Jump to content

jardinger

Members
  • Posts

    14
  • Joined

  • Last visited

Everything posted by jardinger

  1. thanks....yea i know restore points taking care of that now. i was not sure if using one when infected would work or not , why i didn't. ill run ccleaner after and malwarebytes again too. i play some games that use java so i keep it on but yes unsafe. i actually tell everyone who asks me for help on what for me is simple stuff to get malwarebytes, if i am at the pc i will just go ahead and install it and show them what to do with it. i am guessing that simple for me is preschool for you. i do appreciate your help.
  2. thankyou again for your help. I was a bad girl and was aptly punished.
  3. just did ,. i don't use it often . i saw out of date and just updated it directly with adobe website. chrome is no longer popping up second window , nor getting home page jacked. firefox had an update so i am running that now and will check but getting to the mozilla page was fine no second window , home page loaded properly. opera and safari were never affected. Fairly sure i know where i picked it up......yea you do too i'm sure. i'm using avg on laptop, my tablet i put sophos. i've thought of getting kapersky but avg is free and i always thought worked well. do you have suggestion on a more effective anti virus and or firewall ?
  4. Results of screen317's Security Check version 0.99.72 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! AVG AntiVirus Free Edition 2013 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 6 Update 39 Java 7 Update 25 Adobe Flash Player 11.8.800.94 Adobe Reader 10.1.7 Adobe Reader out of Date! Mozilla Firefox (23.0.1) Google Chrome 28.0.1500.72 Google Chrome 28.0.1500.95 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe AVG avgwdsvc.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 6% ````````````````````End of Log``````````````````````
  5. Malwarebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Database version: v2013.08.21.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16660 jeanne :: JEANNE-HP [administrator] Protection: Enabled 8/21/2013 9:07:55 PM mbam-log-2013-08-21 (21-07-55).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 223231 Time elapsed: 6 minute(s), 57 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  6. security check log ? i posted all the ones that popped up after running what you asked. i am id say intermediate. i can help most people with what i know , but when i get screwed up it is royally screwed up. i am not familiar with most of the software i have been using last 24 hrs, so i have a learning curve. tired as heck too so little slow on the uptake today. when i ran quick scan with MBAM it still found 1 instance of PUP so i saved the log posted above then chose to clean it and restart. ill run quick scan now to see what it finds. I do appreciate your assistance. I know with some infections even re installing os wont clean it , so I really do thank you.
  7. Malwarebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Database version: v2013.08.21.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16660 jeanne :: JEANNE-HP [administrator] Protection: Enabled 8/21/2013 8:45:09 PM MBAM-log-2013-08-21 (20-54-28).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 223521 Time elapsed: 8 minute(s), Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Users\jeanne\AppData\Local\Temp\ICReinstall_setup.exe (PUP.Optional.InstallCore) -> No action taken. (end)
  8. # AdwCleaner v3.000 - Report created 21/08/2013 at 20:40:09 # Updated 20/08/2013 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : jeanne - JEANNE-HP # Running from : C:\Users\jeanne\Downloads\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\AVG Secure Search Folder Deleted : C:\ProgramData\InstallMate Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16660 -\\ Mozilla Firefox v23.0.1 (en-US) [ File : C:\Users\jeanne\AppData\Roaming\Mozilla\Firefox\Profiles\kfl0cu6i.default\prefs.js ] Line Deleted : user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.com|google\\.\\w+|yahoo\\.\\w+|gmail\\.\\w+|hotmail\\.\\w+|live\\.\\w+|isearch\\.avg\\.com|mysearch\\.avg\\.com"); Line Deleted : user_pref("extensions.plugin@getwebcake.com.install-event-fired", true); Line Deleted : user_pref("extensions.toolbar_ATU4-V7@apn.ask.com.install-event-fired", true); -\\ Google Chrome v [ File : C:\Users\jeanne\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [1422 octets] - [21/08/2013 20:37:39] AdwCleaner[s0].txt - [1361 octets] - [21/08/2013 20:40:09] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1421 octets] ##########
  9. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.5.2 (08.20.2013:1) OS: Windows 7 Home Premium x64 Ran by jeanne on Wed 08/21/2013 at 20:21:55.10 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-555411451-2527714722-2404825438-1000\Software\Microsoft\Internet Explorer\Main\\Start Page ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ FireFox Emptied folder: C:\Users\jeanne\AppData\Roaming\mozilla\firefox\profiles\kfl0cu6i.default\minidumps [1 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Wed 08/21/2013 at 20:31:17.50 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  10. think i am good now sorry about posting to other page i did not intend to jack page. i am new to bleeping and i should have taken time to look how to start a new thread. here are results from scans. i ran the rootkit software and malwarebytes twice as well as mbar etc as indicated on previous results posted. the browsers no longer open up second/third windows to adware sites. my home pages are normal. if you see anything abnormal below please advise what i should do next. to my intermediate knowledge i seem ok now. thankyou for posting the help on steps to help remove pup****** that was in my initial malwarebytes scan 653 times. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-08-2013Ran by jeanne (administrator) on 20-08-2013 22:12:55Running from C:\Users\jeanne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NRZ7SRIRWindows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 10Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe(GorMedia, Inc.) C:\Windows\syswow64\MxKsPumper.exe() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe(Microsoft Corporation) C:\Windows\System32\StikyNot.exe() C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe(Dropbox, Inc.) C:\Users\jeanne\AppData\Roaming\Dropbox\bin\Dropbox.exe(Google Inc.) C:\Users\jeanne\AppData\Local\Google\Update\1.3.21.153\GoogleCrashHandler.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe(Google Inc.) C:\Users\jeanne\AppData\Local\Google\Update\1.3.21.153\GoogleCrashHandler64.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(RPA Technology) C:\Program Files (x86)\Air Mouse\Air Mouse\Mobile Mouse Service.exe(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe(Google Inc.) C:\Users\jeanne\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\jeanne\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\jeanne\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\jeanne\AppData\Local\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7466600 2011-09-15] (Realtek Semiconductor)HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-21] (Hewlett-Packard Company)HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)HKCU\...\Run: [iFunBoxConnector] - C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe [812544 2013-02-01] ()HKCU\...\Run: [Google Update] - C:\Users\jeanne\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-02-01] (Google Inc.)HKCU\...\Run: [bitTorrent] - C:\Users\jeanne\AppData\Roaming\BitTorrent\BitTorrent.exe [1126488 2013-08-08] (BitTorrent Inc.)HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2011-01-27] (Hewlett-Packard Development Company, L.P.)HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [574008 2011-07-11] (Hewlett-Packard Development Company, L.P.)HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411440 2013-07-01] (AVG Technologies CZ, s.r.o.)HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-07-01] (RealNetworks, Inc.)HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Air Mouse.lnkShortcutTarget: Air Mouse.lnk -> C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe ()Startup: C:\Users\jeanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Users\jeanne\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo....&type=714647&p={searchTerms}CHR DefaultSuggestURL: (Yahoo!) - http://ff.search.yah...fxjson&command={searchTerms}CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crxCHR HKLM-x32\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\Users\jeanne\AppData\Local\Temp\ccex.crxCHR Plugin: (Java™ Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)CHR RestoreOnStartup: "http://search.yahoo....r=spigot-yhp-ieHKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://search.yahoo....&type=714647&p={searchTerms} ==> The Chrome "Settings" can be used to fix the entry.CHR DefaultSuggestURL: (Yahoo!) - http://ff.search.yah...fxjson&command={searchTerms} ==> The Chrome "Settings" can be used to fix the entry.HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl => Key deleted successfully.C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx => Moved successfully.HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mhfdcmehmjcclgopdodkjdicohagipid => Key deleted successfully."C:\Users\jeanne\AppData\Local\Temp\ccex.crx" => File/Directory not found.C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => Moved successfully.CHR RestoreOnStartup: "https://www.facebook.com/" ==> The Chrome "Settings" can be used to fix the entry.C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} => Moved successfully.C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} => Moved successfully.C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} => Moved successfully.C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} => Moved successfully.C:\Users\jeanne\AppData\Roaming\Mozilla\Firefox\Profiles\kfl0cu6i.default\Extensions\toolbar_ATU4-V7@apn.ask.com.xpi => Moved successfully.HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2 => Key deleted successfully.C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll not found.HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0 => Key deleted successfully.C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll => Moved successfully.HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\BitTorrent => Value deleted successfully.HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\iFunBoxConnector => Value deleted successfully.HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value deleted successfully.HKCU\Software\Microsoft\Internet Explorer\Main\\HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = => Value not found.HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value deleted successfully.HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully.HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key deleted successfully.HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key not found.HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} => Key deleted successfully.HKCR\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} => Key not found.HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key deleted successfully.HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key not found.HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} => Key deleted successfully.HKCR\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} => Key not found.HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key deleted successfully.HKCR\Wow6432Node\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key not found.HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} => Value deleted successfully.HKCR\Wow6432Node\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} => Key deleted successfully.HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\\{1392b8d2-5c05-419f-a8f6-b9f15a596612} => Value deleted successfully.HKCR\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612} => Key not found.HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} => Value deleted successfully.HKCR\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} => Key not found. ==== End of Fixlog ====
  11. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-08-2013 03 Ran by jeanne (administrator) on 20-08-2013 09:01:29 Running from C:\Users\jeanne\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (GorMedia, Inc.) C:\Windows\syswow64\MxKsPumper.exe () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Windows\System32\StikyNot.exe () C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe (BitTorrent Inc.) C:\Users\jeanne\AppData\Roaming\BitTorrent\BitTorrent.exe () C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Dropbox, Inc.) C:\Users\jeanne\AppData\Roaming\Dropbox\bin\Dropbox.exe (Google Inc.) C:\Users\jeanne\AppData\Local\Google\Update\1.3.21.153\GoogleCrashHandler.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Google Inc.) C:\Users\jeanne\AppData\Local\Google\Update\1.3.21.153\GoogleCrashHandler64.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Google Inc.) C:\Users\jeanne\AppData\Local\Google\Chrome\Application\chrome.exe (RPA Technology) C:\Program Files (x86)\Air Mouse\Air Mouse\Mobile Mouse Service.exe (Google Inc.) C:\Users\jeanne\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\jeanne\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\jeanne\AppData\Local\Google\Chrome\Application\chrome.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe (Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe (VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe (Google Inc.) C:\Users\jeanne\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated) HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7466600 2011-09-15] (Realtek Semiconductor) HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-21] (Hewlett-Packard Company) HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation) HKCU\...\Run: [iFunBoxConnector] - C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe [812544 2013-02-01] () HKCU\...\Run: [Google Update] - C:\Users\jeanne\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-02-01] (Google Inc.) HKCU\...\Run: [bitTorrent] - C:\Users\jeanne\AppData\Roaming\BitTorrent\BitTorrent.exe [1126488 2013-08-08] (BitTorrent Inc.) HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation) HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2011-01-27] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [574008 2011-07-11] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411440 2013-07-01] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-07-01] (RealNetworks, Inc.) HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Air Mouse.lnk ShortcutTarget: Air Mouse.lnk -> C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe () Startup: C:\Users\jeanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\jeanne\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation) SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com?type=714647&fr=spigot-yhp-ie HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1 HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mifi.admin/ https://selfcare.internet-go.com/overview/ URLSearchHook: (No Name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No File URLSearchHook: (No Name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No File SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms} SearchScopes: HKLM - {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.searchya.com/?q={searchTerms}&f=4&a=dnldyho&cd=2XzuyEtN2Y1L1Qzu0EyEtCtCyD0B0FyE0DtDyB0B0CyE0CyCtN0D0Tzu0CyEtCyEtN1L2XzutBtFtBtFtCtFyEyBzztN1L1Czu1Q1G1I1Q2U1M1F&cr=1519142129&ir= SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms} SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms} SearchScopes: HKCU - {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO-x32: Photopos Toolbar - {59509308-4e15-4619-8e8d-0154e1588cdd} - C:\Program Files (x86)\photopostb\photoposDx.dll () BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM-x32 - BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll No File Toolbar: HKLM-x32 - Photopos Toolbar - {59509308-4e15-4619-8e8d-0154e1588cdd} - C:\Program Files (x86)\photopostb\photoposDx.dll () Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\jeanne\AppData\Roaming\Mozilla\Firefox\Profiles\kfl0cu6i.default FF SelectedSearchEngine: Yahoo FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @java.com/DTPlugin,version=10.4.0 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.4.0 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin-x32: @real.com/nppl3260;version=16.0.2.32 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=16.0.2.32 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\jeanne\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\jeanne\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\jeanne\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: LWA64Plugin15.7 - C:\Users\jeanne\AppData\Roaming\Mozilla\Plugins\npLWA64Plugin15.7.dll (Microsoft Corporation) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF SearchPlugin: C:\Users\jeanne\AppData\Roaming\Mozilla\Firefox\Profiles\kfl0cu6i.default\searchplugins\bingp.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\photopostb.xml FF Extension: No Name - C:\Users\jeanne\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com FF Extension: HP Detect - C:\Users\jeanne\AppData\Roaming\Mozilla\Firefox\Profiles\kfl0cu6i.default\Extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} FF Extension: testpilot - C:\Users\jeanne\AppData\Roaming\Mozilla\Firefox\Profiles\kfl0cu6i.default\Extensions\testpilot@labs.mozilla.com.xpi FF Extension: toolbar_ATU4-V7 - C:\Users\jeanne\AppData\Roaming\Mozilla\Firefox\Profiles\kfl0cu6i.default\Extensions\toolbar_ATU4-V7@apn.ask.com.xpi FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF HKLM-x32\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ Chrome: ======= CHR RestoreOnStartup: "https://www.facebook.com/" CHR DefaultSearchURL: (Yahoo!) - http://search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=714647&p={searchTerms} CHR DefaultSuggestURL: (Yahoo!) - http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms} CHR Plugin: (Shockwave Flash) - C:\Users\jeanne\AppData\Local\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\jeanne\AppData\Local\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Users\jeanne\AppData\Local\Google\Chrome\Application\28.0.1500.95\pdf.dll () CHR Plugin: (Skype Click to Call) - C:\Users\jeanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.11.0.9874_0\npSkypeChromePlugin.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll (RealPlayer) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Users\jeanne\AppData\Roaming\Mozilla\plugins\np-mswmp.dll (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll No File CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) CHR Plugin: (Java Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (RealNetworks RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) CHR Plugin: (RealNetworks RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) CHR Plugin: (RealNetworks RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\jeanne\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) CHR Plugin: (Google Update) - C:\Users\jeanne\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File CHR Extension: (Angry Birds) - C:\Users\jeanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0 CHR Extension: (TV) - C:\Users\jeanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh\1.0.12_0 CHR Extension: (VUDU Movies) - C:\Users\jeanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\daomabnenlgkenegngdblacoobnncgib\2.0.0.2_0 CHR Extension: (Watch TV Online - Clickplayer.tv) - C:\Users\jeanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\flmfboagenlcnkidkjodenlgihdbkipj\6.3_0 CHR Extension: (Bart Simpson Dressup) - C:\Users\jeanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbgjplckadbmknaljcodfhoelklhdnoe\1.0.3_0 CHR Extension: (Flixster) - C:\Users\jeanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgbpjlnkjhllfgfdmieompodgaefjcfh\1.0.6_0 CHR Extension: (Crackle) - C:\Users\jeanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic\7.1.7_0 CHR Extension: (RealDownloader) - C:\Users\jeanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.2_0 CHR Extension: (World of Solitaire) - C:\Users\jeanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifbnllnaaaohekjkcpfdllhhjijnidgn\1.0.1_0 CHR Extension: (KIDO'Z TV) - C:\Users\jeanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\jokdeafnhahffanabnbjjjjmoechjklc\2.2_0 CHR Extension: (Word War) - C:\Users\jeanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kabpecppkafpeglblchgegjlajhdiidh\1_0 CHR Extension: (Webcam Toy) - C:\Users\jeanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade\1.4_0 CHR Extension: (Skype Click to Call) - C:\Users\jeanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0 CHR Extension: (Plants vs Zombies) - C:\Users\jeanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0 CHR Extension: (Angry Birds) - C:\Users\jeanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nllkkflncainlmehooebdaodggehpknh\1.0_0 CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\jeanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0 CHR Extension: (Find Sponge Bob) - C:\Users\jeanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppbecpleglieaijnfimdjpdjikfgblab\1.0.2_0 CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx CHR HKLM-x32\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\Users\jeanne\AppData\Local\Temp\ccex.crx CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx ==================== Services (Whitelisted) ================= R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.) R2 MxKsPumper; C:\Windows\syswow64\MxKsPumper.exe [130976 2011-07-21] (GorMedia, Inc.) R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] () S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.) R2 vToolbarUpdater15.5.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [1643184 2013-08-15] (AVG Secure Search) ==================== Drivers (Whitelisted) ==================== R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-07-10] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.) R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-08-15] (AVG Technologies) R3 cbfs3; C:\Windows\System32\DRIVERS\cbfs3.sys [352144 2012-04-09] (EldoS Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 MxCamKsFilter; C:\Windows\System32\DRIVERS\MxCamUFilterDrv.sys [14752 2011-07-21] (GorMedia, Inc.) R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.) S3 clwvd; system32\DRIVERS\clwvd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-08-20 09:01 - 2013-08-20 09:01 - 00000000 ____D C:\FRST 2013-08-20 00:33 - 2013-08-20 00:33 - 02347384 _____ (ESET) C:\Users\jeanne\Downloads\esetsmartinstaller_enu.exe 2013-08-20 00:33 - 2013-08-20 00:33 - 00000000 ____D C:\Program Files (x86)\ESET 2013-08-20 00:25 - 2013-08-20 00:26 - 00009965 _____ C:\AdwCleaner[s1].txt 2013-08-20 00:25 - 2013-08-20 00:26 - 00000121 _____ C:\Windows\DeleteOnReboot.bat 2013-08-20 00:25 - 2013-08-20 00:25 - 00666633 _____ C:\Users\jeanne\Downloads\AdwCleaner.exe 2013-08-20 00:24 - 2013-08-20 00:24 - 00001081 _____ C:\Users\jeanne\Desktop\Continue Download Helper Installation.lnk 2013-08-20 00:21 - 2013-08-20 00:21 - 00023930 _____ C:\Users\jeanne\Desktop\JRT.txt 2013-08-20 00:10 - 2013-08-20 00:10 - 00000000 ____D C:\Windows\ERUNT 2013-08-19 23:12 - 2013-08-20 00:07 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-08-19 23:10 - 2013-08-20 00:07 - 00000000 ____D C:\Users\jeanne\Desktop\mbar 2013-08-19 23:08 - 2013-08-19 23:09 - 01018949 _____ (Thisisu) C:\Users\jeanne\Downloads\JRT.exe 2013-08-19 23:07 - 2013-08-19 23:09 - 00000000 ____D C:\Users\jeanne\Desktop\RK_Quarantine 2013-08-19 23:07 - 2013-08-19 23:07 - 12081912 _____ (Malwarebytes Corp.) C:\Users\jeanne\Downloads\mbar-1.06.1.1005.exe 2013-08-19 23:05 - 2013-08-19 23:06 - 03814400 _____ C:\Users\jeanne\Downloads\RogueKillerX64.exe 2013-08-19 23:05 - 2013-08-19 23:05 - 00000000 ____D C:\Windows\ERDNT 2013-08-19 23:04 - 2013-08-19 23:04 - 00000884 _____ C:\Users\jeanne\Desktop\NTREGOPT.lnk 2013-08-19 23:04 - 2013-08-19 23:04 - 00000865 _____ C:\Users\jeanne\Desktop\ERUNT.lnk 2013-08-19 23:04 - 2013-08-19 23:04 - 00000000 ____D C:\Program Files (x86)\ERUNT 2013-08-19 22:59 - 2013-08-19 23:00 - 00791393 _____ (Lars Hederer ) C:\Users\jeanne\Downloads\erunt-setup.exe 2013-08-19 21:17 - 2013-08-19 21:19 - 00000000 ____D C:\Users\jeanne\Downloads\Switched at Birth S02E21 HDTV x264-ASAP[ettv] 2013-08-19 21:17 - 2013-08-19 21:18 - 00000000 ____D C:\Users\jeanne\Downloads\Under the Domen S01E09 HDTV x264-LOL[ettv] 2013-08-19 19:15 - 2013-08-19 19:15 - 00000000 ____D C:\Users\jeanne\AppData\Roaming\Malwarebytes 2013-08-19 19:14 - 2013-08-19 19:14 - 00001069 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-08-19 19:14 - 2013-08-19 19:14 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-08-19 19:14 - 2013-08-19 19:14 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-08-19 19:14 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-08-19 19:13 - 2013-08-19 19:14 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\jeanne\Downloads\mbam-setup-1.75.0.1300 (1).exe 2013-08-19 19:13 - 2013-08-19 19:13 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\jeanne\Downloads\mbam-setup-1.75.0.1300.exe 2013-08-18 23:28 - 2013-08-19 00:48 - 00000000 ____D C:\Users\jeanne\Downloads\Ray Donovan S01E08 HDTV x264-ASAP[ettv] 2013-08-18 22:14 - 2013-08-18 22:15 - 00000000 ____D C:\Users\jeanne\Downloads\Dexter S08E08 HDTV x264-ASAP[ettv] 2013-08-18 21:08 - 2013-08-18 21:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-08-18 20:56 - 2013-08-18 20:58 - 00000000 ____D C:\Users\jeanne\Downloads\True Blood S06E10 Radioactive WEB-DL XviD-FUM[ettv] 2013-08-18 03:21 - 2013-08-18 03:22 - 00000000 ____D C:\Users\jeanne\Downloads\Arctic Monkeys - Suck It And See (2011) (320kbps) DutchReleaseTeam 2013-08-18 03:21 - 2013-08-18 03:21 - 00000000 ____D C:\Users\jeanne\Downloads\Arctic Monkeys - Black Treacle (Single) 2012 2013-08-18 03:11 - 2013-08-18 03:11 - 00001146 _____ C:\Users\Public\Desktop\aTube Catcher.lnk 2013-08-18 03:10 - 2013-06-06 16:41 - 00489392 _____ (Ask Partner Network) C:\Users\jeanne\Documents\APNSetup.exe 2013-08-17 23:30 - 2013-08-17 23:30 - 00000000 ____D C:\Users\jeanne\Downloads\Cedar Cove S01E05 HDTV x264-2HD[ettv] 2013-08-16 22:00 - 2013-08-16 22:08 - 156863116 _____ C:\Users\jeanne\Downloads\Web.Therapy.S03E01.HDTV.x264-EVOLVE.mp4 2013-08-16 22:00 - 2013-08-16 22:04 - 135941844 _____ C:\Users\jeanne\Downloads\Web.Therapy.S03E02.HDTV.x264-EVOLVE.mp4 2013-08-16 22:00 - 2013-08-16 22:03 - 123408770 _____ C:\Users\jeanne\Downloads\Web.Therapy.S03E04.HDTV.x264-ASAP.mp4 2013-08-16 22:00 - 2013-08-16 22:00 - 00000000 ____D C:\Users\jeanne\Downloads\Web.Therapy.S03E03.720p.HDTV.x264-EVOLVE [PublicHD] 2013-08-15 23:19 - 2013-08-20 00:30 - 00003212 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-555411451-2527714722-2404825438-1000 2013-08-15 03:11 - 2013-07-26 01:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-08-15 03:11 - 2013-07-26 01:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-08-15 03:11 - 2013-07-26 01:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-08-15 03:11 - 2013-07-26 01:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-08-15 03:11 - 2013-07-26 01:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-08-15 03:11 - 2013-07-26 01:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-08-15 03:11 - 2013-07-26 01:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-08-15 03:11 - 2013-07-26 01:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-08-15 03:11 - 2013-07-26 01:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-08-15 03:11 - 2013-07-26 01:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-08-15 03:11 - 2013-07-26 01:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-08-15 03:11 - 2013-07-26 01:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-08-15 03:11 - 2013-07-26 01:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-08-15 03:11 - 2013-07-26 01:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-08-15 03:11 - 2013-07-25 23:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-08-15 03:11 - 2013-07-25 23:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-08-15 03:11 - 2013-07-25 23:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-08-15 03:11 - 2013-07-25 23:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-08-15 03:11 - 2013-07-25 23:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-08-15 03:11 - 2013-07-25 23:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-08-15 03:11 - 2013-07-25 23:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-08-15 03:11 - 2013-07-25 23:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-08-15 03:11 - 2013-07-25 23:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-08-15 03:11 - 2013-07-25 23:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-08-15 03:11 - 2013-07-25 23:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-08-15 03:11 - 2013-07-25 23:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-08-15 03:11 - 2013-07-25 23:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-08-15 03:11 - 2013-07-25 23:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-08-15 03:11 - 2013-07-25 22:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-08-15 03:11 - 2013-07-25 22:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-08-15 03:11 - 2013-07-25 21:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-08-15 03:01 - 2013-08-15 03:01 - 00000000 ____D C:\Windows\system32\MRT 2013-08-15 01:15 - 2013-08-15 01:39 - 00000000 ____D C:\Users\jeanne\Downloads\Necessary.Roughness.S03E09.HDTV.XviD-AFG 2013-08-14 21:26 - 2013-07-25 05:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-08-14 21:26 - 2013-07-25 04:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-08-14 21:26 - 2013-07-18 21:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-08-14 21:26 - 2013-07-18 21:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2013-08-14 21:26 - 2013-07-09 02:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-08-14 21:26 - 2013-07-09 01:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-08-14 21:26 - 2013-07-09 01:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2013-08-14 21:26 - 2013-07-09 01:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2013-08-14 21:26 - 2013-07-09 01:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2013-08-14 21:26 - 2013-07-09 01:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-08-14 21:26 - 2013-07-09 01:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2013-08-14 21:26 - 2013-07-09 01:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2013-08-14 21:26 - 2013-07-09 01:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-08-14 21:26 - 2013-07-09 01:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-08-14 21:26 - 2013-07-09 00:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-08-14 21:26 - 2013-07-09 00:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2013-08-14 21:26 - 2013-07-09 00:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2013-08-14 21:26 - 2013-07-09 00:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-08-14 21:26 - 2013-07-09 00:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-08-14 21:26 - 2013-07-09 00:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-08-14 21:26 - 2013-07-08 22:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-08-14 21:25 - 2013-07-09 00:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-08-14 21:25 - 2013-07-08 22:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-08-14 21:25 - 2013-07-08 22:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-08-14 21:25 - 2013-07-08 22:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-08-14 21:25 - 2013-07-06 02:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-08-14 21:25 - 2013-06-15 00:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2013-08-13 11:49 - 2013-08-13 11:50 - 00000000 ____D C:\Users\jeanne\Downloads\Mythbusters S12 Breaking Bad Special INTERNAL HDTV x264-KILLERS[ettv] 2013-08-12 12:57 - 2013-08-12 12:57 - 00000000 ____D C:\ProgramData\StarApp 2013-08-12 12:55 - 2013-08-12 12:57 - 00000000 ____D C:\ProgramData\InstallMate 2013-08-12 00:49 - 2013-08-12 00:57 - 00000000 ____D C:\Users\jeanne\Downloads\Ray Donovan S01E07 HDTV x264-ASAP[ettv] 2013-08-12 00:18 - 2013-08-12 00:24 - 00000000 ____D C:\Users\jeanne\Downloads\Drop Dead Diva S05E08 HDTV x264-ASAP[ettv] 2013-08-12 00:00 - 2013-08-12 00:09 - 00000000 ____D C:\Users\jeanne\Downloads\Dexter S08E07 HDTV x264-ASAP[ettv] 2013-08-12 00:00 - 2013-08-12 00:01 - 00000000 ____D C:\Users\jeanne\Downloads\True Blood S06E09 Life Matters WEB DL XviD-FUM[ettv] 2013-08-09 21:44 - 2013-08-20 00:30 - 00003344 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-555411451-2527714722-2404825438-1000 2013-08-09 21:20 - 2013-08-09 21:20 - 00012193 _____ C:\Users\jeanne\Downloads\images-2.jpeg 2013-08-09 21:20 - 2013-08-09 21:20 - 00009198 _____ C:\Users\jeanne\Downloads\images-1.jpeg 2013-08-09 21:19 - 2013-08-09 21:19 - 00011309 _____ C:\Users\jeanne\Downloads\images.jpeg 2013-08-09 20:19 - 2013-08-20 00:28 - 00224044 _____ C:\Windows\PFRO.log 2013-08-08 23:38 - 2013-08-09 03:26 - 00000000 ____D C:\Users\jeanne\AppData\Local\DolphinViewer3 2013-08-08 23:38 - 2013-08-08 23:40 - 00000000 ____D C:\Users\jeanne\AppData\Roaming\DolphinViewer3 2013-08-08 12:13 - 2013-08-08 12:13 - 00001227 _____ C:\Users\Public\Desktop\Dolphin Viewer 3.lnk 2013-08-08 12:12 - 2013-08-08 12:13 - 00000000 ____D C:\Program Files (x86)\DolphinViewer3 2013-08-08 02:58 - 2013-08-08 03:09 - 00000000 ____D C:\Users\jeanne\Downloads\Necessary Roughness S03E08 HDTV XviD-FUM[ettv] 2013-08-08 00:41 - 2013-08-08 00:41 - 00000873 _____ C:\Users\jeanne\Desktop\BitTorrent.lnk 2013-08-08 00:41 - 2013-08-08 00:41 - 00000853 _____ C:\Users\jeanne\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk 2013-08-01 19:03 - 2013-08-05 00:06 - 00000000 ____D C:\Users\jeanne\Downloads\The Haves and the Have Nots S01E01 HDTV x264-ASAP[ettv] 2013-07-31 14:41 - 2013-07-31 14:41 - 141932924 _____ C:\Users\jeanne\Downloads\bvideo.mp4 2013-07-29 19:36 - 2013-08-20 00:28 - 00000896 _____ C:\Windows\setupact.log 2013-07-29 19:36 - 2013-07-29 19:36 - 00000000 _____ C:\Windows\setuperr.log 2013-07-27 21:44 - 2013-08-08 00:40 - 00000000 _____ C:\conversation.log 2013-07-27 21:43 - 2013-08-18 02:04 - 00000000 ____D C:\Users\jeanne\AppData\Local\Firestorm 2013-07-27 21:43 - 2013-07-27 21:45 - 00000000 ____D C:\Users\jeanne\AppData\Roaming\Firestorm 2013-07-27 21:39 - 2013-07-27 21:39 - 00001277 _____ C:\Users\Public\Desktop\Firestorm-Release.lnk 2013-07-27 21:37 - 2013-07-27 21:39 - 00000000 ____D C:\Program Files (x86)\Firestorm-Release 2013-07-26 01:59 - 2013-07-26 01:59 - 00002978 _____ C:\Windows\System32\Tasks\{CDE12549-DCC0-4145-B5AB-B154A74E4D21} 2013-07-25 02:19 - 2013-08-08 12:04 - 00000000 ____D C:\Users\jeanne\AppData\Local\SecondLife 2013-07-25 02:19 - 2013-08-08 08:44 - 00000000 ____D C:\Program Files (x86)\SecondLifeViewer 2013-07-25 02:19 - 2013-08-08 00:42 - 00001085 _____ C:\Users\Public\Desktop\Second Life Viewer.lnk 2013-07-25 02:19 - 2013-07-25 02:21 - 00000000 ____D C:\Users\jeanne\AppData\Roaming\SecondLife 2013-07-25 02:03 - 2013-07-25 02:06 - 00700144 _____ C:\Users\jeanne\Downloads\Second_Life_Setup.exe ==================== One Month Modified Files and Folders ======= 2013-08-20 09:01 - 2013-08-20 09:01 - 01576196 _____ (Farbar) C:\Users\jeanne\Downloads\FRST64.exe 2013-08-20 09:01 - 2013-08-20 09:01 - 00000000 ____D C:\FRST 2013-08-20 09:00 - 2012-03-08 04:23 - 00000000 ____D C:\Users\jeanne\AppData\Roaming\BitTorrent 2013-08-20 08:30 - 2012-02-01 14:02 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-555411451-2527714722-2404825438-1000UA.job 2013-08-20 08:20 - 2012-06-10 23:09 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-08-20 02:38 - 2012-01-13 21:26 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{2330D4A8-255B-48FC-9702-AF4B8C85E825} 2013-08-20 02:15 - 2011-12-17 06:04 - 01782163 _____ C:\Windows\WindowsUpdate.log 2013-08-20 01:18 - 2012-03-27 19:51 - 00000000 ____D C:\Users\jeanne\AppData\Roaming\Skype 2013-08-20 01:08 - 2012-01-17 10:17 - 00000000 ____D C:\Users\jeanne\AppData\Roaming\vlc 2013-08-20 00:37 - 2009-07-14 00:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-08-20 00:37 - 2009-07-14 00:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-08-20 00:33 - 2013-08-20 00:33 - 02347384 _____ (ESET) C:\Users\jeanne\Downloads\esetsmartinstaller_enu.exe 2013-08-20 00:33 - 2013-08-20 00:33 - 00000000 ____D C:\Program Files (x86)\ESET 2013-08-20 00:31 - 2013-04-10 14:44 - 00000000 ____D C:\Users\jeanne\AppData\Roaming\Dropbox 2013-08-20 00:30 - 2013-08-15 23:19 - 00003212 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-555411451-2527714722-2404825438-1000 2013-08-20 00:30 - 2013-08-09 21:44 - 00003344 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-555411451-2527714722-2404825438-1000 2013-08-20 00:30 - 2013-04-10 14:47 - 00000000 ___RD C:\Users\jeanne\Dropbox 2013-08-20 00:29 - 2013-06-07 22:48 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job 2013-08-20 00:29 - 2013-06-05 11:03 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job 2013-08-20 00:28 - 2013-08-09 20:19 - 00224044 _____ C:\Windows\PFRO.log 2013-08-20 00:28 - 2013-07-29 19:36 - 00000896 _____ C:\Windows\setupact.log 2013-08-20 00:28 - 2012-06-10 23:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-08-20 00:28 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-08-20 00:26 - 2013-08-20 00:25 - 00009965 _____ C:\AdwCleaner[s1].txt 2013-08-20 00:26 - 2013-08-20 00:25 - 00000121 _____ C:\Windows\DeleteOnReboot.bat 2013-08-20 00:25 - 2013-08-20 00:25 - 00666633 _____ C:\Users\jeanne\Downloads\AdwCleaner.exe 2013-08-20 00:25 - 2012-01-13 22:17 - 00000000 ____D C:\ProgramData\AVG Secure Search 2013-08-20 00:24 - 2013-08-20 00:24 - 00001081 _____ C:\Users\jeanne\Desktop\Continue Download Helper Installation.lnk 2013-08-20 00:21 - 2013-08-20 00:21 - 00023930 _____ C:\Users\jeanne\Desktop\JRT.txt 2013-08-20 00:14 - 2013-03-03 22:03 - 00000000 ____D C:\ProgramData\Uniblue 2013-08-20 00:10 - 2013-08-20 00:10 - 00000000 ____D C:\Windows\ERUNT 2013-08-20 00:07 - 2013-08-19 23:12 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-08-20 00:07 - 2013-08-19 23:10 - 00000000 ____D C:\Users\jeanne\Desktop\mbar 2013-08-19 23:58 - 2012-01-18 20:54 - 00000000 ____D C:\Users\jeanne\Documents\Youcam 2013-08-19 23:09 - 2013-08-19 23:08 - 01018949 _____ (Thisisu) C:\Users\jeanne\Downloads\JRT.exe 2013-08-19 23:09 - 2013-08-19 23:07 - 00000000 ____D C:\Users\jeanne\Desktop\RK_Quarantine 2013-08-19 23:07 - 2013-08-19 23:07 - 12081912 _____ (Malwarebytes Corp.) C:\Users\jeanne\Downloads\mbar-1.06.1.1005.exe 2013-08-19 23:06 - 2013-08-19 23:05 - 03814400 _____ C:\Users\jeanne\Downloads\RogueKillerX64.exe 2013-08-19 23:05 - 2013-08-19 23:05 - 00000000 ____D C:\Windows\ERDNT 2013-08-19 23:04 - 2013-08-19 23:04 - 00000884 _____ C:\Users\jeanne\Desktop\NTREGOPT.lnk 2013-08-19 23:04 - 2013-08-19 23:04 - 00000865 _____ C:\Users\jeanne\Desktop\ERUNT.lnk 2013-08-19 23:04 - 2013-08-19 23:04 - 00000000 ____D C:\Program Files (x86)\ERUNT 2013-08-19 23:00 - 2013-08-19 22:59 - 00791393 _____ (Lars Hederer ) C:\Users\jeanne\Downloads\erunt-setup.exe 2013-08-19 21:19 - 2013-08-19 21:17 - 00000000 ____D C:\Users\jeanne\Downloads\Switched at Birth S02E21 HDTV x264-ASAP[ettv] 2013-08-19 21:18 - 2013-08-19 21:17 - 00000000 ____D C:\Users\jeanne\Downloads\Under the Domen S01E09 HDTV x264-LOL[ettv] 2013-08-19 19:15 - 2013-08-19 19:15 - 00000000 ____D C:\Users\jeanne\AppData\Roaming\Malwarebytes 2013-08-19 19:14 - 2013-08-19 19:14 - 00001069 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-08-19 19:14 - 2013-08-19 19:14 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-08-19 19:14 - 2013-08-19 19:14 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-08-19 19:14 - 2013-08-19 19:13 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\jeanne\Downloads\mbam-setup-1.75.0.1300 (1).exe 2013-08-19 19:13 - 2013-08-19 19:13 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\jeanne\Downloads\mbam-setup-1.75.0.1300.exe 2013-08-19 18:30 - 2012-02-01 14:02 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-555411451-2527714722-2404825438-1000Core.job 2013-08-19 18:05 - 2012-01-13 22:07 - 00000000 ____D C:\ProgramData\MFAData 2013-08-19 00:48 - 2013-08-18 23:28 - 00000000 ____D C:\Users\jeanne\Downloads\Ray Donovan S01E08 HDTV x264-ASAP[ettv] 2013-08-18 22:15 - 2013-08-18 22:14 - 00000000 ____D C:\Users\jeanne\Downloads\Dexter S08E08 HDTV x264-ASAP[ettv] 2013-08-18 21:08 - 2013-08-18 21:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-08-18 20:58 - 2013-08-18 20:56 - 00000000 ____D C:\Users\jeanne\Downloads\True Blood S06E10 Radioactive WEB-DL XviD-FUM[ettv] 2013-08-18 03:22 - 2013-08-18 03:21 - 00000000 ____D C:\Users\jeanne\Downloads\Arctic Monkeys - Suck It And See (2011) (320kbps) DutchReleaseTeam 2013-08-18 03:21 - 2013-08-18 03:21 - 00000000 ____D C:\Users\jeanne\Downloads\Arctic Monkeys - Black Treacle (Single) 2012 2013-08-18 03:11 - 2013-08-18 03:11 - 00001146 _____ C:\Users\Public\Desktop\aTube Catcher.lnk 2013-08-18 03:11 - 2013-03-05 20:19 - 00002074 _____ C:\Users\Public\Desktop\Video Search.lnk 2013-08-18 03:10 - 2013-03-05 20:18 - 00000000 ____D C:\Program Files (x86)\DsNET Corp 2013-08-18 02:04 - 2013-07-27 21:43 - 00000000 ____D C:\Users\jeanne\AppData\Local\Firestorm 2013-08-17 23:30 - 2013-08-17 23:30 - 00000000 ____D C:\Users\jeanne\Downloads\Cedar Cove S01E05 HDTV x264-2HD[ettv] 2013-08-16 22:08 - 2013-08-16 22:00 - 156863116 _____ C:\Users\jeanne\Downloads\Web.Therapy.S03E01.HDTV.x264-EVOLVE.mp4 2013-08-16 22:04 - 2013-08-16 22:00 - 135941844 _____ C:\Users\jeanne\Downloads\Web.Therapy.S03E02.HDTV.x264-EVOLVE.mp4 2013-08-16 22:03 - 2013-08-16 22:00 - 123408770 _____ C:\Users\jeanne\Downloads\Web.Therapy.S03E04.HDTV.x264-ASAP.mp4 2013-08-16 22:00 - 2013-08-16 22:00 - 00000000 ____D C:\Users\jeanne\Downloads\Web.Therapy.S03E03.720p.HDTV.x264-EVOLVE [PublicHD] 2013-08-15 05:34 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache 2013-08-15 04:33 - 2007-01-01 21:25 - 00000000 ____D C:\Windows\Panther 2013-08-15 03:07 - 2009-07-14 01:13 - 00794606 _____ C:\Windows\system32\PerfStringBackup.INI 2013-08-15 03:05 - 2013-08-15 03:01 - 00000000 ____D C:\Windows\system32\MRT 2013-08-15 03:01 - 2012-01-16 04:06 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-08-15 01:39 - 2013-08-15 01:15 - 00000000 ____D C:\Users\jeanne\Downloads\Necessary.Roughness.S03E09.HDTV.XviD-AFG 2013-08-15 01:07 - 2013-07-01 21:17 - 00003715 _____ C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml 2013-08-15 01:07 - 2012-09-07 13:09 - 00045856 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys 2013-08-13 11:50 - 2013-08-13 11:49 - 00000000 ____D C:\Users\jeanne\Downloads\Mythbusters S12 Breaking Bad Special INTERNAL HDTV x264-KILLERS[ettv] 2013-08-12 12:57 - 2013-08-12 12:57 - 00000000 ____D C:\ProgramData\StarApp 2013-08-12 12:57 - 2013-08-12 12:55 - 00000000 ____D C:\ProgramData\InstallMate 2013-08-12 00:57 - 2013-08-12 00:49 - 00000000 ____D C:\Users\jeanne\Downloads\Ray Donovan S01E07 HDTV x264-ASAP[ettv] 2013-08-12 00:24 - 2013-08-12 00:18 - 00000000 ____D C:\Users\jeanne\Downloads\Drop Dead Diva S05E08 HDTV x264-ASAP[ettv] 2013-08-12 00:09 - 2013-08-12 00:00 - 00000000 ____D C:\Users\jeanne\Downloads\Dexter S08E07 HDTV x264-ASAP[ettv] 2013-08-12 00:01 - 2013-08-12 00:00 - 00000000 ____D C:\Users\jeanne\Downloads\True Blood S06E09 Life Matters WEB DL XviD-FUM[ettv] 2013-08-11 21:37 - 2012-01-26 10:36 - 00000000 ____D C:\Users\jeanne\AppData\Local\CrashDumps 2013-08-09 21:20 - 2013-08-09 21:20 - 00012193 _____ C:\Users\jeanne\Downloads\images-2.jpeg 2013-08-09 21:20 - 2013-08-09 21:20 - 00009198 _____ C:\Users\jeanne\Downloads\images-1.jpeg 2013-08-09 21:19 - 2013-08-09 21:19 - 00011309 _____ C:\Users\jeanne\Downloads\images.jpeg 2013-08-09 03:26 - 2013-08-08 23:38 - 00000000 ____D C:\Users\jeanne\AppData\Local\DolphinViewer3 2013-08-08 23:40 - 2013-08-08 23:38 - 00000000 ____D C:\Users\jeanne\AppData\Roaming\DolphinViewer3 2013-08-08 12:13 - 2013-08-08 12:13 - 00001227 _____ C:\Users\Public\Desktop\Dolphin Viewer 3.lnk 2013-08-08 12:13 - 2013-08-08 12:12 - 00000000 ____D C:\Program Files (x86)\DolphinViewer3 2013-08-08 12:04 - 2013-07-25 02:19 - 00000000 ____D C:\Users\jeanne\AppData\Local\SecondLife 2013-08-08 08:44 - 2013-07-25 02:19 - 00000000 ____D C:\Program Files (x86)\SecondLifeViewer 2013-08-08 03:09 - 2013-08-08 02:58 - 00000000 ____D C:\Users\jeanne\Downloads\Necessary Roughness S03E08 HDTV XviD-FUM[ettv] 2013-08-08 00:42 - 2013-07-25 02:19 - 00001085 _____ C:\Users\Public\Desktop\Second Life Viewer.lnk 2013-08-08 00:41 - 2013-08-08 00:41 - 00000873 _____ C:\Users\jeanne\Desktop\BitTorrent.lnk 2013-08-08 00:41 - 2013-08-08 00:41 - 00000853 _____ C:\Users\jeanne\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk 2013-08-08 00:40 - 2013-07-27 21:44 - 00000000 _____ C:\conversation.log 2013-08-05 00:06 - 2013-08-01 19:03 - 00000000 ____D C:\Users\jeanne\Downloads\The Haves and the Have Nots S01E01 HDTV x264-ASAP[ettv] 2013-08-01 12:51 - 2012-05-14 20:58 - 00000000 ____D C:\Users\jeanne\Downloads\pdf 2013-07-31 14:41 - 2013-07-31 14:41 - 141932924 _____ C:\Users\jeanne\Downloads\bvideo.mp4 2013-07-30 20:14 - 2013-04-03 15:11 - 00000925 _____ C:\Users\Public\Desktop\AVG 2013.lnk 2013-07-29 19:36 - 2013-07-29 19:36 - 00000000 _____ C:\Windows\setuperr.log 2013-07-28 21:27 - 2012-02-04 00:48 - 00000000 ____D C:\Program Files (x86)\Opera 2013-07-27 22:25 - 2012-05-16 01:48 - 00000000 ____D C:\Users\jeanne\AppData\Local\Windows Live 2013-07-27 21:45 - 2013-07-27 21:43 - 00000000 ____D C:\Users\jeanne\AppData\Roaming\Firestorm 2013-07-27 21:39 - 2013-07-27 21:39 - 00001277 _____ C:\Users\Public\Desktop\Firestorm-Release.lnk 2013-07-27 21:39 - 2013-07-27 21:37 - 00000000 ____D C:\Program Files (x86)\Firestorm-Release 2013-07-26 01:59 - 2013-07-26 01:59 - 00002978 _____ C:\Windows\System32\Tasks\{CDE12549-DCC0-4145-B5AB-B154A74E4D21} 2013-07-26 01:13 - 2013-08-15 03:11 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-07-26 01:13 - 2013-08-15 03:11 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-07-26 01:13 - 2013-08-15 03:11 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-07-26 01:12 - 2013-08-15 03:11 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-07-26 01:12 - 2013-08-15 03:11 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-07-26 01:12 - 2013-08-15 03:11 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-07-26 01:12 - 2013-08-15 03:11 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-07-26 01:12 - 2013-08-15 03:11 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-07-26 01:12 - 2013-08-15 03:11 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-07-26 01:12 - 2013-08-15 03:11 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-07-26 01:12 - 2013-08-15 03:11 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-07-26 01:12 - 2013-08-15 03:11 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-07-26 01:12 - 2013-08-15 03:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-07-26 01:12 - 2013-08-15 03:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-07-26 01:11 - 2012-06-21 23:34 - 00468592 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\pskill.exe 2013-07-26 01:09 - 2012-03-06 11:38 - 00000000 ____D C:\Users\jeanne\AppData\Local\CutePDF Writer 2013-07-25 23:35 - 2013-08-15 03:11 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-07-25 23:13 - 2013-08-15 03:11 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-07-25 23:13 - 2013-08-15 03:11 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-07-25 23:12 - 2013-08-15 03:11 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-07-25 23:12 - 2013-08-15 03:11 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-07-25 23:12 - 2013-08-15 03:11 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-07-25 23:12 - 2013-08-15 03:11 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-07-25 23:12 - 2013-08-15 03:11 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-07-25 23:12 - 2013-08-15 03:11 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-07-25 23:12 - 2013-08-15 03:11 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-07-25 23:12 - 2013-08-15 03:11 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-07-25 23:12 - 2013-08-15 03:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-07-25 23:11 - 2013-08-15 03:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-07-25 23:11 - 2013-08-15 03:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-07-25 22:49 - 2013-08-15 03:11 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-07-25 22:39 - 2013-08-15 03:11 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-07-25 21:59 - 2013-08-15 03:11 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-07-25 05:25 - 2013-08-14 21:26 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-07-25 04:57 - 2013-08-14 21:26 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-07-25 02:21 - 2013-07-25 02:19 - 00000000 ____D C:\Users\jeanne\AppData\Roaming\SecondLife 2013-07-25 02:07 - 2012-01-14 01:14 - 00000000 ____D C:\Users\jeanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2013-07-25 02:06 - 2013-07-25 02:03 - 00700144 _____ C:\Users\jeanne\Downloads\Second_Life_Setup.exe 2013-07-24 08:54 - 2012-03-27 19:50 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-07-24 08:54 - 2012-03-27 19:50 - 00000000 ____D C:\ProgramData\Skype ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-08-12 15:27 ==================== End Of Log ============================
  12. # AdwCleaner v2.306 - Logfile created 08/20/2013 at 00:25:27 # Updated 19/07/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : jeanne - JEANNE-HP # Boot Mode : Normal # Running from : C:\Users\jeanne\Downloads\AdwCleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml Folder Deleted : C:\Program Files (x86)\AVG Secure Search Folder Deleted : C:\Program Files (x86)\FLV_Runner_B Folder Deleted : C:\ProgramData\AVG Secure Search Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAudiix Folder Deleted : C:\ProgramData\VAudiix Folder Deleted : C:\Users\jeanne\AppData\Local\AVG Secure Search Folder Deleted : C:\Users\jeanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\agobalbmnolaabhclobjgikfdmgklfmk Folder Deleted : C:\Users\jeanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof Folder Deleted : C:\Users\jeanne\AppData\Local\PackageAware Folder Deleted : C:\Users\jeanne\AppData\Local\Temp\APN Folder Deleted : C:\Users\jeanne\AppData\LocalLow\AVG Secure Search Folder Deleted : C:\Users\jeanne\AppData\LocalLow\FLV_Runner_B Folder Deleted : C:\Users\jeanne\AppData\Roaming\Mozilla\Firefox\Profiles\kfl0cu6i.default\extensions\lsjy1uy@jhkbmoaoi.com Folder Deleted : C:\Users\jeanne\AppData\Roaming\SearchYa ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\FLV_Runner_B Key Deleted : HKCU\Software\Ask&Record Key Deleted : HKCU\Software\AVG Secure Search Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6EC5B552-6D23-4E05-A153-32AA26F7D9E8} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6EC5B552-6D23-4E05-A153-32AA26F7D9E8} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8807455B-2A3A-48F6-841D-59743F106777} Key Deleted : HKCU\Software\searchya Key Deleted : HKCU\Software\searchya.com Key Deleted : HKCU\Software\SmartbarLog Key Deleted : HKLM\Software\AVG Secure Search Key Deleted : HKLM\Software\AVG Security Toolbar Key Deleted : HKLM\SOFTWARE\Classes\AppID\{15F6BCB7-BB0F-4A66-8762-4765B05597EB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1973277F-87B0-4EA3-9ED2-470A91D284CF} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153} Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1 Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{15F6BCB7-BB0F-4A66-8762-4765B05597EB} Key Deleted : HKLM\Software\DataMngr Key Deleted : HKLM\Software\FLV_Runner_B Key Deleted : HKLM\Software\InfoAtoms Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8807455B-2A3A-48F6-841D-59743F106777} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin Key Deleted : HKLM\Software\SimplyGen Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6EC5B552-6D23-4E05-A153-32AA26F7D9E8} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8807455B-2A3A-48F6-841D-59743F106777} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5AF34110-FE32-4AF5-A79A-911A61A05F65} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{805D6DCC-B5F9-4F13-905E-1FD084C2A639} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{819DC4CA-4FFF-4C2E-800D-F346471D99BC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EC5B552-6D23-4E05-A153-32AA26F7D9E8} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1 Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FLV_Runner_B Toolbar Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\SOFTWARE\Tarma Installer Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{6EC5B552-6D23-4E05-A153-32AA26F7D9E8}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{6EC5B552-6D23-4E05-A153-32AA26F7D9E8}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{6EC5B552-6D23-4E05-A153-32AA26F7D9E8}] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{6EC5B552-6D23-4E05-A153-32AA26F7D9E8}] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}] ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16660 [OK] Registry is clean. -\\ Mozilla Firefox v23.0.1 (en-US) File : C:\Users\jeanne\AppData\Roaming\Mozilla\Firefox\Profiles\kfl0cu6i.default\prefs.js Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\15.5.0.2"); Deleted : user_pref("extensions.520913cc31384.scode", "if(window.self==window.top){var script=document.createE[...] Deleted : user_pref("extensions.searchya.pnu_base", "{\"newVrsn\":\"35\",\"lastVrsn\":\"35\",\"vrsnLoad\":\"\"[...] Deleted : user_pref("extensions.toolbar_ATU4-V7@apn.ask.com.install-event-fired", true); -\\ Google Chrome v28.0.1500.95 File : C:\Users\jeanne\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. -\\ Opera v12.16.1860.0 File : C:\Users\jeanne\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] File is clean. ************************* AdwCleaner[s1].txt - [9872 octets] - [20/08/2013 00:25:27] ########## EOF - C:\AdwCleaner[s1].txt - [9932 octets] ##########
  13. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.5.1 (08.19.2013:1) OS: Windows 7 Home Premium x64 Ran by jeanne on Tue 08/20/2013 at 0:10:08.80 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services Successfully stopped: [service] APNMCP Successfully deleted: [service] APNMCP ~~~ Registry Values Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apntbmon Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\searchprotection ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\complitly.dll Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\scripthelper.exe Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\viprotocol.dll Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babsolution Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\complitly Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbarbackup Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\bittorrentbar Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\bittorrentbar Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\datamngr Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\freeze.com Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installcore Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\wondershare Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\driverscanner Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocol Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\s Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\suggestmeyes.suggestmeyesbho Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\suggestmeyes.suggestmeyesbho.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\bundlesweetimsetup_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\bundlesweetimsetup_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\driverscanner_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\driverscanner_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\quickshare_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\quickshare_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sweetim_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sweetim_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\webcakedesktop_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\webcakedesktop_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\datamngr Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2790392 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3282137 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441193} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211621176} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\UpdateTask_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\UpdateTask_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Deal Spy_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Deal Spy_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441193} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211621176} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APNSetup_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APNSetup_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APN_ATU3__RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APN_ATU3__RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\UpdateTask_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\UpdateTask_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Deal Spy_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Deal Spy_RASMANCS Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2CACDA4B-CAA4-4234-8F1B-24965C45D15F} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A5DA7D33-02AA-4121-AC20-5438DCF65BD0} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{23D8B2B6-722A-0835-AE06-36E543DC98B7} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88C7F2AA-F93F-432C-8F0E-B7D85967A527} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip" Successfully deleted: [Registry Key] "hkey_current_user\software\askpartnernetwork" Successfully deleted: [Registry Key] "hkey_current_user\software\pip" Successfully deleted: [Registry Key] "hkey_local_machine\software\askpartnernetwork" Successfully deleted: [Registry Key] "hkey_local_machine\software\pip" ~~~ Files Successfully deleted: [File] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ebay.lnk" Successfully deleted: [File] C:\Windows\syswow64\sho47BE.tmp Successfully deleted: [File] C:\Windows\syswow64\shoF781.tmp ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\apn" Successfully deleted: [Folder] "C:\ProgramData\babylon" Successfully deleted: [Folder] "C:\ProgramData\big fish games" Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess" Successfully deleted: [Folder] "C:\ProgramData\uniblue\driverscanner" Successfully deleted: [Folder] "C:\Users\jeanne\AppData\Roaming\complitly" Successfully deleted: [Folder] "C:\Users\jeanne\AppData\Roaming\search protection" Successfully deleted: [Folder] "C:\Users\jeanne\appdata\local\apn" Successfully deleted: [Folder] "C:\Users\jeanne\appdata\local\conduit" Successfully deleted: [Folder] "C:\Users\jeanne\appdata\local\tempdir" Successfully deleted: [Folder] "C:\Users\jeanne\appdata\local\wondershare" Successfully deleted: [Folder] "C:\Users\jeanne\appdata\locallow\bittorrentbar" Successfully deleted: [Folder] "C:\Users\jeanne\appdata\locallow\boost_interprocess" Successfully deleted: [Folder] "C:\Users\jeanne\appdata\locallow\conduit" Successfully deleted: [Folder] "C:\Users\jeanne\appdata\locallow\pricegong" Successfully deleted: [Folder] "C:\Users\jeanne\appdata\locallow\searchresultstb" Successfully deleted: [Folder] "C:\Program Files (x86)\bittorrentbar" Successfully deleted: [Folder] "C:\Program Files (x86)\complitly" Successfully deleted: [Folder] "C:\Program Files (x86)\conduit" Successfully deleted: [Folder] "C:\Program Files (x86)\speeditup free" Successfully deleted: [Folder] "C:\Program Files (x86)\wondershare" Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\wondershare" Successfully deleted: [Folder] "C:\ai_recyclebin" Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin" Successfully deleted: [Empty Folder] C:\Users\jeanne\appdata\local\{042C8D68-7CB9-4302-B456-BA88499D9975} Successfully deleted: [Empty Folder] C:\Users\jeanne\appdata\local\{04985EE0-D799-4DE3-A0DE-90CD4DD01706} Successfully deleted: [Empty Folder] C:\Users\jeanne\appdata\local\{27C6F1C9-900B-4B67-802C-9EF4B487BD2C} Successfully deleted: [Empty Folder] C:\Users\jeanne\appdata\local\{4797B5EA-176F-4A62-9B8C-A2B9FB8AD200} Successfully deleted: [Empty Folder] C:\Users\jeanne\appdata\local\{507D2583-69EF-4248-BCC5-0C28B0D13EC9} Successfully deleted: [Empty Folder] C:\Users\jeanne\appdata\local\{6F81ABEB-67E4-4622-A0B6-6712312AEAEE} Successfully deleted: [Empty Folder] C:\Users\jeanne\appdata\local\{72908AB3-14F1-4934-B5A8-D1909E5B5947} Successfully deleted: [Empty Folder] C:\Users\jeanne\appdata\local\{8983C19A-891A-4F55-AC83-75A815B8E9BE} Successfully deleted: [Empty Folder] C:\Users\jeanne\appdata\local\{916FC89C-CC89-40C9-94D3-06C69CAEC4E8} Successfully deleted: [Empty Folder] C:\Users\jeanne\appdata\local\{965C19F5-32EE-4BDA-84AD-828185E6CD95} Successfully deleted: [Empty Folder] C:\Users\jeanne\appdata\local\{A8D759F5-9BB0-4260-9035-B30B444A6905} Successfully deleted: [Empty Folder] C:\Users\jeanne\appdata\local\{AC619795-7687-432F-954F-92D785DFB1A6} Successfully deleted: [Empty Folder] C:\Users\jeanne\appdata\local\{B16CD708-7D5B-42C0-8B9D-ECA6338B4A0B} Successfully deleted: [Empty Folder] C:\Users\jeanne\appdata\local\{BA029FDF-7C0C-4250-9AA9-BEE579D951E8} Successfully deleted: [Empty Folder] C:\Users\jeanne\appdata\local\{BCAD7F06-56D1-4DDA-BF70-96DC0EB18ED2} Successfully deleted: [Empty Folder] C:\Users\jeanne\appdata\local\{CCB569D8-6065-42C3-B652-4381747D1460} Successfully deleted: [Empty Folder] C:\Users\jeanne\appdata\local\{DC80A956-C94E-489A-A205-97674C6276C9} Successfully deleted: [Empty Folder] C:\Users\jeanne\appdata\local\{E1896F02-3C20-4DC0-A456-DAC55605A5B8} Successfully deleted: [Empty Folder] C:\Users\jeanne\appdata\local\{EC84638A-048E-4E20-AA72-A5CAFF267F93} Successfully deleted: [Empty Folder] C:\Users\jeanne\appdata\local\{F2E7D4B2-AC7F-4BD1-AED9-3E85AB27CB5D} Successfully deleted: [Empty Folder] C:\Users\jeanne\appdata\local\{F4738589-584B-4603-8FB5-0D4094D6E961} Successfully deleted: [Folder] "C:\ProgramData\ask" Successfully deleted: [Folder] "C:\ProgramData\AskPartnerNetwork" Successfully deleted: [Folder] "C:\Program Files (x86)\askpartnernetwork" ~~~ FireFox Failed to delete: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\ask.xml" Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\ask.xml" Successfully deleted: [File] C:\Users\jeanne\AppData\Roaming\mozilla\firefox\profiles\kfl0cu6i.default\user.js Successfully deleted: [File] C:\Users\jeanne\AppData\Roaming\mozilla\firefox\profiles\kfl0cu6i.default\invalidprefs.js Successfully deleted: [File] C:\Users\jeanne\AppData\Roaming\mozilla\firefox\profiles\kfl0cu6i.default\searchplugins\babylon.xml Successfully deleted: [File] C:\Users\jeanne\AppData\Roaming\mozilla\firefox\profiles\kfl0cu6i.default\searchplugins\delta.xml Successfully deleted the following from C:\Users\jeanne\AppData\Roaming\mozilla\firefox\profiles\kfl0cu6i.default\prefs.js user_pref("extensions.520913cc31384.scode", "if(window.self==window.top){var script=document.createElement(\"script\");script.type=\"text/javascript\";script.src=\"//cdncache- user_pref("extensions.crossrider.bic", "13adc01871ba8e8250eedf3086dd7e0d"); user_pref("extensions.delta.admin", false); user_pref("extensions.delta.aflt", "babsst"); user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"); user_pref("extensions.delta.autoRvrt", "false"); user_pref("extensions.delta.dfltLng", "en"); user_pref("extensions.delta.excTlbr", false); user_pref("extensions.delta.ffxUnstlRst", true); user_pref("extensions.delta.id", "4e0bc4c6000000000000e4115bf4d07b"); user_pref("extensions.delta.instlDay", "15888"); user_pref("extensions.delta.instlRef", "sst"); user_pref("extensions.delta.newTab", false); user_pref("extensions.delta.prdct", "delta"); user_pref("extensions.delta.prtnrId", "delta"); user_pref("extensions.delta.rvrt", "false"); user_pref("extensions.delta.smplGrp", "none"); user_pref("extensions.delta.tlbrId", "base"); user_pref("extensions.delta.tlbrSrchUrl", ""); user_pref("extensions.delta.vrsn", "1.8.21.5"); user_pref("extensions.delta.vrsnTs", "1.8.21.523:50:27"); user_pref("extensions.delta.vrsni", "1.8.21.5"); user_pref("extensions.delta_i.babExt", ""); user_pref("extensions.delta_i.babTrack", "affID=119351&tsp=4931"); user_pref("extensions.delta_i.srcExt", "ss"); user_pref("extensions.ffxtlbr@delta.com.install-event-fired", true); user_pref("extensions.ffxtlbr@searchya.com.install-event-fired", true); user_pref("extensions.searchya.aflt", "dnldyho"); user_pref("extensions.searchya.appId", "{1973277F-87B0-4EA3-9ED2-470A91D284CF}"); user_pref("extensions.searchya.cntry", "US"); user_pref("extensions.searchya.dfltLng", ""); user_pref("extensions.searchya.dfltSrch", true); user_pref("extensions.searchya.dnsErr", true); user_pref("extensions.searchya.excTlbr", false); user_pref("extensions.searchya.hdrMd5", "F6E38DDFF62170E7E9B9C58D2B58AE2B"); user_pref("extensions.searchya.hmpg", true); user_pref("extensions.searchya.id", "E4115BF4D07BC4C6"); user_pref("extensions.searchya.instlDay", "15754"); user_pref("extensions.searchya.instlRef", ""); user_pref("extensions.searchya.lastVrsnTs", "1.8.8.08:28:58"); user_pref("extensions.searchya.pnu_base", "{\"newVrsn\":\"35\",\"lastVrsn\":\"35\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\" user_pref("extensions.searchya.prdct", "searchya"); user_pref("extensions.searchya.prtnrId", "searchya"); user_pref("extensions.searchya.sg", "none"); user_pref("extensions.searchya.srchPrvdr", "SearchYa!"); user_pref("extensions.searchya.tlbrId", "base"); user_pref("extensions.searchya.vrsn", "1.8.8.0"); user_pref("extensions.searchya.vrsni", "1.8.8.0"); user_pref("extensions.searchya_i.hmpg", true); user_pref("extensions.searchya_i.newTab", false); user_pref("extensions.searchya_i.smplGrp", "none"); user_pref("extensions.searchya_i.vrsnTs", "1.8.8.08:28:58"); Emptied folder: C:\Users\jeanne\AppData\Roaming\mozilla\firefox\profiles\kfl0cu6i.default\minidumps [77 files] ~~~ Chrome Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\extensioninstallforcelist [blacklisted Policy] Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Tue 08/20/2013 at 0:21:50.22 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  14. report mbam-log-2013-08-19 (19-43-40).txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.