Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

EXE file associations still broken. DDS log. FRST log but crashes


  • This topic is locked This topic is locked
6 replies to this topic

#1 mactiegre

mactiegre

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin, TX
  • Local time:08:42 PM

Posted 24 November 2013 - 10:24 AM

The problem computer is a friends Toshiba laptop I have possession of with AMD CPU running Win7-x86 (32-bit). nasdaq asked me to start a new topic and said he would escalate it. The computer system time was modified by the infection also. It now says 11/16/2013 7:46 AM.

The problem is EXEs are "associated" with Windows Media Center and won't run from desktop, but I can start a command.com window to run some commands and have been able to edit the name to .com on some tools to run. 

FRST crashes at the end of the scan with an error message. Log pasted below. 

 

DDS log from a few days ago pasted below. Additon.txt available (not attached)

I ran Systemlook as follows:

  • Double-click SystemLook.exe
  • to run it.
  • Copy and paste the content
  • of the following bold text into the main textfield:
    :reg
    HKLM\Software\Classes\exefile\shell\open\command /sub

    HKLM\Software\Classes\exefile\shell\runas\command /sub

    HKCU\Software\Classes\exefile\shell\open\command /sub

    HKCU\Software\Classes\exefile\shell\open\command /sub
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. 
  • Note: The log can also be found on your Desktop entitled SystemLook.txt.

SystemLook 30.07.11 by jpshortstuff
Log created at 18:59 on 14/11/2013 by Jenny
Administrator - Elevation successful
 
========== reg ==========
 
[HKEY_LOCAL_MACHINE\Software\Classes\exefile\shell\open\command]
@=""%1" %*"
"IsolatedCommand"=""%1" %*"
 
 
[HKEY_LOCAL_MACHINE\Software\Classes\exefile\shell\runas\command]
@=""%1" %*"
"IsolatedCommand"=""%1" %*"
 
 
[HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command]
(Unable to open key - key not found)
 
[HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command]
(Unable to open key - key not found)
 
-= EOF =- 

DDS (Ver_2012-11-20.01) - NTFS_x86 

Internet Explorer: 10.0.9200.16736
Run by Jenny at 18:29:09 on 2013-11-10
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2812.1946 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\atiesrxx.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\atieclxx.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\DICTIO~2\bar\1.bin\v4barsvc.exe
C:\Program Files\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\taskhost.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\windows\system32\conhost.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\Explorer.EXE
C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_1013b.exe
C:\Program Files\Google\Update\1.3.21.165\GoogleCrashHandler.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\windows\System32\WUDFHost.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
C:\windows\system32\sppsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\ntvdm.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
\\?\C:\windows\system32\wbem\WMIADAP.EXE
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\conhost.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\System32\svchost.exe -k Akamai
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://news.yahoo.com/
uSearch Bar = Preserve
uSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uProxyOverride = 127.0.0.1:9421;*.local;<local>
uSearchAssistant = hxxp://www.google.com
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: Search Assistant BHO: {58376892-60e7-4f63-aca0-0f686af554d6} - c:\program files\dictionaryboss\bar\1.bin\v4SrcAs.dll
BHO: Toolbar BHO: {6eb534fb-2001-45c4-b860-bc904865a379} - c:\program files\dictionaryboss\bar\1.bin\v4bar.dll
BHO: Fantapper: {8A86D350-37AB-410A-8531-7D1363F317B3} - c:\program files\brand affinity technologies\fantapper player\\IEInstaller.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Updater For Quizulous: {bd3764dc-af95-4c47-984a-e7997e1d4691} - 
BHO: GreatArcadeHits Add-on: {D0C21091-FF8E-432C-9006-0540E81BA9D7} - c:\users\mario\appdata\local\greatarcadehits\GreatArcadeHitsIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: DictionaryBoss: {3042DF7A-E900-4389-9B94-923DF0DAA57E} - c:\program files\dictionaryboss\bar\1.bin\v4bar.dll
TB: DictionaryBoss: {3042df7a-e900-4389-9b94-923df0daa57e} - c:\program files\dictionaryboss\bar\1.bin\v4bar.dll
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [Akamai NetSession Interface] "c:\users\jenny\appdata\local\akamai\netsession_win.exe"
uRun: [msnmsgr] ~"c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Google Update] "c:\users\jenny\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [TPwrMain] c:\program files\toshiba\power saver\TPwrMain.EXE
mRun: [SmoothView] c:\program files\toshiba\smoothview\SmoothView.exe
mRun: [00TCrdMain] c:\program files\toshiba\flashcards\TCrdMain.exe
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60
mRun: [TosWaitSrv] c:\program files\toshiba\tphm\TosWaitSrv.exe
mRun: [Teco] "c:\program files\toshiba\teco\Teco.exe" /r
mRun: [TWebCamera] "c:\program files\toshiba\toshiba web camera application\TWebCamera.exe" autorun
mRun: [SmartFaceVWatcher] c:\program files\toshiba\smartfacev\SmartFaceVWatcher.exe
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [NortonOnlineBackupReminder] "c:\program files\toshiba\toshiba online backup\activation\TobuActivation.exe" UNATTENDED
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [YTDownloader] "c:\program files\ytdownloader\YTDownloader.exe" /boot
mRun: [ClearStick] c:\program files\clearwire\clearstick\ClearStick.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRunOnce: [SPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: $talisma_url$
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} - hxxps://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{028D974A-0861-4B2E-9073-DB879C4918CE} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{028D974A-0861-4B2E-9073-DB879C4918CE}\0516071602A4F686E637 : DHCPNameServer = 66.80.131.5 66.80.130.23 192.168.0.1
TCP: Interfaces\{028D974A-0861-4B2E-9073-DB879C4918CE}\144545536363 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{028D974A-0861-4B2E-9073-DB879C4918CE}\D4270224F6E65637 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{028D974A-0861-4B2E-9073-DB879C4918CE}\D4F64756C60263 : DHCPNameServer = 10.128.128.128
TCP: Interfaces\{370D3706-5F13-43DF-B982-40E5816A8F73} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{46873257-4BC6-472A-A56A-B1B2BDB941B3} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{79768233-DEA6-4F8C-B746-1A63A210392F} : DHCPNameServer = 192.168.14.1 64.13.74.12
TCP: Interfaces\{C4539CD7-30F6-40A5-83C2-555C6491A0F3} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{D9147D83-6482-44B2-B5F6-B70017E25CB3} : DHCPNameServer = 192.168.14.1 64.13.74.12
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {01250B8F-D947-4F8A-9408-FE8E3EE2EC92} - c:\program files\toshiba\my toshiba\MyToshiba.exe /SETUP
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-11-12 255968]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-4 297168]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-9-4 37664]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-6 176128]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2012-1-31 7391072]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-8-10 185712]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
R2 DictionaryBossService;DictionaryBossService;c:\progra~1\dictio~2\bar\1.bin\v4barsvc.exe [2012-3-22 42504]
R2 FTSvc;Fantapper Player Update Service;c:\program files\brand affinity technologies\fantapper player\FantapperUpdateService.exe [2011-12-15 11776]
R2 RSELSVC;TOSHIBA Modem region select service;c:\program files\toshiba\rselect\RSelSvc.exe [2009-7-7 62832]
R2 sbmntr;sbmntr;c:\progra~1\ytdown~1\sbmntr.sys [2013-9-16 50024]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2009-8-11 185712]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-6-19 12920]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-5-27 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 21968]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2009-11-6 7680]
R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2009-11-6 24064]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\13.2.0\toolbarupdater.exe --> c:\program files\common files\avg secure search\vtoolbarupdater\13.2.0\ToolbarUpdater.exe [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-9 167264]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files\wildtangent games\app\GamesAppIntegrationService.exe [2013-10-7 240736]
S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2013-11-8 30976]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-10-11 14848]
S3 SMUpd;Search Module Update;c:\program files\common files\goobzo\gbupdate\smu.exe [2013-10-6 1688424]
S3 SMUpdd;Search Module UpdateD;c:\program files\common files\goobzo\gbupdate\smw.sys [2013-10-6 31592]
S3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2009-11-6 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-8-3 111960]
S3 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2009-8-6 685424]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-10-11 49664]
S3 usbrndis6;USB RNDIS6 Adapter;c:\windows\system32\drivers\usb80236.sys [2013-4-2 15872]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-3 1343400]
.
=============== File Associations ===============
.
FileExt: .exe: Applications\firefox.exe="c:\program files\mozilla firefox\firefox.exe" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2013-11-11 02:23:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-11-10 23:54:14 -------- d-----w- C:\AdwCleaner
2013-11-10 23:01:55 883616 ----a-w- c:\users\jenny\FixExec.com
2013-11-08 19:42:25 1090529 ----a-w- c:\users\jenny\FRST.exe
2013-11-08 19:32:23 30976 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2013-11-08 19:19:49 -------- d-----w- c:\programdata\HitmanPro
2013-11-08 19:19:42 9452704 ----a-w- c:\users\jenny\HitmanPro.exe
2013-11-08 12:33:25 -------- d-----w- C:\FRST
2013-11-08 12:13:50 136 ----a-w- c:\users\jenny\mseinstall.exe
2013-11-08 12:10:55 2290984 ----a-w- c:\users\jenny\Setup.exe
2013-11-08 12:10:55 1898232 ----a-w- c:\users\jenny\rkill.exe
2013-11-08 12:10:54 13670584 ----a-w- c:\users\jenny\mseinstall (1).exe
2013-11-08 12:10:53 9833328 ----a-w- c:\users\jenny\hitmanpro_x64.exe
2013-11-08 12:10:53 7609104 ----a-w- c:\users\jenny\wet7xp_x86.exe
2013-11-08 12:07:28 106880 ----a-w- c:\users\jenny\SAS_FixEXEfile.com
2013-11-08 12:02:30 2600 ----a-w- c:\users\jenny\exe_fix.reg
2013-11-08 12:02:30 1205 ----a-w- c:\users\jenny\FixNCR.reg
2013-11-08 11:55:49 894600 ----a-w- c:\users\jenny\cbsidlm-cbsi134-HitmanPro_3_32bit-SEO-10895604.exe
2013-11-08 11:54:32 133 ----a-w- c:\users\jenny\Hitmanpro32.exe
2013-11-07 08:27:46 1796096 ----a-w- c:\windows\system32\authui.dll
2013-11-01 10:47:45 -------- d-----w- c:\users\jenny\appdata\local\Installer
2013-10-27 05:42:20 -------- d-----w- c:\users\jenny\appdata\local\{7185D56B-1274-4AE3-896B-7ED51EA5E981}
2013-10-26 17:09:44 -------- d-----w- c:\users\jenny\appdata\local\{1C7CCCB2-24DA-483F-AD34-0587EE353034}
2013-10-26 16:28:54 -------- d-----w- c:\program files\iPod
2013-10-26 16:28:53 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-10-25 02:42:50 -------- d-----w- c:\users\jenny\appdata\local\{3A0245DB-D07B-443F-939E-A899B02FA437}
2013-10-25 02:42:49 -------- d-----w- c:\users\jenny\appdata\local\{4A0D76CB-E6C0-43AA-AC21-A33D2AAD07FB}
2013-10-25 02:42:38 -------- d-----w- c:\users\jenny\appdata\roaming\Windows Live Writer
2013-10-25 02:42:38 -------- d-----w- c:\users\jenny\appdata\local\Windows Live Writer
2013-10-21 15:19:38 -------- d-----w- c:\users\jenny\appdata\local\{380C0E1A-25B7-49A4-95E0-835EBD7048A7}
2013-10-21 01:24:53 -------- d-----w- c:\users\jenny\appdata\local\Macromedia
2013-10-21 01:19:02 -------- d-----w- c:\users\jenny\appdata\local\Mozilla
2013-10-21 01:07:23 -------- d-----w- c:\users\jenny\appdata\local\{B82D4A1D-0A58-4782-8784-5C7AC05D00BB}
2013-10-20 06:08:24 -------- d-----w- c:\program files\Mozilla Firefox.bak
2013-10-20 05:14:34 -------- d-----w- c:\program files\FFMPEG
2013-10-20 05:10:26 -------- d-----w- c:\programdata\SPEEDbit
2013-10-18 07:04:34 -------- d-----w- c:\windows\en
2013-10-18 06:51:46 94040 ----a-w- c:\program files\common files\windows live\.cache\81663ea81cecbce07\DSETUP.dll
2013-10-18 06:51:46 525656 ----a-w- c:\program files\common files\windows live\.cache\81663ea81cecbce07\DXSETUP.exe
2013-10-18 06:51:46 1691480 ----a-w- c:\program files\common files\windows live\.cache\81663ea81cecbce07\dsetup32.dll
2013-10-18 06:51:22 525656 ----a-w- c:\program files\common files\windows live\.cache\73163f521cecbce01\DXSETUP.exe
2013-10-18 06:51:22 1691480 ----a-w- c:\program files\common files\windows live\.cache\73163f521cecbce01\dsetup32.dll
2013-10-18 06:51:21 94040 ----a-w- c:\program files\common files\windows live\.cache\73163f521cecbce01\DSETUP.dll
2013-10-18 06:50:14 -------- d-----w- c:\users\jenny\appdata\local\Windows Live
2013-10-12 02:33:05 514560 ----a-w- c:\windows\system32\qdvd.dll
.
==================== Find3M  ====================
.
2013-10-12 07:03:50 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-10-12 07:02:33 2877952 ----a-w- c:\windows\system32\jscript9.dll
2013-10-12 07:02:29 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-10-12 07:02:29 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-10-12 06:08:58 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-10-12 05:15:39 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-10-12 02:03:08 656896 ----a-w- c:\windows\system32\nshwfp.dll
2013-10-12 02:01:41 679424 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-12 02:01:25 216576 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-10-10 09:22:35 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-10 09:22:35 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-10 07:57:55 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-10-05 19:57:25 1168384 ----a-w- c:\windows\system32\crypt32.dll
2013-10-04 01:58:50 152576 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2013-10-04 01:56:25 168960 ----a-w- c:\windows\system32\credui.dll
2013-10-03 01:58:07 305152 ----a-w- c:\windows\system32\gdi32.dll
2013-09-25 02:01:08 136640 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-09-25 02:01:06 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2013-09-25 01:57:46 99840 ----a-w- c:\windows\system32\sspicli.dll
2013-09-25 01:57:26 22016 ----a-w- c:\windows\system32\secur32.dll
2013-09-25 01:57:24 247808 ----a-w- c:\windows\system32\schannel.dll
2013-09-25 01:56:42 220160 ----a-w- c:\windows\system32\ncrypt.dll
2013-09-25 01:56:02 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2013-09-25 00:49:20 22016 ----a-w- c:\windows\system32\lsass.exe
2013-09-25 00:49:18 15872 ----a-w- c:\windows\system32\sspisrv.dll
2013-09-14 00:48:58 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2013-09-08 02:07:12 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:03:58 231424 ----a-w- c:\windows\system32\mswsock.dll
2013-09-04 01:15:32 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-09-04 01:14:52 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-09-04 01:14:52 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-09-04 01:14:45 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-09-04 01:14:45 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-09-04 01:14:43 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-09-04 01:14:40 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-08-29 01:51:45 3969472 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-08-29 01:51:45 3914176 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-29 01:50:30 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-08-29 01:50:16 619520 ----a-w- c:\windows\system32\tdh.dll
2013-08-29 01:48:17 640512 ----a-w- c:\windows\system32\advapi32.dll
2013-08-28 01:04:30 2348544 ----a-w- c:\windows\system32\win32k.sys
2013-08-28 00:57:20 434688 ----a-w- c:\windows\system32\scavengeui.dll
.
============= FINISH: 18:30:46.84 ===============
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-11-2013
Ran by Jenny (administrator) on JENNY-PC on 16-11-2013 07:42:36
Running from C:\Users\Jenny\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) ===================
 
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgchsvx.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(COMPANYVERS_NAME) C:\Program Files\DictionaryBoss\bar\1.bin\v4barsvc.exe
(Brand Affinity Technologies) C:\Program Files\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgemcx.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.21.165\GoogleCrashHandler.exe
(AVG Secure Search) C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_1013b.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgcsrvx.exe
(Microsoft Corporation) \\?\C:\windows\system32\wbem\WMIADAP.EXE
(Farbar) C:\Users\Jenny\Desktop\FRST.com
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [] - [x]
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-30] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [LtMoh] - C:\Program Files\ltmoh\ltmoh.exe [195080 2008-09-25] (LSI Corp.)
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe [476512 2009-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] - C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe [460088 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [738616 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [ToshibaServiceStation] - C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-08-17] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [611672 2009-08-06] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\TEco.exe [1324384 2009-08-11] (TOSHIBA Corporation)
HKLM\...\Run: [TWebCamera] - C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2446648 2009-08-11] (TOSHIBA CORPORATION.)
HKLM\...\Run: [SmartFaceVWatcher] - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe [163840 2009-07-29] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [611672 2009-08-03] (TOSHIBA Corporation)
HKLM\...\Run: [NortonOnlineBackupReminder] - C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe [529256 2009-07-16] (Toshiba)
HKLM\...\Run: [AVG_TRAY] - C:\Program Files\AVG\AVG10\avgtray.exe [2345592 2012-08-01] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [YTDownloader] - C:\Program Files\YTDownloader\YTDownloader.exe [2044264 2013-09-16] (YTDownloader)
HKLM\...\Run: [ClearStick] - C:\Program Files\Clearwire\ClearStick\ClearStick.exe [63488 2012-01-10] ()
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.)
HKCU\...\Run: [Pando Media Booster] - C:\Program Files\Pando Networks\Media Booster\PMB.exe [2969496 2010-09-16] ()
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Jenny\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [4283256 2011-05-13] (Microsoft Corporation)
HKCU\...\Run: [Google Update] - C:\Users\Jenny\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-10-07] (Google Inc.)
MountPoints2: {0ed48145-af2e-11e2-a592-00266c31c90f} - E:\PcOptions.exe
MountPoints2: {1a7cdc9d-317b-11e3-b693-cf5596972cd6} - E:\WinInit.exe -c
MountPoints2: {856127a4-2bd5-11e3-af3b-dcbe8af03ceb} - E:\setup.exe -a
HKU\Mario\...\Run: [MyTOSHIBA] - C:\Program Files\TOSHIBA\My Toshiba\MyToshiba.exe [ 2009-08-06] (TOSHIBA)
HKU\Mario\...\Run: [Google Update] - C:\Users\Mario\AppData\Local\Google\Update\GoogleUpdate.exe [ 2013-10-18] (Google Inc.)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /syncC:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restartbootdelete
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.yahoo.com/
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Search Assistant BHO - {58376892-60e7-4f63-aca0-0f686af554d6} - C:\Program Files\DictionaryBoss\bar\1.bin\v4SrcAs.dll (MindSpark)
BHO: Toolbar BHO - {6eb534fb-2001-45c4-b860-bc904865a379} - C:\Program Files\DictionaryBoss\bar\1.bin\v4bar.dll (MindSpark)
BHO: Fantapper - {8A86D350-37AB-410A-8531-7D1363F317B3} - C:\Program Files\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll (Brand Affinity Technologies)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Updater For Quizulous - {bd3764dc-af95-4c47-984a-e7997e1d4691} - C:\Program Files\quizulous\auxi\gametheorytemplaAu.dll No File
BHO: GreatArcadeHits Add-on - {D0C21091-FF8E-432C-9006-0540E81BA9D7} - C:\Users\Mario\AppData\Local\GreatArcadeHits\GreatArcadeHitsIE.dll (GreatArcadeHits)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - DictionaryBoss - {3042df7a-e900-4389-9b94-923df0daa57e} - C:\Program Files\DictionaryBoss\bar\1.bin\v4bar.dll (MindSpark)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - DictionaryBoss - {3042DF7A-E900-4389-9B94-923DF0DAA57E} - C:\Program Files\DictionaryBoss\bar\1.bin\v4bar.dll (MindSpark)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\e94nebgi.default
FF Homepage: about:home
FF Keyword.URL: hxxp://www-search.net/search.aspx?s=DAAzwgt179291_x21_1_tmpue2_0,f992542e-cc42-4a84-8b23-1aa030776faa,&q=
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @DictionaryBoss.com/Plugin - C:\Program Files\DictionaryBoss\bar\1.bin\NPv4Stub.dll (MindSpark)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 - C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin: @oberon-media.com/ONCAdapter - C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Jenny\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Jenny\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Jenny\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Jenny\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Jenny\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: No Name - C:\Users\Jenny\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions
FF Extension: No Name - C:\Users\Jenny\AppData\Roaming\Mozilla\Firefox\profiles\extensions\searchplugins
FF Extension: No Name - C:\Users\Jenny\AppData\Roaming\Mozilla\Firefox\profiles\extensions\prefs.js
FF Extension: trtv3 - C:\Users\Jenny\AppData\Roaming\Mozilla\Firefox\profiles\extensions\trtv3@trtv.com.xpi
FF Extension: prefs - C:\Users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\e94nebgi.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}.xpi
FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG10\Firefox4\
FF Extension: AVG Safe Search - C:\Program Files\AVG\AVG10\Firefox4\
FF HKLM\...\Firefox\Extensions: [v4ffxtbr@DictionaryBoss.com] - C:\Program Files\DictionaryBoss\bar\1.bin
FF Extension: DictionaryBoss - C:\Program Files\DictionaryBoss\bar\1.bin
FF StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchURL: (Mysearchdial) - http://www.google.com
CHR DefaultSuggestURL: (Mysearchdial) - {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Extension: (Search Module New Tab) - C:\Users\Jenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\mflohlhbbdnhenmmpfdpaepdpmmfhgia\1.0_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Jenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_1
CHR Extension: (Fantapper) - C:\Users\Jenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgcjecomkebbohfjgmncelbhogbbokf\1.0.6_1
CHR Extension: (Graffiti Burst) - C:\Users\Jenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pljjmbnhpjnpblmkmmefbopnedifddlo\1_0
CHR HKLM\...\Chrome\Extension: [mflohlhbbdnhenmmpfdpaepdpmmfhgia] - C:\Program Files\Common Files\Goobzo\GBUpdate\SearchModule.crx
CHR HKLM\...\Chrome\Extension: [ohgcjecomkebbohfjgmncelbhogbbokf] - C:\Program Files\Brand Affinity Technologies\Fantapper Player\\fantapper_gi20111005.crx
 
========================== Services (Whitelisted) =================
 
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-27] (LSI Corporation)
R2 Akamai; c:\program files\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-10-01] (Akamai Technologies, Inc.)
S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [167264 2011-11-10] ()
R2 AVGIDSAgent; C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [7391072 2012-01-31] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG10\avgwdsvc.exe [269520 2011-02-08] (AVG Technologies CZ, s.r.o.)
R2 cfWiMAXService; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [185712 2009-08-10] (TOSHIBA CORPORATION)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-10] (TOSHIBA CORPORATION)
R2 DictionaryBossService; C:\Program Files\DictionaryBoss\bar\1.bin\v4barsvc.exe [42504 2012-03-22] (COMPANYVERS_NAME)
R2 FTSvc; C:\Program Files\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.exe [11776 2011-12-15] (Brand Affinity Technologies)
S3 GamesAppIntegrationService; C:\Program Files\WildTangent Games\App\GamesAppIntegrationService.exe [240736 2013-10-07] (WildTangent)
R2 RSELSVC; C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe [62832 2009-07-07] (TOSHIBA Corporation)
S3 SMUpd; C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe [1688424 2013-10-06] (Goobzo Ltd.)
S3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [51512 2009-08-17] (TOSHIBA Corporation)
R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [185712 2009-08-11] (TOSHIBA Corporation)
S3 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [111960 2009-08-03] (TOSHIBA Corporation)
S3 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [685424 2009-08-06] (TOSHIBA Corporation)
S3 gusvc; "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" [x]
S3 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [x]
S2 vToolbarUpdater13.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [x]
 
==================== Drivers (Whitelisted) ====================
 
R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [134480 2011-05-27] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [22992 2011-02-22] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [24144 2011-02-10] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSShim; C:\Windows\System32\DRIVERS\AVGIDSShim.Sys [21968 2011-02-10] (AVG Technologies CZ, s.r.o. )
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [255968 2012-11-12] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [34896 2011-03-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [32592 2011-03-16] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [297168 2011-04-04] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\windows\system32\drivers\avgtpx86.sys [37664 2013-10-10] (AVG Technologies)
S3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [30976 2013-11-08] ()
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2011-09-09] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2011-09-09] (Printing Communications Assoc., Inc. (PCAUSA))
R3 PGEffect; C:\Windows\System32\DRIVERS\pgeffect.sys [24064 2009-06-22] (TOSHIBA Corporation)
R3 RTL8187Se; C:\Windows\System32\DRIVERS\RTL8187Se.sys [333824 2008-08-22] (Realtek Semiconductor Corporation                           )
R2 sbmntr; C:\Program Files\YTDownloader\sbmntr.sys [50024 2013-09-16] (YTDownloader)
S3 SMUpdd; C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys [31592 2013-10-06] ()
U3 TrueSight; C:\windows\system32\TrueSight.sys [26624 2013-11-13] ()
R2 TVALZFL; C:\Windows\System32\DRIVERS\TVALZFL.sys [12920 2009-06-19] (TOSHIBA Corporation)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [15872 2013-02-11] (Microsoft Corporation)
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [x]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-11-16 07:42 - 2013-11-16 07:43 - 00019800 _____ C:\Users\Jenny\Desktop\FRST.txt
2013-11-16 07:41 - 2013-11-24 09:11 - 01091583 _____ (Farbar) C:\Users\Jenny\Desktop\FRST.com
2013-11-14 19:01 - 2013-11-18 18:30 - 00883616 _____ (Bleeping Computer, LLC) C:\Users\Jenny\Desktop\FixExec.com
2013-11-14 18:59 - 2013-11-14 19:35 - 00001074 _____ C:\Users\Jenny\Desktop\SystemLook.txt
2013-11-14 18:53 - 2013-11-14 18:53 - 00002853 _____ C:\Users\Jenny\Desktop\Continue AnyProtect Installation.pif
2013-11-14 18:52 - 2013-11-22 20:23 - 00601648 _____ C:\Users\Jenny\Desktop\Setup.exe
2013-11-14 18:41 - 2013-11-22 19:46 - 00139264 _____ C:\Users\Jenny\Desktop\SystemLook.com
2013-11-14 18:39 - 2013-10-10 01:57 - 00037664 _____ (AVG Technologies) C:\windows\system32\Drivers\avgtpx86.sys
2013-11-14 18:39 - 2012-11-12 04:47 - 00255968 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgldx86.sys
2013-11-14 18:39 - 2011-05-27 18:05 - 00134480 _____ (AVG Technologies CZ, s.r.o. ) C:\windows\system32\Drivers\AVGIDSDriver.sys
2013-11-14 18:39 - 2011-04-04 23:59 - 00297168 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgtdix.sys
2013-11-14 18:39 - 2011-03-16 15:03 - 00032592 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgrkx86.sys
2013-11-14 18:39 - 2011-03-01 13:25 - 00034896 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgmfx86.sys
2013-11-14 18:39 - 2011-02-22 07:12 - 00022992 _____ (AVG Technologies CZ, s.r.o. ) C:\windows\system32\Drivers\AVGIDSEH.sys
2013-11-14 18:39 - 2011-02-10 06:53 - 00024144 _____ (AVG Technologies CZ, s.r.o. ) C:\windows\system32\Drivers\AVGIDSFilter.sys
2013-11-14 18:39 - 2011-02-10 06:53 - 00021968 _____ (AVG Technologies CZ, s.r.o. ) C:\windows\system32\Drivers\AVGIDSShim.sys
2013-11-13 18:20 - 2013-11-13 18:20 - 00026624 _____ C:\windows\system32\TrueSight.sys
2013-11-13 18:19 - 2013-11-13 18:36 - 00000000 ____D C:\Users\Jenny\Desktop\RK_Quarantine
2013-11-13 18:18 - 2013-11-21 19:44 - 03679744 _____ C:\Users\Jenny\Desktop\RogueKiller.com
2013-11-13 18:18 - 2013-11-21 19:44 - 01085542 _____ C:\Users\Jenny\Desktop\adwcleaner.com
2013-11-13 18:18 - 2013-11-21 19:44 - 01034531 _____ (Thisisu) C:\Users\Jenny\Desktop\JRT.com
2013-11-10 20:23 - 2013-11-10 20:23 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-11-10 17:54 - 2013-11-13 18:43 - 00000000 ____D C:\AdwCleaner
2013-11-10 17:02 - 2013-11-14 19:01 - 00001238 _____ C:\Users\Jenny\Desktop\FixExec.txt
2013-11-10 17:01 - 2013-11-18 18:30 - 00883616 _____ (Bleeping Computer, LLC) C:\Users\Jenny\FixExec.com
2013-11-10 16:55 - 2013-11-16 07:31 - 00000408 _____ C:\windows\Tasks\AVG-Secure-Search-Update_1013b_rmv.job
2013-11-10 16:55 - 2013-11-16 07:31 - 00000358 _____ C:\windows\Tasks\AVG-Secure-Search-Update_1013b_rel.job
2013-11-08 13:42 - 2013-11-16 08:01 - 01090529 _____ (Farbar) C:\Users\Jenny\FRST.COM
2013-11-08 13:42 - 2013-11-16 07:38 - 00059126 _____ C:\Users\Jenny\FRST.txt
2013-11-08 13:32 - 2013-11-08 13:32 - 00030976 _____ C:\windows\system32\Drivers\hitmanpro37.sys
2013-11-08 13:28 - 2013-11-08 13:28 - 00027046 _____ C:\windows\system32\.crusader
2013-11-08 13:19 - 2013-11-08 13:30 - 00000000 ____D C:\ProgramData\HitmanPro
2013-11-08 13:19 - 2013-11-08 13:20 - 09452704 _____ (SurfRight B.V.) C:\Users\Jenny\HitmanPro.exe
2013-11-08 07:18 - 2013-11-10 18:31 - 00015810 _____ C:\Users\Jenny\Desktop\attach.txt
2013-11-08 07:18 - 2013-11-10 18:30 - 00021440 _____ C:\Users\Jenny\Desktop\dds.txt
2013-11-08 06:33 - 2013-11-08 06:33 - 00000000 ____D C:\FRST
2013-11-08 06:13 - 2013-11-08 06:13 - 00000136 _____ C:\Users\Jenny\mseinstall.exe
2013-11-08 06:10 - 2013-11-15 23:46 - 02290984 _____ (Fusion Install        ) C:\Users\Jenny\Setup.exe
2013-11-08 06:10 - 2013-11-15 23:45 - 01898232 _____ (Bleeping Computer, LLC) C:\Users\Jenny\rkill.exe
2013-11-08 06:10 - 2013-11-15 23:14 - 13670584 _____ (Microsoft Corporation) C:\Users\Jenny\mseinstall (1).exe
2013-11-08 06:10 - 2013-07-16 19:55 - 09833328 _____ (SurfRight B.V.) C:\Users\Jenny\hitmanpro_x64.exe
2013-11-08 06:10 - 2011-11-25 09:07 - 07609104 _____ (Microsoft Corporation) C:\Users\Jenny\wet7xp_x86.exe
2013-11-08 06:07 - 2013-11-16 00:18 - 00106880 _____ C:\Users\Jenny\SAS_FixEXEfile.com
2013-11-08 06:02 - 2013-11-16 00:14 - 00002600 _____ C:\Users\Jenny\exe_fix.reg
2013-11-08 06:02 - 2013-11-15 23:45 - 00001205 _____ C:\Users\Jenny\FixNCR.reg
2013-11-08 05:55 - 2013-11-15 23:52 - 00894600 _____ (CNET Download.com) C:\Users\Jenny\cbsidlm-cbsi134-HitmanPro_3_32bit-SEO-10895604.exe
2013-11-08 05:54 - 2013-11-08 05:54 - 00000133 _____ C:\Users\Jenny\Hitmanpro32.exe
2013-11-07 22:04 - 2013-11-07 22:04 - 00000000 __RSH C:\MSDOS.SYS
2013-11-07 22:04 - 2013-11-07 22:04 - 00000000 __RSH C:\IO.SYS
2013-11-07 21:48 - 2013-11-07 21:48 - 09833328 _____ (SurfRight B.V.) C:\Users\Jenny\Downloads\hitmanpro_x64(1).exe
2013-11-07 21:46 - 2013-11-07 21:46 - 09833328 _____ (SurfRight B.V.) C:\Users\Jenny\Downloads\hitmanpro_x64.exe
2013-11-07 03:07 - 2013-10-12 01:04 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-11-07 03:07 - 2013-10-12 01:03 - 01767936 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-11-07 03:07 - 2013-10-12 01:03 - 01138176 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-11-07 03:07 - 2013-10-12 01:02 - 14355968 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-11-07 03:07 - 2013-10-12 01:02 - 13761024 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-11-07 03:07 - 2013-10-12 01:02 - 02877952 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-11-07 03:07 - 2013-10-12 01:02 - 02049024 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-11-07 03:07 - 2013-10-12 01:02 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-11-07 03:07 - 2013-10-12 01:02 - 00493056 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-11-07 03:07 - 2013-10-12 01:02 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-11-07 03:07 - 2013-10-12 01:02 - 00109056 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-11-07 03:07 - 2013-10-12 01:02 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-11-07 03:07 - 2013-10-12 01:02 - 00039424 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-11-07 03:07 - 2013-10-12 01:02 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-11-07 03:07 - 2013-10-12 00:08 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-11-07 03:07 - 2013-10-11 23:15 - 00071680 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-11-07 02:27 - 2013-10-11 20:03 - 00656896 _____ (Microsoft Corporation) C:\windows\system32\nshwfp.dll
2013-11-07 02:27 - 2013-10-11 20:01 - 00679424 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
2013-11-07 02:27 - 2013-10-11 20:01 - 00216576 _____ (Microsoft Corporation) C:\windows\system32\FWPUCLNT.DLL
2013-11-07 02:27 - 2013-10-05 13:57 - 01168384 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2013-11-07 02:27 - 2013-10-03 19:58 - 00152576 _____ (Microsoft Corporation) C:\windows\system32\SmartcardCredentialProvider.dll
2013-11-07 02:27 - 2013-10-03 19:56 - 01796096 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2013-11-07 02:27 - 2013-10-03 19:56 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\credui.dll
2013-11-07 02:27 - 2013-10-02 19:58 - 00305152 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2013-11-07 02:27 - 2013-09-24 20:01 - 00136640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2013-11-07 02:27 - 2013-09-24 20:01 - 00067520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2013-11-07 02:27 - 2013-09-24 19:57 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2013-11-07 02:27 - 2013-09-24 19:57 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2013-11-07 02:27 - 2013-09-24 19:57 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2013-11-07 02:27 - 2013-09-24 19:56 - 01038848 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2013-11-07 02:27 - 2013-09-24 19:56 - 00220160 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2013-11-07 02:27 - 2013-09-24 18:49 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2013-11-07 02:27 - 2013-09-24 18:49 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2013-11-07 02:27 - 2013-07-04 06:16 - 00369848 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2013-11-02 06:38 - 2013-11-02 06:38 - 00000000 ____D C:\Users\Mario\AppData\Local\Apps\2.0
2013-11-01 19:00 - 2013-11-01 19:00 - 00000000 ____D C:\Users\Mario\AppData\Local\{63CCBC89-BFAF-408A-B02C-8DD64E1D5C37}
2013-11-01 16:24 - 2013-11-01 16:25 - 00000000 ____D C:\Users\Mario\AppData\Local\{C7318045-2DC5-4FFB-889D-ECAA1D1EEDF7}
2013-11-01 16:23 - 2013-11-01 16:24 - 00000000 ____D C:\Users\Mario\AppData\Local\{539B559A-EDC3-48E8-817B-0922CE374E99}
2013-11-01 05:13 - 2013-11-01 05:13 - 00000000 ____D C:\Users\Mario\AppData\Local\{F6672F15-2699-44EB-BBBA-A209B7B19E75}
2013-11-01 05:12 - 2013-11-01 05:12 - 00000000 ____D C:\Users\Mario\AppData\Local\{725032EF-E8B6-44F7-9176-4CC987063847}
2013-11-01 05:07 - 2013-11-01 05:07 - 00000000 ____D C:\Users\Mario\AppData\Local\{0D5691B7-7D41-41F9-9C02-53932E18B3DD}
2013-11-01 05:00 - 2013-11-01 05:00 - 00000000 ____D C:\Users\Mario\AppData\Local\{03907E15-8481-4D43-9865-7A808CEF4138}
2013-11-01 04:49 - 2013-11-01 04:49 - 00000000 ____D C:\Users\Mario\AppData\Local\{F62D6BA2-BC77-4D44-AA76-AC4ACC3732AE}
2013-11-01 02:01 - 2013-11-01 02:01 - 00003046 _____ C:\Users\Mario\Documents\My Movie.wlmp
2013-11-01 01:57 - 2013-11-01 01:58 - 00000000 ____D C:\Users\Mario\AppData\Local\{085C2B35-7063-4938-B0A8-8225697066CD}
2013-11-01 01:47 - 2013-11-01 01:47 - 00000000 ____D C:\Users\Mario\AppData\Local\{7E2675DE-B28D-451C-8D86-22E0CC9C898C}
2013-11-01 01:47 - 2013-11-01 01:47 - 00000000 ____D C:\Users\Mario\AppData\Local\{7B0A3C36-1955-412A-B6EA-11DE2F14C6CA}
2013-10-31 23:26 - 2013-10-31 23:26 - 00000000 ___RD C:\Users\Mario\Documents\Notes
2013-10-31 23:20 - 2013-10-31 23:20 - 00001063 _____ C:\Users\Mario\Desktop\Music - Shortcut.lnk
2013-10-31 21:12 - 2013-11-01 05:48 - 00000000 ____D C:\Users\Mario\AppData\Local\PMB Files
2013-10-31 08:07 - 2013-10-31 08:07 - 00844752 _____ (Google Inc.) C:\Users\Jenny\Downloads\chrome(3).exe
2013-10-31 07:40 - 2013-10-31 07:40 - 00274840 _____ (Mozilla Corporation) C:\Users\Jenny\Downloads\firefox(2).exe
2013-10-29 18:52 - 2013-10-29 18:52 - 00000000 ____D C:\Users\Mario\AppData\Roaming\Template
2013-10-29 18:52 - 2013-10-29 18:52 - 00000000 _____ C:\Users\Mario\AppData\Roaming\wklnhst.dat
2013-10-27 01:39 - 2013-10-27 01:39 - 00113152 _____ (Microsoft Corporation) C:\Users\Jenny\Downloads\control(1).exe
2013-10-27 01:10 - 2013-10-27 01:10 - 01688424 _____ (Goobzo Ltd.) C:\Users\Jenny\Downloads\smu(2).exe
2013-10-27 01:06 - 2013-10-27 01:06 - 00770648 _____ (Microsoft Corporation) C:\Users\Jenny\Downloads\iexplore.exe
2013-10-27 01:02 - 2013-10-27 01:02 - 00081920 _____ (Microsoft Corporation) C:\Users\Jenny\Downloads\SystemPropertiesPerformance.exe
2013-10-27 00:46 - 2013-10-27 00:46 - 01131008 _____ (Microsoft Corporation) C:\Users\Jenny\Downloads\sdclt.exe
2013-10-27 00:43 - 2013-10-27 00:42 - 00586752 _____ (Microsoft Corporation) C:\Users\Jenny\Downloads\dfrgui.exe
2013-10-27 00:32 - 2013-10-27 00:32 - 00044544 _____ (Microsoft Corporation) C:\Users\Jenny\Downloads\rundll32.exe
2013-10-26 23:58 - 2013-10-26 23:58 - 00113152 _____ (Microsoft Corporation) C:\Users\Jenny\Downloads\control.exe
2013-10-26 23:45 - 2013-10-31 07:58 - 00844752 _____ (Google Inc.) C:\Users\Jenny\Downloads\chrome(1)(1).exe
2013-10-26 23:44 - 2013-10-26 23:44 - 00739856 _____ (Google Inc.) C:\Users\Jenny\Downloads\chrome_installer(1).exe
2013-10-26 23:42 - 2013-10-26 23:42 - 00000000 ____D C:\Users\Jenny\AppData\Local\{7185D56B-1274-4AE3-896B-7ED51EA5E981}
2013-10-26 23:15 - 2013-10-26 23:15 - 00844752 _____ (Google Inc.) C:\Users\Jenny\Downloads\chrome(2)(1).exe
2013-10-26 23:14 - 2013-10-26 23:14 - 00844752 _____ (Google Inc.) C:\Users\Jenny\Downloads\chrome(2).exe
2013-10-26 11:14 - 2013-10-26 11:13 - 00844752 _____ (Google Inc.) C:\Users\Jenny\Downloads\chrome(1).exe
2013-10-26 11:09 - 2013-10-26 11:09 - 00000000 ____D C:\Users\Jenny\AppData\Local\{1C7CCCB2-24DA-483F-AD34-0587EE353034}
2013-10-26 11:04 - 2013-10-26 11:04 - 00844752 _____ (Google Inc.) C:\Users\Jenny\Downloads\chrome.exe
2013-10-26 10:30 - 2013-10-26 10:30 - 00001724 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-10-26 10:28 - 2013-10-26 10:30 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-10-26 10:28 - 2013-10-26 10:28 - 00000000 ____D C:\Program Files\iPod
2013-10-25 08:42 - 2013-11-06 22:56 - 00000000 ___RD C:\Users\Jenny\Desktop\New Briefcase
2013-10-24 20:42 - 2013-10-25 08:41 - 00000000 ____D C:\Users\Jenny\AppData\Local\{3A0245DB-D07B-443F-939E-A899B02FA437}
2013-10-24 20:42 - 2013-10-24 20:43 - 00000000 ____D C:\Users\Jenny\AppData\Local\{4A0D76CB-E6C0-43AA-AC21-A33D2AAD07FB}
2013-10-24 20:42 - 2013-10-24 20:42 - 00000000 ____D C:\Users\Jenny\AppData\Roaming\Windows Live Writer
2013-10-24 20:42 - 2013-10-24 20:42 - 00000000 ____D C:\Users\Jenny\AppData\Local\Windows Live Writer
2013-10-24 17:26 - 2013-10-24 17:27 - 05795152 _____ (TeamViewer GmbH) C:\Users\Jenny\Downloads\TeamViewer_Setup_en.exe
2013-10-24 17:25 - 2013-10-24 17:26 - 04432832 _____ (TeamViewer) C:\Users\Jenny\Downloads\TeamViewerQS_en.exe
2013-10-24 17:11 - 2013-10-24 17:11 - 00079872 _____ (Microsoft Corporation) C:\Users\Jenny\Downloads\eventvwr(1).exe
2013-10-24 17:10 - 2013-10-24 17:10 - 01688424 _____ (Goobzo Ltd.) C:\Users\Jenny\Downloads\smu(1).exe
2013-10-24 17:07 - 2013-10-24 17:07 - 00739608 _____ C:\Users\Jenny\Downloads\AA_v3.exe
2013-10-24 17:04 - 2013-10-24 17:03 - 00079872 _____ (Microsoft Corporation) C:\Users\Jenny\Downloads\eventvwr.exe
2013-10-24 07:05 - 2013-10-24 07:05 - 03598968 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Jenny\Downloads\avgui(1).exe
2013-10-21 23:47 - 2013-10-21 23:47 - 00983040 _____ (Microsoft Corporation) C:\Users\Jenny\Downloads\msdt.exe
2013-10-21 22:29 - 2013-10-21 22:29 - 09789256 _____ (Apple Inc.) C:\Users\Jenny\Downloads\iTunes.exe
2013-10-21 18:52 - 2013-10-21 18:52 - 00000000 _____ C:\Users\Jenny\Downloads\SAS_066B(1)(1).EXE
2013-10-21 18:51 - 2013-10-21 18:51 - 03598968 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Jenny\Downloads\avgui.exe
2013-10-21 18:39 - 2013-10-21 18:38 - 00000000 _____ C:\Users\Jenny\Downloads\SAS_066B(2).EXE
2013-10-21 16:26 - 2013-10-21 16:26 - 00316360 _____ (Azureus Software, Inc) C:\Users\Jenny\Downloads\Azureus.exe
2013-10-21 16:10 - 2013-10-21 16:10 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Jenny\Downloads\mbam-setup-1.75.0.1300(1).exe
2013-10-21 16:07 - 2013-10-21 16:03 - 00144384 _____ (Microsoft Corporation) C:\Users\Jenny\Downloads\EhTray.exe
2013-10-21 15:38 - 2013-10-21 15:38 - 00091648 _____ (Microsoft Corporation) C:\Users\Jenny\Downloads\DeviceProperties(1).exe
2013-10-21 15:36 - 2013-10-21 15:36 - 00274840 _____ (Mozilla Corporation) C:\Users\Jenny\Downloads\firefox.exe
2013-10-21 15:36 - 2013-10-21 15:36 - 00274840 _____ (Mozilla Corporation) C:\Users\Jenny\Downloads\firefox(1).exe
2013-10-21 15:25 - 2013-10-21 15:25 - 00000000 _____ C:\Users\Jenny\Downloads\SAS_066B(1).EXE
2013-10-21 15:14 - 2013-10-21 15:14 - 00091648 _____ (Microsoft Corporation) C:\Users\Jenny\Downloads\DeviceProperties.exe
2013-10-21 15:11 - 2013-10-21 15:11 - 01799976 _____ (INSTALLER_COMPANY_NAME) C:\Users\Jenny\Downloads\Express_Installer(1).exe
2013-10-21 15:11 - 2013-10-21 15:11 - 01799976 _____ (INSTALLER_COMPANY_NAME) C:\Users\Jenny\Downloads\Express_Installer(1)(1).exe
2013-10-21 15:10 - 2013-10-21 15:10 - 01688424 _____ (Goobzo Ltd.) C:\Users\Jenny\Downloads\smu.exe
2013-10-21 11:02 - 2013-10-21 11:07 - 28128376 _____ (SUPERAntiSpyware) C:\Users\Jenny\Downloads\SAS_066B.EXE
2013-10-21 11:01 - 2013-10-21 11:06 - 28128376 _____ (SUPERAntiSpyware) C:\Users\Jenny\Downloads\SAS_403B074.EXE
2013-10-21 10:30 - 2013-10-21 10:30 - 00001063 _____ C:\Users\Jenny\Desktop\STORE N GO - Shortcut.lnk
2013-10-21 09:50 - 2013-10-21 09:49 - 00423709 _____ C:\Users\Jenny\AppData\Local\mysearchdial_speedial_v9.0.2.crx
2013-10-21 09:49 - 2013-10-21 09:49 - 00000363 _____ C:\Users\Public\Desktop\Online Games.url
2013-10-21 09:49 - 2013-10-21 09:49 - 00000000 ____D C:\Program Files\7-Zip
2013-10-21 09:42 - 2013-10-21 09:42 - 01799976 _____ (INSTALLER_COMPANY_NAME) C:\Users\Jenny\Downloads\Express_Installer.exe
2013-10-21 09:41 - 2013-10-21 09:42 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Jenny\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-21 09:19 - 2013-10-21 09:19 - 00000000 ____D C:\Users\Jenny\AppData\Local\{380C0E1A-25B7-49A4-95E0-835EBD7048A7}
2013-10-20 20:14 - 2013-11-07 21:56 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-20 19:24 - 2013-10-20 19:24 - 00000000 ____D C:\Users\Jenny\AppData\Local\Macromedia
2013-10-20 19:19 - 2013-10-21 04:49 - 00000000 ____D C:\Users\Jenny\AppData\Local\Mozilla
2013-10-20 19:07 - 2013-10-20 19:07 - 00000000 ____D C:\Users\Jenny\AppData\Local\{B82D4A1D-0A58-4782-8784-5C7AC05D00BB}
2013-10-20 00:18 - 2013-10-20 00:18 - 00000000 ____D C:\Users\Mario\AppData\Local\Macromedia
2013-10-20 00:08 - 2013-10-21 04:49 - 00000000 ____D C:\Program Files\Mozilla Firefox.bak
2013-10-20 00:08 - 2013-10-20 00:08 - 00000000 ____D C:\Users\Mario\AppData\Local\Mozilla
2013-10-20 00:08 - 2013-10-20 00:08 - 00000000 ____D C:\ProgramData\Mozilla
2013-10-20 00:07 - 2013-10-20 00:07 - 22404568 _____ (Mozilla) C:\Users\Jenny\Downloads\Firefox_Setup [1].exe
2013-10-20 00:05 - 2013-11-03 13:35 - 00000000 ____D C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GreatArcadeHits
2013-10-20 00:05 - 2013-10-20 00:05 - 00000000 ____D C:\Users\Mario\AppData\Local\GreatArcadeHits
2013-10-20 00:02 - 2013-10-20 00:02 - 00680344 _____ C:\Users\Mario\Downloads\8504.tmp
2013-10-19 23:14 - 2013-10-21 04:54 - 00000000 ____D C:\Program Files\FFMPEG
2013-10-19 23:10 - 2013-10-19 23:11 - 02337842 _____ C:\Users\Mario\Documents\Uploads - YouTube.mp4
2013-10-19 23:10 - 2013-10-19 23:10 - 00000000 ____D C:\ProgramData\SPEEDbit
2013-10-19 15:27 - 2013-10-19 15:27 - 00000000 ____D C:\Users\Mario\AppData\Local\{82D64DA0-EAD3-45A5-82C5-C69C98D5612C}
2013-10-18 02:42 - 2013-10-18 02:42 - 00000000 ____D C:\Users\Mario\Tracing
2013-10-18 02:41 - 2013-11-06 21:48 - 00000000 ____D C:\Users\Mario\AppData\Roaming\Mozilla
2013-10-18 02:40 - 2013-11-14 19:45 - 00000908 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1371066696-2541907487-2819943252-1003UA.job
2013-10-18 02:40 - 2013-11-07 03:45 - 00000856 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1371066696-2541907487-2819943252-1003Core.job
2013-10-18 00:50 - 2013-10-26 11:09 - 00000000 ____D C:\Users\Jenny\AppData\Local\Windows Live
 
==================== One Month Modified Files and Folders =======
 
2013-11-24 09:11 - 2013-11-16 07:41 - 01091583 _____ (Farbar) C:\Users\Jenny\Desktop\FRST.com
2013-11-22 20:23 - 2013-11-14 18:52 - 00601648 _____ C:\Users\Jenny\Desktop\Setup.exe
2013-11-22 19:46 - 2013-11-14 18:41 - 00139264 _____ C:\Users\Jenny\Desktop\SystemLook.com
2013-11-21 19:44 - 2013-11-13 18:18 - 03679744 _____ C:\Users\Jenny\Desktop\RogueKiller.com
2013-11-21 19:44 - 2013-11-13 18:18 - 01085542 _____ C:\Users\Jenny\Desktop\adwcleaner.com
2013-11-21 19:44 - 2013-11-13 18:18 - 01034531 _____ (Thisisu) C:\Users\Jenny\Desktop\JRT.com
2013-11-18 18:30 - 2013-11-14 19:01 - 00883616 _____ (Bleeping Computer, LLC) C:\Users\Jenny\Desktop\FixExec.com
2013-11-18 18:30 - 2013-11-10 17:01 - 00883616 _____ (Bleeping Computer, LLC) C:\Users\Jenny\FixExec.com
2013-11-16 08:01 - 2013-11-08 13:42 - 01090529 _____ (Farbar) C:\Users\Jenny\FRST.COM
2013-11-16 07:43 - 2013-11-16 07:42 - 00019800 _____ C:\Users\Jenny\Desktop\FRST.txt
2013-11-16 07:39 - 2012-01-14 13:12 - 00000000 ____D C:\Users\Jenny\AppData\Local\CrashDumps
2013-11-16 07:38 - 2013-11-08 13:42 - 00059126 _____ C:\Users\Jenny\FRST.txt
2013-11-16 07:35 - 2009-12-25 22:32 - 00000000 ____D C:\Users\Jenny
2013-11-16 07:34 - 2009-07-13 22:34 - 00015792 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-16 07:34 - 2009-07-13 22:34 - 00015792 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-16 07:32 - 2009-09-01 23:32 - 00726316 _____ C:\windows\system32\PerfStringBackup.INI
2013-11-16 07:31 - 2013-11-10 16:55 - 00000408 _____ C:\windows\Tasks\AVG-Secure-Search-Update_1013b_rmv.job
2013-11-16 07:31 - 2013-11-10 16:55 - 00000358 _____ C:\windows\Tasks\AVG-Secure-Search-Update_1013b_rel.job
2013-11-16 07:31 - 2013-10-10 01:58 - 00001316 _____ C:\windows\Tasks\Allyrics-2-updater.job
2013-11-16 07:31 - 2009-12-28 19:56 - 00000880 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-16 07:31 - 2009-11-06 08:25 - 01714709 _____ C:\windows\WindowsUpdate.log
2013-11-16 07:30 - 2010-11-05 18:39 - 00000000 ____D C:\windows\system32\Drivers\AVG
2013-11-16 07:26 - 2013-10-09 22:23 - 00065536 _____ C:\windows\system32\Ikeext.etl
2013-11-16 07:26 - 2012-03-08 16:36 - 00032642 _____ C:\windows\setupact.log
2013-11-16 07:26 - 2011-10-21 20:45 - 00000000 ____D C:\Program Files\Common Files\Akamai
2013-11-16 07:26 - 2009-07-13 22:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-11-16 00:18 - 2013-11-08 06:07 - 00106880 _____ C:\Users\Jenny\SAS_FixEXEfile.com
2013-11-16 00:14 - 2013-11-08 06:02 - 00002600 _____ C:\Users\Jenny\exe_fix.reg
2013-11-15 23:52 - 2013-11-08 05:55 - 00894600 _____ (CNET Download.com) C:\Users\Jenny\cbsidlm-cbsi134-HitmanPro_3_32bit-SEO-10895604.exe
2013-11-15 23:46 - 2013-11-08 06:10 - 02290984 _____ (Fusion Install        ) C:\Users\Jenny\Setup.exe
2013-11-15 23:45 - 2013-11-08 06:10 - 01898232 _____ (Bleeping Computer, LLC) C:\Users\Jenny\rkill.exe
2013-11-15 23:45 - 2013-11-08 06:02 - 00001205 _____ C:\Users\Jenny\FixNCR.reg
2013-11-15 23:14 - 2013-11-08 06:10 - 13670584 _____ (Microsoft Corporation) C:\Users\Jenny\mseinstall (1).exe
2013-11-14 19:45 - 2013-10-18 02:40 - 00000908 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1371066696-2541907487-2819943252-1003UA.job
2013-11-14 19:44 - 2013-10-07 12:46 - 00000908 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1371066696-2541907487-2819943252-1000UA.job
2013-11-14 19:39 - 2009-07-13 20:37 - 00000000 ____D C:\windows\tracing
2013-11-14 19:35 - 2013-11-14 18:59 - 00001074 _____ C:\Users\Jenny\Desktop\SystemLook.txt
2013-11-14 19:11 - 2009-12-28 19:56 - 00000884 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-14 19:01 - 2013-11-10 17:02 - 00001238 _____ C:\Users\Jenny\Desktop\FixExec.txt
2013-11-14 18:53 - 2013-11-14 18:53 - 00002853 _____ C:\Users\Jenny\Desktop\Continue AnyProtect Installation.pif
2013-11-13 19:22 - 2013-04-03 07:05 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-11-13 18:43 - 2013-11-10 17:54 - 00000000 ____D C:\AdwCleaner
2013-11-13 18:36 - 2013-11-13 18:19 - 00000000 ____D C:\Users\Jenny\Desktop\RK_Quarantine
2013-11-13 18:20 - 2013-11-13 18:20 - 00026624 _____ C:\windows\system32\TrueSight.sys
2013-11-10 20:23 - 2013-11-10 20:23 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-11-10 18:31 - 2013-11-08 07:18 - 00015810 _____ C:\Users\Jenny\Desktop\attach.txt
2013-11-10 18:30 - 2013-11-08 07:18 - 00021440 _____ C:\Users\Jenny\Desktop\dds.txt
2013-11-10 18:01 - 2013-01-08 16:44 - 00001036 _____ C:\Users\Jenny\Desktop\Internet Explorer.lnk
2013-11-10 18:01 - 2009-12-25 22:34 - 00001066 _____ C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-10 17:50 - 2009-12-28 20:02 - 00002133 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-11-10 16:55 - 2013-10-10 01:58 - 00000000 ____D C:\Program Files\AVG SafeGuard toolbar
2013-11-08 13:32 - 2013-11-08 13:32 - 00030976 _____ C:\windows\system32\Drivers\hitmanpro37.sys
2013-11-08 13:30 - 2013-11-08 13:19 - 00000000 ____D C:\ProgramData\HitmanPro
2013-11-08 13:28 - 2013-11-08 13:28 - 00027046 _____ C:\windows\system32\.crusader
2013-11-08 13:20 - 2013-11-08 13:19 - 09452704 _____ (SurfRight B.V.) C:\Users\Jenny\HitmanPro.exe
2013-11-08 07:04 - 2012-03-17 14:16 - 00015916 _____ C:\windows\PFRO.log
2013-11-08 06:33 - 2013-11-08 06:33 - 00000000 ____D C:\FRST
2013-11-08 06:13 - 2013-11-08 06:13 - 00000136 _____ C:\Users\Jenny\mseinstall.exe
2013-11-08 05:54 - 2013-11-08 05:54 - 00000133 _____ C:\Users\Jenny\Hitmanpro32.exe
2013-11-07 22:45 - 2013-10-07 12:47 - 00000000 ____D C:\Users\Jenny\AppData\Roaming\Mozilla
2013-11-07 22:04 - 2013-11-07 22:04 - 00000000 __RSH C:\MSDOS.SYS
2013-11-07 22:04 - 2013-11-07 22:04 - 00000000 __RSH C:\IO.SYS
2013-11-07 21:57 - 2009-12-25 22:35 - 00000000 ____D C:\Users\Jenny\AppData\Local\Google
2013-11-07 21:57 - 2009-09-01 23:47 - 00000000 ____D C:\ProgramData\Google
2013-11-07 21:57 - 2009-09-01 23:47 - 00000000 ____D C:\Program Files\Google
2013-11-07 21:56 - 2013-10-20 20:14 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-07 21:48 - 2013-11-07 21:48 - 09833328 _____ (SurfRight B.V.) C:\Users\Jenny\Downloads\hitmanpro_x64(1).exe
2013-11-07 21:46 - 2013-11-07 21:46 - 09833328 _____ (SurfRight B.V.) C:\Users\Jenny\Downloads\hitmanpro_x64.exe
2013-11-07 21:45 - 2009-07-13 20:37 - 00000000 ____D C:\windows\system32\NDF
2013-11-07 12:03 - 2009-07-13 20:37 - 00000000 ____D C:\windows\rescache
2013-11-07 03:45 - 2013-10-18 02:40 - 00000856 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1371066696-2541907487-2819943252-1003Core.job
2013-11-07 03:11 - 2009-11-06 08:38 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-07 03:07 - 2013-09-15 02:02 - 00000000 ____D C:\windows\system32\MRT
2013-11-07 03:01 - 2013-04-13 21:49 - 80340640 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-11-06 22:56 - 2013-10-25 08:42 - 00000000 ___RD C:\Users\Jenny\Desktop\New Briefcase
2013-11-06 22:56 - 2009-07-13 20:37 - 00000000 ____D C:\windows\system32\wfp
2013-11-06 22:56 - 2009-07-13 20:37 - 00000000 ____D C:\windows\registration
2013-11-06 21:48 - 2013-10-18 02:41 - 00000000 ____D C:\Users\Mario\AppData\Roaming\Mozilla
2013-11-06 20:58 - 2013-10-02 09:10 - 00000000 ____D C:\Users\Mario
2013-11-06 10:46 - 2013-10-02 10:02 - 00000000 ____D C:\Users\Mario\AppData\Local\Apple Computer
2013-11-06 10:46 - 2013-10-02 09:11 - 00000000 ____D C:\Users\Mario\AppData\Roaming\Apple Computer
2013-11-03 13:35 - 2013-10-20 00:05 - 00000000 ____D C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GreatArcadeHits
2013-11-03 05:44 - 2013-10-07 12:46 - 00000856 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1371066696-2541907487-2819943252-1000Core.job
2013-11-02 06:38 - 2013-11-02 06:38 - 00000000 ____D C:\Users\Mario\AppData\Local\Apps\2.0
2013-11-01 19:00 - 2013-11-01 19:00 - 00000000 ____D C:\Users\Mario\AppData\Local\{63CCBC89-BFAF-408A-B02C-8DD64E1D5C37}
2013-11-01 16:37 - 2010-11-05 18:39 - 00000000 ____D C:\ProgramData\AVG10
2013-11-01 16:25 - 2013-11-01 16:24 - 00000000 ____D C:\Users\Mario\AppData\Local\{C7318045-2DC5-4FFB-889D-ECAA1D1EEDF7}
2013-11-01 16:25 - 2013-10-10 09:17 - 00000000 ____D C:\Users\Mario\AppData\Local\CrashDumps
2013-11-01 16:24 - 2013-11-01 16:23 - 00000000 ____D C:\Users\Mario\AppData\Local\{539B559A-EDC3-48E8-817B-0922CE374E99}
2013-11-01 05:48 - 2013-10-31 21:12 - 00000000 ____D C:\Users\Mario\AppData\Local\PMB Files
2013-11-01 05:26 - 2013-10-02 12:39 - 00000000 ____D C:\Users\Mario\Desktop\vuze torrents
2013-11-01 05:13 - 2013-11-01 05:13 - 00000000 ____D C:\Users\Mario\AppData\Local\{F6672F15-2699-44EB-BBBA-A209B7B19E75}
2013-11-01 05:12 - 2013-11-01 05:12 - 00000000 ____D C:\Users\Mario\AppData\Local\{725032EF-E8B6-44F7-9176-4CC987063847}
2013-11-01 05:07 - 2013-11-01 05:07 - 00000000 ____D C:\Users\Mario\AppData\Local\{0D5691B7-7D41-41F9-9C02-53932E18B3DD}
2013-11-01 05:00 - 2013-11-01 05:00 - 00000000 ____D C:\Users\Mario\AppData\Local\{03907E15-8481-4D43-9865-7A808CEF4138}
2013-11-01 04:49 - 2013-11-01 04:49 - 00000000 ____D C:\Users\Mario\AppData\Local\{F62D6BA2-BC77-4D44-AA76-AC4ACC3732AE}
2013-11-01 04:35 - 2013-10-02 12:03 - 00000000 ____D C:\Users\Mario\AppData\Roaming\Azureus
2013-11-01 02:01 - 2013-11-01 02:01 - 00003046 _____ C:\Users\Mario\Documents\My Movie.wlmp
2013-11-01 01:58 - 2013-11-01 01:57 - 00000000 ____D C:\Users\Mario\AppData\Local\{085C2B35-7063-4938-B0A8-8225697066CD}
2013-11-01 01:47 - 2013-11-01 01:47 - 00000000 ____D C:\Users\Mario\AppData\Local\{7E2675DE-B28D-451C-8D86-22E0CC9C898C}
2013-11-01 01:47 - 2013-11-01 01:47 - 00000000 ____D C:\Users\Mario\AppData\Local\{7B0A3C36-1955-412A-B6EA-11DE2F14C6CA}
2013-10-31 23:26 - 2013-10-31 23:26 - 00000000 ___RD C:\Users\Mario\Documents\Notes
2013-10-31 23:20 - 2013-10-31 23:20 - 00001063 _____ C:\Users\Mario\Desktop\Music - Shortcut.lnk
2013-10-31 14:44 - 2013-10-08 18:46 - 00000000 ____D C:\Hard Disk drive c
2013-10-31 14:44 - 2013-10-04 18:29 - 00000000 ____D C:\Users\Jenny\.swt
2013-10-31 14:44 - 2009-07-13 20:37 - 00000000 ___HD C:\windows\system32\GroupPolicy
2013-10-31 14:44 - 2009-07-13 20:37 - 00000000 ____D C:\windows\AppCompat
2013-10-31 08:07 - 2013-10-31 08:07 - 00844752 _____ (Google Inc.) C:\Users\Jenny\Downloads\chrome(3).exe
2013-10-31 07:58 - 2013-10-26 23:45 - 00844752 _____ (Google Inc.) C:\Users\Jenny\Downloads\chrome(1)(1).exe
2013-10-31 07:40 - 2013-10-31 07:40 - 00274840 _____ (Mozilla Corporation) C:\Users\Jenny\Downloads\firefox(2).exe
2013-10-29 18:52 - 2013-10-29 18:52 - 00000000 ____D C:\Users\Mario\AppData\Roaming\Template
2013-10-29 18:52 - 2013-10-29 18:52 - 00000000 _____ C:\Users\Mario\AppData\Roaming\wklnhst.dat
2013-10-29 04:29 - 2013-10-02 05:36 - 00000000 ____D C:\Users\Jenny\New folder
2013-10-28 13:47 - 2013-10-10 20:46 - 00000000 ____D C:\Users\Mario\AppData\Roaming\toshiba
2013-10-27 01:39 - 2013-10-27 01:39 - 00113152 _____ (Microsoft Corporation) C:\Users\Jenny\Downloads\control(1).exe
2013-10-27 01:10 - 2013-10-27 01:10 - 01688424 _____ (Goobzo Ltd.) C:\Users\Jenny\Downloads\smu(2).exe
2013-10-27 01:06 - 2013-10-27 01:06 - 00770648 _____ (Microsoft Corporation) C:\Users\Jenny\Downloads\iexplore.exe
2013-10-27 01:02 - 2013-10-27 01:02 - 00081920 _____ (Microsoft Corporation) C:\Users\Jenny\Downloads\SystemPropertiesPerformance.exe
2013-10-27 00:46 - 2013-10-27 00:46 - 01131008 _____ (Microsoft Corporation) C:\Users\Jenny\Downloads\sdclt.exe
2013-10-27 00:42 - 2013-10-27 00:43 - 00586752 _____ (Microsoft Corporation) C:\Users\Jenny\Downloads\dfrgui.exe
2013-10-27 00:32 - 2013-10-27 00:32 - 00044544 _____ (Microsoft Corporation) C:\Users\Jenny\Downloads\rundll32.exe
2013-10-26 23:58 - 2013-10-26 23:58 - 00113152 _____ (Microsoft Corporation) C:\Users\Jenny\Downloads\control.exe
2013-10-26 23:44 - 2013-10-26 23:44 - 00739856 _____ (Google Inc.) C:\Users\Jenny\Downloads\chrome_installer(1).exe
2013-10-26 23:42 - 2013-10-26 23:42 - 00000000 ____D C:\Users\Jenny\AppData\Local\{7185D56B-1274-4AE3-896B-7ED51EA5E981}
2013-10-26 23:15 - 2013-10-26 23:15 - 00844752 _____ (Google Inc.) C:\Users\Jenny\Downloads\chrome(2)(1).exe
2013-10-26 23:14 - 2013-10-26 23:14 - 00844752 _____ (Google Inc.) C:\Users\Jenny\Downloads\chrome(2).exe
2013-10-26 11:13 - 2013-10-26 11:14 - 00844752 _____ (Google Inc.) C:\Users\Jenny\Downloads\chrome(1).exe
2013-10-26 11:09 - 2013-10-26 11:09 - 00000000 ____D C:\Users\Jenny\AppData\Local\{1C7CCCB2-24DA-483F-AD34-0587EE353034}
2013-10-26 11:09 - 2013-10-18 00:50 - 00000000 ____D C:\Users\Jenny\AppData\Local\Windows Live
2013-10-26 11:04 - 2013-10-26 11:04 - 00844752 _____ (Google Inc.) C:\Users\Jenny\Downloads\chrome.exe
2013-10-26 10:30 - 2013-10-26 10:30 - 00001724 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-10-26 10:30 - 2013-10-26 10:28 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-10-26 10:30 - 2009-12-26 14:58 - 00000000 ____D C:\Program Files\iTunes
2013-10-26 10:28 - 2013-10-26 10:28 - 00000000 ____D C:\Program Files\iPod
2013-10-26 10:28 - 2009-12-26 14:55 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-10-25 08:41 - 2013-10-24 20:42 - 00000000 ____D C:\Users\Jenny\AppData\Local\{3A0245DB-D07B-443F-939E-A899B02FA437}
2013-10-24 20:43 - 2013-10-24 20:42 - 00000000 ____D C:\Users\Jenny\AppData\Local\{4A0D76CB-E6C0-43AA-AC21-A33D2AAD07FB}
2013-10-24 20:42 - 2013-10-24 20:42 - 00000000 ____D C:\Users\Jenny\AppData\Roaming\Windows Live Writer
2013-10-24 20:42 - 2013-10-24 20:42 - 00000000 ____D C:\Users\Jenny\AppData\Local\Windows Live Writer
2013-10-24 17:27 - 2013-10-24 17:26 - 05795152 _____ (TeamViewer GmbH) C:\Users\Jenny\Downloads\TeamViewer_Setup_en.exe
2013-10-24 17:26 - 2013-10-24 17:25 - 04432832 _____ (TeamViewer) C:\Users\Jenny\Downloads\TeamViewerQS_en.exe
2013-10-24 17:11 - 2013-10-24 17:11 - 00079872 _____ (Microsoft Corporation) C:\Users\Jenny\Downloads\eventvwr(1).exe
2013-10-24 17:10 - 2013-10-24 17:10 - 01688424 _____ (Goobzo Ltd.) C:\Users\Jenny\Downloads\smu(1).exe
2013-10-24 17:07 - 2013-10-24 17:07 - 00739608 _____ C:\Users\Jenny\Downloads\AA_v3.exe
2013-10-24 17:03 - 2013-10-24 17:04 - 00079872 _____ (Microsoft Corporation) C:\Users\Jenny\Downloads\eventvwr.exe
2013-10-24 07:05 - 2013-10-24 07:05 - 03598968 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Jenny\Downloads\avgui(1).exe
2013-10-21 23:47 - 2013-10-21 23:47 - 00983040 _____ (Microsoft Corporation) C:\Users\Jenny\Downloads\msdt.exe
2013-10-21 22:29 - 2013-10-21 22:29 - 09789256 _____ (Apple Inc.) C:\Users\Jenny\Downloads\iTunes.exe
2013-10-21 18:52 - 2013-10-21 18:52 - 00000000 _____ C:\Users\Jenny\Downloads\SAS_066B(1)(1).EXE
2013-10-21 18:51 - 2013-10-21 18:51 - 03598968 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Jenny\Downloads\avgui.exe
2013-10-21 18:38 - 2013-10-21 18:39 - 00000000 _____ C:\Users\Jenny\Downloads\SAS_066B(2).EXE
2013-10-21 16:26 - 2013-10-21 16:26 - 00316360 _____ (Azureus Software, Inc) C:\Users\Jenny\Downloads\Azureus.exe
2013-10-21 16:10 - 2013-10-21 16:10 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Jenny\Downloads\mbam-setup-1.75.0.1300(1).exe
2013-10-21 16:03 - 2013-10-21 16:07 - 00144384 _____ (Microsoft Corporation) C:\Users\Jenny\Downloads\EhTray.exe
2013-10-21 15:38 - 2013-10-21 15:38 - 00091648 _____ (Microsoft Corporation) C:\Users\Jenny\Downloads\DeviceProperties(1).exe
2013-10-21 15:36 - 2013-10-21 15:36 - 00274840 _____ (Mozilla Corporation) C:\Users\Jenny\Downloads\firefox.exe
2013-10-21 15:36 - 2013-10-21 15:36 - 00274840 _____ (Mozilla Corporation) C:\Users\Jenny\Downloads\firefox(1).exe
2013-10-21 15:25 - 2013-10-21 15:25 - 00000000 _____ C:\Users\Jenny\Downloads\SAS_066B(1).EXE
2013-10-21 15:14 - 2013-10-21 15:14 - 00091648 _____ (Microsoft Corporation) C:\Users\Jenny\Downloads\DeviceProperties.exe
2013-10-21 15:11 - 2013-10-21 15:11 - 01799976 _____ (INSTALLER_COMPANY_NAME) C:\Users\Jenny\Downloads\Express_Installer(1).exe
2013-10-21 15:11 - 2013-10-21 15:11 - 01799976 _____ (INSTALLER_COMPANY_NAME) C:\Users\Jenny\Downloads\Express_Installer(1)(1).exe
2013-10-21 15:10 - 2013-10-21 15:10 - 01688424 _____ (Goobzo Ltd.) C:\Users\Jenny\Downloads\smu.exe
2013-10-21 11:07 - 2013-10-21 11:02 - 28128376 _____ (SUPERAntiSpyware) C:\Users\Jenny\Downloads\SAS_066B.EXE
2013-10-21 11:06 - 2013-10-21 11:01 - 28128376 _____ (SUPERAntiSpyware) C:\Users\Jenny\Downloads\SAS_403B074.EXE
2013-10-21 10:30 - 2013-10-21 10:30 - 00001063 _____ C:\Users\Jenny\Desktop\STORE N GO - Shortcut.lnk
2013-10-21 09:50 - 2010-09-16 21:39 - 00000000 ____D C:\Users\Jenny\AppData\Local\PMB Files
2013-10-21 09:49 - 2013-10-21 09:50 - 00423709 _____ C:\Users\Jenny\AppData\Local\mysearchdial_speedial_v9.0.2.crx
2013-10-21 09:49 - 2013-10-21 09:49 - 00000363 _____ C:\Users\Public\Desktop\Online Games.url
2013-10-21 09:49 - 2013-10-21 09:49 - 00000000 ____D C:\Program Files\7-Zip
2013-10-21 09:42 - 2013-10-21 09:42 - 01799976 _____ (INSTALLER_COMPANY_NAME) C:\Users\Jenny\Downloads\Express_Installer.exe
2013-10-21 09:42 - 2013-10-21 09:41 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Jenny\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-21 09:19 - 2013-10-21 09:19 - 00000000 ____D C:\Users\Jenny\AppData\Local\{380C0E1A-25B7-49A4-95E0-835EBD7048A7}
2013-10-21 09:19 - 2012-01-14 15:51 - 00000000 ____D C:\Users\Jenny\Tracing
2013-10-21 04:54 - 2013-10-19 23:14 - 00000000 ____D C:\Program Files\FFMPEG
2013-10-21 04:49 - 2013-10-20 19:19 - 00000000 ____D C:\Users\Jenny\AppData\Local\Mozilla
2013-10-21 04:49 - 2013-10-20 00:08 - 00000000 ____D C:\Program Files\Mozilla Firefox.bak
2013-10-20 19:24 - 2013-10-20 19:24 - 00000000 ____D C:\Users\Jenny\AppData\Local\Macromedia
2013-10-20 19:17 - 2011-10-15 06:29 - 00000000 ____D C:\Program Files\WildTangent Games
2013-10-20 19:17 - 2010-05-03 13:24 - 00000000 ____D C:\Users\Jenny\AppData\Roaming\WildTangent
2013-10-20 19:17 - 2009-09-01 23:34 - 00000000 ____D C:\ProgramData\WildTangent
2013-10-20 19:11 - 2013-10-10 02:09 - 00000000 ____D C:\Program Files\YTDownloader
2013-10-20 19:07 - 2013-10-20 19:07 - 00000000 ____D C:\Users\Jenny\AppData\Local\{B82D4A1D-0A58-4782-8784-5C7AC05D00BB}
2013-10-20 01:16 - 2013-10-02 09:12 - 00000000 ____D C:\Users\Mario\AppData\Local\Google
2013-10-20 00:18 - 2013-10-20 00:18 - 00000000 ____D C:\Users\Mario\AppData\Local\Macromedia
2013-10-20 00:08 - 2013-10-20 00:08 - 00000000 ____D C:\Users\Mario\AppData\Local\Mozilla
2013-10-20 00:08 - 2013-10-20 00:08 - 00000000 ____D C:\ProgramData\Mozilla
2013-10-20 00:07 - 2013-10-20 00:07 - 22404568 _____ (Mozilla) C:\Users\Jenny\Downloads\Firefox_Setup [1].exe
2013-10-20 00:05 - 2013-10-20 00:05 - 00000000 ____D C:\Users\Mario\AppData\Local\GreatArcadeHits
2013-10-20 00:02 - 2013-10-20 00:02 - 00680344 _____ C:\Users\Mario\Downloads\8504.tmp
2013-10-19 23:11 - 2013-10-19 23:10 - 02337842 _____ C:\Users\Mario\Documents\Uploads - YouTube.mp4
2013-10-19 23:10 - 2013-10-19 23:10 - 00000000 ____D C:\ProgramData\SPEEDbit
2013-10-19 15:27 - 2013-10-19 15:27 - 00000000 ____D C:\Users\Mario\AppData\Local\{82D64DA0-EAD3-45A5-82C5-C69C98D5612C}
2013-10-18 20:07 - 2013-10-10 01:58 - 00000000 ____D C:\Program Files\Allyrics-2
2013-10-18 03:47 - 2009-07-13 20:37 - 00000000 ____D C:\windows\Microsoft.NET
2013-10-18 02:42 - 2013-10-18 02:42 - 00000000 ____D C:\Users\Mario\Tracing
2013-10-18 00:57 - 2009-09-01 23:42 - 00000000 ____D C:\Program Files\Windows Live
2013-10-18 00:52 - 2009-07-13 20:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
 

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:42 PM

Posted 24 November 2013 - 01:47 PM


You have a ZeroAccess infection on this computer.

See if you can run this tool, in normal mode first, then Safe mode if you must.
Change the extension to .com if the .exe fails.

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
======

#3 mactiegre

mactiegre
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin, TX
  • Local time:08:42 PM

Posted 24 November 2013 - 02:32 PM

Nasdaq, thank you for your help. I hope this data is helpful in determining how to fix the problem. 

 

I was able to run Roguekiller from the desktop (unable to use run as adminstrator) after renaming it to .com. Report pasted below. 

We have performed this step on this computer before on the other thread. 

Also, AVG full scan showed 0 threats but rootkit scan function will not run. Also HitmanPro scan found 0 threats and only  one possible unwanted but legitimate program FLV Player http://www.bleepingcomputer.com/uninstall/2113/FLV-Player-1.3.3.html

. Logs available, not included here. 

 

RogueKiller V8.7.8 [Nov 14 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Jenny [Admin rights]
Mode : Scan -- Date : 11/16/2013 11:37:21
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 0 ¤¤¤
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [LOADED] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MK3263GSX ATA Device +++++
--- User ---
[MBR] e2a42df7b920a2480088166d36acef33
[BSP] 2273afcae0e45151daed3637a2b7886d : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 295636 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 608536576 | Size: 8108 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_11162013_113721.txt >>

Edited by mactiegre, 24 November 2013 - 09:19 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:42 PM

Posted 25 November 2013 - 08:32 AM


Go to this page.
http://www.sevenforums.com/tutorials/19449-default-file-type-associations-restore.html

Click the

.exe

link, download and run the .reg file.

Any luck?

If that fails then I suggest you start a new topic in the Windows 7 Forum
http://www.bleepingcomputer.com/forums/forum167.html

An expert with this Operating system may be able to find the problem.

Keep me posted.

#5 mactiegre

mactiegre
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin, TX
  • Local time:08:42 PM

Posted 25 November 2013 - 08:45 AM

Yes, that fixed it. Nasdaq, thank you again, have a great holiday season. 

Mac



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:42 PM

Posted 25 November 2013 - 09:31 AM

Glad we could help.

#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:42 PM

Posted 25 November 2013 - 09:31 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users