bikiniland

[Iowaparamed]

So somehow my office pc got bikiniland on it and after reading TwoHeadedEagle's posts I downloaded mbar. Problem was that every time I tried to run it the pc would restart. I restarted in safe mode and have been able to run mbar. I'll post the results

[kevinf80]

Hello and welome,

 

P2P/Piracy Warning:

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• 
  

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Post the two logs ffrom FRST, also post the two logs from MBAR..

 

Thanks,

 

Kevin.

[Iowaparamed]

Ok this is from my phone as I am still working on the pc. I was able to run farbar. But so far every time I attempt to run mbar other than in safe mode, it causes a reboot of the system. Any thoughts about what to do?

[kevinf80]

You did say that MBAR was ran successfully in safemode, all I ask is that you let me see those logs, I did not ask for it to be ran again. Also post logs from FRST.

[Iowaparamed]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-02-2015
Ran by Jane (administrator) on JANE-A916F8D39A on 16-02-2015 15:53:11
Running from C:\Documents and Settings\Jane\My Documents\Downloads
Loaded Profiles: Jane (Available profiles: Jane & Curtis & Matt)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(
ASUSTeK Computer Inc.) C:\Program Files\ASUS\GPU Boost Driver\GpuBoostServer.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\realplay.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(America Online, Inc.) C:\WINDOWS\system32\PackethSvc.exe
() C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
() C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
(Brand Affinity Technologies) C:\Program Files\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.exe
(IObit) C:\Program Files\IObit\Driver Booster\DriverBooster.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 7\DelayLoad.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [18790432 2010-01-29] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Gpu Boost Driver] => C:\Program Files\ASUS\GPU Boost Driver\GpuBoostServer.exe [1137280 2010-03-27] (
ASUSTeK Computer Inc.)
HKLM\...\Run: [RealTray] => C:\Program Files\Real\RealPlayer\RealPlay.exe [26112 2011-10-12] (RealNetworks, Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [947152 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2010-08-10] (Apple Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\avgrsstarter: C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\LMIinit: C:\WINDOWS\system32\LMIinit.dll (LogMeIn, Inc.)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-436374069-1614895754-682003330-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-436374069-1614895754-682003330-1003\...\MountPoints2: {fe4625b5-db91-11db-b9d7-806d6172696f} - D:\Setup.EXE
IFEO\FFVCFG.exe: [Debugger] C:\Program Files\IObit\Advanced SystemCare 7\AutoReactivator.exe
IFEO\FFVCheckForUpdates.exe: [Debugger] C:\Program Files\IObit\Advanced SystemCare 7\AutoReactivator.exe
IFEO\FreeFileViewer.exe: [Debugger] C:\Program Files\IObit\Advanced SystemCare 7\AutoReactivator.exe
Startup: C:\Documents and Settings\Curtis\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8620.lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8620.lnk -> C:\Program Files\HP\HP Officejet Pro 8620\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} -  No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-436374069-1614895754-682003330-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://binkiland.com/?f=1&a=bnk_ir_15_06&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtD0FyEtByEyE0EyC0A0DtN0D0Tzu0StCtCtAtBtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEtBtCtA0BtC0FyEtGyD0B0AtCtGtC0FtAyEtG0AyC0CyEtGyCtCzytDzy0C0A0AyBtA0E0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDyEtDtA0DyEtDtG0C0EtAyBtGyE0E0BzytGzy0DzytBtGtD0FtB0ByE0DtDtB0CyD0CtB2Q&cr=901421313&ir=
HKU\S-1-5-21-436374069-1614895754-682003330-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-436374069-1614895754-682003330-1003 - (No Name) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} -  No File
URLSearchHook: HKU\S-1-5-21-436374069-1614895754-682003330-1003 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} -  No File
URLSearchHook: HKU\S-1-5-21-436374069-1614895754-682003330-1003 - (No Name) - {26842a09-ffa8-4e2c-ae12-0c80f01c3295} -  No File
SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
SearchScopes: HKLM -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=tb50aoldesktopie7
SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_06&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtD0FyEtByEyE0EyC0A0DtN0D0Tzu0StCtCtAtBtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEtBtCtA0BtC0FyEtGyD0B0AtCtGtC0FtAyEtG0AyC0CyEtGyCtCzytDzy0C0A0AyBtA0E0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDyEtDtA0DyEtDtG0C0EtAyBtGyE0E0BzytGzy0DzytBtGtD0FtB0ByE0DtDtB0CyD0CtB2Q&cr=901421313&ir=
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^UX^xdm038^YY^us&si=google_directions&ptb=AD8DE84C-491D-4D3F-807E-60187F67C903&ind=2013032110&n=77fc6eae&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM -> {BF144835-A0ED-4C47-8BFB-1BBB97113BD9} URL = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
SearchScopes: HKLM -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKU\S-1-5-21-436374069-1614895754-682003330-1003 -> DefaultScope {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_06&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtD0FyEtByEyE0EyC0A0DtN0D0Tzu0StCtCtAtBtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEtBtCtA0BtC0FyEtGyD0B0AtCtGtC0FtAyEtG0AyC0CyEtGyCtCzytDzy0C0A0AyBtA0E0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDyEtDtA0DyEtDtG0C0EtAyBtGyE0E0BzytGzy0DzytBtGtD0FtB0ByE0DtDtB0CyD0CtB2Q&cr=901421313&ir=
SearchScopes: HKU\S-1-5-21-436374069-1614895754-682003330-1003 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
SearchScopes: HKU\S-1-5-21-436374069-1614895754-682003330-1003 -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL =
SearchScopes: HKU\S-1-5-21-436374069-1614895754-682003330-1003 -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_06&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtD0FyEtByEyE0EyC0A0DtN0D0Tzu0StCtCtAtBtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEtBtCtA0BtC0FyEtGyD0B0AtCtGtC0FtAyEtG0AyC0CyEtGyCtCzytDzy0C0A0AyBtA0E0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDyEtDtA0DyEtDtG0C0EtAyBtGyE0E0BzytGzy0DzytBtGtD0FtB0ByE0DtDtB0CyD0CtB2Q&cr=901421313&ir=
SearchScopes: HKU\S-1-5-21-436374069-1614895754-682003330-1003 -> {8ED9E20E-6BF6-41F7-89A5-6F9351D816CD} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=file0202ie&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtD0FyEtByEyE0EyC0A0DtN0D0Tzu0SyBzztBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=2033812561&ir=
SearchScopes: HKU\S-1-5-21-436374069-1614895754-682003330-1003 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://isearch.avg.com/search?cid={D501F91E-D740-4231-BD67-FF748F810857}&mid=d23dcf4916a0bbe372fbdbe9df1c76d7-a6a989b8055c0b6bde40d5e8e923ebb17c87ac5d〈=us&ds=AVG&pr=fr&d=2011-12-0908:04:25&v=12.2.5.32&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-436374069-1614895754-682003330-1003 -> {BF144835-A0ED-4C47-8BFB-1BBB97113BD9} URL =
SearchScopes: HKU\S-1-5-21-436374069-1614895754-682003330-1003 -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
BHO: No Name -> {03EB0E9C-7A91-4381-A220-9B52B641CDB1} ->  No File
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: No Name -> {10921475-03CE-4E04-90CE-E2E7EF20C814} ->  No File
BHO: No Name -> {1e91a655-bb4b-4693-a05e-2edebc4c9d89} ->  No File
BHO: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} ->  No File
BHO: No Name -> {71c1d63a-c944-428a-a5bd-ba513190e5d2} ->  No File
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO: No Name -> {8A86D350-37AB-410A-8531-7D1363F317B3} ->  No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: No Name -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} ->  No File
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM - No Name - {364ea597-e728-4ce4-bb4a-ed846ef47970} -  No File
Toolbar: HKLM - No Name - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} -  No File
Toolbar: HKLM - No Name - {10921475-03CE-4E04-90CE-E2E7EF20C814} -  No File
Toolbar: HKU\S-1-5-21-436374069-1614895754-682003330-1003 -> No Name - {DE9C389F-3316-41A7-809B-AA305ED9D922} -  No File
Toolbar: HKU\S-1-5-21-436374069-1614895754-682003330-1003 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKU\S-1-5-21-436374069-1614895754-682003330-1003 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-436374069-1614895754-682003330-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 03 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\w8lh5aib.default
FF DefaultSearchEngine: Binkiland
FF SearchEngineOrder.1: Mysearchdial
FF SelectedSearchEngine: Binkiland
FF Homepage: hxxp://binkiland.com/?f=1&a=bnk_ir_15_06&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtD0FyEtByEyE0EyC0A0DtN0D0Tzu0StCtCtAtBtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEtBtCtA0BtC0FyEtGyD0B0AtCtGtC0FtAyEtG0AyC0CyEtGyCtCzytDzy0C0A0AyBtA0E0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDyEtDtA0DyEtDtG0C0EtAyBtGyE0E0BzytGzy0DzytBtGtD0FtB0ByE0DtDtB0CyD0CtB2Q&cr=901421313&ir=
FF Keyword.URL: hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=AD8DE84C-491D-4D3F-807E-60187F67C903&n=77fc6c5b&ind=2013031515&p2=^UX^xdm038^YY^us&si=google_directions&searchfor=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @MapsGalaxy_39.com/Plugin -> C:\Program Files\MapsGalaxy_39\bar\1.bin\NP39Stub.dll No File
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF user.js: detected! => C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\w8lh5aib.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdnu.dll (AOL LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdnupdater2.dll (AOL LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\w8lh5aib.default\searchplugins\Binkiland.xml
FF SearchPlugin: C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\w8lh5aib.default\searchplugins\my-web-search.xml
FF SearchPlugin: C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\w8lh5aib.default\searchplugins\Mysearchdial.xml
FF SearchPlugin: C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\w8lh5aib.default\searchplugins\yahoo_ff.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\w8lh5aib.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2014-02-26]
FF HKLM\...\Firefox\Extensions: [{3f963a5b-e555-4543-90e2-c3908898db71}] - C:\Program Files\AVG\AVG8\Firefox
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-06-22]
FF HKLM\...\Firefox\Extensions: [39ffxtbr@MapsGalaxy_39.com] - C:\Program Files\MapsGalaxy_39\bar\1.bin
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-19]
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR HomePage: Default -> hxxp://binkiland.com/?f=1&a=bnk_ir_15_06&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtD0FyEtByEyE0EyC0A0DtN0D0Tzu0StCtCtAtBtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEtBtCtA0BtC0FyEtGyD0B0AtCtGtC0FtAyEtG0AyC0CyEtGyCtCzytDzy0C0A0AyBtA0E0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDyEtDtA0DyEtDtG0C0EtAyBtGyE0E0BzytGzy0DzytBtGtD0FtB0ByE0DtDtB0CyD0CtB2Q&cr=901421313&ir=
CHR StartupUrls: Default -> "hxxp://binkiland.com/?f=7&a=bnk_ir_15_06&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtD0FyEtByEyE0EyC0A0DtN0D0Tzu0StCtCtAtBtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEtBtCtA0BtC0FyEtGyD0B0AtCtGtC0FtAyEtG0AyC0CyEtGyCtCzytDzy0C0A0AyBtA0E0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDyEtDtA0DyEtDtG0C0EtAyBtGyE0E0BzytGzy0DzytBtGtD0FtB0ByE0DtDtB0CyD0CtB2Q&cr=901421313&ir=", "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> binkiland.com
CHR DefaultSearchURL: Default -> http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_06&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtD0FyEtByEyE0EyC0A0DtN0D0Tzu0StCtCtAtBtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEtBtCtA0BtC0FyEtGyD0B0AtCtGtC0FtAyEtG0AyC0CyEtGyCtCzytDzy0C0A0AyBtA0E0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDyEtDtA0DyEtDtG0C0EtAyBtGyE0E0BzytGzy0DzytBtGtD0FtB0ByE0DtDtB0CyD0CtB2Q&cr=901421313&ir=
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Profile: C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-27]
CHR Extension: (Google Drive) - C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-27]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]
CHR Extension: (YouTube) - C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-27]
CHR Extension: (Google Search) - C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-27]
CHR Extension: (Avast Online Security) - C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-04]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-27]
CHR Extension: (Fantapper) - C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ohgcjecomkebbohfjgmncelbhogbbokf [2014-08-27]
CHR Extension: (Gmail) - C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-27]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-07]
CHR HKLM\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files\Common Files\Spigot\GC\saebay_1.1.crx [2013-10-14]
CHR HKLM\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files\Common Files\Spigot\GC\ErrorAssistant_1.3.crx [2013-12-27]
CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Documents and Settings\Curtis\Local Settings\Application Data\Slick Savings\coupons.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [ohgcjecomkebbohfjgmncelbhogbbokf] - C:\Program Files\Brand Affinity Technologies\Fantapper Player\\fantapper_gi20111005.crx [2011-12-15]
CHR HKLM\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files\Common Files\Spigot\GC\saamazon_1.0.crx [2012-11-22]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvancedSystemCareService7; C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe [893216 2014-08-18] (IObit)
S4 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46640 2006-10-23] (AOL LLC)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-07] (AVAST Software)
R2 FlipShare Service; C:\Program Files\Flip Video\FlipShare\FlipShareService.exe [460144 2010-12-15] ()
R2 FlipShareServer; C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2010-12-15] () [File not signed]
R2 FTSvc; C:\Program Files\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.exe [11776 2011-12-15] (Brand Affinity Technologies) [File not signed]
S4 itsvc_1.10.0.8; C:\Program Files\IntelliTerm_1.10.0.8\Service\itsvc.exe [278608 2015-01-21] (Intelli Term)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-05-07] (Oracle Corporation)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [0 2014-05-20] () <==== ATTENTION (zero size file/folder)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
R2 PackethSvc; C:\WINDOWS\system32\PackethSvc.exe [51200 2000-12-07] (America Online, Inc.) [File not signed]
S3 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [65536 2004-03-18] (HP) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [2310272 2005-01-28] (Realtek Semiconductor Corp.)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-17] (Creative)
R1 AmdPPM; C:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices)
R3 AODDriver; C:\Program Files\ASUS\GPU Boost Driver\i386\AODDriver.sys [36864 2010-03-12] (Advanced Micro Devices) [File not signed]
R1 AsIO; C:\WINDOWS\System32\drivers\AsIO.sys [11296 2009-08-03] ()
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2015-01-07] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2015-01-07] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2015-01-07] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2015-01-07] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2015-01-07] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2015-01-07] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2015-01-07] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2015-01-07] ()
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51088 2004-06-22] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2004-06-22] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21744 2004-06-22] (HP)
R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO32.SYS [23840 2015-01-12] (REALiX)
R1 itnfd_1_10_0_8; C:\WINDOWS\System32\drivers\itnfd_1_10_0_8.sys [52728 2015-01-21] (Intelli Term)
R0 JRAID; C:\WINDOWS\System32\DRIVERS\jraid.sys [106296 2015-02-16] (JMicron Technology Corp.)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [108632 2015-02-16] (Malwarebytes Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-17] (Creative Technology Ltd.)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
R1 MpKsl22395e4f; C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1CA72FEF-4A58-43D0-9009-FE9122FE0809}\MpKsl22395e4f.sys [29904 2015-02-16] (Microsoft Corporation)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-12] ()
R0 nvatabus; C:\WINDOWS\System32\DRIVERS\nvatabus.sys [79360 2004-06-02] (NVIDIA Corporation)
S3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [33280 2004-05-17] (NVIDIA Corporation)
S3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [12928 2004-05-17] (NVIDIA Corporation)
R0 nv_agp; C:\WINDOWS\System32\DRIVERS\nv_agp.sys [21760 2004-04-02] (NVIDIA Corporation)
R3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
R3 wandrv; C:\WINDOWS\System32\DRIVERS\wandrv.sys [22640 2000-12-03] (America Online, Inc.)
S2 11281; \??\C:\DOCUME~1\Curtis\LOCALS~1\Temp\11281.sys [X]
S4 IntelIde; No ImagePath
S2 LMIInfo; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [X]
S4 LMIRfsClientNP; No ImagePath
U5 P3; C:\Windows\System32\Drivers\P3.sys [42752 2008-04-13] (Microsoft Corporation)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-16 15:53 - 2015-02-16 15:53 - 00000000 ____D () C:\FRST
2015-02-16 15:52 - 2015-02-16 15:52 - 00007072 _____ () C:\WINDOWS\setupapi.log
2015-02-16 15:52 - 2015-02-16 15:52 - 00000000 ____D () C:\WINDOWS\LastGood
2015-02-16 14:39 - 2015-02-16 15:40 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2015-02-16 14:00 - 2015-02-16 14:02 - 16466552 _____ (Malwarebytes Corp.) C:\Documents and Settings\Matt\Desktop\mbar-1.08.3.1004.exe
2015-02-16 13:45 - 2015-02-16 15:43 - 00000000 ____D () C:\Documents and Settings\Matt\Desktop\mbar
2015-02-16 13:36 - 2015-02-16 13:36 - 00000000 ____D () C:\Documents and Settings\Jane\Desktop\mbar
2015-02-16 13:20 - 2015-02-16 13:20 - 35028992 _____ () C:\WINDOWS\system32\config\software.iodefrag
2015-02-16 13:20 - 2015-02-16 13:20 - 05054464 _____ () C:\WINDOWS\system32\config\default.iodefrag
2015-02-16 13:20 - 2015-02-16 13:20 - 00057344 _____ () C:\WINDOWS\system32\config\SECURITY.iodefrag
2015-02-16 13:20 - 2015-02-16 13:20 - 00032768 _____ () C:\WINDOWS\system32\config\SAM.iodefrag
2015-02-16 13:20 - 2015-02-16 13:20 - 00000000 _____ () C:\asc_rdflag
2015-02-16 13:17 - 2015-02-16 14:39 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-16 09:21 - 2015-02-16 09:21 - 00000529 _____ () C:\Documents and Settings\Jane\Desktop\Shortcut to Alburnett Historical Society.lnk
2015-02-16 07:52 - 2015-02-16 15:46 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-02-16 07:51 - 2015-02-16 15:46 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-02-16 07:51 - 2015-02-16 07:51 - 00000000 ____N () C:\WINDOWS\Sti_Trace.log
2015-02-16 07:50 - 2015-02-16 14:15 - 00032454 _____ () C:\WINDOWS\SchedLgU.Txt
2015-02-12 15:42 - 2015-02-16 09:53 - 00000000 ____D () C:\Documents and Settings\Jane\My Documents\Alburnett Historical Society
2015-02-07 09:37 - 2015-02-07 09:40 - 00000000 ____D () C:\Documents and Settings\Jane\Application Data\FreeFileViewer
2015-02-06 08:37 - 2015-02-06 08:37 - 00000000 ____D () C:\Documents and Settings\Jane\Local Settings\Application Data\Binkiland
2015-02-06 08:34 - 2015-02-06 08:35 - 00000000 ____D () C:\Documents and Settings\Jane\Local Settings\Application Data\FreeFileViewer
2015-02-06 08:34 - 2015-02-06 08:34 - 00000754 _____ () C:\Documents and Settings\Jane\Desktop\FreeFileViewer.lnk
2015-02-06 08:34 - 2015-02-06 08:34 - 00000754 _____ () C:\Documents and Settings\All Users\Start Menu\FreeFileViewer.lnk
2015-02-06 08:34 - 2015-02-06 08:34 - 00000000 ____D () C:\Program Files\FreeFileViewer
2015-02-06 08:34 - 2015-02-06 08:34 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\FreeFileViewer
2015-02-06 08:31 - 2015-02-06 08:32 - 00000000 ____D () C:\Program Files\IntelliTerm_1.10.0.8
2015-02-02 08:19 - 2015-02-02 08:22 - 00000000 ____D () C:\Documents and Settings\Jane\Application Data\Apple Computer
2015-02-02 08:19 - 2015-02-02 08:19 - 00000000 ____D () C:\Documents and Settings\Jane\Local Settings\Application Data\Apple Computer
2015-01-28 08:16 - 2015-01-28 08:16 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-21 13:50 - 2015-01-21 13:50 - 00052728 _____ (Intelli Term) C:\WINDOWS\system32\Drivers\itnfd_1_10_0_8.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-16 15:54 - 2007-03-26 14:44 - 00000000 ____D () C:\Documents and Settings\Jane\Local Settings\Temp
2015-02-16 15:52 - 2011-06-22 12:20 - 00106296 _____ (JMicron Technology Corp.) C:\WINDOWS\system32\Drivers\jraid.sys
2015-02-16 15:52 - 2007-03-28 17:02 - 00000000 ____D () C:\WINDOWS\system32\ReinstallBackups
2015-02-16 15:52 - 2007-03-26 14:37 - 01220037 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-16 15:51 - 2014-02-21 09:11 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-16 15:51 - 2014-02-19 12:43 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-02-16 15:48 - 2014-02-19 12:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ProductData
2015-02-16 15:46 - 2007-03-26 14:43 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
2015-02-16 15:45 - 2015-01-12 10:44 - 00000270 _____ () C:\WINDOWS\Tasks\Driver Booster Update.job
2015-02-16 15:45 - 2015-01-12 10:44 - 00000268 _____ () C:\WINDOWS\Tasks\Driver Booster Scan.job
2015-02-16 15:45 - 2011-06-22 13:04 - 00000000 _____ () C:\Documents and Settings\All Users\Application Data\Gpu.log
2015-02-16 15:44 - 2014-04-18 09:52 - 00000396 _____ () C:\WINDOWS\Tasks\ProgramUpdateCheck.job
2015-02-16 15:44 - 2014-02-21 09:11 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-16 15:44 - 2014-02-19 12:43 - 00000270 _____ () C:\WINDOWS\Tasks\ASC7_PerformanceMonitor.job
2015-02-16 15:44 - 2013-01-25 08:24 - 00000342 _____ () C:\WINDOWS\Tasks\ROC_JAN2013_TB_rmv.job
2015-02-16 15:44 - 2011-07-06 06:57 - 00000268 _____ () C:\WINDOWS\Tasks\ASC4_PerformanceMonitor.job
2015-02-16 15:44 - 2007-03-26 14:43 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-16 15:44 - 2004-08-04 06:00 - 00012652 _____ () C:\WINDOWS\system32\wpa.dbl
2015-02-16 15:43 - 2015-01-08 08:31 - 00108632 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-16 15:43 - 2007-04-02 15:18 - 00000000 ____D () C:\Documents and Settings\Matt\Local Settings\Temp
2015-02-16 15:38 - 2007-03-26 06:25 - 00522814 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-16 15:36 - 2012-09-03 13:14 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-16 15:35 - 2007-04-02 15:18 - 00000000 ____D () C:\Documents and Settings\Matt
2015-02-16 15:31 - 2007-04-02 15:18 - 00000278 ___SH () C:\Documents and Settings\Matt\ntuser.ini
2015-02-16 14:00 - 2014-07-07 13:50 - 00000454 _____ () C:\WINDOWS\Tasks\At4.job
2015-02-16 13:20 - 2014-04-04 07:49 - 35028992 _____ () C:\WINDOWS\system32\config\software.iodefrag.bak
2015-02-16 13:20 - 2014-04-04 07:49 - 05054464 _____ () C:\WINDOWS\system32\config\default.iodefrag.bak
2015-02-16 13:20 - 2014-04-04 07:49 - 00057344 _____ () C:\WINDOWS\system32\config\SECURITY.iodefrag.bak
2015-02-16 13:20 - 2014-04-04 07:49 - 00032768 _____ () C:\WINDOWS\system32\config\SAM.iodefrag.bak
2015-02-16 13:20 - 2007-03-26 14:44 - 00000000 ____D () C:\Documents and Settings\Jane
2015-02-16 13:20 - 2007-03-26 14:43 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2015-02-16 13:20 - 2007-03-26 14:43 - 00000000 __SHD () C:\Documents and Settings\LocalService
2015-02-16 13:19 - 2007-03-26 14:44 - 00000278 ___SH () C:\Documents and Settings\Jane\ntuser.ini
2015-02-16 13:19 - 2007-03-26 14:43 - 00000178 ___SH () C:\Documents and Settings\LocalService\ntuser.ini
2015-02-16 10:53 - 2014-02-08 10:52 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Application Data\FileTypeAssistant
2015-02-16 10:53 - 2014-02-08 10:50 - 00000448 _____ () C:\WINDOWS\Tasks\ProgramRefresh-ATFST.job
2015-02-16 10:52 - 2014-02-08 10:50 - 00000000 ____D () C:\Program Files\File Type Assistant
2015-02-16 10:50 - 2014-08-22 06:56 - 00000000 ____D () C:\Documents and Settings\Jane\My Documents\Curtis Meds
2015-02-16 10:10 - 2014-07-07 13:50 - 00000454 _____ () C:\WINDOWS\Tasks\At1.job
2015-02-16 09:05 - 2012-02-24 07:07 - 00000000 ____D () C:\Documents and Settings\Jane\My Documents\trustee mtg
2015-02-16 09:04 - 2010-01-02 12:15 - 00000000 ____D () C:\Documents and Settings\Jane\My Documents\Otter Creek Township
2015-02-16 08:09 - 2014-02-19 12:42 - 00001846 _____ () C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 7.lnk
2015-02-16 08:05 - 2014-02-20 08:57 - 35028992 _____ () C:\WINDOWS\system32\config\software.iobit
2015-02-16 08:05 - 2014-02-20 08:57 - 05054464 _____ () C:\WINDOWS\system32\config\default.iobit
2015-02-16 08:05 - 2014-02-20 08:57 - 00057344 _____ () C:\WINDOWS\system32\config\SECURITY.iobit
2015-02-16 08:05 - 2014-02-20 08:57 - 00032768 _____ () C:\WINDOWS\system32\config\SAM.iobit
2015-02-13 15:43 - 2007-03-28 14:30 - 00000278 ___SH () C:\Documents and Settings\Curtis\ntuser.ini
2015-02-13 15:43 - 2007-03-28 14:30 - 00000000 ____D () C:\Documents and Settings\Curtis
2015-02-13 15:29 - 2007-03-28 14:30 - 00000000 ____D () C:\Documents and Settings\Curtis\Local Settings\Temp
2015-02-13 15:27 - 2007-04-01 10:03 - 00002479 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
2015-02-13 15:26 - 2013-11-23 11:31 - 00641024 _____ () C:\Documents and Settings\Curtis\Desktop\VMI 13.xls
2015-02-13 14:50 - 2014-07-07 13:50 - 00000454 _____ () C:\WINDOWS\Tasks\At3.job
2015-02-12 16:02 - 2014-08-09 15:19 - 00163328 _____ () C:\Documents and Settings\Jane\Desktop\Otter Creek 2014-15.xls
2015-02-10 08:59 - 2007-04-02 18:26 - 00000037 _____ () C:\WINDOWS\PcMars.Ini
2015-02-06 11:31 - 2007-04-02 18:45 - 00002471 _____ () C:\Documents and Settings\Curtis\Desktop\Microsoft Excel.lnk
2015-02-06 08:57 - 2014-08-27 13:22 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-02-06 08:46 - 2013-10-19 17:12 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\IObit
2015-02-06 08:37 - 2012-09-03 13:14 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-02-06 08:37 - 2012-03-11 13:14 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-02-06 08:34 - 2014-02-08 10:50 - 00000000 ____D () C:\Documents and Settings\Jane\Local Settings\Application Data\FileTypeAssistant
2015-02-06 08:32 - 2015-01-08 08:03 - 00001602 _____ () C:\Documents and Settings\Jane\Desktop\Internet.lnk
2015-02-06 08:32 - 2010-06-13 09:46 - 00000761 _____ () C:\Documents and Settings\Jane\Desktop\Internet Explorer.lnk
2015-01-28 11:04 - 2014-02-21 09:42 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-26 16:01 - 2013-09-26 08:51 - 00000000 ____D () C:\Documents and Settings\Jane\My Documents\Transamerica
2015-01-26 07:34 - 2007-04-01 10:03 - 00002429 _____ () C:\Documents and Settings\All Users\Start Menu\New Office Document.lnk

==================== Files in the root of some directories =======

2007-11-21 20:47 - 2007-11-21 21:33 - 0005632 _____ () C:\Documents and Settings\Jane\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-07-26 19:06 - 2010-07-26 19:06 - 0000127 _____ () C:\Documents and Settings\Jane\Local Settings\Application Data\fusioncache.dat

Files to move or delete:
====================
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job


Some content of TEMP:
====================
C:\Documents and Settings\Jane\Local Settings\Temp\mpam-e7828fc6.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-c2f95a55.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

Second log file

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-02-2015
Ran by Jane (administrator) on JANE-A916F8D39A on 16-02-2015 15:53:11
Running from C:\Documents and Settings\Jane\My Documents\Downloads
Loaded Profiles: Jane (Available profiles: Jane & Curtis & Matt)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(
ASUSTeK Computer Inc.) C:\Program Files\ASUS\GPU Boost Driver\GpuBoostServer.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\realplay.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(America Online, Inc.) C:\WINDOWS\system32\PackethSvc.exe
() C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
() C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
(Brand Affinity Technologies) C:\Program Files\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.exe
(IObit) C:\Program Files\IObit\Driver Booster\DriverBooster.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 7\DelayLoad.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [18790432 2010-01-29] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Gpu Boost Driver] => C:\Program Files\ASUS\GPU Boost Driver\GpuBoostServer.exe [1137280 2010-03-27] (
ASUSTeK Computer Inc.)
HKLM\...\Run: [RealTray] => C:\Program Files\Real\RealPlayer\RealPlay.exe [26112 2011-10-12] (RealNetworks, Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [947152 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2010-08-10] (Apple Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\avgrsstarter: C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\LMIinit: C:\WINDOWS\system32\LMIinit.dll (LogMeIn, Inc.)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-436374069-1614895754-682003330-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-436374069-1614895754-682003330-1003\...\MountPoints2: {fe4625b5-db91-11db-b9d7-806d6172696f} - D:\Setup.EXE
IFEO\FFVCFG.exe: [Debugger] C:\Program Files\IObit\Advanced SystemCare 7\AutoReactivator.exe
IFEO\FFVCheckForUpdates.exe: [Debugger] C:\Program Files\IObit\Advanced SystemCare 7\AutoReactivator.exe
IFEO\FreeFileViewer.exe: [Debugger] C:\Program Files\IObit\Advanced SystemCare 7\AutoReactivator.exe
Startup: C:\Documents and Settings\Curtis\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8620.lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8620.lnk -> C:\Program Files\HP\HP Officejet Pro 8620\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} -  No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-436374069-1614895754-682003330-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://binkiland.com/?f=1&a=bnk_ir_15_06&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtD0FyEtByEyE0EyC0A0DtN0D0Tzu0StCtCtAtBtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEtBtCtA0BtC0FyEtGyD0B0AtCtGtC0FtAyEtG0AyC0CyEtGyCtCzytDzy0C0A0AyBtA0E0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDyEtDtA0DyEtDtG0C0EtAyBtGyE0E0BzytGzy0DzytBtGtD0FtB0ByE0DtDtB0CyD0CtB2Q&cr=901421313&ir=
HKU\S-1-5-21-436374069-1614895754-682003330-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-436374069-1614895754-682003330-1003 - (No Name) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} -  No File
URLSearchHook: HKU\S-1-5-21-436374069-1614895754-682003330-1003 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} -  No File
URLSearchHook: HKU\S-1-5-21-436374069-1614895754-682003330-1003 - (No Name) - {26842a09-ffa8-4e2c-ae12-0c80f01c3295} -  No File
SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
SearchScopes: HKLM -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=tb50aoldesktopie7
SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_06&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtD0FyEtByEyE0EyC0A0DtN0D0Tzu0StCtCtAtBtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEtBtCtA0BtC0FyEtGyD0B0AtCtGtC0FtAyEtG0AyC0CyEtGyCtCzytDzy0C0A0AyBtA0E0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDyEtDtA0DyEtDtG0C0EtAyBtGyE0E0BzytGzy0DzytBtGtD0FtB0ByE0DtDtB0CyD0CtB2Q&cr=901421313&ir=
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^UX^xdm038^YY^us&si=google_directions&ptb=AD8DE84C-491D-4D3F-807E-60187F67C903&ind=2013032110&n=77fc6eae&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM -> {BF144835-A0ED-4C47-8BFB-1BBB97113BD9} URL = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
SearchScopes: HKLM -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKU\S-1-5-21-436374069-1614895754-682003330-1003 -> DefaultScope {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_06&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtD0FyEtByEyE0EyC0A0DtN0D0Tzu0StCtCtAtBtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEtBtCtA0BtC0FyEtGyD0B0AtCtGtC0FtAyEtG0AyC0CyEtGyCtCzytDzy0C0A0AyBtA0E0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDyEtDtA0DyEtDtG0C0EtAyBtGyE0E0BzytGzy0DzytBtGtD0FtB0ByE0DtDtB0CyD0CtB2Q&cr=901421313&ir=
SearchScopes: HKU\S-1-5-21-436374069-1614895754-682003330-1003 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
SearchScopes: HKU\S-1-5-21-436374069-1614895754-682003330-1003 -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL =
SearchScopes: HKU\S-1-5-21-436374069-1614895754-682003330-1003 -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_06&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtD0FyEtByEyE0EyC0A0DtN0D0Tzu0StCtCtAtBtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEtBtCtA0BtC0FyEtGyD0B0AtCtGtC0FtAyEtG0AyC0CyEtGyCtCzytDzy0C0A0AyBtA0E0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDyEtDtA0DyEtDtG0C0EtAyBtGyE0E0BzytGzy0DzytBtGtD0FtB0ByE0DtDtB0CyD0CtB2Q&cr=901421313&ir=
SearchScopes: HKU\S-1-5-21-436374069-1614895754-682003330-1003 -> {8ED9E20E-6BF6-41F7-89A5-6F9351D816CD} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=file0202ie&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtD0FyEtByEyE0EyC0A0DtN0D0Tzu0SyBzztBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=2033812561&ir=
SearchScopes: HKU\S-1-5-21-436374069-1614895754-682003330-1003 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://isearch.avg.com/search?cid={D501F91E-D740-4231-BD67-FF748F810857}&mid=d23dcf4916a0bbe372fbdbe9df1c76d7-a6a989b8055c0b6bde40d5e8e923ebb17c87ac5d〈=us&ds=AVG&pr=fr&d=2011-12-0908:04:25&v=12.2.5.32&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-436374069-1614895754-682003330-1003 -> {BF144835-A0ED-4C47-8BFB-1BBB97113BD9} URL =
SearchScopes: HKU\S-1-5-21-436374069-1614895754-682003330-1003 -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
BHO: No Name -> {03EB0E9C-7A91-4381-A220-9B52B641CDB1} ->  No File
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: No Name -> {10921475-03CE-4E04-90CE-E2E7EF20C814} ->  No File
BHO: No Name -> {1e91a655-bb4b-4693-a05e-2edebc4c9d89} ->  No File
BHO: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} ->  No File
BHO: No Name -> {71c1d63a-c944-428a-a5bd-ba513190e5d2} ->  No File
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO: No Name -> {8A86D350-37AB-410A-8531-7D1363F317B3} ->  No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: No Name -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} ->  No File
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM - No Name - {364ea597-e728-4ce4-bb4a-ed846ef47970} -  No File
Toolbar: HKLM - No Name - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} -  No File
Toolbar: HKLM - No Name - {10921475-03CE-4E04-90CE-E2E7EF20C814} -  No File
Toolbar: HKU\S-1-5-21-436374069-1614895754-682003330-1003 -> No Name - {DE9C389F-3316-41A7-809B-AA305ED9D922} -  No File
Toolbar: HKU\S-1-5-21-436374069-1614895754-682003330-1003 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKU\S-1-5-21-436374069-1614895754-682003330-1003 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-436374069-1614895754-682003330-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 03 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\w8lh5aib.default
FF DefaultSearchEngine: Binkiland
FF SearchEngineOrder.1: Mysearchdial
FF SelectedSearchEngine: Binkiland
FF Homepage: hxxp://binkiland.com/?f=1&a=bnk_ir_15_06&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtD0FyEtByEyE0EyC0A0DtN0D0Tzu0StCtCtAtBtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEtBtCtA0BtC0FyEtGyD0B0AtCtGtC0FtAyEtG0AyC0CyEtGyCtCzytDzy0C0A0AyBtA0E0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDyEtDtA0DyEtDtG0C0EtAyBtGyE0E0BzytGzy0DzytBtGtD0FtB0ByE0DtDtB0CyD0CtB2Q&cr=901421313&ir=
FF Keyword.URL: hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=AD8DE84C-491D-4D3F-807E-60187F67C903&n=77fc6c5b&ind=2013031515&p2=^UX^xdm038^YY^us&si=google_directions&searchfor=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @MapsGalaxy_39.com/Plugin -> C:\Program Files\MapsGalaxy_39\bar\1.bin\NP39Stub.dll No File
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF user.js: detected! => C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\w8lh5aib.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdnu.dll (AOL LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdnupdater2.dll (AOL LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\w8lh5aib.default\searchplugins\Binkiland.xml
FF SearchPlugin: C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\w8lh5aib.default\searchplugins\my-web-search.xml
FF SearchPlugin: C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\w8lh5aib.default\searchplugins\Mysearchdial.xml
FF SearchPlugin: C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\w8lh5aib.default\searchplugins\yahoo_ff.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\w8lh5aib.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2014-02-26]
FF HKLM\...\Firefox\Extensions: [{3f963a5b-e555-4543-90e2-c3908898db71}] - C:\Program Files\AVG\AVG8\Firefox
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-06-22]
FF HKLM\...\Firefox\Extensions: [39ffxtbr@MapsGalaxy_39.com] - C:\Program Files\MapsGalaxy_39\bar\1.bin
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-19]
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR HomePage: Default -> hxxp://binkiland.com/?f=1&a=bnk_ir_15_06&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtD0FyEtByEyE0EyC0A0DtN0D0Tzu0StCtCtAtBtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEtBtCtA0BtC0FyEtGyD0B0AtCtGtC0FtAyEtG0AyC0CyEtGyCtCzytDzy0C0A0AyBtA0E0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDyEtDtA0DyEtDtG0C0EtAyBtGyE0E0BzytGzy0DzytBtGtD0FtB0ByE0DtDtB0CyD0CtB2Q&cr=901421313&ir=
CHR StartupUrls: Default -> "hxxp://binkiland.com/?f=7&a=bnk_ir_15_06&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtD0FyEtByEyE0EyC0A0DtN0D0Tzu0StCtCtAtBtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEtBtCtA0BtC0FyEtGyD0B0AtCtGtC0FtAyEtG0AyC0CyEtGyCtCzytDzy0C0A0AyBtA0E0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDyEtDtA0DyEtDtG0C0EtAyBtGyE0E0BzytGzy0DzytBtGtD0FtB0ByE0DtDtB0CyD0CtB2Q&cr=901421313&ir=", "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> binkiland.com
CHR DefaultSearchURL: Default -> http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_06&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtD0FyEtByEyE0EyC0A0DtN0D0Tzu0StCtCtAtBtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEtBtCtA0BtC0FyEtGyD0B0AtCtGtC0FtAyEtG0AyC0CyEtGyCtCzytDzy0C0A0AyBtA0E0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDyEtDtA0DyEtDtG0C0EtAyBtGyE0E0BzytGzy0DzytBtGtD0FtB0ByE0DtDtB0CyD0CtB2Q&cr=901421313&ir=
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Profile: C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-27]
CHR Extension: (Google Drive) - C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-27]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]
CHR Extension: (YouTube) - C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-27]
CHR Extension: (Google Search) - C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-27]
CHR Extension: (Avast Online Security) - C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-04]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-27]
CHR Extension: (Fantapper) - C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ohgcjecomkebbohfjgmncelbhogbbokf [2014-08-27]
CHR Extension: (Gmail) - C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-27]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-07]
CHR HKLM\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files\Common Files\Spigot\GC\saebay_1.1.crx [2013-10-14]
CHR HKLM\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files\Common Files\Spigot\GC\ErrorAssistant_1.3.crx [2013-12-27]
CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Documents and Settings\Curtis\Local Settings\Application Data\Slick Savings\coupons.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [ohgcjecomkebbohfjgmncelbhogbbokf] - C:\Program Files\Brand Affinity Technologies\Fantapper Player\\fantapper_gi20111005.crx [2011-12-15]
CHR HKLM\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files\Common Files\Spigot\GC\saamazon_1.0.crx [2012-11-22]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvancedSystemCareService7; C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe [893216 2014-08-18] (IObit)
S4 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46640 2006-10-23] (AOL LLC)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-07] (AVAST Software)
R2 FlipShare Service; C:\Program Files\Flip Video\FlipShare\FlipShareService.exe [460144 2010-12-15] ()
R2 FlipShareServer; C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2010-12-15] () [File not signed]
R2 FTSvc; C:\Program Files\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.exe [11776 2011-12-15] (Brand Affinity Technologies) [File not signed]
S4 itsvc_1.10.0.8; C:\Program Files\IntelliTerm_1.10.0.8\Service\itsvc.exe [278608 2015-01-21] (Intelli Term)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-05-07] (Oracle Corporation)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [0 2014-05-20] () <==== ATTENTION (zero size file/folder)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
R2 PackethSvc; C:\WINDOWS\system32\PackethSvc.exe [51200 2000-12-07] (America Online, Inc.) [File not signed]
S3 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [65536 2004-03-18] (HP) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [2310272 2005-01-28] (Realtek Semiconductor Corp.)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-17] (Creative)
R1 AmdPPM; C:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices)
R3 AODDriver; C:\Program Files\ASUS\GPU Boost Driver\i386\AODDriver.sys [36864 2010-03-12] (Advanced Micro Devices) [File not signed]
R1 AsIO; C:\WINDOWS\System32\drivers\AsIO.sys [11296 2009-08-03] ()
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2015-01-07] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2015-01-07] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2015-01-07] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2015-01-07] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2015-01-07] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2015-01-07] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2015-01-07] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2015-01-07] ()
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51088 2004-06-22] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2004-06-22] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21744 2004-06-22] (HP)
R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO32.SYS [23840 2015-01-12] (REALiX)
R1 itnfd_1_10_0_8; C:\WINDOWS\System32\drivers\itnfd_1_10_0_8.sys [52728 2015-01-21] (Intelli Term)
R0 JRAID; C:\WINDOWS\System32\DRIVERS\jraid.sys [106296 2015-02-16] (JMicron Technology Corp.)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [108632 2015-02-16] (Malwarebytes Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-17] (Creative Technology Ltd.)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
R1 MpKsl22395e4f; C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1CA72FEF-4A58-43D0-9009-FE9122FE0809}\MpKsl22395e4f.sys [29904 2015-02-16] (Microsoft Corporation)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-12] ()
R0 nvatabus; C:\WINDOWS\System32\DRIVERS\nvatabus.sys [79360 2004-06-02] (NVIDIA Corporation)
S3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [33280 2004-05-17] (NVIDIA Corporation)
S3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [12928 2004-05-17] (NVIDIA Corporation)
R0 nv_agp; C:\WINDOWS\System32\DRIVERS\nv_agp.sys [21760 2004-04-02] (NVIDIA Corporation)
R3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
R3 wandrv; C:\WINDOWS\System32\DRIVERS\wandrv.sys [22640 2000-12-03] (America Online, Inc.)
S2 11281; \??\C:\DOCUME~1\Curtis\LOCALS~1\Temp\11281.sys [X]
S4 IntelIde; No ImagePath
S2 LMIInfo; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [X]
S4 LMIRfsClientNP; No ImagePath
U5 P3; C:\Windows\System32\Drivers\P3.sys [42752 2008-04-13] (Microsoft Corporation)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-16 15:53 - 2015-02-16 15:53 - 00000000 ____D () C:\FRST
2015-02-16 15:52 - 2015-02-16 15:52 - 00007072 _____ () C:\WINDOWS\setupapi.log
2015-02-16 15:52 - 2015-02-16 15:52 - 00000000 ____D () C:\WINDOWS\LastGood
2015-02-16 14:39 - 2015-02-16 15:40 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2015-02-16 14:00 - 2015-02-16 14:02 - 16466552 _____ (Malwarebytes Corp.) C:\Documents and Settings\Matt\Desktop\mbar-1.08.3.1004.exe
2015-02-16 13:45 - 2015-02-16 15:43 - 00000000 ____D () C:\Documents and Settings\Matt\Desktop\mbar
2015-02-16 13:36 - 2015-02-16 13:36 - 00000000 ____D () C:\Documents and Settings\Jane\Desktop\mbar
2015-02-16 13:20 - 2015-02-16 13:20 - 35028992 _____ () C:\WINDOWS\system32\config\software.iodefrag
2015-02-16 13:20 - 2015-02-16 13:20 - 05054464 _____ () C:\WINDOWS\system32\config\default.iodefrag
2015-02-16 13:20 - 2015-02-16 13:20 - 00057344 _____ () C:\WINDOWS\system32\config\SECURITY.iodefrag
2015-02-16 13:20 - 2015-02-16 13:20 - 00032768 _____ () C:\WINDOWS\system32\config\SAM.iodefrag
2015-02-16 13:20 - 2015-02-16 13:20 - 00000000 _____ () C:\asc_rdflag
2015-02-16 13:17 - 2015-02-16 14:39 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-16 09:21 - 2015-02-16 09:21 - 00000529 _____ () C:\Documents and Settings\Jane\Desktop\Shortcut to Alburnett Historical Society.lnk
2015-02-16 07:52 - 2015-02-16 15:46 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-02-16 07:51 - 2015-02-16 15:46 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-02-16 07:51 - 2015-02-16 07:51 - 00000000 ____N () C:\WINDOWS\Sti_Trace.log
2015-02-16 07:50 - 2015-02-16 14:15 - 00032454 _____ () C:\WINDOWS\SchedLgU.Txt
2015-02-12 15:42 - 2015-02-16 09:53 - 00000000 ____D () C:\Documents and Settings\Jane\My Documents\Alburnett Historical Society
2015-02-07 09:37 - 2015-02-07 09:40 - 00000000 ____D () C:\Documents and Settings\Jane\Application Data\FreeFileViewer
2015-02-06 08:37 - 2015-02-06 08:37 - 00000000 ____D () C:\Documents and Settings\Jane\Local Settings\Application Data\Binkiland
2015-02-06 08:34 - 2015-02-06 08:35 - 00000000 ____D () C:\Documents and Settings\Jane\Local Settings\Application Data\FreeFileViewer
2015-02-06 08:34 - 2015-02-06 08:34 - 00000754 _____ () C:\Documents and Settings\Jane\Desktop\FreeFileViewer.lnk
2015-02-06 08:34 - 2015-02-06 08:34 - 00000754 _____ () C:\Documents and Settings\All Users\Start Menu\FreeFileViewer.lnk
2015-02-06 08:34 - 2015-02-06 08:34 - 00000000 ____D () C:\Program Files\FreeFileViewer
2015-02-06 08:34 - 2015-02-06 08:34 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\FreeFileViewer
2015-02-06 08:31 - 2015-02-06 08:32 - 00000000 ____D () C:\Program Files\IntelliTerm_1.10.0.8
2015-02-02 08:19 - 2015-02-02 08:22 - 00000000 ____D () C:\Documents and Settings\Jane\Application Data\Apple Computer
2015-02-02 08:19 - 2015-02-02 08:19 - 00000000 ____D () C:\Documents and Settings\Jane\Local Settings\Application Data\Apple Computer
2015-01-28 08:16 - 2015-01-28 08:16 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-21 13:50 - 2015-01-21 13:50 - 00052728 _____ (Intelli Term) C:\WINDOWS\system32\Drivers\itnfd_1_10_0_8.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-16 15:54 - 2007-03-26 14:44 - 00000000 ____D () C:\Documents and Settings\Jane\Local Settings\Temp
2015-02-16 15:52 - 2011-06-22 12:20 - 00106296 _____ (JMicron Technology Corp.) C:\WINDOWS\system32\Drivers\jraid.sys
2015-02-16 15:52 - 2007-03-28 17:02 - 00000000 ____D () C:\WINDOWS\system32\ReinstallBackups
2015-02-16 15:52 - 2007-03-26 14:37 - 01220037 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-16 15:51 - 2014-02-21 09:11 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-16 15:51 - 2014-02-19 12:43 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-02-16 15:48 - 2014-02-19 12:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ProductData
2015-02-16 15:46 - 2007-03-26 14:43 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
2015-02-16 15:45 - 2015-01-12 10:44 - 00000270 _____ () C:\WINDOWS\Tasks\Driver Booster Update.job
2015-02-16 15:45 - 2015-01-12 10:44 - 00000268 _____ () C:\WINDOWS\Tasks\Driver Booster Scan.job
2015-02-16 15:45 - 2011-06-22 13:04 - 00000000 _____ () C:\Documents and Settings\All Users\Application Data\Gpu.log
2015-02-16 15:44 - 2014-04-18 09:52 - 00000396 _____ () C:\WINDOWS\Tasks\ProgramUpdateCheck.job
2015-02-16 15:44 - 2014-02-21 09:11 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-16 15:44 - 2014-02-19 12:43 - 00000270 _____ () C:\WINDOWS\Tasks\ASC7_PerformanceMonitor.job
2015-02-16 15:44 - 2013-01-25 08:24 - 00000342 _____ () C:\WINDOWS\Tasks\ROC_JAN2013_TB_rmv.job
2015-02-16 15:44 - 2011-07-06 06:57 - 00000268 _____ () C:\WINDOWS\Tasks\ASC4_PerformanceMonitor.job
2015-02-16 15:44 - 2007-03-26 14:43 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-16 15:44 - 2004-08-04 06:00 - 00012652 _____ () C:\WINDOWS\system32\wpa.dbl
2015-02-16 15:43 - 2015-01-08 08:31 - 00108632 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-16 15:43 - 2007-04-02 15:18 - 00000000 ____D () C:\Documents and Settings\Matt\Local Settings\Temp
2015-02-16 15:38 - 2007-03-26 06:25 - 00522814 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-16 15:36 - 2012-09-03 13:14 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-16 15:35 - 2007-04-02 15:18 - 00000000 ____D () C:\Documents and Settings\Matt
2015-02-16 15:31 - 2007-04-02 15:18 - 00000278 ___SH () C:\Documents and Settings\Matt\ntuser.ini
2015-02-16 14:00 - 2014-07-07 13:50 - 00000454 _____ () C:\WINDOWS\Tasks\At4.job
2015-02-16 13:20 - 2014-04-04 07:49 - 35028992 _____ () C:\WINDOWS\system32\config\software.iodefrag.bak
2015-02-16 13:20 - 2014-04-04 07:49 - 05054464 _____ () C:\WINDOWS\system32\config\default.iodefrag.bak
2015-02-16 13:20 - 2014-04-04 07:49 - 00057344 _____ () C:\WINDOWS\system32\config\SECURITY.iodefrag.bak
2015-02-16 13:20 - 2014-04-04 07:49 - 00032768 _____ () C:\WINDOWS\system32\config\SAM.iodefrag.bak
2015-02-16 13:20 - 2007-03-26 14:44 - 00000000 ____D () C:\Documents and Settings\Jane
2015-02-16 13:20 - 2007-03-26 14:43 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2015-02-16 13:20 - 2007-03-26 14:43 - 00000000 __SHD () C:\Documents and Settings\LocalService
2015-02-16 13:19 - 2007-03-26 14:44 - 00000278 ___SH () C:\Documents and Settings\Jane\ntuser.ini
2015-02-16 13:19 - 2007-03-26 14:43 - 00000178 ___SH () C:\Documents and Settings\LocalService\ntuser.ini
2015-02-16 10:53 - 2014-02-08 10:52 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Application Data\FileTypeAssistant
2015-02-16 10:53 - 2014-02-08 10:50 - 00000448 _____ () C:\WINDOWS\Tasks\ProgramRefresh-ATFST.job
2015-02-16 10:52 - 2014-02-08 10:50 - 00000000 ____D () C:\Program Files\File Type Assistant
2015-02-16 10:50 - 2014-08-22 06:56 - 00000000 ____D () C:\Documents and Settings\Jane\My Documents\Curtis Meds
2015-02-16 10:10 - 2014-07-07 13:50 - 00000454 _____ () C:\WINDOWS\Tasks\At1.job
2015-02-16 09:05 - 2012-02-24 07:07 - 00000000 ____D () C:\Documents and Settings\Jane\My Documents\trustee mtg
2015-02-16 09:04 - 2010-01-02 12:15 - 00000000 ____D () C:\Documents and Settings\Jane\My Documents\Otter Creek Township
2015-02-16 08:09 - 2014-02-19 12:42 - 00001846 _____ () C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 7.lnk
2015-02-16 08:05 - 2014-02-20 08:57 - 35028992 _____ () C:\WINDOWS\system32\config\software.iobit
2015-02-16 08:05 - 2014-02-20 08:57 - 05054464 _____ () C:\WINDOWS\system32\config\default.iobit
2015-02-16 08:05 - 2014-02-20 08:57 - 00057344 _____ () C:\WINDOWS\system32\config\SECURITY.iobit
2015-02-16 08:05 - 2014-02-20 08:57 - 00032768 _____ () C:\WINDOWS\system32\config\SAM.iobit
2015-02-13 15:43 - 2007-03-28 14:30 - 00000278 ___SH () C:\Documents and Settings\Curtis\ntuser.ini
2015-02-13 15:43 - 2007-03-28 14:30 - 00000000 ____D () C:\Documents and Settings\Curtis
2015-02-13 15:29 - 2007-03-28 14:30 - 00000000 ____D () C:\Documents and Settings\Curtis\Local Settings\Temp
2015-02-13 15:27 - 2007-04-01 10:03 - 00002479 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
2015-02-13 15:26 - 2013-11-23 11:31 - 00641024 _____ () C:\Documents and Settings\Curtis\Desktop\VMI 13.xls
2015-02-13 14:50 - 2014-07-07 13:50 - 00000454 _____ () C:\WINDOWS\Tasks\At3.job
2015-02-12 16:02 - 2014-08-09 15:19 - 00163328 _____ () C:\Documents and Settings\Jane\Desktop\Otter Creek 2014-15.xls
2015-02-10 08:59 - 2007-04-02 18:26 - 00000037 _____ () C:\WINDOWS\PcMars.Ini
2015-02-06 11:31 - 2007-04-02 18:45 - 00002471 _____ () C:\Documents and Settings\Curtis\Desktop\Microsoft Excel.lnk
2015-02-06 08:57 - 2014-08-27 13:22 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-02-06 08:46 - 2013-10-19 17:12 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\IObit
2015-02-06 08:37 - 2012-09-03 13:14 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-02-06 08:37 - 2012-03-11 13:14 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-02-06 08:34 - 2014-02-08 10:50 - 00000000 ____D () C:\Documents and Settings\Jane\Local Settings\Application Data\FileTypeAssistant
2015-02-06 08:32 - 2015-01-08 08:03 - 00001602 _____ () C:\Documents and Settings\Jane\Desktop\Internet.lnk
2015-02-06 08:32 - 2010-06-13 09:46 - 00000761 _____ () C:\Documents and Settings\Jane\Desktop\Internet Explorer.lnk
2015-01-28 11:04 - 2014-02-21 09:42 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-26 16:01 - 2013-09-26 08:51 - 00000000 ____D () C:\Documents and Settings\Jane\My Documents\Transamerica
2015-01-26 07:34 - 2007-04-01 10:03 - 00002429 _____ () C:\Documents and Settings\All Users\Start Menu\New Office Document.lnk

==================== Files in the root of some directories =======

2007-11-21 20:47 - 2007-11-21 21:33 - 0005632 _____ () C:\Documents and Settings\Jane\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-07-26 19:06 - 2010-07-26 19:06 - 0000127 _____ () C:\Documents and Settings\Jane\Local Settings\Application Data\fusioncache.dat

Files to move or delete:
====================
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job


Some content of TEMP:
====================
C:\Documents and Settings\Jane\Local Settings\Temp\mpam-e7828fc6.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-c2f95a55.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

MBAR log

 

Malwarebytes Anti-Rootkit BETA 1.08.3.1004
www.malwarebytes.org

Database version:
  main:    v2014.11.18.05
  rootkit: v2014.11.12.01

Windows XP Service Pack 3 x86 NTFS (Safe Mode)
Internet Explorer 8.0.6001.18702
Matt :: JANE-A916F8D39A [administrator]

2/16/2015 2:39:40 PM
mbar-log-2015-02-16 (14-39-40).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 401933
Time elapsed: 31 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKU\S-1-5-21-436374069-1614895754-682003330-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Delete on reboot. [0934fd40e29a59ddcbe94e8022e06d93]
HKU\S-1-5-21-436374069-1614895754-682003330-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Delete on reboot. [0934fd40e29a59ddcbe94e8022e06d93]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Delete on reboot. [0934fd40e29a59ddcbe94e8022e06d93]

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 6
C:\RECYCLER\S-1-5-18\$dd22bd2f6e4f737edcb1d597cc7a6660\U (Trojan.Siredef.C) -> Delete on reboot. [380556e7e19b4de9a67c38c941bfb24e]
C:\RECYCLER\S-1-5-21-436374069-1614895754-682003330-1003\$dd22bd2f6e4f737edcb1d597cc7a6660\U (Trojan.Siredef.C) -> Delete on reboot. [49f452eb265671c5dd454cb58d731ce4]
C:\RECYCLER\S-1-5-18\$dd22bd2f6e4f737edcb1d597cc7a6660\L (Trojan.Siredef.C) -> Delete on reboot. [330a2a137c001125de466e93fe0241bf]
C:\RECYCLER\S-1-5-21-436374069-1614895754-682003330-1003\$dd22bd2f6e4f737edcb1d597cc7a6660\L (Trojan.Siredef.C) -> Delete on reboot. [98a599a493e9979f7ca88d74ec14f10f]
C:\RECYCLER\S-1-5-18\$dd22bd2f6e4f737edcb1d597cc7a6660 (Trojan.Siredef.C) -> Delete on reboot. [c17c2518bebeb97dd55004fd98685aa6]
C:\RECYCLER\S-1-5-21-436374069-1614895754-682003330-1003\$dd22bd2f6e4f737edcb1d597cc7a6660 (Trojan.Siredef.C) -> Delete on reboot. [51eccb726c102a0c3fe650b1d12fda26]

Files Detected: 6
C:\WINDOWS\SYSTEM32\drivers\acpi.sys (Rootkit.RLoader) -> Replace on reboot. [e8dec5b2a480301cc01e4127b900db4f]
C:\RECYCLER\S-1-5-18\$dd22bd2f6e4f737edcb1d597cc7a6660\@ (Trojan.Siredef.C) -> Delete on reboot. [192419246616d95d75aa3ac797698f71]
C:\RECYCLER\S-1-5-21-436374069-1614895754-682003330-1003\$dd22bd2f6e4f737edcb1d597cc7a6660\@ (Trojan.Siredef.C) -> Delete on reboot. [f548b885cdaf62d433ece61b12ee20e0]
C:\RECYCLER\S-1-5-18\$dd22bd2f6e4f737edcb1d597cc7a6660\L\00000004.@ (Trojan.Siredef.C) -> Delete on reboot. [fd40a6979ae200366db026db52aef010]
C:\RECYCLER\S-1-5-18\$dd22bd2f6e4f737edcb1d597cc7a6660\L\201d3dde (Trojan.Siredef.C) -> Delete on reboot. [d06dcd70adcf1b1b011c8b76cb3514ec]
C:\RECYCLER\S-1-5-18\$dd22bd2f6e4f737edcb1d597cc7a6660\L\76603ac3 (Trojan.Siredef.C) -> Delete on reboot. [e657a09d0b716ec84dd0ab5603fdd22e]

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

[kevinf80]

You`ve posted FRST.txt twice. I need to see Addition.txt. Logs are here: C:\FRST\Logs

[AdvancedSetup]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!