Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple Trojans, malware, etc (60 files infected) - what to do?


  • This topic is locked This topic is locked
69 replies to this topic

#1 jdesunshine

jdesunshine

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:20 AM

Posted 19 July 2014 - 12:26 AM

I'm helping out friend & her husband, who likes to watch movies from bittorrent sites. Needless to say, his laptop is infected with  It's a Compac running Vista Home with Avast installed and hasn't been used in at least a year or more (he didn't know what to do to fix the problem, so he used his wife's laptop).

 

Also, there's a few other problems that may or maynot be a result of the infections, but it's not clear. I can't get the wireless connection to work (HP wireless assistant options are disabled or off), and the touchpad doesn't move the cursor or select anything that's highlighted, but the touchpad buttons work (than goodness).  I downloaded and installed Chrome and get an error that it can't load that maybe the profile doesn't exist or tht I don't have permission to access it.

 

I haven't used Vista or Avast more than once each, and there's so many trojans, malware, PUPs, etc. that I'm not sure where to start. Any help would be appreciated. After updating Avast, I ran a quick scan and it suggested I run a boot scan and those results are here:

07/18/2014 03:19
Scan of all local drives

File C:\Program Files\Online Services\MSN90\msnsusii.exe|>ccclient.exe|>cc.exe is infected by Win32:Dropper-gen [Drp], Moved to chest
File C:\Program Files\Online Services\MSN90\pkgs\en\us\ms\msnsusii.exe|>ccclient.exe|>cc.exe is infected by Win32:Dropper-gen [Drp], Moved to chest
File C:\ProgramData\Codecv\bhoclass.dll is infected by Win32:MultiPlug-K [PUP], Moved to chest
File C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7G3T6CS7\v88[1].exe is infected by Win32:InstallMate-CJ [PUP], Moved to chest
File C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7G3T6CS7\a6f26911[1].exe|>[UPX] is infected by Win32:PUP-gen [PUP], Moved to chest
File C:\Users\John\AppData\Local\Temp\Low\0.12293973120140989|>$R0\fptjnmg.dll is infected by Win32:Sefnit-GT [Drp], Moved to chest
File C:\Users\John\AppData\Local\Temp\Low\0.12293973120140989|>$R0\kmzkybj.dll is infected by Win32:Sefnit-GT [Drp], Moved to chest
File C:\Users\John\AppData\Local\Temp\Low\0.201510154011735|>$R0\qliktrwx.dll is infected by Win32:Tracur-HZ [Trj], Moved to chest
File C:\Users\John\AppData\Local\Temp\Low\0.5404214865071394|>nsis.hdr is infected by NSIS:Malware-gen [Trj], Moved to chest
File C:\Users\John\AppData\Local\Temp\Low\0.5404214865071394|>$R0\dyddza.dll is infected by Win32:Sefnit-GT [Drp], Moved to chest
File C:\Users\John\AppData\Local\Temp\Low\0.5404214865071394|>$R0\xdlqzl.dll is infected by Win32:Sefnit-GT [Drp], Moved to chest
File C:\Users\John\AppData\Local\Temp\Low\0.7150993279956184|>nsis.hdr is infected by NSIS:Malware-gen [Trj], Moved to chest
File C:\Users\John\AppData\Local\Temp\Low\0.7150993279956184|>$R0\fprpbuai.dll is infected by Win32:Sefnit-GT [Drp], Moved to chest
File C:\Users\John\AppData\Local\Temp\Low\0.7150993279956184|>$R0\tzsfv.dll is infected by Win32:Sefnit-GT [Drp], Moved to chest
File C:\Users\John\AppData\Local\Temp\Low\nsj75C9.tmp\gh3dqrh.wku is infected by Win32:MalOb-HO [Cryp], Moved to chest
File C:\Users\John\AppData\Local\Temp\Low\nsj75C9.tmp\p2exxtg.byo is infected by Win32:MalOb-HO [Cryp], Moved to chest
File C:\Users\John\AppData\Local\Temp\Low\nsj75C9.tmp\pd5wjgr.hdt is infected by Win32:MalOb-HO [Cryp], Moved to chest
File C:\Users\John\AppData\Local\Temp\Low\nsj75C9.tmp\vglnl4t.kge is infected by Win32:MalOb-HO [Cryp], Moved to chest
File C:\Users\John\AppData\Local\Temp\Low\nsj75C9.tmp\zd1spsp.sue is infected by Win32:MalOb-HO [Cryp], Moved to chest
File C:\Users\John\AppData\Local\Temp\Low\slp41454.tmp|>$R0\gh3dqrh.wku is infected by Win32:MalOb-HO [Cryp], Moved to chest
File C:\Users\John\AppData\Local\Temp\Low\slp41454.tmp|>$R0\pd5wjgr.hdt is infected by Win32:MalOb-HO [Cryp], Moved to chest
File C:\Users\John\AppData\Local\Temp\Low\slp41454.tmp|>$R0\p2exxtg.byo is infected by Win32:MalOb-HO [Cryp], Moved to chest
File C:\Users\John\AppData\Local\Temp\Low\slp41454.tmp|>$R0\vglnl4t.kge is infected by Win32:MalOb-HO [Cryp], Moved to chest
File C:\Users\John\AppData\Local\Temp\Low\slp41454.tmp|>$R0\zd1spsp.sue is infected by Win32:MalOb-HO [Cryp], Moved to chest
File C:\Users\John\AppData\Local\Temp\Low\slp49165.tmp is infected by Win32:MalOb-IK [Cryp], Moved to chest
File C:\Users\John\AppData\Local\Temp\Low\f8313420853.tmp is infected by Win32:MalOb-HP [Cryp], Moved to chest
File C:\Users\John\AppData\Local\Temp\Low\jar_cache47474.tmp|>fdgtyur\cedl0wdrs.class is infected by Java:CVE-2012-0507-JK [Expl], Moved to chest
File C:\Users\John\AppData\Local\Temp\Low\jar_cache47474.tmp|>fdgtyur\FAW.class is infected by Java:Malware-gen [Trj], Moved to chest
File C:\Users\John\AppData\Local\Temp\Low\jar_cache47474.tmp|>fdgtyur\locd.class is infected by Java:CVE-2012-0507-PF [Expl], Moved to chest
File C:\Users\John\AppData\Local\Temp\Low\jar_cache47474.tmp|>fdgtyur\M4S1art.class is infected by Java:Downloader-KU [Trj], Moved to chest
File C:\Users\John\AppData\Local\Temp\Low\jar_cache47474.tmp|>fdgtyur\tert.class is infected by Java:Malware-gen [Trj], Moved to chest
File C:\Users\John\AppData\Local\Temp\Low\jar_cache47474.tmp|>fdgtyur\uiop.class is infected by Java:Malware-gen [Trj], Moved to chest
File C:\Users\John\AppData\Local\Temp\Low\jar_cache47474.tmp|>fdgtyur\xdfr.class is infected by Java:Malware-gen [Trj], Moved to chest
File C:\Users\John\AppData\Local\Temp\Low\jar_cache48177.tmp|>main.class is infected by Java:CVE-2011-3544-FR [Expl], Moved to chest
File C:\Users\John\AppData\Local\Temp\Low\jar_cache5128.tmp|>xmltree\kolan.class is infected by Java:Agent-AIH [Expl], Moved to chest
File C:\Users\John\AppData\Local\Temp\Low\jar_cache5128.tmp|>xmltree\lindsa.class is infected by Java:Agent-AJA [Expl], Moved to chest
File C:\Users\John\AppData\Local\Temp\Low\jar_cache5128.tmp|>xmltree\londa.class is infected by Java:Agent-AIA [Expl], Moved to chest
File C:\Users\John\AppData\Local\Temp\Low\jar_cache5128.tmp|>xmltree\oplef.class is infected by Java:Agent-AIL [Expl], Moved to chest
File C:\Users\John\AppData\Local\Temp\Low\jar_cache5128.tmp|>xmltree\peqras.class is infected by Java:Agent-AIA [Expl], Moved to chest
File C:\Users\John\AppData\Local\Temp\Low\jar_cache5128.tmp|>xmltree\spager.class is infected by Java:Agent-AHJ [Expl], Moved to chest
File C:\Users\John\AppData\Local\Temp\Low\jar_cache5129.tmp|>notana.class is infected by Java:CVE-2011-3544-AH [Expl], Moved to chest
File C:\Users\John\AppData\Local\Temp\Low\jar_cache8499.tmp|>fdgtyur\cedl0wdrs.class is infected by Java:CVE-2012-0507-JK [Expl], Moved to chest
File C:\Users\John\AppData\Local\Temp\Low\jar_cache8499.tmp|>fdgtyur\FAW.class is infected by Java:Malware-gen [Trj], Moved to chest
File C:\Users\John\AppData\Local\Temp\Low\jar_cache8499.tmp|>fdgtyur\locd.class is infected by Java:CVE-2012-0507-PF [Expl], Moved to chest
File C:\Users\John\AppData\Local\Temp\Low\jar_cache8499.tmp|>fdgtyur\M4S1art.class is infected by Java:Downloader-KU [Trj], Moved to chest
File C:\Users\John\AppData\Local\Temp\Low\jar_cache8499.tmp|>fdgtyur\tert.class is infected by Java:Malware-gen [Trj], Moved to chest
File C:\Users\John\AppData\Local\Temp\Low\jar_cache8499.tmp|>fdgtyur\uiop.class is infected by Java:Agent-BEN [Expl], Moved to chest
File C:\Users\John\AppData\Local\Temp\nsgCEA9.tmp|>$TEMPDIR\BetterInstaller.exe is infected by Win32:Somoto-B [PUP], Moved to chest
File C:\Users\John\AppData\Local\Temp\nsgCEA9.tmp is infected by Win32:Adware-gen [Adw], Moved to chest
File C:\Users\John\AppData\Local\TempDIR\BetterInstaller.exe is infected by Win32:Somoto-B [PUP], Moved to chest
File C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\2caccaac-3039cc5c|>Final.class is infected by Java:CVE-2011-3544-I [Expl], Moved to chest
File C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\2caccaac-3039cc5c|>v.class is infected by Java:Agent-BEA [Expl], Moved to chest
File C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\18396c39-7ecadfe0|>folder\boing$1.class is infected by Java:Agent-BAE [Expl], Moved to chest
File C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\18396c39-7ecadfe0|>folder\boing.class is infected by Java:Agent-OB [Expl], Moved to chest
File C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\18396c39-7ecadfe0|>folder\Colt_M4A1.class is infected by Java:Agent-BAF [Expl], Moved to chest
File C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\18396c39-7ecadfe0|>folder\Glocker.class is infected by Java:Agent-BAG [Expl], Moved to chest
File C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\18396c39-7ecadfe0|>folder\Sig_552.class is infected by Java:Malware-gen [Trj], Moved to chest
File C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\18396c39-7ecadfe0|>folder\Zamena.class is infected by Java:CVE-2010-0840-CC [Expl], Moved to chest
File C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\1667aa7a-76ba3d6e|>main.class is infected by Java:CVE-2011-3544-FR [Expl], Moved to chest
File C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\1e9255ba-5c6e9262|>main.class is infected by Java:Agent-AXI [Expl], Moved to chest
Number of searched folders: 28573
Number of tested files: 707125
Number of infected files: 60

-------------------------------------------------------------------------------------------------
 

Here's the dds log file:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6001.18639  BrowserJavaVersion: 10.65.2
Run by John at 1:11:18 on 2014-07-19
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.1.1033.18.1790.1091 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
C:\Windows\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\TeamViewer\Version9\TeamViewer.exe
C:\Program Files\TeamViewer\Version9\tv_w32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^9N^xdm094^S05583^us&ptb=21C43A4F-3334-4F7E-BFA0-7F97B1E7CC14&si=CPyOnf2MkbcCFcNa4AodpBwAKA
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cnnb
uURLSearchHooks: {bb45ef8e-1e36-4535-a017-ec908fb1e335} - <orphaned>
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [Conime] c:\windows\system32\conime.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.318\SSScheduler.exe
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 10.0.0.1
TCP: Interfaces\{A631FD47-927E-4B0D-BF31-0E99C36BE4BE} : DHCPNameServer = 10.0.0.1
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\36.0.1985.125\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\john\appdata\roaming\mozilla\firefox\profiles\z0vogl7r.default\
FF - prefs.js: browser.search.defaulturl - hxxps://search.yahoo.com/yhs/search
FF - prefs.js: browser.search.selectedEngine - Yahoo! (Avast)
FF - prefs.js: browser.startup.homepage - hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
FF - prefs.js: keyword.URL - hxxps://search.yahoo.com/yhs/search
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_14_0_0_145.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2007-9-1 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2007-9-1 192352]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-11 779536]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2011-5-11 414520]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2007-9-1 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-5-11 67824]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-5-11 50344]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\ekdiscovery.exe [2009-8-5 284016]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-6-25 361808]
R2 TeamViewer9;TeamViewer 9;c:\program files\teamviewer\version9\TeamViewer_Service.exe [2014-7-18 5037888]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2010-11-21 24652]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-6-25 193840]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2014-7-18 25088]
.
=============== Created Last 30 ================
.
2014-07-18 21:18:07    758784    ----a-w-    c:\windows\system32\cohelper.dll
2014-07-18 21:16:06    80896    ----a-w-    c:\windows\system32\MSNP.ax
2014-07-18 21:16:06    57856    ----a-w-    c:\windows\system32\MSDvbNP.ax
2014-07-18 21:15:59    293376    ----a-w-    c:\windows\system32\psisdecd.dll
2014-07-18 21:15:57    217088    ----a-w-    c:\windows\system32\psisrndr.ax
2014-07-18 21:11:47    --------    d-----w-    c:\windows\system32\MRT
2014-07-18 21:08:25    --------    d-----w-    c:\program files\NVIDIA Corporation
2014-07-18 21:05:26    2048    ----a-w-    c:\windows\system32\winrsmgr.dll
2014-07-18 21:05:03    20480    ----a-w-    c:\windows\system32\winrshost.exe
2014-07-18 21:05:03    12800    ----a-w-    c:\windows\system32\wsmprovhost.exe
2014-07-18 21:05:02    40448    ----a-w-    c:\windows\system32\winrs.exe
2014-07-18 21:05:00    10240    ----a-w-    c:\windows\system32\wsmplpxy.dll
2014-07-18 21:05:00    10240    ----a-w-    c:\windows\system32\winrssrv.dll
2014-07-18 21:01:42    523776    ----a-w-    c:\windows\system32\RMActivate_isv.exe
2014-07-18 21:00:58    1645568    ----a-w-    c:\windows\system32\connect.dll
2014-07-18 20:55:59    1418752    ----a-w-    c:\program files\windows media player\setup_wm.exe
2014-07-18 20:55:58    310784    ----a-w-    c:\windows\system32\unregmp2.exe
2014-07-18 19:13:23    --------    d-----w-    c:\programdata\Oracle
2014-07-18 19:11:53    96680    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2014-07-18 18:30:29    19448    ----a-w-    c:\windows\system32\spool\prtprocs\w32x86\TeamViewer_PrintProcessor.dll
2014-07-18 18:29:08    --------    d-----w-    c:\users\john\appdata\roaming\TeamViewer
2014-07-18 18:28:57    25088    ----a-w-    c:\windows\system32\drivers\teamviewervpn.sys
2014-07-18 18:28:54    --------    d-----w-    c:\program files\TeamViewer
2014-07-18 06:59:48    8217224    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{9737dbae-3ba5-4f38-b9d6-6bb402b95c84}\mpengine.dll
2014-07-18 06:40:23    --------    d-----w-    c:\users\john\appdata\roaming\VSRevoGroup
.
==================== Find3M  ====================
.
2014-07-18 19:55:32    71344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-18 19:55:32    699056    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
.
============= FINISH:  1:12:13.49 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,044 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:20 PM

Posted 21 July 2014 - 09:29 AM

Hello and Welcome on board ,

my Name is Machiavelli and I will assist you with your problem.
If you booted into safe mode on your computer then print my instructions!
I'm in the 'Malware Staff Team' and will provide you with advice:

To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.

Below are a few tips:
  • Removing Malware is usually very difficult.
    We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!
  • Please follow these instructions
    If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!
  • Please stay in contact with me until your problem is resolved
    As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.
  • Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware
    Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!
  • Read my post completely
    If you don't do so, you may make mistakes that could result in your System crashing by your own actions!
 

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 jdesunshine

jdesunshine
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:20 AM

Posted 21 July 2014 - 04:19 PM

Hi Machiavelli, thank you for your help on this computer. I downloaded and ran FRST and I'm psting the contents of both logs for you to review. After looking at them, I see where i forgot to disable Windows Defender. If I need to do that and run the scans again, please let me know.

 

 

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-07-2014
Ran by John (administrator) on JOHN-PC on 21-07-2014 17:03:50
Running from C:\Users\John\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 7
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink Corp.) C:\Program Files\HP\QuickPlay\QPService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\WINDOWS\SMINST\BLService.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Eastman Kodak Company) C:\WINDOWS\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
(Viewpoint Corporation) C:\Program Files\Viewpoint\Common\ViewpointService.exe
(Conexant Systems, Inc.) C:\WINDOWS\System32\drivers\XAudio.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Microsoft Corporation) C:\WINDOWS\System32\wbem\unsecapp.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation) C:\WINDOWS\System32\wuauclt.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe


==================== Registry (Whitelisted) ==================

HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (No File)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^9N^xdm094^S05583^us&ptb=21C43A4F-3334-4F7E-BFA0-7F97B1E7CC14&si=CPyOnf2MkbcCFcNa4AodpBwAKA
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cnnb
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cnnb
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cnnb
URLSearchHook: HKCU - (No Name) - {bb45ef8e-1e36-4535-a017-ec908fb1e335} -  No File
SearchScopes: HKLM - {427D4576-43A0-4DC5-A47D-B4FEB3C56518} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psnb
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://www.searchqu.com/web?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM - {AE83A03E-F4BC-4D8E-8E26-29E14DEB4135} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3101810
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&affID=111363&babsrc=SP_ss&mntrId=d471bee7000000000000001d727c4b08
SearchScopes: HKCU - {427D4576-43A0-4DC5-A47D-B4FEB3C56518} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psnb
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://www.searchqu.com/web?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKCU - {AE83A03E-F4BC-4D8E-8E26-29E14DEB4135} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3101810
BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} ->  No File
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1

FireFox:
========
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\z0vogl7r.default
FF DefaultSearchEngine: Yahoo! (Avast)
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Yahoo! (Avast)
FF Homepage: https://www.yahoo.com?fr=hp-avast&type=avastbcl
FF Keyword.URL: https://search.yahoo.com/yhs/search
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.65.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @viewpoint.com/VMP - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF SearchPlugin: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\z0vogl7r.default\searchplugins\yahoo-avast.xml
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008-06-25]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-11-24]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-05-11]

Chrome:
=======
CHR Extension: (Codecv) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajhcekcffkpnaednoeoegnmnjdlnjjmg [2014-07-18]
CHR Extension: (Google Docs) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-18]
CHR Extension: (Google Drive) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-18]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-18]
CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-18]
CHR Extension: (Google Search) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-18]
CHR Extension: (avast! Online Security) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-07-18]
CHR Extension: (Google Wallet) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-18]
CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-18]
CHR HKLM\...\Chrome\Extension: [ajhcekcffkpnaednoeoegnmnjdlnjjmg] - C:\ProgramData\Codecv\ajhcekcffkpnaednoeoegnmnjdlnjjmg.crx [2012-04-16]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2007-09-01]

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2007-09-01] (AVAST Software)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-04-15] (Hewlett-Packard) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 Kodak AiO Network Discovery Service; C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe [284016 2009-08-05] (Eastman Kodak Company)
R2 Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [361808 2008-04-25] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()
R2 Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [24652 2007-01-04] (Viewpoint Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2007-09-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2007-09-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55112 2007-09-01] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2007-09-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2007-09-01] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-07-18] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57800 2007-09-01] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2007-09-01] ()
S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2009-08-19] (Avanquest Software) [File not signed]
S3 HpqRemHid; C:\Windows\System32\DRIVERS\HpqRemHid.sys [7168 2007-07-11] (Hewlett-Packard Development Company, L.P.)
R3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2013-10-17] (TeamViewer GmbH)
U1 eabfiltr;
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-21 17:03 - 2014-07-21 17:04 - 00014514 _____ () C:\Users\John\Desktop\FRST.txt
2014-07-21 17:01 - 2014-07-21 17:03 - 00000000 ____D () C:\FRST
2014-07-21 17:01 - 2014-07-21 16:53 - 01080320 _____ (Farbar) C:\Users\John\Desktop\FRST.exe
2014-07-21 16:53 - 2014-07-21 16:53 - 01080320 _____ (Farbar) C:\Users\John\Downloads\FRST.exe
2014-07-19 01:13 - 2014-07-19 01:13 - 00003648 _____ () C:\Users\John\Desktop\attach.txt
2014-07-19 01:13 - 2014-07-19 01:12 - 00012049 _____ () C:\Users\John\Desktop\dds.txt
2014-07-18 22:06 - 2014-07-18 22:06 - 00000000 ____D () C:\Windows\system32\WindowsPowerShell
2014-07-18 18:10 - 2014-07-18 18:10 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-18 17:18 - 2010-08-12 11:46 - 00758784 _____ (NVIDIA Corporation) C:\Windows\system32\cohelper.dll
2014-07-18 17:16 - 2010-04-14 13:46 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\MSNP.ax
2014-07-18 17:16 - 2008-04-23 00:41 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\MSDvbNP.ax
2014-07-18 17:15 - 2010-04-14 13:47 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll
2014-07-18 17:15 - 2010-04-14 13:47 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax
2014-07-18 17:11 - 2014-07-18 17:14 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-18 17:08 - 2014-07-18 17:18 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-07-18 17:05 - 2009-10-09 17:56 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\winrs.exe
2014-07-18 17:05 - 2009-10-09 17:56 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\winrshost.exe
2014-07-18 17:05 - 2009-10-09 17:56 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2014-07-18 17:05 - 2009-10-09 17:56 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2014-07-18 17:05 - 2009-10-09 17:56 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\winrssrv.dll
2014-07-18 17:05 - 2009-10-09 17:56 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\winrsmgr.dll
2014-07-18 17:04 - 2009-10-09 17:56 - 01181696 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-07-18 17:04 - 2009-10-09 17:56 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-07-18 17:04 - 2009-10-09 17:56 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\winrscmd.dll
2014-07-18 17:04 - 2009-10-09 17:56 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-07-18 17:04 - 2009-10-09 17:56 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-07-18 17:04 - 2009-10-09 17:56 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\pwrshplugin.dll
2014-07-18 17:04 - 2009-10-09 17:55 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-07-18 17:04 - 2009-10-09 17:55 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\wecsvc.dll
2014-07-18 17:04 - 2009-10-09 17:55 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\wevtfwd.dll
2014-07-18 17:04 - 2009-10-09 17:55 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\wecutil.exe
2014-07-18 17:04 - 2009-10-09 17:55 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\wecapi.dll
2014-07-18 17:04 - 2009-10-09 17:55 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
2014-07-18 17:04 - 2009-08-01 02:27 - 00201184 _____ () C:\Windows\system32\winrm.vbs
2014-07-18 17:04 - 2009-07-16 13:30 - 00004675 _____ () C:\Windows\system32\wsmanconfig_schema.xml
2014-07-18 17:04 - 2009-07-16 13:30 - 00002426 _____ () C:\Windows\system32\WsmTxt.xsl
2014-07-18 17:01 - 2011-04-12 10:53 - 00890368 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-07-18 17:01 - 2011-03-03 10:56 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\Apphlpdm.dll
2014-07-18 17:01 - 2011-03-03 09:01 - 04240384 _____ (Microsoft) C:\Windows\system32\GameUXLegacyGDFs.dll
2014-07-18 17:01 - 2010-01-25 08:48 - 00472576 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-07-18 17:01 - 2010-01-25 08:48 - 00472064 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-07-18 17:01 - 2010-01-25 08:48 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-07-18 17:01 - 2010-01-25 08:48 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-07-18 17:01 - 2010-01-25 08:45 - 00329216 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-07-18 17:01 - 2010-01-25 04:35 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-07-18 17:01 - 2010-01-25 04:35 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-07-18 17:01 - 2010-01-25 04:34 - 00511488 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-07-18 17:01 - 2010-01-25 04:34 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-07-18 17:01 - 2009-10-23 13:42 - 00714240 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2014-07-18 17:01 - 2008-10-21 23:57 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceApi.dll
2014-07-18 17:01 - 2008-09-18 00:56 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2014-07-18 17:01 - 2008-09-18 00:56 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\wersvc.dll
2014-07-18 17:01 - 2008-08-27 23:40 - 00712704 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-07-18 17:01 - 2008-08-27 23:40 - 00425472 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll
2014-07-18 17:01 - 2008-08-27 23:40 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2014-07-18 17:01 - 2008-03-08 00:21 - 01695744 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2014-07-18 17:00 - 2008-10-21 01:25 - 01645568 _____ (Microsoft Corporation) C:\Windows\system32\connect.dll
2014-07-18 16:55 - 2009-09-10 11:21 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\unregmp2.exe
2014-07-18 16:47 - 2014-07-18 16:47 - 00001931 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-18 16:47 - 2014-07-18 16:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-18 15:13 - 2014-07-18 15:13 - 00000000 ____D () C:\Windows\Sun
2014-07-18 15:13 - 2014-07-18 15:13 - 00000000 ____D () C:\Users\John\AppData\Roaming\Oracle
2014-07-18 15:13 - 2014-07-18 15:13 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-18 15:12 - 2014-07-18 15:12 - 00000000 ____D () C:\ProgramData\Sun
2014-07-18 15:12 - 2014-07-18 15:12 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-07-18 15:12 - 2014-07-18 15:11 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-07-18 15:11 - 2014-07-18 15:11 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-07-18 15:11 - 2014-07-18 15:11 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-07-18 15:11 - 2014-07-18 15:11 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-07-18 14:29 - 2014-07-18 14:29 - 00000927 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-07-18 14:29 - 2014-07-18 14:29 - 00000915 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-07-18 14:29 - 2014-07-18 14:29 - 00000000 ____D () C:\Users\John\AppData\Roaming\TeamViewer
2014-07-18 14:28 - 2014-07-18 14:28 - 00000000 ____D () C:\Program Files\TeamViewer
2014-07-18 14:28 - 2013-10-17 11:32 - 00025088 _____ (TeamViewer GmbH) C:\Windows\system32\Drivers\teamviewervpn.sys
2014-07-18 14:26 - 2014-07-18 14:27 - 06226040 _____ (TeamViewer GmbH) C:\Users\John\Downloads\TeamViewer_Setup_en.exe
2014-07-18 02:40 - 2014-07-18 02:40 - 00000000 ____D () C:\Users\John\AppData\Roaming\VSRevoGroup

==================== One Month Modified Files and Folders =======

2014-07-21 17:04 - 2014-07-21 17:03 - 00014514 _____ () C:\Users\John\Desktop\FRST.txt
2014-07-21 17:03 - 2014-07-21 17:01 - 00000000 ____D () C:\FRST
2014-07-21 16:59 - 2010-11-21 19:55 - 01960151 _____ () C:\Windows\WindowsUpdate.log
2014-07-21 16:56 - 2010-11-21 20:04 - 00031776 _____ () C:\ProgramData\nvModes.001
2014-07-21 16:56 - 2010-11-21 20:03 - 00031776 _____ () C:\ProgramData\nvModes.dat
2014-07-21 16:55 - 2013-03-21 16:39 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-21 16:53 - 2014-07-21 17:01 - 01080320 _____ (Farbar) C:\Users\John\Desktop\FRST.exe
2014-07-21 16:53 - 2014-07-21 16:53 - 01080320 _____ (Farbar) C:\Users\John\Downloads\FRST.exe
2014-07-21 16:47 - 2006-11-02 08:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-21 16:47 - 2006-11-02 08:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-21 00:46 - 2011-07-29 10:16 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-21 00:46 - 2011-07-29 10:16 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-20 12:52 - 2010-11-22 00:08 - 00007808 _____ () C:\Users\John\AppData\Local\d3d9caps.dat
2014-07-19 14:40 - 2013-05-11 20:45 - 00000000 ____D () C:\ProgramData\Kodak
2014-07-19 14:40 - 2010-11-21 20:07 - 00000246 _____ () C:\Users\Public\Documents\hpqp.ini
2014-07-19 14:39 - 2013-03-21 16:33 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-19 14:39 - 2006-11-02 09:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-19 01:33 - 2006-11-02 09:01 - 00032630 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-19 01:31 - 2010-11-21 21:21 - 00000000 ___RD () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-19 01:13 - 2014-07-19 01:13 - 00003648 _____ () C:\Users\John\Desktop\attach.txt
2014-07-19 01:12 - 2014-07-19 01:13 - 00012049 _____ () C:\Users\John\Desktop\dds.txt
2014-07-18 22:58 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-07-18 22:26 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\rescache
2014-07-18 22:11 - 2010-11-21 23:55 - 00075440 _____ () C:\Users\John\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-18 22:11 - 2010-11-21 20:07 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-18 22:09 - 2006-11-02 08:47 - 00307288 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-18 22:08 - 2008-01-20 22:47 - 00306020 _____ () C:\Windows\PFRO.log
2014-07-18 22:06 - 2014-07-18 22:06 - 00000000 ____D () C:\Windows\system32\WindowsPowerShell
2014-07-18 22:06 - 2006-11-02 07:18 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-18 18:10 - 2014-07-18 18:10 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-18 17:18 - 2014-07-18 17:08 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-07-18 17:18 - 2010-11-21 21:21 - 00000000 ____D () C:\Users\John
2014-07-18 17:14 - 2014-07-18 17:11 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-18 16:47 - 2014-07-18 16:47 - 00001931 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-18 16:47 - 2014-07-18 16:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-18 16:46 - 2011-07-29 10:15 - 00000000 ____D () C:\Program Files\Google
2014-07-18 15:55 - 2013-03-21 16:39 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-18 15:55 - 2011-11-03 21:15 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-07-18 15:29 - 2011-05-11 22:53 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-18 15:24 - 2013-03-21 16:33 - 00000834 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-18 15:24 - 2013-03-21 16:33 - 00000834 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-18 15:13 - 2014-07-18 15:13 - 00000000 ____D () C:\Windows\Sun
2014-07-18 15:13 - 2014-07-18 15:13 - 00000000 ____D () C:\Users\John\AppData\Roaming\Oracle
2014-07-18 15:13 - 2014-07-18 15:13 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-18 15:12 - 2014-07-18 15:12 - 00000000 ____D () C:\ProgramData\Sun
2014-07-18 15:12 - 2014-07-18 15:12 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-07-18 15:11 - 2014-07-18 15:12 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-07-18 15:11 - 2014-07-18 15:11 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-07-18 15:11 - 2014-07-18 15:11 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-07-18 15:11 - 2014-07-18 15:11 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-07-18 15:11 - 2008-06-25 03:03 - 00000000 ____D () C:\Program Files\Java
2014-07-18 14:29 - 2014-07-18 14:29 - 00000927 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-07-18 14:29 - 2014-07-18 14:29 - 00000915 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-07-18 14:29 - 2014-07-18 14:29 - 00000000 ____D () C:\Users\John\AppData\Roaming\TeamViewer
2014-07-18 14:28 - 2014-07-18 14:28 - 00000000 ____D () C:\Program Files\TeamViewer
2014-07-18 14:27 - 2014-07-18 14:26 - 06226040 _____ (TeamViewer GmbH) C:\Users\John\Downloads\TeamViewer_Setup_en.exe
2014-07-18 04:09 - 2012-02-15 19:19 - 00000000 ____D () C:\Users\John\AppData\Local\TempDIR
2014-07-18 03:35 - 2012-04-16 14:07 - 00000000 ____D () C:\ProgramData\Codecv
2014-07-18 02:48 - 2006-11-02 08:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-07-18 02:40 - 2014-07-18 02:40 - 00000000 ____D () C:\Users\John\AppData\Roaming\VSRevoGroup
2014-06-26 17:38 - 2006-11-02 06:24 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

Some content of TEMP:
====================
C:\Users\John\AppData\Local\Temp\AskSLib.dll
C:\Users\John\AppData\Local\Temp\conduitinstaller.exe
C:\Users\John\AppData\Local\Temp\tbSomo.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-19 14:44

==================== End Of Log ============================

 

 

 

*****************************************************************************************************

Addition.txt log file:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:21-07-2014
Ran by John at 2014-07-21 17:05:02
Running from C:\Users\John\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader 8.1.2 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81200000003}) (Version: 8.1.2 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}) (Version: 10.2.0.023 - Adobe Systems, Inc.)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.0.626 - Adobe Systems, Inc.)
AIM 6 (HKLM\...\AIM_6) (Version:  - )
aiofw (Version: 4.2.6.8 - Eastman Kodak Company) Hidden
aioprnt (Version: 4.2.7.4 - Eastman Kodak Company) Hidden
aioscnnr (Version: 4.2.6.0 - Your Company Name) Hidden
Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2021 - AVAST Software)
Bonjour (HKLM\...\{07287123-B8AC-41CE-8346-3D777245C35B}) (Version: 1.0.106 - Apple Inc.)
Cards_Calendar_OrderGift_DoMorePlugout (Version: 1.00.0000 - Hewlett-Packard) Hidden
center (Version: 4.2.6.8 - Eastman Kodak Company) Hidden
Cisco EAP-FAST Module (HKLM\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.58.1.0 - Conexant)
CyberLink DVD Suite (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.5.1519 - CyberLink Corp.)
Google Chrome (HKLM\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Earth (HKLM\...\{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}) (Version: 7.0.3.8542 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_HERMOSA_HSF) (Version:  - )
Hewlett-Packard Active Check for Health Check (Version: 1.1.15.2 - Hewlett-Packard) Hidden
Hewlett-Packard Asset Agent for Health Check (Version: 2.0.63.2 - HP) Hidden
HP Active Support Library (Version: 3.1.4.1 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (HKLM\...\{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}) (Version: 5.6.0.2510 - Hewlett-Packard)
HP Doc Viewer (HKLM\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.01.0005 - Hewlett-Packard)
HP DVD Play 3.7 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version:  - )
HP Help and Support (HKLM\...\{8DF92D68-F8EE-4F9C-89A2-26254C1C4B6B}) (Version: 2.0.8.0 - Hewlett-Packard)
HP Photosmart Essential 2.5 (HKLM\...\HP Photosmart Essential) (Version: 2.5 - HP)
HP Photosmart Essential 2.5 (Version: 1.02.0000 - Hewlett-Packard) Hidden
HP Quick Launch Buttons 6.40 D3 (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.40 D3 - Hewlett-Packard)
HP Smart Web Printing (HKLM\...\HP Smart Web Printing) (Version: 109.9.19158 - Hewlett-Packard)
HP Smart Web Printing (Version: 109.9.19158 - Hewlett-Packard) Hidden
HP Total Care Advisor (HKLM\...\{f32502b5-5b64-4882-bf61-77f23edcac4f}) (Version: 2.1.3429.2641 - Hewlett-Packard)
HP Update (HKLM\...\{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}) (Version: 4.000.010.008 - Hewlett-Packard)
HP User Guides 0110 (HKLM\...\{B640E7CC-7091-4A24-AE76-2140065D2054}) (Version: 1.02.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{340F521E-3576-4E1A-B75C-EB0ACF751379}) (Version: 3.00 J1 - Hewlett-Packard)
HPNetworkAssistant (Version: 1.1.70 - Hewlett-Packard.) Hidden
HPPhotoSmartDiscLabel_PaperLabel (Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PrintOnDisc (Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_Tattoo (Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (Version: 2.02.0000 - Hewlett-Packard) Hidden
hpphotosmartdisclabelplugin (Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookHolidayPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookModernPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookPlayfulPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookScrapbookPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookWebPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPTCSSetup (HKLM\...\{FA3B34BE-4246-4062-90A3-34CBBEA12B72}) (Version: 1.0.964.2626 - Hewlett-Packard Company)
Java 7 Update 65 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (Version: 2.1.65.20 - Oracle, Inc.) Hidden
KODAK AiO Home Center (HKLM\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 4.2.7.7 - Eastman Kodak Company)
ksDIP (Version: 3.20.0000.0000 - Eastman Kodak Company) Hidden
LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.20.2719 - CyberLink Corp.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 en-US) (HKLM\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
muvee autoProducer 6.1 (HKLM\...\{35F83303-C0C0-46B7-B8A8-ADA7C2AC5645}) (Version: 6.10.050 - muvee Technologies)
My HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: 1.0.0.43 - WildTangent)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.52 - BVRP Software, Inc)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.5 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.718 - NVIDIA Corporation) Hidden
Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.3919 - CyberLink Corp.)
PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.2719 - CyberLink Corp.)
PowerDirector (Version: 6.5.2719 - CyberLink Corp.) Hidden
PreReq (Version: 3.20.0000.0000 - Eastman Kodak Company) Hidden
PSSWCORE (Version: 2.02.0000 - Hewlett-Packard) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickPlay SlingPlayer 0.4.6 (HKLM\...\SlingMedia.QPSlingPlayer_is1) (Version: 0.4.6 - SlingMedia)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.1.3.0 - Synaptics)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Office 2007 (KB934528) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{2B939677-2FFD-48F6-9075-7BF48CB87C80}) (Version:  - )
VideoToolkit01 (Version: 100.0.128.000 - Hewlett-Packard) Hidden
Viewpoint Media Player (HKLM\...\ViewpointMediaPlayer) (Version:  - )
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version:  - )

==================== Restore Points  =========================

01-09-2007 04:33:53 avast! antivirus system restore point
19-05-2013 14:53:07 Scheduled Checkpoint
20-05-2013 07:06:44 Scheduled Checkpoint
21-05-2013 21:01:21 Windows Update
22-05-2013 12:30:38 Scheduled Checkpoint
24-05-2013 10:38:33 Scheduled Checkpoint
24-05-2013 22:20:17 Windows Update
26-05-2013 18:14:45 Scheduled Checkpoint
27-05-2013 11:26:52 Scheduled Checkpoint
28-05-2013 14:17:31 Windows Update
31-05-2013 01:24:51 Windows Update
03-06-2013 12:11:15 Windows Update
18-07-2014 06:58:08 Windows Update
18-07-2014 18:29:33 Device Driver Package Install: TeamViewer GmbH Network adapters
18-07-2014 18:30:34 Device Driver Package Install: TeamViewer Printers
18-07-2014 18:30:34 Device Driver Package Install: TeamViewer Printers
18-07-2014 19:05:51 Removed Java™ 6 Update 5
18-07-2014 19:10:43 Installed Java 7 Update 65
18-07-2014 21:01:51 Windows Update
19-07-2014 20:27:46 Scheduled Checkpoint
20-07-2014 17:30:04 Scheduled Checkpoint

==================== Hosts content: ==========================

2006-11-02 06:23 - 2006-09-18 17:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0CA00B11-28DB-4C24-940A-377E7FE4C6D4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-07-29] (Google Inc.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1E8B19C6-20A5-4269-A7D7-582ED0B5BEEE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-07-29] (Google Inc.)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3F3E4472-FF16-456B-B7BC-14719FCF6EC6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-18] (Adobe Systems Incorporated)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {A02BF054-6493-4987-9B1B-117861D9A5CF} - System32\Tasks\Microsoft\Windows\RestartManager\{26DEAA36-2704-486e-9254-51356C832F4F} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {BF358CAE-D52B-487A-ABCF-0232DD0DA414} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2007-09-01] (AVAST Software)
Task: {DF3D3208-E32C-4BF8-A4A2-D1A2F074C380} - System32\Tasks\HPCeeScheduleForJohn => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-12-17] (Hewlett-Packard)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {E63744E3-B1F9-46DD-8FBC-58AFDF14709E} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-04-15] (Hewlett-Packard)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForJohn.job => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2011-05-11 22:52 - 2007-09-01 00:36 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-07-21 16:47 - 2014-07-21 16:47 - 02793472 _____ () C:\Program Files\AVAST Software\Avast\defs\14072101\algo.dll
2014-07-18 14:30 - 2013-10-17 11:32 - 00019448 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\TeamViewer_PrintProcessor.dll
2008-06-25 01:25 - 2008-04-01 22:31 - 00120208 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLSchMgr.dll
2008-06-25 01:25 - 2008-04-01 22:31 - 00255376 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll
2008-06-25 01:25 - 2008-04-01 22:31 - 00345384 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLTinyDB.dll
2007-09-01 00:36 - 2007-09-01 00:36 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2008-06-25 02:57 - 2008-04-25 19:15 - 00361808 _____ () C:\Windows\SMINST\BLService.exe
2008-06-25 02:58 - 2007-11-14 19:46 - 00126976 _____ () C:\Windows\SMINST\STWmiM.dll
2008-06-25 02:48 - 2007-01-09 05:25 - 00272024 _____ () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2009-06-29 15:14 - 2009-06-29 15:14 - 00012288 _____ () C:\Program Files\Kodak\AiO\Center\Logger.dll
2008-06-25 01:34 - 2008-04-11 12:04 - 00685360 _____ () C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/21/2014 04:51:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/21/2014 04:51:57 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/21/2014 04:51:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/19/2014 02:40:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/18/2014 10:58:04 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/18/2014 10:57:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/18/2014 10:57:38 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/18/2014 10:57:34 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/18/2014 10:57:12 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/18/2014 10:57:09 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


System errors:
=============
Error: (06/04/2013 09:20:58 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:42:20 PM on 6/3/2013 was unexpected.

Error: (06/03/2013 04:25:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (06/03/2013 04:25:14 PM) (Source: W32Time) (EventID: 34) (User: )
Description: The time service has detected that the system time needs to be  changed by +626878 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->64.4.10.33:123) is working properly.

Error: (06/03/2013 04:24:18 PM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (06/03/2013 08:06:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (06/03/2013 08:06:06 AM) (Source: W32Time) (EventID: 34) (User: )
Description: The time service has detected that the system time needs to be  changed by +626876 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->65.55.56.206:123) is working properly.

Error: (06/03/2013 08:05:12 AM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (06/03/2013 08:05:05 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:35:24 PM on 5/30/2013 was unexpected.

Error: (05/30/2013 09:19:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (05/30/2013 09:19:48 PM) (Source: W32Time) (EventID: 34) (User: )
Description: The time service has detected that the system time needs to be  changed by +300756 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->64.4.10.33:123) is working properly.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-07-21 17:04:30.280
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-21 17:04:30.109
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-21 17:04:29.937
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-21 17:04:29.703
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-21 17:04:29.344
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-21 17:04:29.173
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-21 17:04:29.017
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-21 17:04:28.736
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-19 01:12:12.977
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-19 01:12:12.790
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 46%
Total physical RAM: 1789.69 MB
Available physical RAM: 965.29 MB
Total Pagefile: 3833.9 MB
Available Pagefile: 2825.86 MB
Total Virtual: 2047.88 MB
Available Virtual: 1907.05 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:139.17 GB) (Free:85.08 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (PRESARIO_RP) (Fixed) (Total:9.88 GB) (Free:1.68 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149 GB) (Disk ID: C084C32E)
Partition 1: (Active) - (Size=139 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,044 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:20 PM

Posted 21 July 2014 - 04:31 PM

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 jdesunshine

jdesunshine
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:20 AM

Posted 21 July 2014 - 10:33 PM

Here's the logs from the scans in the order you have them listed. Also, does it really need Avast if Windows Defender is running?

 

 

1. adwcleaner[S0].txt log:

 

# AdwCleaner v3.216 - Report created 21/07/2014 at 22:20:20
# Updated 17/07/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 1 (32 bits)
# Username : John - JOHN-PC
# Running from : C:\Users\John\Desktop\adwcleaner_3.216.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : Viewpoint Manager Service

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Codecv
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\Viewpoint
Folder Deleted : C:\Program Files\Bandoo
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Viewpoint
Folder Deleted : C:\Users\John\AppData\Local\Babylon
Folder Deleted : C:\Users\John\AppData\Local\Conduit
Folder Deleted : C:\Users\John\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\John\AppData\Local\PackageAware
Folder Deleted : C:\Users\John\AppData\Local\Temp\AirInstaller
Folder Deleted : C:\Users\John\AppData\Local\Temp\BabylonToolbar
Folder Deleted : C:\Users\John\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\John\AppData\LocalLow\Bandoo
Folder Deleted : C:\Users\John\AppData\LocalLow\Codecv
Folder Deleted : C:\Users\John\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\John\AppData\LocalLow\DataMngr
Folder Deleted : C:\Users\John\AppData\LocalLow\searchquband
Folder Deleted : C:\Users\John\AppData\Roaming\Babylon
Folder Deleted : C:\Users\John\AppData\Roaming\Bandoo
Folder Deleted : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajhcekcffkpnaednoeoegnmnjdlnjjmg
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\John\AppData\Local\Temp\searchqutoolbar-manifest.xml

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ajhcekcffkpnaednoeoegnmnjdlnjjmg
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3101810
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6F43FA77-C18F-4D0C-9C7E-958876FE2061}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DF948646-8BF4-450E-A059-CF8A4E0FE2BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E96B49B0-E11F-48FC-984A-EEC29A4F57E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0214754E-4E7D-4589-829D-E2523E6A3085}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{65F159FB-5F5E-46F4-B45D-CCFA236D2073}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6087829B-114F-42A1-A72B-B4AEDCEA4E5B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Bandoo
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6001.18639

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\z0vogl7r.default\prefs.js ]

Line Deleted : user_pref("extensions.mywebsearch.prevDefaultEngine", "Google");
Line Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Line Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=21C43A4F-3334-4F7E-BFA0-7F97B1E7CC14&n=77fcb94d&ind=2013051213&p2=^9N^xdm094^S05583^us[...]
Line Deleted : user_pref("extensions.mywebsearch.prevSelectedEngine", "Google");
Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=21C43A4F-3334-4F7E-BFA0-7F97B1E7CC14&n=77fcb94d&p2=^9N^xdm094^S05583^us&si=CPyOnf2MkbcCFcNa4[...]
Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.hp.enabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.initialized", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.installation.contextKey", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.installation.installDate", "2013051213");
Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.installation.partnerId", "^9N^xdm094^S05583^us");
Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.installation.partnerSubId", "CPyOnf2MkbcCFcNa4AodpBwAKA");
Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.installation.success", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.installation.toolbarId", "21C43A4F-3334-4F7E-BFA0-7F97B1E7CC14");
Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.lastActivePing", "1368380115438");
Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.options.defaultSearch", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.options.homePageEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.options.keywordEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.options.tabEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.searchHistory", "Mothers day certificat");
Line Deleted : user_pref("extensions.toolbar.mindspark._12Members_.weather.location", "19901");
Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "myscrapnook@mindspark.com");
Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "myscrapnook@mindspark.com");

-\\ Google Chrome v36.0.1985.125

[ File : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Extension] : ajhcekcffkpnaednoeoegnmnjdlnjjmg

*************************

AdwCleaner[R0].txt - [13031 octets] - [21/07/2014 22:17:04]
AdwCleaner[S0].txt - [13094 octets] - [21/07/2014 22:20:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13155 octets] ##########
 

 

 

 

 

2. Malwarebytes log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/21/2014
Scan Time: 10:33:18 PM
Logfile: mbamscan.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.21.09
Rootkit Database: v2014.07.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 1
CPU: x86
File System: NTFS
User: John

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 263456
Time Elapsed: 10 min, 52 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.Conduit.A, C:\Users\John\AppData\Local\Temp\ct3101810, Quarantined, [2081c0e079028fa72701a203a55d1ae6],

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

 

 

 

3. junkware removal tool log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows Vista ™ Home Premium x86
Ran by John on Mon 07/21/2014 at 22:56:31.67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\John\Local Settings\Application Data\tempdir"



~~~ FireFox

Successfully deleted: [File] C:\user.js
Emptied folder: C:\Users\John\AppData\Roaming\mozilla\firefox\profiles\z0vogl7r.default\minidumps [27 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\John\appdata\local\Google\Chrome\User Data\Default\Extensions\ajhcekcffkpnaednoeoegnmnjdlnjjmg



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 07/21/2014 at 23:02:24.23
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

4. FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-07-2014
Ran by John (administrator) on JOHN-PC on 21-07-2014 23:05:40
Running from C:\Users\John\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 7
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink Corp.) C:\Program Files\HP\QuickPlay\QPService.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\WINDOWS\SMINST\BLService.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Eastman Kodak Company) C:\WINDOWS\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
(Conexant Systems, Inc.) C:\WINDOWS\System32\drivers\XAudio.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
(Microsoft Corporation) C:\WINDOWS\System32\mobsync.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
(Microsoft Corporation) C:\WINDOWS\System32\wbem\unsecapp.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation) C:\WINDOWS\System32\wuauclt.exe


==================== Registry (Whitelisted) ==================

HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-05-12] (Malwarebytes Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (No File)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
URLSearchHook: HKCU - (No Name) - {bb45ef8e-1e36-4535-a017-ec908fb1e335} -  No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {427D4576-43A0-4DC5-A47D-B4FEB3C56518} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psnb
SearchScopes: HKLM - {AE83A03E-F4BC-4D8E-8E26-29E14DEB4135} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
SearchScopes: HKCU - {427D4576-43A0-4DC5-A47D-B4FEB3C56518} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psnb
SearchScopes: HKCU - {AE83A03E-F4BC-4D8E-8E26-29E14DEB4135} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} ->  No File
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1

FireFox:
========
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\z0vogl7r.default
FF DefaultSearchEngine: Yahoo! (Avast)
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Yahoo! (Avast)
FF Homepage: https://www.yahoo.com?fr=hp-avast&type=avastbcl
FF Keyword.URL: https://search.yahoo.com/yhs/search
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.65.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\z0vogl7r.default\searchplugins\yahoo-avast.xml
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008-06-25]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-11-24]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-05-11]

Chrome:
=======
CHR HomePage:
CHR Extension: (Google Docs) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-18]
CHR Extension: (Google Drive) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-18]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-18]
CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-18]
CHR Extension: (Google Search) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-18]
CHR Extension: (avast! Online Security) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-07-18]
CHR Extension: (Google Wallet) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-18]
CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-18]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2007-09-01]

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2007-09-01] (AVAST Software)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-04-15] (Hewlett-Packard) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 Kodak AiO Network Discovery Service; C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe [284016 2009-08-05] (Eastman Kodak Company)
R2 Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [361808 2008-04-25] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2007-09-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2007-09-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55112 2007-09-01] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2007-09-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2007-09-01] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-07-18] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57800 2007-09-01] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2007-09-01] ()
S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2009-08-19] (Avanquest Software) [File not signed]
S3 HpqRemHid; C:\Windows\System32\DRIVERS\HpqRemHid.sys [7168 2007-07-11] (Hewlett-Packard Development Company, L.P.)
U0 lvrqm; C:\Windows\System32\drivers\xjtqe.sys [52440 2014-07-21] (Malwarebytes Corporation)
R3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2013-10-17] (TeamViewer GmbH)
U1 eabfiltr;
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-21 23:05 - 2014-07-21 23:05 - 00012095 _____ () C:\Users\John\Desktop\FRST.txt
2014-07-21 23:04 - 2014-07-21 16:53 - 01080320 _____ (Farbar) C:\Users\John\Desktop\FRST.exe
2014-07-21 23:02 - 2014-07-21 23:02 - 00001414 _____ () C:\Users\John\Desktop\JRT.txt
2014-07-21 22:56 - 2014-07-21 22:56 - 00000000 ____D () C:\Windows\ERUNT
2014-07-21 22:46 - 2014-07-21 22:46 - 00052440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\xjtqe.sys
2014-07-21 22:45 - 2014-07-21 22:45 - 00001065 _____ () C:\mbam scan.txt
2014-07-21 22:31 - 2014-07-21 22:33 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-21 22:30 - 2014-07-21 22:30 - 00000859 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-21 22:30 - 2014-07-21 22:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-21 22:30 - 2014-07-21 22:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-21 22:30 - 2014-07-21 22:30 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-21 22:30 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-21 22:30 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-21 22:30 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-21 22:25 - 2014-07-18 15:06 - 01016261 _____ (Thisisu) C:\Users\John\Desktop\JRT.exe
2014-07-21 22:17 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-07-21 22:16 - 2014-07-21 22:21 - 00000000 ____D () C:\AdwCleaner
2014-07-21 22:06 - 2014-07-18 14:44 - 01354223 _____ () C:\Users\John\Desktop\adwcleaner_3.216.exe
2014-07-21 17:20 - 2014-07-21 17:22 - 00000000 ____D () C:\Users\John\Documents\Special Utilities
2014-07-21 17:01 - 2014-07-21 23:05 - 00000000 ____D () C:\FRST
2014-07-18 22:06 - 2014-07-18 22:06 - 00000000 ____D () C:\Windows\system32\WindowsPowerShell
2014-07-18 18:10 - 2014-07-18 18:10 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-18 17:18 - 2010-08-12 11:46 - 00758784 _____ (NVIDIA Corporation) C:\Windows\system32\cohelper.dll
2014-07-18 17:16 - 2010-04-14 13:46 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\MSNP.ax
2014-07-18 17:16 - 2008-04-23 00:41 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\MSDvbNP.ax
2014-07-18 17:15 - 2010-04-14 13:47 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll
2014-07-18 17:15 - 2010-04-14 13:47 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax
2014-07-18 17:11 - 2014-07-18 17:14 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-18 17:08 - 2014-07-18 17:18 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-07-18 17:05 - 2009-10-09 17:56 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\winrs.exe
2014-07-18 17:05 - 2009-10-09 17:56 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\winrshost.exe
2014-07-18 17:05 - 2009-10-09 17:56 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2014-07-18 17:05 - 2009-10-09 17:56 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2014-07-18 17:05 - 2009-10-09 17:56 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\winrssrv.dll
2014-07-18 17:05 - 2009-10-09 17:56 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\winrsmgr.dll
2014-07-18 17:04 - 2009-10-09 17:56 - 01181696 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-07-18 17:04 - 2009-10-09 17:56 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-07-18 17:04 - 2009-10-09 17:56 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\winrscmd.dll
2014-07-18 17:04 - 2009-10-09 17:56 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-07-18 17:04 - 2009-10-09 17:56 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-07-18 17:04 - 2009-10-09 17:56 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\pwrshplugin.dll
2014-07-18 17:04 - 2009-10-09 17:55 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-07-18 17:04 - 2009-10-09 17:55 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\wecsvc.dll
2014-07-18 17:04 - 2009-10-09 17:55 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\wevtfwd.dll
2014-07-18 17:04 - 2009-10-09 17:55 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\wecutil.exe
2014-07-18 17:04 - 2009-10-09 17:55 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\wecapi.dll
2014-07-18 17:04 - 2009-10-09 17:55 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
2014-07-18 17:04 - 2009-08-01 02:27 - 00201184 _____ () C:\Windows\system32\winrm.vbs
2014-07-18 17:04 - 2009-07-16 13:30 - 00004675 _____ () C:\Windows\system32\wsmanconfig_schema.xml
2014-07-18 17:04 - 2009-07-16 13:30 - 00002426 _____ () C:\Windows\system32\WsmTxt.xsl
2014-07-18 17:01 - 2011-04-12 10:53 - 00890368 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-07-18 17:01 - 2011-03-03 10:56 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\Apphlpdm.dll
2014-07-18 17:01 - 2011-03-03 09:01 - 04240384 _____ (Microsoft) C:\Windows\system32\GameUXLegacyGDFs.dll
2014-07-18 17:01 - 2010-01-25 08:48 - 00472576 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-07-18 17:01 - 2010-01-25 08:48 - 00472064 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-07-18 17:01 - 2010-01-25 08:48 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-07-18 17:01 - 2010-01-25 08:48 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-07-18 17:01 - 2010-01-25 08:45 - 00329216 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-07-18 17:01 - 2010-01-25 04:35 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-07-18 17:01 - 2010-01-25 04:35 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-07-18 17:01 - 2010-01-25 04:34 - 00511488 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-07-18 17:01 - 2010-01-25 04:34 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-07-18 17:01 - 2009-10-23 13:42 - 00714240 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2014-07-18 17:01 - 2008-10-21 23:57 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceApi.dll
2014-07-18 17:01 - 2008-09-18 00:56 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2014-07-18 17:01 - 2008-09-18 00:56 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\wersvc.dll
2014-07-18 17:01 - 2008-08-27 23:40 - 00712704 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-07-18 17:01 - 2008-08-27 23:40 - 00425472 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll
2014-07-18 17:01 - 2008-08-27 23:40 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2014-07-18 17:01 - 2008-03-08 00:21 - 01695744 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2014-07-18 17:00 - 2008-10-21 01:25 - 01645568 _____ (Microsoft Corporation) C:\Windows\system32\connect.dll
2014-07-18 16:55 - 2009-09-10 11:21 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\unregmp2.exe
2014-07-18 16:47 - 2014-07-18 16:47 - 00001931 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-18 16:47 - 2014-07-18 16:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-18 15:13 - 2014-07-18 15:13 - 00000000 ____D () C:\Windows\Sun
2014-07-18 15:13 - 2014-07-18 15:13 - 00000000 ____D () C:\Users\John\AppData\Roaming\Oracle
2014-07-18 15:13 - 2014-07-18 15:13 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-18 15:12 - 2014-07-18 15:12 - 00000000 ____D () C:\ProgramData\Sun
2014-07-18 15:12 - 2014-07-18 15:12 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-07-18 15:12 - 2014-07-18 15:11 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-07-18 15:11 - 2014-07-18 15:11 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-07-18 15:11 - 2014-07-18 15:11 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-07-18 15:11 - 2014-07-18 15:11 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-07-18 14:29 - 2014-07-18 14:29 - 00000927 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-07-18 14:29 - 2014-07-18 14:29 - 00000915 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-07-18 14:29 - 2014-07-18 14:29 - 00000000 ____D () C:\Users\John\AppData\Roaming\TeamViewer
2014-07-18 14:28 - 2014-07-18 14:28 - 00000000 ____D () C:\Program Files\TeamViewer
2014-07-18 14:28 - 2013-10-17 11:32 - 00025088 _____ (TeamViewer GmbH) C:\Windows\system32\Drivers\teamviewervpn.sys
2014-07-18 14:26 - 2014-07-18 14:27 - 06226040 _____ (TeamViewer GmbH) C:\Users\John\Downloads\TeamViewer_Setup_en.exe
2014-07-18 02:40 - 2014-07-18 02:40 - 00000000 ____D () C:\Users\John\AppData\Roaming\VSRevoGroup

==================== One Month Modified Files and Folders =======

2014-07-21 23:06 - 2014-07-21 23:05 - 00012095 _____ () C:\Users\John\Desktop\FRST.txt
2014-07-21 23:05 - 2014-07-21 17:01 - 00000000 ____D () C:\FRST
2014-07-21 23:02 - 2014-07-21 23:02 - 00001414 _____ () C:\Users\John\Desktop\JRT.txt
2014-07-21 22:56 - 2014-07-21 22:56 - 00000000 ____D () C:\Windows\ERUNT
2014-07-21 22:55 - 2013-03-21 16:39 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-21 22:47 - 2010-11-21 20:04 - 00031776 _____ () C:\ProgramData\nvModes.001
2014-07-21 22:47 - 2010-11-21 20:03 - 00031776 _____ () C:\ProgramData\nvModes.dat
2014-07-21 22:46 - 2014-07-21 22:46 - 00052440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\xjtqe.sys
2014-07-21 22:46 - 2011-07-29 10:16 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-21 22:45 - 2014-07-21 22:45 - 00001065 _____ () C:\mbam scan.txt
2014-07-21 22:44 - 2008-06-25 01:39 - 00000000 ____D () C:\ProgramData\WildTangent
2014-07-21 22:33 - 2014-07-21 22:31 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-21 22:30 - 2014-07-21 22:30 - 00000859 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-21 22:30 - 2014-07-21 22:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-21 22:30 - 2014-07-21 22:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-21 22:30 - 2014-07-21 22:30 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-21 22:27 - 2010-11-21 19:55 - 01971084 _____ () C:\Windows\WindowsUpdate.log
2014-07-21 22:23 - 2013-05-11 20:45 - 00000000 ____D () C:\ProgramData\Kodak
2014-07-21 22:23 - 2011-07-29 10:16 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-21 22:23 - 2010-11-21 20:07 - 00000246 _____ () C:\Users\Public\Documents\hpqp.ini
2014-07-21 22:23 - 2006-11-02 09:01 - 00032580 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-21 22:23 - 2006-11-02 09:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-21 22:23 - 2006-11-02 08:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-21 22:23 - 2006-11-02 08:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-21 22:22 - 2008-01-20 22:47 - 00306334 _____ () C:\Windows\PFRO.log
2014-07-21 22:21 - 2014-07-21 22:16 - 00000000 ____D () C:\AdwCleaner
2014-07-21 17:22 - 2014-07-21 17:20 - 00000000 ____D () C:\Users\John\Documents\Special Utilities
2014-07-21 16:53 - 2014-07-21 23:04 - 01080320 _____ (Farbar) C:\Users\John\Desktop\FRST.exe
2014-07-20 12:52 - 2010-11-22 00:08 - 00007808 _____ () C:\Users\John\AppData\Local\d3d9caps.dat
2014-07-19 14:39 - 2013-03-21 16:33 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-19 01:31 - 2010-11-21 21:21 - 00000000 ___RD () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-18 22:58 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-07-18 22:26 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\rescache
2014-07-18 22:11 - 2010-11-21 23:55 - 00075440 _____ () C:\Users\John\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-18 22:11 - 2010-11-21 20:07 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-18 22:09 - 2006-11-02 08:47 - 00307288 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-18 22:06 - 2014-07-18 22:06 - 00000000 ____D () C:\Windows\system32\WindowsPowerShell
2014-07-18 22:06 - 2006-11-02 07:18 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-18 18:10 - 2014-07-18 18:10 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-18 17:18 - 2014-07-18 17:08 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-07-18 17:18 - 2010-11-21 21:21 - 00000000 ____D () C:\Users\John
2014-07-18 17:14 - 2014-07-18 17:11 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-18 16:47 - 2014-07-18 16:47 - 00001931 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-18 16:47 - 2014-07-18 16:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-18 16:46 - 2011-07-29 10:15 - 00000000 ____D () C:\Program Files\Google
2014-07-18 15:55 - 2013-03-21 16:39 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-18 15:55 - 2011-11-03 21:15 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-07-18 15:29 - 2011-05-11 22:53 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-18 15:24 - 2013-03-21 16:33 - 00000834 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-18 15:24 - 2013-03-21 16:33 - 00000834 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-18 15:13 - 2014-07-18 15:13 - 00000000 ____D () C:\Windows\Sun
2014-07-18 15:13 - 2014-07-18 15:13 - 00000000 ____D () C:\Users\John\AppData\Roaming\Oracle
2014-07-18 15:13 - 2014-07-18 15:13 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-18 15:12 - 2014-07-18 15:12 - 00000000 ____D () C:\ProgramData\Sun
2014-07-18 15:12 - 2014-07-18 15:12 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-07-18 15:11 - 2014-07-18 15:12 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-07-18 15:11 - 2014-07-18 15:11 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-07-18 15:11 - 2014-07-18 15:11 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-07-18 15:11 - 2014-07-18 15:11 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-07-18 15:11 - 2008-06-25 03:03 - 00000000 ____D () C:\Program Files\Java
2014-07-18 15:06 - 2014-07-21 22:25 - 01016261 _____ (Thisisu) C:\Users\John\Desktop\JRT.exe
2014-07-18 14:44 - 2014-07-21 22:06 - 01354223 _____ () C:\Users\John\Desktop\adwcleaner_3.216.exe
2014-07-18 14:29 - 2014-07-18 14:29 - 00000927 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-07-18 14:29 - 2014-07-18 14:29 - 00000915 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-07-18 14:29 - 2014-07-18 14:29 - 00000000 ____D () C:\Users\John\AppData\Roaming\TeamViewer
2014-07-18 14:28 - 2014-07-18 14:28 - 00000000 ____D () C:\Program Files\TeamViewer
2014-07-18 14:27 - 2014-07-18 14:26 - 06226040 _____ (TeamViewer GmbH) C:\Users\John\Downloads\TeamViewer_Setup_en.exe
2014-07-18 02:48 - 2006-11-02 08:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-07-18 02:40 - 2014-07-18 02:40 - 00000000 ____D () C:\Users\John\AppData\Roaming\VSRevoGroup
2014-06-26 17:38 - 2006-11-02 06:24 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

Some content of TEMP:
====================
C:\Users\John\AppData\Local\Temp\AskSLib.dll
C:\Users\John\AppData\Local\Temp\Quarantine.exe
C:\Users\John\AppData\Local\Temp\tbSomo.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-21 22:29

==================== End Of Log ============================



#6 jdesunshine

jdesunshine
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:20 AM

Posted 21 July 2014 - 10:58 PM

Also, I resolved the touchpad issue. For some reason "tapping" was turned off... not any more :thumbsup2:



#7 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,044 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:20 PM

Posted 22 July 2014 - 06:46 AM

Step 1: FRST Fix
  • Please download the attached fixlist.txt file and save it to the same location as FRST

    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Step 2: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Step 3: ESET

Please run a free online scan with the ESET Online Scanner:

IMPORTANT: You MUST use Internet Explorer for this step!
  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.
Step 4: Question

How is your PC running?

Attached Files


~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#8 jdesunshine

jdesunshine
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:20 AM

Posted 22 July 2014 - 12:08 PM

I've followed the steps you outlined, but Internet Explorer is not working so I can't run ESET on IE. I have screenshots of the error message from IE, but I can't figure out how to attach the file. I also clicked on "find solution..." and it automatically closed IE. I opened it again and the same error occurs so I'm not sure what to do next. The error message "Internet Explorer has stopped working"; options are "check online for a solution and close the program" or "close the program". Under details, it shows the following information:

problem event name: appcrash

application name: iexplorer.exe

application version: 7.0.6001.18639

application timestamp: 4db02c95

fault module name: MSVCR110.dll

fault module version: 11.0.51106.1

fault module timestamp: 5098858e

exception code: c0000005

exception offset: 0000e561

OS version: 6.0.6001.2.1.0.786.3

locale ID: 1033

additional information 1: 78cc

additional information 2: d1619530a7b68ebcc665b229ca64abbf

additional information 3: e126

additional information 4: 4d45239e5ab59e84f74f4237b66548d1

followed by the privacy statement

 

 

Try #3 (didn't do anything with info from try #2)

problem event name: appcrash

application name: iexplorer.exe

application version: 7.0.6001.18639

application timestamp: 4db02c95

fault module name: ntdll.dll

fault module version: 6.0.6001.18539

fault module timestamp: 4cb733dc

exception code: c0000005

exception offset: 00059dcf

OS version: 6.0.6001.2.1.0.786.3

locale ID: 1033

additional information 1: 76e3

additional information 2: d565a747d5cea2fda07b22d27fee0eb5

additional information 3: db46

additional information 4: 8ab662e686bac84c819a5d5e341b953f

followed by the privacy statement

 

Clicked on "check online for a solution and close the program" and it opened the Problem Reports and Solutions window with the following information:

Download updates for Windows

There was a problem with Windows that caused it to stop working correctly.

Your computer might be missing updates that can help improve its stability and security.

Open Windows Update to check for and install Important and Recommended updates.

  1. windows_update16.pngwhite_gradient.pngWindows Update

  2. In the left pane, click Check for updates. If any updates are found, click View available updates.

  3. Select all Important updates, and then click Install. SecurityBadge_16x16.gif If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

    Note
    If you have turned on automatic updating, you might not see any Important updates listed. If this is the case, the updates have already been downloaded to your computer.

------------------ there is 1 update to be downloaded which will take the system to Vista SP2. Should I apply the update and retry to open IE so the ESET scan can be ran?

 

 

 

 

 

 

 

 

Here's the logs from the other scans.

 

Step 1: FRST Fixlog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:21-07-2014
Ran by John at 2014-07-22 11:59:59 Run:1
Running from C:\Users\John\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (No File)
URLSearchHook: HKCU - (No Name) - {bb45ef8e-1e36-4535-a017-ec908fb1e335} -  No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {427D4576-43A0-4DC5-A47D-B4FEB3C56518} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psnb
SearchScopes: HKLM - {AE83A03E-F4BC-4D8E-8E26-29E14DEB4135} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
SearchScopes: HKCU - {427D4576-43A0-4DC5-A47D-B4FEB3C56518} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psnb
SearchScopes: HKCU - {AE83A03E-F4BC-4D8E-8E26-29E14DEB4135} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
BHO: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} ->  No File
FF DefaultSearchEngine: Yahoo! (Avast)
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Yahoo! (Avast)
FF Homepage: https://www.yahoo.com?fr=hp-avast&type=avastbcl
FF Keyword.URL: https://search.yahoo.com/yhs/search
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
C:\Users\John\AppData\Local\Temp\AskSLib.dll
C:\Users\John\AppData\Local\Temp\Quarantine.exe
C:\Users\John\AppData\Local\Temp\tbSomo.dll
*****************

C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe not found.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{bb45ef8e-1e36-4535-a017-ec908fb1e335} => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{427D4576-43A0-4DC5-A47D-B4FEB3C56518}' => Key deleted successfully.
'HKCR\CLSID\{427D4576-43A0-4DC5-A47D-B4FEB3C56518}'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AE83A03E-F4BC-4D8E-8E26-29E14DEB4135}' => Key deleted successfully.
'HKCR\CLSID\{AE83A03E-F4BC-4D8E-8E26-29E14DEB4135}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{427D4576-43A0-4DC5-A47D-B4FEB3C56518}' => Key deleted successfully.
'HKCR\CLSID\{427D4576-43A0-4DC5-A47D-B4FEB3C56518}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AE83A03E-F4BC-4D8E-8E26-29E14DEB4135}' => Key deleted successfully.
'HKCR\CLSID\{AE83A03E-F4BC-4D8E-8E26-29E14DEB4135}'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}' => Key deleted successfully.
'HKCR\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}'=> Key not found.
Firefox DefaultSearchEngine deleted successfully.
Firefox SearchEngineOrder.1 deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox homepage deleted successfully.
Firefox Keyword.URL deleted successfully.
'HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin' => Key deleted successfully.
C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll not found.
C:\Users\John\AppData\Local\Temp\AskSLib.dll => Moved successfully.
C:\Users\John\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\John\AppData\Local\Temp\tbSomo.dll => Moved successfully.

==== End of Fixlog ====

 

 

 

Step 2: FRST Scan frst.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-07-2014
Ran by John (administrator) on JOHN-PC on 22-07-2014 12:03:24
Running from C:\Users\John\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 7
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink Corp.) C:\Program Files\HP\QuickPlay\QPService.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\WINDOWS\SMINST\BLService.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Eastman Kodak Company) C:\WINDOWS\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
(Conexant Systems, Inc.) C:\WINDOWS\System32\drivers\XAudio.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
(Microsoft Corporation) C:\WINDOWS\System32\wbem\unsecapp.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation) C:\WINDOWS\System32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-05-12] (Malwarebytes Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (No File)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1

FireFox:
========
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\z0vogl7r.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.65.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\z0vogl7r.default\searchplugins\yahoo-avast.xml
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008-06-25]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-11-24]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-05-11]

Chrome:
=======
CHR HomePage:
CHR Extension: (Google Docs) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-18]
CHR Extension: (Google Drive) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-18]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-18]
CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-18]
CHR Extension: (Google Search) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-18]
CHR Extension: (avast! Online Security) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-07-18]
CHR Extension: (Google Wallet) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-18]
CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-18]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2007-09-01]

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2007-09-01] (AVAST Software)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-04-15] (Hewlett-Packard) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 Kodak AiO Network Discovery Service; C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe [284016 2009-08-05] (Eastman Kodak Company)
R2 Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [361808 2008-04-25] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2007-09-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2007-09-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55112 2007-09-01] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2007-09-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2007-09-01] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-07-18] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57800 2007-09-01] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2007-09-01] ()
S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2009-08-19] (Avanquest Software) [File not signed]
S3 HpqRemHid; C:\Windows\System32\DRIVERS\HpqRemHid.sys [7168 2007-07-11] (Hewlett-Packard Development Company, L.P.)
U0 lvrqm; C:\Windows\System32\drivers\xjtqe.sys [52440 2014-07-21] (Malwarebytes Corporation)
R3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2013-10-17] (TeamViewer GmbH)
U1 eabfiltr;
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-21 23:25 - 2014-07-21 23:25 - 00001152 _____ () C:\mbamscan.txt
2014-07-21 23:04 - 2014-07-21 16:53 - 01080320 _____ (Farbar) C:\Users\John\Desktop\FRST.exe
2014-07-21 22:56 - 2014-07-21 22:56 - 00000000 ____D () C:\Windows\ERUNT
2014-07-21 22:46 - 2014-07-21 22:46 - 00052440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\xjtqe.sys
2014-07-21 22:45 - 2014-07-21 22:45 - 00001065 _____ () C:\mbam scan.txt
2014-07-21 22:31 - 2014-07-21 23:24 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-21 22:30 - 2014-07-21 22:30 - 00000859 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-21 22:30 - 2014-07-21 22:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-21 22:30 - 2014-07-21 22:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-21 22:30 - 2014-07-21 22:30 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-21 22:30 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-21 22:30 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-21 22:30 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-21 22:17 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-07-21 22:16 - 2014-07-21 22:21 - 00000000 ____D () C:\AdwCleaner
2014-07-21 17:20 - 2014-07-22 11:54 - 00000000 ____D () C:\Users\John\Documents\Special Utilities
2014-07-21 17:03 - 2014-07-22 12:03 - 00011025 _____ () C:\Users\John\Desktop\FRST.txt
2014-07-21 17:01 - 2014-07-22 12:03 - 00000000 ____D () C:\FRST
2014-07-18 22:06 - 2014-07-18 22:06 - 00000000 ____D () C:\Windows\system32\WindowsPowerShell
2014-07-18 18:10 - 2014-07-18 18:10 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-18 17:18 - 2010-08-12 11:46 - 00758784 _____ (NVIDIA Corporation) C:\Windows\system32\cohelper.dll
2014-07-18 17:16 - 2010-04-14 13:46 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\MSNP.ax
2014-07-18 17:16 - 2008-04-23 00:41 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\MSDvbNP.ax
2014-07-18 17:15 - 2010-04-14 13:47 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll
2014-07-18 17:15 - 2010-04-14 13:47 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax
2014-07-18 17:11 - 2014-07-18 17:14 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-18 17:08 - 2014-07-18 17:18 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-07-18 17:05 - 2009-10-09 17:56 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\winrs.exe
2014-07-18 17:05 - 2009-10-09 17:56 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\winrshost.exe
2014-07-18 17:05 - 2009-10-09 17:56 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2014-07-18 17:05 - 2009-10-09 17:56 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2014-07-18 17:05 - 2009-10-09 17:56 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\winrssrv.dll
2014-07-18 17:05 - 2009-10-09 17:56 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\winrsmgr.dll
2014-07-18 17:04 - 2009-10-09 17:56 - 01181696 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-07-18 17:04 - 2009-10-09 17:56 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-07-18 17:04 - 2009-10-09 17:56 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\winrscmd.dll
2014-07-18 17:04 - 2009-10-09 17:56 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-07-18 17:04 - 2009-10-09 17:56 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-07-18 17:04 - 2009-10-09 17:56 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\pwrshplugin.dll
2014-07-18 17:04 - 2009-10-09 17:55 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-07-18 17:04 - 2009-10-09 17:55 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\wecsvc.dll
2014-07-18 17:04 - 2009-10-09 17:55 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\wevtfwd.dll
2014-07-18 17:04 - 2009-10-09 17:55 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\wecutil.exe
2014-07-18 17:04 - 2009-10-09 17:55 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\wecapi.dll
2014-07-18 17:04 - 2009-10-09 17:55 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
2014-07-18 17:04 - 2009-08-01 02:27 - 00201184 _____ () C:\Windows\system32\winrm.vbs
2014-07-18 17:04 - 2009-07-16 13:30 - 00004675 _____ () C:\Windows\system32\wsmanconfig_schema.xml
2014-07-18 17:04 - 2009-07-16 13:30 - 00002426 _____ () C:\Windows\system32\WsmTxt.xsl
2014-07-18 17:01 - 2011-04-12 10:53 - 00890368 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-07-18 17:01 - 2011-03-03 10:56 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\Apphlpdm.dll
2014-07-18 17:01 - 2011-03-03 09:01 - 04240384 _____ (Microsoft) C:\Windows\system32\GameUXLegacyGDFs.dll
2014-07-18 17:01 - 2010-01-25 08:48 - 00472576 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-07-18 17:01 - 2010-01-25 08:48 - 00472064 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-07-18 17:01 - 2010-01-25 08:48 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-07-18 17:01 - 2010-01-25 08:48 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-07-18 17:01 - 2010-01-25 08:45 - 00329216 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-07-18 17:01 - 2010-01-25 04:35 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-07-18 17:01 - 2010-01-25 04:35 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-07-18 17:01 - 2010-01-25 04:34 - 00511488 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-07-18 17:01 - 2010-01-25 04:34 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-07-18 17:01 - 2009-10-23 13:42 - 00714240 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2014-07-18 17:01 - 2008-10-21 23:57 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceApi.dll
2014-07-18 17:01 - 2008-09-18 00:56 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2014-07-18 17:01 - 2008-09-18 00:56 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\wersvc.dll
2014-07-18 17:01 - 2008-08-27 23:40 - 00712704 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-07-18 17:01 - 2008-08-27 23:40 - 00425472 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll
2014-07-18 17:01 - 2008-08-27 23:40 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2014-07-18 17:01 - 2008-03-08 00:21 - 01695744 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2014-07-18 17:00 - 2008-10-21 01:25 - 01645568 _____ (Microsoft Corporation) C:\Windows\system32\connect.dll
2014-07-18 16:55 - 2009-09-10 11:21 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\unregmp2.exe
2014-07-18 16:47 - 2014-07-18 16:47 - 00001931 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-18 16:47 - 2014-07-18 16:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-18 15:13 - 2014-07-18 15:13 - 00000000 ____D () C:\Windows\Sun
2014-07-18 15:13 - 2014-07-18 15:13 - 00000000 ____D () C:\Users\John\AppData\Roaming\Oracle
2014-07-18 15:13 - 2014-07-18 15:13 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-18 15:12 - 2014-07-18 15:12 - 00000000 ____D () C:\ProgramData\Sun
2014-07-18 15:12 - 2014-07-18 15:12 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-07-18 15:12 - 2014-07-18 15:11 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-07-18 15:11 - 2014-07-18 15:11 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-07-18 15:11 - 2014-07-18 15:11 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-07-18 15:11 - 2014-07-18 15:11 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-07-18 14:29 - 2014-07-18 14:29 - 00000927 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-07-18 14:29 - 2014-07-18 14:29 - 00000915 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-07-18 14:29 - 2014-07-18 14:29 - 00000000 ____D () C:\Users\John\AppData\Roaming\TeamViewer
2014-07-18 14:28 - 2014-07-18 14:28 - 00000000 ____D () C:\Program Files\TeamViewer
2014-07-18 14:28 - 2013-10-17 11:32 - 00025088 _____ (TeamViewer GmbH) C:\Windows\system32\Drivers\teamviewervpn.sys
2014-07-18 02:40 - 2014-07-18 02:40 - 00000000 ____D () C:\Users\John\AppData\Roaming\VSRevoGroup

==================== One Month Modified Files and Folders =======

2014-07-22 12:03 - 2014-07-21 17:03 - 00011025 _____ () C:\Users\John\Desktop\FRST.txt
2014-07-22 12:03 - 2014-07-21 17:01 - 00000000 ____D () C:\FRST
2014-07-22 11:55 - 2013-03-21 16:39 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-22 11:54 - 2014-07-21 17:20 - 00000000 ____D () C:\Users\John\Documents\Special Utilities
2014-07-22 11:46 - 2011-07-29 10:16 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-22 11:43 - 2010-11-21 20:04 - 00031776 _____ () C:\ProgramData\nvModes.001
2014-07-22 11:43 - 2010-11-21 20:03 - 00031776 _____ () C:\ProgramData\nvModes.dat
2014-07-22 11:43 - 2010-11-21 19:55 - 01971553 _____ () C:\Windows\WindowsUpdate.log
2014-07-22 11:43 - 2006-11-02 08:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-22 11:43 - 2006-11-02 08:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-22 00:46 - 2011-07-29 10:16 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-21 23:25 - 2014-07-21 23:25 - 00001152 _____ () C:\mbamscan.txt
2014-07-21 23:24 - 2014-07-21 22:31 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-21 22:56 - 2014-07-21 22:56 - 00000000 ____D () C:\Windows\ERUNT
2014-07-21 22:46 - 2014-07-21 22:46 - 00052440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\xjtqe.sys
2014-07-21 22:45 - 2014-07-21 22:45 - 00001065 _____ () C:\mbam scan.txt
2014-07-21 22:44 - 2008-06-25 01:39 - 00000000 ____D () C:\ProgramData\WildTangent
2014-07-21 22:30 - 2014-07-21 22:30 - 00000859 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-21 22:30 - 2014-07-21 22:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-21 22:30 - 2014-07-21 22:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-21 22:30 - 2014-07-21 22:30 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-21 22:23 - 2013-05-11 20:45 - 00000000 ____D () C:\ProgramData\Kodak
2014-07-21 22:23 - 2010-11-21 20:07 - 00000246 _____ () C:\Users\Public\Documents\hpqp.ini
2014-07-21 22:23 - 2006-11-02 09:01 - 00032580 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-21 22:23 - 2006-11-02 09:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-21 22:22 - 2008-01-20 22:47 - 00306334 _____ () C:\Windows\PFRO.log
2014-07-21 22:21 - 2014-07-21 22:16 - 00000000 ____D () C:\AdwCleaner
2014-07-21 16:53 - 2014-07-21 23:04 - 01080320 _____ (Farbar) C:\Users\John\Desktop\FRST.exe
2014-07-20 12:52 - 2010-11-22 00:08 - 00007808 _____ () C:\Users\John\AppData\Local\d3d9caps.dat
2014-07-19 14:39 - 2013-03-21 16:33 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-19 01:31 - 2010-11-21 21:21 - 00000000 ___RD () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-18 22:58 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-07-18 22:26 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\rescache
2014-07-18 22:11 - 2010-11-21 23:55 - 00075440 _____ () C:\Users\John\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-18 22:11 - 2010-11-21 20:07 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-18 22:09 - 2006-11-02 08:47 - 00307288 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-18 22:06 - 2014-07-18 22:06 - 00000000 ____D () C:\Windows\system32\WindowsPowerShell
2014-07-18 22:06 - 2006-11-02 07:18 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-18 18:10 - 2014-07-18 18:10 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-18 17:18 - 2014-07-18 17:08 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-07-18 17:18 - 2010-11-21 21:21 - 00000000 ____D () C:\Users\John
2014-07-18 17:14 - 2014-07-18 17:11 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-18 16:47 - 2014-07-18 16:47 - 00001931 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-18 16:47 - 2014-07-18 16:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-18 16:46 - 2011-07-29 10:15 - 00000000 ____D () C:\Program Files\Google
2014-07-18 15:55 - 2013-03-21 16:39 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-18 15:55 - 2011-11-03 21:15 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-07-18 15:29 - 2011-05-11 22:53 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-18 15:24 - 2013-03-21 16:33 - 00000834 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-18 15:24 - 2013-03-21 16:33 - 00000834 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-18 15:13 - 2014-07-18 15:13 - 00000000 ____D () C:\Windows\Sun
2014-07-18 15:13 - 2014-07-18 15:13 - 00000000 ____D () C:\Users\John\AppData\Roaming\Oracle
2014-07-18 15:13 - 2014-07-18 15:13 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-18 15:12 - 2014-07-18 15:12 - 00000000 ____D () C:\ProgramData\Sun
2014-07-18 15:12 - 2014-07-18 15:12 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-07-18 15:11 - 2014-07-18 15:12 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-07-18 15:11 - 2014-07-18 15:11 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-07-18 15:11 - 2014-07-18 15:11 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-07-18 15:11 - 2014-07-18 15:11 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-07-18 15:11 - 2008-06-25 03:03 - 00000000 ____D () C:\Program Files\Java
2014-07-18 14:29 - 2014-07-18 14:29 - 00000927 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-07-18 14:29 - 2014-07-18 14:29 - 00000915 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-07-18 14:29 - 2014-07-18 14:29 - 00000000 ____D () C:\Users\John\AppData\Roaming\TeamViewer
2014-07-18 14:28 - 2014-07-18 14:28 - 00000000 ____D () C:\Program Files\TeamViewer
2014-07-18 02:48 - 2006-11-02 08:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-07-18 02:40 - 2014-07-18 02:40 - 00000000 ____D () C:\Users\John\AppData\Roaming\VSRevoGroup
2014-06-26 17:38 - 2006-11-02 06:24 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-21 22:29

==================== End Of Log ============================



#9 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,044 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:20 PM

Posted 22 July 2014 - 12:28 PM

SFC Scan
  • Click on the Start Start%20Orb.jpg button and in the search box, type Command Prompt
  • When you see Command Prompt on the list, right-click on it and select Run as administrator
  • When command prompt opens, copy and paste the following commands into it, press enter after each

    sfc /scannow
Export CBS folder
  • Click the Start button StartButton_16x16.gif then click Computer.
  • Double-click on the C: drive, under the Hard Disk Drives category, and then scroll down to, and double click on the Windows folder.
  • Find and double click on the Logs folder.
  • Right-click on the CBS folder, and select Copy.
  • Go back to your Desktop, right-click on it, and select Paste. You should now see a copy of the CBS folder appear on your Desktop called CBS.
  • Right-click on this new folder, and navigate through Send to, and select Compressed (zipped) folder.
  • A new file, also called CBS (CBS.zip), but this time with a different icon, will be created.
  • Attach this to your next post please. If it is too big, please use an alternative uploading method then send me the link (Dropbox, SkyDrive, SendSpace etc.).

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#10 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,044 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:20 PM

Posted 24 July 2014 - 11:53 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#11 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,044 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:20 PM

Posted 25 July 2014 - 02:52 PM

User returned.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#12 jdesunshine

jdesunshine
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:20 AM

Posted 26 July 2014 - 01:11 AM

Here's the link to the cbs.zip file: https://www.dropbox.com/s/nawb1omeht4hgv6/CBS.zip.  Let me know if you have problems accessing the file. Thanks in advance.



#13 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,044 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:20 PM

Posted 26 July 2014 - 04:33 AM

Run the System Update Readiness Tool (SURT)
  • Download the System Update Readiness Tool from Microsoft --> here <-- Please save the tool to a convenient location as it may be necessary to run it again.
  • After the download has completed, double-click the file and wait while it initializes.
  • Click Yes to begin installation. Please note it may take some time to complete and may appear to stall whilst installing. Don't worry, this is perfectly normal behaviour. Also note, whilst I say "installing", it's actually running the tool and can therefore be "installed" (run) repeatedly.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#14 jdesunshine

jdesunshine
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:20 AM

Posted 28 July 2014 - 09:23 PM

I have a question about the SURT. The link takes me to a page that has "applies to Windows 7", even though there are links to several OS. Just want to clarify that it's a VIsta laptop, so as long as I click/download the one for Vista, it should be alright. The reference to Win7 is what confused me a little.



#15 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,044 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:20 PM

Posted 29 July 2014 - 05:54 AM

Yes, please click on the download link for your OS.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users