Jump to content

Infected need help


Recommended Posts

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 5.5.1 (08.19.2013:1)

OS: Windows 7 Home Premium x64

Ran by jeanne on Tue 08/20/2013 at  0:10:08.80

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

Successfully stopped: [service] APNMCP

Successfully deleted: [service] APNMCP

 

 

 

~~~ Registry Values

 

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apntbmon

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\searchprotection

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\complitly.dll

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\scripthelper.exe

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\viprotocol.dll

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babsolution

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\complitly

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbarbackup

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\bittorrentbar

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\bittorrentbar

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\datamngr

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\freeze.com

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installcore

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\wondershare

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\driverscanner

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocol

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\s

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\suggestmeyes.suggestmeyesbho

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\suggestmeyes.suggestmeyesbho.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\bundlesweetimsetup_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\bundlesweetimsetup_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\driverscanner_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\driverscanner_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\quickshare_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\quickshare_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sweetim_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sweetim_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\webcakedesktop_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\webcakedesktop_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\datamngr

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2790392

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3282137

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441193}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211621176}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\UpdateTask_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\UpdateTask_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Deal Spy_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Deal Spy_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441193}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211621176}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APNSetup_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APNSetup_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APN_ATU3__RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APN_ATU3__RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\UpdateTask_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\UpdateTask_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Deal Spy_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Deal Spy_RASMANCS

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2CACDA4B-CAA4-4234-8F1B-24965C45D15F}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A5DA7D33-02AA-4121-AC20-5438DCF65BD0}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{23D8B2B6-722A-0835-AE06-36E543DC98B7}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"

Successfully deleted: [Registry Key] "hkey_current_user\software\askpartnernetwork"

Successfully deleted: [Registry Key] "hkey_current_user\software\pip"

Successfully deleted: [Registry Key] "hkey_local_machine\software\askpartnernetwork"

Successfully deleted: [Registry Key] "hkey_local_machine\software\pip"

 

 

 

~~~ Files

 

Successfully deleted: [File] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ebay.lnk"

Successfully deleted: [File] C:\Windows\syswow64\sho47BE.tmp

Successfully deleted: [File] C:\Windows\syswow64\shoF781.tmp

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\ProgramData\apn"

Successfully deleted: [Folder] "C:\ProgramData\babylon"

Successfully deleted: [Folder] "C:\ProgramData\big fish games"

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"

Successfully deleted: [Folder] "C:\ProgramData\uniblue\driverscanner"

Successfully deleted: [Folder] "C:\Users\jeanne\AppData\Roaming\complitly"

Successfully deleted: [Folder] "C:\Users\jeanne\AppData\Roaming\search protection"

Successfully deleted: [Folder] "C:\Users\jeanne\appdata\local\apn"

Successfully deleted: [Folder] "C:\Users\jeanne\appdata\local\conduit"

Successfully deleted: [Folder] "C:\Users\jeanne\appdata\local\tempdir"

Successfully deleted: [Folder] "C:\Users\jeanne\appdata\local\wondershare"

Successfully deleted: [Folder] "C:\Users\jeanne\appdata\locallow\bittorrentbar"

Successfully deleted: [Folder] "C:\Users\jeanne\appdata\locallow\boost_interprocess"

Successfully deleted: [Folder] "C:\Users\jeanne\appdata\locallow\conduit"

Successfully deleted: [Folder] "C:\Users\jeanne\appdata\locallow\pricegong"

Successfully deleted: [Folder] "C:\Users\jeanne\appdata\locallow\searchresultstb"

Successfully deleted: [Folder] "C:\Program Files (x86)\bittorrentbar"

Successfully deleted: [Folder] "C:\Program Files (x86)\complitly"

Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"

Successfully deleted: [Folder] "C:\Program Files (x86)\speeditup free"

Successfully deleted: [Folder] "C:\Program Files (x86)\wondershare"

Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\wondershare"

Successfully deleted: [Folder] "C:\ai_recyclebin"

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"

Successfully deleted: [Empty Folder] C:\Users\jeanne\appdata\local\{042C8D68-7CB9-4302-B456-BA88499D9975}

Successfully deleted: [Empty Folder] C:\Users\jeanne\appdata\local\{04985EE0-D799-4DE3-A0DE-90CD4DD01706}

Successfully deleted: [Empty Folder] C:\Users\jeanne\appdata\local\{27C6F1C9-900B-4B67-802C-9EF4B487BD2C}

Successfully deleted: [Empty Folder] C:\Users\jeanne\appdata\local\{4797B5EA-176F-4A62-9B8C-A2B9FB8AD200}

Successfully deleted: [Empty Folder] C:\Users\jeanne\appdata\local\{507D2583-69EF-4248-BCC5-0C28B0D13EC9}

Successfully deleted: [Empty Folder] C:\Users\jeanne\appdata\local\{6F81ABEB-67E4-4622-A0B6-6712312AEAEE}

Successfully deleted: [Empty Folder] C:\Users\jeanne\appdata\local\{72908AB3-14F1-4934-B5A8-D1909E5B5947}

Successfully deleted: [Empty Folder] C:\Users\jeanne\appdata\local\{8983C19A-891A-4F55-AC83-75A815B8E9BE}

Successfully deleted: [Empty Folder] C:\Users\jeanne\appdata\local\{916FC89C-CC89-40C9-94D3-06C69CAEC4E8}

Successfully deleted: [Empty Folder] C:\Users\jeanne\appdata\local\{965C19F5-32EE-4BDA-84AD-828185E6CD95}

Successfully deleted: [Empty Folder] C:\Users\jeanne\appdata\local\{A8D759F5-9BB0-4260-9035-B30B444A6905}

Successfully deleted: [Empty Folder] C:\Users\jeanne\appdata\local\{AC619795-7687-432F-954F-92D785DFB1A6}

Successfully deleted: [Empty Folder] C:\Users\jeanne\appdata\local\{B16CD708-7D5B-42C0-8B9D-ECA6338B4A0B}

Successfully deleted: [Empty Folder] C:\Users\jeanne\appdata\local\{BA029FDF-7C0C-4250-9AA9-BEE579D951E8}

Successfully deleted: [Empty Folder] C:\Users\jeanne\appdata\local\{BCAD7F06-56D1-4DDA-BF70-96DC0EB18ED2}

Successfully deleted: [Empty Folder] C:\Users\jeanne\appdata\local\{CCB569D8-6065-42C3-B652-4381747D1460}

Successfully deleted: [Empty Folder] C:\Users\jeanne\appdata\local\{DC80A956-C94E-489A-A205-97674C6276C9}

Successfully deleted: [Empty Folder] C:\Users\jeanne\appdata\local\{E1896F02-3C20-4DC0-A456-DAC55605A5B8}

Successfully deleted: [Empty Folder] C:\Users\jeanne\appdata\local\{EC84638A-048E-4E20-AA72-A5CAFF267F93}

Successfully deleted: [Empty Folder] C:\Users\jeanne\appdata\local\{F2E7D4B2-AC7F-4BD1-AED9-3E85AB27CB5D}

Successfully deleted: [Empty Folder] C:\Users\jeanne\appdata\local\{F4738589-584B-4603-8FB5-0D4094D6E961}

Successfully deleted: [Folder] "C:\ProgramData\ask"

Successfully deleted: [Folder] "C:\ProgramData\AskPartnerNetwork"

Successfully deleted: [Folder] "C:\Program Files (x86)\askpartnernetwork"

 

 

 

~~~ FireFox

 

Failed to delete: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\ask.xml"

Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\ask.xml"

Successfully deleted: [File] C:\Users\jeanne\AppData\Roaming\mozilla\firefox\profiles\kfl0cu6i.default\user.js

Successfully deleted: [File] C:\Users\jeanne\AppData\Roaming\mozilla\firefox\profiles\kfl0cu6i.default\invalidprefs.js

Successfully deleted: [File] C:\Users\jeanne\AppData\Roaming\mozilla\firefox\profiles\kfl0cu6i.default\searchplugins\babylon.xml

Successfully deleted: [File] C:\Users\jeanne\AppData\Roaming\mozilla\firefox\profiles\kfl0cu6i.default\searchplugins\delta.xml

Successfully deleted the following from C:\Users\jeanne\AppData\Roaming\mozilla\firefox\profiles\kfl0cu6i.default\prefs.js

 

user_pref("extensions.520913cc31384.scode", "if(window.self==window.top){var script=document.createElement(\"script\");script.type=\"text/javascript\";script.src=\"//cdncache-

user_pref("extensions.crossrider.bic", "13adc01871ba8e8250eedf3086dd7e0d");

user_pref("extensions.delta.admin", false);

user_pref("extensions.delta.aflt", "babsst");

user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");

user_pref("extensions.delta.autoRvrt", "false");

user_pref("extensions.delta.dfltLng", "en");

user_pref("extensions.delta.excTlbr", false);

user_pref("extensions.delta.ffxUnstlRst", true);

user_pref("extensions.delta.id", "4e0bc4c6000000000000e4115bf4d07b");

user_pref("extensions.delta.instlDay", "15888");

user_pref("extensions.delta.instlRef", "sst");

user_pref("extensions.delta.newTab", false);

user_pref("extensions.delta.prdct", "delta");

user_pref("extensions.delta.prtnrId", "delta");

user_pref("extensions.delta.rvrt", "false");

user_pref("extensions.delta.smplGrp", "none");

user_pref("extensions.delta.tlbrId", "base");

user_pref("extensions.delta.tlbrSrchUrl", "");

user_pref("extensions.delta.vrsn", "1.8.21.5");

user_pref("extensions.delta.vrsnTs", "1.8.21.523:50:27");

user_pref("extensions.delta.vrsni", "1.8.21.5");

user_pref("extensions.delta_i.babExt", "");

user_pref("extensions.delta_i.babTrack", "affID=119351&tsp=4931");

user_pref("extensions.delta_i.srcExt", "ss");

user_pref("extensions.ffxtlbr@delta.com.install-event-fired", true);

user_pref("extensions.ffxtlbr@searchya.com.install-event-fired", true);

user_pref("extensions.searchya.aflt", "dnldyho");

user_pref("extensions.searchya.appId", "{1973277F-87B0-4EA3-9ED2-470A91D284CF}");

user_pref("extensions.searchya.cntry", "US");

user_pref("extensions.searchya.dfltLng", "");

user_pref("extensions.searchya.dfltSrch", true);

user_pref("extensions.searchya.dnsErr", true);

user_pref("extensions.searchya.excTlbr", false);

user_pref("extensions.searchya.hdrMd5", "F6E38DDFF62170E7E9B9C58D2B58AE2B");

user_pref("extensions.searchya.hmpg", true);


user_pref("extensions.searchya.id", "E4115BF4D07BC4C6");

user_pref("extensions.searchya.instlDay", "15754");

user_pref("extensions.searchya.instlRef", "");

user_pref("extensions.searchya.lastVrsnTs", "1.8.8.08:28:58");


user_pref("extensions.searchya.pnu_base", "{\"newVrsn\":\"35\",\"lastVrsn\":\"35\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"

user_pref("extensions.searchya.prdct", "searchya");

user_pref("extensions.searchya.prtnrId", "searchya");

user_pref("extensions.searchya.sg", "none");

user_pref("extensions.searchya.srchPrvdr", "SearchYa!");

user_pref("extensions.searchya.tlbrId", "base");


user_pref("extensions.searchya.vrsn", "1.8.8.0");

user_pref("extensions.searchya.vrsni", "1.8.8.0");

user_pref("extensions.searchya_i.hmpg", true);

user_pref("extensions.searchya_i.newTab", false);

user_pref("extensions.searchya_i.smplGrp", "none");

user_pref("extensions.searchya_i.vrsnTs", "1.8.8.08:28:58");

Emptied folder: C:\Users\jeanne\AppData\Roaming\mozilla\firefox\profiles\kfl0cu6i.default\minidumps [77 files]

 

 

 

~~~ Chrome

 

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\extensioninstallforcelist [blacklisted Policy]

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Tue 08/20/2013 at  0:21:50.22

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Link to post
Share on other sites

# AdwCleaner v2.306 - Logfile created 08/20/2013 at 00:25:27

# Updated 19/07/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : jeanne - JEANNE-HP

# Boot Mode : Normal

# Running from : C:\Users\jeanne\Downloads\AdwCleaner.exe

# Option [Delete]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml

Folder Deleted : C:\Program Files (x86)\AVG Secure Search

Folder Deleted : C:\Program Files (x86)\FLV_Runner_B

Folder Deleted : C:\ProgramData\AVG Secure Search

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAudiix

Folder Deleted : C:\ProgramData\VAudiix

Folder Deleted : C:\Users\jeanne\AppData\Local\AVG Secure Search

Folder Deleted : C:\Users\jeanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\agobalbmnolaabhclobjgikfdmgklfmk

Folder Deleted : C:\Users\jeanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

Folder Deleted : C:\Users\jeanne\AppData\Local\PackageAware

Folder Deleted : C:\Users\jeanne\AppData\Local\Temp\APN

Folder Deleted : C:\Users\jeanne\AppData\LocalLow\AVG Secure Search

Folder Deleted : C:\Users\jeanne\AppData\LocalLow\FLV_Runner_B

Folder Deleted : C:\Users\jeanne\AppData\Roaming\Mozilla\Firefox\Profiles\kfl0cu6i.default\extensions\lsjy1uy@jhkbmoaoi.com

Folder Deleted : C:\Users\jeanne\AppData\Roaming\SearchYa

 

***** [Registry] *****

 

Key Deleted : HKCU\Software\AppDataLow\Software\FLV_Runner_B

Key Deleted : HKCU\Software\Ask&Record

Key Deleted : HKCU\Software\AVG Secure Search

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6EC5B552-6D23-4E05-A153-32AA26F7D9E8}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6EC5B552-6D23-4E05-A153-32AA26F7D9E8}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8807455B-2A3A-48F6-841D-59743F106777}

Key Deleted : HKCU\Software\searchya

Key Deleted : HKCU\Software\searchya.com

Key Deleted : HKCU\Software\SmartbarLog

Key Deleted : HKLM\Software\AVG Secure Search

Key Deleted : HKLM\Software\AVG Security Toolbar

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{15F6BCB7-BB0F-4A66-8762-4765B05597EB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1973277F-87B0-4EA3-9ED2-470A91D284CF}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{15F6BCB7-BB0F-4A66-8762-4765B05597EB}

Key Deleted : HKLM\Software\DataMngr

Key Deleted : HKLM\Software\FLV_Runner_B

Key Deleted : HKLM\Software\InfoAtoms

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8807455B-2A3A-48F6-841D-59743F106777}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Deleted : HKLM\Software\SimplyGen

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6EC5B552-6D23-4E05-A153-32AA26F7D9E8}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8807455B-2A3A-48F6-841D-59743F106777}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5AF34110-FE32-4AF5-A79A-911A61A05F65}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{805D6DCC-B5F9-4F13-905E-1FD084C2A639}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{819DC4CA-4FFF-4C2E-800D-F346471D99BC}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EC5B552-6D23-4E05-A153-32AA26F7D9E8}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FLV_Runner_B Toolbar

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Tarma Installer

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{6EC5B552-6D23-4E05-A153-32AA26F7D9E8}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{6EC5B552-6D23-4E05-A153-32AA26F7D9E8}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{6EC5B552-6D23-4E05-A153-32AA26F7D9E8}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{6EC5B552-6D23-4E05-A153-32AA26F7D9E8}]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v10.0.9200.16660

 

[OK] Registry is clean.

 

-\\ Mozilla Firefox v23.0.1 (en-US)

 

File : C:\Users\jeanne\AppData\Roaming\Mozilla\Firefox\Profiles\kfl0cu6i.default\prefs.js

 

Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\15.5.0.2");

Deleted : user_pref("extensions.520913cc31384.scode", "if(window.self==window.top){var script=document.createE[...]

Deleted : user_pref("extensions.searchya.pnu_base", "{\"newVrsn\":\"35\",\"lastVrsn\":\"35\",\"vrsnLoad\":\"\"[...]

Deleted : user_pref("extensions.toolbar_ATU4-V7@apn.ask.com.install-event-fired", true);

 

-\\ Google Chrome v28.0.1500.95

 

File : C:\Users\jeanne\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

[OK] File is clean.

 

-\\ Opera v12.16.1860.0

 

File : C:\Users\jeanne\AppData\Roaming\Opera\Opera\operaprefs.ini

 

[OK] File is clean.

 

*************************

 

AdwCleaner[s1].txt - [9872 octets] - [20/08/2013 00:25:27]

 

########## EOF - C:\AdwCleaner[s1].txt - [9932 octets] ##########
Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-08-2013 03

Ran by jeanne (administrator) on 20-08-2013 09:01:29

Running from C:\Users\jeanne\Downloads

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 10

Boot Mode: Normal

 

==================== Processes (Whitelisted) =================

 

(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

(GorMedia, Inc.) C:\Windows\syswow64\MxKsPumper.exe

() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Microsoft Corporation) C:\Windows\System32\StikyNot.exe

() C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe

(BitTorrent Inc.) C:\Users\jeanne\AppData\Roaming\BitTorrent\BitTorrent.exe

() C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Dropbox, Inc.) C:\Users\jeanne\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Google Inc.) C:\Users\jeanne\AppData\Local\Google\Update\1.3.21.153\GoogleCrashHandler.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

(Google Inc.) C:\Users\jeanne\AppData\Local\Google\Update\1.3.21.153\GoogleCrashHandler64.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Google Inc.) C:\Users\jeanne\AppData\Local\Google\Chrome\Application\chrome.exe

(RPA Technology) C:\Program Files (x86)\Air Mouse\Air Mouse\Mobile Mouse Service.exe

(Google Inc.) C:\Users\jeanne\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\jeanne\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\jeanne\AppData\Local\Google\Chrome\Application\chrome.exe

(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe

(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe

(VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe

(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe

(Google Inc.) C:\Users\jeanne\AppData\Local\Google\Chrome\Application\chrome.exe

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7466600 2011-09-15] (Realtek Semiconductor)

HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-21] (Hewlett-Packard Company)

HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)

HKCU\...\Run: [iFunBoxConnector] - C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe [812544 2013-02-01] ()

HKCU\...\Run: [Google Update] - C:\Users\jeanne\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-02-01] (Google Inc.)

HKCU\...\Run: [bitTorrent] - C:\Users\jeanne\AppData\Roaming\BitTorrent\BitTorrent.exe [1126488 2013-08-08] (BitTorrent Inc.)

HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)

HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2011-01-27] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [574008 2011-07-11] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411440 2013-07-01] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)

HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-07-01] (RealNetworks, Inc.)

HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Air Mouse.lnk

ShortcutTarget: Air Mouse.lnk -> C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe ()

Startup: C:\Users\jeanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\jeanne\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)

SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com?type=714647&fr=spigot-yhp-ie

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mifi.admin/


URLSearchHook: (No Name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} -  No File

URLSearchHook: (No Name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} -  No File

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}

SearchScopes: HKLM - {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.searchya.com/?q={searchTerms}&f=4&a=dnldyho&cd=2XzuyEtN2Y1L1Qzu0EyEtCtCyD0B0FyE0DtDyB0B0CyE0CyCtN0D0Tzu0CyEtCyEtN1L2XzutBtFtBtFtCtFyEyBzztN1L1Czu1Q1G1I1Q2U1M1F&cr=1519142129&ir=

SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}

SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}

SearchScopes: HKCU - {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = 

BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)

BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

BHO-x32: Photopos Toolbar - {59509308-4e15-4619-8e8d-0154e1588cdd} - C:\Program Files (x86)\photopostb\photoposDx.dll ()

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM-x32 - BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll No File

Toolbar: HKLM-x32 - Photopos Toolbar - {59509308-4e15-4619-8e8d-0154e1588cdd} - C:\Program Files (x86)\photopostb\photoposDx.dll ()

Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

FireFox:

========

FF ProfilePath: C:\Users\jeanne\AppData\Roaming\Mozilla\Firefox\Profiles\kfl0cu6i.default

FF SelectedSearchEngine: Yahoo



FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()

FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF Plugin: @java.com/DTPlugin,version=10.4.0 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.4.0 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin-x32: @real.com/nppl3260;version=16.0.2.32 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprpplugin;version=16.0.2.32 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)

FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)

FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\jeanne\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\jeanne\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\jeanne\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: LWA64Plugin15.7 - C:\Users\jeanne\AppData\Roaming\Mozilla\Plugins\npLWA64Plugin15.7.dll (Microsoft Corporation)

FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF SearchPlugin: C:\Users\jeanne\AppData\Roaming\Mozilla\Firefox\Profiles\kfl0cu6i.default\searchplugins\bingp.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\photopostb.xml

FF Extension: No Name - C:\Users\jeanne\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com

FF Extension: HP Detect - C:\Users\jeanne\AppData\Roaming\Mozilla\Firefox\Profiles\kfl0cu6i.default\Extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}

FF Extension: testpilot - C:\Users\jeanne\AppData\Roaming\Mozilla\Firefox\Profiles\kfl0cu6i.default\Extensions\testpilot@labs.mozilla.com.xpi

FF Extension: toolbar_ATU4-V7 - C:\Users\jeanne\AppData\Roaming\Mozilla\Firefox\Profiles\kfl0cu6i.default\Extensions\toolbar_ATU4-V7@apn.ask.com.xpi

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5

FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5

FF HKLM-x32\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\

FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\

 

Chrome: 

=======


CHR RestoreOnStartup: "https://www.facebook.com/"


CHR DefaultSuggestURL: (Yahoo!) - http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}

CHR Plugin: (Shockwave Flash) - C:\Users\jeanne\AppData\Local\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Users\jeanne\AppData\Local\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Users\jeanne\AppData\Local\Google\Chrome\Application\28.0.1500.95\pdf.dll ()

CHR Plugin: (Skype Click to Call) - C:\Users\jeanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.11.0.9874_0\npSkypeChromePlugin.dll No File

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)

CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll (RealPlayer)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File

CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Users\jeanne\AppData\Roaming\Mozilla\plugins\np-mswmp.dll (Microsoft Corporation)

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll No File

CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

CHR Plugin: (Java Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)

CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (RealNetworks RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)

CHR Plugin: (RealNetworks RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)

CHR Plugin: (RealNetworks RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)

CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)

CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\jeanne\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

CHR Plugin: (Google Update) - C:\Users\jeanne\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File

CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File

CHR Extension: (Angry Birds) - C:\Users\jeanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0

CHR Extension: (TV) - C:\Users\jeanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh\1.0.12_0

CHR Extension: (VUDU Movies) - C:\Users\jeanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\daomabnenlgkenegngdblacoobnncgib\2.0.0.2_0

CHR Extension: (Watch TV Online - Clickplayer.tv) - C:\Users\jeanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\flmfboagenlcnkidkjodenlgihdbkipj\6.3_0

CHR Extension: (Bart Simpson Dressup) - C:\Users\jeanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbgjplckadbmknaljcodfhoelklhdnoe\1.0.3_0

CHR Extension: (Flixster) - C:\Users\jeanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgbpjlnkjhllfgfdmieompodgaefjcfh\1.0.6_0

CHR Extension: (Crackle) - C:\Users\jeanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic\7.1.7_0

CHR Extension: (RealDownloader) - C:\Users\jeanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.2_0

CHR Extension: (World of Solitaire) - C:\Users\jeanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifbnllnaaaohekjkcpfdllhhjijnidgn\1.0.1_0

CHR Extension: (KIDO'Z TV) - C:\Users\jeanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\jokdeafnhahffanabnbjjjjmoechjklc\2.2_0

CHR Extension: (Word War) - C:\Users\jeanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kabpecppkafpeglblchgegjlajhdiidh\1_0

CHR Extension: (Webcam Toy) - C:\Users\jeanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade\1.4_0

CHR Extension: (Skype Click to Call) - C:\Users\jeanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0

CHR Extension: (Plants vs Zombies) - C:\Users\jeanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0

CHR Extension: (Angry Birds) - C:\Users\jeanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nllkkflncainlmehooebdaodggehpknh\1.0_0

CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\jeanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0

CHR Extension: (Find Sponge Bob) - C:\Users\jeanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppbecpleglieaijnfimdjpdjikfgblab\1.0.2_0

CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx

CHR HKLM-x32\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\Users\jeanne\AppData\Local\Temp\ccex.crx

CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx

 

==================== Services (Whitelisted) =================

 

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)

R2 MxKsPumper; C:\Windows\syswow64\MxKsPumper.exe [130976 2011-07-21] (GorMedia, Inc.)

R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()

S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)

R2 vToolbarUpdater15.5.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [1643184 2013-08-15] (AVG Secure Search)

 

==================== Drivers (Whitelisted) ====================

 

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)

R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)

R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)

R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)

R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-07-10] (AVG Technologies CZ, s.r.o.)

R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)

R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-08-15] (AVG Technologies)

R3 cbfs3; C:\Windows\System32\DRIVERS\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

R3 MxCamKsFilter; C:\Windows\System32\DRIVERS\MxCamUFilterDrv.sys [14752 2011-07-21] (GorMedia, Inc.)

R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)

S3 clwvd; system32\DRIVERS\clwvd.sys [x]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2013-08-20 09:01 - 2013-08-20 09:01 - 00000000 ____D C:\FRST

2013-08-20 00:33 - 2013-08-20 00:33 - 02347384 _____ (ESET) C:\Users\jeanne\Downloads\esetsmartinstaller_enu.exe

2013-08-20 00:33 - 2013-08-20 00:33 - 00000000 ____D C:\Program Files (x86)\ESET

2013-08-20 00:25 - 2013-08-20 00:26 - 00009965 _____ C:\AdwCleaner[s1].txt

2013-08-20 00:25 - 2013-08-20 00:26 - 00000121 _____ C:\Windows\DeleteOnReboot.bat

2013-08-20 00:25 - 2013-08-20 00:25 - 00666633 _____ C:\Users\jeanne\Downloads\AdwCleaner.exe

2013-08-20 00:24 - 2013-08-20 00:24 - 00001081 _____ C:\Users\jeanne\Desktop\Continue Download Helper Installation.lnk

2013-08-20 00:21 - 2013-08-20 00:21 - 00023930 _____ C:\Users\jeanne\Desktop\JRT.txt

2013-08-20 00:10 - 2013-08-20 00:10 - 00000000 ____D C:\Windows\ERUNT

2013-08-19 23:12 - 2013-08-20 00:07 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2013-08-19 23:10 - 2013-08-20 00:07 - 00000000 ____D C:\Users\jeanne\Desktop\mbar

2013-08-19 23:08 - 2013-08-19 23:09 - 01018949 _____ (Thisisu) C:\Users\jeanne\Downloads\JRT.exe

2013-08-19 23:07 - 2013-08-19 23:09 - 00000000 ____D C:\Users\jeanne\Desktop\RK_Quarantine

2013-08-19 23:07 - 2013-08-19 23:07 - 12081912 _____ (Malwarebytes Corp.) C:\Users\jeanne\Downloads\mbar-1.06.1.1005.exe

2013-08-19 23:05 - 2013-08-19 23:06 - 03814400 _____ C:\Users\jeanne\Downloads\RogueKillerX64.exe

2013-08-19 23:05 - 2013-08-19 23:05 - 00000000 ____D C:\Windows\ERDNT

2013-08-19 23:04 - 2013-08-19 23:04 - 00000884 _____ C:\Users\jeanne\Desktop\NTREGOPT.lnk

2013-08-19 23:04 - 2013-08-19 23:04 - 00000865 _____ C:\Users\jeanne\Desktop\ERUNT.lnk

2013-08-19 23:04 - 2013-08-19 23:04 - 00000000 ____D C:\Program Files (x86)\ERUNT

2013-08-19 22:59 - 2013-08-19 23:00 - 00791393 _____ (Lars Hederer                                                ) C:\Users\jeanne\Downloads\erunt-setup.exe

2013-08-19 21:17 - 2013-08-19 21:19 - 00000000 ____D C:\Users\jeanne\Downloads\Switched at Birth S02E21 HDTV x264-ASAP[ettv]

2013-08-19 21:17 - 2013-08-19 21:18 - 00000000 ____D C:\Users\jeanne\Downloads\Under the Domen S01E09 HDTV x264-LOL[ettv]

2013-08-19 19:15 - 2013-08-19 19:15 - 00000000 ____D C:\Users\jeanne\AppData\Roaming\Malwarebytes

2013-08-19 19:14 - 2013-08-19 19:14 - 00001069 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-08-19 19:14 - 2013-08-19 19:14 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-08-19 19:14 - 2013-08-19 19:14 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-08-19 19:14 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2013-08-19 19:13 - 2013-08-19 19:14 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\jeanne\Downloads\mbam-setup-1.75.0.1300 (1).exe

2013-08-19 19:13 - 2013-08-19 19:13 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\jeanne\Downloads\mbam-setup-1.75.0.1300.exe

2013-08-18 23:28 - 2013-08-19 00:48 - 00000000 ____D C:\Users\jeanne\Downloads\Ray Donovan S01E08 HDTV x264-ASAP[ettv]

2013-08-18 22:14 - 2013-08-18 22:15 - 00000000 ____D C:\Users\jeanne\Downloads\Dexter S08E08 HDTV x264-ASAP[ettv]

2013-08-18 21:08 - 2013-08-18 21:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-08-18 20:56 - 2013-08-18 20:58 - 00000000 ____D C:\Users\jeanne\Downloads\True Blood S06E10 Radioactive WEB-DL XviD-FUM[ettv]

2013-08-18 03:21 - 2013-08-18 03:22 - 00000000 ____D C:\Users\jeanne\Downloads\Arctic Monkeys - Suck It And See (2011) (320kbps) DutchReleaseTeam

2013-08-18 03:21 - 2013-08-18 03:21 - 00000000 ____D C:\Users\jeanne\Downloads\Arctic Monkeys - Black Treacle (Single) 2012

2013-08-18 03:11 - 2013-08-18 03:11 - 00001146 _____ C:\Users\Public\Desktop\aTube Catcher.lnk

2013-08-18 03:10 - 2013-06-06 16:41 - 00489392 _____ (Ask Partner Network) C:\Users\jeanne\Documents\APNSetup.exe

2013-08-17 23:30 - 2013-08-17 23:30 - 00000000 ____D C:\Users\jeanne\Downloads\Cedar Cove S01E05 HDTV x264-2HD[ettv]

2013-08-16 22:00 - 2013-08-16 22:08 - 156863116 _____ C:\Users\jeanne\Downloads\Web.Therapy.S03E01.HDTV.x264-EVOLVE.mp4

2013-08-16 22:00 - 2013-08-16 22:04 - 135941844 _____ C:\Users\jeanne\Downloads\Web.Therapy.S03E02.HDTV.x264-EVOLVE.mp4

2013-08-16 22:00 - 2013-08-16 22:03 - 123408770 _____ C:\Users\jeanne\Downloads\Web.Therapy.S03E04.HDTV.x264-ASAP.mp4

2013-08-16 22:00 - 2013-08-16 22:00 - 00000000 ____D C:\Users\jeanne\Downloads\Web.Therapy.S03E03.720p.HDTV.x264-EVOLVE [PublicHD]

2013-08-15 23:19 - 2013-08-20 00:30 - 00003212 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-555411451-2527714722-2404825438-1000

2013-08-15 03:11 - 2013-07-26 01:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-08-15 03:11 - 2013-07-26 01:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-08-15 03:11 - 2013-07-26 01:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-08-15 03:11 - 2013-07-26 01:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-08-15 03:11 - 2013-07-26 01:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-08-15 03:11 - 2013-07-26 01:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-08-15 03:11 - 2013-07-26 01:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-08-15 03:11 - 2013-07-26 01:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-08-15 03:11 - 2013-07-26 01:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-08-15 03:11 - 2013-07-26 01:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-08-15 03:11 - 2013-07-26 01:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-08-15 03:11 - 2013-07-26 01:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-08-15 03:11 - 2013-07-26 01:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-08-15 03:11 - 2013-07-26 01:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-08-15 03:11 - 2013-07-25 23:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-08-15 03:11 - 2013-07-25 23:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-08-15 03:11 - 2013-07-25 23:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-08-15 03:11 - 2013-07-25 23:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-08-15 03:11 - 2013-07-25 23:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-08-15 03:11 - 2013-07-25 23:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-08-15 03:11 - 2013-07-25 23:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-08-15 03:11 - 2013-07-25 23:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-08-15 03:11 - 2013-07-25 23:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-08-15 03:11 - 2013-07-25 23:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-08-15 03:11 - 2013-07-25 23:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-08-15 03:11 - 2013-07-25 23:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-08-15 03:11 - 2013-07-25 23:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-08-15 03:11 - 2013-07-25 23:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-08-15 03:11 - 2013-07-25 22:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-08-15 03:11 - 2013-07-25 22:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-08-15 03:11 - 2013-07-25 21:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-08-15 03:01 - 2013-08-15 03:01 - 00000000 ____D C:\Windows\system32\MRT

2013-08-15 01:15 - 2013-08-15 01:39 - 00000000 ____D C:\Users\jeanne\Downloads\Necessary.Roughness.S03E09.HDTV.XviD-AFG

2013-08-14 21:26 - 2013-07-25 05:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL

2013-08-14 21:26 - 2013-07-25 04:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL

2013-08-14 21:26 - 2013-07-18 21:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2013-08-14 21:26 - 2013-07-18 21:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2013-08-14 21:26 - 2013-07-09 02:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2013-08-14 21:26 - 2013-07-09 01:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2013-08-14 21:26 - 2013-07-09 01:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2013-08-14 21:26 - 2013-07-09 01:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll

2013-08-14 21:26 - 2013-07-09 01:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2013-08-14 21:26 - 2013-07-09 01:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2013-08-14 21:26 - 2013-07-09 01:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll

2013-08-14 21:26 - 2013-07-09 01:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll

2013-08-14 21:26 - 2013-07-09 01:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2013-08-14 21:26 - 2013-07-09 01:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2013-08-14 21:26 - 2013-07-09 00:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2013-08-14 21:26 - 2013-07-09 00:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2013-08-14 21:26 - 2013-07-09 00:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll

2013-08-14 21:26 - 2013-07-09 00:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2013-08-14 21:26 - 2013-07-09 00:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll

2013-08-14 21:26 - 2013-07-09 00:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

2013-08-14 21:26 - 2013-07-08 22:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2013-08-14 21:25 - 2013-07-09 00:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2013-08-14 21:25 - 2013-07-08 22:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2013-08-14 21:25 - 2013-07-08 22:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2013-08-14 21:25 - 2013-07-08 22:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2013-08-14 21:25 - 2013-07-06 02:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2013-08-14 21:25 - 2013-06-15 00:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

2013-08-13 11:49 - 2013-08-13 11:50 - 00000000 ____D C:\Users\jeanne\Downloads\Mythbusters S12 Breaking Bad Special INTERNAL HDTV x264-KILLERS[ettv]

2013-08-12 12:57 - 2013-08-12 12:57 - 00000000 ____D C:\ProgramData\StarApp

2013-08-12 12:55 - 2013-08-12 12:57 - 00000000 ____D C:\ProgramData\InstallMate

2013-08-12 00:49 - 2013-08-12 00:57 - 00000000 ____D C:\Users\jeanne\Downloads\Ray Donovan S01E07 HDTV x264-ASAP[ettv]

2013-08-12 00:18 - 2013-08-12 00:24 - 00000000 ____D C:\Users\jeanne\Downloads\Drop Dead Diva S05E08 HDTV x264-ASAP[ettv]

2013-08-12 00:00 - 2013-08-12 00:09 - 00000000 ____D C:\Users\jeanne\Downloads\Dexter S08E07 HDTV x264-ASAP[ettv]

2013-08-12 00:00 - 2013-08-12 00:01 - 00000000 ____D C:\Users\jeanne\Downloads\True Blood S06E09 Life Matters WEB DL XviD-FUM[ettv]

2013-08-09 21:44 - 2013-08-20 00:30 - 00003344 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-555411451-2527714722-2404825438-1000

2013-08-09 21:20 - 2013-08-09 21:20 - 00012193 _____ C:\Users\jeanne\Downloads\images-2.jpeg

2013-08-09 21:20 - 2013-08-09 21:20 - 00009198 _____ C:\Users\jeanne\Downloads\images-1.jpeg

2013-08-09 21:19 - 2013-08-09 21:19 - 00011309 _____ C:\Users\jeanne\Downloads\images.jpeg

2013-08-09 20:19 - 2013-08-20 00:28 - 00224044 _____ C:\Windows\PFRO.log

2013-08-08 23:38 - 2013-08-09 03:26 - 00000000 ____D C:\Users\jeanne\AppData\Local\DolphinViewer3

2013-08-08 23:38 - 2013-08-08 23:40 - 00000000 ____D C:\Users\jeanne\AppData\Roaming\DolphinViewer3

2013-08-08 12:13 - 2013-08-08 12:13 - 00001227 _____ C:\Users\Public\Desktop\Dolphin Viewer 3.lnk

2013-08-08 12:12 - 2013-08-08 12:13 - 00000000 ____D C:\Program Files (x86)\DolphinViewer3

2013-08-08 02:58 - 2013-08-08 03:09 - 00000000 ____D C:\Users\jeanne\Downloads\Necessary Roughness S03E08 HDTV XviD-FUM[ettv]

2013-08-08 00:41 - 2013-08-08 00:41 - 00000873 _____ C:\Users\jeanne\Desktop\BitTorrent.lnk

2013-08-08 00:41 - 2013-08-08 00:41 - 00000853 _____ C:\Users\jeanne\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk

2013-08-01 19:03 - 2013-08-05 00:06 - 00000000 ____D C:\Users\jeanne\Downloads\The Haves and the Have Nots S01E01 HDTV x264-ASAP[ettv]

2013-07-31 14:41 - 2013-07-31 14:41 - 141932924 _____ C:\Users\jeanne\Downloads\bvideo.mp4

2013-07-29 19:36 - 2013-08-20 00:28 - 00000896 _____ C:\Windows\setupact.log

2013-07-29 19:36 - 2013-07-29 19:36 - 00000000 _____ C:\Windows\setuperr.log

2013-07-27 21:44 - 2013-08-08 00:40 - 00000000 _____ C:\conversation.log

2013-07-27 21:43 - 2013-08-18 02:04 - 00000000 ____D C:\Users\jeanne\AppData\Local\Firestorm

2013-07-27 21:43 - 2013-07-27 21:45 - 00000000 ____D C:\Users\jeanne\AppData\Roaming\Firestorm

2013-07-27 21:39 - 2013-07-27 21:39 - 00001277 _____ C:\Users\Public\Desktop\Firestorm-Release.lnk

2013-07-27 21:37 - 2013-07-27 21:39 - 00000000 ____D C:\Program Files (x86)\Firestorm-Release

2013-07-26 01:59 - 2013-07-26 01:59 - 00002978 _____ C:\Windows\System32\Tasks\{CDE12549-DCC0-4145-B5AB-B154A74E4D21}

2013-07-25 02:19 - 2013-08-08 12:04 - 00000000 ____D C:\Users\jeanne\AppData\Local\SecondLife

2013-07-25 02:19 - 2013-08-08 08:44 - 00000000 ____D C:\Program Files (x86)\SecondLifeViewer

2013-07-25 02:19 - 2013-08-08 00:42 - 00001085 _____ C:\Users\Public\Desktop\Second Life Viewer.lnk

2013-07-25 02:19 - 2013-07-25 02:21 - 00000000 ____D C:\Users\jeanne\AppData\Roaming\SecondLife

2013-07-25 02:03 - 2013-07-25 02:06 - 00700144 _____ C:\Users\jeanne\Downloads\Second_Life_Setup.exe

 

==================== One Month Modified Files and Folders =======

 

2013-08-20 09:01 - 2013-08-20 09:01 - 01576196 _____ (Farbar) C:\Users\jeanne\Downloads\FRST64.exe

2013-08-20 09:01 - 2013-08-20 09:01 - 00000000 ____D C:\FRST

2013-08-20 09:00 - 2012-03-08 04:23 - 00000000 ____D C:\Users\jeanne\AppData\Roaming\BitTorrent

2013-08-20 08:30 - 2012-02-01 14:02 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-555411451-2527714722-2404825438-1000UA.job

2013-08-20 08:20 - 2012-06-10 23:09 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-08-20 02:38 - 2012-01-13 21:26 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{2330D4A8-255B-48FC-9702-AF4B8C85E825}

2013-08-20 02:15 - 2011-12-17 06:04 - 01782163 _____ C:\Windows\WindowsUpdate.log

2013-08-20 01:18 - 2012-03-27 19:51 - 00000000 ____D C:\Users\jeanne\AppData\Roaming\Skype

2013-08-20 01:08 - 2012-01-17 10:17 - 00000000 ____D C:\Users\jeanne\AppData\Roaming\vlc

2013-08-20 00:37 - 2009-07-14 00:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-08-20 00:37 - 2009-07-14 00:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-08-20 00:33 - 2013-08-20 00:33 - 02347384 _____ (ESET) C:\Users\jeanne\Downloads\esetsmartinstaller_enu.exe

2013-08-20 00:33 - 2013-08-20 00:33 - 00000000 ____D C:\Program Files (x86)\ESET

2013-08-20 00:31 - 2013-04-10 14:44 - 00000000 ____D C:\Users\jeanne\AppData\Roaming\Dropbox

2013-08-20 00:30 - 2013-08-15 23:19 - 00003212 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-555411451-2527714722-2404825438-1000

2013-08-20 00:30 - 2013-08-09 21:44 - 00003344 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-555411451-2527714722-2404825438-1000

2013-08-20 00:30 - 2013-04-10 14:47 - 00000000 ___RD C:\Users\jeanne\Dropbox

2013-08-20 00:29 - 2013-06-07 22:48 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job

2013-08-20 00:29 - 2013-06-05 11:03 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job

2013-08-20 00:28 - 2013-08-09 20:19 - 00224044 _____ C:\Windows\PFRO.log

2013-08-20 00:28 - 2013-07-29 19:36 - 00000896 _____ C:\Windows\setupact.log

2013-08-20 00:28 - 2012-06-10 23:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2013-08-20 00:28 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-08-20 00:26 - 2013-08-20 00:25 - 00009965 _____ C:\AdwCleaner[s1].txt

2013-08-20 00:26 - 2013-08-20 00:25 - 00000121 _____ C:\Windows\DeleteOnReboot.bat

2013-08-20 00:25 - 2013-08-20 00:25 - 00666633 _____ C:\Users\jeanne\Downloads\AdwCleaner.exe

2013-08-20 00:25 - 2012-01-13 22:17 - 00000000 ____D C:\ProgramData\AVG Secure Search

2013-08-20 00:24 - 2013-08-20 00:24 - 00001081 _____ C:\Users\jeanne\Desktop\Continue Download Helper Installation.lnk

2013-08-20 00:21 - 2013-08-20 00:21 - 00023930 _____ C:\Users\jeanne\Desktop\JRT.txt

2013-08-20 00:14 - 2013-03-03 22:03 - 00000000 ____D C:\ProgramData\Uniblue

2013-08-20 00:10 - 2013-08-20 00:10 - 00000000 ____D C:\Windows\ERUNT

2013-08-20 00:07 - 2013-08-19 23:12 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2013-08-20 00:07 - 2013-08-19 23:10 - 00000000 ____D C:\Users\jeanne\Desktop\mbar

2013-08-19 23:58 - 2012-01-18 20:54 - 00000000 ____D C:\Users\jeanne\Documents\Youcam

2013-08-19 23:09 - 2013-08-19 23:08 - 01018949 _____ (Thisisu) C:\Users\jeanne\Downloads\JRT.exe

2013-08-19 23:09 - 2013-08-19 23:07 - 00000000 ____D C:\Users\jeanne\Desktop\RK_Quarantine

2013-08-19 23:07 - 2013-08-19 23:07 - 12081912 _____ (Malwarebytes Corp.) C:\Users\jeanne\Downloads\mbar-1.06.1.1005.exe

2013-08-19 23:06 - 2013-08-19 23:05 - 03814400 _____ C:\Users\jeanne\Downloads\RogueKillerX64.exe

2013-08-19 23:05 - 2013-08-19 23:05 - 00000000 ____D C:\Windows\ERDNT

2013-08-19 23:04 - 2013-08-19 23:04 - 00000884 _____ C:\Users\jeanne\Desktop\NTREGOPT.lnk

2013-08-19 23:04 - 2013-08-19 23:04 - 00000865 _____ C:\Users\jeanne\Desktop\ERUNT.lnk

2013-08-19 23:04 - 2013-08-19 23:04 - 00000000 ____D C:\Program Files (x86)\ERUNT

2013-08-19 23:00 - 2013-08-19 22:59 - 00791393 _____ (Lars Hederer                                                ) C:\Users\jeanne\Downloads\erunt-setup.exe

2013-08-19 21:19 - 2013-08-19 21:17 - 00000000 ____D C:\Users\jeanne\Downloads\Switched at Birth S02E21 HDTV x264-ASAP[ettv]

2013-08-19 21:18 - 2013-08-19 21:17 - 00000000 ____D C:\Users\jeanne\Downloads\Under the Domen S01E09 HDTV x264-LOL[ettv]

2013-08-19 19:15 - 2013-08-19 19:15 - 00000000 ____D C:\Users\jeanne\AppData\Roaming\Malwarebytes

2013-08-19 19:14 - 2013-08-19 19:14 - 00001069 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-08-19 19:14 - 2013-08-19 19:14 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-08-19 19:14 - 2013-08-19 19:14 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-08-19 19:14 - 2013-08-19 19:13 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\jeanne\Downloads\mbam-setup-1.75.0.1300 (1).exe

2013-08-19 19:13 - 2013-08-19 19:13 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\jeanne\Downloads\mbam-setup-1.75.0.1300.exe

2013-08-19 18:30 - 2012-02-01 14:02 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-555411451-2527714722-2404825438-1000Core.job

2013-08-19 18:05 - 2012-01-13 22:07 - 00000000 ____D C:\ProgramData\MFAData

2013-08-19 00:48 - 2013-08-18 23:28 - 00000000 ____D C:\Users\jeanne\Downloads\Ray Donovan S01E08 HDTV x264-ASAP[ettv]

2013-08-18 22:15 - 2013-08-18 22:14 - 00000000 ____D C:\Users\jeanne\Downloads\Dexter S08E08 HDTV x264-ASAP[ettv]

2013-08-18 21:08 - 2013-08-18 21:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-08-18 20:58 - 2013-08-18 20:56 - 00000000 ____D C:\Users\jeanne\Downloads\True Blood S06E10 Radioactive WEB-DL XviD-FUM[ettv]

2013-08-18 03:22 - 2013-08-18 03:21 - 00000000 ____D C:\Users\jeanne\Downloads\Arctic Monkeys - Suck It And See (2011) (320kbps) DutchReleaseTeam

2013-08-18 03:21 - 2013-08-18 03:21 - 00000000 ____D C:\Users\jeanne\Downloads\Arctic Monkeys - Black Treacle (Single) 2012

2013-08-18 03:11 - 2013-08-18 03:11 - 00001146 _____ C:\Users\Public\Desktop\aTube Catcher.lnk

2013-08-18 03:11 - 2013-03-05 20:19 - 00002074 _____ C:\Users\Public\Desktop\Video Search.lnk

2013-08-18 03:10 - 2013-03-05 20:18 - 00000000 ____D C:\Program Files (x86)\DsNET Corp

2013-08-18 02:04 - 2013-07-27 21:43 - 00000000 ____D C:\Users\jeanne\AppData\Local\Firestorm

2013-08-17 23:30 - 2013-08-17 23:30 - 00000000 ____D C:\Users\jeanne\Downloads\Cedar Cove S01E05 HDTV x264-2HD[ettv]

2013-08-16 22:08 - 2013-08-16 22:00 - 156863116 _____ C:\Users\jeanne\Downloads\Web.Therapy.S03E01.HDTV.x264-EVOLVE.mp4

2013-08-16 22:04 - 2013-08-16 22:00 - 135941844 _____ C:\Users\jeanne\Downloads\Web.Therapy.S03E02.HDTV.x264-EVOLVE.mp4

2013-08-16 22:03 - 2013-08-16 22:00 - 123408770 _____ C:\Users\jeanne\Downloads\Web.Therapy.S03E04.HDTV.x264-ASAP.mp4

2013-08-16 22:00 - 2013-08-16 22:00 - 00000000 ____D C:\Users\jeanne\Downloads\Web.Therapy.S03E03.720p.HDTV.x264-EVOLVE [PublicHD]

2013-08-15 05:34 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache

2013-08-15 04:33 - 2007-01-01 21:25 - 00000000 ____D C:\Windows\Panther

2013-08-15 03:07 - 2009-07-14 01:13 - 00794606 _____ C:\Windows\system32\PerfStringBackup.INI

2013-08-15 03:05 - 2013-08-15 03:01 - 00000000 ____D C:\Windows\system32\MRT

2013-08-15 03:01 - 2012-01-16 04:06 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2013-08-15 01:39 - 2013-08-15 01:15 - 00000000 ____D C:\Users\jeanne\Downloads\Necessary.Roughness.S03E09.HDTV.XviD-AFG

2013-08-15 01:07 - 2013-07-01 21:17 - 00003715 _____ C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml

2013-08-15 01:07 - 2012-09-07 13:09 - 00045856 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys

2013-08-13 11:50 - 2013-08-13 11:49 - 00000000 ____D C:\Users\jeanne\Downloads\Mythbusters S12 Breaking Bad Special INTERNAL HDTV x264-KILLERS[ettv]

2013-08-12 12:57 - 2013-08-12 12:57 - 00000000 ____D C:\ProgramData\StarApp

2013-08-12 12:57 - 2013-08-12 12:55 - 00000000 ____D C:\ProgramData\InstallMate

2013-08-12 00:57 - 2013-08-12 00:49 - 00000000 ____D C:\Users\jeanne\Downloads\Ray Donovan S01E07 HDTV x264-ASAP[ettv]

2013-08-12 00:24 - 2013-08-12 00:18 - 00000000 ____D C:\Users\jeanne\Downloads\Drop Dead Diva S05E08 HDTV x264-ASAP[ettv]

2013-08-12 00:09 - 2013-08-12 00:00 - 00000000 ____D C:\Users\jeanne\Downloads\Dexter S08E07 HDTV x264-ASAP[ettv]

2013-08-12 00:01 - 2013-08-12 00:00 - 00000000 ____D C:\Users\jeanne\Downloads\True Blood S06E09 Life Matters WEB DL XviD-FUM[ettv]

2013-08-11 21:37 - 2012-01-26 10:36 - 00000000 ____D C:\Users\jeanne\AppData\Local\CrashDumps

2013-08-09 21:20 - 2013-08-09 21:20 - 00012193 _____ C:\Users\jeanne\Downloads\images-2.jpeg

2013-08-09 21:20 - 2013-08-09 21:20 - 00009198 _____ C:\Users\jeanne\Downloads\images-1.jpeg

2013-08-09 21:19 - 2013-08-09 21:19 - 00011309 _____ C:\Users\jeanne\Downloads\images.jpeg

2013-08-09 03:26 - 2013-08-08 23:38 - 00000000 ____D C:\Users\jeanne\AppData\Local\DolphinViewer3

2013-08-08 23:40 - 2013-08-08 23:38 - 00000000 ____D C:\Users\jeanne\AppData\Roaming\DolphinViewer3

2013-08-08 12:13 - 2013-08-08 12:13 - 00001227 _____ C:\Users\Public\Desktop\Dolphin Viewer 3.lnk

2013-08-08 12:13 - 2013-08-08 12:12 - 00000000 ____D C:\Program Files (x86)\DolphinViewer3

2013-08-08 12:04 - 2013-07-25 02:19 - 00000000 ____D C:\Users\jeanne\AppData\Local\SecondLife

2013-08-08 08:44 - 2013-07-25 02:19 - 00000000 ____D C:\Program Files (x86)\SecondLifeViewer

2013-08-08 03:09 - 2013-08-08 02:58 - 00000000 ____D C:\Users\jeanne\Downloads\Necessary Roughness S03E08 HDTV XviD-FUM[ettv]

2013-08-08 00:42 - 2013-07-25 02:19 - 00001085 _____ C:\Users\Public\Desktop\Second Life Viewer.lnk

2013-08-08 00:41 - 2013-08-08 00:41 - 00000873 _____ C:\Users\jeanne\Desktop\BitTorrent.lnk

2013-08-08 00:41 - 2013-08-08 00:41 - 00000853 _____ C:\Users\jeanne\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk

2013-08-08 00:40 - 2013-07-27 21:44 - 00000000 _____ C:\conversation.log

2013-08-05 00:06 - 2013-08-01 19:03 - 00000000 ____D C:\Users\jeanne\Downloads\The Haves and the Have Nots S01E01 HDTV x264-ASAP[ettv]

2013-08-01 12:51 - 2012-05-14 20:58 - 00000000 ____D C:\Users\jeanne\Downloads\pdf

2013-07-31 14:41 - 2013-07-31 14:41 - 141932924 _____ C:\Users\jeanne\Downloads\bvideo.mp4

2013-07-30 20:14 - 2013-04-03 15:11 - 00000925 _____ C:\Users\Public\Desktop\AVG 2013.lnk

2013-07-29 19:36 - 2013-07-29 19:36 - 00000000 _____ C:\Windows\setuperr.log

2013-07-28 21:27 - 2012-02-04 00:48 - 00000000 ____D C:\Program Files (x86)\Opera

2013-07-27 22:25 - 2012-05-16 01:48 - 00000000 ____D C:\Users\jeanne\AppData\Local\Windows Live

2013-07-27 21:45 - 2013-07-27 21:43 - 00000000 ____D C:\Users\jeanne\AppData\Roaming\Firestorm

2013-07-27 21:39 - 2013-07-27 21:39 - 00001277 _____ C:\Users\Public\Desktop\Firestorm-Release.lnk

2013-07-27 21:39 - 2013-07-27 21:37 - 00000000 ____D C:\Program Files (x86)\Firestorm-Release

2013-07-26 01:59 - 2013-07-26 01:59 - 00002978 _____ C:\Windows\System32\Tasks\{CDE12549-DCC0-4145-B5AB-B154A74E4D21}

2013-07-26 01:13 - 2013-08-15 03:11 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-07-26 01:13 - 2013-08-15 03:11 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-07-26 01:13 - 2013-08-15 03:11 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-07-26 01:12 - 2013-08-15 03:11 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-07-26 01:12 - 2013-08-15 03:11 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-07-26 01:12 - 2013-08-15 03:11 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-07-26 01:12 - 2013-08-15 03:11 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-07-26 01:12 - 2013-08-15 03:11 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-07-26 01:12 - 2013-08-15 03:11 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-07-26 01:12 - 2013-08-15 03:11 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-07-26 01:12 - 2013-08-15 03:11 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-07-26 01:12 - 2013-08-15 03:11 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-07-26 01:12 - 2013-08-15 03:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-07-26 01:12 - 2013-08-15 03:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-07-26 01:11 - 2012-06-21 23:34 - 00468592 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\pskill.exe

2013-07-26 01:09 - 2012-03-06 11:38 - 00000000 ____D C:\Users\jeanne\AppData\Local\CutePDF Writer

2013-07-25 23:35 - 2013-08-15 03:11 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-07-25 23:13 - 2013-08-15 03:11 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-07-25 23:13 - 2013-08-15 03:11 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-07-25 23:12 - 2013-08-15 03:11 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-07-25 23:12 - 2013-08-15 03:11 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-07-25 23:12 - 2013-08-15 03:11 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-07-25 23:12 - 2013-08-15 03:11 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-07-25 23:12 - 2013-08-15 03:11 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-07-25 23:12 - 2013-08-15 03:11 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-07-25 23:12 - 2013-08-15 03:11 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-07-25 23:12 - 2013-08-15 03:11 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-07-25 23:12 - 2013-08-15 03:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-07-25 23:11 - 2013-08-15 03:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-07-25 23:11 - 2013-08-15 03:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-07-25 22:49 - 2013-08-15 03:11 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-07-25 22:39 - 2013-08-15 03:11 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-07-25 21:59 - 2013-08-15 03:11 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-07-25 05:25 - 2013-08-14 21:26 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL

2013-07-25 04:57 - 2013-08-14 21:26 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL

2013-07-25 02:21 - 2013-07-25 02:19 - 00000000 ____D C:\Users\jeanne\AppData\Roaming\SecondLife

2013-07-25 02:07 - 2012-01-14 01:14 - 00000000 ____D C:\Users\jeanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games

2013-07-25 02:06 - 2013-07-25 02:03 - 00700144 _____ C:\Users\jeanne\Downloads\Second_Life_Setup.exe

2013-07-24 08:54 - 2012-03-27 19:50 - 00000000 ___RD C:\Program Files (x86)\Skype

2013-07-24 08:54 - 2012-03-27 19:50 - 00000000 ____D C:\ProgramData\Skype

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2013-08-12 15:27

 

==================== End Of Log ============================

Link to post
Share on other sites

  • Root Admin

Please download the attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.

If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

Link to post
Share on other sites

think i am good now sorry about posting to other page i did not intend to jack page. i am new to bleeping and i should have taken time to look how to start a new thread. here are results from scans. i ran the rootkit software and malwarebytes twice as well as mbar etc as indicated on previous results posted. the browsers no longer open up second/third windows to adware sites. my home pages are normal. if you see anything abnormal below please advise what i should do next. to my intermediate knowledge i seem ok now. thankyou for posting the help on steps to help remove pup****** that was in my initial malwarebytes scan 653 times.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-08-2013
Ran by jeanne (administrator) on 20-08-2013 22:12:55
Running from C:\Users\jeanne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NRZ7SRIR
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(GorMedia, Inc.) C:\Windows\syswow64\MxKsPumper.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
() C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Dropbox, Inc.) C:\Users\jeanne\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google Inc.) C:\Users\jeanne\AppData\Local\Google\Update\1.3.21.153\GoogleCrashHandler.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Google Inc.) C:\Users\jeanne\AppData\Local\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(RPA Technology) C:\Program Files (x86)\Air Mouse\Air Mouse\Mobile Mouse Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
(Google Inc.) C:\Users\jeanne\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\jeanne\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\jeanne\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\jeanne\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7466600 2011-09-15] (Realtek Semiconductor)
HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-21] (Hewlett-Packard Company)
HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKCU\...\Run: [iFunBoxConnector] - C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe [812544 2013-02-01] ()
HKCU\...\Run: [Google Update] - C:\Users\jeanne\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-02-01] (Google Inc.)
HKCU\...\Run: [bitTorrent] - C:\Users\jeanne\AppData\Roaming\BitTorrent\BitTorrent.exe [1126488 2013-08-08] (BitTorrent Inc.)
HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2011-01-27] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [574008 2011-07-11] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411440 2013-07-01] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-07-01] (RealNetworks, Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Air Mouse.lnk
ShortcutTarget: Air Mouse.lnk -> C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe ()
Startup: C:\Users\jeanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\jeanne\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo....&type=714647&p={searchTerms}
CHR DefaultSuggestURL: (Yahoo!) - http://ff.search.yah...fxjson&command={searchTerms}
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM-x32\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\Users\jeanne\AppData\Local\Temp\ccex.crx
CHR Plugin: (Java™ Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR RestoreOnStartup: "http://search.yahoo....r=spigot-yhp-ie
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://search.yahoo....&type=714647&p={searchTerms} ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSuggestURL: (Yahoo!) - http://ff.search.yah...fxjson&command={searchTerms} ==> The Chrome "Settings" can be used to fix the entry.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl => Key deleted successfully.
C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mhfdcmehmjcclgopdodkjdicohagipid => Key deleted successfully.
"C:\Users\jeanne\AppData\Local\Temp\ccex.crx" => File/Directory not found.
C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => Moved successfully.
CHR RestoreOnStartup: "https://www.facebook.com/" ==> The Chrome "Settings" can be used to fix the entry.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} => Moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} => Moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} => Moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} => Moved successfully.
C:\Users\jeanne\AppData\Roaming\Mozilla\Firefox\Profiles\kfl0cu6i.default\Extensions\toolbar_ATU4-V7@apn.ask.com.xpi => Moved successfully.
HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2 => Key deleted successfully.
C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll not found.
HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0 => Key deleted successfully.
C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll => Moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\BitTorrent => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\iFunBoxConnector => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = => Value not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key deleted successfully.
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} => Key deleted successfully.
HKCR\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key deleted successfully.
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} => Key deleted successfully.
HKCR\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\\{1392b8d2-5c05-419f-a8f6-b9f15a596612} => Value deleted successfully.
HKCR\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} => Value deleted successfully.
HKCR\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} => Key not found.
 
==== End of Fixlog ====
Link to post
Share on other sites

  • Root Admin

Please uninstall ALL versions of Java from your Control Panel, Programs and then reboot the computer.

 

Then run these tools again.

 

 

Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus


 

 

 

 

Please download AdwCleaner by Xplode to your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • If prompted by the User Account Control click Yes to allow it to run.
  • Under Actions click on the Delete button.
  • Click OK on all prompts.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the entire contents of that logfile to your next reply.
  • You can find the logfile at C:\AdwCleaner[s1].txt where the number in brackets indicates how often it was run.

 
 
 
Then run MBAM and check for updates and do a Quick Scan and post back that log.
 
 
Next, download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


 

 

Thanks

Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 5.5.2 (08.20.2013:1)

OS: Windows 7 Home Premium x64

Ran by jeanne on Wed 08/21/2013 at 20:21:55.10

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-555411451-2527714722-2404825438-1000\Software\Microsoft\Internet Explorer\Main\\Start Page

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

 

 

~~~ FireFox

 

Emptied folder: C:\Users\jeanne\AppData\Roaming\mozilla\firefox\profiles\kfl0cu6i.default\minidumps [1 files]

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Wed 08/21/2013 at 20:31:17.50

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Link to post
Share on other sites

# AdwCleaner v3.000 - Report created 21/08/2013 at 20:40:09

# Updated 20/08/2013 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : jeanne - JEANNE-HP

# Running from : C:\Users\jeanne\Downloads\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\AVG Secure Search

Folder Deleted : C:\ProgramData\InstallMate

Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v10.0.9200.16660

 

 

-\\ Mozilla Firefox v23.0.1 (en-US)

 

[ File : C:\Users\jeanne\AppData\Roaming\Mozilla\Firefox\Profiles\kfl0cu6i.default\prefs.js ]

 

Line Deleted : user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.com|google\\.\\w+|yahoo\\.\\w+|gmail\\.\\w+|hotmail\\.\\w+|live\\.\\w+|isearch\\.avg\\.com|mysearch\\.avg\\.com");

Line Deleted : user_pref("extensions.plugin@getwebcake.com.install-event-fired", true);

Line Deleted : user_pref("extensions.toolbar_ATU4-V7@apn.ask.com.install-event-fired", true);

 

-\\ Google Chrome v

 

[ File : C:\Users\jeanne\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [1422 octets] - [21/08/2013 20:37:39]

AdwCleaner[s0].txt - [1361 octets] - [21/08/2013 20:40:09]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1421 octets] ##########
Link to post
Share on other sites

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.08.21.07

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16660

jeanne :: JEANNE-HP [administrator]

 

Protection: Enabled

 

8/21/2013 8:45:09 PM

MBAM-log-2013-08-21 (20-54-28).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 223521

Time elapsed: 8 minute(s), 

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 1

C:\Users\jeanne\AppData\Local\Temp\ICReinstall_setup.exe (PUP.Optional.InstallCore) -> No action taken.

 

(end)
Link to post
Share on other sites

security check log ? i posted all the ones that popped up after running what you asked. i am id say intermediate. i can help most people with what i know , but when i get screwed up it is royally screwed up. i am not familiar with most of the software i have been using last 24 hrs, so i have a learning curve. tired as heck too so little slow on the uptake today. when i ran quick scan with MBAM it still found 1 instance of PUP so i saved the log posted above then chose to clean it and restart. ill run quick scan now to see what it finds. 

I do appreciate your assistance. I know with some infections even re installing os wont clean it , so I really do thank you.

Link to post
Share on other sites

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.08.21.07

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16660

jeanne :: JEANNE-HP [administrator]

 

Protection: Enabled

 

8/21/2013 9:07:55 PM

mbam-log-2013-08-21 (21-07-55).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 223231

Time elapsed: 6 minute(s), 57 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)
Link to post
Share on other sites

  • Root Admin

Please download Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


 

Link to post
Share on other sites

 Results of screen317's Security Check version 0.99.72  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 10  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

AVG AntiVirus Free Edition 2013   

 Antivirus up to date!   

`````````Anti-malware/Other Utilities Check:````````` 

 Malwarebytes Anti-Malware version 1.75.0.1300  

 Java 6 Update 39  

 Java 7 Update 25  

 Adobe Flash Player 11.8.800.94  

 Adobe Reader 10.1.7 Adobe Reader out of Date!  

 Mozilla Firefox (23.0.1) 

 Google Chrome 28.0.1500.72  

 Google Chrome 28.0.1500.95  

````````Process Check: objlist.exe by Laurent````````  

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbamgui.exe  

 AVG avgwdsvc.exe 

 Malwarebytes' Anti-Malware mbamscheduler.exe   

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 6% 

````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

just did ,. i don't use it often . i saw out of date and just updated it directly with adobe website. chrome is no longer popping up second window , nor getting home page jacked. firefox had an update so i am running that now and will check but getting to the mozilla page was fine no second window , home page loaded properly. opera and safari were never affected. Fairly sure i know where i picked it up......yea you do too i'm sure. i'm using avg on laptop, my tablet i put sophos. i've thought of getting kapersky  but avg is free and i always thought worked well. do you have suggestion on a more effective anti virus and or firewall ?

Link to post
Share on other sites

  • Root Admin

More than likely it came from an old version of Java or Flash.  Those are the most common inlets.  So nothing wrong with your antivirus.

 

At this time there are no more signs of an infection on your system.
However if you are still seeing any signs of an infection please let me know.

Let's go ahead and remove the tools and logs we've used during this process.

Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time.
They are often updated daily so if you went to use them again in the future they would be outdated anyways.

The following procedures will implement some cleanup procedures to remove these tools.
It will also reset your System Restore by flushing out previous restore points and create a new restore point.
It will also remove all the backups our tools may have created.

Uninstall ComboFix (if used):

  • Turn off all active protection software including your antivirus.
  • Push the "Windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • Please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.

CF-Uninstall.png



Remove the rest of the tools used:



Please download OTCleanIt and save it to your Desktop. This tool will remove all the tools we used to clean your pc.


  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not go ahead and delete it by yourself.
  • If asked to restart the computer, please do so

Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.



AdwCleaner Removal:


  • Double click on AdwCleaner.exe to run the tool.
  • Click on Uninstall
  • Confirm with Yes

ESET antivirus Removal:


  • This tool can be uninstalled via the Control Panel, Programs, Uninstall

If there are any other left over Folders, Files, Logs then you can delete them on your own.

Please visit the following link to see how to delete old System Restore Points. Please delete all of them and create a new one at this time.
How to Delete System Protection Restore Points in Windows 7 and Windows 8

Remove all but the most recent Restore Point on Windows XP


As Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsers
How do I disable Java in my web browser? - Disable Java

Please read the following articles which will help you to better understand how the computer may have become infected as well as how to help prevent future infections. Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor.


If you're not currently using Malwarebytes PRO then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection.
 

Link to post
Share on other sites

thanks....yea i know restore points taking care of that now. i was not sure if using one when infected would work or not , why i didn't.

ill run ccleaner after and malwarebytes again too. i play some games that use java so i keep it on but yes unsafe. i actually tell everyone who asks me for help on what for me is simple stuff to get malwarebytes, if i am at the pc i will just go ahead and install it and show them what to do with it. i am guessing that simple for me is preschool for you. i do appreciate your help.

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.