Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Nothing will download or update correctly.


  • This topic is locked This topic is locked
25 replies to this topic

#1 Terrien

Terrien

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 24 March 2014 - 04:09 AM

Hello, I have a new and interesting situation on my hands.  The main computer (connected directly to the router via Ethernet) is behaving badly.  The two other computers running off of the Wi-Fi seem to be fine.  Recently the main computer decided to change rename it's standard LAN connection to connection 2 and then began attempting to connect via PPPVoE on some random connections that we did not establish.  Now the computer can barely manage to load a web page,  It will not complete downloads and will not let Malwarebytes update it's definitions.  I have copied Rkill to a flash drive and ran it on the computer, but it does not seem to change anything.  I still cannot download anything (even in safe mode) and my updates usually stall out and lock up long before they finish.  I have done an Avast boot-time scan, but that has found nothing (big surprise from Avast) I'm at my wits end with this one.  Where do I start?



BC AdBot (Login to Remove)

 


m

#2 Terrien

Terrien
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 24 March 2014 - 04:32 AM

I attempted to Download DDS and that failed as well.



#3 Bud_91

Bud_91

  • Malware Response Team
  • 438 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:04 AM

Posted 28 March 2014 - 12:09 PM

Hello and welcome to Bleeping Computer. I am sorry that you are having troubles with your computer and will try my best to help you. I know that being infected is very frustrating, but I will be here to help you through the whole process of cleaning. Removing malware can be difficult and complicated and will most likely take many steps, so please stick with me until I have declared your computer clean. I always recommend printing my instructions before following them in case you cannot keep this webpage open. Please be sure to alway follow all steps exactly as they are written and let me know what happens each time. Stop and ask if something unexpected happens or if you are unsure of how to proceed.
 
Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.
 
 
Ok. We'll need to user another one of your computers and a flash drive to transfer tools. But we need to protect the clean computer. First, I need to know which operating systems are on the infected and clean computers.
 

If I have not responded to your log in 36 hours, feel free to send me a PM.

If you would like to make a thank-you donation, please click here: btn_donate_SM.png

 

A.K.A. Buddierdl @ GeeksToGo.com


#4 Terrien

Terrien
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 30 March 2014 - 12:16 AM

Both my laptop (clean) and the main computer (infected) run off of Win 7.  I have an 8 gig flash stick at my disposal.  I appreciate you responding to my post so quickly, but I will be headed out of town at 6 am tomorrow, but I will be back Monday night.  If you like post up the first set of instructions and I will let you know by Monday night or Tuesday morning what the outcome is.  Again, thank you for responding it has been frustrating.


Edited by Terrien, 30 March 2014 - 12:20 AM.


#5 Terrien

Terrien
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 30 March 2014 - 12:25 AM

Follow up:   Laptop has Windows 7 home premium 64 bit, and infected computer runs off of Windows 7 Ultimate 64 bit.



#6 Terrien

Terrien
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 31 March 2014 - 09:45 PM

Ok, back from my trip, where do I start?



#7 Bud_91

Bud_91

  • Malware Response Team
  • 438 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:04 AM

Posted 01 April 2014 - 08:52 AM

Okay. First we need to protect the clean computer and flash drive. Do this on the clean computer:

 

Download/Run Panda USB Vaccine:
 
Please download Panda USB Vaccine from here to the desktop of your machine.
 
  • Right-click on USBVaccineSetup.exe and and select Run as Administrator >> follow the prompts in the installation wizard.
  • At the configuration screen(settings)...
  • Ensure both Run Panda USB Vaccine automatically when computer boots (/resident mode) & Automatically vaccinate any newly inserted USB key are selected >> plus NTFS support
  • Now click on Next> >> ensure Launch Panda USB Vaccine is selected >> clcik on Finish.
  • Insert the USB Drive in your machine...it will be automatically vaccinated(as will any USB drives connected in the future).
  • Note: You may uninstall Panda USB Vaccine when we have completed the Malware Removal process if you so wish. Though my advise would be to keep it installed.
     
    Now, download Farbar Recovery Scan Tool and save it to your flash drive.

     
     
    Now, transfer the flash drive to the infected computer and do this;
     
  • Copy FRST to the desktop.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
  •  


    If I have not responded to your log in 36 hours, feel free to send me a PM.

    If you would like to make a thank-you donation, please click here: btn_donate_SM.png

     

    A.K.A. Buddierdl @ GeeksToGo.com


    #8 Terrien

    Terrien
    • Topic Starter

    • Members
    • 36 posts
    • OFFLINE
    •  
    • Local time:02:04 AM

    Posted 01 April 2014 - 02:34 PM

    Happy belated birthday Bud, I hope it was a good one!     Here are the logs:

     

    FRST:

       Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014

    Ran by janice (administrator) on JANICE-PC on 01-04-2014 12:27:39
    Running from C:\Users\janice\Desktop
    Windows 7 Ultimate (X64) OS Language: English(US)
    Internet Explorer Version 8
    Boot Mode: Normal
     
    The only official download link for FRST:
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
     
    ==================== Processes (Whitelisted) =================
     
    (AMD) C:\Windows\system32\atiesrxx.exe
    (Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE
    (AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    (AMD) C:\Windows\system32\atieclxx.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\center\KodakSvc.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
    () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    (RealNetworks, Inc.) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
    () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
    (AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    (Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKDiscovery.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
    (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe
     
     
    ==================== Registry (Whitelisted) ==================
     
    HKLM\...\Run: [EKIJ5000StatusMonitor] - C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [1832960 2009-04-07] (Eastman Kodak Company)
    HKLM-x32\...\Run: [] - [X]
    HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\Alwil Software\Avast5\AvastUI.exe [3767096 2014-03-09] (AVAST Software)
    HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296008 2014-02-06] (RealNetworks, Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
    HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
    HKU\S-1-5-21-2917813216-1620931575-1820313544-1000\...\MountPoints2: G - G:\LaunchU3.exe -a
    HKU\S-1-5-21-2917813216-1620931575-1820313544-1000\...\MountPoints2: {2d87dbd2-8b6b-11df-82cd-90e6bac5a594} - F:\LaunchU3.exe -a
    HKU\S-1-5-21-2917813216-1620931575-1820313544-1000\...\MountPoints2: {7271b60a-5a8c-11e2-8879-90e6bac5a594} - F:\LaunchU3.exe -a
    HKU\S-1-5-21-2917813216-1620931575-1820313544-1000\...\MountPoints2: {c8909e67-34b4-11e1-9c7f-90e6bac5a594} - F:\unlock.exe autoplay=true
    HKU\S-1-5-21-2917813216-1620931575-1820313544-1000\...\MountPoints2: {d44f80eb-8071-11df-9284-90e6bac5a594} - F:\LaunchU3.exe -a
    HKU\S-1-5-21-2917813216-1620931575-1820313544-1000\...\MountPoints2: {daab3b3a-fea2-11e2-8227-90e6bac5a594} - F:\Autorun.exe /s
    HKU\S-1-5-21-2917813216-1620931575-1820313544-1000\...\MountPoints2: {f476505d-63ab-11df-b6dd-90e6bac5a594} - F:\LaunchU3.exe -a
     
    ==================== Internet (Whitelisted) ====================
     
    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x433200AFB4F7CA01
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.playlist.com/searchbeta/tracks#Search%20for%20a%20song%20or%20artist/all/1
    URLSearchHook: HKCU - (No Name) - {cce665dd-f6dd-4808-968e-eaec971f70ef} - No File
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=100&systemid=406&q={searchTerms}
    SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=100&systemid=406&q={searchTerms}
    SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=100&systemid=406&q={searchTerms}
    SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = 
    SearchScopes: HKCU - {48639E64-816C-1E71-A11F-AF2D7041DC94} URL = http://www.bing.com/search?q={searchTerms}&pc=Z013&form=ZGAIDF
    SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
    SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=100&systemid=406&q={searchTerms}
    SearchScopes: HKCU - {A86CB93C-AF88-B5FE-F4D9-E79E5C6A4474} URL = http://www.bing.com/search?q={searchTerms}&pc=ZUGO&form=ZGAIDF
    BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
    BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
    BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
    BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll No File
    BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
    BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
    BHO-x32: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll No File
    BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKLM - No Name - !{95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
    Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
    Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
    Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    Toolbar: HKLM-x32 - No Name - !{95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
    Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
    Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
    Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
    DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
     
    FireFox:
    ========
    FF ProfilePath: C:\Users\janice\AppData\Roaming\Mozilla\Firefox\Profiles\37v7rsek.default
    FF NewTab: www.google.com
    FF SearchEngineOrder.1: Google
    FF SelectedSearchEngine: Google
    FF Homepage: www.google.com
    FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
    FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @mywebsearch.com/Plugin - C:\Program Files (x86)\MyWebSearch\bar\4.bin\NPMyWebS.dll No File
    FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF Plugin-x32: @real.com/nppl3260;version=17.0.4.61 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.7.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.7.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.7.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprpplugin;version=17.0.4.61 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\janice\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
    FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\janice\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
    FF SearchPlugin: C:\Users\janice\AppData\Roaming\Mozilla\Firefox\Profiles\37v7rsek.default\searchplugins\conduit.xml
    FF SearchPlugin: C:\Users\janice\AppData\Roaming\Mozilla\Firefox\Profiles\37v7rsek.default\searchplugins\mywebsearch.xml
    FF SearchPlugin: C:\Users\janice\AppData\Roaming\Mozilla\Firefox\Profiles\37v7rsek.default\searchplugins\sweetim.xml
    FF Extension: Torntv 3 - C:\Users\janice\AppData\Roaming\Mozilla\Firefox\Profiles\37v7rsek.default\Extensions\trtv3@trtv.com.xpi [2013-06-30]
    FF Extension: Easy YouTube Video Downloader - C:\Users\janice\AppData\Roaming\Mozilla\Firefox\Profiles\37v7rsek.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2011-08-08]
    FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} [2014-02-14]
    FF HKLM\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox
    FF HKLM-x32\...\Firefox\Extensions: [m3ffxtbr@mywebsearch.com] - C:\Program Files (x86)\MyWebSearch\bar\4.bin
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
    FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-06-09]
    FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-02-06]
    FF HKLM-x32\...\Firefox\Extensions: [{10E4285F-D79B-4147-9447-81DFF109A394}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
    FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
     
    Chrome: 
    =======
    CHR HomePage: hxxp://www.google.com/
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
    CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
    CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll (RealPlayer)
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll No File
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll No File
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll No File
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll No File
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll No File
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
    CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\\npsitesafety.dll No File
    CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll No File
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
    CHR Plugin: (Java™ Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
    CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    CHR Plugin: (RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
    CHR Plugin: (RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    CHR Plugin: (RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
    CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
    CHR Plugin: (Unity Player) - C:\Users\janice\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    CHR Plugin: (Citrix Online Web Deployment Plugin 1.0.0.104) - C:\Users\janice\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
    CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\janice\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll No File
    CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
    CHR Extension: (Entanglement Web App) - C:\Users\janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2013-11-12]
    CHR Extension: (Angry Birds) - C:\Users\janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2013-11-12]
    CHR Extension: (reddit companion) - C:\Users\janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\algjnflpgoopkdijmkalfcifomdhmcbe [2013-11-12]
    CHR Extension: (Dictanote - Speech Recognizer) - C:\Users\janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomjekmpappghadlogpigifkghlmebjk [2013-11-20]
    CHR Extension: (Google Drive) - C:\Users\janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-12]
    CHR Extension: (Audiotool) - C:\Users\janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkgoccjhfjgjedhkiefaclppgbmoobnk [2013-11-12]
    CHR Extension: (Kingdom Rush) - C:\Users\janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckmfhhjalnddapegkbbohfaodgbnocim [2013-11-12]
    CHR Extension: (Google Calendar) - C:\Users\janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2013-11-12]
    CHR Extension: (Pandora) - C:\Users\janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2013-11-12]
    CHR Extension: (AdBlock) - C:\Users\janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-11-12]
    CHR Extension: (Google Calendar (by Google)) - C:\Users\janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2013-11-12]
    CHR Extension: (avast! Online Security) - C:\Users\janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-11-12]
    CHR Extension: (Google Keep) - C:\Users\janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2013-11-12]
    CHR Extension: (RealPlayer Downloader) - C:\Users\janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-07-13]
    CHR Extension: (MixiDJ V1) - C:\Users\janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfjbflachhjbdbhfgknpgcgpchaikkok [2013-07-13]
    CHR Extension: (Spelunky HTML5) - C:\Users\janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhagnkphcmpkmabhocgimoncfaihkpof [2013-11-12]
    CHR Extension: (Snake) - C:\Users\janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlijpphckdfkmcjclnimmbknefojcaol [2013-11-20]
    CHR Extension: (deviantART muro) - C:\Users\janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\namljbfbglehfnlonjmebceimaalofei [2013-11-12]
    CHR Extension: (Glossy Blue) - C:\Users\janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\nheaocaplknjkpcnbadlgfpdfjaabiml [2013-11-12]
    CHR Extension: (Google Wallet) - C:\Users\janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
    CHR Extension: (We Are Hunted) - C:\Users\janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmgdicpfcekegalffnnbhkjkkoapppga [2013-11-12]
    CHR HKCU\...\Chrome\Extension: [bdhffggcfjnkigeciffmipblemhphbjl] - C:\Users\janice\AppData\Local\CRE\bdhffggcfjnkigeciffmipblemhphbjl.crx [2012-05-27]
    CHR HKCU\...\Chrome\Extension: [jfjbflachhjbdbhfgknpgcgpchaikkok] - C:\Users\janice\AppData\Local\CRE\jfjbflachhjbdbhfgknpgcgpchaikkok.crx [2013-02-13]
    CHR HKLM-x32\...\Chrome\Extension: [bdhffggcfjnkigeciffmipblemhphbjl] - C:\Users\janice\AppData\Local\CRE\bdhffggcfjnkigeciffmipblemhphbjl.crx [2012-05-27]
    CHR HKLM-x32\...\Chrome\Extension: [bicnnkjibmphdeigoodpjlcklcnaobdj] - C:\Program Files (x86)\TornTV.com\torntv10.crx [2012-05-27]
    CHR HKLM-x32\...\Chrome\Extension: [dednnpigldgdbpgcdpfppmlcnnbjciel] - C:\Users\janice\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.crx [2012-08-24]
    CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-12-14]
    CHR HKLM-x32\...\Chrome\Extension: [jfjbflachhjbdbhfgknpgcgpchaikkok] - C:\Users\janice\AppData\Local\CRE\jfjbflachhjbdbhfgknpgcgpchaikkok.crx [2013-02-13]
    CHR HKLM-x32\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Users\janice\AppData\Local\Wajam\Chrome\wajam.crx [2013-01-09]
    CHR HKLM-x32\...\Chrome\Extension: [lpmkgpnbiojfaoklbkpfneikocaobfai] - C:\Users\janice\AppData\Roaming\Media Finder\Extensions\mf_plugin_gc.crx [2013-01-09]
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
     
    ==================== Services (Whitelisted) =================
     
    R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-03-09] (AVAST Software)
    R2 KodakSvc; C:\Program Files (x86)\Kodak\AiO\center\KodakSvc.exe [32768 2009-04-17] (Eastman Kodak Company)
    R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-12-14] ()
    R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141336 2014-02-06] (RealNetworks, Inc.)
    R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2013-12-16] ()
     
    ==================== Drivers (Whitelisted) ====================
     
    R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] ()
    R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-05-09] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-03-09] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-12-07] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-12-07] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-03-09] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-03-09] (AVAST Software)
    R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-03-09] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-07] ()
    R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
    S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-01-10] (Anchorfree Inc.)
    S3 massfilter_hs; \??\C:\Windows\system32\drivers\massfilter_hs.sys [X]
     
    ==================== NetSvcs (Whitelisted) ===================
     
     
    ==================== One Month Created Files and Folders ========
     
    2014-04-01 12:26 - 2014-04-01 12:27 - 00032467 _____ () C:\Users\janice\Desktop\Addition.txt
    2014-04-01 12:26 - 2014-04-01 12:27 - 00025924 _____ () C:\Users\janice\Desktop\FRST.txt
    2014-04-01 12:26 - 2014-04-01 12:27 - 00000000 ____D () C:\FRST
    2014-04-01 12:25 - 2014-04-01 12:20 - 02157056 _____ (Farbar) C:\Users\janice\Desktop\FRST64.exe
    2014-03-24 01:51 - 2014-03-26 17:50 - 00002352 _____ () C:\Users\janice\Desktop\Rkill.txt
    2014-03-24 01:51 - 2013-03-20 12:26 - 01752992 _____ (Bleeping Computer, LLC) C:\Users\janice\Desktop\rkill.exe
    2014-03-24 00:37 - 2014-03-24 00:37 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-03-24 00:37 - 2014-03-24 00:37 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2014-03-24 00:37 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
     
    ==================== One Month Modified Files and Folders =======
     
    2014-04-01 12:27 - 2014-04-01 12:26 - 00032467 _____ () C:\Users\janice\Desktop\Addition.txt
    2014-04-01 12:27 - 2014-04-01 12:26 - 00025924 _____ () C:\Users\janice\Desktop\FRST.txt
    2014-04-01 12:27 - 2014-04-01 12:26 - 00000000 ____D () C:\FRST
    2014-04-01 12:27 - 2011-09-06 20:21 - 01274155 _____ () C:\Windows\WindowsUpdate.log
    2014-04-01 12:27 - 2009-07-13 22:13 - 00717892 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-04-01 12:24 - 2014-01-15 20:34 - 00123816 _____ () C:\Windows\setupact.log
    2014-04-01 12:24 - 2013-06-08 05:53 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
    2014-04-01 12:24 - 2013-06-03 11:03 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
    2014-04-01 12:24 - 2010-12-08 21:49 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-04-01 12:24 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-04-01 12:20 - 2014-04-01 12:25 - 02157056 _____ (Farbar) C:\Users\janice\Desktop\FRST64.exe
    2014-03-31 20:30 - 2010-12-08 21:49 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-03-31 19:43 - 2012-12-17 20:05 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-03-31 19:25 - 2009-07-13 21:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-03-31 19:25 - 2009-07-13 21:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-03-26 18:29 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
    2014-03-26 17:50 - 2014-03-24 01:51 - 00002352 _____ () C:\Users\janice\Desktop\Rkill.txt
    2014-03-24 02:15 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\tracing
    2014-03-24 00:37 - 2014-03-24 00:37 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-03-24 00:37 - 2014-03-24 00:37 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2014-03-24 00:32 - 2013-06-08 09:05 - 00000000 ____D () C:\Program Files (x86)\Citrix
    2014-03-24 00:30 - 2013-07-13 22:14 - 00000000 ____D () C:\Program Files (x86)\TornTV.com
    2014-03-24 00:29 - 2010-09-17 20:30 - 00808448 ___SH () C:\Users\janice\Desktop\Thumbs.db
    2014-03-24 00:27 - 2013-08-10 17:20 - 00003212 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2917813216-1620931575-1820313544-1000
    2014-03-24 00:27 - 2013-07-12 16:58 - 00003344 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2917813216-1620931575-1820313544-1000
    2014-03-24 00:22 - 2013-12-07 12:48 - 00002021 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2014-03-23 21:26 - 2012-10-04 18:25 - 00004184 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
    2014-03-23 19:00 - 2010-08-20 19:00 - 00000402 _____ () C:\Windows\Tasks\EasyShare Registration Task.job
    2014-03-22 20:44 - 2010-05-19 20:46 - 00000418 _____ () C:\Windows\Tasks\Kodak AiO Scheduled Maintenance.job
    2014-03-11 18:44 - 2012-12-17 20:05 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2014-03-11 18:44 - 2012-04-27 18:36 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-03-11 18:44 - 2011-06-17 11:47 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-03-09 20:46 - 2014-01-16 20:00 - 00013066 _____ () C:\Windows\PFRO.log
    2014-03-09 20:44 - 2014-01-07 18:21 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
    2014-03-09 20:44 - 2011-06-09 20:40 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
    2014-03-09 20:44 - 2011-06-09 20:40 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2014-03-09 20:44 - 2010-08-04 18:37 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
    2014-03-09 20:44 - 2010-05-19 17:44 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
    2014-03-09 20:44 - 2010-05-19 17:44 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
     
    Files to move or delete:
    ====================
    C:\Users\janice\jagex_cl_runescape_LIVE.dat
    C:\Users\janice\jagex_cl_runescape_LIVE_BETA.dat
    C:\Users\janice\jagex_runescape_preferences.dat
    C:\Users\janice\jagex_runescape_preferences2.dat
    C:\Users\janice\jagex__preferences3.dat
    C:\Users\janice\random.dat
     
     
    Some content of TEMP:
    ====================
    C:\Users\janice\AppData\Local\Temp\bpuninstall.exe
    C:\Users\janice\AppData\Local\Temp\lowproc.exe
    C:\Users\janice\AppData\Local\Temp\stubhelper.dll
     
     
    ==================== Bamital & volsnap Check =================
     
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
     
     
     
    And the Addition log:
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
    Ran by janice at 2014-04-01 12:28:00
    Running from C:\Users\janice\Desktop
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Security Center ========================
     
    AV: avast! Antivirus (Enabled - Out of date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Out of date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
     
    ==================== Installed Programs ======================
     
    Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.3.0.0 - Adobe Systems Incorporated)
    Acrobat.com (x32 Version: 2.3.0 - Adobe Systems Incorporated) Hidden
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
    Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
    Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
    Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.8) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
    aiofw (x32 Version: 3.40.0000.0000 - Eastman Kodak Company) Hidden
    aioprnt (x32 Version: 4.00.0000.0000 - Eastman Kodak Company) Hidden
    aioscnnr (x32 Version: 4.00.0000.0000 - Eastman Kodak Company) Hidden
    Amazon MP3 Downloader 1.0.10 (HKLM-x32\...\Amazon MP3 Downloader) (Version:  - )
    AMD Drag and Drop Transcoding (Version: 2.00.0000 - ATI Technologies Inc.) Hidden
    Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ATI Catalyst Install Manager (HKLM\...\{576A97E3-1A79-6215-49DE-AA358AF47420}) (Version: 3.0.769.0 - ATI Technologies, Inc.)
    avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2013 - Avast Software)
    AVS Video Converter 8 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version:  - Online Media Technologies Ltd.)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
    Catalyst Control Center Core Implementation (x32 Version: 2010.0406.2133.36843 - ATI) Hidden
    Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0406.2133.36843 - ATI) Hidden
    Catalyst Control Center Graphics Full New (x32 Version: 2010.0406.2133.36843 - ATI) Hidden
    Catalyst Control Center Graphics Light (x32 Version: 2010.0406.2133.36843 - ATI) Hidden
    Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0406.2133.36843 - ATI) Hidden
    Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0406.2133.36843 - ATI) Hidden
    Catalyst Control Center HydraVision Full (x32 Version: 2010.0406.2133.36843 - ATI) Hidden
    Catalyst Control Center InstallProxy (x32 Version: 2010.0406.2133.36843 - ATI Technologies, Inc.) Hidden
    CCC Help English (x32 Version: 2010.0406.2132.36843 - ATI) Hidden
    ccc-core-static (x32 Version: 2010.0406.2133.36843 - ATI) Hidden
    ccc-utility64 (Version: 2010.0406.2133.36843 - ATI) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
    CCScore (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
    center (x32 Version: 3.40.0000.0000 - Eastman Kodak Company) Hidden
    Codec Pack Packages (HKCU\...\Codec Pack Packages) (Version:  - ) <==== ATTENTION
    DC-Bass Source 1.3.0 (HKLM-x32\...\DC-Bass Source) (Version:  - )
    DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.90 - DivX, LLC)
    EPU-4 Engine (HKLM-x32\...\{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}) (Version: 1.01.00 - )
    ESSBrwr (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
    ESSCDBK (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
    ESScore (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
    ESSgui (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
    ESSini (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
    ESSPCD (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
    ESSPDock (x32 Version: 6.03.0001.0004 - EASTMAN KODAK Company) Hidden
    ESSTOOLS (x32 Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
    essvatgt (x32 Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
    fflink (x32 Version: 6.02.1001.0001 - EASTMAN KODAK Company) Hidden
    Free File Opener v2011.6.0.4 (HKLM-x32\...\Free File Opener_is1) (Version: 2011.6.0.4 - Free File Opener, LLC)
    GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.53.5169 - Gretech Corporation)
    GOM Player + Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.4.0 - Ask.com) <==== ATTENTION
    GOM Player + Ask Toolbar Updater (HKCU\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.2.23821 - Ask.com) <==== ATTENTION
    Google Chrome (HKLM-x32\...\{E86E510B-CBAD-354D-841B-853E23EF038A}) (Version: 64.240.49198 - Google, Inc.)
    Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
    iTunes (HKLM\...\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}) (Version: 11.0.1.12 - Apple Inc.)
    Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
    Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
    kgcbaby (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
    kgchday (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
    kgchlwn (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
    kgcinvt (x32 Version: 5.03.0000.0003 - EASTMAN KODAK Company) Hidden
    kgckids (x32 Version: 6.03.0001.0001 - EASTMAN KODAK Company) Hidden
    kgcmove (x32 Version: 6.03.0001.0001 - EASTMAN KODAK Company) Hidden
    kgcvday (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
    KODAK AiO Home Center (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 3.40.0.0 - Eastman Kodak Company)
    Kodak EasyShare software (HKLM-x32\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version:  - Eastman Kodak Company)
    ksDIP (x32 Version: 3.20.0000.0000 - Eastman Kodak Company) Hidden
    Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
    Microsoft Corporation (Version: 9.1.0.0 - Microsoft Corporation) Hidden
    Microsoft Corporation (x32 Version: 9.1.0.0 - Microsoft Corporation) Hidden
    Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 - Microsoft Corporation)
    Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
    Microsoft Office Enterprise 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
    netbrdg (x32 Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
    NVIDIA PhysX (HKLM-x32\...\{1C4551A6-4743-4093-91E4-1477CD655043}) (Version: 9.09.0203 - NVIDIA Corporation)
    OfotoXMI (x32 Version: 8.02.1000.0001 - EASTMAN KODAK Company) Hidden
    Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
    Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
    PreReq (x32 Version: 3.20.0000.0000 - Eastman Kodak Company) Hidden
    RealDownloader (x32 Version: 1.7.0 - RealNetworks, Inc.) Hidden
    RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
    RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
    RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
    RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.4 - RealNetworks)
    Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0009 - Realtek)
    RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
    Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
    SFR (x32 Version: 8.01.0000.0001 - Eastman Kodak Company) Hidden
    SHASTA (x32 Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
    skin0001 (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
    SKINXSDK (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
    Skype™ 6.3 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.107 - Skype Technologies S.A.)
    staticcr (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
    SwiftKit (HKCU\...\SwiftKit) (Version:  - )
    The Lord of the Rings FREE Trial  (x32 Version: 1.00.0000 - ATI Technologies Inc.) Hidden
    UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
    VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
    VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
    VPRINTOL (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
    Warcraft III (HKLM-x32\...\Warcraft III) (Version:  - Blizzard Entertainment)
    Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
    WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
    WIRELESS (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
    Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
     
    ==================== Restore Points  =========================
     
    22-03-2014 00:34:25 Scheduled Checkpoint
    30-03-2014 05:26:56 Removed QuickTime
     
    ==================== Hosts content: ==========================
     
    2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
     
    ==================== Scheduled Tasks (whitelisted) =============
     
    Task: {1BC62F96-59DA-4FF7-8D08-24F950A2310E} - System32\Tasks\{0476DA41-F68A-4B44-8F23-23676602D405} => F:\LaunchU3.exe
    Task: {283FF5F8-4E5D-4D7A-AFE4-37E9B37F0005} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2917813216-1620931575-1820313544-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-12-16] (RealNetworks, Inc.)
    Task: {416A139C-43F5-4D91-99D3-4CFE11F63761} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-08] (Google Inc.)
    Task: {447C6706-B65C-4DD2-8F27-08270D52E381} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2917813216-1620931575-1820313544-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-12-14] (RealNetworks, Inc.)
    Task: {46B582FD-8B20-4182-BD14-364EEC51FC82} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
    Task: {46B63904-5E8F-477D-A80C-4407A1C0B4D7} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-JANICE-PC => C:\Windows\ehome\McxTask.exe [2009-07-13] (Microsoft Corporation)
    Task: {60343771-01EA-43EB-A34F-9C4587491045} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2917813216-1620931575-1820313544-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-12-16] (RealNetworks, Inc.)
    Task: {6F79541B-27C4-4A76-8EFE-6516C6D41511} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
    Task: {8DE701FD-E877-41E2-9B8F-9D1B4CC57332} - System32\Tasks\{F3D327C7-A3AE-4033-95F3-A6DA162A9C57} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-04-19] (Skype Technologies S.A.)
    Task: {8E8BDFB2-2642-4262-A140-22C81EAFB8D6} - System32\Tasks\{B35FA69B-AC87-41D2-9A90-7B39F9E74C90} => F:\LaunchU3.exe
    Task: {A08354B7-5FD6-4137-A4CD-5D4C5208A495} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2917813216-1620931575-1820313544-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-12-14] (RealNetworks, Inc.)
    Task: {B58490C7-007E-43B2-987D-B16A77D1B5AF} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2917813216-1620931575-1820313544-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-12-14] (RealNetworks, Inc.)
    Task: {B7BCF0ED-2433-47CD-A4C4-3CB228DEB2CA} - System32\Tasks\Kodak AiO Scheduled Maintenance => C:\Program Files (x86)\Kodak\AiO\Center\Kodak.Statistics.exe [2009-05-04] (Eastman Kodak Company)
    Task: {B8C8944B-6199-4E6B-8AF1-F344E72E2AC9} - System32\Tasks\EasyShare Registration Task => Rundll32.exe C:\PROGRA~3\Kodak\EasyShareSetup\$REGIS~1\Registration_8.2.30.1.sxt _RegistrationOffer@16
    Task: {BE677C95-51EE-45DD-844E-E17C9FF9BD38} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2917813216-1620931575-1820313544-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-12-16] (RealNetworks, Inc.)
    Task: {C8F3A598-45EF-4D7E-9647-399136C0EA86} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe [2009-10-15] (ASUSTeK Computer Inc.)
    Task: {C9093832-C59D-463E-9369-3544C9467A29} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{92D36FF1-D02D-4A92-A395-1562C6C59475}.exe
    Task: {CD0754FA-9804-462F-950E-417B378B10EE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-08] (Google Inc.)
    Task: {D279BCCC-29E1-4496-9B4B-6388CA576E5C} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2917813216-1620931575-1820313544-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-12-16] (RealNetworks, Inc.)
    Task: {F6291992-AFE5-4EF7-97D3-4324D3D8D44D} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP\{2B850090-E525-46C8-A35C-C631FC4EC4D5}.exe
    Task: {FC705BF1-C6C2-4036-9ABF-D49714B6334B} - System32\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A} => C:\Windows\Unewea.exe
    Task: {FDF22379-61BD-4FEF-BEFA-03F1A2C05177} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2014-03-09] (AVAST Software)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{2B850090-E525-46C8-A35C-C631FC4EC4D5}.exe
    Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{92D36FF1-D02D-4A92-A395-1562C6C59475}.exe
    Task: C:\Windows\Tasks\EasyShare Registration Task.job => ׷Ȧð6lKœ=Oy,ëéFa<
     sGÀ „!ÞG!C:\Windows\system32\rundll32.exeZC:\PROGRA~3\Kodak\EasyShareSetup\$REGIS~1\Registration_8.2.30.1.sxt _RegistrationOffer@16janice0Ú
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\Kodak AiO Scheduled Maintenance.job => C:\Program Files (x86)\Kodak\AiO\Center\Kodak.Statistics.exe
     
    ==================== Loaded Modules (whitelisted) =============
     
    2010-05-19 18:26 - 2006-12-11 02:14 - 00043008 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
    2013-12-14 16:48 - 2013-12-14 16:48 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    2013-12-16 18:44 - 2013-12-16 18:44 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
    2014-03-24 01:32 - 2014-03-24 00:41 - 02189312 _____ () C:\Program Files\Alwil Software\Avast5\defs\14032400\algo.dll
    2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-02-06 22:36 - 2014-02-06 22:36 - 00866392 _____ () c:\program files (x86)\real\realplayer\RPDS\Plugins\cldplin.dll
    2013-12-07 12:48 - 2013-12-07 12:48 - 19336120 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll
    2010-05-19 19:13 - 2009-10-09 18:31 - 00179712 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\ASUSSERVICE.DLL
    2010-05-19 19:13 - 2009-01-15 14:55 - 00565248 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll
    2010-05-19 19:13 - 2009-03-25 16:53 - 00053248 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\AsSpindownTimeout.dll
     
    ==================== Alternate Data Streams (whitelisted) =========
     
     
    ==================== Safe Mode (whitelisted) ===================
     
     
    ==================== Disabled items from MSCONFIG ==============
     
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk => C:\Windows\pss\Kodak EasyShare software.lnk.CommonStartup
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
    MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    MSCONFIG\startupreg: EKIJ5000StatusMonitor => C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
    MSCONFIG\startupreg: Google Update => "C:\Users\janice\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    MSCONFIG\startupreg: HDAudDeck => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: LifeCam => "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
    MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
    MSCONFIG\startupreg: VX1000 => C:\Windows\vVX1000.exe
     
    ==================== Faulty Device Manager Devices =============
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
    Error: (03/31/2014 08:39:53 PM) (Source: Application Error) (User: )
    Description: Faulting application name: EKDiscovery.exe, version: 4.0.0.1, time stamp: 0x499f1d83
    Faulting module name: EKDiscovery.exe, version: 4.0.0.1, time stamp: 0x499f1d83
    Exception code: 0xc0000005
    Fault offset: 0x00008e30
    Faulting process id: 0x%9
    Faulting application start time: 0xEKDiscovery.exe0
    Faulting application path: EKDiscovery.exe1
    Faulting module path: EKDiscovery.exe2
    Report Id: EKDiscovery.exe3
     
    Error: (03/29/2014 10:30:55 PM) (Source: Application Error) (User: )
    Description: Faulting application name: EKDiscovery.exe, version: 4.0.0.1, time stamp: 0x499f1d83
    Faulting module name: EKDiscovery.exe, version: 4.0.0.1, time stamp: 0x499f1d83
    Exception code: 0xc0000005
    Fault offset: 0x00008e30
    Faulting process id: 0x%9
    Faulting application start time: 0xEKDiscovery.exe0
    Faulting application path: EKDiscovery.exe1
    Faulting module path: EKDiscovery.exe2
    Report Id: EKDiscovery.exe3
     
    Error: (03/29/2014 10:30:36 PM) (Source: RasClient) (User: )
    Description: CoId={A754FC02-2657-4241-959C-AAD3D1264794}: The user janice-PC\janice dialed a connection named Broadband Connection which has failed. The error code returned on failure is 651.
     
    Error: (03/29/2014 10:30:09 PM) (Source: RasClient) (User: )
    Description: CoId={E56A2AE9-C1D6-4977-8ADE-6A25481101F2}: The user janice-PC\janice dialed a connection named Broadband Connection which has failed. The error code returned on failure is 651.
     
    Error: (03/26/2014 06:47:36 PM) (Source: Application Error) (User: )
    Description: Faulting application name: EKDiscovery.exe, version: 4.0.0.1, time stamp: 0x499f1d83
    Faulting module name: EKDiscovery.exe, version: 4.0.0.1, time stamp: 0x499f1d83
    Exception code: 0xc0000005
    Fault offset: 0x00008e30
    Faulting process id: 0x%9
    Faulting application start time: 0xEKDiscovery.exe0
    Faulting application path: EKDiscovery.exe1
    Faulting module path: EKDiscovery.exe2
    Report Id: EKDiscovery.exe3
     
    Error: (03/26/2014 06:17:26 PM) (Source: SideBySide) (User: )
    Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
    Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.
     
    Error: (03/24/2014 02:33:03 AM) (Source: Application Error) (User: )
    Description: Faulting application name: EKDiscovery.exe, version: 4.0.0.1, time stamp: 0x499f1d83
    Faulting module name: EKDiscovery.exe, version: 4.0.0.1, time stamp: 0x499f1d83
    Exception code: 0xc0000005
    Fault offset: 0x00008e30
    Faulting process id: 0x%9
    Faulting application start time: 0xEKDiscovery.exe0
    Faulting application path: EKDiscovery.exe1
    Faulting module path: EKDiscovery.exe2
    Report Id: EKDiscovery.exe3
     
    Error: (03/24/2014 01:31:41 AM) (Source: RasClient) (User: )
    Description: CoId={61357C29-3733-4A8A-9805-3A3D0D587C22}: The user janice-PC\janice dialed a connection named Broadband Connection which has failed. The error code returned on failure is 651.
     
    Error: (03/24/2014 01:31:07 AM) (Source: RasClient) (User: )
    Description: CoId={6A96867C-AEBC-422D-B0AE-04C0D74C0326}: The user janice-PC\janice dialed a connection named Broadband Connection which has failed. The error code returned on failure is 651.
     
    Error: (03/24/2014 00:31:23 AM) (Source: MsiInstaller) (User: janice-PC)
    Description: Product: Platform -- Error 1719.The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.
     
     
    System errors:
    =============
    Error: (04/01/2014 00:25:11 PM) (Source: Disk) (User: )
    Description: The driver detected a controller error on \Device\Harddisk2\DR2.
     
    Error: (04/01/2014 00:25:09 PM) (Source: Disk) (User: )
    Description: The driver detected a controller error on \Device\Harddisk2\DR2.
     
    Error: (03/31/2014 08:39:53 PM) (Source: Service Control Manager) (User: )
    Description: The Kodak AiO Network Discovery Service service terminated unexpectedly.  It has done this 1 time(s).
     
    Error: (03/31/2014 08:15:41 PM) (Source: Disk) (User: )
    Description: The driver detected a controller error on \Device\Harddisk1\DR1.
     
    Error: (03/29/2014 10:30:55 PM) (Source: Service Control Manager) (User: )
    Description: The Kodak AiO Network Discovery Service service terminated unexpectedly.  It has done this 1 time(s).
     
    Error: (03/26/2014 06:47:36 PM) (Source: Service Control Manager) (User: )
    Description: The Kodak AiO Network Discovery Service service terminated unexpectedly.  It has done this 1 time(s).
     
    Error: (03/24/2014 02:33:03 AM) (Source: Service Control Manager) (User: )
    Description: The Kodak AiO Network Discovery Service service terminated unexpectedly.  It has done this 1 time(s).
     
    Error: (03/24/2014 01:51:10 AM) (Source: Disk) (User: )
    Description: The driver detected a controller error on \Device\Harddisk2\DR2.
     
    Error: (03/24/2014 01:51:08 AM) (Source: Disk) (User: )
    Description: The driver detected a controller error on \Device\Harddisk2\DR2.
     
    Error: (03/24/2014 01:06:57 AM) (Source: Service Control Manager) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
    %%1068
     
     
    Microsoft Office Sessions:
    =========================
    Error: (07/12/2012 10:29:52 PM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 9424 seconds with 960 seconds of active time.  This session ended with a crash.
     
     
    I'll be online all day today.


    #9 Bud_91

    Bud_91

    • Malware Response Team
    • 438 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:04:04 AM

    Posted 01 April 2014 - 07:19 PM

    I think the last part of the addition log got cut off. Could you please attach it to your next reply?

     

    Any downloads in the instructions below will need to be transferred with the protected flash drive.

     
    Let's get started.
     
    Step 1: Run FRST fix. Please transfer the attached fixlist.txt to the desktop of the infected computer. Then run FRST again, and select "Fix." Post the resulting fixlog.txt.
     
    Step 2: Run JRT.
     

    thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
    Step 3: Run aswMBR.
     
    Download aswMBR.exe to your desktop.
    Double click the aswMBR.exe to run it Click the "Scan" button to start scan 
     
    aswMBRScan.gif.pagespeed.ce.LUmbzwGQt-.g
     
    On completion of the scan click save log, save it to your desktop and post in your next reply
     
    aswMBRsavelog.gif.pagespeed.ce.koDAEoybV
     
    Things I need in your next reply: 
  • FRST fix log
  • JRT log
  • aswMBR log
  • How is your computer running now?
  • Attached Files


    If I have not responded to your log in 36 hours, feel free to send me a PM.

    If you would like to make a thank-you donation, please click here: btn_donate_SM.png

     

    A.K.A. Buddierdl @ GeeksToGo.com


    #10 Terrien

    Terrien
    • Topic Starter

    • Members
    • 36 posts
    • OFFLINE
    •  
    • Local time:02:04 AM

    Posted 01 April 2014 - 10:33 PM

    I will have all the logs attached just as soon as aswMBR finishes running.  It seems to be taking a while.



    #11 Terrien

    Terrien
    • Topic Starter

    • Members
    • 36 posts
    • OFFLINE
    •  
    • Local time:02:04 AM

    Posted 01 April 2014 - 11:02 PM

    Addition Log:

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
    Ran by janice at 2014-04-01 12:28:00
    Running from C:\Users\janice\Desktop
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Security Center ========================
     
    AV: avast! Antivirus (Enabled - Out of date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Out of date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
     
    ==================== Installed Programs ======================
     
    Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.3.0.0 - Adobe Systems Incorporated)
    Acrobat.com (x32 Version: 2.3.0 - Adobe Systems Incorporated) Hidden
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
    Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
    Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
    Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.8) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
    aiofw (x32 Version: 3.40.0000.0000 - Eastman Kodak Company) Hidden
    aioprnt (x32 Version: 4.00.0000.0000 - Eastman Kodak Company) Hidden
    aioscnnr (x32 Version: 4.00.0000.0000 - Eastman Kodak Company) Hidden
    Amazon MP3 Downloader 1.0.10 (HKLM-x32\...\Amazon MP3 Downloader) (Version:  - )
    AMD Drag and Drop Transcoding (Version: 2.00.0000 - ATI Technologies Inc.) Hidden
    Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ATI Catalyst Install Manager (HKLM\...\{576A97E3-1A79-6215-49DE-AA358AF47420}) (Version: 3.0.769.0 - ATI Technologies, Inc.)
    avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2013 - Avast Software)
    AVS Video Converter 8 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version:  - Online Media Technologies Ltd.)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
    Catalyst Control Center Core Implementation (x32 Version: 2010.0406.2133.36843 - ATI) Hidden
    Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0406.2133.36843 - ATI) Hidden
    Catalyst Control Center Graphics Full New (x32 Version: 2010.0406.2133.36843 - ATI) Hidden
    Catalyst Control Center Graphics Light (x32 Version: 2010.0406.2133.36843 - ATI) Hidden
    Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0406.2133.36843 - ATI) Hidden
    Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0406.2133.36843 - ATI) Hidden
    Catalyst Control Center HydraVision Full (x32 Version: 2010.0406.2133.36843 - ATI) Hidden
    Catalyst Control Center InstallProxy (x32 Version: 2010.0406.2133.36843 - ATI Technologies, Inc.) Hidden
    CCC Help English (x32 Version: 2010.0406.2132.36843 - ATI) Hidden
    ccc-core-static (x32 Version: 2010.0406.2133.36843 - ATI) Hidden
    ccc-utility64 (Version: 2010.0406.2133.36843 - ATI) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
    CCScore (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
    center (x32 Version: 3.40.0000.0000 - Eastman Kodak Company) Hidden
    Codec Pack Packages (HKCU\...\Codec Pack Packages) (Version:  - ) <==== ATTENTION
    DC-Bass Source 1.3.0 (HKLM-x32\...\DC-Bass Source) (Version:  - )
    DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.90 - DivX, LLC)
    EPU-4 Engine (HKLM-x32\...\{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}) (Version: 1.01.00 - )
    ESSBrwr (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
    ESSCDBK (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
    ESScore (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
    ESSgui (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
    ESSini (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
    ESSPCD (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
    ESSPDock (x32 Version: 6.03.0001.0004 - EASTMAN KODAK Company) Hidden
    ESSTOOLS (x32 Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
    essvatgt (x32 Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
    fflink (x32 Version: 6.02.1001.0001 - EASTMAN KODAK Company) Hidden
    Free File Opener v2011.6.0.4 (HKLM-x32\...\Free File Opener_is1) (Version: 2011.6.0.4 - Free File Opener, LLC)
    GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.53.5169 - Gretech Corporation)
    GOM Player + Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.4.0 - Ask.com) <==== ATTENTION
    GOM Player + Ask Toolbar Updater (HKCU\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.2.23821 - Ask.com) <==== ATTENTION
    Google Chrome (HKLM-x32\...\{E86E510B-CBAD-354D-841B-853E23EF038A}) (Version: 64.240.49198 - Google, Inc.)
    Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
    iTunes (HKLM\...\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}) (Version: 11.0.1.12 - Apple Inc.)
    Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
    Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
    kgcbaby (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
    kgchday (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
    kgchlwn (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
    kgcinvt (x32 Version: 5.03.0000.0003 - EASTMAN KODAK Company) Hidden
    kgckids (x32 Version: 6.03.0001.0001 - EASTMAN KODAK Company) Hidden
    kgcmove (x32 Version: 6.03.0001.0001 - EASTMAN KODAK Company) Hidden
    kgcvday (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
    KODAK AiO Home Center (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 3.40.0.0 - Eastman Kodak Company)
    Kodak EasyShare software (HKLM-x32\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version:  - Eastman Kodak Company)
    ksDIP (x32 Version: 3.20.0000.0000 - Eastman Kodak Company) Hidden
    Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
    Microsoft Corporation (Version: 9.1.0.0 - Microsoft Corporation) Hidden
    Microsoft Corporation (x32 Version: 9.1.0.0 - Microsoft Corporation) Hidden
    Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 - Microsoft Corporation)
    Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
    Microsoft Office Enterprise 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
    netbrdg (x32 Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
    NVIDIA PhysX (HKLM-x32\...\{1C4551A6-4743-4093-91E4-1477CD655043}) (Version: 9.09.0203 - NVIDIA Corporation)
    OfotoXMI (x32 Version: 8.02.1000.0001 - EASTMAN KODAK Company) Hidden
    Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
    Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
    PreReq (x32 Version: 3.20.0000.0000 - Eastman Kodak Company) Hidden
    RealDownloader (x32 Version: 1.7.0 - RealNetworks, Inc.) Hidden
    RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
    RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
    RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
    RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.4 - RealNetworks)
    Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0009 - Realtek)
    RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
    Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
    SFR (x32 Version: 8.01.0000.0001 - Eastman Kodak Company) Hidden
    SHASTA (x32 Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
    skin0001 (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
    SKINXSDK (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
    Skype™ 6.3 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.107 - Skype Technologies S.A.)
    staticcr (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
    SwiftKit (HKCU\...\SwiftKit) (Version:  - )
    The Lord of the Rings FREE Trial  (x32 Version: 1.00.0000 - ATI Technologies Inc.) Hidden
    UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
    VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
    VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
    VPRINTOL (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
    Warcraft III (HKLM-x32\...\Warcraft III) (Version:  - Blizzard Entertainment)
    Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
    WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
    WIRELESS (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
    Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
     
    ==================== Restore Points  =========================
     
    22-03-2014 00:34:25 Scheduled Checkpoint
    30-03-2014 05:26:56 Removed QuickTime
     
    ==================== Hosts content: ==========================
     
    2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
     
    ==================== Scheduled Tasks (whitelisted) =============
     
    Task: {1BC62F96-59DA-4FF7-8D08-24F950A2310E} - System32\Tasks\{0476DA41-F68A-4B44-8F23-23676602D405} => F:\LaunchU3.exe
    Task: {283FF5F8-4E5D-4D7A-AFE4-37E9B37F0005} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2917813216-1620931575-1820313544-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-12-16] (RealNetworks, Inc.)
    Task: {416A139C-43F5-4D91-99D3-4CFE11F63761} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-08] (Google Inc.)
    Task: {447C6706-B65C-4DD2-8F27-08270D52E381} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2917813216-1620931575-1820313544-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-12-14] (RealNetworks, Inc.)
    Task: {46B582FD-8B20-4182-BD14-364EEC51FC82} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
    Task: {46B63904-5E8F-477D-A80C-4407A1C0B4D7} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-JANICE-PC => C:\Windows\ehome\McxTask.exe [2009-07-13] (Microsoft Corporation)
    Task: {60343771-01EA-43EB-A34F-9C4587491045} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2917813216-1620931575-1820313544-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-12-16] (RealNetworks, Inc.)
    Task: {6F79541B-27C4-4A76-8EFE-6516C6D41511} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
    Task: {8DE701FD-E877-41E2-9B8F-9D1B4CC57332} - System32\Tasks\{F3D327C7-A3AE-4033-95F3-A6DA162A9C57} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-04-19] (Skype Technologies S.A.)
    Task: {8E8BDFB2-2642-4262-A140-22C81EAFB8D6} - System32\Tasks\{B35FA69B-AC87-41D2-9A90-7B39F9E74C90} => F:\LaunchU3.exe
    Task: {A08354B7-5FD6-4137-A4CD-5D4C5208A495} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2917813216-1620931575-1820313544-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-12-14] (RealNetworks, Inc.)
    Task: {B58490C7-007E-43B2-987D-B16A77D1B5AF} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2917813216-1620931575-1820313544-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-12-14] (RealNetworks, Inc.)
    Task: {B7BCF0ED-2433-47CD-A4C4-3CB228DEB2CA} - System32\Tasks\Kodak AiO Scheduled Maintenance => C:\Program Files (x86)\Kodak\AiO\Center\Kodak.Statistics.exe [2009-05-04] (Eastman Kodak Company)
    Task: {B8C8944B-6199-4E6B-8AF1-F344E72E2AC9} - System32\Tasks\EasyShare Registration Task => Rundll32.exe C:\PROGRA~3\Kodak\EasyShareSetup\$REGIS~1\Registration_8.2.30.1.sxt _RegistrationOffer@16
    Task: {BE677C95-51EE-45DD-844E-E17C9FF9BD38} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2917813216-1620931575-1820313544-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-12-16] (RealNetworks, Inc.)
    Task: {C8F3A598-45EF-4D7E-9647-399136C0EA86} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe [2009-10-15] (ASUSTeK Computer Inc.)
    Task: {C9093832-C59D-463E-9369-3544C9467A29} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{92D36FF1-D02D-4A92-A395-1562C6C59475}.exe
    Task: {CD0754FA-9804-462F-950E-417B378B10EE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-08] (Google Inc.)
    Task: {D279BCCC-29E1-4496-9B4B-6388CA576E5C} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2917813216-1620931575-1820313544-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-12-16] (RealNetworks, Inc.)
    Task: {F6291992-AFE5-4EF7-97D3-4324D3D8D44D} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP\{2B850090-E525-46C8-A35C-C631FC4EC4D5}.exe
    Task: {FC705BF1-C6C2-4036-9ABF-D49714B6334B} - System32\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A} => C:\Windows\Unewea.exe
    Task: {FDF22379-61BD-4FEF-BEFA-03F1A2C05177} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2014-03-09] (AVAST Software)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{2B850090-E525-46C8-A35C-C631FC4EC4D5}.exe
    Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{92D36FF1-D02D-4A92-A395-1562C6C59475}.exe
    Task: C:\Windows\Tasks\EasyShare Registration Task.job => ׷Ȧð6lKœ=Oy,ëéFa<
     sGÀ „!ÞG!C:\Windows\system32\rundll32.exeZC:\PROGRA~3\Kodak\EasyShareSetup\$REGIS~1\Registration_8.2.30.1.sxt _RegistrationOffer@16janice0Ú
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\Kodak AiO Scheduled Maintenance.job => C:\Program Files (x86)\Kodak\AiO\Center\Kodak.Statistics.exe
     
    ==================== Loaded Modules (whitelisted) =============
     
    2010-05-19 18:26 - 2006-12-11 02:14 - 00043008 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
    2013-12-14 16:48 - 2013-12-14 16:48 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    2013-12-16 18:44 - 2013-12-16 18:44 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
    2014-03-24 01:32 - 2014-03-24 00:41 - 02189312 _____ () C:\Program Files\Alwil Software\Avast5\defs\14032400\algo.dll
    2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-02-06 22:36 - 2014-02-06 22:36 - 00866392 _____ () c:\program files (x86)\real\realplayer\RPDS\Plugins\cldplin.dll
    2013-12-07 12:48 - 2013-12-07 12:48 - 19336120 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll
    2010-05-19 19:13 - 2009-10-09 18:31 - 00179712 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\ASUSSERVICE.DLL
    2010-05-19 19:13 - 2009-01-15 14:55 - 00565248 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll
    2010-05-19 19:13 - 2009-03-25 16:53 - 00053248 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\AsSpindownTimeout.dll
     
    ==================== Alternate Data Streams (whitelisted) =========
     
     
    ==================== Safe Mode (whitelisted) ===================
     
     
    ==================== Disabled items from MSCONFIG ==============
     
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk => C:\Windows\pss\Kodak EasyShare software.lnk.CommonStartup
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
    MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    MSCONFIG\startupreg: EKIJ5000StatusMonitor => C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
    MSCONFIG\startupreg: Google Update => "C:\Users\janice\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    MSCONFIG\startupreg: HDAudDeck => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: LifeCam => "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
    MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
    MSCONFIG\startupreg: VX1000 => C:\Windows\vVX1000.exe
     
    ==================== Faulty Device Manager Devices =============
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
    Error: (03/31/2014 08:39:53 PM) (Source: Application Error) (User: )
    Description: Faulting application name: EKDiscovery.exe, version: 4.0.0.1, time stamp: 0x499f1d83
    Faulting module name: EKDiscovery.exe, version: 4.0.0.1, time stamp: 0x499f1d83
    Exception code: 0xc0000005
    Fault offset: 0x00008e30
    Faulting process id: 0x%9
    Faulting application start time: 0xEKDiscovery.exe0
    Faulting application path: EKDiscovery.exe1
    Faulting module path: EKDiscovery.exe2
    Report Id: EKDiscovery.exe3
     
    Error: (03/29/2014 10:30:55 PM) (Source: Application Error) (User: )
    Description: Faulting application name: EKDiscovery.exe, version: 4.0.0.1, time stamp: 0x499f1d83
    Faulting module name: EKDiscovery.exe, version: 4.0.0.1, time stamp: 0x499f1d83
    Exception code: 0xc0000005
    Fault offset: 0x00008e30
    Faulting process id: 0x%9
    Faulting application start time: 0xEKDiscovery.exe0
    Faulting application path: EKDiscovery.exe1
    Faulting module path: EKDiscovery.exe2
    Report Id: EKDiscovery.exe3
     
    Error: (03/29/2014 10:30:36 PM) (Source: RasClient) (User: )
    Description: CoId={A754FC02-2657-4241-959C-AAD3D1264794}: The user janice-PC\janice dialed a connection named Broadband Connection which has failed. The error code returned on failure is 651.
     
    Error: (03/29/2014 10:30:09 PM) (Source: RasClient) (User: )
    Description: CoId={E56A2AE9-C1D6-4977-8ADE-6A25481101F2}: The user janice-PC\janice dialed a connection named Broadband Connection which has failed. The error code returned on failure is 651.
     
    Error: (03/26/2014 06:47:36 PM) (Source: Application Error) (User: )
    Description: Faulting application name: EKDiscovery.exe, version: 4.0.0.1, time stamp: 0x499f1d83
    Faulting module name: EKDiscovery.exe, version: 4.0.0.1, time stamp: 0x499f1d83
    Exception code: 0xc0000005
    Fault offset: 0x00008e30
    Faulting process id: 0x%9
    Faulting application start time: 0xEKDiscovery.exe0
    Faulting application path: EKDiscovery.exe1
    Faulting module path: EKDiscovery.exe2
    Report Id: EKDiscovery.exe3
     
    Error: (03/26/2014 06:17:26 PM) (Source: SideBySide) (User: )
    Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
    Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.
     
    Error: (03/24/2014 02:33:03 AM) (Source: Application Error) (User: )
    Description: Faulting application name: EKDiscovery.exe, version: 4.0.0.1, time stamp: 0x499f1d83
    Faulting module name: EKDiscovery.exe, version: 4.0.0.1, time stamp: 0x499f1d83
    Exception code: 0xc0000005
    Fault offset: 0x00008e30
    Faulting process id: 0x%9
    Faulting application start time: 0xEKDiscovery.exe0
    Faulting application path: EKDiscovery.exe1
    Faulting module path: EKDiscovery.exe2
    Report Id: EKDiscovery.exe3
     
    Error: (03/24/2014 01:31:41 AM) (Source: RasClient) (User: )
    Description: CoId={61357C29-3733-4A8A-9805-3A3D0D587C22}: The user janice-PC\janice dialed a connection named Broadband Connection which has failed. The error code returned on failure is 651.
     
    Error: (03/24/2014 01:31:07 AM) (Source: RasClient) (User: )
    Description: CoId={6A96867C-AEBC-422D-B0AE-04C0D74C0326}: The user janice-PC\janice dialed a connection named Broadband Connection which has failed. The error code returned on failure is 651.
     
    Error: (03/24/2014 00:31:23 AM) (Source: MsiInstaller) (User: janice-PC)
    Description: Product: Platform -- Error 1719.The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.
     
     
    System errors:
    =============
    Error: (04/01/2014 00:25:11 PM) (Source: Disk) (User: )
    Description: The driver detected a controller error on \Device\Harddisk2\DR2.
     
    Error: (04/01/2014 00:25:09 PM) (Source: Disk) (User: )
    Description: The driver detected a controller error on \Device\Harddisk2\DR2.
     
    Error: (03/31/2014 08:39:53 PM) (Source: Service Control Manager) (User: )
    Description: The Kodak AiO Network Discovery Service service terminated unexpectedly.  It has done this 1 time(s).
     
    Error: (03/31/2014 08:15:41 PM) (Source: Disk) (User: )
    Description: The driver detected a controller error on \Device\Harddisk1\DR1.
     
    Error: (03/29/2014 10:30:55 PM) (Source: Service Control Manager) (User: )
    Description: The Kodak AiO Network Discovery Service service terminated unexpectedly.  It has done this 1 time(s).
     
    Error: (03/26/2014 06:47:36 PM) (Source: Service Control Manager) (User: )
    Description: The Kodak AiO Network Discovery Service service terminated unexpectedly.  It has done this 1 time(s).
     
    Error: (03/24/2014 02:33:03 AM) (Source: Service Control Manager) (User: )
    Description: The Kodak AiO Network Discovery Service service terminated unexpectedly.  It has done this 1 time(s).
     
    Error: (03/24/2014 01:51:10 AM) (Source: Disk) (User: )
    Description: The driver detected a controller error on \Device\Harddisk2\DR2.
     
    Error: (03/24/2014 01:51:08 AM) (Source: Disk) (User: )
    Description: The driver detected a controller error on \Device\Harddisk2\DR2.
     
    Error: (03/24/2014 01:06:57 AM) (Source: Service Control Manager) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
    %%1068
     
     
    Microsoft Office Sessions:
    =========================
    Error: (07/12/2012 10:29:52 PM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 9424 seconds with 960 seconds of active time.  This session ended with a crash.
     
    Error: (07/02/2012 03:19:41 PM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 7756 seconds with 1980 seconds of active time.  This session ended with a crash.
     
    Error: (07/02/2012 01:10:16 PM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1063 seconds with 720 seconds of active time.  This session ended with a crash.
     
    Error: (06/06/2012 05:25:52 PM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 139 seconds with 60 seconds of active time.  This session ended with a crash.
     
    Error: (05/03/2012 03:34:34 PM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 21564 seconds with 4380 seconds of active time.  This session ended with a crash.
     
    Error: (03/05/2012 03:23:06 PM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1978 seconds with 480 seconds of active time.  This session ended with a crash.
     
    Error: (12/05/2011 07:00:42 PM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 273 seconds with 240 seconds of active time.  This session ended with a crash.
     
    Error: (12/05/2011 06:53:36 PM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 7047 seconds with 360 seconds of active time.  This session ended with a crash.
     
    Error: (12/04/2011 08:52:14 PM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 137 seconds with 60 seconds of active time.  This session ended with a crash.
     
    Error: (11/21/2011 07:15:31 PM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 16660 seconds with 1140 seconds of active time.  This session ended with a crash.
     
     
    ==================== Memory info =========================== 
     
    Percentage of memory in use: 27%
    Total physical RAM: 4095.18 MB
    Available physical RAM: 2981.68 MB
    Total Pagefile: 8188.5 MB
    Available Pagefile: 7026.58 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.81 MB
     
    ==================== Drives ================================
     
    Drive c: () (Fixed) (Total:156.25 GB) (Free:42.74 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    Drive d: () (Fixed) (Total:439.72 GB) (Free:146.57 GB) NTFS
    Drive f: (JLJ) (Removable) (Total:7.45 GB) (Free:5.82 GB) FAT32
    Drive h: (Elements) (Fixed) (Total:931.51 GB) (Free:27.08 GB) NTFS
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 6403DEE5)
    Partition 1: (Active) - (Size=156 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=440 GB) - (Type=07 NTFS)
     
    ========================================================
    Disk: 1 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: 0025FE5E)
    Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)
     
    ========================================================
    Disk: 2 (MBR Code: Windows XP) (Size: 7 GB) (Disk ID: C3072E18)
     
    Partition: GPT Partition Type.
     
    ==================== End Of Log ============================
     
     
     
    FRST FixLog:
     
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
    Ran by janice at 2014-04-01 20:12:21 Run:1
    Running from C:\Users\janice\Desktop
    Boot Mode: Normal
    ==============================================
     
    Content of fixlist:
    *****************
    URLSearchHook: HKCU - (No Name) - {cce665dd-f6dd-4808-968e-eaec971f70ef} - No File
    SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=100&systemid=406&q={searchTerms}
    SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=100&systemid=406&q={searchTerms}
    SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=100&systemid=406&q={searchTerms}
    SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = 
    SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
    SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=100&systemid=406&q={searchTerms}
    BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll No File
    BHO-x32: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll No File
    Toolbar: HKLM - No Name - !{95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
    Toolbar: HKLM-x32 - No Name - !{95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
    Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
    Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
    FF Plugin-x32: @mywebsearch.com/Plugin - C:\Program Files (x86)\MyWebSearch\bar\4.bin\NPMyWebS.dll No File
    C:\Program Files (x86)\MyWebSearch
    FF SearchPlugin: C:\Users\janice\AppData\Roaming\Mozilla\Firefox\Profiles\37v7rsek.default\searchplugins\conduit.xml
    FF SearchPlugin: C:\Users\janice\AppData\Roaming\Mozilla\Firefox\Profiles\37v7rsek.default\searchplugins\mywebsearch.xml
    FF SearchPlugin: C:\Users\janice\AppData\Roaming\Mozilla\Firefox\Profiles\37v7rsek.default\searchplugins\sweetim.xml
    FF Extension: Torntv 3 - C:\Users\janice\AppData\Roaming\Mozilla\Firefox\Profiles\37v7rsek.default\Extensions\trtv3@trtv.com.xpi [2013-06-30]
    FF Extension: Easy YouTube Video Downloader - C:\Users\janice\AppData\Roaming\Mozilla\Firefox\Profiles\37v7rsek.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2011-08-08]
    FF HKLM\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox
    FF HKLM-x32\...\Firefox\Extensions: [m3ffxtbr@mywebsearch.com] - C:\Program Files (x86)\MyWebSearch\bar\4.bin
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    2014-03-24 00:30 - 2013-07-13 22:14 - 00000000 ____D () C:\Program Files (x86)\TornTV.com
    Task: {FC705BF1-C6C2-4036-9ABF-D49714B6334B} - System32\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A} => C:\Windows\Unewea.exe
    C:\Windows\Unewea.exe
    *****************
     
    HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{cce665dd-f6dd-4808-968e-eaec971f70ef} => Value deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key deleted successfully.
    HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key deleted successfully.
    HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key deleted successfully.
    HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} => Key deleted successfully.
    HKCR\Wow6432Node\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847} => Key not found.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
    HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => Key deleted successfully.
    HKCR\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => Key not found.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{43811F09-9872-4C60-9FB8-734A79EC88F2} => Key deleted successfully.
    HKCR\CLSID\{43811F09-9872-4C60-9FB8-734A79EC88F2} => Key not found.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key deleted successfully.
    HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key deleted successfully.
    HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key not found.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key deleted successfully.
    HKCR\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} => Key deleted successfully.
    HKCR\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847} => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} => Key deleted successfully.
    HKCR\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} => Key deleted successfully.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205} => Key deleted successfully.
    HKCR\Wow6432Node\CLSID\{CC59E0F9-7E43-44FA-9FAA-8377850BF205} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\!{95B7759C-8C7F-4BF1-B163-73684A933233} => Value deleted successfully.
    HKCR\CLSID\!{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\!{95B7759C-8C7F-4BF1-B163-73684A933233} => Value deleted successfully.
    HKCR\Wow6432Node\CLSID\!{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully.
    HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Value deleted successfully.
    HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key not found.
    HKLM\Software\Wow6432Node\MozillaPlugins\@mywebsearch.com/Plugin => Key deleted successfully.
    C:\Program Files (x86)\MyWebSearch\bar\4.bin\NPMyWebS.dll not found.
    "C:\Program Files (x86)\MyWebSearch" => File/Directory not found.
    C:\Users\janice\AppData\Roaming\Mozilla\Firefox\Profiles\37v7rsek.default\searchplugins\conduit.xml => Moved successfully.
    C:\Users\janice\AppData\Roaming\Mozilla\Firefox\Profiles\37v7rsek.default\searchplugins\mywebsearch.xml => Moved successfully.
    C:\Users\janice\AppData\Roaming\Mozilla\Firefox\Profiles\37v7rsek.default\searchplugins\sweetim.xml => Moved successfully.
    C:\Users\janice\AppData\Roaming\Mozilla\Firefox\Profiles\37v7rsek.default\Extensions\trtv3@trtv.com.xpi => Moved successfully.
    C:\Users\janice\AppData\Roaming\Mozilla\Firefox\Profiles\37v7rsek.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi => Moved successfully.
    HKLM\Software\Mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D} => Value deleted successfully.
    HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com => Value deleted successfully.
    HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
    HKCU\SOFTWARE\Policies\Google => Key deleted successfully.
    C:\Program Files (x86)\TornTV.com => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FC705BF1-C6C2-4036-9ABF-D49714B6334B} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC705BF1-C6C2-4036-9ABF-D49714B6334B} => Key deleted successfully.
    C:\Windows\System32\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A} => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A} => Key deleted successfully.
    "C:\Windows\Unewea.exe" => File/Directory not found.
     
    ==== End of Fixlog ====
     
     
    JRT Log:
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.3 (03.23.2014:1)
    OS: Windows 7 Ultimate x64
    Ran by janice on Tue 04/01/2014 at 20:14:43.11
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     
     
     
    ~~~ Services
     
     
     
    ~~~ Registry Values
     
    Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\\*.crossrider.com
    Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\New Windows\Allow\\*.crossrider.com
    Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope
    Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440}
     
     
     
    ~~~ Registry Keys
     
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\bandoocore.bandoocore
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\bandoocore.bandoocore.1
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\bandoocore.resourcesmngr
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\bandoocore.resourcesmngr.1
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\bandoocore.settingsmngr
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\bandoocore.settingsmngr.1
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\bandoocore.statisticmngr
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\bandoocore.statisticmngr.1
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\bandoocore.exe
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\genericasktoolbar.dll
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
    Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{6C434537-053E-486D-B62A-160059D9D456}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{6F43FA77-C18F-4D0C-9C7E-958876FE2061}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{DF948646-8BF4-450E-A059-CF8A4E0FE2BE}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{E96B49B0-E11F-48FC-984A-EEC29A4F57E1}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\anchorfree
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\cr_installer
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dsiteproducts
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\igearsettings
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstaller
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\mediafinder
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\zugo
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\fun web products
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\lyricsfinder
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\mywebsearch
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\searchqutoolbar
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\download with &media finder
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2917813216-1620931575-1820313544-1000\Software\sweetim
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\bandoo
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\freeze.com
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installiq
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\applications\ilividsetupv1.exe
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd.1
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a28b4d68debaa244eb686953b7074fef
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mf
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\app24x7help_rasapi32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\app24x7help_rasmancs
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\bundlesweetimsetup_rasapi32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\bundlesweetimsetup_rasmancs
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasapi32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasmancs
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\datamngrui_rasapi32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\datamngrui_rasmancs
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\i want this_rasapi32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\i want this_rasmancs
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ilividsetupv1_rasapi32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ilividsetupv1_rasmancs
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mybabylontb_rasapi32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mybabylontb_rasmancs
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\searchqumediabar_rasapi32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\searchqumediabar_rasmancs
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\setupdatamngr_searchqu_rasapi32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\setupdatamngr_searchqu_rasmancs
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajamupdater_rasapi32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajamupdater_rasmancs
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\webcakedesktop_rasapi32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\webcakedesktop_rasmancs
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86d4b82a-abed-442a-be86-96357b70f4fe}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3198785
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3285873
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110211621178}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110211621178}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211621178}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\UpdateTask_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\UpdateTask_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\LyricsFinderUpdater_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\LyricsFinderUpdater_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\LyricsFinder_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\LyricsFinder_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\softonic-us-silent_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\softonic-us-silent_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_ares_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_ares_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnSetup_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnSetup_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\UpdateTask_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\UpdateTask_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\LyricsFinderUpdater_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\LyricsFinderUpdater_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\LyricsFinder_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\LyricsFinder_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\softonic-us-silent_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\softonic-us-silent_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_ares_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_ares_RASMANCS
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A86CB93C-AF88-B5FE-F4D9-E79E5C6A4474}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Successfully deleted: [Registry Key] "hkey_current_user\software\apn"
    Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\asktoolbarinfo"
    Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\asktoolbar"
    Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com"
    Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"
    Successfully deleted: [Registry Key] "hkey_local_machine\software\apn"
    Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar"
    Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\{9b0cb95c-933a-4b8c-b6d4-edcd19a43874}"
    Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\typelib\{2996f0e7-292b-4cae-893f-47b8b1c05b56}"
     
     
     
    ~~~ Files
     
    Successfully deleted: [File] "C:\end"
     
     
     
    ~~~ Folders
     
    Successfully deleted: [Folder] "C:\ProgramData\apn"
    Successfully deleted: [Folder] "C:\ProgramData\babylon"
    Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
    Successfully deleted: [Folder] "C:\ProgramData\gametap web player"
    Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
    Successfully deleted: [Folder] "C:\Users\janice\AppData\Roaming\babylon"
    Successfully deleted: [Folder] "C:\Users\janice\AppData\Roaming\dsite"
    Successfully deleted: [Folder] "C:\Users\janice\AppData\Roaming\media finder"
    Successfully deleted: [Folder] "C:\Users\janice\appdata\local\conduit"
    Successfully deleted: [Folder] "C:\Users\janice\appdata\local\cre"
    Successfully deleted: [Folder] "C:\Users\janice\appdata\local\ilivid player"
    Successfully deleted: [Folder] "C:\Users\janice\appdata\local\solid savings"
    Successfully deleted: [Folder] "C:\Users\janice\appdata\local\wajam"
    Successfully deleted: [Folder] "C:\Users\janice\appdata\locallow\boost_interprocess"
    Successfully deleted: [Folder] "C:\Users\janice\appdata\locallow\conduit"
    Successfully deleted: [Folder] "C:\Users\janice\appdata\locallow\datamngr"
    Successfully deleted: [Folder] "C:\Users\janice\appdata\locallow\funwebproducts"
    Successfully deleted: [Folder] "C:\Users\janice\appdata\locallow\mywebsearch"
    Successfully deleted: [Folder] "C:\Users\janice\appdata\locallow\searchquband"
    Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
    Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup"
    Successfully deleted: [Folder] "C:\Program Files (x86)\oapps"
    Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
    Successfully deleted: [Folder] "C:\Users\janice\appdata\locallow\asktoolbar"
    Successfully deleted: [Folder] "C:\Program Files (x86)\ask.com"
    Successfully deleted: [Folder] "C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"
     
     
     
    ~~~ FireFox
     
    Successfully deleted: [File] C:\user.js
    Successfully deleted: [File] C:\Users\janice\AppData\Roaming\mozilla\firefox\profiles\37v7rsek.default\invalidprefs.js
    Successfully deleted the following from C:\Users\janice\AppData\Roaming\mozilla\firefox\profiles\37v7rsek.default\prefs.js
     
    user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3285873&SearchSource=13&CUI=UN33158478631684523");
    user_pref("Smartbar.ConduitSearchEngineList", "MixiDJ V1 Customized Web Search");
    user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3285873&SearchSource=2&CUI=UN33158478631684523&UM=UM_ID&q=");
    user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
    user_pref("Smartbar.keywordURLSelectedCTID", "CT3285873");
    user_pref("browser.search.defaultthis.engineName", "MixiDJ V1 Customized Web Search");
    user_pref("extensions.mywebsearch.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/opensearch.jhtml?id=RGman000&ptb=ESVYCi1IbDrNc8.eB4Aksw&ind=2010122314&ptnrS=RGman
    user_pref("extensions.mywebsearch.prevKwdEnabled", true);
    user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=RGman000&ptb=ESVYCi1IbDrNc8.eB4Aksw&ind=2010122314&ptnrS=RGman000&si=
    user_pref("extensions.wajam.affiliate_id", "3672");
    user_pref("extensions.wajam.firstrun", "false");
    user_pref("extensions.wajam.log_send_info", "false");
    user_pref("extensions.wajam.no_trace", "true");
    user_pref("extensions.wajam.server_current_mapping_version", "0.21086");
    user_pref("extensions.wajam.trace_log", "1365554142426 - load - processBrowserLoad\n1365554142426 - readNoTrace - 64 bits - Error Message: Component returned failure code: 0x8
    user_pref("extensions.wajam.unique_id", "5dd6bc60d1bdaf26d858dad6d1efb7a7");
    user_pref("extensions.wajam.user_current_mapping_version", "0");
    user_pref("extensions.wajam.version", "1.26");
    user_pref("smartbar.machineId", "FKPGEUFFMATSAW9472GYVJDZRDYPVST+C/U8O4FFYUPLQQNIAG6+A8UFNKEHSMQBHYYOLQOGAPNLDVRJO/DECA");
    user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
    user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3285873&SearchSource=3&q={searchTerms}&CUI=UN3315847863168452
    user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
    user_pref("sweetim.toolbar.previous.browser.startup.homepage", "about:home");
    user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3285873&SearchSource=2&CUI=UN33158478631684523&UM=&q=");
    user_pref("sweetim.toolbar.urls.homepage", "hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={83F25AC0-EC44-11E2-B087-90E6BAC5A594}");
    Emptied folder: C:\Users\janice\AppData\Roaming\mozilla\firefox\profiles\37v7rsek.default\minidumps [196 files]
     
     
     
    ~~~ Chrome
     
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\bicnnkjibmphdeigoodpjlcklcnaobdj
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
     
     
     
    ~~~ Event Viewer Logs were cleared
     
     
     
     
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Tue 04/01/2014 at 20:20:24.99
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     
     
    ASWMBR Log:
     
     
    aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
    Run date: 2014-04-01 20:22:31
    -----------------------------
    20:22:31.937    OS Version: Windows x64 6.1.7600 
    20:22:31.937    Number of processors: 2 586 0x402
    20:22:31.937    ComputerName: JANICE-PC  UserName: janice
    20:22:32.358    Initialize success
    20:22:35.852    AVAST engine defs: 14032400
    20:22:48.473    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    20:22:48.473    Disk 0 Vendor: WDC_WD6400AAKS-65A7B2 01.03B01 Size: 610480MB BusType: 3
    20:22:48.551    Disk 0 MBR read successfully
    20:22:48.551    Disk 0 MBR scan
    20:22:48.566    Disk 0 Windows 7 default MBR code
    20:22:48.582    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       160000 MB offset 206848
    20:22:48.613    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       450278 MB offset 328091648
    20:22:48.644    Disk 0 scanning C:\Windows\system32\drivers
    20:22:55.150    Service scanning
    20:23:07.910    Modules scanning
    20:23:07.926    Disk 0 trace - called modules:
    20:23:07.926    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 
    20:23:07.942    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004875060]
    20:23:08.456    3 CLASSPNP.SYS[fffff880018a443f] -> nt!IofCallDriver -> [0xfffffa800486e520]
    20:23:08.456    5 ACPI.sys[fffff88000e72781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004872060]
    20:23:08.846    AVAST engine scan C:\Windows
    20:23:10.453    AVAST engine scan C:\Windows\system32
    20:24:42.962    AVAST engine scan C:\Windows\system32\drivers
    20:24:50.575    AVAST engine scan C:\Users\janice
    20:34:13.035    AVAST engine scan C:\ProgramData
    20:35:55.917    Scan finished successfully
    20:36:52.701    Disk 0 MBR has been saved successfully to "C:\Users\janice\Desktop\MBR.dat"
    20:36:52.701    The log file has been saved successfully to "C:\Users\janice\Desktop\aswMBR.txt"
     
     
     
    The computer seems to be running a bit better.   Still no internet connection.
     


    #12 Terrien

    Terrien
    • Topic Starter

    • Members
    • 36 posts
    • OFFLINE
    •  
    • Local time:02:04 AM

    Posted 01 April 2014 - 11:08 PM

    I feel like an idiot,  I checked the Ethernet cable and it will not work on the laptops, I'm guessing the cord is bad.  I will try to get another one soon and see if that works.  From what I gather from the logs the computer had other issues that needed to be addressed anyway.



    #13 Bud_91

    Bud_91

    • Malware Response Team
    • 438 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:04:04 AM

    Posted 02 April 2014 - 08:18 AM

    Good catch. I didn't really see anything bad enough in your logs to cause your symptoms, but it was good to clean off the adware.

     

    One thing that concerns me is the logs show some errors on hard drives 1 and 2. I believe this refers to your secondary drive and your flash drive. I think we should run a chkdsk on the H: drive.

    Click the start button and select "Run." Type cmd and press enter to open a command prompt. Then type:

    chkdsk /x /r H:

    Allow the computer to restart and perform a chkdskAfter it finishes, download and run this script and the chkdsk log will open. Please post it in your next reply.

     

    Note: If the disk is flaky, running chkdsk might cause it to fail. It would be a good idea to have a backup of important files before running this.


    If I have not responded to your log in 36 hours, feel free to send me a PM.

    If you would like to make a thank-you donation, please click here: btn_donate_SM.png

     

    A.K.A. Buddierdl @ GeeksToGo.com


    #14 Terrien

    Terrien
    • Topic Starter

    • Members
    • 36 posts
    • OFFLINE
    •  
    • Local time:02:04 AM

    Posted 02 April 2014 - 11:55 AM

    The H: drive is an external hard drive that we use for storing movies and archiving pictures.  I'm running the chkdsk on it now but it seems it will take a while (terrabyte drive and all)  I'll post up the log as soon as it finishes.



    #15 Terrien

    Terrien
    • Topic Starter

    • Members
    • 36 posts
    • OFFLINE
    •  
    • Local time:02:04 AM

    Posted 02 April 2014 - 03:10 PM

    after 3 hours the computer shutdown unexpectedly.  the chkdsk did not finish, it was still at 10% when it crashed.  Do you want me to try to run it again?






    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users