CB8EBDADAA29} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {78C3346C-C9F1-4762-BDF4-327591A6A1DB} - System32\Tasks\PrintProjects Communicator => C:\ProgramData\PrintProjects\Communicator.exe [2013-09-30] ()
Task: {AA42EF2E-93F0-4A93-B9BC-90358056C3AB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-08-13] (Google Inc.)
Task: {AA7A2522-53E0-4899-A452-6E8AA04E175D} - System32\Tasks\PC Performer_DEFAULT => C:\Program Files\PC Performer\PCPerformer.exe <==== ATTENTION
Task: {B77D2ADC-4769-4D20-9B7F-BE11A7DB54FA} - System32\Tasks\PC Performer_UPDATES => C:\Program Files\PC Performer\PCPerformer.exe <==== ATTENTION
Task: {BD638C6F-DFCA-435F-9F16-0D55969D9246} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {C224019E-9EC2-4145-AA95-0B2A66F4B591} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: {C881A42A-6D8D-435B-866A-A7E986BC78A5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-08-13] (Google Inc.)
Task: {D1008593-63A4-4EE8-87BD-9C950B636CB4} - System32\Tasks\SUPERAntiSpyware Scheduled Task af44188d-5eba-439b-9568-77d11f6274c9 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {E030F14F-8B02-412F-9A50-A2909C61C29D} - System32\Tasks\PC Performer => C:\Program Files\PC Performer\PCPerformer.exe <==== ATTENTION
Task: {E65C92F7-DAE0-411F-B9A3-A35F221D06F8} - System32\Tasks\SUPERAntiSpyware Scheduled Task 95252d12-7698-4ea2-a304-6bf92bf3dd30 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PrintProjects Communicator.job => C:\ProgramData\PrintProjects\Communicator.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 95252d12-7698-4ea2-a304-6bf92bf3dd30.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task af44188d-5eba-439b-9568-77d11f6274c9.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Loaded Modules (whitelisted) =============

2014-08-21 21:34 - 2014-08-21 21:34 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-08-21 21:34 - 2014-08-21 21:34 - 02800128 _____ () C:\Program Files\AVAST Software\Avast\defs\14082100\algo.dll
2008-06-03 03:35 - 2008-06-03 03:35 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2014-08-21 21:34 - 2014-08-21 21:34 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-08-21 19:23 - 2014-07-17 00:42 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:D46340DD

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: EKStatusMonitor => C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe                                                                                                                                                                                                             
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide

==================== Faulty Device Manager Devices =============

Name: Fingerprint Sensor
Description: Fingerprint Sensor
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/22/2014 05:05:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/22/2014 05:02:59 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (08/22/2014 04:59:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application coreServiceShell.exe, version 3.0.0.1249, time stamp 0x51e43e4c, faulting module DLTI.dll_unloaded, version 0.0.0.0, time stamp 0x5297002c, exception code 0xc0000005, fault offset 0x11719f41,
process id 0x8a8, application start time 0xcoreServiceShell.exe0.

Error: (08/22/2014 03:49:33 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {e89100e5-a0b8-4f11-a98d-8b5c812d7b24}

Error: (08/22/2014 03:48:09 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {e89100e5-a0b8-4f11-a98d-8b5c812d7b24}

Error: (08/22/2014 03:36:57 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {e89100e5-a0b8-4f11-a98d-8b5c812d7b24}

Error: (08/22/2014 03:18:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/21/2014 09:31:58 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {dc745ca8-f229-4d19-b354-b0b1ee3e0694}

Error: (08/21/2014 09:16:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/21/2014 07:52:00 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {ad90110c-e9ff-4722-9b67-8d8823e2cfc0}


System errors:
=============
Error: (08/22/2014 04:59:41 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Trend Micro Solution Platform1

Error: (08/21/2014 10:52:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Trend Micro Solution Platform2

Error: (08/21/2014 10:38:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Trend Micro Solution Platform1

Error: (08/21/2014 07:16:36 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%8604.5.0216.0%%834%%8380x80004005Unspecified error 3

Error: (08/21/2014 07:14:36 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}

Error: (08/20/2014 07:43:42 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000SysMain

Error: (08/20/2014 07:43:11 AM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%8604.5.0216.0%%834%%8380x80004005Unspecified error 3

Error: (08/19/2014 06:23:34 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%8604.5.0216.0%%834%%8380x80004005Unspecified error 3

Error: (08/19/2014 06:10:46 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000ShellHWDetection

Error: (08/19/2014 06:06:44 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:28:31 PM on 8/19/2014 was unexpected.


Microsoft Office Sessions:
=========================
Error: (08/22/2014 05:05:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/22/2014 05:02:59 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (08/22/2014 04:59:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: coreServiceShell.exe3.0.0.124951e43e4cDLTI.dll_unloaded0.0.0.05297002cc000000511719f418a801cfbde1981021c9

Error: (08/22/2014 03:49:33 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {e89100e5-a0b8-4f11-a98d-8b5c812d7b24}

Error: (08/22/2014 03:48:09 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {e89100e5-a0b8-4f11-a98d-8b5c812d7b24}

Error: (08/22/2014 03:36:57 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {e89100e5-a0b8-4f11-a98d-8b5c812d7b24}

Error: (08/22/2014 03:18:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/21/2014 09:31:58 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {dc745ca8-f229-4d19-b354-b0b1ee3e0694}

Error: (08/21/2014 09:16:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/21/2014 07:52:00 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {ad90110c-e9ff-4722-9b67-8d8823e2cfc0}


CodeIntegrity Errors:
===================================
  Date: 2014-08-22 05:21:51.587
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-22 05:21:51.431
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-22 05:21:51.275
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-22 05:21:51.119
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-22 05:21:50.823
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-22 05:21:50.667
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-22 05:21:50.511
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-22 05:21:50.308
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-22 05:21:32.992
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-22 05:21:32.820
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core2 Duo CPU T7500 @ 2.20GHz
Percentage of memory in use: 50%
Total physical RAM: 2014.52 MB
Available physical RAM: 992.36 MB
Total Pagefile: 4270.06 MB
Available Pagefile: 3156.1 MB
Total Virtual: 2047.88 MB
Available Virtual: 1907.23 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:298.09 GB) (Free:218.7 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: E548371F)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Link to post
Share on other sites

  • Root Admin

Please uninstall the AVG Secure Search then start off by running the following.

 

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.
 

fixlist.txt

Link to post
Share on other sites

  • Root Admin

Please go ahead and run through the following steps and post back the logs when ready.
 
STEP 04
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus


STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.


STEP 06
Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.


STEP 07
button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology


    [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.


STEP 08
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Link to post
Share on other sites

  • Root Admin

One needs to place a check mark on the Additions.txt check box to get that log after the first run. It only runs the first time if it's never been ran before.

Please Run TFC by OldTimer to clear temporary files:

  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.
Then restart the computer and run a new MBAM scan please.

Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link

Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found

Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

Link to post
Share on other sites

  • Root Admin

Okay let's go ahead and run Combofix on this system and check out what it finds.

 

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


 

Link to post
Share on other sites

  • Root Admin

The logs indicate that there are components of Trend and Avast on the system.

I would recommend that you fully remove one of them or both actually and then reinstall the one you want to keep.

Otherwise how is the computer running now?

Are there still any signs of an infection?

Please download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
Link to post
Share on other sites

things seem to be running ok ...

much quicker in reponse

the mouse and touchpad work smoothly

no redirects

i can dl and surf

 

along with the remants of "trend" there are a couple of other programs/remnants that need to go away .

and ... they do not show in the "uninstall programs" panel .  <_<

using revo in the "hunter mode" does not work on the remaining pieces ... as long as they are not hurting anything , i may leave them .

 

has there been a recent update to flash and adobe reader ?

i just installed them a short time back .

 

..........................................................................................................................

 

 Results of screen317's Security Check version 0.99.87  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 SUPERAntiSpyware     
 CCleaner     
  Adobe Flash Player     12.0.0.77 Flash Player out of Date!  
 Adobe Reader 10.1.4 Adobe Reader out of Date!  
 Mozilla Firefox (31.0)
 Google Chrome 36.0.1985.143  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 2 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites

  • Root Admin

From this link:  Information: List of Uninstaller Tools
 
This might help to remove some of Trend
Uninstalling Trend Micro program using the Trend Micro Diagnostic Toolkit

 
 
Adobe flash is much newer than that and Reader is at 11.x so that's why it shows out of date.
 
Check if Flash Player is installed on your computer

Manually Uninstall Flash Player

Direct download - Adobe Flash Player uninstaller

This is the "approved" Adobe download link but one has to remember to un-check any "Optional offer:" as they always offer junk with this link. Best to probably use one of the other direct download links below instead which are listed for use IF you continue to have trouble installing with one of the other installer files.
Download the latest version of Flash Player

Flash Player for ActiveX (Internet Explorer)

Flash Player Plug-in (All other browsers)
 
 
 
 
At this time there are no more signs of an infection on your system.
However if you are still seeing any signs of an infection please let me know.

Let's go ahead and remove the tools and logs we've used during this process.

Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time.
They are often updated daily so if you went to use them again in the future they would be outdated anyways.

The following procedures will implement some cleanup procedures to remove these tools.
 
bwebb7v.jpgDownload Delfix from here and save it to your desktop. (you may already have this)

  • Ensure Remove disinfection tools is checked.
  • Click the Run button.
  • Reboot

Any other programs or logs that are still remaining, you can manually delete. (right click.....Delete)
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:
If you used FRST and can't delete the quarantine folder:
Download the fixlist.txt to the same folder as FRST.exe.
Run FRST.exe and click Fix only once and wait
That will delete the quarantine folder created by FRST.
The rest you can manually delete.
 
 
If there are any other left over Folders, Files, Logs then you can delete them on your own.
 
Please visit the following link to see how to delete old System Restore Points. Please delete all of them and create a new one at this time.
How to Delete System Protection Restore Points in Windows 7 and Windows 8

Remove all but the most recent Restore Point on Windows XP


As Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsers
How do I disable Java in my web browser? - Disable Java

A lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data.
Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor.

If you're not currently using Malwarebytes Premium then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection.

Link to post
Share on other sites

all looks good ...

there is a problem with the touch pad that returned ; spastic/sluggish in response .

i do not believe it is due to an "infection" but either a driver or hardware problem ... outside issue to this thread .

i'll head over to HP and see what i can find .

 

 

are there any more items to perform ?

if not , thanks for your help and time .

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.